CEH V12 Test (Latest 2025/ 2026 Update) Certified Ethical Hacker | Questions and Answers | Grade A| 100% Correct (Verified Elaborations)

CEH V12 Test (Latest 2025/ 2026 Update) Certified Ethical Hacker | Questions and Answers | Grade A| 100% Correct (Verified Elaborations) Which of the following modbus-cli commands is used by attackers to manipulate the register values in a target PLC device? A. modbus write <Target IP> 101 1 1 1 1 1 1 1 1 1 1 modbus write <Target IP> %M100 1 1 1 1 1 1 1 1 1 1 B. modbus write <Target IP> %MW100 2 2 2 2 2 2 2 2 modbus write <Target IP> 2 2 2 2 2 C. modbus read <Target IP> 101 10 modbus read <Target IP> %M100 10 D. modbus read <Target IP> 101 10 modbus read <Target IP> %M100 10 B In which of the following security risks does an API accidentally expose internal variables or objects because of improper binding and filtering based on a whitelist, allowing attackers with unauthorized access to modify object properties? A. Broken object-level authorization B. Broken object-level authorization C. Broken object-level authorization D. Injection B Identify the type of cluster computing in which work is distributed among nodes to avoid overstressing a single node and periodic health checks are performed on each node to identify node failures and reroute the incoming traffic to another node. A.Fail-over B.Load balancing C.Highly available D.High-performance computing B Which of the following is an attack technique where the only information available to the attacker is some plaintext blocks along with the corresponding ciphertext and algorithm used to encrypt and decrypt the text? A. Ciphertext-only attack B. Adaptive chosen-plaintext attack C. Chosen-plaintext attack D. Known-plaintext attack A. Which of the following communication protocols is a variant of the Wi-Fi standard that provides an extended range, making it useful for communications in rural areas, and offers low data rates? A. HaLow B. Z-Wave C. 6LoWPAN D. QUIC C Which of the following is a technique used by an attacker to gather valuable system-level data such as account details, OS, software version, server names, and database schema details? A.Whois B.Session hijacking C.Web server footprinting D.Vulnerability scanning C Which of the following RFCrack commands is used by an attacker to perform an incremental scan on a target IoT device while launching a rolling-code attack? A.python RFC -b -v 5000000 B.python RFC-j -F C.python RFC -r -M MOD_2FSK -F D.python RFC -i A Clark, a professional hacker, was attempting to capture packet flow on a target organization's network. After exploiting certain vulnerabilities in the network, Clark placed his Raspberry Pi device between the server and an authorized device to make all the network traffic pass through his device so that he can easily sniff and monitor the packet flow. Using this technique, Clark successfully bypassed NAC controls connected to the target network. Which of the following techniques did Clark employ in the above scenario? A. Using reverse ICMP tunnels B. Using pre-authenticated device C. Double tagging D. Session splicing D Which of the following encryption algorithms is a large tweakable symmetric-key block cipher with equal block and key sizes of 256, 512, or 1024 and involves only three operations, that is, addition-rotation-XOR? A. RC4 B. Twofish C. RC5 D. Threefish D Which of the following steganography techniques is used by attackers for hiding the message with a large amount of useless data and mixing the original data with the unused data in any order? A. Null ciphers B. Grille ciphers C. Jargon codes D. Semagrams A Which of the following attacks does not directly recover a WEP key and requires at least one data packet from a target AP for initiation? A. MAC spoofing B. attackEvil twin attack C. Fragmentation attack D. De-authentication attack C Which of the following protocols uses AES and the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) for wireless data encryption? A. WEP B. WPA3 C. WPA2 D. WPA C Kate, a disgruntled ex-employee of an organization, decided to hinder the operations of the organization and gather sensitive information by injecting malware into the organization's network. Which of the following categories of insiders does Kate belong to? A. Negligent insider B. Malicious insider C. Compromised insider D. Professional insider B Which of the following countermeasure should be used to prevent a ping sweep? A. Disabling the firewall B. Allowing connection with any host performing more than 10 ICMP ECHO requests C. Avoiding the use of DMZ and disallowing commands such as ICMP ECHO_REPLY, HOST UNREACHABLE, and TIME EXCEEDED in DMZ D. Limiting ICMP traffic with access-control lists (ACLs) to the ISP's specific IP addresses D Which of the following operating systems can be identified when scan results show a TTL value of 64 and TCP window size of 5840? A. Windows B. AIX C. Linux D. Solaris C Which of the following is an IDS evasion technique used by attackers to encode an attack packet payload in such a manner that the destination host can decode the packet but not the IDS? A. Evasion B. Session splicing C. Obfuscating D. Fragmentation C Which of the following types of password attacks does not require any technical knowledge about hacking or system exploitation and includes techniques such as shoulder surfing, social engineering, and dumpster diving? A. Active online attacks B. Passive online attacks C. Non-electronic attacks D. Offline attacks C Which of the following attacks is performed by asking the appropriate questions to an application database, with multiple valid statements evaluated as true or false being supplied in the affected parameter in the HTTP request? A. Heavy query B. Error-based SQL injection C. No error message returned D. Boolean exploitation D Which of the following is a mode of operation that includes EAP or RADIUS for centralized client authentication using multiple authentication methods, such as token cards, Kerberos, and certificates? A. WPA3-Personal B. WPA2-Personal C. WPA3-Enterprise D. WPA2-Enterprise D Which of the following is a bidirectional antenna used to support client connections, rather than site-to-site applications? A. Yagi antenna B. Reflector antenna C. Dipole antenna D. Directional antenna C In which of the following incident handling and response phases are the identified security incidents analyzed, validated, categorized, and prioritized? A. Incident recording and assignment B. Incident triage C. Containment D. Eradication B Which of the following is the component in the docker architecture where images are stored and pulled and can be either private or public? A. Docker daemon B. Docker client C. Docker registries D. Docker objects C Which of the following DNS poisoning techniques is used by an attacker to infect a victim's machine with a Trojan and remotely change their DNS IP address to that of the attacker's? A. DNS cache poisoning B. Proxy server DNS poisoning C. Internet DNS spoofing D. Intranet DNS spoofing C Which of the following commands is used by the SNMP manager continuously to retrieve all the data stored in an array or table? A. GetResponse B. GetNextRequest C. GetRequest D. SetRequest B Which of the following Bluetooth attacks is similar to the ICMP ping-of-death attack, where the attacker sends an oversized ping packet to a victim's device to cause a buffer overflow? A. Bluesnarfing B. Bluesniff C. Bluejacking D. Bluesmacking D Mark, a professional hacker, wanted to evade conventional defense mechanisms on a target ICS network. For this purpose, he installed malicious software that hides the presence of malicious services, processes, and other activities. Which of the following techniques did Mark employ for evasion? A. Parameter tampering B. HPP technique C. Rootkits D. WS-address spoofing B Which of the following cloud services provides data processing services, such as IoT services for connected devices, mobile and web applications, and batch-and-stream processing? A. Function as a service (FaaS) B. Container as a service (CaaS) C. Security as a service (SECaaS) D. Identity as a service (IDaaS) A A certain scanning technique has no three-way handshake, and the system does not respond when the port is open; when the port is closed, the system responds with an ICMP port unreachable message. Which of the following is this scanning technique? A.List scanning B. SCTP COOKIE ECHO scanning C. IPv6 scanning D. UDP scanning D Which of the following drozer commands is used by an attacker to find the list of various exported activities, services, broadcast receivers, and content providers in a target mobile device? A. dz> run ksurface <package_name> B. dz> run --component <package_name> <activity_name> C. dz> run D. dz> run -a <package_name> A Smith works as a professional Ethical Hacker with a large MNC. He is a CEH certified professional and was following the CEH methodology to perform the penetration testing. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, (mostly by trial and error), looking for any information about the different departments and business units. Smith was unable to find any information. What should Smith do to get the information he needs? A. Smith should use online services such as to find the company's internal URLs B. Smith should use WayBackMachine in A to find the company's internal URLs C. Smith should use website mirroring tools such as HTTrack Website Copier to find the company's internal URLs D. Smith should use email tracking tools such as eMailTrackerPro to find the company's internal URLs A In which of the following stages of the web server attack methodology does an attacker determine the web server's remote access capabilities, its ports and services, and other aspects of its security? A. Information gathering B. Web server footprinting C. Website mirroring D. Vulnerability scanning B Which of the following tools in OSRFramework is used by attackers to check for a user profile on up to 290 different platforms? A. B. C. D. A An attacker is sending spoofed router advertisement messages so that all the data packets travel through his system. Then the attacker is trying to sniff the traffic to collect valuable information from the data packets to launch further attacks such as man-in-the-middle, denial-of-service, and passive sniffing attacks on the target network. Which of the following technique is the attacker using in the above scenario? A. IRDP spoofing B. DHCP starvation attack C. MAC flooding D. ARP spoofing A Which of the following attacks runs malicious code inside a browser and causes an infection that persists even after closing or browsing away from the malicious web page that spread the infection? A. Clickjacking attack B. DNS rebinding attack C. MarioNet attack D. XML poisoning C Which of the following Net View commands is used by an attacker to view all the available shares in a domain? A. net view <computername> /ALL B. net view /domain:<domain name> C. net view /domain D. net view <computername> C Which of the following types of viruses infects Microsoft Word or similar applications by automatically performing a sequence of actions after triggering an application? A. Multipartite viruses B. Macro viruses C. Encryption viruses D. Sparse infector viruses B Santa, an attacker, targeted an organization's web infrastructure and sent partial HTTP requests to the target web server. When the partial requests were received, the web server opened multiple connections and waited for the requests to complete; however, these requests remained incomplete, causing the target server's maximum concurrent connection pool to be exhausted and additional connection attempts to be denied. Which of the following attack techniques was employed by Santa? A. Slowloris attack B. Ping-of-death (PoD) attack C. Multi-vector attack D. Smurf attack A Which of the following techniques is used by an attacker to perform automated searches on the target website and collect specified information, such as employee names and email addresses? A. Web spidering B. Website mirroring C. Monitoring of web updates D. Website link extraction A Which of the following protocols is often used for data compression, digital signing, encryption and decryption of messages, emails, files, and directories as well as to enhance the privacy of email communications? A. EAP B. PGP C. CHAP D. HMAC B In which of the following attacks does an attacker install a fake communication tower between two authentic endpoints with the intention of misleading a user and interrupting the data transmission between the user and real tower to hijack an active session? A.Rogue AP attack B. Key reinstallation attack C. Wardriving D. aLTEr attack D In one of the following social engineering techniques, an attacker assumes the role of a knowledgeable professional so that the organization's employees ask them for information. The attacker then manipulates questions to draw out the required information. Which is this technique? A. Baiting B. Quid pro quo C. Reverse social engineering D. Dumpster diving A Karen, a security professional in an organization, performed a vulnerability assessment on the organization's network to check for vulnerabilities. In this process, she used a type of location data examination scanner that resides on a single machine but can scan several machines on the same network. Which of the following types of location and data examination tools did Karen use? A. Network-based scanner B. Agent-based scanner C. Proxy scanner D. Cluster scanner A In one of the following jailbreaking techniques, a user turns their device off and back on, following which the device starts up completely and the kernel is patched without the help of a computer. Which is this jailbreaking technique? A. Semi-tethered jailbreaking B. Tethered jailbreaking C . Semi-untethered jailbreaking D. Untethered jailbreaking A Which of the following hping commands is used by an attacker to scan the entire subnet to detect live hosts in a target network? A. hping3 -8 50-60 -S 10.0.0.25 -V B. hping3 -F -P -U 10.0.0.25 -p 80 C. hping3 -1 10.0.1.x --rand-dest -I eth0 D. hping3 -9 HTTP -I eth0 C In which of the following phases of social engineering attacks does an attacker collect sensitive information about the organization's accounts, finance, technologies in use, and upcoming plans? A. Research the target company B. Select a target C. Develop a relationship D. Exploit the relationship D In one of the following IoT attacks, attackers intercept legitimate messages from a valid communication and continuously send the intercepted message to the target device to perform a denial-of-service attack or crash the target device. Which is this IoT attack? A. Replay attack B. Exploit kits C. Network pivoting D. BlueBorne attack A Jim, a professional hacker, was hired to perform an attack on an organization. In the attack process, Jim targeted the SMTP server of the target organization and performed SMTP enumeration using the smtp-user-enum tool. He used some options in the tool to gather the usernames of the target organization's employees. Which of the following options did Jim use in the SMTP command for guessing the username from among EXPN, VRFY, and RCPT TO? A. -m n B. -u user C. -M mode D. -p port C Which of the following is a wireless security layer where per frame/packet authentication provides protection against MITM attacks and prevents an attacker from sniffing data when two genuine users communicate with each other? A. Device security B. Wireless signal security C. End-user protection D. Connection security D Which of the following elements can be extracted using the query A. 1st database table B. 1st table column name C. 1st field of the 1st row D. Database name A Which of the following information does an attacker enumerate by analyzing the AWS error messages that reveal information regarding the existence of a user? A. Enumerating AWS account B. IDsEnumerating S3 buckets C. Enumerating IAM roles D. Enumerating bucket permissions C Through which of the following SCADA vulnerabilities does an attacker exploit code security issues that include out-of-bound read/write vulnerabilities and heap- and stack-based buffer overflow? A. Credential management B. Code injection C. Lack of authorization D. Memory corruption D Victor, an employee in an organization, received an executable file as an email attachment. Out of suspicion, he reached out to the organization's IT team. The team used a tool to dismantle the executable file into a binary program to find harmful or malicious processes. Which of the following tools did the IT team employ to analyze the application? A. SplunkSpam B. Mimic C. IDA Pro D. CCleaner C Which of the following techniques scans the headers of IP packets leaving a network and ensures that unauthorized or malicious traffic never leaves the internal network? A. Ingress filtering B. TCP intercept C. Rate limiting D. Egress filtering D TechSoft Inc. recently experienced many cyberattacks. The management of the organization instructed David, a security engineer, to strengthen the security of the organization. In this process, David employed a tool for detecting session hijacking attempts and performed asset discovery, intrusion detection, threat intelligence, and vulnerability assessment using that tool. Which of the following tools did David employ in the above scenario? A. USM Anywhere B. Dependency Walker C. Weevely D. API Monitor A In which of the following types of vulnerability assessment does an organization assess the assets situated at multiple locations, such as client and server applications, simultaneously through appropriate synchronization techniques? A. Internal assessment B. Network-based assessment C. Credentialed assessment D. Distributed assessment D Cooper, a certified hacker, targeted multiple user accounts of an organization's work group to crack their passwords. In this process, he used a single commonly used password on multiple accounts simultaneously and waited for responses before initiating another password on the same accounts. This technique allowed Cooper to attempt more passwords without being affected by automatic lockout mechanisms. Identify the type of password cracking attack performed by Cooper in the above scenario. A. Password guessing B. Password spraying attack C. Pass-the-ticket attack D. GPU-based attack BWhich of the following modbus-cli commands is used by attackers to manipulate the register values in a target PLC device? A. modbus write <Target IP> 101 1 1 1 1 1 1 1 1 1 1 modbus write <Target IP> %M100 1 1 1 1 1 1 1 1 1 1 B. modbus write <Target IP> %MW100 2 2 2 2 2 2 2 2 modbus write <Target IP> 2 2 2 2 2 C. modbus read <Target IP> 101 10 modbus read <Target IP> %M100 10 D. modbus read <Target IP> 101 10 modbus read <Target IP> %M100 10 B In which of the following security risks does an API accidentally expose internal variables or objects because of improper binding and filtering based on a whitelist, allowing attackers with unauthorized access to modify object properties? A. Broken object-level authorization B. Broken object-level authorization C. Broken object-level authorization D. Injection B Identify the type of cluster computing in which work is distributed among nodes to avoid overstressing a single node and periodic health checks are performed on each node to identify node failures and reroute the incoming traffic to another node. A.Fail-over B.Load balancing C.Highly available D.High-performance computing B Which of the following is an attack technique where the only information available to the attacker is some plaintext blocks along with the corresponding ciphertext and algorithm used to encrypt and decrypt the text? A. Ciphertext-only attack B. Adaptive chosen-plaintext attack C. Chosen-plaintext attack D. Known-plaintext attack A. Which of the following communication protocols is a variant of the Wi-Fi standard that provides an extended range, making it useful for communications in rural areas, and offers low data rates? A. HaLow B. Z-Wave C. 6LoWPAN D. QUIC C Which of the following is a technique used by an attacker to gather valuable system-level data such as account details, OS, software version, server names, and database schema details? A.Whois B.Session hijacking C.Web server footprinting D.Vulnerability scanning C Which of the following RFCrack commands is used by an attacker to perform an incremental scan on a target IoT device while launching a rolling-code attack? A.python RFC -b -v 5000000 B.python RFC-j -F C.python RFC -r -M MOD_2FSK -F D.python RFC -i A Clark, a professional hacker, was attempting to capture packet flow on a target organization's network. After exploiting certain vulnerabilities in the network, Clark placed his Raspberry Pi device between the server and an authorized device to make all the network traffic pass through his device so that he can easily sniff and monitor the packet flow. Using this technique, Clark successfully bypassed NAC controls connected to the target network. Which of the following techniques did Clark employ in the above scenario? A. Using reverse ICMP tunnels B. Using pre-authenticated device C. Double tagging D. Session splicing D Which of the following encryption algorithms is a large tweakable symmetric-key block cipher with equal block and key sizes of 256, 512, or 1024 and involves only three operations, that is, addition-rotation-XOR? A. RC4 B. Twofish C. RC5 D. Threefish D Which of the following steganography techniques is used by attackers for hiding the message with a large amount of useless data and mixing the original data with the unused data in any order? A. Null ciphers B. Grille ciphers C. Jargon codes D. Semagrams A Which of the following attacks does not directly recover a WEP key and requires at least one data packet from a target AP for initiation? A. MAC spoofing B. attackEvil twin attack C. Fragmentation attack D. De-authentication attack C Which of the following protocols uses AES and the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) for wireless data encryption? A. WEP B. WPA3 C. WPA2 D. WPA C Kate, a disgruntled ex-employee of an organization, decided to hinder the operations of the organization and gather sensitive information by injecting malware into the organization's network. Which of the following categories of insiders does Kate belong to? A. Negligent insider B. Malicious insider C. Compromised insider D. Professional insider B Which of the following countermeasure should be used to prevent a ping sweep? A. Disabling the firewall B. Allowing connection with any host performing more than 10 ICMP ECHO requests C. Avoiding the use of DMZ and disallowing commands such as ICMP ECHO_REPLY, HOST UNREACHABLE, and TIME EXCEEDED in DMZ D. Limiting ICMP traffic with access-control lists (ACLs) to the ISP's specific IP addresses D Which of the following operating systems can be identified when scan results show a TTL value of 64 and TCP window size of 5840? A. Windows B. AIX C. Linux D. Solaris C Which of the following is an IDS evasion technique used by attackers to encode an attack packet payload in such a manner that the destination host can decode the packet but not the IDS? A. Evasion B. Session splicing C. Obfuscating D. Fragmentation C Which of the following types of password attacks does not require any technical knowledge about hacking or system exploitation and includes techniques such as shoulder surfing, social engineering, and dumpster diving? A. Active online attacks B. Passive online attacks C. Non-electronic attacks D. Offline attacks C Which of the following attacks is performed by asking the appropriate questions to an application database, with multiple valid statements evaluated as true or false being supplied in the affected parameter in the HTTP request? A. Heavy query B. Error-based SQL injection C. No error message returned D. Boolean exploitation D Which of the following is a mode of operation that includes EAP or RADIUS for centralized client authentication using multiple authentication methods, such as token cards, Kerberos, and certificates? A. WPA3-Personal B. WPA2-Personal C. WPA3-Enterprise D. WPA2-Enterprise D Which of the following is a bidirectional antenna used to support client connections, rather than site-to-site applications? A. Yagi antenna B. Reflector antenna C. Dipole antenna D. Directional antenna C In which of the following incident handling and response phases are the identified security incidents analyzed, validated, categorized, and prioritized? A. Incident recording and assignment B. Incident triage C. Containment D. Eradication B Which of the following is the component in the docker architecture where images are stored and pulled and can be either private or public? A. Docker daemon B. Docker client C. Docker registries D. Docker objects C Which of the following DNS poisoning techniques is used by an attacker to infect a victim's machine with a Trojan and remotely change their DNS IP address to that of the attacker's? A. DNS cache poisoning B. Proxy server DNS poisoning C. Internet DNS spoofing D. Intranet DNS spoofing C Which of the following commands is used by the SNMP manager continuously to retrieve all the data stored in an array or table? A. GetResponse B. GetNextRequest C. GetRequest D. SetRequest B Which of the following Bluetooth attacks is similar to the ICMP ping-of-death attack, where the attacker sends an oversized ping packet to a victim's device to cause a buffer overflow? A. Bluesnarfing B. Bluesniff C. Bluejacking D. Bluesmacking D Mark, a professional hacker, wanted to evade conventional defense mechanisms on a target ICS network. For this purpose, he installed malicious software that hides the presence of malicious services, processes, and other activities. Which of the following techniques did Mark employ for evasion? A. Parameter tampering B. HPP technique C. Rootkits D. WS-address spoofing B Which of the following cloud services provides data processing services, such as IoT services for connected devices, mobile and web applications, and batch-and-stream processing? A. Function as a service (FaaS) B. Container as a service (CaaS) C. Security as a service (SECaaS) D. Identity as a service (IDaaS) A A certain scanning technique has no three-way handshake, and the system does not respond when the port is open; when the port is closed, the system responds with an ICMP port unreachable message. Which of the following is this scanning technique? A.List scanning B. SCTP COOKIE ECHO scanning C. IPv6 scanning D. UDP scanning D Which of the following drozer commands is used by an attacker to find the list of various exported activities, services, broadcast receivers, and content providers in a target mobile device? A. dz> run ksurface <package_name> B. dz> run --component <package_name> <activity_name> C. dz> run D. dz> run -a <package_name> A Smith works as a professional Ethical Hacker with a large MNC. He is a CEH certified professional and was following the CEH methodology to perform the penetration testing. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, (mostly by trial and error), looking for any information about the different departments and business units. Smith was unable to find any information. What should Smith do to get the information he needs? A. Smith should use online services such as to find the company's internal URLs B. Smith should use WayBackMachine in A to find the company's internal URLs C. Smith should use website mirroring tools such as HTTrack Website Copier to find the company's internal URLs D. Smith should use email tracking tools such as eMailTrackerPro to find the company's internal URLs A In which of the following stages of the web server attack methodology does an attacker determine the web server's remote access capabilities, its ports and services, and other aspects of its security? A. Information gathering B. Web server footprinting C. Website mirroring D. Vulnerability scanning B Which of the following tools in OSRFramework is used by attackers to check for a user profile on up to 290 different platforms? A. B. C. D. A An attacker is sending spoofed router advertisement messages so that all the data packets travel through his system. Then the attacker is trying to sniff the traffic to collect valuable information from the data packets to launch further attacks such as man-in-the-middle, denial-of-service, and passive sniffing attacks on the target network. Which of the following technique is the attacker using in the above scenario? A. IRDP spoofing B. DHCP starvation attack C. MAC flooding D. ARP spoofing A Which of the following attacks runs malicious code inside a browser and causes an infection that persists even after closing or browsing away from the malicious web page that spread the infection? A. Clickjacking attack B. DNS rebinding attack C. MarioNet attack D. XML poisoning C Which of the following Net View commands is used by an attacker to view all the available shares in a domain? A. net view <computername> /ALL B. net view /domain:<domain name> C. net view /domain D. net view <computername> C Which of the following types of viruses infects Microsoft Word or similar applications by automatically performing a sequence of actions after triggering an application? A. Multipartite viruses B. Macro viruses C. Encryption viruses D. Sparse infector viruses B Santa, an attacker, targeted an organization's web infrastructure and sent partial HTTP requests to the target web server. When the partial requests were received, the web server opened multiple connections and waited for the requests to complete; however, these requests remained incomplete, causing the target server's maximum concurrent connection pool to be exhausted and additional connection attempts to be denied. Which of the following attack techniques was employed by Santa? A. Slowloris attack B. Ping-of-death (PoD) attack C. Multi-vector attack D. Smurf attack A Which of the following techniques is used by an attacker to perform automated searches on the target website and collect specified information, such as employee names and email addresses? A. Web spidering B. Website mirroring C. Monitoring of web updates D. Website link extraction A Which of the following protocols is often used for data compression, digital signing, encryption and decryption of messages, emails, files, and directories as well as to enhance the privacy of email communications? A. EAP B. PGP C. CHAP D. HMAC B In which of the following attacks does an attacker install a fake communication tower between two authentic endpoints with the intention of misleading a user and interrupting the data transmission between the user and real tower to hijack an active session? A.Rogue AP attack B. Key reinstallation attack C. Wardriving D. aLTEr attack D In one of the following social engineering techniques, an attacker assumes the role of a knowledgeable professional so that the organization's employees ask them for information. The attacker then manipulates questions to draw out the required information. Which is this technique? A. Baiting B. Quid pro quo C. Reverse social engineering D. Dumpster diving A Karen, a security professional in an organization, performed a vulnerability assessment on the organization's network to check for vulnerabilities. In this process, she used a type of location data examination scanner that resides on a single machine but can scan several machines on the same network. Which of the following types of location and data examination tools did Karen use? A. Network-based scanner B. Agent-based scanner C. Proxy scanner D. Cluster scanner A In one of the following jailbreaking techniques, a user turns their device off and back on, following which the device starts up completely and the kernel is patched without the help of a computer. Which is this jailbreaking technique? A. Semi-tethered jailbreaking B. Tethered jailbreaking C . Semi-untethered jailbreaking D. Untethered jailbreaking A Which of the following hping commands is used by an attacker to scan the entire subnet to detect live hosts in a target network? A. hping3 -8 50-60 -S 10.0.0.25 -V B. hping3 -F -P -U 10.0.0.25 -p 80 C. hping3 -1 10.0.1.x --rand-dest -I eth0 D. hping3 -9 HTTP -I eth0 C In which of the following phases of social engineering attacks does an attacker collect sensitive information about the organization's accounts, finance, technologies in use, and upcoming plans? A. Research the target company B. Select a target C. Develop a relationship D. Exploit the relationship D In one of the following IoT attacks, attackers intercept legitimate messages from a valid communication and continuously send the intercepted message to the target device to perform a denial-of-service attack or crash the target device. Which is this IoT attack? A. Replay attack B. Exploit kits C. Network pivoting D. BlueBorne attack A Jim, a professional hacker, was hired to perform an attack on an organization. In the attack process, Jim targeted the SMTP server of the target organization and performed SMTP enumeration using the smtp-user-enum tool. He used some options in the tool to gather the usernames of the target organization's employees. Which of the following options did Jim use in the SMTP command for guessing the username from among EXPN, VRFY, and RCPT TO? A. -m n B. -u user C. -M mode D. -p port C Which of the following is a wireless security layer where per frame/packet authentication provides protection against MITM attacks and prevents an attacker from sniffing data when two genuine users communicate with each other? A. Device security B. Wireless signal security C. End-user protection D. Connection security D Which of the following elements can be extracted using the query A. 1st database table B. 1st table column name C. 1st field of the 1st row D. Database name A Which of the following information does an attacker enumerate by analyzing the AWS error messages that reveal information regarding the existence of a user? A. Enumerating AWS account B. IDsEnumerating S3 buckets C. Enumerating IAM roles D. Enumerating bucket permissions C Through which of the following SCADA vulnerabilities does an attacker exploit code security issues that include out-of-bound read/write vulnerabilities and heap- and stack-based buffer overflow? A. Credential management B. Code injection C. Lack of authorization D. Memory corruption D Victor, an employee in an organization, received an executable file as an email attachment. Out of suspicion, he reached out to the organization's IT team. The team used a tool to dismantle the executable file into a binary program to find harmful or malicious processes. Which of the following tools did the IT team employ to analyze the application? A. SplunkSpam B. Mimic C. IDA Pro D. CCleaner C Which of the following techniques scans the headers of IP packets leaving a network and ensures that unauthorized or malicious traffic never leaves the internal network? A. Ingress filtering B. TCP intercept C. Rate limiting D. Egress filtering D TechSoft Inc. recently experienced many cyberattacks. The management of the organization instructed David, a security engineer, to strengthen the security of the organization. In this process, David employed a tool for detecting session hijacking attempts and performed asset discovery, intrusion detection, threat intelligence, and vulnerability assessment using that tool. Which of the following tools did David employ in the above scenario? A. USM Anywhere B. Dependency Walker C. Weevely D. API Monitor A In which of the following types of vulnerability assessment does an organization assess the assets situated at multiple locations, such as client and server applications, simultaneously through appropriate synchronization techniques? A. Internal assessment B. Network-based assessment C. Credentialed assessment D. Distributed assessment D Cooper, a certified hacker, targeted multiple user accounts of an organization's work group to crack their passwords. In this process, he used a single commonly used password on multiple accounts simultaneously and waited for responses before initiating another password on the same accounts. This technique allowed Cooper to attempt more passwords without being affected by automatic lockout mechanisms. Identify the type of password cracking attack performed by Cooper in the above scenario. A. Password guessing B. Password spraying attack C. Pass-the-ticket attack D. GPU-based attack B