CEH v10 Exam | Questions And Answers Latest {2024- 2025} A+ Graded | 100% Verified
Hacker is a person who illegally breaks into a system or network without any authorization to destroy,
steal sensitive data or to perform any malicious attacks.
Black Hat hackers are:
a. Individuals professing hacker skills and using them for defensive purposes and are also known as
security analysts
b. Individuals with extraordinary skills, resorting to malicious or destructive activities and are also known
as crackers.
c. Individual to aim to bring down critical infrastructure for a "cause" and are not worried about facing
30 years in jail for their actions.
d. Individuals who work both offensively and defensively at various times. - b. Individuals with
extraordinary skills, resorting to malicious or destructive activities and are also known as crackers.
In order to compromise or to hack a system or network the hacker go through various phases of
hacking.What is the first hacking phase that hackers perform to gather information about a target prior
to launching an attack?
a. Reconnaissance
b. Scanning
c. Gaining access
d. Maintaining Access
e. Clearing tracks - a. Reconnaissance
,Defense-in-depth is a security strategy in which several protection layers are placed throughout an
information system. It helps to prevent direct attacks against an information system and data because a
break in one layer only leads the attacker to the next layers.
a. True
b. False - a. True
Penetration testing is a method of actively evaluating the security of an information system f network by
simulation an attack from a malicious source.Which of the following techniques is used to simulate an
attack from someone who is unfamiliar with the system?
a. White box pen testing
b. Black Box pen testing
c. Grey box pen testing
d. Announced pen testing - b. Black Box pen testing
Which of the following scanning techniques do attackers use to bypass firewall rules, logging
mechanism, and hide themselves as usual network traffic?
a. TCP connect scanning
b. XMAS scanning technique
c. Stealth scanning technique
,d. FIN scanning technique - c. Stealth scanning technique
Which of the following scans only work if the operation system's TCP/IP implementation is based on RFC
793?
a. IDLE scan
b. TCP connect scan
c. FTP bounce scan
d. NULL scan - d. NULL scan
OS fingerprinting is the method used to determine the operating system running on a remote target
system. It is an important scanning method, as the attacker will have a greater possibility of success if
he/she knows the OS. Active stack fingerprinting is one of the types of OS fingerprinting.Which of the
following is true about active stack fingerprinting?
a. Uses password crackers to escalate system privileges
b. Is based on the fact that various vendors of OS implement the TCP stack differently
c. Uses sniffing techniques instead of the scanning techniques
d. Is based on the differential implementation of the stack and the various ways an OS responds to it. -
b. Is based on the fact that various vendors of OS implement the TCP stack differently
Proxy is a network computer that can serve as an intermediary for connecting with other computers.
Which of the following sentences is true about a proxy?
a. Protects the local network from outside access..
, b. Does not allow the connection of a number of computers to the Internet when having only one IP
address.
c. Allows attackers to view the desktop of the user's system.
d. Cannot be used to filter out unwanted content. - a. Protects the local network from outside access..
IP spoofing refers to the procedure of an attacker changing his or her IP address so that he or she
appears to be someone else. Which of the following IP Spoofing detection techniques succeed only
when the attacker is in a different subnet?
a. IP identification number technique
b. Direct TTL probes technique
c. TCP flow control method
d. UDP flow control method - b. Direct TTL probes technique
Enumeration is defined as the process of extracting user names, machine names, network resource
shares, and services from a system.Which of the following is an enumeration an attacker used to obtain
a list of computers that belongs to a domain?
a. NTP
b. SMTP
c. NetBIOS
Hacker is a person who illegally breaks into a system or network without any authorization to destroy,
steal sensitive data or to perform any malicious attacks.
Black Hat hackers are:
a. Individuals professing hacker skills and using them for defensive purposes and are also known as
security analysts
b. Individuals with extraordinary skills, resorting to malicious or destructive activities and are also known
as crackers.
c. Individual to aim to bring down critical infrastructure for a "cause" and are not worried about facing
30 years in jail for their actions.
d. Individuals who work both offensively and defensively at various times. - b. Individuals with
extraordinary skills, resorting to malicious or destructive activities and are also known as crackers.
In order to compromise or to hack a system or network the hacker go through various phases of
hacking.What is the first hacking phase that hackers perform to gather information about a target prior
to launching an attack?
a. Reconnaissance
b. Scanning
c. Gaining access
d. Maintaining Access
e. Clearing tracks - a. Reconnaissance
,Defense-in-depth is a security strategy in which several protection layers are placed throughout an
information system. It helps to prevent direct attacks against an information system and data because a
break in one layer only leads the attacker to the next layers.
a. True
b. False - a. True
Penetration testing is a method of actively evaluating the security of an information system f network by
simulation an attack from a malicious source.Which of the following techniques is used to simulate an
attack from someone who is unfamiliar with the system?
a. White box pen testing
b. Black Box pen testing
c. Grey box pen testing
d. Announced pen testing - b. Black Box pen testing
Which of the following scanning techniques do attackers use to bypass firewall rules, logging
mechanism, and hide themselves as usual network traffic?
a. TCP connect scanning
b. XMAS scanning technique
c. Stealth scanning technique
,d. FIN scanning technique - c. Stealth scanning technique
Which of the following scans only work if the operation system's TCP/IP implementation is based on RFC
793?
a. IDLE scan
b. TCP connect scan
c. FTP bounce scan
d. NULL scan - d. NULL scan
OS fingerprinting is the method used to determine the operating system running on a remote target
system. It is an important scanning method, as the attacker will have a greater possibility of success if
he/she knows the OS. Active stack fingerprinting is one of the types of OS fingerprinting.Which of the
following is true about active stack fingerprinting?
a. Uses password crackers to escalate system privileges
b. Is based on the fact that various vendors of OS implement the TCP stack differently
c. Uses sniffing techniques instead of the scanning techniques
d. Is based on the differential implementation of the stack and the various ways an OS responds to it. -
b. Is based on the fact that various vendors of OS implement the TCP stack differently
Proxy is a network computer that can serve as an intermediary for connecting with other computers.
Which of the following sentences is true about a proxy?
a. Protects the local network from outside access..
, b. Does not allow the connection of a number of computers to the Internet when having only one IP
address.
c. Allows attackers to view the desktop of the user's system.
d. Cannot be used to filter out unwanted content. - a. Protects the local network from outside access..
IP spoofing refers to the procedure of an attacker changing his or her IP address so that he or she
appears to be someone else. Which of the following IP Spoofing detection techniques succeed only
when the attacker is in a different subnet?
a. IP identification number technique
b. Direct TTL probes technique
c. TCP flow control method
d. UDP flow control method - b. Direct TTL probes technique
Enumeration is defined as the process of extracting user names, machine names, network resource
shares, and services from a system.Which of the following is an enumeration an attacker used to obtain
a list of computers that belongs to a domain?
a. NTP
b. SMTP
c. NetBIOS
