Exam (elaborations)

CEH V12 Exam Version 2 (Latest 2024/ 2025 Update) Qs & As | Grade A| 100% Correct (Verified Answers)

Rating

Sold

Pages

Grade

A+

Uploaded on

17-09-2024

Written in

2024/2025

CEH V12 Exam Version 2 (Latest 2024/ 2025 Update) Qs & As | Grade A| 100% Correct (Verified Answers) Q: Becky has been hired by a client from Dubai to perform a penetration test against one of their remote offices. Working from her location in Columbus, Ohio, Becky runs her usual reconnaissance scans to obtain basic information about their network. When analyzing the results of her Whois search, Becky notices that the IP was allocated to a location in Le Havre, France. Which regional Internet registry should Becky go to for detailed information? A. ARIN B. LACNIC C. APNIC D. RIPE Answer: RIPE Q: Harry, a professional hacker, targets the IT infrastructure of an organiza- tion. After preparing for the attack, he attempts to enter the target network us- ing techniques such as sending spear-phishing emails and exploiting vulnera- bilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing? A. Initial intrusion B. Persistence C. Cleanup D. Preparation Answer: Initial Intrusion Q: Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process, Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network. What is the attack performed by Robin in the above scenario? A. ARP spoofing attack B. STP attack C. DNS poisoning attack D. VLAN hopping attack Answer: STP attack Q: An attacker utilizes a Wi-Fi Pineapple to run an access point with a le- gitimate-looking SSID for a nearby business in order to capture the wireless password. What kind of attack is this? A. MAC spoofing attack B. War driving attack C. Phishing attack D. Evil-twin attack Answer: Evil-twin attack Q: CyberTech Inc. recently experienced SQL injection attacks on its official website. The company appointed Bob, a security professional, to build and incorporate defensive strategies against such attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted. What is the defensive technique employed by Bob in the above scenario? A. Whitelist validation B. Output encoding C. Blacklist validation D. Enforce least privileges Answer: Whitelist validation Q: Joe works as an IT administrator in an organization and has recently set up a cloud computing service for the organization. To implement this service, he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud service provider. In the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario? A. Cloud consumer B. Cloud broker C. Cloud auditor D. Cloud carrier Answer: Cloud carrier Q: Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this vir- tual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session. Upon receiving the user's request, Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario? A. aLTEr attack B. Jamming signal attack C. Wardriving D. KRACK attack Answer: aLTEr attack Q: John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anony- mously query the LDAP service for sensitive information such as usernames, addresses, departmental details, and server names to launch further attacks on the target organization. What is the tool employed by John to gather information from the LDAP service? A. ike-scan B. Zabasearch C. JXplorer D. EarthExplorer Answer: JXplorer Q: Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes, images, and networks. What is the component of the Docker architecture used by Annie in the above scenario? A. Docker objects B. Docker daemon C. Docker client D. Docker registries Answer: Docker daemon Q: Bob, an attacker, has managed to access a target IoT device. He employed an online tool to gather information related to the model of the IoT device and the certifications granted to it. Which of the following tools did Bob employ to gather the above information? A. FCC ID search B. Google image search C. D. EarthExplorer Answer: FCC ID search Q: What piece of hardware on a computer's motherboard generates encryp- tion keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible? A. CPU B. UEFI C. GPU D. TPM Answer: TPM Q: Gilbert, a web developer, uses a centralized we

Show more Read less

Institution

CEH V12

Course

CEH V12

Whoops! We can’t load your doc right now. Try again or contact support.

Report Copyright Violation

Written for

Institution: CEH V12
Course: CEH V12

Document information

Uploaded on: September 17, 2024
Number of pages: 44
Written in: 2024/2025
Type: Exam (elaborations)
Contains: Questions & answers

Subjects

certified ethical hacker v12 ceh v12
ceh v12 exam version 2 latest update
gilbert a web developer uses a centr
becky has been hired by a client from dubai to per

Content preview

CEHIV12IExamIVersionI2I(LatestI2024/
I2025IUpdate)IQsI&IAsI|IGradeIA|I100%I
CorrectI(VerifiedIAnswers)

Q:IBeckyIhasIbeenIhiredIbyIaIclientIfromIDubaiItoIperformIaIpenetrationItestIagainstIoneIof
ItheirIremoteIoffices.IWorkingIfromIherIlocationIinIColumbus,IOhio,IBeckyIrunsIherIusualIrec
onnaissanceIscansItoIobtainIbasicIinformationIaboutItheirInetwork.IWhenIanalyzingItheIresults
IofIherIWhoisIsearch,IBeckyInoticesIthatItheIIPIwasIallocatedItoIaIlocationIinILeIHavre,IFranc
e.IWhichIregionalIInternetIregistryIshouldIBeckyIgoItoIforIdetailedIinformation?
A.IARIN
B.ILACNIC
I
C.IAPNIC
D.IRIPE

Answer:
IRIPE

Q:IHarry,IaIprofessionalIhacker,ItargetsItheIITIinfrastructureIofIanIorganiza-
Ition.IAfterIpreparingIforItheIattack,IheIattemptsItoIenterItheItargetInetworkIus-
IingItechniquesIsuchIasIsendingIspear-phishingIemailsIandIexploitingIvulnera-
IbilitiesIonIpubliclyIavailableIservers.IUsingItheseItechniques,IheIsuccessfullyIdeployedImalwa
reIonItheItargetIsystemItoIestablishIanIoutboundIconnection.IWhatIisItheIAPTIlifecycleIphaseIt
hatIHarryIisIcurrentlyIexecuting?
A.IInitialIintrusion
B.IPersistence
C.ICleanup
D.IPreparation

Answer:
IInitialIIntrusion

,Q:IRobin,IaIprofessionalIhacker,ItargetedIanIorganization'sInetworkItoIsniffIallItheItraffic.ID
uringIthisIprocess,IRobinIpluggedIinIaIrogueIswitchItoIanIunusedIportIinItheILANIwithIaIprior
ityIlowerIthanIanyIotherIswitchIinItheInetworkIsoIthatIheIcouldImakeIitIaIrootIbridgeIthatIwill
IlaterIallowIhimItoIsniffIallItheItrafficIinItheInetwork.IWhatIisItheIattackIperformedIbyIRobinIi
nItheIaboveIscenario?
A.IARPIspoofingIattack
B.ISTPIattack
C.IDNSIpoisoningIattack
D.IVLANIhoppingIattack

Answer:
ISTPIattack

Q:IAnIattackerIutilizesIaIWi-FiIPineappleItoIrunIanIaccessIpointIwithIaIle-Igitimate-
lookingISSIDIforIaInearbyIbusinessIinIorderItoIcaptureItheIwirelessIpassword.IWhatIkindIofIat
tackIisIthis?
A.IMACIspoofingIattack
B.IWarIdrivingIattack
C.IPhishingIattack
D.IEvil-twinIattack

Answer:
IEvil-twinIattack

Q:ICyberTechIInc.IrecentlyIexperiencedISQLIinjectionIattacksIonIitsIofficialIwebsite.ITheIco
mpanyIappointedIBob,IaIsecurityIprofessional,ItoIbuildIandIincorporateIdefensiveIstrategiesIag
ainstIsuchIattacks.IBobIadoptedIaIpracticeIwherebyIonlyIaIlistIofIentitiesIsuchIasItheIdataItype,
Irange,Isize,IandIvalue,IwhichIhaveIbeenIapprovedIforIsecuredIaccess,IisIaccepted.IWhatIisIthe
IdefensiveItechniqueIemployedIbyIBobIinItheIaboveIscenario?
A.IWhitelistIvalidation
I
B.IOutputIencoding
C.IBlacklistIvalidation
D.IEnforceIleastIprivileges

Answer:
IWhitelistIvalidation

,Q:IJoeIworksIasIanIITIadministratorIinIanIorganizationIandIhasIrecentlyIsetIupIaIcloudIcomp
utingIserviceIforItheIorganization.IToIimplementIthisIservice,IheIreachedIoutItoIaItelecomIcom
panyIforIprovidingIInternetIconnectivityIandItransportIservicesIbetweenItheIorganizationIandIt
heIcloudIserviceIprovider.IInItheINISTIcloudIdeploymentIreferenceIarchitecture,IunderIwhichIc
ategoryIdoesItheItelecomIcompanyIfallIinItheIaboveIscenario?
A.ICloudIconsumer
B.ICloudIbroker
C.ICloudIauditor
D.ICloudIcarrier

Answer:
ICloudIcarrier

Q:IBobby,IanIattacker,ItargetedIaIuserIandIdecidedItoIhijackIandIinterceptIallItheirIwirelessIc
ommunications.IHeIinstalledIaIfakeIcommunicationItowerIbetweenItwoIauthenticIendpointsItoI
misleadItheIvictim.IBobbyIusedIthisIvir-
ItualItowerItoIinterruptItheIdataItransmissionIbetweenItheIuserIandIrealItower,IattemptingItoIhi
jackIanIactiveIsession.IUponIreceivingItheIuser'sIrequest,IBobbyImanipulatedItheItrafficIwithIt
heIvirtualItowerIandIredirectedItheIvictimItoIaImaliciousIwebsite.
WhatIisItheIattackIperformedIbyIBobbyIinItheIaboveIscenario?
A.IaLTErIattack
B.IJammingIsignalIattack
C.IWardriving
D.IKRACKIattack

Answer:
IaLTErIattack

Q:IJohn,IaIprofessionalIhacker,ItargetedIanIorganizationIthatIusesILDAPIforIaccessingIdistrib
utedIdirectoryIservices.IHeIusedIanIautomatedItoolItoIanony-
ImouslyIqueryItheILDAPIserviceIforIsensitiveIinformationIsuchIasIusernames,Iaddresses,Idepa
rtmentalIdetails,IandIserverInamesItoIlaunchIfurtherIattacksIonItheItargetIorganization.
WhatIisItheItoolIemployedIbyIJohnItoIgatherIinformationIfromItheILDAP
service?
A.Iike-scan

, B.IZabasearch
C.IJXplorer
D.IEarthExplorer

Answer:
IJXplorer
I

Q:IAnnie,IaIcloudIsecurityIengineer,IusesItheIDockerIarchitectureItoIemployIaIclient/serverI
modelIinItheIapplicationIsheIisIworkingIon.ISheIutilizesIaIcomponentIthatIcanIprocessIAPIIreq
uestsIandIhandleIvariousIDockerIobjects,IsuchIasIcontainers,Ivolumes,Iimages,IandInetworks.I
WhatIisItheIcomponentIofItheIDockerIarchitectureIusedIbyIAnnieIinItheIaboveIscenario?
A.IDockerIobjectsIB.IDockerIdaemonIC.IDockerIclient
D.IDockerIregistries

Answer:
IDockerIdaemon

Q:IBob,IanIattacker,IhasImanagedItoIaccessIaItargetIIoTIdevice.IHeIemployedIanIonlineItool
ItoIgatherIinformationIrelatedItoItheImodelIofItheIIoTIdeviceIandItheIcertificationsIgrantedItoIi
t.IWhichIofItheIfollowingItoolsIdidIBobIemployItoIgatherItheIaboveIinformation?
A.IFCCIIDIsearch
B.IGoogleIimageIsearch
C.Isearch.com
D.IEarthExplorer

Answer:
IFCCIIDIsearch

Q:IWhatIpieceIofIhardwareIonIaIcomputer'sImotherboardIgeneratesIencryp-
ItionIkeysIandIonlyIreleasesIaIpartIofItheIkeyIsoIthatIdecryptingIaIdiskIonIaInewIpieceIofIhard
wareIisInotIpossible?
A.ICPUIB.IUEFIIC.IGPU
D.ITPM

Answer:

$10.99

Get access to the full document:

100% satisfaction guarantee

Immediately available after payment

Both online and in PDF

No strings attached

Get to know the seller

nurse_steph

3.9

(1673)

Also available in package deal

Get to know the seller

nurse_steph Rasmussen College

View profile

Sold

9356

Member since

5 year

Number of followers

5135

Documents

7547

Last sold

1 day ago

Exams, Study guides, Reviews, Notes

All study solutions.

3.9

1673 reviews

841

296

258

201

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller nurse_steph. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $10.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews) 46153 documents were sold in the last 30 days Founded in 2010, the go-to place to buy study notes for 15 years now

CEH V12 Exam Version 2 (Latest 2024/ 2025 Update) Qs & As | Grade A| 100% Correct (Verified Answers)

Written for

Document information

Subjects

Content preview

Also available in package deal

Get to know the seller

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Didn't get what you expected? Choose another document

Pay as you like, start learning right away

Frequently asked questions

What do I get when I buy this document?

Satisfaction guarantee: how does it work?

Who am I buying these notes from?

Will I be stuck with a subscription?

Can Stuvia be trusted?