CEH V10. EXAM STUDY GUIDE
ARP poisoning - Answers :ARP poisoning refers to flooding the target machine's ARP
cache with forged entries.
Grey box testing - Answers :A combination of black box and white box testing that gives
a full inspection of the system, simulating both outside and inside attacks
NTP Enumeration - Answers :NTP stands for Network Time Protocol and its role is to
ensure that the networked computer clocks are synchronized. NTP enumeration
provides hackers with information about the hosts that are connected to NTP server as
well as IP addresses, system names, and operating systems of the clients.
Active online attacks - Answers :Active online attacks require the attacker to
communicate with the target machine in order to crack the password.
Static malware analysis - Answers :Static analysis refers to analyzing malware without
running or installing it. The malware's binary code is examined to determine if there are
any data structures or function calls that have malicious behavior.
Access control - Answers :Access control attack is someone tries to penetrate a
wireless network by avoiding access control measures, such as Access Point MAC
filters or Wi-Fi port access control.
Password guessing attack steps - Answers :Find the target's username
Create a password list
Sort the passwords by the probability
Try each password
Sniffer - Answers :Packet sniffing programs are called sniffers and they are designed to
capture packets that contain information such as passwords, router configuration, traffic,
and more.
Data backup strategy steps - Answers :Identify important data
Choose the appropriate backup media
Choose the appropriate backup technology
Choose the appropriate RAID levels
Choose the appropriate backup method
,Choose the appropriate location
Choose the backup type
Choose the appropriate backup solution
Perform a recovery test
WPA2-Personal - Answers :WPA2-Personal encryption uses a pre-shared key (PSK) to
protect the network access.
Threat modeling - Answers :Threat modeling is an assessment approach in which the
security of an application is analyzed. It helps in identifying threats that are relevant to
the application, discovering application vulnerabilities, and improve the security.
Administrative security policies - Answers :Administrative policies define the behaviour
of employees.
Doxing - Answers :Doxing is revealing and publishing personal information about
someone. It involves gathering private and valuable information about a person or
organization and then misusing that information for different reasons.
Recovery controls - Answers :Recovery controls are used after a violation has
happened and system needs to be restored to its persistent state. These may include
backup systems or disaster recovery.
Confidentiality attack - Answers :Confidentiality attack is where an attacker attempts to
intercept confidential information transmitted over the network.
Proprietary Methodologies - Answers :Proprietary methodologies are usually devised by
the security companies who offer pentesting services and as such are kept confidential.
Examples of proprietary methodologies include:
-IBM
-McAfee Foundstone
-EC-Council LPT
Five stages of hacking - Answers :Reconnaissance
Scanning
Gaining access
Maintaining access
Clearing tracks
Script kiddies - Answers :Script kiddies are hackers who are new to hacking and don't
have much knowledge or skills to perform hacks. Instead, they use tools and scripts
developed by more experienced hackers.
, Application keylogger - Answers :Application keylogger is designed to observe the
target's activity whenever they type something. It can record emails, passwords,
messages, browsing activities, and more.
Ethical hacking guidelines - Answers :No test should be performed without an
appropriate permission and authorization
Keep the test results confidential (usually an NDA is signed)
Perform only those tests that the client had previously agreed upon
CVSS - Answers :The Common Vulnerability Scoring System (CVSS) provides a way to
capture the principal characteristics of a vulnerability, and produce a numerical score
reflecting its severity. The numerical score can then be translated into a qualitative
representation (such as low, medium, high, and critical) to help organizations properly
assess and prioritize their vulnerability management processes.
Man-in-the-middle attack - Answers :Man-in-the-middle attack is when an attacker gains
access to the communication channel between a target and server. The attacker is then
able to extract the information and data they need to gain unauthorized access.
Breaking WPA/WPA2 Encryption: Brute-force WPA Keys - Answers :Brute-Force WPA
Keys is a technique in which the attacker uses dictionary or cracking tools to break
WPA encryption keys. This attack takes a lot of time to break the key.
Web application threats - Answers :Attacks that take advantage of poorly written code
and lack of proper validation on input and output data. Some of these attacks include
SQL injection and cross-site scripting.
Out-of-band SQL injection - Answers :Out-of-band SQL injection is an injection attack in
which the attacker uses more channels to inject malicious queries and retrieve results.
Management zone - Answers :This is a secured zone which enforces strict policies and
limits access to a few authorized users.
List scanning - Answers :List scanning indirectly discovers hosts. This scan works by
listing out IP addresses and names without pinging the hosts and with performing a
reverse DNS resolution to identify the names of the hosts.
Types of penetration testing - Answers :Black box testing
Grey box testing
White box testing
Social engineering types - Answers :Human-based social engineering
Computer-based social engineering
Mobile-based social engineering
ARP poisoning - Answers :ARP poisoning refers to flooding the target machine's ARP
cache with forged entries.
Grey box testing - Answers :A combination of black box and white box testing that gives
a full inspection of the system, simulating both outside and inside attacks
NTP Enumeration - Answers :NTP stands for Network Time Protocol and its role is to
ensure that the networked computer clocks are synchronized. NTP enumeration
provides hackers with information about the hosts that are connected to NTP server as
well as IP addresses, system names, and operating systems of the clients.
Active online attacks - Answers :Active online attacks require the attacker to
communicate with the target machine in order to crack the password.
Static malware analysis - Answers :Static analysis refers to analyzing malware without
running or installing it. The malware's binary code is examined to determine if there are
any data structures or function calls that have malicious behavior.
Access control - Answers :Access control attack is someone tries to penetrate a
wireless network by avoiding access control measures, such as Access Point MAC
filters or Wi-Fi port access control.
Password guessing attack steps - Answers :Find the target's username
Create a password list
Sort the passwords by the probability
Try each password
Sniffer - Answers :Packet sniffing programs are called sniffers and they are designed to
capture packets that contain information such as passwords, router configuration, traffic,
and more.
Data backup strategy steps - Answers :Identify important data
Choose the appropriate backup media
Choose the appropriate backup technology
Choose the appropriate RAID levels
Choose the appropriate backup method
,Choose the appropriate location
Choose the backup type
Choose the appropriate backup solution
Perform a recovery test
WPA2-Personal - Answers :WPA2-Personal encryption uses a pre-shared key (PSK) to
protect the network access.
Threat modeling - Answers :Threat modeling is an assessment approach in which the
security of an application is analyzed. It helps in identifying threats that are relevant to
the application, discovering application vulnerabilities, and improve the security.
Administrative security policies - Answers :Administrative policies define the behaviour
of employees.
Doxing - Answers :Doxing is revealing and publishing personal information about
someone. It involves gathering private and valuable information about a person or
organization and then misusing that information for different reasons.
Recovery controls - Answers :Recovery controls are used after a violation has
happened and system needs to be restored to its persistent state. These may include
backup systems or disaster recovery.
Confidentiality attack - Answers :Confidentiality attack is where an attacker attempts to
intercept confidential information transmitted over the network.
Proprietary Methodologies - Answers :Proprietary methodologies are usually devised by
the security companies who offer pentesting services and as such are kept confidential.
Examples of proprietary methodologies include:
-IBM
-McAfee Foundstone
-EC-Council LPT
Five stages of hacking - Answers :Reconnaissance
Scanning
Gaining access
Maintaining access
Clearing tracks
Script kiddies - Answers :Script kiddies are hackers who are new to hacking and don't
have much knowledge or skills to perform hacks. Instead, they use tools and scripts
developed by more experienced hackers.
, Application keylogger - Answers :Application keylogger is designed to observe the
target's activity whenever they type something. It can record emails, passwords,
messages, browsing activities, and more.
Ethical hacking guidelines - Answers :No test should be performed without an
appropriate permission and authorization
Keep the test results confidential (usually an NDA is signed)
Perform only those tests that the client had previously agreed upon
CVSS - Answers :The Common Vulnerability Scoring System (CVSS) provides a way to
capture the principal characteristics of a vulnerability, and produce a numerical score
reflecting its severity. The numerical score can then be translated into a qualitative
representation (such as low, medium, high, and critical) to help organizations properly
assess and prioritize their vulnerability management processes.
Man-in-the-middle attack - Answers :Man-in-the-middle attack is when an attacker gains
access to the communication channel between a target and server. The attacker is then
able to extract the information and data they need to gain unauthorized access.
Breaking WPA/WPA2 Encryption: Brute-force WPA Keys - Answers :Brute-Force WPA
Keys is a technique in which the attacker uses dictionary or cracking tools to break
WPA encryption keys. This attack takes a lot of time to break the key.
Web application threats - Answers :Attacks that take advantage of poorly written code
and lack of proper validation on input and output data. Some of these attacks include
SQL injection and cross-site scripting.
Out-of-band SQL injection - Answers :Out-of-band SQL injection is an injection attack in
which the attacker uses more channels to inject malicious queries and retrieve results.
Management zone - Answers :This is a secured zone which enforces strict policies and
limits access to a few authorized users.
List scanning - Answers :List scanning indirectly discovers hosts. This scan works by
listing out IP addresses and names without pinging the hosts and with performing a
reverse DNS resolution to identify the names of the hosts.
Types of penetration testing - Answers :Black box testing
Grey box testing
White box testing
Social engineering types - Answers :Human-based social engineering
Computer-based social engineering
Mobile-based social engineering
