CEH v12 Exam w ith ver ifi ed solution s |! |! |! |! |!
Which of the following modbus-cli commands is used by attackers to
|! |! |! |! |! |! |! |! |! |! |!
manipulate the register values in a target PLC device? |! |! |! |! |! |! |! |!
A. modbus write <Target IP> 101 1 1 1 1 1 1 1 1 1 1 modbus write <Target
|! |! |! |! |! |! |! |! |! |! |! |! |! |! |! |! |! |! |!
IP> %M100 1 1 1 1 1 1 1 1 1 1
|! |! |! |! |! |! |! |! |! |! |!
B. modbus write <Target IP> %MW100 2 2 2 2 2 2 2 2 modbus write <Target
|! |! |! |! |! |! |! |! |! |! |! |! |! |! |! |! |!
IP> 400101 2 2 2 2 2 2 2 2
|! |! |! |! |! |! |! |! |!
C. modbus read <Target IP> 101 10 modbus read <Target IP> %M100 10
|! |! |! |! |! |! |! |! |! |! |! |!
D. modbus read <Target IP> 101 10 modbus read <Target IP> %M100 10 -
|! |! |! |! |! |! |! |! |! |! |! |! |! |!
Correct answer ✔B |! |!
In which of the following security risks does an API accidentally expose
|! |! |! |! |! |! |! |! |! |! |! |!
internal variables or objects because of improper binding and filtering based
|! |! |! |! |! |! |! |! |! |! |!
on a whitelist, allowing attackers with unauthorized access to modify object
|! |! |! |! |! |! |! |! |! |! |!
properties?
A. Broken object-level authorization
|! |! |!
B. Broken object-level authorization
|! |! |!
C. Broken object-level authorization
|! |! |!
D. Injection - Correct answer ✔B
|! |! |! |! |!
,Identify the type of cluster computing in which work is distributed among
|! |! |! |! |! |! |! |! |! |! |! |!
nodes to avoid overstressing a single node and periodic health checks are
|! |! |! |! |! |! |! |! |! |! |! |!
performed on each node to identify node failures and reroute the incoming
|! |! |! |! |! |! |! |! |! |! |! |!
traffic to another node.
|! |! |!
A.Fail-over
B.Load balancing
|!
C.Highly available |!
D.High-performance computing - Correct answer ✔B |! |! |! |! |!
Which of the following is an attack technique where the only information
|! |! |! |! |! |! |! |! |! |! |! |!
available to the attacker is some plaintext blocks along with the
|! |! |! |! |! |! |! |! |! |! |!
corresponding ciphertext and algorithm used to encrypt and decrypt the text?
|! |! |! |! |! |! |! |! |! |!
A. Ciphertext-only attack
|! |!
B. Adaptive chosen-plaintext attack
|! |! |!
C. Chosen-plaintext attack
|! |!
D. Known-plaintext attack - Correct answer ✔A.
|! |! |! |! |! |!
Which of the following communication protocols is a variant of the Wi-Fi
|! |! |! |! |! |! |! |! |! |! |! |!
standard that provides an extended range, making it useful for
|! |! |! |! |! |! |! |! |! |!
communications in rural areas, and offers low data rates? |! |! |! |! |! |! |! |!
A. HaLow
|!
B. Z-Wave
|!
C. 6LoWPAN
|!
, D. QUIC - Correct answer ✔C
|! |! |! |! |!
Which of the following is a technique used by an attacker to gather valuable
|! |! |! |! |! |! |! |! |! |! |! |! |! |!
system-level data such as account details, OS, software version, server names,
|! |! |! |! |! |! |! |! |! |! |!
and database schema details?
|! |! |! |!
A.Whois
B.Session hijacking |!
C.Web server footprinting |! |!
D.Vulnerability scanning - Correct answer ✔C |! |! |! |! |!
Which of the following RFCrack commands is used by an attacker to perform
|! |! |! |! |! |! |! |! |! |! |! |!
an incremental scan on a target IoT device while launching a rolling-code
|! |! |! |! |! |! |! |! |! |! |! |! |!
attack?
A.python RFCrack.py -b -v 5000000 |! |! |! |!
B.python RFCrack.py-j -F 314000000 |! |! |!
C.python RFCrack.py -r -M MOD_2FSK -F 314350000 |! |! |! |! |! |!
D.python RFCrack.py -i - Correct answer ✔A |! |! |! |! |! |!
Clark, a professional hacker, was attempting to capture packet flow on a
|! |! |! |! |! |! |! |! |! |! |! |!
target organization's network. After exploiting certain vulnerabilities in the
|! |! |! |! |! |! |! |! |!
network, Clark placed his Raspberry Pi device between the server and an
|! |! |! |! |! |! |! |! |! |! |! |!
authorized device to make all the network traffic pass through his device so
|! |! |! |! |! |! |! |! |! |! |! |! |!
that he can easily sniff and monitor the packet flow. Using this technique,
|! |! |! |! |! |! |! |! |! |! |! |! |!
Clark successfully bypassed NAC controls connected to the target network.
|! |! |! |! |! |! |! |! |!
Which of the following modbus-cli commands is used by attackers to
|! |! |! |! |! |! |! |! |! |! |!
manipulate the register values in a target PLC device? |! |! |! |! |! |! |! |!
A. modbus write <Target IP> 101 1 1 1 1 1 1 1 1 1 1 modbus write <Target
|! |! |! |! |! |! |! |! |! |! |! |! |! |! |! |! |! |! |!
IP> %M100 1 1 1 1 1 1 1 1 1 1
|! |! |! |! |! |! |! |! |! |! |!
B. modbus write <Target IP> %MW100 2 2 2 2 2 2 2 2 modbus write <Target
|! |! |! |! |! |! |! |! |! |! |! |! |! |! |! |! |!
IP> 400101 2 2 2 2 2 2 2 2
|! |! |! |! |! |! |! |! |!
C. modbus read <Target IP> 101 10 modbus read <Target IP> %M100 10
|! |! |! |! |! |! |! |! |! |! |! |!
D. modbus read <Target IP> 101 10 modbus read <Target IP> %M100 10 -
|! |! |! |! |! |! |! |! |! |! |! |! |! |!
Correct answer ✔B |! |!
In which of the following security risks does an API accidentally expose
|! |! |! |! |! |! |! |! |! |! |! |!
internal variables or objects because of improper binding and filtering based
|! |! |! |! |! |! |! |! |! |! |!
on a whitelist, allowing attackers with unauthorized access to modify object
|! |! |! |! |! |! |! |! |! |! |!
properties?
A. Broken object-level authorization
|! |! |!
B. Broken object-level authorization
|! |! |!
C. Broken object-level authorization
|! |! |!
D. Injection - Correct answer ✔B
|! |! |! |! |!
,Identify the type of cluster computing in which work is distributed among
|! |! |! |! |! |! |! |! |! |! |! |!
nodes to avoid overstressing a single node and periodic health checks are
|! |! |! |! |! |! |! |! |! |! |! |!
performed on each node to identify node failures and reroute the incoming
|! |! |! |! |! |! |! |! |! |! |! |!
traffic to another node.
|! |! |!
A.Fail-over
B.Load balancing
|!
C.Highly available |!
D.High-performance computing - Correct answer ✔B |! |! |! |! |!
Which of the following is an attack technique where the only information
|! |! |! |! |! |! |! |! |! |! |! |!
available to the attacker is some plaintext blocks along with the
|! |! |! |! |! |! |! |! |! |! |!
corresponding ciphertext and algorithm used to encrypt and decrypt the text?
|! |! |! |! |! |! |! |! |! |!
A. Ciphertext-only attack
|! |!
B. Adaptive chosen-plaintext attack
|! |! |!
C. Chosen-plaintext attack
|! |!
D. Known-plaintext attack - Correct answer ✔A.
|! |! |! |! |! |!
Which of the following communication protocols is a variant of the Wi-Fi
|! |! |! |! |! |! |! |! |! |! |! |!
standard that provides an extended range, making it useful for
|! |! |! |! |! |! |! |! |! |!
communications in rural areas, and offers low data rates? |! |! |! |! |! |! |! |!
A. HaLow
|!
B. Z-Wave
|!
C. 6LoWPAN
|!
, D. QUIC - Correct answer ✔C
|! |! |! |! |!
Which of the following is a technique used by an attacker to gather valuable
|! |! |! |! |! |! |! |! |! |! |! |! |! |!
system-level data such as account details, OS, software version, server names,
|! |! |! |! |! |! |! |! |! |! |!
and database schema details?
|! |! |! |!
A.Whois
B.Session hijacking |!
C.Web server footprinting |! |!
D.Vulnerability scanning - Correct answer ✔C |! |! |! |! |!
Which of the following RFCrack commands is used by an attacker to perform
|! |! |! |! |! |! |! |! |! |! |! |!
an incremental scan on a target IoT device while launching a rolling-code
|! |! |! |! |! |! |! |! |! |! |! |! |!
attack?
A.python RFCrack.py -b -v 5000000 |! |! |! |!
B.python RFCrack.py-j -F 314000000 |! |! |!
C.python RFCrack.py -r -M MOD_2FSK -F 314350000 |! |! |! |! |! |!
D.python RFCrack.py -i - Correct answer ✔A |! |! |! |! |! |!
Clark, a professional hacker, was attempting to capture packet flow on a
|! |! |! |! |! |! |! |! |! |! |! |!
target organization's network. After exploiting certain vulnerabilities in the
|! |! |! |! |! |! |! |! |!
network, Clark placed his Raspberry Pi device between the server and an
|! |! |! |! |! |! |! |! |! |! |! |!
authorized device to make all the network traffic pass through his device so
|! |! |! |! |! |! |! |! |! |! |! |! |!
that he can easily sniff and monitor the packet flow. Using this technique,
|! |! |! |! |! |! |! |! |! |! |! |! |!
Clark successfully bypassed NAC controls connected to the target network.
|! |! |! |! |! |! |! |! |!
