MINDPLUG SOLUTIONS — EMPOWERING MINDS, BUILDING FUTURES
TESTOUT ETHICAL HACKER PRO FINAL REVIEW
(LABS) 2025 COMPLETE PRACTICE TEST & VERIFIED
TEST BANK GRADED+
Complete this lab as follows:
Right-click Start and select Windows PowerShell (Admin).
Maximize the window for easier viewing.
At the prompt, type Get-Eventlog -logname * and press Enter.In the Entries column, notice
the number of entries for the logs.
Type Clear-Eventlog -logname Application and press Enter.
Type Clear-Eventlog -logname System and press Enter.
Type Get-Eventlog -logname * and press Enter.The log entries for Application is zero. The log
entries for System is one because another event occurred between the times you cleared
the log and viewed the entry list.
8.4.5 You are a cybersecurity consultant and have been asked to work with the ACME, Inc.
company to ensure that their network is protected from hackers. As part of the tests, you
need to clear a few log files.
In this lab, your task is to use Windows PowerShell (as Admin) to clear the following event
logs:
Use get-eventlog to view the available event logs.
Use clear-eventlog to clear the Application and System logs.
Complete this lab as follows:
From the Favorites bar, open Wireshark.
Under Capture, select enp2s0.
EDUCATIONAL SUPPORT • ACADEMIC RESOURCES • PROFESSIONAL GUIDANCE
,MINDPLUG SOLUTIONS — EMPOWERING MINDS, BUILDING FUTURES
Select the blue fin to begin a Wireshark capture.
After a few seconds, select the red box to stop the Wireshark capture.
In the Apply a display filter field, type tcp contains Invoice and press Enter.
From the bottom panel, exam the packet information and locate the following: The account
manager's email address. The recipient of the email's full name. The name of the company
requesting payment.
In the top right, select Answer Questions.
In the bottom pane of Wireshark, exam the packet information to answer the questions.
Answer the questions.
Select Score Lab.
10.1.12 As the IT security specialist for your company, you are performing a penetration
test to verify the security of the accounting department. You are concerned that invoice
emails can be captured and the information gleaned from these emails can be used to help
hackers generate fake invoice requests.
In this lab, your task is to:
Capture packets on the enp2s0 interface using Wireshark.
Find packets containing invoice emails using display filters.
Check to see if the following information can be seen in clear text format in the invoice
emails: Source and destination email addresses Names of those that sent or received the
emails Customer information You can use the tcp contains desired_information filter.
Answer the questions.
Complete this lab as follows:
From the Favorites bar, open Wireshark.
Under Capture, select enp2s0.
Select the blue fin to begin a Wireshark capture.
After a few seconds, select the red box to stop the Wireshark capture.
EDUCATIONAL SUPPORT • ACADEMIC RESOURCES • PROFESSIONAL GUIDANCE
,MINDPLUG SOLUTIONS — EMPOWERING MINDS, BUILDING FUTURES
In the Apply a display filter field, type tcp contains SSN and press Enter.
In the top right, select Answer Questions.
In the bottom pane of Wireshark, examine the packet information to answer the questions.
Answer the questions.
Select Score Lab.
10.1.13 As the IT security specialist for your company, you're performing a penetration test
to verify email security. You are specifically concerned that the HR department may be
sending employee's personally identifiable information (PII) in clear text through emails.
In this lab, your task is to:
Capture packets on the enp2s0 interface using Wireshark.
Find packets containing the following information using display filters: Social security
numbers (SSN) Birth dates Direct deposit routing numbers Mother's maiden name Favorite
car Favorite movie You can use the tcp contains desired_information filter.
Answer the questions.
Complete this lab as follows:
On IT-Laptop, start unified sniffing on the enp2s0 interface as follows: From the Favorites
bar, select Ettercap. Select Sniff > Unified sniffing. From the Network Interface drop-down
list, select enp2s0. Click OK. Select Mitm > DHCP spoofing. In the Netmask field, enter
255.255.255.0. In the DNS Server IP field, enter 192.168.0.11. Click OK.
On Support, start a capture that filters for bootp packets as follows: From top navigation
tabs, select Floor 1 Overview. Under Support Office, select Support. From the Favorites bar,
open Wireshark. Under Capture, select enp2s0. Select the blue fin to begin a Wireshark
capture. In the Apply a display filter field, type bootp and press Enter.
Request a new IP address as follows: From the Favorites bar, open Terminal. At the prompt,
type ip addr show and press Enter.The IP address for enp2s0 is 192.168.0.45. Type route
and press Enter.The gateway is 192.168.0.5. Type ip link set enp2s0 down and press Enter.
Type ip link set enp2s0 up and press Enter to bring the interface back up. Maximize
Wireshark for easier viewing.In Wireshark, under the Info column, notice that there are two
DHCP ACK packets. One is the real acknowledgment (ACK) packet from the DHCP server,
EDUCATIONAL SUPPORT • ACADEMIC RESOURCES • PROFESSIONAL GUIDANCE
, MINDPLUG SOLUTIONS — EMPOWERING MINDS, BUILDING FUTURES
and the other is the spoofed ACK packet. Select the first DHCP ACK packet received. In the
middle panel, expand Bootstrap Protocol (ACK). Expand Option: (3) Router.Notice the IP
address for the router. Repeat steps 3g-3i for the second ACK packet. In the top right, select
Answer Questions. Answer the questions. Minimize Wireshark.
View the current IP addresses as follows: In Terminal at the prompt, type ip addr show and
press Enter.The IP address is 192.168.0.45. Type route and press Enter.The current gateway
is 192.168.0.46. This is the address of the computer performing the man-in-the-middle
attack.
On Office1, view the current route and IP address as follows: From top navigation tabs,
select Floor 1 Overview. Under Office 1, select Office1. Right-click Start and select
Windows PowerShell (Admin). Type tracert rmksupplies.com and press Enter.Notice that
the first hop is 192.168.0.5. Type ipconfig /all and press Enter to view the IP address
configuration for the computer.The configuration for Office1 is as follows: IP address:
192.168.0.33 Gateway: 192.168.0.5 DHCP server: 192.168.0.14 At the prompt, type
ipconfig /release and press Enter to release the currently assigned addresses. Type ipconfig
/renew and press Enter to request a new IP address from the DHCP server.Notice that the
default gateway has changed to the attacker's computer which has an IP address of
192.168.0.46. Type tracert rmksupplies.com and press Enter.Notice that the first hop is
now 192.168.0.46 (the address of the attacker's computer).
In Google Chrome, log into the rmksupplies.com employee portal as follows: From the
taskbar, open Google Chrome. Maximize the window for easier viewing. In the URL field,
enter rmksupplies.com and press Enter. At the bottom of the page, select Employee Portal.
In the Username field, enter bjackson. In the Password field, enter $uper$ecret1. Select
Login. You are logged in as Blake Jackson.
From IT-Laptop, find the captured username and password in Ettercap as follows: From top
navigation tabs, select Floor 1 Overview. Under IT Administration, select IT-Laptop.
Maximize Ettercap. In Ettercap's bottom pane, find the username and password used to log
in to the employee portal.
In the top right, select Answer Questions to end the lab.
Select Score Lab.
10.2.6 You are the IT security administrator for a small corporate network. You're
experimenting with DHCP spoofing attacks using Ettercap.
In this lab, your task is to complete the following:
EDUCATIONAL SUPPORT • ACADEMIC RESOURCES • PROFESSIONAL GUIDANCE
TESTOUT ETHICAL HACKER PRO FINAL REVIEW
(LABS) 2025 COMPLETE PRACTICE TEST & VERIFIED
TEST BANK GRADED+
Complete this lab as follows:
Right-click Start and select Windows PowerShell (Admin).
Maximize the window for easier viewing.
At the prompt, type Get-Eventlog -logname * and press Enter.In the Entries column, notice
the number of entries for the logs.
Type Clear-Eventlog -logname Application and press Enter.
Type Clear-Eventlog -logname System and press Enter.
Type Get-Eventlog -logname * and press Enter.The log entries for Application is zero. The log
entries for System is one because another event occurred between the times you cleared
the log and viewed the entry list.
8.4.5 You are a cybersecurity consultant and have been asked to work with the ACME, Inc.
company to ensure that their network is protected from hackers. As part of the tests, you
need to clear a few log files.
In this lab, your task is to use Windows PowerShell (as Admin) to clear the following event
logs:
Use get-eventlog to view the available event logs.
Use clear-eventlog to clear the Application and System logs.
Complete this lab as follows:
From the Favorites bar, open Wireshark.
Under Capture, select enp2s0.
EDUCATIONAL SUPPORT • ACADEMIC RESOURCES • PROFESSIONAL GUIDANCE
,MINDPLUG SOLUTIONS — EMPOWERING MINDS, BUILDING FUTURES
Select the blue fin to begin a Wireshark capture.
After a few seconds, select the red box to stop the Wireshark capture.
In the Apply a display filter field, type tcp contains Invoice and press Enter.
From the bottom panel, exam the packet information and locate the following: The account
manager's email address. The recipient of the email's full name. The name of the company
requesting payment.
In the top right, select Answer Questions.
In the bottom pane of Wireshark, exam the packet information to answer the questions.
Answer the questions.
Select Score Lab.
10.1.12 As the IT security specialist for your company, you are performing a penetration
test to verify the security of the accounting department. You are concerned that invoice
emails can be captured and the information gleaned from these emails can be used to help
hackers generate fake invoice requests.
In this lab, your task is to:
Capture packets on the enp2s0 interface using Wireshark.
Find packets containing invoice emails using display filters.
Check to see if the following information can be seen in clear text format in the invoice
emails: Source and destination email addresses Names of those that sent or received the
emails Customer information You can use the tcp contains desired_information filter.
Answer the questions.
Complete this lab as follows:
From the Favorites bar, open Wireshark.
Under Capture, select enp2s0.
Select the blue fin to begin a Wireshark capture.
After a few seconds, select the red box to stop the Wireshark capture.
EDUCATIONAL SUPPORT • ACADEMIC RESOURCES • PROFESSIONAL GUIDANCE
,MINDPLUG SOLUTIONS — EMPOWERING MINDS, BUILDING FUTURES
In the Apply a display filter field, type tcp contains SSN and press Enter.
In the top right, select Answer Questions.
In the bottom pane of Wireshark, examine the packet information to answer the questions.
Answer the questions.
Select Score Lab.
10.1.13 As the IT security specialist for your company, you're performing a penetration test
to verify email security. You are specifically concerned that the HR department may be
sending employee's personally identifiable information (PII) in clear text through emails.
In this lab, your task is to:
Capture packets on the enp2s0 interface using Wireshark.
Find packets containing the following information using display filters: Social security
numbers (SSN) Birth dates Direct deposit routing numbers Mother's maiden name Favorite
car Favorite movie You can use the tcp contains desired_information filter.
Answer the questions.
Complete this lab as follows:
On IT-Laptop, start unified sniffing on the enp2s0 interface as follows: From the Favorites
bar, select Ettercap. Select Sniff > Unified sniffing. From the Network Interface drop-down
list, select enp2s0. Click OK. Select Mitm > DHCP spoofing. In the Netmask field, enter
255.255.255.0. In the DNS Server IP field, enter 192.168.0.11. Click OK.
On Support, start a capture that filters for bootp packets as follows: From top navigation
tabs, select Floor 1 Overview. Under Support Office, select Support. From the Favorites bar,
open Wireshark. Under Capture, select enp2s0. Select the blue fin to begin a Wireshark
capture. In the Apply a display filter field, type bootp and press Enter.
Request a new IP address as follows: From the Favorites bar, open Terminal. At the prompt,
type ip addr show and press Enter.The IP address for enp2s0 is 192.168.0.45. Type route
and press Enter.The gateway is 192.168.0.5. Type ip link set enp2s0 down and press Enter.
Type ip link set enp2s0 up and press Enter to bring the interface back up. Maximize
Wireshark for easier viewing.In Wireshark, under the Info column, notice that there are two
DHCP ACK packets. One is the real acknowledgment (ACK) packet from the DHCP server,
EDUCATIONAL SUPPORT • ACADEMIC RESOURCES • PROFESSIONAL GUIDANCE
, MINDPLUG SOLUTIONS — EMPOWERING MINDS, BUILDING FUTURES
and the other is the spoofed ACK packet. Select the first DHCP ACK packet received. In the
middle panel, expand Bootstrap Protocol (ACK). Expand Option: (3) Router.Notice the IP
address for the router. Repeat steps 3g-3i for the second ACK packet. In the top right, select
Answer Questions. Answer the questions. Minimize Wireshark.
View the current IP addresses as follows: In Terminal at the prompt, type ip addr show and
press Enter.The IP address is 192.168.0.45. Type route and press Enter.The current gateway
is 192.168.0.46. This is the address of the computer performing the man-in-the-middle
attack.
On Office1, view the current route and IP address as follows: From top navigation tabs,
select Floor 1 Overview. Under Office 1, select Office1. Right-click Start and select
Windows PowerShell (Admin). Type tracert rmksupplies.com and press Enter.Notice that
the first hop is 192.168.0.5. Type ipconfig /all and press Enter to view the IP address
configuration for the computer.The configuration for Office1 is as follows: IP address:
192.168.0.33 Gateway: 192.168.0.5 DHCP server: 192.168.0.14 At the prompt, type
ipconfig /release and press Enter to release the currently assigned addresses. Type ipconfig
/renew and press Enter to request a new IP address from the DHCP server.Notice that the
default gateway has changed to the attacker's computer which has an IP address of
192.168.0.46. Type tracert rmksupplies.com and press Enter.Notice that the first hop is
now 192.168.0.46 (the address of the attacker's computer).
In Google Chrome, log into the rmksupplies.com employee portal as follows: From the
taskbar, open Google Chrome. Maximize the window for easier viewing. In the URL field,
enter rmksupplies.com and press Enter. At the bottom of the page, select Employee Portal.
In the Username field, enter bjackson. In the Password field, enter $uper$ecret1. Select
Login. You are logged in as Blake Jackson.
From IT-Laptop, find the captured username and password in Ettercap as follows: From top
navigation tabs, select Floor 1 Overview. Under IT Administration, select IT-Laptop.
Maximize Ettercap. In Ettercap's bottom pane, find the username and password used to log
in to the employee portal.
In the top right, select Answer Questions to end the lab.
Select Score Lab.
10.2.6 You are the IT security administrator for a small corporate network. You're
experimenting with DHCP spoofing attacks using Ettercap.
In this lab, your task is to complete the following:
EDUCATIONAL SUPPORT • ACADEMIC RESOURCES • PROFESSIONAL GUIDANCE
