2
Ethical Hacking Essentials Study Guide (ECCouncil) || || || || || ||
Exam with accurate detailed solutions || || || ||
CyberSol Inc., an MNC, decided to employ cloud services for their development
|| || || || || || || || || || || ||
environment. They consulted a cloud provider and requested development tools, || || || || || || || || || ||
configuration management, and deployment platforms for developing custom applications.
|| || || || || || || ||
Identify the type of cloud service requested by CyberSol Inc. in the above scenario.
|| || || || || || || || || || || || ||
Platform-as-a-Service
Which of the following factors makes a system or network vulnerable to password cracking
|| || || || || || || || || || || || || ||
attacks?
Storing credentials without adding random strings
|| || || || ||
Which of the following Trojans can an attacker use for the auto-deletion of files, folders,
|| || || || || || || || || || || || || || ||
and registry entries as well as local network drives to cause the operating system to fail?
|| || || || || || || || || || || || || || ||
Destructive Trojan ||
Wesley, a fitness freak, purchased a new Apple smartwatch and synced it with a mobile app
|| || || || || || || || || || || || || || || ||
downloaded from an unauthorized third party. At the end of the day, when Wesley
|| || || || || || || || || || || || || ||
attempted to access his fitness report from the app, it generated an unusual report and
|| || || || || || || || || || || || || || ||
asked for some unnecessary permissions to view it.
|| || || || || || ||
Improper platform usage || ||
Which of the following devices does an attacker use to overload traffic to prevent authorized
|| || || || || || || || || || || || || ||
users from accessing a wireless network and block the communication in a certain radius?
|| || || || || || || || || || || || || ||
Jamming device ||
Which of the following guidelines must be followed to protect a mobile device from
|| || || || || || || || || || || || || ||
malicious attackers? ||
Maintain configuration control and management
|| || || ||
Which of the following cloud computing threats arises from authentication vulnerabilities,
|| || || || || || || || || || ||
user-provisioning and de-provisioning vulnerabilities, hypervisor vulnerabilities, unclear || || || || || || ||
roles and responsibilities, and misconfigurations?
|| || || ||
, 2
Privilege escalation ||
Stephen, an attacker, decided to gain access to an organization's server. He identified a user
|| || || || || || || || || || || || || || ||
with access to the remote server. He used sniffing programs to gain the user's credentials
|| || || || || || || || || || || || || || ||
and captured the authentication tokens transmitted by the user. Then, he transmitted the
|| || || || || || || || || || || || ||
captured tokens back to the server to gain unauthorized access.
|| || || || || || || || ||
Replay Attack ||
Below are the various stages of the virus lifecycle:
|| || || || || || || ||
1)Replication 2)Detection 3)Incorporation 4)Design 5)Execution of the damage routine
|| || || || || || || || ||
6)Launch
4-->1-->6-->2-->3-->5
Which of the following tools allows an attacker to crack the passwords of the target system
|| || || || || || || || || || || || || || || ||
and gain unauthorized access?
|| || ||
John the Ripper
|| ||
Which of the following attacks does an attacker inject an additional malicious query into an
|| || || || || || || || || || || || || || ||
original query to make a DBMS execute multiple SQL queries?
|| || || || || || || || ||
Piggyback query ||
Clark, a professional hacker, is attempting to shut down an organization's network. In this
|| || || || || || || || || || || || || ||
process, he used sniffing tools to intercept legitimate messages from valid communication.
|| || || || || || || || || || || ||
He continuously sent the intercepted messages to the target device to perform a denial-of-
|| || || || || || || || || || || || ||
service attack or crash the target device.
|| || || || || ||
Replay Attack ||
Below are the various phases involved in the vulnerability-management lifecycle.
|| || || || || || || || ||
1)Vulnerability scan 2)Verification 3)Identify assets and create a baseline 4)Risk assessment
|| || || || || || || || || || ||
5)Monitor 6)Remediation ||
Identify the correct order of phases involved in the vulnerability-management lifecycle
|| || || || || || || || || ||
3-->1-->4-->6-->2-->5
Which of the following malware components hides the malware presence and protects the
|| || || || || || || || || || || || ||
malware from reverse engineering, thus making it difficult to be detected by security
|| || || || || || || || || || || || ||
solutions?
Crypter
Ethical Hacking Essentials Study Guide (ECCouncil) || || || || || ||
Exam with accurate detailed solutions || || || ||
CyberSol Inc., an MNC, decided to employ cloud services for their development
|| || || || || || || || || || || ||
environment. They consulted a cloud provider and requested development tools, || || || || || || || || || ||
configuration management, and deployment platforms for developing custom applications.
|| || || || || || || ||
Identify the type of cloud service requested by CyberSol Inc. in the above scenario.
|| || || || || || || || || || || || ||
Platform-as-a-Service
Which of the following factors makes a system or network vulnerable to password cracking
|| || || || || || || || || || || || || ||
attacks?
Storing credentials without adding random strings
|| || || || ||
Which of the following Trojans can an attacker use for the auto-deletion of files, folders,
|| || || || || || || || || || || || || || ||
and registry entries as well as local network drives to cause the operating system to fail?
|| || || || || || || || || || || || || || ||
Destructive Trojan ||
Wesley, a fitness freak, purchased a new Apple smartwatch and synced it with a mobile app
|| || || || || || || || || || || || || || || ||
downloaded from an unauthorized third party. At the end of the day, when Wesley
|| || || || || || || || || || || || || ||
attempted to access his fitness report from the app, it generated an unusual report and
|| || || || || || || || || || || || || || ||
asked for some unnecessary permissions to view it.
|| || || || || || ||
Improper platform usage || ||
Which of the following devices does an attacker use to overload traffic to prevent authorized
|| || || || || || || || || || || || || ||
users from accessing a wireless network and block the communication in a certain radius?
|| || || || || || || || || || || || || ||
Jamming device ||
Which of the following guidelines must be followed to protect a mobile device from
|| || || || || || || || || || || || || ||
malicious attackers? ||
Maintain configuration control and management
|| || || ||
Which of the following cloud computing threats arises from authentication vulnerabilities,
|| || || || || || || || || || ||
user-provisioning and de-provisioning vulnerabilities, hypervisor vulnerabilities, unclear || || || || || || ||
roles and responsibilities, and misconfigurations?
|| || || ||
, 2
Privilege escalation ||
Stephen, an attacker, decided to gain access to an organization's server. He identified a user
|| || || || || || || || || || || || || || ||
with access to the remote server. He used sniffing programs to gain the user's credentials
|| || || || || || || || || || || || || || ||
and captured the authentication tokens transmitted by the user. Then, he transmitted the
|| || || || || || || || || || || || ||
captured tokens back to the server to gain unauthorized access.
|| || || || || || || || ||
Replay Attack ||
Below are the various stages of the virus lifecycle:
|| || || || || || || ||
1)Replication 2)Detection 3)Incorporation 4)Design 5)Execution of the damage routine
|| || || || || || || || ||
6)Launch
4-->1-->6-->2-->3-->5
Which of the following tools allows an attacker to crack the passwords of the target system
|| || || || || || || || || || || || || || || ||
and gain unauthorized access?
|| || ||
John the Ripper
|| ||
Which of the following attacks does an attacker inject an additional malicious query into an
|| || || || || || || || || || || || || || ||
original query to make a DBMS execute multiple SQL queries?
|| || || || || || || || ||
Piggyback query ||
Clark, a professional hacker, is attempting to shut down an organization's network. In this
|| || || || || || || || || || || || || ||
process, he used sniffing tools to intercept legitimate messages from valid communication.
|| || || || || || || || || || || ||
He continuously sent the intercepted messages to the target device to perform a denial-of-
|| || || || || || || || || || || || ||
service attack or crash the target device.
|| || || || || ||
Replay Attack ||
Below are the various phases involved in the vulnerability-management lifecycle.
|| || || || || || || || ||
1)Vulnerability scan 2)Verification 3)Identify assets and create a baseline 4)Risk assessment
|| || || || || || || || || || ||
5)Monitor 6)Remediation ||
Identify the correct order of phases involved in the vulnerability-management lifecycle
|| || || || || || || || || ||
3-->1-->4-->6-->2-->5
Which of the following malware components hides the malware presence and protects the
|| || || || || || || || || || || || ||
malware from reverse engineering, thus making it difficult to be detected by security
|| || || || || || || || || || || || ||
solutions?
Crypter
