CEH V10 System Hacking UPDATED
ACTUAL Exam Questions and CORRECT
Answers
Footprinting - CORRECT ANSWER- The process of accumulating data regarding a specific
network environment.
In the this phase, the attacker creates a profile of the target organization, obtaining information
such as its IP address range, namespace, and employees.
This eases the process of system hacking by revealing its vulnerabilities. For example, the
organization's website may provide employee bios or a personnel directory, which the hacker can
use it for social engineering purposes. Conducting a Whois query on the web can provide
information about the associated networks and domain names related to a specific organization.
Scanning - CORRECT ANSWER- The procedure for identifying active hosts, open ports,
and unnecessary services enabled on particular hosts.
Attackers use different types of scanning, such as port scanning, network scanning, and
vulnerability scanning of target networks or systems, which help in identifying possible
vulnerabilities.
Scanning procedures such as port scanning and ping sweep return information about the services
offered by the live hosts that are active on the Internet, and their IP addresses.
Enumeration - CORRECT ANSWER- This is a method of intrusive probing, through which
attackers gather information such as network user lists, routing tables, security flaws, and Simple
Network Management Protocol (SNMP) data.
This is significant, because the attacker ranges over the target territory to glean information about
the network, and shared users, groups, applications, and banners.
,This involves making active connections to the target system or subjecting it to direct queries.
Normally, an alert and secure system will log such attempts.
Often, the information gathered is publicly available anyway, such as a DNS address; however, it
is possible that the attacker might stumble upon a remote IPC share, such as IPC$ in Windows,
that can be probed with a null session, thus allowing shares and accounts to be enumerated
Escalate privileges in the Windows operating system - CORRECT ANSWER- The Windows
operating system uses Windows application compatibility framework called Shim to provide
compatibility between the older and newer versions of Windows. An attacker can use these shims
to perform different attacks such as disabling Windows defender, privilege escalation, installing
backdoors, and so on.
Discretionary Access Control (DAC) - CORRECT ANSWER- This access controls
determine the access controls taken by any possessor of an object in order to decide the access
controls of the subjects on those objects.
The other name for this is a need-to-know access model. It permits the user, who is granted
access to information, to decide how to protect the information and the level of sharing desired.
Access to files is restricted to users and groups based upon their identity and the groups to which
the users belong.
System Hacking Goals - CORRECT ANSWER- Gain Access- Once attackers succeed in
gaining access to the system, they are free to perform malicious activities such as stealing
sensitive data, implementing a sniffer to capture network traffic, and infecting the system with
malware.
-At this stage, attackers use techniques such as password cracking and social engineering tactics
to gain access to the target system.
Escalating Privileges- After gaining access to a system using a low-privileged normal user
account, attackers may then try to increase their administrator privileges to perform protected
system operations, so that they can proceed to the next level of the system hacking phase: to
execute applications. Attackers exploit known system vulnerabilities to escalate user privileges
,Executing apps-Once attackers have administrator privileges, they attempt to install malicious
programs such as Trojans, Backdoors, Rootkits, and Keyloggers, which grant them remote
system access, thereby enabling them to execute malicious codes remotely.
-Installing Rootkits allows them to gain access at the operating system level to perform malicious
activities. To maintain access for use at a later date, they may install Backdoors.
Hiding files- root kits (Lives in Kernal below OS where anitvirus software doesn't scan),
steganography
-Attackers use Rootkits and steganography techniques to attempt to hide the malicious files they
install on the system, and thus their activities.
Covering tracks -To remain undetected, it is important for attackers to erase all evidence of
security compromise from the system. To achieve this, they might modify or delete logs in the
system using certain log-wiping utilities, thus removing all evidence of their presence.
Mandatory Access Control (MAC): - CORRECT ANSWER- This determine the usage and
access policies of the users. Users can access a resource only if that particular user has the access
rights to that resource.
IT finds its application in the data marked as highly confidential.
The network administrators impose this, depending on the operating system and security kernel.
It does not permit the end user to decide who can access the information, and does not permit the
user to pass privileges to other users as the access could then be circumvented.
Role Based Access Control (RBAC): - CORRECT ANSWER- In this access control, the
access permissions are available based on the access policies determined by the system.
The access permissions are out of user control, which means that users cannot amend the access
policies created by the system.
Users can be assigned access to systems, files, and fields on a one-to-one basis whereby access is
granted to the user for a particular file or system.
, It can simplify the assignment of privileges and ensure that individuals have all the privileges
necessary to perform their duties.
Rule-Based Access Control (RuBAC) - CORRECT ANSWER- :In this access control, the
end point devices such as firewalls verifies the request made to access the network resources
against a set of rules. These rules generally include IP addresses, port numbers, etc.
Types of USB Attacks - CORRECT ANSWER- USB Dumper -copies the files and folders
from the flash drive silently when it connected to the pc. It transfer the data from a removable
USB drive to a directory named 'USB' by default, with an option to change it.
USB Grabber -allows users to connect any analogue audio/video source to the system through a
USB port.
USB Sniffer -monitors the activity of USB ports on the system.
USB Snoopy- is a sort of viewer of the USB traffic.
CEH Hacking Methodology (CHM) - CORRECT ANSWER- Gaining Access
Maintaining Access
Clearing tracks
Types of Password Attacks - CORRECT ANSWER- Non-electronic (shoulder surf, social
engineering, dumpster diving)
Active online (dictionary attack(pre-defined passwords), brute force, hash injection, phishing,
trojan, spyware etc)
Passive online (sniffing, man-in-the-middle, replay)
ACTUAL Exam Questions and CORRECT
Answers
Footprinting - CORRECT ANSWER- The process of accumulating data regarding a specific
network environment.
In the this phase, the attacker creates a profile of the target organization, obtaining information
such as its IP address range, namespace, and employees.
This eases the process of system hacking by revealing its vulnerabilities. For example, the
organization's website may provide employee bios or a personnel directory, which the hacker can
use it for social engineering purposes. Conducting a Whois query on the web can provide
information about the associated networks and domain names related to a specific organization.
Scanning - CORRECT ANSWER- The procedure for identifying active hosts, open ports,
and unnecessary services enabled on particular hosts.
Attackers use different types of scanning, such as port scanning, network scanning, and
vulnerability scanning of target networks or systems, which help in identifying possible
vulnerabilities.
Scanning procedures such as port scanning and ping sweep return information about the services
offered by the live hosts that are active on the Internet, and their IP addresses.
Enumeration - CORRECT ANSWER- This is a method of intrusive probing, through which
attackers gather information such as network user lists, routing tables, security flaws, and Simple
Network Management Protocol (SNMP) data.
This is significant, because the attacker ranges over the target territory to glean information about
the network, and shared users, groups, applications, and banners.
,This involves making active connections to the target system or subjecting it to direct queries.
Normally, an alert and secure system will log such attempts.
Often, the information gathered is publicly available anyway, such as a DNS address; however, it
is possible that the attacker might stumble upon a remote IPC share, such as IPC$ in Windows,
that can be probed with a null session, thus allowing shares and accounts to be enumerated
Escalate privileges in the Windows operating system - CORRECT ANSWER- The Windows
operating system uses Windows application compatibility framework called Shim to provide
compatibility between the older and newer versions of Windows. An attacker can use these shims
to perform different attacks such as disabling Windows defender, privilege escalation, installing
backdoors, and so on.
Discretionary Access Control (DAC) - CORRECT ANSWER- This access controls
determine the access controls taken by any possessor of an object in order to decide the access
controls of the subjects on those objects.
The other name for this is a need-to-know access model. It permits the user, who is granted
access to information, to decide how to protect the information and the level of sharing desired.
Access to files is restricted to users and groups based upon their identity and the groups to which
the users belong.
System Hacking Goals - CORRECT ANSWER- Gain Access- Once attackers succeed in
gaining access to the system, they are free to perform malicious activities such as stealing
sensitive data, implementing a sniffer to capture network traffic, and infecting the system with
malware.
-At this stage, attackers use techniques such as password cracking and social engineering tactics
to gain access to the target system.
Escalating Privileges- After gaining access to a system using a low-privileged normal user
account, attackers may then try to increase their administrator privileges to perform protected
system operations, so that they can proceed to the next level of the system hacking phase: to
execute applications. Attackers exploit known system vulnerabilities to escalate user privileges
,Executing apps-Once attackers have administrator privileges, they attempt to install malicious
programs such as Trojans, Backdoors, Rootkits, and Keyloggers, which grant them remote
system access, thereby enabling them to execute malicious codes remotely.
-Installing Rootkits allows them to gain access at the operating system level to perform malicious
activities. To maintain access for use at a later date, they may install Backdoors.
Hiding files- root kits (Lives in Kernal below OS where anitvirus software doesn't scan),
steganography
-Attackers use Rootkits and steganography techniques to attempt to hide the malicious files they
install on the system, and thus their activities.
Covering tracks -To remain undetected, it is important for attackers to erase all evidence of
security compromise from the system. To achieve this, they might modify or delete logs in the
system using certain log-wiping utilities, thus removing all evidence of their presence.
Mandatory Access Control (MAC): - CORRECT ANSWER- This determine the usage and
access policies of the users. Users can access a resource only if that particular user has the access
rights to that resource.
IT finds its application in the data marked as highly confidential.
The network administrators impose this, depending on the operating system and security kernel.
It does not permit the end user to decide who can access the information, and does not permit the
user to pass privileges to other users as the access could then be circumvented.
Role Based Access Control (RBAC): - CORRECT ANSWER- In this access control, the
access permissions are available based on the access policies determined by the system.
The access permissions are out of user control, which means that users cannot amend the access
policies created by the system.
Users can be assigned access to systems, files, and fields on a one-to-one basis whereby access is
granted to the user for a particular file or system.
, It can simplify the assignment of privileges and ensure that individuals have all the privileges
necessary to perform their duties.
Rule-Based Access Control (RuBAC) - CORRECT ANSWER- :In this access control, the
end point devices such as firewalls verifies the request made to access the network resources
against a set of rules. These rules generally include IP addresses, port numbers, etc.
Types of USB Attacks - CORRECT ANSWER- USB Dumper -copies the files and folders
from the flash drive silently when it connected to the pc. It transfer the data from a removable
USB drive to a directory named 'USB' by default, with an option to change it.
USB Grabber -allows users to connect any analogue audio/video source to the system through a
USB port.
USB Sniffer -monitors the activity of USB ports on the system.
USB Snoopy- is a sort of viewer of the USB traffic.
CEH Hacking Methodology (CHM) - CORRECT ANSWER- Gaining Access
Maintaining Access
Clearing tracks
Types of Password Attacks - CORRECT ANSWER- Non-electronic (shoulder surf, social
engineering, dumpster diving)
Active online (dictionary attack(pre-defined passwords), brute force, hash injection, phishing,
trojan, spyware etc)
Passive online (sniffing, man-in-the-middle, replay)
