Certified Ethical Hacker Exam (CEH v12) Free Questions - Part 10
Question No : 136) Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob's boss is very worried because of regulations that protect those data. Which of the following regulations is mostly violated?
A. HIPPA/PHl
B. Pll
C. PCIDSS
D. ISO 2002
Question No : 137) What is the following command used for? net use \targetipc$ "" /u:""
A. Grabbing the etc/passwd file
B. Grabbing the SAM
C. Connecting to a Linux computer through Samba.
D. This command is used to connect as a null session E. Enumeration of Cisco routers
Question No : 138) Within the context of Computer Security, which of the following statements describes Social Engineering best?
A. Social Engineering is the act of publicly disclosing information
B. Social Engineering is the means put in place by human resource to perform time accounting
C. Social Engineering is the act of getting needed information from a person rather than breaking into a system
D. Social Engineering is a training program within sociology studies
Question No : 139) What is the minimum number of network connections in a multi homed firewall?
A. 3
B. 5
C. 4
D. 2
Question No : 140) Tess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain. What do you think Tess King is trying to accomplish? Select the best answer.
A. A zone harvesting
B. A zone transfer
C. A zone update
D. A zone estimate
Question No : 141) A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer’s software and hardware without the owner’s permission. Their intention can either be to simply gain knowledge or to illegally make changes. Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?
A. White Hat
B. Suicide Hacker
C. Gray Hat
D. Black Hat
Question No : 142) When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP script engine. What Nmap script will help you with this task?
A. http-methods
B. http enum
C. http-headers
D. http-git
Question No : 143) What is the role of test automation in security testing?
A. It is an option but it tends to be very expensive.
B. It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.
C. Test automation is not usable in security due to the complexity of the tests.
D. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.
Question No : 144) You start performing a penetration test against a specific website and have decided to start from grabbing all the links from the main page. What Is the best Linux pipe to achieve your milestone?
A. dirb https://site.com | grep "site"
B. curl -s https://sile.com | grep ‘’< a href-\’http" | grep "Site-com- | cut -d "V" -f 2
C. wget https://stte.com | grep "< a href=\*http" | grep "site.com"
D. wgethttps://site.com | cut-d"http-
Question No : 145) What tool can crack Windows SMB passwords simply by listening to network traffic?
A. This is not possible
B. Netbus
C. NTFSDOS
D. L0phtcrack
Question No : 146) Which of the following is a low-tech way of gaining unauthorized access to systems?
A. Social Engineering
B. Eavesdropping
C. Scanning
D. Sniffing
Question No : 147) Which of the following tactics uses malicious code to redirect users' web traffic?
A. Spimming
B. Pharming
C. Phishing
D. Spear-phishing
Question No : 148) Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session, upon receiving the users request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario?
A. Wardriving
B. KRACK attack
C. jamming signal attack
D. aLTEr attack
Question No : 149) Steven connected his iPhone to a public computer that had been infected by Clark, an attacker. After establishing the connection with the public computer, Steven enabled iTunes WI-FI sync on the computer so that the device could continue communication with that computer even after being physically disconnected. Now, Clark gains access to Steven’s iPhone through the infected computer and is able to monitor and read all of Steven’s activity on the iPhone, even after the device is out of the communication zone. Which of the following attacks is performed by Clark in above scenario?
A. IOS trustjacking
B. lOS Jailbreaking
C. Exploiting SS7 vulnerability
D. Man-in-the-disk attack
Question No : 150) What is not a PCI compliance recommendation?
A. Use a firewall between the public network and the payment card data.
B. Use encryption to protect all transmission of card holder data over any public network.
C. Rotate employees handling credit card transactions on a yearly basis to different departments.
D. Limit access to card holder data to as few individuals as possible.
312-50v12 Answers