Logo
  • Home
  • All Courses
    • Amazon - AWS
    • Cisco
    • CompTIA
    • EC Council
    • Microsoft
    • Oracle
    • Salesforce
    • Snowflake
  • Testimonials
  • Blogs
  • Login
  • Register
  • Cart

Certified Ethical Hacker Exam (CEH v12) Free Questions - Part 16

Question No : 226) Tony wants to integrate a 128-bit symmetric block cipher with key sizes of 128,192, or 256 bits into a software program, which involves 32 rounds of computational operations that  include substitution and permutation operations on four 32-bit word blocks using 8-variable S-boxes with 4-bit entry and 4-bit exit. Which of the following algorithms includes all the  above features and can be integrated by Tony into the software program?
A. TEA
B. CAST-128
C. RC5
D. serpent

Question No : 227) Bob, an attacker, has managed to access a target loT device. He employed an online tool to gather information related to the model of the loT device and the certifications granted to it. Which of the following tools did Bob employ to gather the above Information?
A. search.com 
B. EarthExplorer 
C. Google image search 
D. FCC ID search 

Question No : 228) While using your bank’s online servicing you notice the following string in the URL bar: “http: // www. MyPersonalBank. com/account id=368940911028389&Damount=10980&Camount=21” You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflects the changes. Which type of vulnerability is present on this site?

A. Cookie Tampering
B. SQL Injection
C. Web Parameter Tampering
D. XSS Reflection

Question No : 229) What is the least important information when you analyze a public IP address in a security alert?
A. DNS
B. Whois
C. Geolocation
D. ARP

Question No : 230) Harry. a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing? 

A. Preparation
B. Cleanup
C. Persistence
D. initial intrusion

Question No : 231) Which utility will tell you in real time which ports are listening or in another state?
A. Netstat
B. TCPView
C. Nmap
D. Loki

Question No : 232) You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through. invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING! What seems to be wrong?
A. The nmap syntax is wrong. 
B. This is a common behavior for a corrupted nmap application. 
C. The outgoing TCP/IP fingerprinting is blocked by the host firewall. 
D. OS Scan requires root privileges. 

Question No : 233) Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning. What should Bob recommend to deal with such a threat?
A. The use of security agents in clients’ computers 
B. The use of DNSSEC 
C. The use of double-factor authentication 
D. Client awareness 

Question No : 234) #!/usr/bin/python import socket buffer=[““A””] counter=50 while len(buffer)<=100:
buffer.append (““A””*counter)
counter=counter+50 commands= [““HELP””,““STATS .””,““RTIME .””,““LTIME. ””,““SRUN
.”’,““TRUN .””,““GMON
.””,““GDOG .””,““KSTET .”,““GTER .””,““HTER .””, ““LTER .”,““KSTAN .””] for command in
commands: for
buffstring in buffer: print ““Exploiting”” +command +““:””+str(len(buffstring))
s=socket.socket(socket.AF_INET,
socket.SOCK_STREAM) s.connect((‘127.0.0.1’, 9999)) s.recv(50)
s.send(command+buffstring) s.close()
What is the code written for?
A. Denial-of-service (DOS) 
B. Buffer Overflow 
C. Bruteforce 
D. Encryption 

Question No : 235) The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520. What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?
A. Public 

B. Private 

C. Shared

D. Root 

Question No : 236) What is the minimum number of network connections in a multihomed firewall?
A. 3
B. 5
C. 4
D. 2

Question No : 237) A company’s Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application. What kind of Web application vulnerability likely exists in their software?
A. Cross-site scripting vulnerability 
B. SQL injection vulnerability 
C. Web site defacement vulnerability 
D. Gross-site Request Forgery vulnerability

Question No : 238) You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem?
A. Traffic is Blocked on UDP Port 53
B. Traffic is Blocked on TCP Port 80
C. Traffic is Blocked on TCP Port 54
D. Traffic is Blocked on UDP Port 80

Question No : 239) Ben purchased a new smartphone and received some updates on it through the OTA method. He received two messages: one with a PIN from the network operator and another asking him to enter the PIN received from the operator. As soon as he entered the PIN, the smartphone started functioning in an abnormal manner. What is the type of attack performed on Ben in the above scenario?
A. Advanced SMS phishing 
B. Bypass SSL pinning 
C. Phishing 
D. Tap 'n ghost attack 

Question No : 240) “........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hot-spot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which
involves setting up a fraudulent web site and luring people there.” Fill in the blank with appropriate choice.
A. Evil Twin Attack 

B. Sinkhole Attack 

C. Collision Attack

D. Signal Jamming Attack 

 

312-50v12 Answers

 

Part 1

Part 2

Part 3

Part 4

Part 5

Part 6

Part 7

Part 8

Part 9

Part 10

Part 11

Part 12

Part 13

Part 14

Part 15

Part 16

Part 17

Part 18

Part 19

Part 20

Part 21

Part 22

Part 23

Part 24

Part 25

Part 26

Part 27

Part 28

Part 29

Part 30

Part 31

Part 32

Part 33

Part 34

Part 35

Logo

Our goal is to help students clear their exam by providing them genuine questions which helps students to achieve their goal. Many students have cleared their exam by going through our courses. Are you ready to clear yours?


Site Secured

mcaafe-secure

Last Scanned: 08-05-2025

Links

  • FAQ
  • Money Back Guarantee
  • About Us
  • Privacy Policy
  • Terms & Conditions
  • Contact Us
  • Testimonials

Disclaimer

  • SAP, Microsoft, Google, Amazon, Qualtrics, and all other brands are Registered Trademarks of their respective companies.
  • Theexamquestions.com is no way affiliated With any brand hosted on this website.
  • Theexamquestions.com offers only probable exam questions and answers.
  • Theexamquestions.com offer learning materials and practice tests created by subject matter technology experts to assist and help learners prepare for those exams. Theexamquestions.com do not offer dumps or questions from the actual exam.
  • Theexamquestions.com does not own or claim any ownership on any of the brands.
  • All Certification Brands used on the website are owned by the respective brand owners.

All course contents, trademarks, service marks, trade names, product names and logos appearing on the site are the property of their respective owners. The website Theexamquestions.com is in no way affiliated with any of the certification providers. Copyright © 2025 www.theexamquestions.com. All rights reserved.