Certified Ethical Hacker v10 – Multiple Choice Questions with Answers – Part 9


What is the role of test automation in security testing?

A. It is an option but it tends to be very expensive.
B. It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.
C. Test automation is not usable in security due to the complexity of the tests.
D. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

Correct Answer: D


A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content. Which sort of trojan infects this server?

A. Botnet Trojan
B. Turtle Trojans
C. Banking Trojans
D. Ransomware Trojans

Correct Answer: A


In order to have an anonymous Internet surf, which of the following is best choice?

A. Use SSL sites when entering personal information
B. Use Tor network with multi-node
C. Use shared WiFi
D. Use public VPN

Correct Answer: B


In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities. Example:
allintitle: root passwd

A. Maintaining Access
B. Gaining Access
C. Reconnaissance
D. Scanning and Enumeration

Correct Answer: C


Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

A. A biometric system that bases authentication decisions on behavioral attributes.
B. A biometric system that bases authentication decisions on physical attributes.
C. An authentication system that creates one-time passwords that are encrypted with secret keys.
D. An authentication system that uses passphrases that are converted into virtual passwords.

Correct Answer: C


How can rainbow tables be defeated?

A. Password salting
B. Use of non-dictionary words
C. All uppercase character passwords
D. Lockout accounts under brute force password cracking attempts

Correct Answer: A


The network in ABC company is using the network address with mask In the network the servers are in the addresses, and An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is:


Why he cannot see the servers?

A. He needs to change the address to with the same mask
B. He needs to add the command “”ip address”” just before the IP address.
C. He is scanning from to because of the mask /28 and the servers are not in that range.
D. The network must be down and the nmap command and IP address are ok

Correct Answer: C


In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one knows they sent the spam out to thousands of users at a time. Which of the following best describes what spammers use to hide the origin of these types of e-mails?

A. A blacklist of companies that have their mail server relays configured to allow traffic only to their specific domain name.
B. Mail relaying, which is a technique of bouncing e-mail from internal to external mails servers continuously.
C. A blacklist of companies that have their mail server relays configured to be wide open.
D. Tools that will reconfigure a mail server’s relay component to send the e-mail back to the spammers occasionally.

Correct Answer: B


Emil uses nmap to scan two hosts using this command:

nmap -sS -T4 -O

He receives this output: What is his conclusion?

A. Host is an iPad.
B. He performed a SYN scan and OS scan on hosts and
C. Host is the host that he launched the scan from.
D. Host is down.

Correct Answer: B


Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening ports on the targeted system. If a scanned port is open, what happens?

A. The port will ignore the packets.
B. The port will send an RST.
C. The port will send an ACK.
D. The port will send a SYN.

Correct Answer: A


Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

A. msfencode
B. msfpayload
C. msfcli
D. msfd

Correct Answer: A


Which of the following is a passive wireless packet analyzer that works on Linux-based systems?

A. OpenVAS
B. Burp Suite
C. tshark
D. Kismet

Correct Answer: D


Which service in a PKI will vouch for the identity of an individual or company?


Correct Answer: C


What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?

A. User Access Control (UAC)
B. Data Execution Prevention (DEP)
C. Address Space Layout Randomization (ASLR)
D. Windows firewall

Correct Answer: B


Seth is starting a penetration test from inside the network. He hasn’t been given any information about the network. What type of test is he conducting?

A. Internal, Blackbox
B. External, Blackbox
C. External, Whitebox
D. Internal, Whitebox

Correct Answer: A


What is the code written for?

A. Buffer Overflow
B. Encryption
C. Denial-of-service (DoS)
D. Bruteforce

Correct Answer: A


You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator’s bank account password and login information for the administrator’s bitcoin account. What should you do?

A. Do not report it and continue the penetration test.
B. Transfer money from the administrator’s account to another account.
C. Do not transfer the money but steal the bitcoins.
D. Report immediately to the administrator.

Correct Answer: D


An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

A. Make sure that legitimate network routers are configured to run routing protocols with authentication.
B. Disable all routing protocols and only use static routes
C. Only using OSPFv3 will mitigate this risk.
D. Redirection of the traffic cannot happen unless the admin allows it explicitly.

Correct Answer: A


Which system consists of a publicly available set of databases that contain domain name registration contact information?


Correct Answer: D


A penetration test was done at a company. After the test, a report was written and given to the company’s IT authorities. A section from the report is shown below:

Access List should be written between VLANs.
Port security should be enabled for the intranet.
A security solution which filters data packets should be set between intranet (LAN) and DMZ.
A WAF should be used in front of the web applications.

According to the section from the report, which of the following choice is true?

A. A stateful firewall can be used between intranet (LAN) and DMZ.
B. There is access control policy between VLANs.
C. MAC Spoof attacks cannot be performed.
D. Possibility of SQL Injection attack is eliminated.

Correct Answer: A


In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4?

A. Implementing IPv4 security in a dual-stack network offers protection from IPv6 attacks too.
B. Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation techniques are almost identical.
C. Due to the extensive security measures built in IPv6, application layer vulnerabilities need not be addresses.
D. Vulnerabilities in the application layer are greatly different from IPv4.

Correct Answer: B


It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure. Which of the following regulations best matches the description?

B. ISO/IEC 27002

Correct Answer: C


Jesse receives an email with an attachment labeled “Court_Notice_21206.zip”. Inside the zip file named “Court_Notice_21206.docx.exe” disguised as a word document. Upon execution, a window appears stating, “This word document is corrupt”. In the background, the file copies itself to Jesse APPDATA\local directory and begins to beacon to a C2 server to download additional malicious binaries. What type of malware has Jesse encountered?

A. Worm
B. Macro Virus
C. Key-Logger
D. Trojan

Correct Answer: D

Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.