CEH v13 TEST C

An audacious attacker is targeting a web server you oversee. He intends to perform a Slow HTTP POST attack, by manipulating 'a' HTTP connection. Each connection sends a byte of data every 'b' second, effectively holding up the connections for an extended period. Your server is designed to manage 'm' connections per second, but any connections exceeding this number tend to overwhelm the system. Given 'a=100' and variable 'm', along with the attacker's intention of maximizing the attack duration 'D=a*b', consider the following scenarios. Which is most likely to result in the longest duration of server unavailability?. m=90, b=15: The server can manage 90 connections per second, but the attacker's 100 connections exceed this, and with each connection held up for 15 seconds, the attack duration could be significant. m=105, b=12: The server can manage 105 connections per second, more than the attacker's 100 connections, likely maintaining operation despite a moderate hold-up time. m=110, b=20: Despite the attacker sending 100 connections, the server can handle 110 connections per second, therefore likely staying operative, regardless of the hold-up time per connection. m=95, b=10: Here, the server can handle 95 connections per second, but it falls short against the attacker's 100 connections, albeit the hold-up time per connection is lower.

A large organization has recently performed a vulnerability assessment using Nessus Professional, and the security team is now preparing the final report. They have identified a high-risk vulnerability, named XYZ, which could potentially allow unauthorized access to the network. In preparing the report, which of the following elements would NOT be typically included in the detailed documentation for this specific vulnerability?. Proof of concept (PoC) of the vulnerability, if possible, to demonstrate its potential impact on the system. The total number of high, medium, and low-risk vulnerabilities detected throughout the network. The list of all affected systems within the organization that are susceptible to the identified vulnerability. The CVE ID of the vulnerability and its mapping to the vulnerability's name, XYZ.

Recently, the employees of a company have been receiving emails that seem to be from their colleagues, but with suspicious attachments. When opened, these attachments appear to install malware on their systems. The IT department suspects that this is a targeted malware attack. Which of the following measures would be the most effective in preventing such attacks?. Disabling Autorun functionality on all drives. Avoiding the use of outdated web browsers and email software. Regularly scan systems for any new files and examine them. Applying the latest patches and updating software programs.

A network security analyst, while conducting penetration testing, is aiming to identify a service account password using the Kerberos authentication protocol. They have a valid user authentication ticket (TGT) and decided to carry out a Kerberoasting attack. In the scenario described, which of the following steps should the analyst take next?. Carry out a passive wire sniffing operation using Internet packet sniffers. Perform a PRobability INfinite Chained Elements (PRINCE) attack. Extract plaintext passwords, hashes, PIN codes, and Kerberos tickets using a tool like Mimikatz. Request a service ticket for the service principal name of the target service account.

As a cybersecurity analyst at IoT Defend, you are working with a large utility company that uses Industrial Control Systems (ICS) in its operational technology (OT) environment. The company has recently integrated IoT devices into this environment to enable remote monitoring and control. They want to ensure these devices do not become a weak link in their security posture. To identify potential vulnerabilities in the IoT devices, which of the following actions should you recommend as the first step?. Use stronger encryption algorithms for data transmission between IoT devices. Implement network segmentation to isolate IoT devices from the rest of the network. Conduct a vulnerability assessment specifically for the IoT devices. Install the latest antivirus software on each IoT device.

A penetration tester is performing an enumeration on a client's network. The tester has acquired permission to perform enumeration activities. They have identified a remote inter-process communication (IPC) share and are trying to collect more information about it. The tester decides to use a common enumeration technique to collect the desired data. Which of the following techniques would be most appropriate for this scenario?. Probe the IPC share by attempting to brute force admin credentials. Brute force Active Directory. Extract usernames using email IDs. Conduct a DNS zone transfer.

As a cybersecurity analyst at TechSafe Inc., you are working on a project to improve the security of a smart home system. This IoT-enabled system controls various aspects of the home, from heating and lighting to security cameras and door locks. Your client wants to ensure that even if one device is compromised, the rest of the system remains secure. Which of the following strategies would be most effective for this purpose?. Recommend using a strong password for the smart home system's main control panel. Suggest implementing two-factor authentication for the smart home system's mobile app. Propose frequent system resets to clear any potential malware. Advise using a dedicated network for the smart home system, separate from the home's main Wi-Fi network.

During your summer internship at a tech company, you have been asked to review the security settings of their web server. While inspecting, you notice the server reveals detailed error messages to users, including database query errors and internal server errors. As a cybersecurity beginner, what is your understanding of this setting, and how would you advise the company?. Retain the setting as it aids in troubleshooting user issues. Suppress detailed error messages, as they can expose sensitive information. Implement stronger encryption to secure the error messages. Increase the frequency of automated server backups.

You are the chief security officer at AlphaTech, a tech company that specializes in data storage solutions. Your company is developing a new cloud storage platform where users can store their personal files. To ensure data security, the development team is proposing to use symmetric encryption for data at rest. However, they are unsure of how to securely manage and distribute the symmetric keys to users. Which of the following strategies would you recommend to them?. Use hash functions to distribute the keys. Use HTTPS protocol for secure key transfer. Use digital signatures to encrypt the symmetric keys. Implement the Diffie-Hellman protocol for secure key exchange.

You work as a cloud security specialist at SkyNet Solutions. One of your clients is a healthcare organization that plans to migrate its electronic health record (EHR) system to the cloud. This system contains highly sensitive personal and medical data. As part of your job, you need to ensure the security and privacy of this data while it is being transferred and stored in the cloud. You recommend that data should be encrypted during transit and at rest. However, you also need to ensure that even if a cloud service provider(CSP) has access to encrypted data, they should not be able to decrypt it. Which of the following would be the most suitable strategy to meet this requirement?. Use SSL/TLS for data transfer and allow the CSP to manage encryption keys. Utilize the CSP's built-in data encryption services. Use client-side encryption and manage encryption keys independently of the CSP. Rely on network-level encryption protocols for data transfer.

You are a cybersecurity professional managing cryptographic systems for a global corporation. The company uses a mix of Elliptic Curve Cryptography (ECC) for key exchange and symmetric encryption algorithms for data encryption. The time complexity of ECC key pair generation is O(n^3), where 'n' is the size of the key. An advanced threat actor group has a quantum computer that can potentially break ECC with a time complexity of O((log n)^2). Given that the ECC key size is 'n=512' and varying symmetric encryption algorithms and key sizes, which scenario would provide the best balance of security and performance?. Data encryption with AES-128: Provides moderate security and fast encryption, offering a balance between the two. Data encryption with AES-256: Provides high security with better performance than 3DES, but not as fast as other AES key sizes. Data encryption with 3DES using a 168-bit key: Offers high security but slower performance due to 3DES's inherent inefficiencies. Data encryption with Blowfish using a 448-bit key: Offers high security but potential compatibility issues due to Blowfish's less widespread use.

You are a security analyst for CloudSec, a company providing cloud security solutions. One of your clients, a financial institution, wants to shift its operations to a public cloud while maintaining a high level of security control. They want to ensure that they can monitor all their cloud resources continuously and receive real-time alerts about potential security threats. They also want to enforce their security policies consistently across all cloud workloads. Which of the following solutions would best meet these requirements?. Implement a Virtual Private Network (VPN) for secure data transmission. Deploy a Cloud Access Security Broker (CASB). Use multi-factor authentication for all cloud user accounts. Use client-side encryption for all stored data.

Consider a hypothetical situation where an attacker, known for his proficiency in SQL Injection attacks, is targeting your web server. This adversary meticulously crafts 'q' malicious SQL queries, each inducing a delay of 'd' seconds in the server response. This delay in response is an indicator of a potential attack. If the total delay, represented by the product 'q*d', crosses a defined threshold 'T', an alert is activated in your security system. Furthermore, it is observed that the attacker prefers prime numbers for 'q', and 'd' follows a pattern in the Fibonacci sequence. Now, consider 'd=13' seconds (a Fibonacci number) and various values of 'q' (a prime number) and 'T'. Which among the following scenarios will most likely trigger an alert?. q=17, T=220: Even though the attacker increases 'q', the total delay ('q*d' = 221 seconds) just surpasses the threshold, possibly activating an alert. q=13, T=180: In this case, the total delay caused by the attacker ('q*d' = 169 seconds) breaches the threshold, likely leading to the triggering of a security alert. q=11, T=150: Here, the total delay induced by the attacker ('q*d' = 143 seconds) does not surpass the threshold, so the security system remains dormant. q=19, T=260: Despite the attacker's increased effort, the total delay ('q*d' = 247 seconds) does not exceed the threshold, thus no alert is triggered.

You are an ethical hacker contracted to conduct a security audit for a company. During the audit, you discover that the company's wireless network is using WEP encryption. You understand the vulnerabilities associated with WEP and plan to recommend a more secure encryption method. Which of the following would you recommend as a suitable replacement to enhance the security of the company's wireless network?. Open System authentication. WPA2-PSK with AES encryption. SSID broadcast disabling. MAC address filtering.

You are the lead cybersecurity analyst at a multinational corporation that uses a hybrid encryption system to secure inter-departmental communications. The system uses RSA encryption for key exchange and AES for data encryption, taking advantage of the strengths of both asymmetric and symmetric encryption. Each RSA key pair has a size of 'n' bits, with larger keys providing more security at the cost of slower performance. The time complexity of generating an RSA key pair is O(n^2), and AES encryption has a time complexity of O(n). An attacker has developed a quantum algorithm with time complexity O((log n)^2) to crack RSA encryption. Given 'n=4000' and variable 'AES key size', which scenario is likely to provide the best balance of security and performance?. AES key size=128 bits: This configuration provides less security than option A, but RSA key generation and AES encryption will be faster. AES key size=256 bits: This configuration provides a high level of security, but RSA key generation may be slow. AES key size=192 bits: This configuration is a balance between options A and B, providing moderate security and performance. AES key size=512 bits: This configuration provides the highest level of security but at a significant performance cost due to the large AES key size.

An experienced cyber attacker has created a fake LinkedIn profile, successfully impersonating a high-ranking official from a well-established company, to execute a social engineering attack. The attacker then connected with other employees within the organization, receiving invitations to exclusive corporate events and gaining access to proprietary project details shared within the network. What advanced social engineering technique has the attacker primarily used to exploit the system and what is the most likely immediate threat to the organization?. Whaling and Targeted Attacks. Pretexting and Network Vulnerability. Spear Phishing and Spam. Baiting and Involuntary Data Leakage.

You are a cybersecurity trainee tasked with securing a small home network. The homeowner is concerned about potential "Wi-Fi eavesdropping," where unauthorized individuals could intercept the wireless communications. What would be the most effective first step to mitigate this risk, considering the simplicity and the residential nature of the network?. Disable the network's SSID broadcast. Enable encryption on the wireless network. Enable MAC address filtering. Reduce the signal strength of the wireless router.

A well-resourced attacker intends to launch a highly disruptive DDoS attack against a major online retailer. The attacker aims to exhaust all the network resources while keeping their identity concealed. Their method should be resistant to simple defensive measures such as IP-based blocking. Based on these objectives, which of the following attack strategies would be most effective?. The attacker should instigate a protocol-based SYN flood attack, consuming connection state tables on the retailer's servers. The attacker should leverage a botnet to launch a Pulse Wave attack, sending high-volume traffic pulses at regular intervals. The attacker should initiate a volumetric flood attack using a single compromised machine to overwhelm the retailer's network bandwidth. The attacker should execute a simple ICMP flood attack from a single IP, exploiting the retailer's ICMP processing.

A large organization is investigating a possible identity theft case where an attacker has created a new identity by combining multiple pieces of information from different victims to open a new bank account. The attacker also managed to receive government benefits using a fraudulent identity. Given the circumstances, which type of identity theft is the organization dealing with?. Identity Cloning and Concealment. Child Identity Theft. Social Identity Theft. Synthetic Identity Theft.

A company recently experienced a debilitating social engineering attack that led to substantial identity theft. An inquiry found that the employee inadvertently provided critical information during an innocuous phone conversation. Considering the specific guidelines issued by the company to thwart social engineering attacks, which countermeasure would have been the most successful in averting the incident?. Conduct comprehensive training sessions for employees on various social engineering methodologies and the risks associated with revealing confidential data. Implement a well-documented change management process for modifications related to hardware or software. Adopt a robust software policy that restricts the installation of unauthorized applications. Reinforce physical security measures to limit access to sensitive zones within the company premises, thereby warding off unauthorized intruders.

An ethical hacker has been tasked with assessing the security of a major corporation's network. She suspects the network uses default SNMP community strings. To exploit this, she plans to extract valuable network information using SNMP enumeration. Which tool could best help her to get the information without directly modifying any parameters within the SNMP agent’s management information base (MIB)?. SnmpWalk, with a command to change an OID to a different value. snmp-check (snmp_enum Module) to gather a wide array of information about the target. Nmap, with a script to retrieve all running SNMP processes and associated ports. OpUtils, are mainly designed for device management and not SNMP enumeration.

During a recent vulnerability assessment of a major corporation's IT systems, the security team identified several potential risks. They want to use a vulnerability scoring system to quantify and prioritize these vulnerabilities. They decide to use the Common Vulnerability Scoring System (CVSS). Given the characteristics of the identified vulnerabilities, which of the following statements is the most accurate regarding the metric types used by CVSS to measure these vulnerabilities?. Temporal metric represents the inherent qualities of a vulnerability. Base metric represents the inherent qualities of a vulnerability. Temporal metric involves measuring vulnerabilities based on a specific environment or implementation. Environmental metric involves the features that change during the lifetime of the vulnerability.

In an advanced digital security scenario, a multinational enterprise is being targeted with a complex series of assaults aimed to disrupt operations, manipulate data integrity, and cause serious financial damage. As the Lead Cybersecurity Analyst with CEH and CISSP certifications, your responsibility is to correctly identify the specific type of attack based on the following indicators: The attacks are exploiting a vulnerability in the target system's hardware, inducing misprediction of future instructions in a program's control flow. The attackers are strategically inducing the victim process to speculatively execute instructions sequences that would not have been executed in the absence of the misprediction, leading to subtle side effects. These side effects, which are observable from the shared state, are then utilized to infer the values of in-flight data. What type of attack best describes this scenario?. Rowhammer Attack. Watering Hole Attack. Side-Channel Attack. Privilege Escalation Attack.

In your cybersecurity class, you are learning about common security risks associated with web servers. One topic that comes up is the risk posed by using default server settings. Why is using default settings on a web server considered a security risk, and what would be the best initial step to mitigate this risk?. Default settings allow unlimited login attempts; setup account lockout. Default settings reveal server software type; change these settings. Default settings cause server malfunctions; simplify the settings. Default settings enable auto-updates; disable and manually patch.

As a junior security analyst for a small business, you are tasked with setting up the company's first wireless network. The company wants to ensure the network is secure from potential attacks. Given that the company's workforce is relatively small and the need for simplicity in managing network security, which of the following measures would you consider a priority to protect the network?. Hide the network SSID. Enable WPA2 or WPA3 encryption on the wireless router. Implement a MAC address whitelist. Establish a regular schedule for changing the network password.

During a reconnaissance mission, an ethical hacker uses Maltego, a popular footprinting tool, to collect information about a target organization. The information includes the target's Internet infrastructure details (domains, DNS names, Netblocks, IP address information). The hacker decides to use social engineering techniques to gain further information. Which of the following would be the least likely method of social engineering to yield beneficial information based on the data collected?. Dumpster diving in the target company's trash bins for valuable printouts. Impersonating an ISP technical support agent to trick the target into providing further network details. Shoulder surfing to observe sensitive credentials input on the target’s computers. Eavesdropping on internal corporate conversations to understand key topics.

An organization has been experiencing intrusion attempts despite deploying an Intrusion Detection System (IDS) and Firewalls. As a Certified Ethical Hacker, you are asked to reinforce the intrusion detection process and recommend a better rule-based approach. The IDS uses Snort rules and the new recommended tool should be able to complement it. You suggest using YARA rules with an additional tool for rule generation. Which of the following tools would be the best choice for this purpose and why?. yarGen - Because it generates YARA rules from strings identified in malware files while removing strings that also appear in goodware files. Koodous - Because it combines social networking with antivirus signatures and YARA rules to detect malware. YaraRET - Because it helps in reverse engineering Trojans to generate YARA rules. AutoYara - Because it automates the generation of YARA rules from a set of malicious and benign files.

During an ethical hacking engagement, you have been assigned to evaluate the security of a large organization's network. While examining the network traffic, you notice numerous incoming requests on various ports from different locations that show a pattern of an orchestrated attack. Based on your analysis, you deduce that the requests are likely to be automated scripts being run by unskilled hackers. What type of hacker classification does this scenario most likely represent?. Script Kiddies trying to compromise the system using pre-made scripts. Gray Hats testing system vulnerabilities to help vendors improve security. White Hats conducting penetration testing to identify security weaknesses. Black Hats trying to exploit system vulnerabilities for malicious intent.

Your company suspects a potential security breach and has hired you as a Certified Ethical Hacker to investigate. You discover evidence of footprinting through search engines and advanced Google hacking techniques. The attacker utilized Google search operators to extract sensitive information. You further notice queries that indicate the use of the Google Hacking Database (CHDB) with an emphasis on VPN footprinting. Which of the following Google advanced search operators would be the LEAST useful in providing the attacker with sensitive VPN-related information?. location: This operator finds information for a specific location. inurl: This operator restricts the results to only the pages containing the specified word in the URL. link: This operator searches websites or pages that contain links to the specified website or page. intitle: This operator restricts results to only the pages containing the specified term in the title.

In a recent cyber-attack against a large corporation, an unknown adversary compromised the network and began escalating privileges and lateral movement. The security team identified that the adversary used a sophisticated set of techniques, specifically targeting zero-day vulnerabilities. As a Certified Ethical Hacker (CEH) hired to understand this attack and propose preventive measures, which of the following actions will be most crucial for your initial analysis?. Identifying the specific tools used by the adversary for privilege escalation. Analyzing the initial exploitation methods, the adversary used. Checking the persistence mechanisms used by the adversary in compromised systems. Investigating the data exfiltration methods used by the adversary.

As the lead security engineer for a retail corporation, you are assessing the security of the wireless networks in the company's stores. One of your main concerns is the potential for "Wardriving" attacks, where attackers drive around with a Wi-Fi-enabled device to discover vulnerable wireless networks. Given the nature of the retail stores, you need to ensure that any security measures you implement do not interfere with customer experience, such as their ability to access in-store Wi-Fi. Taking into consideration these factors, which of the following would be the most suitable measure to mitigate the risk of Wardriving attacks?. Limit the range of the store's wireless signals. Implement MAC address filtering. Disable SSID broadcasting. Implement WPA3 encryption for the store's Wi-Fi network.

A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?. ICMP Timestamp Ping Scan. ICMP ECHO Ping Scan. TCP SYN Ping Scan. UDP Ping Scan.

As part of a college project, you have set up a web server for hosting your team’s application. Given your interest in cybersecurity, you have taken the lead in securing the server. You are aware that hackers often attempt to exploit server misconfigurations. Which of the following actions would best protect your web server from potential misconfiguration-based attacks?. Regularly backing up server data. Enabling multi-factor authentication for users. Implementing a firewall to filter traffic. Performing regular server configuration audits.

In this form of encryption algorithm, every individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm?. IDEA. Triple Data Encryption Standard. AES. MD5 encryption algorithm.