Visit Official SkillCertPro Website :-
For a full set of 950+ questions. Go to
https://skillcertpro.com/product/ceh-v11-certified-ethical-hacker-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 1:
Consider the following snippet from a log file collected on the host with the IP address of 10.10.3.6.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Time: Jun 12, 2020 09:24:12 Port:20 Source: 10.10.3.2 Destination:10.10.3.6 Protocol:TCP
Time: Jun 12, 2020 09:24:14 Port:21 Source: 10.10.3.2 Destination:10.10.3.6 Protocol:TCP
Time: Jun 12, 2020 09:24:16 Port:22 Source: 10.10.3.2 Destination:10.10.3.6 Protocol:TCP
Time: Jun 12, 2020 09:24:18 Port:23 Source: 10.10.3.2 Destination:10.10.3.6 Protocol:TCP
Time: Jun 12, 2020 09:24:20 Port:25 Source: 10.10.3.2 Destination:10.10.3.6 Protocol:TCP
Time: Jun 12, 2020 09:24:22 Port:80 Source: 10.10.3.2 Destination:10.10.3.6 Protocol:TCP
Time: Jun 12, 2020 09:24:24 Port:135 Source: 10.10.3.2 Destination:10.10.3.6 Protocol:TCP
Time: Jun 12, 2020 09:24:26 Port:443 Source: 10.10.3.2 Destination:10.10.3.6 Protocol:TCP
Time: Jun 12, 2020 09:24:26 Port:445 Source: 10.10.3.2 Destination:10.10.3.6 Protocol:TCP
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
What type of activity occurred based on the output above?
A. Denial of service attack targeting 10.10.3.6
B. Fragmentation attack targeting 10.10.3.6
C. Port scan targeting 10.10.3.2
D. Port scan targeting 10.10.3.6
Answer: D
Explanation:
OBJ-2.2: Port Scanning is the name for the technique used to identify open ports and services available on a network host. Based on the logs, you can see a sequential scan of some commonly used ports (20, 21, 22, 23, 25, 80, 135, 443, 445) with a two-second pause between each attempt. The scan source is 10.10.3.2, and the destination of the scan is 10.10.3.6, making “Port scan targeting 10.10.3.6” the correct choice. IP fragmentation attacks are a common form of denial of service attack, in which the perpetrator overbears a network by exploiting datagram fragmentation mechanisms. A denial-of-service (DoS) attack occurs when legitimate users cannot access information systems, devices, or other network resources due to a malicious cyber threat actor's actions.
Question 2:
You are assisting a member of your organization's security team during an incident response. The team member asks you to determine if any strange TCP connections are occurring on a given workstation. You open the command prompt on the workstation. Which of the following tools would provide you with information on any TCP connections currently on the workstation?
A. tracert
B. arp
C. netstat
D. route
Answer: C
Explanation:
OBJ-2.3: Netstat (network statistics) is a command-line network utility tool that displays network connections for the Transmission Control Protocol (incoming and outgoing), routing tables, and several network interface and network protocol statistics. It is useful when determining if a workstation is attempting outbound connections due to malware (beaconing activity) or has ports open and listening for inbound connections.
Question 3:
You suspect that your server has been the victim of a web-based attack. Which of the following ports would most likely be seen in the logs to indicate the attack's target?
A. 21
B. 3389
C. 389
D. 443
Answer: D
Explanation:
OBJ-2.2: Web-based attacks would likely appear on port 80 (HTTP) or port 443 (HTTPS). An attack against Active Directory is likely to be observed on port 389 LDAP. An attack on an FTP server is likely to be observed on port 21 (FTP). An attack using the remote desktop protocol would be observed on port 3389 (RDP).
Question 4:
A network technician needs to monitor the network to find a user who is browsing websites against the company policy. What should the technician use to view the website and find the user browsing it?
A. Top listener tool
B. Intrusion detection system
C. Packet sniffer
D. SNMP GET
Answer: C
Explanation:
OBJ-4.1: Packet Sniffers can capture and analyze network user traffic. This information can be queried to view website addresses, contents, and sometimes even the password information. This differs from an intrusion detection system in that IDS’ wait to receive implicitly-malicious data in a network before logging the event.
Question 5:
A cybersecurity analyst is reviewing the logs of a proxy server and saw the following URL, http://test.diontraining.com/../../../../etc/shadow. What type of attack has likely occurred?
A. XML injection
B. Buffer overflow
C. SQL injection
D. Directory traversal
Answer: D
Explanation:
OBJ-5.2: This is an example of a directory traversal. A directory traversal attack aims to access files and directories that are stored outside the webroot folder. By manipulating variables or URLs that reference files with “dot-dot-slash (../)” sequences and its variations or using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code or configuration and critical system files. A buffer overflow is an exploit that attempts to write data to a buffer and exceed that buffer's boundary to overwrite an adjacent memory location. XML Injection is an attack technique used to manipulate or compromise an XML application or service's logic. SQL injection is the placement of malicious code in SQL statements via web page input.
For a full set of 950+ questions. Go to
https://skillcertpro.com/product/ceh-v11-certified-ethical-hacker-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 6:
A cybersecurity analyst working at a major university is reviewing the SQL server log of completed transactions and notices the following entry:
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
"select ID, GRADE from GRADES where ID=1235235; UPDATE GRADES set GRADE='A' where ID=1235235;"
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Based on this transaction log, which of the following most likely occurred?
A. The application and the SQL database are functioning properly
B. The SQL server has insufficient logging and monitoring
C. Someone used an SQL injection to assign straight A's to the student with ID #1235235
D. A student with ID #1235235 used an SQL injection to give themselves straight A's
Answer: C
Explanation:
OBJ-5.3: Based on this transaction log entry, it appears that the ID# field was not properly validated before being passed to the SQL server. This would allow someone to conduct an SQL injection and retrieve the student's grades and set all of this student's grades to an 'A' at the same time. It is common to look for a '1==1' type condition to identify an SQL injection. There are other methods to conduct an SQL injection attack that could be utilized by an attacker. If input validation is not being performed on user-entered data, an attacker can exploit any SQL language aspect and inject SQL-specific commands. This entry is suspicious and indicates that either the application or the SQL database is not functioning properly. Still, there appears to be adequate logging and monitoring based on what we can see and whether the question never indicates logging was an issue. An SQL database would not be designed to set ALL of a particular student's grades to A's, thus making this single entry suspicious. Most SQL statements in an SQL log will be fairly uniform and repetitive by nature when you review them. This leaves us with the question as to who person this SQL injection. Per the question choices, it could be the student with ID# 1235235 or "someone." While it seems as if student #1235235 had the most to gain from this, without further investigation, we cannot prove that it actually was student #1235235 that performed the SQL injection. Undoubtedly, student #125235 should be a person of interest in any ensuing investigations, but additional information (i.e., whose credentials were being used, etc.) should be used before making any accusations. Therefore, the answer is that "someone" performed this SQL injection.
Question 7:
Which of the following cryptographic algorithms is classified as symmetric?
A. RSA
B. AES
C. Diffie-Hellman
D. ECC
Answer: B
Explanation:
OBJ-9.1: The Advanced Encryption Standard (AES) is a symmetric-key algorithm for encrypting digital data. It was established as an electronic data encryption standard by NIST in 2001. AES can use a 128-bit, 192-bit, or 256-bit key, and uses a 128-bit block size.
Question 8:
What technique is most effective in determining whether or not increasing end-user security training would benefit the organization during your technical assessment of their network?
A. Network sniffing
B. Vulnerability scanning
C. Application security testing
D. Social engineering
Answer: D
Explanation:
OBJ-4.2: Social engineering refers to the psychological manipulation of people into performing actions or divulging confidential information. During your technical assessment, utilizing social engineering techniques such as phishing or pharming can help you determine if additional end-user security training should be included in the organization. The other three options focus solely on technical controls. Therefore adding end-user training would not affect these technology options.
Question 9:
The Pass Certs Fast Corporation has recently been embarrassed by several high profile data breaches. The CIO proposes improving the company's cybersecurity posture by migrating images of all the current servers and infrastructure into a cloud-based environment. What, if any, is the flaw in moving forward with this approach?
A. This is a reasonable approach that will increase the security of the servers and infrastructure
B. The company has already paid for the physical servers and will not fully realize their ROI on them due to the migration
C. This approach only changes the location of the network and not the attack surface of it
D. This approach assumes that the cloud will provide better security than is currently done on-site
Answer: C
Explanation:
OBJ-8.1: A poorly implemented security model at a physical location will still be a poorly implemented security model in a virtual location. Unless the fundamental causes of the security issues that caused the previous data breaches have been understood, mitigated, and remediated, then migrating the current images into the cloud will change where the processing occurs without improving the network's security. While the statement concerning unrealized ROI may be accurate, it simply demonstrates the sunk cost argument's fallacy. These servers were already purchased, and the money was spent. Regardless of whether we maintain the physical servers or migrate to the cloud, that money is gone. Those servers could also be repurposed, reused, or possibly resold to recoup some of the capital invested. While the company's physical security will potentially improve in some regards, the physical security of the endpoints on-premises is still a concern that cannot be solved by this cloud migration. Additionally, the scenario never stated that physical security was an issue that required being addressed, so it is more likely that the data breach occurred due to a data exfiltration over the network. As a cybersecurity analyst, you must consider the business case and the technical accuracy of a proposed approach or plan to add the most value to your organization.
Question 10:
Which of the following would trigger the penetration test to stop and contact the system owners during an engagement?
A. A production server is successfully exploited
B. A production server is unresponsive to ping requests
C. Discovery of a production server with its log files deleted
D. Discovery of encrytped credit card data being stored in their database
Answer: C
Explanation:
OBJ-1.1: The penetration testing team should have a direct communication path with the system owners or their trusted agents during an engagement. Suppose the team discovers any security breaches, current hacking activity, extremely critical findings on a production server, or a production server becomes unresponsive during exploitation. In that case, the team should stop what they are doing and contract their trusted point of contact within the organization to get further guidance. Deleted log files should be considered an indicator of compromise and should be investigated by the company's security team before you continue with your engagement.
For a full set of 950+ questions. Go to
· https://skillcertpro.com/product/ceh-v11-certified-ethical-hacker-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates.
SkillCertPro assures 100% pass guarantee in first attempt.