CEHv11

APT

Harry, a professional hacker, targeted the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing?

Leave a Comment / CEHv11 / By

Harry, a professional hacker, targeted the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing? Option 1 : Preparation Option 2 : Cleanup Option 3 : …

Harry, a professional hacker, targeted the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing? Read More »

user

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the password?

Leave a Comment / CEHv11 / By

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the password? Option 1 : .bashrc Option 2 : .bash_history Option 3 : .profile Option 4 : .XSession-log 1. .bashrc The .bashrc file may be a script file that’s executed …

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the password? Read More »

targeted

Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications . He installed a fake communication tower between two authentic endpoints to mislead the victim. The Bobby used the virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session. Upon receiving the user’s request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario?

Leave a Comment / CEHv11 / By

Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications . He installed a fake communication tower between two authentic endpoints to mislead the victim. The Bobby used the virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session. Upon receiving the user’s request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. …

Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications . He installed a fake communication tower between two authentic endpoints to mislead the victim. The Bobby used the virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session. Upon receiving the user’s request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario? Read More »

public-facing system

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?

Leave a Comment / CEHv11 / By

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas? Option 1 : Gray hat Option 2 : White hat Option 3 …

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas? Read More »

web server

What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages?

Leave a Comment / CEHv11 / By

What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages? Option 1 : idq.dll Option 2 : administration.config Option 3 : httpd.conf Option 4 : php.ini 1. idq.dll idq.dll may be a library employed by ISAPI for indexing. idq.dll may be a system process that’s needed for your PC to figure properly. It shouldn’t be removed. The idq.dll is an executable …

What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages? Read More »

penetration tester

You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID “Brakeme-Internal.” You realize that this network uses WPA3 encryption. Which of the following vulnerabilities is the promising to exploit?

Leave a Comment / CEHv11 / By

You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID “Brakeme-Internal.” You realize that this network uses WPA3 encryption. Which of the following vulnerabilities is the promising to exploit? Option 1 : AP misconfiguration Option 2 : Key reinstallation attack Option 3 : Dragonblood Option 4 : Cross-site request forgery 1. AP misconfiguration The Misconfigured APs are …

You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID “Brakeme-Internal.” You realize that this network uses WPA3 encryption. Which of the following vulnerabilities is the promising to exploit? Read More »

wireless network

Jane invites her friends Alice and John over for a LAN party. Alice and John access Jane’s wireless network without a password . However, Jane has a long, complex password on her router. What attack has likely occurred?

Leave a Comment / CEHv11 / By

Jane invites her friends Alice and John over for a LAN party. Alice and John access Jane’s wireless network without a password . However, Jane has a long, complex password on her router. What attack has likely occurred? Option 1 : Wireless sniffing Option 2 : Wardriving Option 3 : Piggybacking Option 4 : Evil twin 1. Wireless sniffing A wireless sniffer may be a sort of packet analyzer. A packet analyzer (also referred to …

Jane invites her friends Alice and John over for a LAN party. Alice and John access Jane’s wireless network without a password . However, Jane has a long, complex password on her router. What attack has likely occurred? Read More »

MSP

Alice, a professional hacker, targeted an organization’s cloud services. She infiltrated the target’s MSP provider by sending spear-phising emails and distributed custom-made malware to compromise user account and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP accounr, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attack on the target organization. Which of the following cloud attacks did Alice perform in the above scenario?

Leave a Comment / CEHv11 / By

Alice, a professional hacker, targeted an organization’s cloud services. She infiltrated the target’s MSP provider by sending spear-phising emails and distributed custom-made malware to compromise user account and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attack on the target organization. Which of the following cloud attacks …

Alice, a professional hacker, targeted an organization’s cloud services. She infiltrated the target’s MSP provider by sending spear-phising emails and distributed custom-made malware to compromise user account and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP accounr, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attack on the target organization. Which of the following cloud attacks did Alice perform in the above scenario? Read More »

ports

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewall. On which of the following ports should Robin run the NSTX tool?

Leave a Comment / CEHv11 / By

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewall. On which of the following ports should Robin run the NSTX tool? Option 1 : Port 53 Option 2 : Port 80 Option 3 : Port 50 Option 4 : Port 23 1. Port 53 DNS uses Ports 53 which is almost always …

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewall. On which of the following ports should Robin run the NSTX tool? Read More »

installed

Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his Smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisement on his Smartphone after installing the app. What is the attack performed on Don in the above scenario?

Leave a Comment / CEHv11 / By

Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his Smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisement on his Smartphone after installing the app. What is the attack performed on Don in the above scenario? Option 1 : Clickjacking Option 2 : SMS phishing attack Option 3 : Agent Smith attack Option 4 : SIM …

Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his Smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisement on his Smartphone after installing the app. What is the attack performed on Don in the above scenario? Read More »