In this chapter, I have provided some questions to help you further prepare for the Certified Ethical Hacker (CEH) exam. These questions will help you prepare and test your knowledge of the necessary skills to be an effective information technology (IT) security professional and ethical hacker.
Exam questions
Please choose the best answer to the following questions. Some questions may have more than one possible answer, as indicated in the question:
When is it appropriate to test another person's system?
If you've been given permission or have been invited to do so
If you believe the system has been hacked
When you've discovered a vulnerability in the system
If you believe the system is valuable
If you were using the Shodan web service, which device would you use?
Web servers
IoT
Mobile
Cloud storage servers
Which type of scanning is a packet with all flags set?
SYN scan
TCP connect
Full open scan
XMAS scan
Which of the following best describes enumeration?
User and machine name identification
Identifying the network's active systems
Password cracking
Router and firewall identification
To find a vulnerability, an attacker sends probes and forged requests to a target. Which kind of scan is being performed?
Active
Passive
Flooding
MiTM
Which hashing mechanism is disabled on newer versions of Windows?
NTLM
Kerberos
NTLMv2
LM
All of the following can be used in social engineering except __________.
Mobile phones
Viruses
Instant messaging
Trojan horses
Which of the following propagates without human interaction?
Trojan
Worm
MITM
Virus
A switch port is connected to a target system (with a media access control (MAC) address of 12:34:56:AB:CD:EF). An attacker (with a MAC address of 78:91:00:ED:BC:A1) is connected to a different port on the same switch and is capturing packets. There are no port spanning or port security measures in effect. The target machine sends out two packets. The destination MAC address for message 1 is E1:22:BA:87:AC:12. Message 2's target MAC address is FF:FF:FF:FF:FF:FF. Which of the following claims about the communications being sent is correct?
The attacker will see neither message.
The attacker will see message 1.
The attacker will see message 2.
The attacker will see both messages.
Which of the following statements is correct? (Select all options that apply)
WPA2 encrypts with TKIP and the AES.
WEP employs RC4-based shared key encryption.
WEP employs TKIP's shared key encryption.
WPA2 employs RC4-based shared key encryption.
Which kind of access does rooting an Android device give you?
Domain-level access
Admin/root access with privileges
Root access at the lowest level
Root access at the highest level
Which kind of attack can be used to hijack an existing session?
Session hijacking
Cookie snooping
Session sniffing
Cookie hijacking
An attacker determines that a company's facility controls such as temperature monitors are somewhat insecure and manages to break into the system, enabling them to attack the local network remotely. Which of the following attacks would this be regarded as?
Exploiting the HVAC
BlueBorne attack
DDoS attack
Rolling code attack
Which of the following can be used to secure cloud-based data?
SSL
Harvesting
Drive encryption
Transport encryption
_________ is another name for symmetric cryptography.
Steganography
Hashing
Shared key cryptography
Public key cryptography
Regarding digital certificates, which of the following manages them?
Hub
CA
Key
Public key
What is the purpose of Simple Object Access Protocol (SOAP)?
Transports data
Makes it possible for applications to communicate with one another
Encrypts information
Wraps data
Which of the following technologies is the most widely used short-range communication in IoT devices?
RFID
LiFi
Zigbee
QR code
What is a method for storing session data?
Directory
Cookie
File
Snoop
Which of the following is the most accurate description of a web application?
Code that's intended to be run on a client
Targets web services
Code that's intended to be run on a server
SQL code for databases
What is the purpose of rooting a device?
Updates are removed from a system
Removes a user's access
Allows a user on a system to have root access
Increases the device's security
SSID broadcasting has been disabled, MAC filtering has been activated, and wireless encryption has been implemented by Alan. He spots someone using an HP laptop, although the company only buys Dell computers. Alan decides that there are no rogue access points after reviewing access logs and site survey data, and all wireless connection attempts appear to be valid. With an HP laptop, how did the user gain access to the network?
It doesn't matter whose laptop you use if the OUI is the same.
Encryption has been brute-forced by the employee.
An attack by an evil twin is underway.
A legitimate MAC address has been faked by the employee.
You make the decision to intercept communications between two hosts. You start by broadcasting messages to Host A, indicating that your MAC address belongs to Host B. You send messages to Host B at the same time, indicating that your MAC address belongs to Host A. What exactly is going on here?
ARP poisoning, which allows you to see all messages from both sides without interfering with their communications
ARP poisoning, which allows you to view messages from Host A destined for any address
ARP poisoning, which allows you to see messages from Host A to Host B and vice versa
Failed ARP poisoning, which prevents you from seeing any traffic
ARP poisoning, which allows you to see messages from Host B destined for any address
Which of the following is a legal and common mode of communication?
Session hijacking
Covert channel
Overt channel
Backdoor channel
The goal of social engineering is to __________.
Infect a system
Manipulate human behavior
Get a physical advantage
Create distrustful people
Phishing can be mitigated using __________.
Anti-malware
A spam filter
Education
Anti-virus
What benefit does NTLM provide versus what LM offers?
SSL
Performance
Mutual authentication
Security
When using a brute-force attack, how is it performed?
By trying all possible characters and combinations
By comparing hashes
By trying dictionary lists
By capturing hashes and trying those against a rainbow table
Which metric on a CVSS score covers elements that change over the course of a vulnerability's lifetime?
Follow the white rabbit
Base
Temporal
Environmental
To find hosts and vulnerabilities, which assessment type would you use?
Automated
Passive
Active
Distributed
Which of the following is a command-line tool used to look up a username from an SID?
UsertoSID
PsGetSid
GetAcct
Userenum
Which tool can be used to perform a DNS zone transfer on Windows?
NSlookup
Whois
DNSlookup
Ipconfig
Why would you be concerned about a system with ports 135 to 139 being open?
The system is vulnerable to null sessions since SMB is enabled.
Windows RPC is turned on, and the machine is vulnerable to remote Windows DCOM sessions.
For unauthenticated connections, a secure FTP service is enabled.
SMB is disabled, making the system vulnerable to null sessions.
Which tool is used to conduct passive reconnaissance?
Host scanning
A ping sweep
WHOIS
Traceroute
You stumble across a vulnerability on a network beyond the scope of the engagement while testing. What should you do?
Notify your company right away.
Determine the extent to which you can penetrate the network.
Analyze IDS logs to identify misconfigurations.
Return to your task and add the vulnerability to your discovery work.
Which kind of hacker's work is for the general good?
White hat
Black hat
Grey hat
Red hat
What is the correct command to run a 5-minute nmap SYN scan?
nmap -sS -sneaky
nmap -ss -t5000
nmap -sS -paranoid
nmap -sS -fast
What is an SNMP enumeration countermeasure?
Ports 135 and 139 shut down at the firewall.
Ports 80 and 443 shut down at the firewall.
Remove the SNMP agent from the device.
SNMP read-only security on the agent device is enabled.
SNMP is a protocol for controlling network infrastructure devices. What is the role of the read/write SNMP community?
Changing configuration information
Managing the SNMP management station
Viewing configuration information
Checking for problems on devices
Which assessment method is described as evaluating both client and server applications at the same time?
Distributed
Active
Automated
Passive
Which of the following would be considered an offline attack?
Cracking
Rainbow attack
PtH
Birthday attack
When targeting an individual, which influencing technique can be used?
Training
Means of dress or appearance
Physical controls
Technological controls
Which of the following steps in recovering from a malware infection is not recommended?
Make a backup of your hard drive.
Reinstall from the original installation media.
Disconnect the computer from the network.
Remove any system restore points that have been created.
In IPv6, which of the following is a loopback address?
fe80::/10
::1
fc00::/7
fec0::/10
To obtain access to the network, an attacker is attempting to crack the WEP code. They type aireplay-ng -0 0 -a after enabling monitor mode on wlan0 and create a monitoring interface (mon 0) by typing -c mon0 0A:00:2B:15:22:AC 0A:00:2B:15:22:AC 0A:00:2B:15:22:AC. What is the attacker's goal?
To examine the answer to deauthentication packets that contain the WEP code, to obtain the WEP access code
To determine the access point's BSSID
To generate a lot of network traffic with deauthentication packets
To determine the network's disguised SSID
What can a business do to protect itself against data loss if a phone is stolen? (Select all options that apply)
Use passwords.
Deploy patching.
Perform a remote wipe.
Use encryption.
A client-side scripting language is __________.
ASP.NET
PHP
JavaScript
ASP
A server-side scripting language is defined as which of the following?
PHP
JavaScript
HTML
SQL
Which of the following is used to access content that is not located in a website's root directory?
Port scanning
Brute force
Directory traversal
SQL injection
Which of the following is a radio with advanced hardware and software that is used for IoT security testing?
Fluke
Alfa AWUS036NH
Raspberry Pi
HackRF One
To set up a view list on their television, a homeowner uses an app on their phone. In this case, which IoT communication model is in use?
Device-to-cloud
Device-to-gateway
Backend data sharing
Device-to-device
Which attack modifies data as it travels through the cloud?
MITM
Packet sniffing
Port scanning
Encryption
What can changing a packet's checksum be used for?
Sending URG
Sending RST
Evading NIDS
Resetting a connection
Which of the following is another name for asymmetric encryption?
Public key
Shared key
Block
Hash
Which of the following is the most accurate description of hashing?
Non-reversible
An algorithm
A cryptosystem
A cipher
Which kind of algorithm produces a message digest?
Steganography
Symmetric
Asymmetric
Hashing
What is the main goal of the DMCA?
To provide guidance for security control systems
To secure credit card processing transmission
To prevent technology protections from being circumvented
To develop a framework for purpose limitations
Which Act improves the accuracy and dependability of company disclosures, thereby protecting the public and investors?
DPA
DMCA
GDPR
SOX
Which form of social engineering attack can be classified as dumpster diving?
Physical-based
Paper-based
Computer-based
Human-based
Why is it not a good idea to scan using ICMP queries?
Firewalls may prevent a response.
The ICMP protocol is unreliable.
The port may or may not be available at any given time.
ICMP may not be running on the system.
TCP provides all but which of the following functions?
In-order delivery
Error detection
Delivery acknowledgments
Connectionless delivery
FTP uses which port number?
23
21
25
80
Which kind of assessment is described as determining the likelihood of network attacks?
Credentialed
Network-based
Automated
Host-based
An attacker uses what to return to a target system?
Spyware
Cracker
Backdoor
Service
Which file contains usernames and passwords in a domain environment?
ntds.dit
SAM
Passwd
Shadow
Abby receives an email claiming that her bank account has been compromised and that she needs to click a link and change her password for security purposes. Which type of attack is she being targeted with?
Spam
Phishing
Vishing
Whaling
To prevent potential social engineering attacks, which of the following options would help the most?
Training
Technology
Physical controls
Policies
Which virus kind is only executed when a specific condition is met?
Multipartite
Metamorphic
Cavity
Sparse infector
Bill's credit card statement shows some questionable charges. Which kind of attack has Bill been subjected to?
Phishing
Social engineering
Bad luck
Identity theft
A security camera captures a non-company employee trailing closely behind an employee as they approach the premises. Which kind of attack is going on?
Walking
Phishing
Tailgating
Gate running
Which of the following malware components is a piece of software that prevents malware from being reverse engineered or analyzed, making it difficult for security systems to detect?
Dropper
Payload
Obfuscator
Crypter
Which of the following could be a good way to protect yourself from ARP spoofing? (Select all options that apply)
Set all NICs to promiscuous mode.
Use ARPWALL.
Use private VLANs.
Use static ARP entries.
You have a Windows laptop and want to start sniffing. You download and install Wireshark, but soon realize that your NIC must be set to promiscuous mode. What gives you the ability to set your NIC to promiscuous mode?
Installing lmpcap
Installing libPcap
Installing winPcap
Installing npcap
Which of the following claims about TKIP is correct? (Select all options that apply)
WEP includes TKIP.
Every 10,000 packets, TKIP mandates a key change.
WPA includes TKIP.
TKIP prevents keys from changing during a session.
Which of the following statements about wireless network architecture is correct?
A BSSID is a service area supplied by a single access point.
An ESS is a service area supplied by a single AP.
An ESS is a service area offered by many APs functioning within the same network.
An ESSID is a service area supplied by numerous APs acting within the same network.
Which method would you use to install software that isn't available on Google Play?
Install sources that are not signed.
Install from an unidentified source.
Install from a service that isn't signed.
Install from unidentified sources.
Which technology can prevent session hijacking?
UDP
IPsec
IDS
TCP
Which of the following can prevent bad data from being entered into a form and being presented to an application?
Directory traversing
Input validation
Request filtering
Input scanning
A web server can be identified using __________.
A banner grab
Session hijacking
Header analysis
Traversal
The notion of DiD in the world of IT security refers to layering multiple controls on top of each other. Why would this be useful in defending against a session hijacking system?
To improve logging capacity
To satisfy auditors
To give a superior defense
To create interdependence between layers
Vehicles appear to be in numerous places at once in this VANET attack, generating traffic congestion and severely limiting data usage. Which of the following statements most accurately describes this attack?
Rolling code
Sybil
BlueBorne
Side-channel
Cloud technologies are used to accomplish which of the following?
Increase management options
Transfer legal responsibility of data to a third party
Offload operations onto a third party
Cut costs
Which kind of cloud service would host email and provide related security services?
SaaS
PaaS
SSaS
IaaS
Who is legally liable for data stored on the cloud?
The CSP
The client
The IT department of the client
The consumer
Why would someone not develop their own private cloud?
To maintain universal access
To offload technical support
To increase availability
To reduce costs
Which of the following services would be offered as a SaaS?
Firewalls
Email
Applications
AD
Which kind of algorithm produces a message digest?
Steganography
Symmetric
Asymmetric
Hashing
The owner of a public key keeps it in a _________ on their local computer.
Private key
Hash
PKI system
Smart card
Because of __________, symmetric key systems face key distribution issues.
The type of data
The number of keys
Generation of key pairs
The amount of data
Which of the following is the most accurate description of PGP?
A symmetric algorithm
A way of encrypting data in a reversible method
A type of key
A key escrow system
Which kind of cloud service might be used to create an application?
BaaS
PaaS
SaaS
IaaS
Which of the following would be a compelling incentive to migrate to a cloud-based environment?
Reduced costs
Improved performance
Easier forensics
Increased redundancy
To set permissions on content on a website, which of the following is used?
HIDS
ACE
ALS
ACL
On a web server or application, what could be utilized to monitor application problems and violations?
NIDS
HIDS
HIPS
Logs
Which of the following is a cookie security attribute?
Encrypt
Secure
HttpOnly
Domain
What does a POODLE assault aim for?
TLS
SSL
AES
VPN
What is the purpose of remote wipes?
To reset a device to its factory settings
To wipe a device's data completely
To remove sensitive information from a remote system, such as contacts
To place cookies and gadgets on your computer
You're looking at the physical configuration of a target's wireless network. On the site survey, you observe omnidirectional antenna access ports in the building's corners. Which of the following statements about this setup is correct? (Select all options that apply)
The deployment of dipole antennas could increase the site's security.
Sniffing from outside the building could make the place vulnerable.
The usage of directional antennas may help to increase the site's security.
Sniffing from outside the building does not pose a threat to the site.
You're attempting to deliver a payload to an internal target, but it's protected by an IDS. You're concerned about completing your assignment without arousing the attention of the IDS monitoring crew. Which of the following methods could be used? (Select two)
Session splicing
Overwhelming the network with bogus attacks
Session hijacking
Ensuring that traffic between you and the host is encrypted
Which malware evolves with each infection?
Cavity
Metamorphic
Polymorphic
Stealth
What benefits does a vulnerability scan aim to deliver to people who run it?
A process to expose vulnerabilities
An opportunity to find open ports
A means to diagram a network
A proxy attack
A proxy is used to __________ in social engineering.
Assist in scanning
Perform a scan
Keep an attacker's origin concealed
Automate the detection of vulnerabilities
Email campaigns known as _________ can be carried out using social engineering.
Splashing
Spamming
Phishing
Vishing
If you were trying to locate where the SAM database was stored, where would you locate it?
C:ProgramDataSAM
C:WindowsSystem32Config
C:WindowsSAM
./root/shadow
What is the term for hiding secret information within (or even on top of) a non-secret document or another medium to prevent detection?
Symbolic links
Rootkit
Steganography
Hidden attributes
If you use precomputed hashes to make an attack, what is the attack called?
Rainbow tables
PtH
NetBIOS
ADS
Which vulnerability assessment solution is said to be installed in the resources of the organization?
Product-based
Inference-based
Service-based
Tree-based
Which vulnerability assessment method is provided by third parties?
Service-based
Internal-based
Tree-based
External-based
Which kind of tool for assessment is used to focus on web servers and databases?
Host-based
Application layer-based
Scope-based
Depth-based
For SNMP to function, which ports does it use?
389 and 160
160 and 161
161 and 162
160 and 162
Which function is performed by SMTP?
File transfers
Monitoring network equipment
Sending email messages
Status information transmission
To view NetBIOS information, which command should you use?
nbtstat
netstat
nmap
telnet
A network's clocks are synchronized using __________.
FTP
NetBIOS
SAM
NTP
When using the nmap -sP command, what does it mean?
The most popular ports are scanned.
A port redirect attack is being simulated.
A ping sweep is being used to scan.
Private IP addresses are scanned.
If a target responds with an RST flag to a half-open scan, then...
A Linux system is the target.
A Windows system is the target.
An open port is the target.
A closed port is the target.
Which law mandates the use of a common national number by all providers, plans, and employees?
The FISMA
The HIPAA
DPA
GDPR
Which hacking step or phase follows reconnaissance?
Maintaining access
Gaining access
Clearing tracks
Scanning
Which kind of hacker is regarded as one who hacks without fear of legal repercussions?
Suicide hacker
Black hat
Gray hat
Script kiddie
Which form of attack was the 2021 SolarWinds attack, in which attackers were able to infect software that was then sold to customers?
Insider
Close-in
Passive
Active
Distributed
Which answer best describes how Traceroute works?
It determines the location of said router using a protocol that is refused by the gateway.
It determines the number of hops from the sender to the router using the TTL value in an ICMP message.
It sends a specially constructed IP packet to a router to find out how many hops there are between the sender and the destination network.
It learns the name of a router and OS by sending an ICMP destination unreachable message.
Which are the four regional internet registries?
APNIC, MOSTNIC, ARIN, RIPE NCC
APNIC, LACNIC, ARIN, RIPE NCC
APNIC, PICNIC, NANIC, ARIN
APNIC, PICNIC, NANIC, RIPE NCC
It would be what kind of tool if an assessment tool is focused on OSs and apps?
Application layer-based
Host-based
Depth-based
Scope-based
Which type of scanner is used when the location and data from a scan are stored on a single system?
Cluster-based
Agent-based
Network-based
Proxy-based
Within your infrastructure, you install a new switch. What should be your initial step in securing this system?
Uplink port disabled
Broadcast storm protection enabled
Default password changed
Serial port disabled
You create a password based on an Avengers character. It has been discovered that your account has been hacked. Which kind of attack did you most likely face?
Rule-based
Brute-force
Syllable
Dictionary
The tendency of humans to behave in set patterns is known as __________.
Habits
Repetition
Piggybacking
Primacy
Using _________ when speaking with a victim can make an attack simpler.
Keywords
Eye contact
Threats
Jargon
Which tactic might an attacker employ to sway a victim?
Tailgating
Acting as tech support
Piggybacking
Name-dropping
The following Wireshark filter is used: tcp.srcport == 80 &&ipc.src == 192.168.1.1
Which of the following statements about the capture filter is correct?
All traffic from 192.168.1.1 intended for port 80 will be displayed in the results.
All HTTP traffic to 192.168.1.1 will be displayed in the results.
All HTTP traffic from 192.168.1.1 will be displayed in the results.
Because of the incorrect syntax, no results will be displayed.
Lois tries to make a phone call on her cell phone, but it is unresponsive. She switches it off and on again after a few minutes of effort. The phone disconnects and becomes unresponsive again during her next call. Which Bluetooth attack is currently active?
Bluejacking
Bluesniffing
Bluesmacking
Bluesnarfing
Which of the following can be used to thwart a malware-delivered MITB attack?
Rooting a device
Anti-spyware
Anti-virus
Using Firefox
Which command would you use to get banner data from a website on port 80?
nc 192.168.10.27 –p –l 80
nc 192.168.10.27 80
nc 192.168.19.27 443
nc 192.168.10.27 –p 80
How does a brute-force attack work?
Uses hashes as a comparison
Attempts all possible character combinations
Attempts words from the dictionary
Captures hashes
What is the Telnet command for retrieving header information from a web server?
telnet < website name > –port:443
telnet < website name > 80
telnet < website name > 443
telnet < website name > –port:80
What kind of information about a web application could be viewed using the Wayback Machine?
Where you can find job posts
Websites
Websites that have been archived
Websites' backup copies
What may be useful in preventing unauthorized personnel from viewing content on a web server?
Redirection
Encryption
Permissions
Firewalls
_________ is a popular attack against web servers and web applications.
Input validation
Banner grab
Buffer overflow
Buffer validations
In a cloud-based firewall, which port is normally open for HTTPS?
110
25
80
443
Which system is employed as a traffic bottleneck and may be offered as IaaS?
Bastion host
IDS
SNMP host
DMZ
At which layer of the OSI model do you think a cloud-based solution would work?
Layer 1
Layer 2
Layer 3
Layer 4
Which kind of firewall analyzes traffic and would be included in an IaaS solution?
Circuit-level
Packet filtering
Stateful inspection
NIDS
What may be used in place of a URL to get around some of the firewalls that protect cloud-based online applications?
Encryption
Stateful inspection
NIDS
IP address
In which phase of the Cyber Kill Chain methodology do attackers construct a path through which they can connect and send data back and forth?
Command and control (C&C)
Delivery
Weaponization
Actions on objectives
Which OS does SSL rely on?
AES
PKI
Data Encryption Standard (DES)
Triple DES (3DES)
Encryption and other procedures in IPsec take place at which layer of the OSI model?
Level 1
Level 2
Level 3
Level 4
What does the AH protocol perform in IPsec?
Encryption
Data security
Authentication services
Header security
When should SSL be used to secure data?
On a flash drive
On a hard drive
On Bluetooth
During transmission
IPsec employs which of the following?
PKI
SSL
AES
DES
Answer key
This answer key has been provided to help you confirm the answers to the test questions:
A – If you've been given permission or have been invited to do so
B – IoT
D – XMAS scan
A – User and machine name identification
A – Active
D – LM
B – Viruses
B – Worm
C – The attacker will see message 2
A; D – WPA2 encrypts with TKIP and AES; WEP employs RC4-based shared key encryption
B – Admin/root access with privileges
A – Session hijacking
A – Exploiting the HVAC
C – Drive encryption
C – Shared key cryptography
B – CA
B – Makes it possible for applications to communicate with one another
B – Li-Fi
B – Cookie
C – Code that's intended to be run on a server
C – Allows a user on a system to have root access
D – A legitimate MAC address has been faked by the employee
C – ARP poisoning to allow you to see messages from Host A to Host B and vice versa
C – Overt channel
B – Manipulate human behavior
B – A spam filter
D – Security
A – By trying all possible characters and combinations
C – Temporal
C – Active
B – PsGetSid
A – NSlookup
A – The system is vulnerable to null sessions since SMB is enabled
C – WHOIS
A – Notify your company right away
A – White hat
C – nmap -sS -paranoid
C – Remove the SNMP agent from the device
A – Changing the configuration information
A – Distributed
B – Rainbow attack
B – Means of dress or appearance
A – Make a backup of your hard drive
B – ::1
C – To generate a lot of network traffic with deauthentication packets
A; C; D – Use passwords; Perform a remote wipe; Use encryption
C – JavaScript
A – PHP
C – Directory traversal
D – HackRF One
B – Device-to-gateway
A – MITM
C – Evading an NIDS
A – Public key
A – Non-reversible
D – Hashing
C – Prevent technology protections from being circumvented
D – SOX
D – Human-based
B – The ICMP protocol is unreliable
D – Connectionless delivery
B – 21
B – Network-based
C – Backdoor
A – ntds.dit
B – Phishing
A – Training
D – Sparse infector
D – Identity theft
C – Tailgating
A – Dropper
B; C; D – Use ARPWALL; Use Private VLANs; Use static ARP entries
C – Installing winPcap
A – WEP includes TKIP
B; D – An ESS is a service area supplied by a single AP; An ESSID is a service area supplied by numerous APs acting within the same network
B – Install from an unidentified source
B – IPsec
B – Input validation
A – A banner grab
C – To give a superior defense
B – Sybil
A; C; D – Increase management options; Offload operations onto a third party; Cut costs
A – SaaS
B – The client
D – To reduce costs
B – Email
D – Hashing
C – PKI system
B – The number of keys
B – A way of encrypting data in a reversible method
B – PaaS
A; B; D – Reduced costs; Improved performance; Increased redundancy
D – ACL
D – Logs
B; C; D – Secure; HttpOnly; Domain
B – SSL
B – Wipe a device's data completely
A – The deployment of dipole antennas could increase the site's security
A; D – Session splicing; Ensuring that traffic between you and the host is encrypted
B – Metamorphic
A – A process to expose vulnerabilities
C – Keep an attacker's origin concealed
C – Phishing
B – C:WindowsSystem32Config
C – Steganography
A – Rainbow tables
A – Product-based
A – Service-based
B – Application layer-based
C – 161 and 162
C – Sending email messages
A – nbtstat
D – NTP
C – A ping sweep is being used to scan
D – A closed port is the target
B – HIPAA
D – Scanning
A – Suicide hacker
E – Distributed
B – It determines the number of hops from the sender to the router using the TTL value in an ICMP message
B – APNIC, LACNIC, ARIN, RIPE NCC
D – Scope-based
B – Agent-based
C – Default password changed
D – Dictionary
A – Habits
A – Keywords
D – Name-dropping
C – All HTTP traffic from 192.168.1.1 will be displayed in the results
C; D – Bluesmacking; Bluesnarfing
C – Anti-virus
B – nc 192.168.10.27 80
B – Attempts all possible character combinations
B – telnet < website name > 80
C – Websites that have been archived
B – Encryption
C – Buffer overflow
D – 443
A – Bastion host
C; D – Layer 3; Layer 4
C – Stateful inspection
D – IP address
A – C&C
B – PKI
C – Level 3
C – Authentication services
D – During transmission
A – PKI
I hope you feel more prepared for the CEH exam having now worked through all these questions. Review ones you may have missed and use them as a launching point to further study and understand the concepts being taught.