Advertisement

Ethical Hacking Essentials (EHE) | Final Assessment Writeup Walkthrough

0xKayala December 02, 2023

1. Which of the following countermeasures helps security professionals protect a network against DoS/DDoS attacks?

  • Implement cognitive radios in the physical layer
  • Never perform input validation
  • Allow all inbound packets originating from the service ports
  • Use functions such as gets and strcpy

2. Identify the node component of Kubernetes that ensures all pods and containers are healthy and running as expected.

  • Container runtime
  • Kubelet
  • Kube-apiserver
  • Kube-proxy

3. In which of the following levels of the Purdue model can the physical process be analyzed and altered?

  • Level 0
  • Level 3
  • Level 1
  • Level 2

4. Which of the following types of insiders uses their technical skills to identify vulnerabilities present in the target company’s network and sell the confidential data to competitors?

  • Compromised insider
  • Professional insider
  • Malicious insider
  • Negligent insider

5. Identify the list of computer-based social engineering techniques used by an attacker to trick a victim into disclosing personal information?

  • Phishing and scareware
  • Shoulder surfing and tailgating
  • Eavesdropping and vishing
  • Dumpster diving and piggybacking

6. In which of the following phases of the cyber kill chain methodology does an adversary communicate with remote compromised systems through an encrypted session?

  • Command and control server
  • Proxy server
  • Data staging
  • HTTP User-Agent

7. Which of the following Trojans uses port number 26 to perform malicious activities on the target network?

  • Shiver
  • Mspy
  • BadPatch
  • FireHotcker

8. Which of the following types of password attacks does not lead to any changes in the system and includes techniques such as wire sniffing, man-in-the-middle attacks, and replay attacks?

  • Active online attacks
  • Passive online attacks
  • Offline attacks
  • Non-electronic attacks

9. Which of the following types of cloud services provides data processing services, such as IoT services for connected devices, mobile and web applications, and batch-and-stream processing?

  • Security-as-a-service (SECaaS)
  • Platform-as-a-service (PaaS)
  • Identity-as-a-service (IDaaS)
  • Function-as-a-service (FaaS)

10. Which of the following countermeasures helps security professionals protect a network from session hijacking attacks?

  • Ensure that data in transit are encrypted
  • Pass authentication cookies over HTTP connections
  • Never use IPsec to encrypt session information
  • Use short random numbers as session keys

11. Bob recently joined an organization and one Sunday, he connected to the corporate network by providing his authentication credentials to access a file online from his residence. Which of the following elements of information security was demonstrated?

  • Integrity
  • Availability
  • Authenticity
  • Non-repudiation

12. Which of the following phases of the cyber kill chain methodology involves the collection of information about the target system or organization from the Internet before initiating an attack?

  • Actions on objective
  • Reconnaissance
  • Delivery
  • Installation

13. Which of the following browser-based attacks involves emails or pop-ups that redirect users to fake web pages that mimic trustworthy sites, demanding the users to submit personal information?

  • Framing
  • Clickjacking
  • Man-in-the-mobile
  • Phishing

14. James, a professional attacker, targeted Bob’s computer restricted Bob’s access to his computer and demanded payment to remove restrictions and provide access. Identify the type of attack performed by James in the above scenario.

  • XSS attack
  • Ransomware attack
  • Replay attack
  • Phishing attack

15. Which of the following attack vectors involves the use of a huge network of compromised systems by attackers to perform denial-of-service attacks on the target network or systems?

  • Keylogger
  • Virus
  • Botnet
  • APT

16. Which of the following layers of the IoT architecture is responsible for bridging the gap between two endpoints and performing functions such as message routing, message identification, and subscribing?

  • Access gateway layer
  • Edge technology layer
  • Middleware layer
  • Internet layer

17. Which of the following malware masks itself as a benign application or software that initially appears to perform a desirable or benign function but steals information from a system?

  • Virus
  • Backdoor
  • Payload
  • Trojan

18. In which of the following attacks does an attacker exploit the vulnerability in a bare-metal cloud server and use it to implant a malicious backdoor in its firmware?

  • Cloud cryptojacking
  • Cloud hopper attack
  • Cloudborne attack
  • Man-in-the-cloud

19. Which of the following techniques allows attackers to attain privileged control within Android’s subsystem, resulting in the exposure of sensitive data?

  • Carrier-loaded software
  • OS data caching
  • Simjacker
  • Rooting

20. Which of the following Wi-Fi security protocols uses GCMP-256 for encryption and HMAC-SHA-384 for authentication?

  • CCMP
  • PEAP
  • WEP
  • WPA3

21. Which of the following activities is implemented to check whether an organization is following a set of standard policies and procedures in protecting its network?

  • Ethical hacking
  • Penetration testing
  • Vulnerability assessment
  • Security audit

22. Identify the component of a web service that aims to maintain the integrity and confidentiality of SOAP messages and authenticate users.

  • WS-Security
  • WSDL
  • RESTful
  • UDDI

23. Which of the following techniques does an attacker use to mimic legitimate institutions, such as banks, to steal passwords, credit card information, bank account data, and other sensitive information?

  • Black hat search engine optimization (SEO)
  • Malvertising
  • Spear-phishing sites
  • Obfuscation

24. What is the length of the initialization vector (IV) used in the Wi-Fi Protected Access (WPA) encryption protocol to secure wireless communication?

  • 48 bits
  • 64 bits
  • 24 bits
  • 54 bits

25. Which of the following guidelines helps a penetration tester minimize risks and avoid DoS conditions while performing penetration testing?

  • Use direct testing
  • Directly exploit vulnerabilities
  • Perform uninterruptible testing
  • Use reserved addresses

Support me: If you like to support me, buy me a cup of Coffee

Follow me: Medium | LinkedIn | Twitter

Tags
0xKayala

Posted by 0xKayala

Post a Comment

0 Comments