{"id":81959,"date":"2022-04-26T03:38:33","date_gmt":"2022-04-26T09:08:33","guid":{"rendered":"https:\/\/www.whizlabs.com\/blog\/?p=81959"},"modified":"2023-06-18T22:15:24","modified_gmt":"2023-06-19T03:45:24","slug":"certified-ethical-hacker-certification","status":"publish","type":"post","link":"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/","title":{"rendered":"25 Free Questions on Certified Ethical Hacker (CEH) Certification"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Did you come here looking for free <a href=\"https:\/\/www.whizlabs.com\/ceh-certification-training-course\/\">Certified Ethical Hacker Certification<\/a> questions and answers? You have come to the right place. <\/span><span style=\"font-weight: 400;\">Certified Ethical Hackers and professionals make use of techniques, methodologies, and commercial-grade hacking tools to legally hack an organization\u2019s network. Find these free Ethical Hacker certification practice questions below and test your skills.<\/span><\/p>\n<p>Let&#8217;s start learning!<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ea7e02;color:#ea7e02\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ea7e02;color:#ea7e02\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Pre-requisites_for_Certified_Ethical_Hacker_Certification\" >Pre-requisites for Certified Ethical Hacker Certification<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Job_titles_for_Certified_Ethical_Hacker_Certification\" >Job titles for Certified Ethical Hacker Certification<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Assessment_Process\" >Domain: Information Security Assessment Process<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Threats_and_Attack_Vectors\" >Domain: Information Security Threats and Attack Vectors<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Technologies\" >Domain : Information Security Technologies<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Network_and_Communication_Technologies\" >Domain : Network and Communication Technologies<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Assessment_Process-2\" >Domain : Information Security Assessment Process<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Controls\" >Domain : Information Security Controls<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Controls-2\" >Domain : Information Security Controls<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Controls-3\" >Domain : Information Security Controls<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Attack_Detection\" >Domain : Information Security Attack Detection<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Tools\" >Domain : Information Security Tools<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Technologies-2\" >Domain : Information Security Technologies<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Systems\" >Domain : Information Security Systems<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Assessment_and_Analysis\" >Domain : Information Security Assessment and Analysis<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Technologies-3\" >Domain : Information Security Technologies<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Controls-4\" >Domain : Information Security Controls<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Threats_and_Attack_Vectors-2\" >Domain: Information Security Threats and Attack Vectors<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Network_and_Communication_Technologies-2\" >Domain: Network and Communication Technologies<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Attack_Detection-2\" >Domain: Information Security Attack Detection<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Systems-2\" >Domain: Information Security Systems<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Programs\" >Domain: Information Security Programs<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Tools-2\" >Domain: Information Security Tools<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Assessment_Process-3\" >Domain: Information Security Assessment Process<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Network_and_Communication_Technologies-3\" >Domain: Network and Communication Technologies<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Domain_Information_Security_Tools-3\" >Domain: Information Security Tools<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-certification\/#Summary\" >Summary<\/a><\/li><\/ul><\/nav><\/div>\n<h3 class=\"serp-title\"><span class=\"ez-toc-section\" id=\"Pre-requisites_for_Certified_Ethical_Hacker_Certification\"><\/span><mark>Pre-requisites for Certified Ethical Hacker Certification<\/mark><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div class=\"group w-full text-gray-800 dark:text-gray-100 border-b border-black\/10 dark:border-gray-900\/50 bg-gray-50 dark:bg-[#444654]\">\n<div class=\"flex p-4 gap-4 text-base md:gap-6 md:max-w-2xl lg:max-w-[38rem] xl:max-w-3xl md:py-6 lg:px-0 m-auto\">\n<div class=\"relative flex w-[calc(100%-50px)] flex-col gap-1 md:gap-3 lg:w-[calc(100%-115px)]\">\n<div class=\"flex flex-grow flex-col gap-3\">\n<div class=\"min-h-[20px] flex flex-col items-start gap-4 whitespace-pre-wrap break-words\">\n<div class=\"markdown prose w-full break-words dark:prose-invert light\">\n<p>Although formal educational prerequisites are not mandatory for CEH certification, individuals who achieve certification usually possess a robust foundation in areas such as computer programming, computer science, software engineering, mathematics, and\/or information security.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Job_titles_for_Certified_Ethical_Hacker_Certification\"><\/span>Job titles for <mark>Certified Ethical Hacker Certification<\/mark><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Individuals who obtain the Certified Ethical Hacker (CEH) certification can be eligible for various job titles within the field of information security and ethical hacking. Some common job titles associated with CEH certification include:<\/p>\n<ol>\n<li>Ethical Hacker<\/li>\n<li>Security Analyst<\/li>\n<li>Penetration Tester<\/li>\n<li>Vulnerability Analyst<\/li>\n<li>Security Consultant<\/li>\n<li>Cybersecurity Specialist<\/li>\n<li>Information Security Analyst<\/li>\n<li>Incident Response Analyst<\/li>\n<li>Network Security Engineer<\/li>\n<li>Security Auditor<\/li>\n<\/ol>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p><span style=\"font-family: 'Open Sans', arial, sans-serif; font-size: 22px;\">Domain: Information Security Threats and Attack Vectors<\/span><\/p>\n<h4><em><span style=\"font-weight: 400;\">Q1: The attacker copies the target&#8217;s password file and then tries to crack passwords in his system at a different location. What type of password attack that performed?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Active Online Attack<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Passive Online Attack<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Non-Electronic Attack<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Offline Attack<\/span><\/p>\n<p><b>Correct Answer: D<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A: not correct <\/b><span style=\"font-weight: 400;\">The attacker performs password cracking by directly communicating with the victim&#8217;s machine<\/span><br \/>\n<b>Option B: not correct <\/b><span style=\"font-weight: 400;\">The attacker performs password cracking without communicating with the authorizing party<\/span><br \/>\n<b>Option C: not correct <\/b><span style=\"font-weight: 400;\">The attacker does not need\u00a0 technical knowledge to crack a password, known as a non-technical attack<\/span><br \/>\n<b>Option D: correct <\/b><span style=\"font-weight: 400;\">The attacker copies the target&#8217;s password file and then tries to crack passwords in his system at a different location<\/span><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 (Module 06 System Hacking)<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Assessment_Process\"><\/span><span style=\"font-weight: 400;\">Domain: Information Security Assessment Process<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q2: The company implements a security policy that has no restriction on the usage of system resources. What type of security policy did the company perform?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Promiscuous policy<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Permissive policy<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Prudent policy<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Paranoid policy<\/span><\/p>\n<p><b>Correct Answer: A<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A: correct <\/b><span style=\"font-weight: 400;\">The promiscuous Policy has no restriction on the usage of system resources.<\/span><br \/>\n<b>Option B: not correct <\/b><span style=\"font-weight: 400;\">The permissive Policy restricts only widely known, dangerous attacks or behavior.<\/span><br \/>\n<b>Option C: not correct <\/b><span style=\"font-weight: 400;\">The prudent Policy ensures the maximum and strongest security among them. However, it allows known, necessary risks, blocking all other services but individually enabled services.<\/span><br \/>\n<b>Option D: not correct <\/b><span style=\"font-weight: 400;\">Paranoid Policy denied everything, limiting internet usage.<\/span><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 (Module 01 Introduction Ethical hacking)<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Threats_and_Attack_Vectors\"><\/span><span style=\"font-weight: 400;\">Domain: Information Security Threats and Attack Vectors<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q3: It is a kind of malware (malicious software) that gets activated upon users&#8217; certain predefined actions. When activated, it can grant attackers unrestricted access or control of all data stored on compromised information systems and can cause potentially immense damage. Which of the following terms best matches the definition?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Virus<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Trojan<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Ransomware<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Worm<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A: not correct <\/b><span style=\"font-weight: 400;\">A computer virus is a self-replicating program that produces its code by attaching copies of itself to other executable codes and operates without the knowledge or desire of the user. This infection of viruses can lead to data loss, system crash, and file corruption.<\/span><br \/>\n<b>Option B: correct <\/b><span style=\"font-weight: 400;\">Trojan is a program in which the malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can <\/span><b>get control<\/b><span style=\"font-weight: 400;\"> and cause damage, such as ruining the file allocation table on your hard disk.<\/span><br \/>\n<b>Option C : not correct <\/b><span style=\"font-weight: 400;\">Ransomware is a type of malware that restricts access to the infected computer system or critical files and documents stored on it, and after that, demands an online ransom payment to the malware creator(s) to remove user restrictions. Ransomware might encrypt files stored on the system&#8217;s hard disk, or merely lock the system and display messages meant to trick the user into paying.<\/span><br \/>\n<b>Option D : not correct <\/b><span style=\"font-weight: 400;\">Computer worms are standalone malicious programs that replicate, execute, and spread across network connections independently, without human intervention. Intruders design most worms to replicate and spread across a network, thus consuming available computing resources and, in turn, causing network servers, web servers, and individual computer systems to become overloaded and stop responding.<\/span><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 (Module 07 Malware Threat)<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Technologies\"><\/span><span style=\"font-weight: 400;\">Domain : Information Security Technologies<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q4 : Server Administrator configures access settings for users to authenticate first before accessing web pages.\u00a0 Which requirement of information security is addressed by implementing the configuration?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Integrity<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Availability<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Confidentiality<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Scalability<\/span><\/p>\n<p><b>Correct Answer: C<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A : not correct <\/b><span style=\"font-weight: 400;\">Data integrity ensures that only authorized parties can modify data.<\/span><br \/>\n<b>Option B : not correct <\/b><span style=\"font-weight: 400;\">Availability applies to systems and data. ensures that network services and the data are accessible and performing well under all condition<\/span><br \/>\n<b>Option C : correct <\/b><span style=\"font-weight: 400;\">Confidentiality means that only authorized persons can work with and see our infrastructure\u2019s digital resources<\/span><br \/>\n<b>Option D : not correct <\/b><span style=\"font-weight: 400;\">Scalability is the property of a system to handle a growing amount of work by adding resources to the system<\/span><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 (Module 01 Introduction to Ethical Hacking)<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Network_and_Communication_Technologies\"><\/span><span style=\"font-weight: 400;\">Domain : Network and Communication Technologies<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q5 : An organization allows employees to work from the outside network to access the data for a specific purpose. Which technology should be implemented to ensure data confidentiality as data is transmitted?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Telnet<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>VLAN<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>WPA2<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>VPN<\/span><\/p>\n<p><b>Correct Answer: D<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A : not correct <\/b><span style=\"font-weight: 400;\">Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection<\/span><br \/>\n<b>Option B : not correct <\/b><span style=\"font-weight: 400;\">A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer<\/span><br \/>\n<b>Option C : not correct <\/b><span style=\"font-weight: 400;\">WPA2 is encryption method for wireless network<\/span><br \/>\n<b>Option D : correct <\/b><span style=\"font-weight: 400;\">A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks with secure access to the private network<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/en.wikipedia.org\/wiki\/Virtual_private_network\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/en.wikipedia.org\/wiki\/Virtual_private_network<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Assessment_Process-2\"><\/span><span style=\"font-weight: 400;\">Domain : Information Security Assessment Process<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q6 : Attackers use image files to hide some information for malicious purposes. What type of technique did the attacker perform?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Spyware<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Cryptography<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Steganography<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Backdoor<\/span><\/p>\n<p><b>Correct Answer: C<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A : not correct <\/b><span style=\"font-weight: 400;\">Spyware is stealthy computer monitoring software that allows you to record all the user activities on the target computer secretly<\/span><br \/>\n<b>Option B : not correct <\/b><span style=\"font-weight: 400;\">Cryptography is the practice of concealing information by converting plain text (readable format) into ciphertext (unreadable format) using a key or encryption scheme.<\/span><br \/>\n<b>Option C : correct <\/b><span style=\"font-weight: 400;\">Steganography refers to the art of hiding data &#8221; behind &#8221; other data without the target&#8217;s knowledge. Steganography hides the existence of the message. It replaces bits of unused data into the usual files such as graphic, sound, text, audio and video with some other surreptitious bits<\/span><br \/>\n<b>Option D : not correct <\/b><span style=\"font-weight: 400;\">A backdoor is a program which can bypass the standard system authentication or conventional system mechanism like IDS, firewalls, etc . without being detected. In these types of breaches, hackers leverage backdoor programs to access the victim&#8217;s computer or a network.<\/span><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 (Module 06 System Hacking)<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Controls\"><\/span><span style=\"font-weight: 400;\">Domain : Information Security Controls<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q7 : Which Intrusion Detection System is the best applicable to analyze the system&#8217;s behavior for Desktop PC or Server?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>HIDS<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>NIDS<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Firewall<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Antivirus<\/span><\/p>\n<p><b>Correct Answer: A<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A : correct <\/b><span style=\"font-weight: 400;\">HIDS (Host-based Intrusion Detection System) analyze each system\u2019s behavior and applicable on Desktop PC or Server<\/span><br \/>\n<b>Option B : not correct <\/b><span style=\"font-weight: 400;\">NIDS (Network-based Intrusion Detection System) check every packet entering the network. It is used in a large environment to inspect all traffic.<\/span><br \/>\n<b>Option C : not correct <\/b><span style=\"font-weight: 400;\">Firewall is not an IDS<\/span><br \/>\n<b>Option D : not correct <\/b><span style=\"font-weight: 400;\">Antivirus is not an IDS<\/span><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 (Module 12 IDS, Firewall Honeypot)<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Controls-2\"><\/span><span style=\"font-weight: 400;\">Domain : Information Security Controls<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q8 : What is the purpose of a demilitarized zone on a network?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Protecting the network devices<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Provide detection for malicious traffic on the network<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Provide security on servers<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Providing security to the internal network and only provide direct access to DMZ nodes<\/span><\/p>\n<p><b>Correct Answer: D<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A : not correct <\/b><span style=\"font-weight: 400;\">For protecting network devices using the firewall.<\/span><br \/>\n<b>Option B : not correct <\/b><span style=\"font-weight: 400;\">It is the purpose of using the Intrusion Detection System (IDS).<\/span><br \/>\n<b>Option C : not correct <\/b><span style=\"font-weight: 400;\">Firewall and IDS will provide security for servers.<\/span><br \/>\n<b>Option D : correct <\/b><span style=\"font-weight: 400;\">DMZ is a small network placed as a neutral zone between the internal (trusted) network and external (untrusted) network to prevent an outsider from accessing the internal network directly.<\/span><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 (Module 12 IDS, Firewall Honeypot)<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Controls-3\"><\/span><span style=\"font-weight: 400;\">Domain : Information Security Controls<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q9 : Which of the following types of firewall inspects specific traffic such as http:get or post?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Packet filtering firewall<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Application-level firewall<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Circuit-level gateway firewall<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Stateful Multilayer Inspection<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A : not correct <\/b><span style=\"font-weight: 400;\">Packet Filtering firewall work at the network layer of the OSI model, each packet compared to a set of criteria before it is forwarded<\/span><br \/>\n<b>Option B : correct <\/b><span style=\"font-weight: 400;\">Application-level firewall (proxies) is filter packets at the application layer of the OSI model. This firewall inspect specific traffic on application such as http:get or post<\/span><br \/>\n<b>Option C : not correct <\/b><span style=\"font-weight: 400;\">Circuit level gateway firewall is work at the session layer of the OSI model<\/span><br \/>\n<b>Option D : not correct <\/b><span style=\"font-weight: 400;\">Combine aspect of the other type of firewalls packet filtering, application-level firewall, and circuit-level gateway firewall<\/span><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 (Module 12 IDS, Firewall Honeypot)<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Attack_Detection\"><\/span><span style=\"font-weight: 400;\">Domain : Information Security Attack Detection<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q10 : The system administrator uses virus detection to prevent viruses on the system. He uses a tool for monitoring system operation requests that are written to disk. What is the virus detection method that the system administrator performs?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Scanning<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Interception<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Code Emulation<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Integrity Checking<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A :<\/b> <b>not correct <\/b><span style=\"font-weight: 400;\">Use anti-virus to perform and detect viruses<\/span><br \/>\n<b>Option B : correct <\/b><span style=\"font-weight: 400;\">The interceptors monitors system operation requests that are written to disk<\/span><br \/>\n<b>Option C : not<\/b> <b>correct <\/b><span style=\"font-weight: 400;\">Use Virtual Machine to simulate CPU and memory activity<\/span><br \/>\n<b>Option D : not correct <\/b><span style=\"font-weight: 400;\">Reading entire disk and recorded integrity data that acts as a signature for the files and systems sector<\/span><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 (Module 07 Malware Threats)<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Tools\"><\/span><span style=\"font-weight: 400;\">Domain : Information Security Tools<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q11 : Hyena is a tool to manages and secures Windows operating systems and uses a Windows Explorer-style interface for all operations. It shows shares and user login names for Windows servers and domain controllers. What is the purpose of using this tool?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>NETBIOS Enumeration<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>LDAP Enumeration<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>SNMP Enumeration<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>SMTP Enumeration<\/span><\/p>\n<p><b>Correct Answer: A<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A: correct <\/b><span style=\"font-weight: 400;\">Hyena is tool for NETBIOS Enumeration<\/span><br \/>\n<b>Option B: not correct <\/b><span style=\"font-weight: 400;\">Hyena is not LDAP Enumeration tool<\/span><br \/>\n<b>Option C: not correct <\/b><span style=\"font-weight: 400;\">Hyena is not SNMP Enumeration tool<\/span><br \/>\n<b>Option D: not correct <\/b><span style=\"font-weight: 400;\">Hyena is not SMTP Enumeration tool<\/span><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 ( Module 04 Enumeration)<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Technologies-2\"><\/span><span style=\"font-weight: 400;\">Domain : Information Security Technologies<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q12 : Hashing is generating a value or values from a string of text using a mathematical function. Which of the following is assured by the use of a hash?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Confidentiality<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Integrity<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Availability<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Authentication<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A: not correct <\/b><span style=\"font-weight: 400;\">Confidentiality means the only authorized person can access and read the data.<\/span><br \/>\n<b>Option B: correct <\/b><span style=\"font-weight: 400;\">The main role of a cryptographic hash function is to provide integrity in document management. Integrity ensures an only authorized person can modify the data.<\/span><br \/>\n<b>Option C: not\u00a0 correct <\/b><span style=\"font-weight: 400;\">Availability applies to system and data. Authorized persons can access data via network and minimalize the failure of the network.<\/span><br \/>\n<b>Option D: not correct <\/b><span style=\"font-weight: 400;\">Authentication is processed to identifies users or devices to access some resources.<\/span><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 ( Module 01 Introduction Ethical Hacking)<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Systems\"><\/span><span style=\"font-weight: 400;\">Domain : Information Security Systems<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q13 : Domain Name System (DNS) has a few types of records. One type of them is AAAA Record. What is the purpose of the AAAA Record ?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>IPv4 address resolution record<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>IPv6 address resolution record<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Mail exchange record<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Text record<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A: not correct <\/b><span style=\"font-weight: 400;\">Record for IPv4 address is A Record.<\/span><br \/>\n<b>Option B: correct <\/b><span style=\"font-weight: 400;\">AAA is used for<\/span> <span style=\"font-weight: 400;\">Returns, a 128-bit IPv6 address, most commonly used to map hostnames to the host&#8217;s IP address.<\/span><br \/>\n<b>Option C: not correct <\/b><span style=\"font-weight: 400;\">Mail exchanger record for DNS is MX<\/span><br \/>\n<b>Option D: not correct <\/b><span style=\"font-weight: 400;\">Text record for DNS is TX.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/en.wikipedia.org\/wiki\/List_of_DNS_record_types\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/en.wikipedia.org\/wiki\/List_of_DNS_record_types<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Assessment_and_Analysis\"><\/span><span style=\"font-weight: 400;\">Domain : Information Security Assessment and Analysis<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q14 : CVSS is a published standard that provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. CVSS assessment consists of three metrics for measuring vulnerabilities. Which of the following is the best definition of base metric?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Represents the inherent qualities of a vulnerability<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Represents the vulnerabilities that are based on a particular environment or implementation<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Represents the features that keep on changing during the lifetime of vulnerability<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Represent the type of vulnerability<\/span><\/p>\n<p><b>Correct Answer: A<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A : correct <\/b><span style=\"font-weight: 400;\">Base metric represents the inherent qualities of a vulnerability<\/span><br \/>\n<b>Option B : not correct <\/b><span style=\"font-weight: 400;\">Environmental metric represents the vulnerabilities that are based on a particular environment or implementation<\/span><br \/>\n<b>Option C : not correct <\/b><span style=\"font-weight: 400;\">Temporal metric represents the features that keep on changing during the lifetime of a vulnerability<\/span><br \/>\n<b>Option D : not correct <\/b><span style=\"font-weight: 400;\">Not represent any metric<\/span><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 (Module 05 Vulnerability Analysis)<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Technologies-3\"><\/span><span style=\"font-weight: 400;\">Domain : Information Security Technologies<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q15 : Which type of hacker performs an attack on the system by using tools and knowledge found on the internet?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>White Hat<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Grey Hat<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Black Hat<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Script Kiddies<\/span><\/p>\n<p><b>Correct Answer: D<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A : not correct <\/b><span style=\"font-weight: 400;\">Security analyst or individuals with hacking skill using them for defensive purpose<\/span><br \/>\n<b>Option B : not correct <\/b><span style=\"font-weight: 400;\">Work for defensive and offensive purpose<\/span><br \/>\n<b>Option C : not correct <\/b><span style=\"font-weight: 400;\">Hacker with malicious and destructive activities<\/span><br \/>\n<b>Option D : correct <\/b><span style=\"font-weight: 400;\">Unskilled hackers, hacking and compromising system using tools are the scripts made by real hackers<\/span><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 (Module 01 Introduction to Ethical Hacking)<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Controls-4\"><\/span><span style=\"font-weight: 400;\">Domain : Information Security Controls<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q16 : Which of the following OSI layers is the packet filtering firewall work on?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Application<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Application, Presentation, Session<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Physical, Data Link<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Data Link, Network, Transport<\/span><\/p>\n<p><b>Correct Answer: D<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option D :\u00a0 correct <\/b><span style=\"font-weight: 400;\">Please see the table below<img decoding=\"async\" class=\"aligncenter wp-image-81960 size-full\" title=\"Information Security Controls\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/c16.png\" alt=\"Information Security Controls\" width=\"655\" height=\"530\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/c16.png 655w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/c16-300x243.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/c16-519x420.png 519w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/c16-640x518.png 640w\" sizes=\"(max-width: 655px) 100vw, 655px\" \/><\/span><b>Option A, B &amp; C: not correct<\/b><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 (Module 12 Evading IDS, Firewall and Honeypots)<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Threats_and_Attack_Vectors-2\"><\/span><span style=\"font-weight: 400;\">Domain: Information Security Threats and Attack Vectors<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q17: The enormous usage of mobile devices has grabbed the attention of attackers. Mobile devices access many of the resources that traditional computers use. Apart from that, mobile devices also have some unique features that add new attack vectors and protocols to the mix.\u00a0 Which of the following are mobile attack vectors?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Malware<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Data Exfiltration<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Data Tampering<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Data Breaking<\/span><\/p>\n<p><b>Correct Answers: A, B, and C<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Options A, B &amp; C: correct <\/b><span style=\"font-weight: 400;\">Mobile attack vectors shown the picture below:<img decoding=\"async\" class=\"aligncenter wp-image-81961 size-full\" title=\"Information Security Threats and Attack Vectors\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/c17.png\" alt=\"Information Security Threats and Attack Vectors\" width=\"314\" height=\"420\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/c17.png 314w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/c17-224x300.png 224w\" sizes=\"(max-width: 314px) 100vw, 314px\" \/><\/span><b> Options C &amp; D: not correct<\/b><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 ( Module 17 Hacking Mobile Platform )<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Network_and_Communication_Technologies-2\"><\/span><span style=\"font-weight: 400;\">Domain: Network and Communication Technologies<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q18: Which of the following protocol used to ensure security in transferring files across the network?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>SSL<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>HTTP<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>TLS<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>SFTP<\/span><\/p>\n<p><b>Correct Answer: D<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A: not correct <\/b><span style=\"font-weight: 400;\">SSL<\/span> <span style=\"font-weight: 400;\">is a protocol used to provide a secure authentication mechanism between two communicating applications<\/span><br \/>\n<b>Option B: not correct <\/b><span style=\"font-weight: 400;\">HTTP is an application protocol that used to access the web application<\/span><br \/>\n<b>Option C: not correct <\/b><span style=\"font-weight: 400;\">TLS is more secure than SSL. Transport Layer Security (TLS) is a protocol used to establish a secure connection between a client and a server and ensure the privacy and integrity of information during transmission<\/span><br \/>\n<b>Option D: correct <\/b><span style=\"font-weight: 400;\">SFTP is the protocol to ensure security in file transfer across the network<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/en.wikipedia.org\/wiki\/SSH_File_Transfer_Protocol\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/en.wikipedia.org\/wiki\/SSH_File_Transfer_Protocol<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Attack_Detection-2\"><\/span><span style=\"font-weight: 400;\">Domain: Information Security Attack Detection<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q19: How to detect a honeypot that running on VMWare?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>analyzing outgoing packets<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Looking for MAC Address range on IEEE standard<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Looking for specific TCP\/IP parameters such as TTL, RTT, and, TCP timestamp<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>using time-based TCP fingerprinting method<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A: not correct <\/b><span style=\"font-weight: 400;\">It is used to detect snort firewall.<\/span><br \/>\n<b>Option B: correct <\/b><span style=\"font-weight: 400;\">It is used to detect honeypots running on VMware<\/span><br \/>\n<b>Option C: not correct <\/b><span style=\"font-weight: 400;\">It is used to detect honeypots using Linux Virtual Machine<\/span><br \/>\n<b>Option D: not correct <\/b><span style=\"font-weight: 400;\">An attacker can identify the presence of Honeyd honeypot by performing time-based TCP Fingerprinting<\/span><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 (Module 12 Evading IDS, Firewall and Honeypots)<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Systems-2\"><\/span><span style=\"font-weight: 400;\">Domain: Information Security Systems<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q20: XYZ company uses 10.20.29.0\/27 for the local network. Which of the following subnet mask in this network?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>255.255.255.0<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>255.255.255.252<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>255.255.255.248<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>255.255.255.224<\/span><\/p>\n<p><b>Correct Answer: D<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A: not correct <\/b><span style=\"font-weight: 400;\">It is a subnet mask for the\/24 prefix<\/span><br \/>\n<b>Option B: not correct <\/b><span style=\"font-weight: 400;\">It is a subnet mask for \/30 prefix<\/span><br \/>\n<b>Option C: not correct <\/b><span style=\"font-weight: 400;\">It is a subnet mask for the\/29 prefix<\/span><br \/>\n<b>Option D: correct <\/b><span style=\"font-weight: 400;\">It is a subnet mask for \/27 prefix<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/en.wikipedia.org\/wiki\/Subnetwork\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/en.wikipedia.org\/wiki\/Subnetwork<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Programs\"><\/span><span style=\"font-weight: 400;\">Domain: Information Security Programs<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q21: In the Linux system, you want to view firewall logs to evaluate network traffic. It would be best if you searched the specific logs with fast and efficient. Which command-line utility are you most likely to use?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Notepad<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Nano<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Gedit<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Grep<\/span><\/p>\n<p><b>Correct Answer: D<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><b>Explanation<\/b><span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><\/p>\n<p><b>Option A:<\/b><span style=\"font-weight: 400;\"><strong> not correct<\/strong> Notepad is a text editor in the Windows system<\/span><br \/>\n<b>Option B:\u00a0 not correct <\/b><span style=\"font-weight: 400;\">Nano is a tool used for the open text files in Linux<\/span><br \/>\n<b>Option C: not correct <\/b><span style=\"font-weight: 400;\">Gedit is GUI based text editor in Linux<\/span><br \/>\n<b>Option D: correct <\/b><span style=\"font-weight: 400;\">grep is a command-line utility for searching plain-text data sets for lines that match a regular expression<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/en.wikipedia.org\/wiki\/Grep\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/en.wikipedia.org\/wiki\/Grep<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Tools-2\"><\/span><span style=\"font-weight: 400;\">Domain: Information Security Tools<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q22: A pen-tester is attacking wireless networks using fake authentication and ARP request injection. Which tools should be used by a pen-tester?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Aircrack-ng<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Aireplay-ng<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Airman-ng<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Wireshark<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A: not correct <\/b><span style=\"font-weight: 400;\">Defacto WEP and WPA\/ WPA 2- PSK cracking tool.<\/span><br \/>\n<b>Option B: correct <\/b><span style=\"font-weight: 400;\">It is used for traffic generation fake authentication packet replay and ARP request injection.<\/span><br \/>\n<b>Option C: not correct <\/b><span style=\"font-weight: 400;\">It is used to enable monitor mode on wireless interfaces from managed mode and vice versa.<\/span><br \/>\n<b>Option D: not correct <\/b><span style=\"font-weight: 400;\">Wireshark allows attackers to <\/span><b>read\/capture<\/b> <b>live<\/b> <b>data<\/b><span style=\"font-weight: 400;\"> from Ethernet, Token -Ring, FDDI, serial (PPP and SLIP), 802.11 wireless LAN, ATM connections, etc.<\/span><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 ( Module 16 Hacking Wireless Network)<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Assessment_Process-3\"><\/span><span style=\"font-weight: 400;\">Domain: Information Security Assessment Process<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q23: It is the process of replacing unwanted bits in an image and its source files with the secret data. Which of the term being described?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Spyware<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Cryptography<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Steganography<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Backdoor<\/span><\/p>\n<p><b>Correct Answer: C<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A: not correct <\/b><span style=\"font-weight: 400;\">Spyware is stealthy computer monitoring software that allows you to record all the user activities on the target computer secretly<\/span><br \/>\n<b>Option B: not correct <\/b><span style=\"font-weight: 400;\">Cryptography is the practice of concealing information by converting plain text (readable format) into ciphertext (unreadable format) using a key or encryption scheme.<\/span><br \/>\n<b>Option C: correct <\/b><span style=\"font-weight: 400;\">Steganography refers to the art of hiding data &#8221; behind &#8221; other data without the target&#8217;s knowledge. Steganography hides the existence of the message. It replaces bits of unused data into the usual files such as graphics, sound, text, audio, and video with some other surreptitious bits<\/span><br \/>\n<b>Option D: not correct <\/b><span style=\"font-weight: 400;\">A backdoor is a program that can bypass the standard system authentication or conventional system mechanism like IDS, firewalls, etc . without being detected. In these types of breaches, hackers leverage backdoor programs to access the victim&#8217;s computer or a network.<\/span><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 (Module 06 System Hacking)<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Network_and_Communication_Technologies-3\"><\/span><span style=\"font-weight: 400;\">Domain: Network and Communication Technologies<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q24: Which protocol is used for setting up secure channels between two devices, typically in VPNs?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>PPP<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>IPSEC<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>WPA<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>WEP<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Option A: not correct <\/b><span style=\"font-weight: 400;\">PPP is protocol in WAN connection<\/span><br \/>\n<b>Option B: correct<\/b><br \/>\n<b>Options C &amp; D: not correct <\/b><span style=\"font-weight: 400;\">WEP and WPA are encryption in wireless communication<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/en.wikipedia.org\/wiki\/Virtual_private_network\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">https:\/\/en.wikipedia.org\/wiki\/Virtual_private_network<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Information_Security_Tools-3\"><\/span><span style=\"font-weight: 400;\">Domain: Information Security Tools<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><em><span style=\"font-weight: 400;\">Q25: John the Ripper is a technical assessment tool used to test the weakness of which of the following?<\/span><\/em><\/h4>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Usernames<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>File permissions<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Firewall rulesets<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Passwords<\/span><\/p>\n<p><b>Correct Answer : D<\/b><\/p>\n<p><b>Explanation<\/b><\/p>\n<p><b>Options A, B &amp; C: not correct <\/b><span style=\"font-weight: 400;\">John the ripper targeted for password<\/span><\/p>\n<p><b>Option D: correct <\/b><span style=\"font-weight: 400;\">John the ripper is the tool for brute force password attack. It is used to find a password combination.<\/span><\/p>\n<p><b>Reference: <\/b><span style=\"font-weight: 400;\">CEHv10, Ethical Hacking and Countermeasure EC-Council\u00a0 (Module 13 Hacking Web Server)<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Summary\"><\/span>Summary<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">We are hopeful that these Certified Ethical Hacker exam questions must have helped you get an assessment of the exam and you are more confident with your preparation now. We also provide you with more such <a href=\"https:\/\/www.whizlabs.com\/blog\/certified-ethical-hacker-practice-tests-launched\/\">Ethical Hacking practice exam<\/a> Questions. Preparation is the key to success. Keep Learning!<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Did you come here looking for free Certified Ethical Hacker Certification questions and answers? You have come to the right place. Certified Ethical Hackers and professionals make use of techniques, methodologies, and commercial-grade hacking tools to legally hack an organization\u2019s network. Find these free Ethical Hacker certification practice questions below and test your skills. Let&#8217;s start learning! Pre-requisites for Certified Ethical Hacker Certification Although formal educational prerequisites are not mandatory for CEH certification, individuals who achieve certification usually possess a robust foundation in areas such as computer programming, computer science, software engineering, mathematics, and\/or information security. Job titles for Certified [&hellip;]<\/p>\n","protected":false},"author":359,"featured_media":82118,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[3343],"tags":[4866],"class_list":["post-81959","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-certified-ethical-hacker-certification"],"uagb_featured_image_src":{"full":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/certified-ethical-hacker.webp",600,315,false],"thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/certified-ethical-hacker-150x150.webp",150,150,true],"medium":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/certified-ethical-hacker-300x158.webp",300,158,true],"medium_large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/certified-ethical-hacker.webp",600,315,false],"large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/certified-ethical-hacker.webp",600,315,false],"1536x1536":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/certified-ethical-hacker.webp",600,315,false],"2048x2048":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/certified-ethical-hacker.webp",600,315,false],"profile_24":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/certified-ethical-hacker.webp",24,13,false],"profile_48":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/certified-ethical-hacker.webp",48,25,false],"profile_96":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/certified-ethical-hacker.webp",96,50,false],"profile_150":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/certified-ethical-hacker.webp",150,79,false],"profile_300":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/certified-ethical-hacker.webp",300,158,false],"tptn_thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/certified-ethical-hacker-250x250.webp",250,250,true],"web-stories-poster-portrait":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/certified-ethical-hacker.webp",600,315,false],"web-stories-publisher-logo":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/certified-ethical-hacker.webp",96,50,false],"web-stories-thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/04\/certified-ethical-hacker.webp",150,79,false]},"uagb_author_info":{"display_name":"Abilesh Premkumar","author_link":"https:\/\/www.whizlabs.com\/blog\/author\/abilesh\/"},"uagb_comment_info":16,"uagb_excerpt":"Did you come here looking for free Certified Ethical Hacker Certification questions and answers? You have come to the right place. Certified Ethical Hackers and professionals make use of techniques, methodologies, and commercial-grade hacking tools to legally hack an organization\u2019s network. Find these free Ethical Hacker certification practice questions below and test your skills. Let&#8217;s&hellip;","_links":{"self":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/81959","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/users\/359"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/comments?post=81959"}],"version-history":[{"count":16,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/81959\/revisions"}],"predecessor-version":[{"id":89593,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/81959\/revisions\/89593"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media\/82118"}],"wp:attachment":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media?parent=81959"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/categories?post=81959"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/tags?post=81959"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}