اضغط هنا للانضمام الى قروب فوجي للإختبارات على تيليقرام

أرشيف أسئلة الاختبار

اختبار شهادة Certified Ethical Hacker (CEH) V13

هذه الصفحة مخصصة للأرشفة وتعرض جميع أسئلة الاختبار وروابط كل سؤال مع الخيارات والنقاشات.

الأسئلة

40 سؤال
  1. Under what conditions does a secondary name server request a zone transfer from a primary name server?
  2. An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a web server in the external DMZ. ...
  3. The collection of potentially actionable, overt, and publicly available information is known as:
  4. Which of the following is a component of a risk assessment?
  5. Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?
  6. An attacker, using a rogue wireless AP, performed a MITM attack and injected HTML code to embed a malicious applet in all HTTP connections. When users accessed ...
  7. Eric used Dsniff tools to intercept communications between two entities, establishing credentials with both sides and relaying all traffic. Neither endpoint not ...
  8. While using your bank’s online services you see this URL: "http://www.MyPersonalBank.com/account?id=368940911028389&Damount=10980&Camount=21" You notice that if ...
  9. Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?
  10. What tool can crack Windows SMB passwords simply by listening to network traffic?
  11. Bob decides a DMZ is not needed if the firewall is configured to only allow access to specific Internet-facing servers/ports and block access to workstations. H ...
  12. Based on the following extract from the log of a compromised machine (showing access to "har.txt" in the repair context), what is the hacker really trying to st ...
  13. User A is sending a sensitive email to user B and chooses to use PKI to secure the message so only B can read it. At what OSI layer does the encryption and decr ...
  14. Bob is performing a password assessment and suspects weak passwords are common. He knows about password weaknesses and keyloggers. Which option best represents ...
  15. Bob is performing a password assessment and suspects weak passwords are common. He knows about password weaknesses and keyloggers. Which option best represents ...
  16. An incident investigator receives logs from firewalls, proxy servers, and IDS sensors after a possible breach. When correlating events, the sequences in differe ...
  17. The Heartbleed bug (CVE-2014-0160) affects OpenSSL’s implementation of TLS. What type of key does this bug potentially expose to the Internet, making exploitati ...
  18. What two conditions must a digital signature meet?
  19. What is NOT a PCI compliance recommendation?
  20. You have physical access to a Windows 2008 R2 server with an accessible disk drive but cannot guess the admin password. You boot an Ubuntu LiveCD. Which Linux-b ...
  21. Which of the following is a command-line packet analyzer similar to GUI-based Wireshark?
  22. Scenario: An attacker creates an attractive web page and overlays an invisible iframe on top of a button. The victim thinks they click the visible offer, but ac ...
  23. In the Mason Insurance scenario, internal users see the normal website while Internet users see a defaced website at www.masonins.com. Tripwire shows no changes ...
  24. A hacker studies a target company’s public information, email style, leadership names, and branding to craft realistic phishing emails. The time spent gathering ...
  25. DHCP snooping is enabled to prevent rogue DHCP servers. Which security feature on switches leverages the DHCP snooping database to help prevent man-in-the-middl ...
  26. Which type of physical security feature stops vehicles from crashing through the doors of a building?
  27. A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub ...
  28. The establishment of a TCP connection involves a negotiation called the three-way handshake. What type of message does the client send to the server in order to ...
  29. “........ is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdro ...
  30. A company’s security policy states that all web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is ...
  31. MX record priority increases as the number increases. (True/False.)
  32. A zone file consists of which of the following Resource Records (RRs)?
  33. Which of the following incident handling process phases is responsible for defining rules, coordinating people, creating a backup plan, and testing the plans fo ...
  34. The command `env x='(){ :;};echo exploit' bash -c 'cat /etc/passwd'` is used in the Shellshock bash vulnerability. What is it attempting to do on a vulnerable L ...
  35. You are tasked to perform a penetration test. During information gathering, you find an employee list and the receptionist’s email. You send her an email spoofe ...
  36. During a black-box penetration test, you attempt to pass IRC traffic over TCP port 80 from a compromised web-enabled host. The traffic is blocked, but normal ou ...
  37. Which of the following statements about a DNS zone transfer is correct? (Choose three.)
  38. Null sessions are unauthenticated connections (no username or password) to an NT or 2000 system. Which TCP ports must you filter to block/null-check these sessi ...
  39. An attacker has installed a RAT on a host and wants to ensure that when a user visits "www.MyPersonalBank.com" they are silently redirected to a phishing site. ...
  40. In Nmap, what does the `-oX` flag do during a scan?