13.07.2021 г. Set 19 (Q541 to Q570) - CEH v11 - Multiple Choice Questions - Powered by Yeahhub.

com

Q541 - The collection of potentially actionable, overt, and publicly available information is known as

A. Open-source intelligence
B. Human intelligence
C. Social intelligence
D. Real intelligence

Show Answer

Answer: A

Q542 - Which of the following parameters enables NMAP's operating system detection feature?

A. NMAP -sV
B. NMAP -oS
C. NMAP -sR
D. NMAP -O

https://www.yeahhub.com/cehv11-mcq/set19-ceh-mcq.php 12/19
13.07.2021 г. Set 19 (Q541 to Q570) - CEH v11 - Multiple Choice Questions - Powered by Yeahhub.com

Show Answer

Answer: D

Q543 - Which of the following is the structure designed to verify and authenticate the identity of individuals within the
enterprise taking part in a data exchange?

A. PKI
B. single sign on
C. biometrics
D. SOA

Show Answer

Answer: A

Q544 - What network security concept requires multiple layers of security controls to be placed throughout an IT
infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential
vulnerabilities?

A. Security through obscurity

B. Host-Based Intrusion Detection System
C. Defense in depth
D. Network-Based Intrusion Detection System

Show Answer

Answer: C

Q545 - An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as
part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

A. Only using OSPFv3 will mitigate this risk.

B. Make sure that legitimate network routers are configured to run routing protocols with authentication.
C. Redirection of the traffic cannot happen unless the admin allows it explicitly.
D. Disable all routing protocols and only use static routes.

Show Answer

Answer: B

Q546 - Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?

A. They provide a repeatable framework.

B. Anyone can run the command line scripts.
C. They are available at low cost.
D. They are subject to government regulation.

Show Answer

Answer: A

Q547 - Darius is analysing logs from IDS. He want to understand what have triggered one alert and verify if it's true
positive or false positive. Looking at the logs he copy and paste basic details like below:

source IP: 192.168.21.100

source port: 80

destination IP: 192.168.10.23

destination port: 63221

What is the most proper answer. 

https://www.yeahhub.com/cehv11-mcq/set19-ceh-mcq.php 13/19
13.07.2021 г. Set 19 (Q541 to Q570) - CEH v11 - Multiple Choice Questions - Powered by Yeahhub.com

A. This is most probably true negative.

B. This is most probably true positive which triggered on secure communication between client and server.
C. This is most probably false-positive, because an alert triggered on reversed traffic.
D. This is most probably false-positive because IDS is monitoring one direction traffic.

Show Answer

Answer: A

Q548 - You are tasked to perform a penetration test. While you are performing information gathering, you find an
employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her
boss's email( boss@company ). In this email, you ask for a pdf with information. She reads your email and sends back a
pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the
modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You
now have access to the company network. What testing method did you use?

A. Social engineering
B. Tailgating
C. Piggybacking
D. Eavesdropping

Show Answer

Answer: A

Q549 - SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. This
protocol has long been used by hackers to gather great amount of information about remote hosts. Which of the
following features makes this possible? (Choose two.)

A. It used TCP as the underlying protocol.

B. It uses community string that is transmitted in clear text.
C. It is susceptible to sniffing.
D. It is used by all network devices on the market.

Show Answer

Answer: B and D

Q550 - Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown
below. What conclusions can be drawn based on these scan results?

A. The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host.
B. The lack of response from ports 21 and 22 indicate that those services are not running on the destination server.
C. The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall.
D. The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL
error.

Show Answer

Answer: C

Q551 - Which of the following is a component of a risk assessment?

A. Physical security
B. Administrative safeguards
C. DMZ
D. Logical interface

https://www.yeahhub.com/cehv11-mcq/set19-ceh-mcq.php 14/19
13.07.2021 г. Set 19 (Q541 to Q570) - CEH v11 - Multiple Choice Questions - Powered by Yeahhub.com

Show Answer

Answer: B

Q552 - Which cipher encrypts the plain text digit (bit or byte) one by one?

A. Classical cipher
B. Block cipher
C. Modern cipher
D. Stream cipher

Show Answer

Answer: D

Q553 - Which type of access control is used on a router or firewall to limit network activity?

A. Mandatory
B. Discretionary
C. Rule-based
D. Role-based

Show Answer

Answer: C

Q554 - If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token
performs off-line checking for the correct PIN, what type of attack is possible?

A. Birthday
B. Brute force
C. Man-in-the-middle
D. Smurf

Show Answer

Answer: B

Q555 - Which of the following is designed to identify malicious attempts to penetrate systems?

A. Intrusion Detection System

B. Firewall
C. Proxy
D. Router

Show Answer

Answer: A

Q556 - Which of the following is assured by the use of a hash?

A. Integrity
B. Confidentiality
C. Authentication
D. Availability

Show Answer


Answer: A
https://www.yeahhub.com/cehv11-mcq/set19-ceh-mcq.php 15/19
13.07.2021 г. Set 19 (Q541 to Q570) - CEH v11 - Multiple Choice Questions - Powered by Yeahhub.com

Q557 - What is the minimum number of network connections in a multi homed firewall?

A. 3
B. 5
C. 4
D. 2

Show Answer

Answer: A

Q558 - How does the Address Resolution Protocol (ARP) work?

A. A. It sends a request packet to all the network elements, asking for the MAC address from a specific IP.
B. It sends a reply packet to all the network elements, asking for the MAC address from a specific IP.
C. It sends a reply packet for a specific IP, asking for the MAC address.
D. It sends a request packet to all the network elements, asking for the domain name from a specific IP.

Show Answer

Answer: A

Q559 - Which security strategy requires using several, varying methods to protect IT systems against attacks?

A. Defense in depth
B. Three-way handshake
C. Covert channels
D. Exponential backoff algorithm

Show Answer

Answer: A

Q560 - Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target
service?

A. Port scanning
B. Banner grabbing
C. Injecting arbitrary data
D. Analyzing service response

Show Answer

Answer: D

Q561 - How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

A. There is no way to tell because a hash cannot be reversed

B. The right most portion of the hash is always the same
C. The hash always starts with AB923D
D. The left most portion of the hash is always the same

E. A portion of the hash will be all 0's

Show Answer

Answer: B

Q562 - Which of the following guidelines or standards is associated with the credit card industry? 
l b f f
https://www.yeahhub.com/cehv11-mcq/set19-ceh-mcq.php d l d h l 16/19
13.07.2021 г. Set 19 (Q541 to Q570) - CEH v11 - Multiple Choice Questions - Powered by Yeahhub.com

A. Control Objectives for Information and Related Technology (COBIT)

B. Sarbanes-Oxley Act (SOX)
C. Health Insurance Portability and Accountability Act (HIPAA)
D. Payment Card Industry Data Security Standards (PCI DSS)

Show Answer

Answer: D

Q563 - Identify the correct terminology that defines the below statement.

A. Vulnerability Scanning
B. Penetration Testing
C. Security Policy Implementation
D. Designing Network Security

Show Answer

Answer: B

Q564 - An attacker tries to do banner grabbing on a remote web server and executes the following command.

What did the hacker accomplish?

A. nmap can't retrieve the version number of any running remote service.
B. The hacker successfully completed the banner grabbing.
C. The hacker should've used nmap -O host.domain.com.
D. The hacker failed to do banner grabbing as he didn't get the version of the Apache web server.

Show Answer

Answer: B

Q565 - What is the main difference between a "Normal" SQL Injection and a "Blind" SQL Injection vulnerability?

A. The request to the web server is not visible to the administrator of the vulnerable application.
B. The attack is called "Blind" because, although the application properly filters user input, it is still vulnerable to code
injection.
C. The successful attack does not show an error message to the administrator of the affected application.
D. The vulnerable application does not display errors with information about the injection results to the attacker.

Show Answer

Answer: D

Q566 - Fingerprinting an Operating System helps a cracker because:

A. It defines exactly what software you have installed

B. It opens a security-delayed window based on the port being scanned
C. It doesn't depend on the patches that have been applied to fix existing security holes
D. It informs the cracker of which vulnerabilities he may be able to exploit on your system

Show Answer 
https://www.yeahhub.com/cehv11-mcq/set19-ceh-mcq.php 17/19
13.07.2021 г. Set 19 (Q541 to Q570) - CEH v11 - Multiple Choice Questions - Powered by Yeahhub.com

Answer: D

Q567 - You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?

A. TCP
B. UPD
C. ICMP
D. UPX

Show Answer

Answer: A

Q568 - First thing you do every office day is to check your email inbox. One morning, you received an email from your
best friend and the subject line is quite strange. What should you do?

A. Delete the email and pretend nothing happened.

B. Forward the message to your supervisor and ask for her opinion on how to handle the situation.
C. Forward the message to your company's security response team and permanently delete the messagefrom your computer.
D. Reply to the sender and ask them for more information about the message contents.

Show Answer

Answer: C

Q569 - During a blackbox pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled
host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting
outbound traffic?

A. Application
B. Circuit
C. Stateful
D. Packet Filtering

Show Answer

Answer: A

Q570 - Neil notices that a single address is generating traffic from its port 500 to port 500 of several other machines on
the network. This scan is eating up most of the network bandwidth and Neil is concerned. As a security professional,
what would you infer from this scan?

A. It is a network fault and the originating machine is in a network loop

B. It is a worm that is malfunctioning or hardcoded to scan on port 500
C. The attacker is trying to detect machines on the network which have SSL enabled
D. The attacker is trying to determine the type of VPN implementation and checking for IPSec

Show Answer

Answer: D


https://www.yeahhub.com/cehv11-mcq/set19-ceh-mcq.php 18/19
13.07.2021 г. Set 19 (Q541 to Q570) - CEH v11 - Multiple Choice Questions - Powered by Yeahhub.com





© Copyright Yeahhub.com. All Rights Reserved

Designed by Team YH


https://www.yeahhub.com/cehv11-mcq/set19-ceh-mcq.php 19/19