13.07.2021 г. Set 8 (Q211 to Q240) - CEH v11 - Multiple Choice Questions - Powered by Yeahhub.

com

Q211 - Advanced encryption standard is an algorithm used for which of the following?

A. Data integrity
B. Key discovery
C. Bulk data encryption
D. Key recovery

Show Answer

Answer: C

Q212 - Which of the following tools can be used to perform a zone transfer?

A. NSLookup
B. Finger
C. Dig
D. Sam Spade

E H t
https://www.yeahhub.com/cehv11-mcq/set8-ceh-mcq.php 12/20
13.07.2021 г. Set 8 (Q211 to Q240) - CEH v11 - Multiple Choice Questions - Powered by Yeahhub.com
E. Host
F. Netcat
G. Neotrace

Show Answer

Answer: A, C, D and E

Q213 - By using a smart card and pin, you are using a two-factor authentication that satisfies

A. Something you know and something you are

B. Something you have and something you know
C. Something you have and something you are
D. Something you are and something you remember

Show Answer

Answer: B

Q214 - Your business has decided to add credit card numbers to the data it backs up to tape. Which of the following
represents the best practice your business should observe?

A. Hire a security consultant to provide direction.

B. Do not back up cither the credit card numbers or then hashes.
C. Back up the hashes of the credit card numbers not the actual credit card numbers.
D. Encrypt backup tapes that are sent off-site.

Show Answer

Answer: A

Q215 - You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find
interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's
bank account password and login information for the administrator's bitcoin account. What should you do?

A. Report immediately to the administrator

B. Do not report it and continue the penetration test.
C. Transfer money from the administrator's account to another account.
D. Do not transfer the money but steal the bitcoins.

Show Answer

Answer: A

Q216 - A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You
suspect some employees are still performing file transfers using unencrypted protocols because the employees do not
like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data
ingest department. Using Wire shark to examine the captured traffic, which command can be used as a display filter to
find unencrypted file transfers?

A. tcp.port != 21
B. tcp.port = 23

C. tcp.port ==21
D. tcp.port ==21 || tcp.port ==22

Show Answer

Answer: D


Q217 - Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site.
https://www.yeahhub.com/cehv11-mcq/set8-ceh-mcq.php 13/20
13.07.2021 г. Set 8 (Q211 to Q240) - CEH v11 - Multiple Choice Questions - Powered by Yeahhub.com

Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning. What should Bob
recommend to deal with such a threat?

A. The use of security agents in clients' computers

B. The use of DNSSEC
C. The use of double-factor authentication
D. Client awareness

Show Answer

Answer: B

Q218 - During a security audit of IT processes, an IS auditor found that there were no documented security procedures.
What should the IS auditor do?

A. Identify and evaluate existing practices

B. Create a procedures document
C. Conduct compliance testing
D. Terminate the audit

Show Answer

Answer: A

Q219 - A company's Web development team has become aware of a certain type of security vulnerability in their Web
software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software
requirements to disallow users from entering HTML as input into their Web application. What kind of Web application
vulnerability likely exists in their software?

A. Cross-site scripting vulnerability

B. Cross-site Request Forgery vulnerability
C. SQL injection vulnerability
D. Web site defacement vulnerability

Show Answer

Answer: A

Q220 - Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

A. The root CA is the recovery agent used to encrypt data when a user's certificate is lost.
B. The root CA stores the user's hash value for safekeeping.
C. The CA is the trusted root that issues certificates.
D. The root CA is used to encrypt email messages to prevent unintended disclosure of data.

Show Answer

Answer: C

Q221 - Which service in a PKI will vouch for the identity of an individual or company?

A. KDC

B. CA
C. CR
D. CBC

Show Answer

Answer: B

https://www.yeahhub.com/cehv11-mcq/set8-ceh-mcq.php 14/20
13.07.2021 г. Set 8 (Q211 to Q240) - CEH v11 - Multiple Choice Questions - Powered by Yeahhub.com

Q222 - It is a vulnerability in GNU's bash shell, discovered in September of 2014, that gives attackers access to run
remote commands on a vulnerable system. The malicious software can take control of an infected machine, launch
denial-of-service attacks to disrupt websites, and scan for other vulnerable devices (including routers). Which of the
following vulnerabilities is being described?

A. Shellshock
B. Rootshock
C. Rootshell
D. Shellbash

Show Answer

Answer: A

Q223 - What is the term coined for logging, recording and resolving events in a company?

A. Internal Procedure
B. Security Policy
C. Incident Management Process
D. Metrics

Show Answer

Answer: C

Q224 - Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following
choices would be a common vulnerability that usually exposes them?

A. Cross-site scripting
B. SQL injection
C. Missing patches
D. CRLF injection

Show Answer

Answer: C

Q225 - Study the following log extract and identify the attack.


https://www.yeahhub.com/cehv11-mcq/set8-ceh-mcq.php 15/20
13.07.2021 г. Set 8 (Q211 to Q240) - CEH v11 - Multiple Choice Questions - Powered by Yeahhub.com

A. Hexcode Attack
B. Cross Site Scripting
C. Multiple Domain Traversal Attack
D. Unicode Directory Traversal Attack

Show Answer

Answer: D

Q226 - Password cracking programs reverse the hashing process to recover passwords. (True/False.)

A. True
B. False

Show Answer

Answer: B

Q227 - What does a firewall check to prevent particular ports and applications from getting packets into an
organization?

A. Transport layer port numbers and application layer headers

B. Presentation layer headers and the session layer port numbers
C. Network layer headers and the session layer port numbers
D. Application layer port numbers and the transport layer headers

Show Answer

Answer: A

Q228 - While reviewing the result of scanning run against a target network you come across the following:


https://www.yeahhub.com/cehv11-mcq/set8-ceh-mcq.php 16/20
13.07.2021 г. Set 8 (Q211 to Q240) - CEH v11 - Multiple Choice Questions - Powered by Yeahhub.com

Which among the following can be used to get this output?

A. A Bo2k system query.

B. nmap protocol scan
C. A sniffer
D. An SNMP walk

Show Answer

Answer: D

Q229 - _________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept
keystrokes.

A. Trojan
B. RootKit
C. DoS tool
D. Scanner
E. Backdoor

Show Answer

Answer: B

Q230 - Which of the following is a client-server tool utilized to evade firewall inspection?

A. tcp-over-dns
B. kismet
C. nikto
D. hping

Show Answer

Answer: A

Q231 - Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows
products?

A. Microsoft Security Baseline Analyzer

B. Retina
C. Core Impact
D. Microsoft Baseline Security Analyzer

Show Answer

Answer: D

Q232 - Which set of access control solutions implements two-factor authentication?

A. USB token and PIN

B. Fingerprint scanner and retina scanner
C. Password and PIN
D. Account and password

Show Answer 
https://www.yeahhub.com/cehv11-mcq/set8-ceh-mcq.php 17/20
13.07.2021 г. Set 8 (Q211 to Q240) - CEH v11 - Multiple Choice Questions - Powered by Yeahhub.com

Answer: A

Q233 - An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses. In which order
should he perform these steps?

A. The sequence does not matter. Both steps have to be performed against all hosts.
B. First the port scan to identify interesting services and then the ping sweep to find hosts responding to icmp echo requests.
C. First the ping sweep to identify live hosts and then the port scan on the live hosts. This way he saves time.
D. The port scan alone is adequate. This way he saves time.

Show Answer

Answer: C

Q234 - Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?

A. Detective
B. Passive
C. Intuitive
D. Reactive

Show Answer

Answer: B

Q235 - In the field of cryptanalysis, what is meant by a "rubber-hose" attack?

A. Attempting to decrypt cipher text by making logical assumptions about the contents of the original plain text.
B. Extraction of cryptographic secrets through coercion or torture.
C. Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.
D. A backdoor placed into a cryptographic algorithm by its creator.

Show Answer

Answer: B

Q236 - An attacker has been successfully modifying the purchase price of items purchased on the company's web site.
The security administrators verify the web server and Oracle database have not been compromised directly. They have
also verified the Intrusion Detection System (IDS) logs and found no attacks that could have caused this. What is the
mostly likely way the attacker has been able to modify the purchase price?

A. By using SQL injection

B. By changing hidden form values
C. By using cross site scripting
D. By utilizing a buffer overflow attack

Show Answer

Answer: B

Q237 - Which of the following is an extremely common IDS evasion technique in the web world?

A. unicode characters
B. spyware
C. port knocking
D. subnetting

Show Answer

Answer: A

https://www.yeahhub.com/cehv11-mcq/set8-ceh-mcq.php 18/20
13.07.2021 г. Set 8 (Q211 to Q240) - CEH v11 - Multiple Choice Questions - Powered by Yeahhub.com

Q238 - The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the
central processing unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of
the following is being described?

A. promiscuous mode
B. port forwarding
C. multi-cast mode
D. WEM

Show Answer

Answer: A

Q239 - Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures
the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to
workstations. Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case
of TPNQM SA. In this context, what can you say?

A. A. Bob can be right since DMZ does not make sense when combined with stateless firewalls
B. Bob is partially right. He does not need to separate networks if he can create rules by destination IPs, one by one
C. Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations
D. Bob is partially right. DMZ does not make sense when a stateless firewall is available

Show Answer

Answer: C

Q240 - Which address translation scheme would allow a single public IP address to always correspond to a single
machine on an internal network, allowing "server publishing"?

A. Overloading Port Address Translation

B. Dynamic Port Address Translation
C. Dynamic Network Address Translation
D. Static Network Address Translation

Show Answer

Answer: D


https://www.yeahhub.com/cehv11-mcq/set8-ceh-mcq.php 19/20