files

domains

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary in the above scenario.

Leave a Comment / CEHv11 / By

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary in the above scenario. Option 1 : Use of DNS tunneling Option 2 : Unspecified proxy activities Option 3 : Use of command-line interface Option 4 : Data staging 1. Use of DNS tunneling DNS tunneling enables these cyber criminals to insert malware or …

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary in the above scenario. Read More »

SQL injection

Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as ‘” or ‘1’=’1″ in any basic injection statement such “or 1=1.” Identify the evasion technique used by Daniel in the above scenario.

Leave a Comment / CEHv11 / By

Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as ‘” or ‘1’=’1″ in any basic injection statement such “or 1=1.” Identify the evasion technique used by Daniel in the above scenario. Option 1 : Variation Option 2 : …

Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as ‘” or ‘1’=’1″ in any basic injection statement such “or 1=1.” Identify the evasion technique used by Daniel in the above scenario. Read More »

website

Taylor, a security professional, uses a tool to monitor her company’s website, analyze the website’s traffic, and track the geographical location of the users visiting the company’s website. Which of the following tools did Taylor employ in the above scenario?

Leave a Comment / CEHv11 / By

Taylor, a security professional, uses a tool to monitor her company’s website,  analyze the website’s traffic, and track the geographical location of the users visiting the company’s website. Which of the following tools did Taylor employ in the above scenario? Option 1 : WAFW00F Option 2 : Webroot Option 3 : Web-Stat Option 4 :  Website-Watcher 1. WAFW00F WAFW00F identifies and fingerprints web Application Firewall (WAF) products. how will it work? To do its magic, …

Taylor, a security professional, uses a tool to monitor her company’s website, analyze the website’s traffic, and track the geographical location of the users visiting the company’s website. Which of the following tools did Taylor employ in the above scenario? Read More »

IDS

Kevin, a professional hacker, wants to penetrate CyberTech Inc.’s network. He employed a technique, using which he encoded packets with Unicode characters. The company’s IDS cannot recognize the packet, but the target web server can decode them. What is the technique used by Kevin to evade the IDS system?

Leave a Comment / CEHv11 / By

Kevin, a professional hacker, wants to penetrate CyberTech Inc.’s network. He employed a technique, using which he encoded packets with Unicode characters. The company’s IDS cannot recognize the packet, but the target web server can decode them. What is the technique used by Kevin to evade the IDS system? Option 1 : Desynchronization Option 2 : Obfuscating Option 3 : Session splicing Option 4 : Urgency flag 1. Desynchronization The number of security breaches is …

Kevin, a professional hacker, wants to penetrate CyberTech Inc.’s network. He employed a technique, using which he encoded packets with Unicode characters. The company’s IDS cannot recognize the packet, but the target web server can decode them. What is the technique used by Kevin to evade the IDS system? Read More »

user

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the password?

Leave a Comment / CEHv11 / By

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the password? Option 1 : .bashrc Option 2 : .bash_history Option 3 : .profile Option 4 : .XSession-log 1. .bashrc The .bashrc file may be a script file that’s executed …

By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the password? Read More »

DNS protocol

John, a professional hacker, decided to use DNS to perform data exfilteration on a target network. In this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique, John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall?

Leave a Comment / CEHv11 / By

John, a professional hacker, decided to use DNS to perform data exfilteration on a target network. In this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique, John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall? Option 1 : DNS tunneling method Option 2 : DNS …

John, a professional hacker, decided to use DNS to perform data exfilteration on a target network. In this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique, John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall? Read More »

Android

What is the file that determines the basis configuration (specifically activities, services, broadcast receivers, etc.) in an Android application?

Leave a Comment / CEHv11 / By

What is the file that determines the basis configuration (specifically activities, services, broadcast receivers, etc.) in an Android application? Option 1 : APK.info Option 2 : classes.dex Option 3 : AndroidManifest.xml Option 4 : resources.asrc 1. APK.info Android Package (APK) is that the package file format employed by the Androids OS , and variety of other Android-based operating systems for distribution and installation of mobile apps, mobile games and middleware. APK is analogous to other …

What is the file that determines the basis configuration (specifically activities, services, broadcast receivers, etc.) in an Android application? Read More »

commands

Which of the following commands checks for valid users on an SMTP server?

Leave a Comment / CEHv11 / By

Which of the following commands checks for valid users on an SMTP server? Option 1 : RCPT Option 2 : CHK Option 3 : VRFY Option 4 : EXPN 1. RCPT The RCPT Commands you tell the mail server who the recipient of your message is by using the RCPT command. you’ll send quite one RCPT command for multiple recipients. The server will respond with a code of 250 to every command. The syntax for …

Which of the following commands checks for valid users on an SMTP server? Read More »

virus

Which type of virus can change its own code and then cipher itself multiple times as it replicates?

Leave a Comment / CEHv11 / By

Which type of virus can change its own code and then cipher itself multiple times as it replicates? Option 1 : Cavity virus Option 2 : Tunneling virus Option 3 : Stealth virus Option 4 : Encryption virus 1 . Cavity virus A Spacefiller (Cavity) virus tries to attack devices by filling the empty spaces present in various files. That’s why this rare sort of bug is additionally addressed as a Cavity Virus. Its working …

Which type of virus can change its own code and then cipher itself multiple times as it replicates? Read More »