Certified Ethical Hacker Exam (CEH v10) (312-50v10) Free Practice Test

Question 1

When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following?

A. Drops the packet and moves on to the next one

B. Stops checking rules, sends an alert, and lets the packet continue

C. Blocks the connection with the source IP address in the packet

D. Continues to evaluate the packet until all rules are checked

Correct Answer: D

Question 2

Which of the following is an example of IP spoofing?

A. ARP poisoning

B. SQL injections

C. Cross-site scripting

D. Man-in-the-middle

Correct Answer: D

Question 3

A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.
Based on this information, what should be one of your key recommendations to the bank?

A. Require all employees to change their passwords immediately

B. Move the financial data to another server on the same IP subnet

C. Place a front-end web server in a demilitarized zone that only handles external web traffic

D. Issue new certificates to the web servers from the root certificate authority

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends "many" IP packets, based on the average number of packets sent by all origins and using some thresholds.
In concept, the solution developed by Bob is actually:

A. A behavior-based IDS

B. A hybrid IDS

C. Just a network monitoring tool

D. A signature-based IDS

Correct Answer: C

Question 5

Which of the following is not a Bluetooth attack?

A. Bluesnarfing

B. Bluejacking

C. Bluedriving

D. Bluesmacking

Correct Answer: C

Question 6

Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?

A. UDP 123

B. UDP 514

C. UDP 541

D. UDP 415

Correct Answer: B

Question 7

Which of the following descriptions is true about a static NAT?

A. A static NAT uses a one-to-one mapping.

B. A static NAT uses a one-to-many mapping.

C. A static NAT uses a many-to-one mapping.

D. A static NAT uses a many-to-many mapping.

Correct Answer: A

Question 8

A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming into the network over ports 20 and 21.
During analysis, there were no signs of attack on the FTP servers. How should the administrator classify this situation?

A. False positives

B. True positives

C. False negatives

D. True negatives

Correct Answer: A

Question 9

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to
"www.MyPersonalBank.com", that the user is directed to a phishing site.
Which file does the attacker need to modify?

A. Boot.ini

B. Networks

C. Sudoers

D. Hosts

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 10

Which of the following describes the characteristics of a Boot Sector Virus?

A. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

B. Overwrites the original MBR and only executes the new virus code

C. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

D. Modifies directory table entries so that directory entries point to the virus code instead of the actual program

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 11

To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.
What term is commonly used when referring to this type of testing?

A. Fuzzing

B. Bounding

C. Randomizing

D. Mutating

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 12

Which of the following cryptography attack is an understatement for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by a coercion or torture?

A. Ciphertext-only Attack

B. Timing Attack

C. Chosen-Cipher text Attack

D. Rubber Hose Attack

Correct Answer: D

Question 13

Which among the following is a Windows command that a hacker can use to list all the shares to which the current user context has access?

A. NET CONFIG

B. NET USE

C. NET FILE

D. NET VIEW

Correct Answer: B

Welcome to TestSimulate

EC-COUNCIL Certified Ethical Hacker Exam (CEH v10) (312-50v10) Free Practice Test