CEH v11 Changed 312-50v11 Questions

Certified Ethical Hacker Exam (CEH v11) Questions and Answers

Question 61

When discussing passwords, what is considered a brute force attack?

Options:

You attempt every single possibility until you exhaust all possible combinations or discover the password

You threaten to use the rubber hose on someone unless they reveal their password

You load a dictionary of words into your cracking program

You create hashes of a large number of words and compare it with the encrypted passwords

You wait until the password expires

Question 62

Abel, a security professional, conducts penetration testing in his client organization to check for any security loopholes. He launched an attack on the DHCP servers by broadcasting forged DHCP requests and leased all the DHCP addresses available in the DHCP scope until the server could not issue any more IP addresses. This led to a Dos attack, and as a result, legitimate employees were unable to access the clients network. Which of the following attacks did Abel perform in the above scenario?

Options:

VLAN hopping

DHCP starvation

Rogue DHCP server attack

STP attack

Answer:

Explanation:

A DHCP starvation assault is a pernicious computerized assault that objectives DHCP workers. During a DHCP assault, an unfriendly entertainer floods a DHCP worker with false DISCOVER bundles until the DHCP worker debilitates its stock of IP addresses. When that occurs, the aggressor can deny genuine organization clients administration, or even stock an other DHCP association that prompts a Man-in-the-Middle (MITM) assault.

In a DHCP Starvation assault, a threatening entertainer sends a huge load of false DISCOVER parcels until the DHCP worker thinks they’ve used their accessible pool. Customers searching for IP tends to find that there are no IP addresses for them, and they’re refused assistance. Furthermore, they may search for an alternate DHCP worker, one which the unfriendly entertainer may give. What’s more, utilizing a threatening or sham IP address, that unfriendly entertainer would now be able to peruse all the traffic that customer sends and gets.

In an unfriendly climate, where we have a malevolent machine running some sort of an instrument like Yersinia, there could be a machine that sends DHCP DISCOVER bundles. This malevolent customer doesn’t send a modest bunch – it sends a great many vindictive DISCOVER bundles utilizing sham, made-up MAC addresses as the source MAC address for each solicitation.

In the event that the DHCP worker reacts to every one of these false DHCP DISCOVER parcels, the whole IP address pool could be exhausted, and that DHCP worker could trust it has no more IP delivers to bring to the table to legitimate DHCP demands.

When a DHCP worker has no more IP delivers to bring to the table, ordinarily the following thing to happen would be for the aggressor to get their own DHCP worker. This maverick DHCP worker at that point starts giving out IP addresses.

The advantage of that to the assailant is that if a false DHCP worker is distributing IP addresses, including default DNS and door data, customers who utilize those IP delivers and begin to utilize that default passage would now be able to be directed through the aggressor’s machine. That is all that an unfriendly entertainer requires to play out a man-in-the-center (MITM) assault.

Question 63

What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it’s made on the provider’s environment?

Options:

Behavioral based

Heuristics based

Honeypot based

Cloud based

Question 64

Kevin, an encryption specialist, implemented a technique that enhances the security of keys used for encryption and authentication. Using this technique, Kevin input an initial key to an algorithm that generated an enhanced key that is resistant to brute-force attacks. What is the technique employed by Kevin to improve the security of encryption keys?

Options:

Key derivation function

Key reinstallation

A Public key infrastructure

Key stretching

Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Certified Ethical Hacker Exam (CEH v11) Questions and Answers

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

CompTIA

Fortinet

Microsoft

Salesforce