Certified Ethical Hacker Vulnerability Assessment and Exploitation 2

Question 1

Which exploitation phase in CEH involves maintaining access to a compromised system for future use?

Accepted Answer

Maintaining Access

Answer

Reconnaissance

Answer

Scanning

Answer

Gaining Access

Question 2

What is a 'zero-day vulnerability'?

Accepted Answer

A previously unknown vulnerability with no available patch

Answer

A vulnerability that has existed for zero days

Answer

A vulnerability with a CVSS score of zero

Answer

A vulnerability that only affects systems on day zero of deployment

Question 3

Which Metasploit payload type creates a connection from the target back to the attacker's machine?

Accepted Answer

Reverse Shell

Answer

Bind Shell

Answer

Staged Payload

Answer

Inline Payload

Question 4

What is the purpose of 'fuzzing' in vulnerability research?

Accepted Answer

Sending malformed or random data to an application to discover crashes and bugs

Answer

Obfuscating malware to evade antivirus

Answer

Encrypting exploit payloads for delivery

Answer

Scanning for open ports with varying timing

Question 5

Which type of exploit takes advantage of a buffer overflow to overwrite the return address and redirect execution flow?

Accepted Answer

Stack-Based Buffer Overflow

Answer

Heap Spray

Answer

Integer Overflow

Answer

Format String Attack

Question 6

What does 'post-exploitation' refer to in a penetration testing engagement?

Accepted Answer

Actions taken after gaining initial access, such as privilege escalation and lateral movement

Answer

Writing the final penetration test report

Answer

Cleaning up tools and logs after the test

Answer

The initial vulnerability scanning phase