Certified Ethical Hacker Vulnerability Assessment and Exploitation 3

Question 1

Which automated exploitation framework is most commonly referenced in CEH for developing and testing exploits?

Accepted Answer

Metasploit Framework

Answer

Burp Suite Pro

Answer

Nessus

Answer

OWASP ZAP

Question 2

What is 'privilege escalation' in the context of exploitation?

Accepted Answer

Increasing the attacker's level of access beyond the initial compromise

Answer

Gaining access to the target for the first time

Answer

Escalating a vulnerability report to the vendor

Answer

Elevating CVSS score of a discovered vulnerability

Question 3

Which technique is used to exploit a vulnerability in a client application by luring a victim to visit a malicious webpage?

Accepted Answer

Client-Side Exploitation

Answer

Server-Side Exploitation

Answer

Remote Code Execution

Answer

SQL Injection

Question 4

What is the CEH term for a vulnerability database that lists publicly known security flaws with a standardized identifier?

Accepted Answer

CVE (Common Vulnerabilities and Exposures)

Answer

OWASP Top 10

Answer

CVSS

Answer

NVD Score

Question 5

What is a 'false positive' in the context of vulnerability scanning?

Accepted Answer

A vulnerability reported by the scanner that does not actually exist

Answer

A vulnerability that is exploitable but rated as low severity

Answer

A patch that fails to fix the reported vulnerability

Answer

An attack that bypasses the vulnerability scanner undetected

Question 6

Which exploitation countermeasure randomizes the memory layout of a process to prevent attackers from predicting where to redirect code execution?

Accepted Answer

ASLR (Address Space Layout Randomization)

Answer

DEP (Data Execution Prevention)

Answer

Stack Canaries

Answer

Control Flow Integrity