CEH V11 300-400

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim ג€™s profile to a text file and then submit the data to the attacker ג€™s

database.

What is this type of attack (that can use either HTTP GET or HTTP POST) called?

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test

parameter and headers manually to get more precise results than if using web vulnerability scanners.

What proxy tool will help you find web vulnerabilities?

Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient ג€™s consent, similar to email spamming?

You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: ג€The attacker must scan every

port on the server several times using a set of spoofed source IP addresses. ג€ Suppose that you are using

Nmap to perform this scan.

What flag will you use to satisfy this requirement?

Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP fingerprinting method to validate the response to a normal computer and the

response of a honeypot to a manual SYN request.

Which of the following techniques is employed by Dayn to detect honeypots?

While performing an Nmap scan against a host, Paola determines the existence of a firewall.

In an attempt to determine whether the firewall is stateful or stateless, which of the following options would be best to use?

Jacob works as a system administrator in an organization. He wants to extract the source code of a mobile application and disassemble the application to analyze its design flaws. Using this technique, he wants to fix

any bugs in the application, discover underlying vulnerabilities, and improve defense strategies against attacks.

What is the technique used by Jacob in the above scenario to improve the security of the mobile application?

Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device, Mason further used Emotet to spread the infection across local

networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives.

What is the tool employed by Mason in the above scenario?