CEH v13 Domain 2.3 Practice Test 001

Question 1

A penetration tester is assessing a Windows-based enterprise network and wants to extract a list of user accounts, shared resources, and group memberships from a target system without valid credentials. The tester attempts to establish a null session to the target using the IPC$ share. Which protocol is being leveraged to perform this enumeration technique?

A. SNMP B. LDAP C. NetBIOS/SMB D. NTP

Question 2

Clark, a professional hacker, has gained access to a network and is attempting to enumerate SNMP-enabled devices. He uses a tool to send SNMP requests with the community string "public" and successfully retrieves routing tables, ARP caches, and interface information from multiple routers. Which tool did Clark most likely use to perform this enumeration?

A. enum4linux B. Nmap with –sV flag C. SNMPwalk D. Netcat

Question 3

Select all that apply

During a network security audit, an analyst discovers that an attacker has been sending SMTP commands to a mail server to harvest valid email addresses from the organization. The attacker used commands that prompted the server to reveal whether specific addresses exist. Which two SMTP commands are most commonly abused for this type of user enumeration? (Choose two.)

A. EHLO B. VRFY C. STARTTLS D. EXPN E. DATA

Question 4

Jane is conducting a black-box penetration test against a target organization's domain infrastructure. She runs the following command and receives a zone transfer response containing all DNS records for the target domain: dig axfr @ns1.targetcorp.com targetcorp.com. What type of enumeration has Jane performed, and what is the primary security risk of this misconfiguration?

A. DNS cache poisoning; it allows Jane to redirect users to malicious sites B. DNS zone transfer enumeration; it exposes the complete internal DNS record set to unauthorized parties C. Reverse DNS lookup enumeration; it maps IP addresses to hostnames for further reconnaissance D. DNS brute-forcing; it systematically guesses subdomains using a wordlist

Question 5

Elijah, a penetration tester, is enumerating an Active Directory environment. He uses the following command to extract information from the target: ldapsearch -x -h 192.168.1.10 -b "dc=corp,dc=local" "(objectClass=user)". What type of enumeration is Elijah performing, and what information is he most likely attempting to retrieve?

A. NetBIOS enumeration to retrieve machine names and workgroup information B. LDAP enumeration to extract user account details from Active Directory C. SNMP enumeration to retrieve the system's user table via the MIB D. RPC enumeration to query the endpoint mapper for registered services

Question 6

A security team detects unusual NTP traffic originating from an internal host directed at the organization's NTP servers. Upon investigation, they determine the host is sending monlist requests to the NTP server. Beyond DDoS amplification, what reconnaissance information can an attacker extract using the NTP monlist command?

A. A list of all DNS records associated with the NTP server's domain B. The last 600 hosts that have synchronized time with the NTP server C. Active user sessions on the NTP server's operating system D. SNMP community strings configured on the NTP server

Question 7

Kevin is performing enumeration on a target Linux server and runs the following command: rpcclient -U "" -N 192.168.10.5. After connecting, he issues the enumdomusers command. What is Kevin enumerating, and what prerequisite condition must be true for this technique to succeed?

A. Kevin is enumerating NFS shares; the NFS service must be running and exports must be world-readable B. Kevin is enumerating SMB/Samba users via a null session; the server must allow anonymous IPC$ connections C. Kevin is enumerating LDAP users; anonymous LDAP bind must be enabled on the server D. Kevin is enumerating RPC services; the portmapper must be running and accessible on port 111

Question 8

Select all that apply

During an engagement, a pen tester uses the enum4linux tool against a target Windows host and retrieves password policy information, share listings, and a full user list. Which two underlying protocols does enum4linux primarily leverage to perform this enumeration? (Choose two.)

A. SNMP over UDP 161 B. SMB over TCP 445 C. NetBIOS over TCP 139 D. LDAP over TCP 389 E. NTP over UDP 123

Question 9

An ethical hacker is performing an SNMP enumeration assessment against a target network. She discovers that a Cisco router is running SNMPv1 with the default community string "public." She wants to enumerate the full routing table from this device. Which of the following represents the correct OID (Object Identifier) branch she should walk to retrieve IP routing table information from the MIB?

A. 1.3.6.1.2.1.1 (System MIB) B. 1.3.6.1.2.1.4.21 (IP Route Table) C. 1.3.6.1.2.1.2.2 (Interface Table) D. 1.3.6.1.2.1.25.1 (Host Resources MIB)

Question 10

A penetration tester is assessing an organization's IPv6-enabled network segment. She wants to enumerate active hosts on the local link without sending traditional ICMP echo requests. She crafts a packet to the IPv6 all-nodes multicast address and observes responses. Which enumeration technique is she using, and what is the relevant IPv6 multicast address for all nodes on the local link?

A. IPv6 router solicitation enumeration; FF02::2 B. IPv6 all-nodes multicast enumeration; FF02::1 C. IPv6 Neighbor Discovery enumeration; FF02::1:FF00:0/104 D. IPv6 SLAAC enumeration; FF05::1

ByThe Test Master

Related Post

CEH v13 Domain 3.3 Practice Test 002

CEH v13 Domain 3.2 Practice Test 002

CEH v13 Domain 3.1 Practice Test 002

Leave a Reply Cancel reply

You missed

CEH v13 Domain 3.3 Practice Test 002

CEH v13 Domain 3.2 Practice Test 002

CEH v13 Domain 3.1 Practice Test 002

CEH v13 Domain 2.3 Practice Test 002