CEH Preperation test

Which of the following is an NMAP script that could help detect HTTP Methods such as GET, POST, HEAD, PUT, DELETE, TRACE?


When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it. What should you do?


What did the following commands determine?


A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of which of the following?


From the following table, identify the wrong answer in terms of Range (ft).


If the final set of security controls does not eliminate all risk in a system, what could be done next?


One advantage of an application-level firewall is the ability to


What is the main advantage that a network-based IDS/IPS system has over a host-based solution?


What is the main reason the use of a stored biometric is vulnerable to an attack? biometric.


Attempting an injection attack on a web server based on responses to True/False questions is called which of the following?


Which type of access control is used on a router or firewall to limit network activity?


Which method of password cracking takes the most time and effort?


Name two software tools used for OS guessing? (Choose two.)


This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes unsanitized user-provided data. What is this attack?


What is a NULL scan?


Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?


A zone file consists of which of the following Resource Records (RRs)?


You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?


A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content. Which sort of trojan infects this server?


A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company’s internal network. Which of the following can be implemented to minimize the opportunity for the man-inthe- middle attack to occur?


Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?


How can a policy help improve an employee’s security awareness? benefits of security terminating employees consultative help line managers know employee strengths


Trinity needs to scan all hosts on a /16 network for TCP port 445 only. What is the fastest way she can accomplish this with Nmap? Stealth is not a concern. -Pn


What is the correct process for the TCP three-way handshake connection establishment and connection termination?


You are about to be hired by a well-known Bank to perform penetration tests. Which of the following documents describes the specifics of the testing, the associated violations, and essentially protects both the bank’s interest and your liabilities as a tester?


Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool “SIDExtractor”. Here is the output of the SIDs: From the above list identify the user account with System Administrator privileges. G. Micah


Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?


How does a denial-of-service attack work?


A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?


When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?


Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a builtin- bounds checking mechanism? Output: Segmentation fault


Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products?


Which of the following is an application that requires a host application for replication?


A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?


A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work so the consultant prints out several audits that have been performed. Which of the following is likely to occur as a result?


env x=`(){ :;};echo exploit` bash -c ‘cat /etc/passwd’ What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?


Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries.) More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and that are related to various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce. Basic example to understand how cryptography works is given below: Which of the following choices is true about cryptography? keys for both encryption of plaintext and decryption of ciphertext. shared session key and to achieve a communication way. encrypt.


Which of the following cryptography attack is an understatement for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by a coercion or torture?


Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?


Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?


Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends “many” IP packets, based on the average number of packets sent by all origins and using some thresholds. In concept, the solution developed by Bob is actually:


You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select?


While reviewing the result of scanning run against a target network you come across the following: Which among the following can be used to get this output?


You have successfully gained access to a linux server and would like to ensure that the succeeding outgoing traffic from this server will not be caught by a Network Based Intrusion Detection Systems (NIDS). What is the best way to evade the NIDS?


If executives are found liable for not properly protecting their company’s assets and information systems, what type of law would apply in this situation?


Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network’s IDS?


It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure. Which of the following regulations best matches the description?


Defining rules, collaborating human workforce, creating a backup plan, and testing the plans are within what phase of the Incident Handling Process?


The following is part of a log file taken from the machine on the network with the IP address .168.1.106: What type of activity has been logged?


What is the process of logging, recording, and resolving events that take place in an organization?


Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network. Which of these tools would do the SNMP enumeration he is looking for? Select the best answers.


Which of the following is a restriction being enforced in “white box testing?”


DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switches leverages the DHCP snooping database to help prevent man-in-the-middle attacks?


You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?


A company has publicly hosted web applications and an internal Intranet protected by a firewall. Which technique will help protect against enumeration?


What is the proper response for a NULL scan if the port is open?


Code injection is a form of attack in which a malicious user:


A server has been infected by a certain type of Trojan. The hacker intended to utilize it to send and host junk mails. What type of Trojan did the hacker use?


Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?


Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity?


WPA2 uses AES for wireless data encryption at which of the following encryption levels?


What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?


A penetration test was done at a company. After the test, a report was written and given to the company’s IT authorities. A section from the report is shown below: According to the section from the report, which of the following choice is true?


How is the public key distributed in an orderly, controlled fashion so that the users can be sure of the sender’s identity?


Destination unreachable administratively prohibited messages can inform the hacker to what?


Which of the following is the best countermeasure to encrypting ransomwares?


Darius is analysing logs from IDS. He want to understand what have triggered one alert and verify if it’s true positive or false positive. Looking at the logs he copy and paste basic details like below: source IP: source port: 80 destination IP: destination port: 63221 What is the most proper answer.


Seth is starting a penetration test from inside the network. He hasn’t been given any information about the network. What type of test is he conducting?


Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide? the Department of Homeland Security decommissions old Internet infrastructure sectors Department, as well as private sectors


Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?


Suppose you’ve gained access to your client’s hybrid network. On which port should you listen to in order to know which Microsoft Windows workstations has its file sharing enabled?


Which of the following is the successor of SSL?


A botnet can be managed through which of the following?


An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections. When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code?


It is an entity or event with the potential to adversely impact a system through unauthorized access, destruction, disclosure, denial of service or modification of data. Which of the following terms best matches the definition?


The use of technologies like IPSec can help guarantee the following: authenticity, integrity, confidentiality and


Which of the following describes the characteristics of a Boot Sector Virus?


A security policy will be more accepted by employees if it is consistent and has the support of


In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims. What is the difference between pharming and phishing attacks? exploiting vulnerabilities in DNS. In a phishing attack an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name. exploiting vulnerabilities in DNS. In a pharming attack an attacker provides the victim with a URL that is either misspelled or looks very similar to the actual websites domain name.


A hacker searches in Google for filetype:pcf to find Cisco VPN config files. Those files may contain connectivity passwords that can be decoded with which of the following?


Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the following attack scenarios will compromise the privacy of her data? resists Andrew’s attempt to access the stored data


Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command. What is Eve trying to do?


Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it begins to close. What just happened?


The company ABC recently discovered that their new product was released by the opposition before their premiere. They contract an investigator who discovered that the maid threw away papers with confidential information about the new product and the opposition found it in the garbage. What is the name of the technique used by the opposition?


An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gains access to the DNS server and redirects the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?


A medium-sized healthcare IT business decides to implement a risk management strategy. Which of the following is NOT one of the five basic responses to risk?


Which of the following business challenges could be solved by using a vulnerability scanner? quit. policies.


What is the outcome of the comm”nc -l -p 2222 | nc 1234″?


Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization?


Within the context of Computer Security, which of the following statements describes Social Engineering best?


Which of the following security policies defines the use of VPN for gaining access to an internal corporate network?


Which of the following is a protocol specifically designed for transporting event messages?


You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs?


Which regulation defines security and privacy controls for Federal information systems and organizations?


Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?


In order to prevent particular ports and applications from getting packets into an organization, what does a firewall check?


A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to sniff all of the packets in the network?


What would you enter, if you wanted to perform a stealth scan using Nmap?


Which of the following tools can be used to perform a zone transfer? G. Neotrace


A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database. In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?


You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters. With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?


Which of the following parameters describe LM Hash (see exhibit): Exhibit: 


A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.


What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation?


What is the purpose of a demilitarized zone on a network?


Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches’ ARP cache is successfully flooded, what will be the result? packets to the nearest switch.


Susan has attached to her company’s network. She has managed to synchronize her boss’s sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory. What kind of attack is Susan carrying on?


What are two things that are possible when scanning UDP ports? (Choose two.)


Which type of security feature stops vehicles from crashing through the doors of a building?


Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access. A camera captures people walking and identifies the individuals using Steve’s approach. After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:


What is the benefit of performing an unannounced Penetration Testing?


In the software security development life cycle process, threat modeling occurs in which phase?


You’ve just discovered a server that is currently active within the same network with the machine you recently compromised. You ping it but it did not respond. What could be the case?


Which of the following is a client-server tool utilized to evade firewall inspection?


A consultant has been hired by the V.P. of a large financial organization to assess the company’s security posture. During the security testing, the consultant comes across child pornography on the V.P.’s computer. What is the consultant’s obligation to the financial organization?


The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%). What is the closest approximate cost of this replacement and recovery operation per year?


While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user?


If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used?


An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?


Which protocol is used for setting up secured channels between two devices, typically in VPNs?


The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control bjectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance.Which of the following requirements would best fit under the objective, “Implement strong access control measures”?


An engineer is learning to write exploits in C++ and is using the exploit tool Backtrack. The engineer wants to compile the newest C++ exploit and name it calc.exe. Which command would the engineer use to accomplish this? hackersExploit.cpp -o calc.exe


What tool should you use when you need to analyze extracted metadata from files you collected when you were in the initial stage of penetration test (information gathering)?


An attacker scans a host with the below command. Which three flags are set? (Choose three.) #nmap sX host.domain.com


Which is the first step followed by Vulnerability Scanners for scanning a network?