Full Study Set: CEH Certified Ethical Hacking
Port scan
nmap is required to perform what type of scan?
Find open ports Find weaknesses
A vulnerability scan is a good way to do what?
Complete knowledge
A white-box test means the tester has which of the following?
TCP
An SYN attack uses which protocol?
IDS
An administrator has just been notified of irregular network activity; what appliance functions in this manner?
Public key
Asymmetric encryption is also referred to as which of the following?
During transmission
At what point can SSL be used to protect data?
Application
At which layer of the OSI model does a proxy operate?
Distribution and number of personnel
Footprinting can determine all of the following except __________?
Active and passive
Footprinting has two phases. What are they?
With no knowledge
How is black-box testing performed?
Layer 1
Hubs operate at what layer of the OSI model?
AH/ESP
IPsec uses which two modes?
Layer 2
If a device is using node MAC addresses to funnel traffic, what layer of the OSI model is this device working in?
Competitive analysis
If you can't gain enough information directly from a target, what is another option?
Application firewall
Choosing a protective network appliance, you want a device that will inspect packets at the most granular level possible while providing improved traffic efficiency. What appliance would satisfy these requirements?
Legal reasons Regulatory reasons To perform an audit
Companies may require a penetration test for which of the following reasons?
RST
During a Xmas tree scan what indicates a port is closed?
RST
During an FIN scan, what indicates that a port is closed?
White hat
If you have been contracted to perform an attack against a target system, you are what type of hacker?
Level 3
In IPsec, encryption and other processes happen at which layer of the OSI model?
Authentication services
In IPsec, what does Authentication Header (AH) provide?
Data security
In IPsec, what does Encapsulating Security Payload (ESP) provide?
Securing transmitted data
SSL is a mechanism for which of the following?
Alerts
What can be configured in most search engines to monitor and alert you of changes to content?
Proxy
What device acts as an intermediary between an internal client and a web resource?
Target of evaluation
What does TOE stand for?
Integrity
What does hashing preserve in relation to data?
Check financial filings
What is EDGAR used to do?
To hide the process of scanning
What is Tor used for?
A description of expected behavior
What is a code of ethics?
A ping sweep
What is an ICMP echo scan?
ACK
What is missing from a half-open scan?
SYN, SYN-ACK, ACK
What is the proper sequence of the TCP three-way-handshake?
To keep a scan hidden
What is the purpose of a proxy?
Gain information from a human being through face-to-face or electronic means
What is the purpose of social engineering?
To gain information from human beings
What is the role of social engineering?
SYN, SYN-ACK, ACK
What is the sequence of the three-way handshake?
The opening sequence of a TCP connection
What is the three-way handshake?
Collision domain
What kind of domain resides on a single switchport?
Low
What level of knowledge about hacking does a script kiddie have?
IPS
What network appliance senses irregularities and plays an active role in stopping that irregular activity from continuing?
Scanning
What phase comes after footprinting?
49152 to 65535
What port range is an obscure third-party application most likely to use?
A lack of fear of being caught
What separates a suicide hacker from other attackers?
Get permission
What should a pentester do prior to initiating a new penetration test?
All nodes attached to the same port
When scanning a network via a hardline connection to a wired-switch NIC in promiscuous mode, what would be the extent of network traffic you would expect to see?
Windows
Which OS holds 90 percent of the desktop market and is one of our largest attack surfaces?
A way to automate the discovery of vulnerabilities
Which best describes a vulnerability scan?
Packet
Which category of firewall filters is based on packet header data only?
Ring
Which network topology uses a token-based access methodology?
A way of encrypting data in a reversible method
Which of the following best describes PGP?
A weakness
Which of the following best describes a vulnerability?
Investigation of a target
Which of the following best describes footprinting?
Nonreversible
Which of the following best describes hashing?
Hacks for political reasons
Which of the following best describes what a hacktivist does?
Hacks without stealth
Which of the following best describes what a suicide hacker does?
Job boards
Which of the following can an attacker use to determine the technology and structure within an organization?
Street views
Which of the following can be used to assess physical security?
Operators
Which of the following can be used to tweak or fine-tune search results?
Social engineering
Which of the following can help you determine business processes of your target through human interaction?
Suicide hacker
Which of the following describes a hacker who attacks without regard for being caught or punished?
Hacktivist
Which of the following describes an attacker who goes after a target to draw attention to a cause?
PKI
Which of the following does IPsec use?
Permission
Which of the following does an ethical hacker require to start evaluating a system?
MD5
Which of the following is a common hashing protocol?
END
Which of the following is not a flag on a packet?
Port scanning
Which of the following is not typically used during footprinting?
Telnet
Which of the following is used for banner grabbing?
Netcraft
Which of the following is used for identifying a web server OS?
nmap
Which of the following is used to perform customized network scans?
Certificate authority
Which of the following manages digital certificates?
NULL
Which of the following types of attack has no flags set?
Social networking
Which of the following would be a very effective source of information as it relates to social engineering?
White hat
Which of the following would most likely engage in the pursuit of vulnerability research?
TCP
Which of these protocols is a connection-oriented protocol?
443
Which port uses SSL to secure web traffic?
MX
Which record will reveal information about a mail server for a domain?
PKI
Which system does SSL use to function?
NAT
Which technology allows the use of a single public address to support many internal clients while also preventing exposure of internal IP addresses to the outside world?
Netcraft
Which tool can be used to view web server information?
Tracert
Which tool can trace the path of a packet?
Mesh
Which topology has built-in redundancy because of its many client connections?
Gray hat
Which type of hacker may use their skills for both benign and malicious goals at different times?
Netscape
Who first developed SSL?
To fine-tune search results
Why use Google hacking?
To enhance anonymity
Why would you need to use a proxy to perform scanning?
Identify a service
A banner can do what?
Gives proof
A contract is important because it does what?
A half-open does not include the final ACK.
A full-open scan means that the three-way handshake has been completed. What is the difference between this and a half-open scan?
Hashing
A message digest is a product of which kind of algorithm?
Two keys
A public and private key system differs from symmetric because it uses which of the following?
PKI system
A public key is stored on the local computer by its owner in a __________.
Telnet
A scan of a network client shows that port 23 is open; what protocol is this aligned with?
Shared key cryptography
Symmetric cryptography is also known as __________.
Number of keys
Symmetric key systems have key distribution problems due to __________.
View archived versions of websites
The Wayback Machine is used to do which of the following?
Hacktivists
The group Anonymous is an example of what?
Passively uncovering vulnerabilities
Vulnerability research deals with which of the following?
SMTP
You have selected the option in your IDS to notify you via email if it senses any network irregularities. Checking the logs, you notice a few incidents but you didn't receive any alerts. What protocol needs to be configured on the IDS?