CEH Practice Questions 1
24. Which method of cracking passwords takes the most time and effort? (a) Rainbow Tables (b) Hybrid (c) Known-ciphertext only (d) Brute Force
(d) Brute Force
19. Which protocol is used for setting up secured channels between two devices, typically in VPNs ? (a) TCP (b) UDP (c) ICMP (d) IPSEC
(d) IPSEC
37. _________________ performs comprehensive tests against webservers including dangerous files and CGIs (a) snort (b) DSniff (c) John The Ripper (d) Nikto
(d) Nikto
42. Which one of these ports does not transmit information in the clear? (a) 110 (b) 445 (c) 119 (d) 636
(d) Port 636 is LDAP-S
13. Shadow and his team have been going through tons of garbage, recycled paper, and other rubbish in order to find Some information about the target they are attempting to penetrate. How would you call this type of activity? (a) Tailgating (b) Dumpster Diving (c) Piggybacking (d) Phishing
Answer (b) Dumpster Diving
16. Which protocol is used for setting up secured channels between two devices, typically in VPNs ? (a) PPP (b) IPSEC (c) Set (d) PEM
Answer (b): IPSEC
15. An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network. Which AAA protocol is most likely able to handle this requirement? (a) Diameter (b) XTACACS+ (c) RADIUS (d) Kerberos
Answer (c) RADIUS
26. Which of the following parameters describe LM Hash? (a) LM HASH does not distinguish between upper and lower case letters (b) LM HASH splits the password into 2 seven byte halves (c) LM HASH uses a single 14-byte format (d) Both (a) and (b) are correct (e) Both (a) and (c) are correct
Answer(d).
22. Buffer overflows can occur in the heap memory space. Applications dynamically allocate heap memory as needed through a function. This function is called what? (a) malloc() (b) strcopy() (c) strprint() (d) strncopy()
Asnwer: (a). malloc()
31. This virus moves the boot record instructions of a system into an alternate location and copies itself to the original boot record instructions location. After the malicious code is executed, the virus points to the boot record instructions at a new location to be executed. (a) Kernel Level Virus (b) File Loader Virus (c) Boot Sector Virus (d) Firmware Level Virus
Boot Sector Virus
12. Match the ICMP Code to its meaning [a] Time Exceeded (TTL Error Code) [1] ICMP Code 3:2 Host Unreachable [b] Host Unreachable [2] ICMP Code 0 [c] Communications Admin. Prohibited [3] ICMP Code 11:0 [d] Target is up and running [4] ICMP Code 13:0
[a] =[3] [b] = [1] [c] = [4] [d] = [2]
43. Given an IP Address of 172.19.15.11 and a subnet mask of 255.255.0.0 calculate the:
[a] Network Address: Answer: 172.19.0.0 [b] First Useable Address: Answer: 172.19.1.0 [c] Last Useable Address: Answer:172.19.255.254 [d] Broadcast Address: Answer: 172.19.255.255
23. A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software.The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port. What kind of vulnerability must be present to make this remote attack possible? (a) File System permissions (b) Brute Force Login (c) Directory Traversal (d) Privilege Escalation
d) Priviledge Escalation
47. A ____________ virus is a virus that can reprogram itself (a) Multipartite (b) Polymorphic (c) Metamorphic (d) Cavity
(C). Metamorphic
18. Which of the following is a successor to SSL? (a) TLS (b) ISPEC (c) RSA (d) GRE
(a)
36. The Chewbacca Trojan is a type of _______ Trojan. (a) Botnet (b) GUI (c) Defacement (d) ICMP Tunnel
(a) Botnet
32. Which linux command or tool can be used to change a password for a windows system using a USB to boot the windows system? (a) CHTNPWD (b) Hydra (c) Whisker (d) netcat
(a) CHTNPWD
48. A _____________ virus creates a malicious companion to legitimate programs and runs in the virus execution chain. These programs exploit a DOS functionality that forces programs to be executed in a .com, .exe, and .bat execution order if the files all have the same name and are in the same folder. (a) Camouflage (b) Sparse Infector (c) Cavity (d) File Overwriting
(a) Camouflage Virus
9. What is the name for the dynamic memory space that, unlike the stack, doesn't rely on sequential ordering or organization? (a) Heap (b) Pile (c) Load (d) Pointer
(a) HEAP
35. Attacker has access to plaintext/ciphertext pairs from previous conversations and uses the plaintext/ciphertext data to discover the key. (a) Known ciphertext (b) Known plaintext (c) Ciphertext only (d) Timing Attack
(a) Known Plaintext
44. The ____________ AAA mechanism implements an encrypted communication model that interacts with kerberors. (a) TACACS+ (b) STAMPS (c) RADIUS (d) PARALLELS
(a) TACACS+
17. Bluesnarfing is a term used to refer to the theft of data from a Bluetooth device. (a) True (b) False
(a) True
4. In the case of C and C++ languages, there are no automatic bounds checks on boundaries (a) True (b) False
(a) True. This is one of the main functional issues with respect to C/C++
5. Buffer overflows can be used to execute DoS/DDoS Attacks. (a) True (b) False
(a). Inducing a buffer overflow condition exhausts system resources and can be used to execute a DoS/DDoS attack.
30. Which one of the following terms is NOT a term accepted to describe how risk can be managed? (a) Delegate (b) Avoid (c) Mitigate (d) Transfer
(a). Remember MAAST. Mitigate, Accept, Avoid, Share, Transfer
2. It is possible to add canary values as pointers. (a) True (b) False
(a). True.
27. What attack is used to crack passwords by using a pre-computed table of hashed passwords? (a) Dictionary Attack (b) Rainbow Table Attack (c) Brute Force (d) Digital Shoulder Surfing
(b)
21. In a program called StackGuard, whenever a function is called, code is added that pushes a small value called a _______ value over to the stack. (a) Salt (b) Canary (c) Cred (d) Stack gap
(b) Canary
39. Hardware(firmware) level rootkits work at Ring 0. (a) True (b) False
(b) False firmware rootkits work at ring 1
49. Application Level viruses execute with the highest level privileges. (a) True (b) False
(b) False. Applications run with the lowest privileges.
11. The command below produces which type of scan? root@kali> nmap -sO 192.168.3.210-219 Performs an OS system detect scan of the 192.168.3.210 -219 hosts Performs a protocol scan of the 192.168.3.210 -219 hosts Performs a Stealth scan of the 192.168.3.210 -219 hosts Performs a null scan of the 192.168.3.210 -219 hosts
(b) Protocol Scan, the command for OS scan = -O, the command for stealth scan = -sS, the command for null scan = -sN
50. Which one of these programs can be used to check for the presence of Trojans on a system or file? (a) Necurs (b) Tripwire (c) ZeroAccess (d) Azazel
(b) Tripwire
41. ______________ is a federal law that requires federal agencies to implement infosec programs, to include reporting on compliance and accreditation issues. (a) HIPAA (b) NIST 800-53 (c) OSSTM (d) FISMA
(b). NIST 800-53
6. A medium-sized healthcare IT business decides to implement a risk management strategy. Which of the following is NOT one of the five basic responses to risk? (a) Accept (b) Delegate (c) Mitigate (d) Avoid
(b). Remember MAAST: Mitigate, Avoid, Accept, Share, Transfer
29. What terms describes the amount of risk that remains after the vulnerabilities have been classified and the countermeasures deployed? (a) Deferred (b) Residual (c) Inherent (d) Implied
(b). Residual risk
25. Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities? (a) Use full disk encryption during transmission of the PII data (b) Use encrypted communications protocols to transmit the PII (c) Use a security token to secure all web applications and only use that token when logging into the web applications that host the PII (d) Store all PII in an encrypted format and don't share the data over electronic systems
(b). Use encryption methods such as PgP and IPSEC to protect data in transit. Because the question asks about web application vulnerabilities, we are mainly talking about data that will have to move across networks or in transit. Answer (a) would have been an acceptable answer for data at rest or simply being stored. The other two answers are technical distractors.
14. The CodeBlueCS345ops recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data? (a) The document can be sent to the accountant using an exclusive USB format that is encrypted and cannot be broken (b) The financial statements can be sent twice. First in an email and then on a secret USB stick and the two can be compared in order to determine the integrity of the file that was shared. (c) Digital Signatures with hashes of the original document can be used to share the information and ensure integrity (d) The CFO can password protect an excel file which can be made unbreakable
(c) Comparing hashes is the accepted technical method for checking the integrity of a file.
45. _______________ is the least restrictive access control model. (a) Mandatory Access Control (b) Role-based Access Control (c) Discretionary Access Control (d) Rule-based Access Control
(c) DAC
10. What device will neither limit the flow of traffic nor have an impact on the effectiveness of sniffing? (a) Switch (b) Router (c) Hub (d) Gateway
(c) Hub
8. Which of the following malware programs is usually targeted at Microsoft products (a) Cavity Virus (b) Tunneling Virus (c) Macro Virus (d) Type II Firmware Virus
(c) Macros Virus
40. Which of the following attacks mimics a man-in-the-middle attack, exploiting fallback security mechanisms in TLS users? (a) Heartbleed (b) Shellshock (c) POODLE (d) FREAK
(c) POODLE
20. Which of the following is true? (a) Packet sniffers work at layers 2 and 3 of the OSI model (b) Packet sniffers work at layer 1 of the OSI model (c) Packet sniffers work at layer 2 of the OSI model (d) Packet sniffers work at layer 5 of the OSI model
(c) Packet sniffers work at layer 2 of the OSI model
46. The hashed passwords for linux system distributions is saved in ___________. (a) ...///system32/config/SAM.txt file (b) /etc/password file (c) /etc/shadow file (d) /etc/passwds file
(c) The shadow file will have the hashed passwords while the password file will have usernames and may not have hashed passwords.
33. __________ is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. (a) SQL Injection (b) Meterpreter NETAPI Attack (c) Clickjacking (d) Heartbleed Bug Attack
(c). Clickjacking
7. Which of the following programming languages is least likely to be susceptible to a stack-based buffer overflow attack? (a) C/C++ (b) MIPS/Assembler (c) Java (d) Wireshark
(c). Java
38. Which cloud computing model is geared toward software development? (a) PaaS (b) IaaS (c) SaaS (d) XaaS
(c). Software as a Service
28. Which one of the attacks listed below is the best attack for 'time/trade off' when cracking passwords? (a) Brute Force Attack (b) Phishing Attack (c) Dictionary Attack (d) Rainbow Attack
(d)
3. More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers? It basically hides the true nature of the shellcode in different disguises. How does a polymorphic shellcode work? (a) They reverse the working instructions into opposite order by masking the IDS signatures (b) They encrypt the shellcode by XOR'ing by XOR'ing values over the shellcode, using loader code to decrypt the shellcode, and then executing the encrypted shellcode. (c) They convert the shellcode into Unicode using loader to convert back to machine code and then executing them (d) They compress the shellcode into normal instructions, uncompressed the shellcode using loader code and then executing the shellcode
(d)
34. __________ is a Bluetooth attack that knocks out some Bluetooth-enabled devices immediately. This Denial of Service attack can be conducted using standard tools that ship with the official Linux Bluez utils package. (a) Bluesnarfing (b) Bluebugging (c) Bluejacking (d) Bluesmacking
(d) Bluesmacking
1. Which of the following is or are a type of buffer overflow? Stack-Based Dynamic-Based Heap-Based Both Stack and Heap
(d) Both Stack and Heap. A heap overflow is a type of buffer overflow that occurs in the heap data area. Heap overflows are exploitable in a different manner to that of stack-based overflows. Memory on the heap is dynamically allocated by the application at run-time and typically contains program data. Exploitation is performed by corrupting this data in specific ways to cause the application to overwrite internal structures such as linked list pointers. A typical example on older versions of Linux is two buffers allocated next to each other on the heap, writing beyond the boundary of the first buffer allows overwriting meta data in the second buffer. (See figure 1 below) A Stack based buffer overflow occurs when a program writes to a memory address on the program's call stack outside of the intended data structure, which is usually a fixed-length buffer.[1][2] Stack buffer overflow bugs are caused when a program writes more data to a buffer located on the stack than what is actually allocated for that buffer.