CEH#19 Oriyano - Physical Security
12. Which technology can provide protection against session hijacking? a. ipsec b. udp c. tcp d. ids
A. IPsec provides encryption and other related services that can thwart the threat of session hijacking.
16. A man-in-the-browser attack is typically enabled by using which mechanism? a. virus b. worms c. logic bombs c. trojans
A man-in-the-browser attack is typically enabled by using which mechanism? D Trojans are commonly used to deploy malware onto a client system, which can be used to perform a session hijack.
5. Which of the following is not a source of session IDs? a. url b. cookie c. anonymous login d. hidden login
c. URls, cookies, and hidden logins are all sources of sesion IDs.
19. A session hijack can be initiated from all of the following except which one? a. emails b. browsers c. web applications d. cookies and devices
A session hijack can be initiated from all of the following except which one? D. Cookies can be used during a session hijack and indeed the info contained therein may be the goal of the attack, but devices alone cannot initiate an attack.
14. Session hijacking can be thwarted with which of the following? a. ssh b. ftp c. authentication d. sniffing
C. Authentication mechanisms such as Kerberos can provide protection against session hijacking. Authentication provides verification of the party or parties involved in the communication.
6. Which kind of values is injected into a connection to the host machine in an an effort to increment the sequence number in a predictable fashion? a. counted b. bit c. null d. ip
C. Null values are used to incrememnt the sequence numbers of packets etween the vitim and the host. The null packets are sent to the host machine in an effort to prepare for desynchronizing the client.
11. Session hijacking can be performed on all of the following protocols excpet which one? a. ftp b. smtp c. http d. ipsec
D. IPsec is designated with many goals in mind; one of the mis that it is not as vulnerable to session hijacking as the other protocols and services listed here.
17. A man-in-the-middle attack is an attack where the attacking party does which of the following? a. infect the client system b. infect the server system c. insert themselves into an active session d. insert themselves into a web application
A man-in-the-middle attack is an attack where the attacking party does which of the following? C. A man-in-the-middle attack occurs when the attacking party inserts themselves into the communication between two different parties.
18. A session hijack can happen with which of the following? a. networks and applications b. networks and physical devices c. browsers and applications d. cookies and devices
A session hijack can happen with which of the following? A. session hijacks can occur with both network and application traffic, depending on the attacker's desired goals.
2. Jennifer has been working with sniffing and session-hijacking tools on her company network. Since she wants to stay white hat---that is, ethical---she has gotten permission to understake these activities. What would Jennifer's activities be categorized as? a. passie b. monitoring c. active d. sniffing
Jennifer has been working with sniffing and session-hijacking tools on her company network. Since she wants to stay white hat---that is, ethical---she has gotten permission to undertake these activities. What would Jennifer's activities be categorized as? A. Julie is operating in the passive sense in this scenario. Sniffing trafic is a passive activity.
20. Session hijacking can do all of the following except which one? a. take over an authenticated session b. be used to steal cookies c. take over a session d. place a cookie on a server
Session hijacking can do all of the following except which one? D. a session hijack can be used to read cookies on a client but not place a cookie on a server.
1. Which statement defines session hijacking most accurately? a. session hijacking involves tealing ausrs login info and using that info to pose as the user later b. session hijacking invovles assuming the role of a user through the compromise of physical tokens such as common access cards c. session hijacking is an attack that aims as stealing a legitimate session and posing as that user while communicating with the web resource or host machine. d. session jijacking invovles only web applications and is specific to stealing session IDs from compromised cookies
Which statement defines session hijacking most accurately? c. Session hijacking focused on the victim's session. There are different ways of accomplishing this task, but the basic concept is the same. Be sure to know what constitutes a session hiajack; the exam will expect you to be able to recognize one at first glance.
15. XSS is typically targeted toward which of the following? a. web applications b. email clients c. web browsers d. users
XSS is typically targeted toward which of the following?... c. XSS is targeted toward web browsers and can take adv of defects in web applications and browsers.
9. A public use workstation contains the browsing history of multiple users who logged in during the last seven days. While digging through the history, a user runs across the following web address: www.snaz22enu.com/&w25/session=22525. What kind of embedding are you seeing? a. url embedding b. session embedding c. hidden form embedding d. tracking cookie
a. a session ID coded irectly into a URL is catgorized as a URL-embedde session ID> Remnant session information left in a browsers history can potentially lead to another user or attacker attempting to reuse an abandoned session.
3. n/a 4. Jennifer is a junior sys admin for a small firm of 50 emp. For the last week a few users have been compalining of losing connectivity intermittently with no suspect behavior on their part such as large downloads or intensive processes. Jennifer runs Wireshark on Monday morning to investiage. She sees large amount of ARP braodcasts being sent at a fairly constant rate. What is Jennier most likely seeing? a. arp poisoning b. arp caching c. arp spoofing d. dns spoofing
a. an excessive number of arp broadcasts would indicate an arp poisoining attack. The users reporting loss of connectivity may indicate an attempted session hijacking with a possible DoS attack.
7. An ethical hacker sends a packet with a deliberate and specific path to its destinatino. What technique is the hacker using? a. ip spoofing b. source routing c. arp poisoning d. host routing
b. source routing specifies the path the packet will take to its destination. Source routing can give an attacker the flexibility to direct traffic around areas that may prevent traffic flow or redirect traffic in an undesired fashion.
8. Network-level hijacking focuses on the mechanics of a connection such as the manipulation of packet sequencing. What is the main focus of web app session hijacking? a. breaking user logins b. stealing session IDs c. traffic redirection d. resource DoS
b. stealing session iDs is the main objective in web session hijacking. Session IDs allow the attacker to assume the role of the legitimate client without the time consuming tasks of brute-forcing user logins or sniffing out authentication information.
13. Session fixation is a vulnerability in which of the following? a. web applications b. networks c. software applications d. protocols
A. WEb applications can be vulnerable to session fixation if the right conditions exist. Typically, this means that session IDs aer not regenerated often enough or can be easily ascertained.
10. Julie has sniffed an ample amount of trafic between the targeted victim and an authenticated resource. She has been able to correctly guess the packet sequence numbers and inject packets, but she is unable to receive any of the responses. What does this scenario define? a. switched network b. ssl encryption c. tcp hijacking d. blind hijacking
D. The key portion of the question is that Julie is not receiving a response to her injected packets and commands. Although the sequence prediction does relate to TCP hijacking, the best answer is blind hijacking.