Certified Ethical Hacking (CEHv11)
Why would an ethical hacker use Google hacking?
To fine-tune the results of searches
What is the purpose of Tripwire?
Verify file integrity
You are concerned about wireless attacks. What protocol can you deploy to create the most secure wireless environment?
WPA
Where are SAM password files stored in Windows?
C:\windows\system32\config\SAM
Which of the following issues and revokes digital certificates?
Certificate authority
Your supervisor has suggested using a proxy to perform scanning. What advantage would be gained by doing so?
Enhance anonymity
Your friend is employed as a penetration tester, helping companies strengthen their network security. Your friend also hacks MMO gaming sites to take over player accounts. Which term could be applied to your friend?
Gray hat hacker
Which of the following can an ethical hacker use to learn about the technology used within a target organization?
Job boards
Which protocol is used to establish a secure connection between two networks over the Internet? Choose the best answer
L2TP
What is the primary focus of a vulnerability assessment?
Locating weaknesses
Which of the following is NOT discovered during the enumeration phase?
Open ports
Which tool would you use select to scan for Bluetooth devices in an office?
Redfang
You are training a new employee in cryptanalysis. How would you describe a "rubber hose" attack to them?
Discovering cryptographic secrets through torture or coercion
You have decided to use TOR for your penetration testing assignment. What is the purpose of TOR?
Hide the process of scanning
You have sent an email to an address that you know does not exist at your target company. Why would you do this?
To generate responses that reveal information about the email servers
What tool would you select to run a covert channel over ICMP?
Loki
Which of the following is used to provide integrity for digital certificates?
MD5
Your supervisor has asked you to recommend a mechanism to disable access to specific resources if a network attack was detected. Which of the following would you recommend?
NIPS
Which file system supports Alternate Data Streams?
NTFS
Which tool would you use to comply with PCI-DSS requirement 11?
Nessus
Which of the following tools can be used to view web server information?
Netcraft
You are discussing encryption with an employee of your company. Which of these algorithms are asymmetrical? Choose two.
RSA/DSA
When performing a FIN scan of a target system, what indicates that a port if closed?
RST
You are planning to implant a sniffing tool on a Linux system, but are concerned it could be discovered with the "ifconfig -a" command. Which of the following is the best option for hiding the tool?
Replace the original version of ipconfig with a rootkit version.
You are discussing server attacks with a new IT employee. You describe an attack that overloads a system and takes it down temporarily. What type of attack are you describing? Choose the BEST answer.
SYN flood
You are a penetration tester. You have completed the footprinting phase o your assignment. What is the next phase you should begin?
Scanning
You are discussing Windows system user accounts with a colleague. What is the RID/SID of the first user account?
1000
Which of the following is the RID/SID of the administrator account on a Windows machine?
500
Which of the following Netcat commands sets up a server?
nc -I -p 192.168.1.1
A user reports that after opening a document called "Contract.docx" that a client sent her via IM, her system started behaving erratically. What is the most likely explanation for this behavior?
The user Downloaded a macro virus
You are discussing Boot Sector viruses with a new employee. Which of the following describes how these viruses operate?
They move the MBR to another location on the hard drive and copy themselves to the original MBR location
Which of the following is a tool used to conduct war-dialing?
Toneloc
SNMP is a network Management protocol that is usually set up to use UDP instead of TCP Pickets
True
SNMP is a networking Management protocol that is usually set up to use UDP instead of TCP Packets
True
The Privacy Act Legislates how personal identifiable information can be used, collected and distributed ( True/False )
True
Your supervisor is concerned about hiring IT employees who might report sensitive information to your competitors. Which of the following would BEST way to protect against this?
Conduct thorough background checks
The key benefits of signed and encrypted e-mail include
Confidentiality, non-repudation and authentication
You wish to infect a remote computer with a trojan. What would be the most efficient method to accomplish this?
Create a custom Trojan horse that mimics the appearance of a program used by your target
Flooding a web service using a lot of infected clients (botnet) to bring down it's performance is called:
DDos
Which network architect design element limits access from an untrusted network while protecting objects on the trusted network?
DMZ
What would you recommend to a client to lure attackers away from their real servers and allow for detection of hacking attempts?
Honeypot
Which of the following must be part of a contract to support electronic discovery of data stored in a cloud environment?
Identification of Data location
Companies may be required to perform penetration testing for which of the following reasons? Choose two.
Industry requirements, Legal requirements
Which of the following best describes footprinting?
Investigation of a target
Which of the following are used for password cracking? Choose two
John the Ripper/ Cain and Abel
You are discussing vulnerabilities of older Windows systems with a colleague. What type of hash is used to store passwords on such systems?
LM
Companies may be required to perform penetration testing for which of the following reasons? Choose two
Legal requirements/Industry requirements
In regards to information security, what is availability?
Making sure data is accessible when permitted parties request it
Which of the following is a valid risk management technique?
Mitigate the risk
In the after math of an attack, you are examining logs on serval Linux servers in your network. You notice a large number of logins occurred during non-work hours. Upon further examination, you discover that the system times on some of the servers are off by as much as 3 hours. What protocol used on Linux servers could ensure that all servers have the correct time?
NTP
Which PKI mechanism allows for the immediate verification of validity of a digital certificate?
OCSP
You are implementing SSL for a server. What system do you also need to implement to enable SSL?
PKI
Your supervisor asks you to investigate implementing a trust-based mechanism for managing digital certificates. What should you study first?
PKI
Vulnerability research refers to which of the following?
Passively uncovering vulnerabilities
Which of the following is required by an ethical hacker prior to evaluating a system?
Permission
Which of the following is a common and efficient method of cracking Windows server AD passwords?
Rainbow table attack
While conducting a penetration test, you discover a hidden folder containing the administrator's bank account login credentials. What should you do?
Report this to the administrator immediately
What would be the result of entering the following command? "Telnet HEAD /http/1.0"
Retrieve the banner of the website
You are attempting to crack passwords in a file you retrieved from a server that you have exploited. What type of file are you examining?
SAM
Your supervisor installed an IDS in your network and configured it to send alerts to your email address. While checking the IDS logs you notice several incidents, but did not receive any emails. What protocol should have been configured on the IDS?
SMTP
Choose the proper sequence of flags in the TCP three step handshake.
SYN, SYN-ACK, ACK
You have been asked to recommend a 2-facter authentication method to a client. However, the client has determined that smart-cards are too expensive. What would be the BEST choice that meets the clients needs?
Security tokens
You have installed a new NIDS. Which component collects data?
Sensor
Your dumpster diving efforts against a target were successful and yielded sensitive information about your target. In your report, what is the BEST solution you would recommend to defend against this type of attack?
Shredders
Which of the following would BEST provide information to devise a social engineering effort?
Social Media
A person shows up at your office claiming to be a service technician. This person wants to discuss technical details about your hardware and applications. What type of attack may be occurring?
Social engineering
You have been asked to evaluate the physical security of a remote office facility. Which of the following would assist with this task?
Street views
Which of the following utilities would you select to reset passwords?
TRK
You are scanning open ports on a server and discover that port 23 is open. What service have you discovered on the server?
Telnet
You wish to perform banner grabbing on a target system. Which of the following tools would you use?
Telnet
You are scanning a target network and discover that the web servers in the DMZ are responding to ACK packets on port 80. What have you learned from this fact?
The DMZ is protected by a packet filter
Which of the following is a typical way of protecting user account passwords?
The OS creates and stores a hash of the password
The IT director of your company is proposing moving to containers instead of traditional virtual machines. What security risk of containers should be considered?
The host OS has a larger attack surface
Which of the following is MOST important to ensure the success of a penetration test for a client?
The involvement of management of the client organization
You wish to install a network appliance that will inspect packets at the most granular level to provide enhanced security. Which device would you most likely install?
Application firewall
Your company is preparing to become certified for the Payment Card Industry Data Security Standard (PCI-DSS). One of the required objectives states you must implement strong access control measures. Which of the following would meet that requirement?
Assign a unique user ID to each person with access to the system
You wish to stop logging and auditing of events. Which utility can you use?
Auditpol
You have been asked to install a wireless access point near the receiving dock and enable WEP. Which of the following statements is true?
The mac addresses can be read using a wireless sniffer
After gaining privileged access to a Windows 2000 server, you extract the SAM file. What would you look for in the file to determine if any of the LM hashes for passwords with fewer than eight characters?
The rightmost portion of the hash will always have the same value
Your supervisor is proposing deploying an FTP server for use by field support technicians. What is the most important security problem regarding FTP that you should make your supervisor aware of?
User IDs and passwords are transmitted in plaintext.
You are discussing wrappers with new employees of your department. Which of the following best describes a wrapper?
Wrappers are used to package covert programs within overt programs
You have installed the following script into the headers of a website: "alert ("You have been pwned")." What type of attack have you executed?
XSS
You are reviewing pseudo code for a new web application and are concerned about buffer overflow attacks. Which of the following pseudo code would limit the input on the Address1 field to 35 characters and avoid a buffer overflow?
if (Address1 <=35) {update field} else exit
Logical access control programs are most effective when they are
made part of the operation system
Which tool would you select to perform custom scans of a target network?
nmap
You are discussing using nmap to perform a subnet scan. Which of the following nmaps switches will perform a UDP scan of the lower 1024 UDP ports?
nmap -sU -p 1-1024
What tool could you use to download pages from a target website so that you examine them offline at your leisure?
wget
What tool would you use to download pages from a target website so that you examine them offline at your leisure?
wget
The Structured Query language (SQL) implements Dictionary Access Controls (DAC) using >
GRANT and Revoke
What is the difference between a hacktivist and a suicide hacker?
A hacktivist is motivated by a cause while a suicide hacker lacks a fear of being caught
Which of the following would be the BEST option to perform a port scan that would allow you to determine if a stateless firewall is being used?
ACK scan
You are evaluating a VPN solution that defaults using IPsec, which of the following modes are supported?
AH & ESP
You have selected Cain to enhance your sniffing on a switched network. What kind of attack can Cain perform to make your sniffing more successful?
ARP poisoning
Which of the following policies determines how employees may use company assets?
Acceptable use policy
What is the term for the process of maintaining the integrity of forensic evidence and ensuring possession is controlled and logged?
Chain of custody
Your supervisor instructs you to improve the security of a web server, yet still allow public access to your website. Which of the following would accomplish BOTH goals?
Change the default port for web traffic to port 443
You overhear a penetration tester state that he plans to use EDGE on his target client. What will he use this for?
Check financial filings
You have pasted the following string into an input field on a server: "192.168.100.56/myserver.aspx..%255C..%255C..%255C..%255Cc:\winnt\system32\cmd.exe%/c:dir". What type of attack are you attempting?
Directory traversal attack
Which of the following best describes the Firewalk tool?
Firewalk is used to determine the rules configured on a firewall
You are configuring a laptop for a penetration test using Wireshark. What library is required to enable the NIC to operate in promiscuous mode?
Winpcap
