Certified Ethical Hacking (CEHv11)

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Why would an ethical hacker use Google hacking?

To fine-tune the results of searches

What is the purpose of Tripwire?

Verify file integrity

You are concerned about wireless attacks. What protocol can you deploy to create the most secure wireless environment?

WPA

Where are SAM password files stored in Windows?

C:\windows\system32\config\SAM

Which of the following issues and revokes digital certificates?

Certificate authority

Your supervisor has suggested using a proxy to perform scanning. What advantage would be gained by doing so?

Enhance anonymity

Your friend is employed as a penetration tester, helping companies strengthen their network security. Your friend also hacks MMO gaming sites to take over player accounts. Which term could be applied to your friend?

Gray hat hacker

Which of the following can an ethical hacker use to learn about the technology used within a target organization?

Job boards

Which protocol is used to establish a secure connection between two networks over the Internet? Choose the best answer

L2TP

What is the primary focus of a vulnerability assessment?

Locating weaknesses

Which of the following is NOT discovered during the enumeration phase?

Open ports

Which tool would you use select to scan for Bluetooth devices in an office?

Redfang

You are training a new employee in cryptanalysis. How would you describe a "rubber hose" attack to them?

Discovering cryptographic secrets through torture or coercion

You have decided to use TOR for your penetration testing assignment. What is the purpose of TOR?

Hide the process of scanning

You have sent an email to an address that you know does not exist at your target company. Why would you do this?

To generate responses that reveal information about the email servers

What tool would you select to run a covert channel over ICMP?

Loki

Which of the following is used to provide integrity for digital certificates?

MD5

Your supervisor has asked you to recommend a mechanism to disable access to specific resources if a network attack was detected. Which of the following would you recommend?

NIPS

Which file system supports Alternate Data Streams?

NTFS

Which tool would you use to comply with PCI-DSS requirement 11?

Nessus

Which of the following tools can be used to view web server information?

Netcraft

You are discussing encryption with an employee of your company. Which of these algorithms are asymmetrical? Choose two.

RSA/DSA

When performing a FIN scan of a target system, what indicates that a port if closed?

RST

You are planning to implant a sniffing tool on a Linux system, but are concerned it could be discovered with the "ifconfig -a" command. Which of the following is the best option for hiding the tool?

Replace the original version of ipconfig with a rootkit version.

You are discussing server attacks with a new IT employee. You describe an attack that overloads a system and takes it down temporarily. What type of attack are you describing? Choose the BEST answer.

SYN flood

You are a penetration tester. You have completed the footprinting phase o your assignment. What is the next phase you should begin?

Scanning

You are discussing Windows system user accounts with a colleague. What is the RID/SID of the first user account?

1000

Which of the following is the RID/SID of the administrator account on a Windows machine?

500

Which of the following Netcat commands sets up a server?

nc -I -p 192.168.1.1

A user reports that after opening a document called "Contract.docx" that a client sent her via IM, her system started behaving erratically. What is the most likely explanation for this behavior?

The user Downloaded a macro virus

You are discussing Boot Sector viruses with a new employee. Which of the following describes how these viruses operate?

They move the MBR to another location on the hard drive and copy themselves to the original MBR location

Which of the following is a tool used to conduct war-dialing?

Toneloc

SNMP is a network Management protocol that is usually set up to use UDP instead of TCP Pickets

True

SNMP is a networking Management protocol that is usually set up to use UDP instead of TCP Packets

True

The Privacy Act Legislates how personal identifiable information can be used, collected and distributed ( True/False )

True

Your supervisor is concerned about hiring IT employees who might report sensitive information to your competitors. Which of the following would BEST way to protect against this?

Conduct thorough background checks

The key benefits of signed and encrypted e-mail include

Confidentiality, non-repudation and authentication

You wish to infect a remote computer with a trojan. What would be the most efficient method to accomplish this?

Create a custom Trojan horse that mimics the appearance of a program used by your target

Flooding a web service using a lot of infected clients (botnet) to bring down it's performance is called:

DDos

Which network architect design element limits access from an untrusted network while protecting objects on the trusted network?

DMZ

What would you recommend to a client to lure attackers away from their real servers and allow for detection of hacking attempts?

Honeypot

Which of the following must be part of a contract to support electronic discovery of data stored in a cloud environment?

Identification of Data location

Companies may be required to perform penetration testing for which of the following reasons? Choose two.

Industry requirements, Legal requirements

Which of the following best describes footprinting?

Investigation of a target

Which of the following are used for password cracking? Choose two

John the Ripper/ Cain and Abel

You are discussing vulnerabilities of older Windows systems with a colleague. What type of hash is used to store passwords on such systems?

LM

Companies may be required to perform penetration testing for which of the following reasons? Choose two

Legal requirements/Industry requirements

In regards to information security, what is availability?

Making sure data is accessible when permitted parties request it

Which of the following is a valid risk management technique?

Mitigate the risk

In the after math of an attack, you are examining logs on serval Linux servers in your network. You notice a large number of logins occurred during non-work hours. Upon further examination, you discover that the system times on some of the servers are off by as much as 3 hours. What protocol used on Linux servers could ensure that all servers have the correct time?

NTP

Which PKI mechanism allows for the immediate verification of validity of a digital certificate?

OCSP

You are implementing SSL for a server. What system do you also need to implement to enable SSL?

PKI

Your supervisor asks you to investigate implementing a trust-based mechanism for managing digital certificates. What should you study first?

PKI

Vulnerability research refers to which of the following?

Passively uncovering vulnerabilities

Which of the following is required by an ethical hacker prior to evaluating a system?

Permission

Which of the following is a common and efficient method of cracking Windows server AD passwords?

Rainbow table attack

While conducting a penetration test, you discover a hidden folder containing the administrator's bank account login credentials. What should you do?

Report this to the administrator immediately

What would be the result of entering the following command? "Telnet HEAD /http/1.0"

Retrieve the banner of the website

You are attempting to crack passwords in a file you retrieved from a server that you have exploited. What type of file are you examining?

SAM

Your supervisor installed an IDS in your network and configured it to send alerts to your email address. While checking the IDS logs you notice several incidents, but did not receive any emails. What protocol should have been configured on the IDS?

SMTP

Choose the proper sequence of flags in the TCP three step handshake.

SYN, SYN-ACK, ACK

You have been asked to recommend a 2-facter authentication method to a client. However, the client has determined that smart-cards are too expensive. What would be the BEST choice that meets the clients needs?

Security tokens

You have installed a new NIDS. Which component collects data?

Sensor

Your dumpster diving efforts against a target were successful and yielded sensitive information about your target. In your report, what is the BEST solution you would recommend to defend against this type of attack?

Shredders

Which of the following would BEST provide information to devise a social engineering effort?

Social Media

A person shows up at your office claiming to be a service technician. This person wants to discuss technical details about your hardware and applications. What type of attack may be occurring?

Social engineering

You have been asked to evaluate the physical security of a remote office facility. Which of the following would assist with this task?

Street views

Which of the following utilities would you select to reset passwords?

TRK

You are scanning open ports on a server and discover that port 23 is open. What service have you discovered on the server?

Telnet

You wish to perform banner grabbing on a target system. Which of the following tools would you use?

Telnet

You are scanning a target network and discover that the web servers in the DMZ are responding to ACK packets on port 80. What have you learned from this fact?

The DMZ is protected by a packet filter

Which of the following is a typical way of protecting user account passwords?

The OS creates and stores a hash of the password

The IT director of your company is proposing moving to containers instead of traditional virtual machines. What security risk of containers should be considered?

The host OS has a larger attack surface

Which of the following is MOST important to ensure the success of a penetration test for a client?

The involvement of management of the client organization

You wish to install a network appliance that will inspect packets at the most granular level to provide enhanced security. Which device would you most likely install?

Application firewall

Your company is preparing to become certified for the Payment Card Industry Data Security Standard (PCI-DSS). One of the required objectives states you must implement strong access control measures. Which of the following would meet that requirement?

Assign a unique user ID to each person with access to the system

You wish to stop logging and auditing of events. Which utility can you use?

Auditpol

You have been asked to install a wireless access point near the receiving dock and enable WEP. Which of the following statements is true?

The mac addresses can be read using a wireless sniffer

After gaining privileged access to a Windows 2000 server, you extract the SAM file. What would you look for in the file to determine if any of the LM hashes for passwords with fewer than eight characters?

The rightmost portion of the hash will always have the same value

Your supervisor is proposing deploying an FTP server for use by field support technicians. What is the most important security problem regarding FTP that you should make your supervisor aware of?

User IDs and passwords are transmitted in plaintext.

You are discussing wrappers with new employees of your department. Which of the following best describes a wrapper?

Wrappers are used to package covert programs within overt programs

You have installed the following script into the headers of a website: "alert ("You have been pwned")." What type of attack have you executed?

XSS

You are reviewing pseudo code for a new web application and are concerned about buffer overflow attacks. Which of the following pseudo code would limit the input on the Address1 field to 35 characters and avoid a buffer overflow?

if (Address1 <=35) {update field} else exit

Logical access control programs are most effective when they are

made part of the operation system

Which tool would you select to perform custom scans of a target network?

nmap

You are discussing using nmap to perform a subnet scan. Which of the following nmaps switches will perform a UDP scan of the lower 1024 UDP ports?

nmap -sU -p 1-1024

What tool could you use to download pages from a target website so that you examine them offline at your leisure?

wget

What tool would you use to download pages from a target website so that you examine them offline at your leisure?

wget

The Structured Query language (SQL) implements Dictionary Access Controls (DAC) using >

GRANT and Revoke

What is the difference between a hacktivist and a suicide hacker?

A hacktivist is motivated by a cause while a suicide hacker lacks a fear of being caught

Which of the following would be the BEST option to perform a port scan that would allow you to determine if a stateless firewall is being used?

ACK scan

You are evaluating a VPN solution that defaults using IPsec, which of the following modes are supported?

AH & ESP

You have selected Cain to enhance your sniffing on a switched network. What kind of attack can Cain perform to make your sniffing more successful?

ARP poisoning

Which of the following policies determines how employees may use company assets?

Acceptable use policy

What is the term for the process of maintaining the integrity of forensic evidence and ensuring possession is controlled and logged?

Chain of custody

Your supervisor instructs you to improve the security of a web server, yet still allow public access to your website. Which of the following would accomplish BOTH goals?

Change the default port for web traffic to port 443

You overhear a penetration tester state that he plans to use EDGE on his target client. What will he use this for?

Check financial filings

You have pasted the following string into an input field on a server: "192.168.100.56/myserver.aspx..%255C..%255C..%255C..%255Cc:\winnt\system32\cmd.exe%/c:dir". What type of attack are you attempting?

Directory traversal attack

Which of the following best describes the Firewalk tool?

Firewalk is used to determine the rules configured on a firewall

You are configuring a laptop for a penetration test using Wireshark. What library is required to enable the NIC to operate in promiscuous mode?

Winpcap


Ensembles d'études connexes

Intro to Sociology Donovan FSU MIDTERM

View Set

MAN 320F Midterm Unit 1 & 2 Quizzes

View Set

Pharm Exam IV: Cardio, Hematologic, and GI systems ATI

View Set