CEH Exam from Quizzes

A client wants the pen test attack to simulate an inside user who finds a way to elevate privileges and create attacks. What's the box?

Gray Box (yay!)

What does ICMP Type 11, code 0 indicate?

I don't know, either. JK is Time Exceeded :)

What is a MX Record

Mail Exchange (MX) records are DNS records that are necessary for delivering email to your address.

You wish to peruse metadata from publicly available documents to learn more about your target. which of the following tools can help with this? a. cain b. john the ripper c. metagoofil d. whois

Metagoofil

What does no response from a port during an XMAS scan mean?

Ports open, man If a RST is received, the port is considered closed while NO response means it is open or possibly filtered.

NICs are designed to accept only those packets belonging to the operating system. in order to use a sniffer, the NIC must be configured to accept all packets. which of the following is the current term to describe the NIC mode? a. link local b. multicast mode c. promiscuous mode d. global

Promiscuous mode promiscuous mode allows a nic to pass all packets received instead of only those addressed to the system

A member of the pen test enters this filter into Wireshark What is he attempting to view? ((tcp.flags == 0x02) || (tcp.flags == 0.12)) || ((tcp.flags == 0x10) && (tcp.ack==1) && (tcp.len==0))

SYN,SYN/ACK, ACK Wasn't it obvious?

Which wireshark filter is the best choice for examining all three-way handshakes originating from 202.99.58.3? a. ip == 202.99.58.3 and tcp.syn b. ip.addr = 202.99.58.3 and syn = 1 c. ip.addr==202.99.58.3 and tcp.flags.syn d. ip.equals 202.99.58.3 and syn.equals on

c. ip.addr==202.99.58.3 and tcp.flags.syn This is correct because: Wireshark syntax requires double equals signs, all aren't correct because of the syntax

(T/F) TCSEC was replaces by Common Criteria

True MuthaHecka

All communication between two subnets is encrypted via SSL. The security staff is concerned about nefarious activity and places an IDS between the two segments. Which of the following is most correct, given the circumstances? a. SSL Generates too many false negatives for IDS to be effective b. SSL generates too many false positives for IDS to be effective c. The IDS is blind to SSL Traffic d. The IDS breaks SSL communication and will prevent traffic flow

c. The IDS is blind to SSL traffic An IDS doesn't have any means to break encryption on the fly. Encrypted traffic actually presents one of the best way to defeat an IDS because it can't see the traffic.

Which of the following performs banner grabbing with Telnet on a Windows System? a. telnet <ip address> 80 b. telnet 80 <ip address> c. telnet <ip address> 80 -u d. telnet 80 <ip address> -u

b. telnet <ip address> 80

PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tec open ipp 9100/tcp ioeb MAC address: 01:2A;48:0B:AA a. The host is most likely a router or has routing enabled b. the host is most likely a printer or has a printer installed c. the host is definitely a windows server d. the host is definitely a linux server

b. the host is most likely a printer or has a printer installed

Which of the following represents the XOR from 01110011 and 11010101? You don't need options to help you, figure it out yourself

c. 10100110 (It works like this: XOR compares two inputs, if the two match the outut is a zero, if they don't it's a 1)

Which of the following is a suite of IETF specifications for securing certain kinds of information provided by DNS? a. ITSEC b. Recursive DNS c. Split DNS d. DNSSEC

c. DNSSEC Stands for Domain Name System Security Extensions. This was released to provide DNS clients the ability to authenticate the origin of a request and to provide for data integrity.

Which of the following laws protects the confidentiality and integrity of personal information collected by financial institutions? a. HIPAA b. Sarbanes-Oxley c. GLBA d. PCI DSS

c. GLBA GLBA (The gramm-Leach-Biley Act) requires financial institutions to take steps to protect customer information

Which of the following is true regarding MX records? a. MX records require an accompanying CNAME record b. MX records point to name servers c. MX records priority increases as the preference number decreases d. MX record entries are required for every namespace

c. MX record priority increases as the preference number decreases

I skipped the google hack questions

sorry!

Network file System (NFS) is a protocol for distributed file sharing on a network. Which of the following was designed for sniffing this traffic? a. macof b. snow c. filesnarf d. snort

c. filesnarf Filesnarf is designed specifically with NFS in mind and saves files sniffed from NFS traffic into the current working directory

Which of the following commands resolves a domain name to an IP? a. host -t ns somewhere.com b. host -t soa somewhere.com c. host -t a somewhere.com d. host -p -t somewhere.com

c. host -t a somewhere.com The host command is one of several DNS loopup utilities (dig works as well) the -t switch sets a TYPE

Know how to calculate ALE

Cause I don't

Which of the following is a command-line sniffer and packet analyzer? a. Nessus b. Tcpdump c. Netstat d. Netcat

b. Tcpdump tcpdump is a well-known sniffer... CLI only, I believe!

ICMP Packets do . not work in identifying targets on a particular subnet. Which is the best option? a. traceroute b. tcp ping c. nslookup d. broadcast ping

b. tcp ping

A vendor is alerted of a newly discovered flaw in their software that presents a major vulnerability to systems. While working to prepare a fix action, the vendor releases a notice alerting the community of the discovered flaw and providing best practices to follow until the patch is available. Which of the following describes the discovered flaw?

Zero day homiez

Which of the following are good choices to use in preventing DHCP starvation attacks? a. enable DHCP snooping on the switch b. use port security on the switch c. bloack all UDP port 67 and port 68 traffic d. configure DHCP filters on the switch

a & b

Which of the following best describes a Window Update Packet? a. A packet used by the receiving device to negotiate a larger window size during data exchange b. a packet used by microsoft operating systems to engage automatic updating c. a packet sent by the initiating system to notify the recipient of its operating system d. A packet sent to reset the communication stream

a. A packet used by the receiving device to negotiate a larger window size during data exchange The window size constantly updates during a data exchange -- afterall the send whats to get as much data out as possible

Which of the following is a routed protocol? a. IP b. BGP c. OSPF d. RIP

a. IP

Which of the following may appear in a zone file? a. MX b. SOA c.DNS d. AX e. SRV f. SA g. PTR

a. MX b. SOA e. SRV g. PTR

As your IDLE scan moves along, you notice that fragment identification numbers gleaned from the zombie machine are incrementing randomly. What the hell does this mean? a. Your IDLE scan results will not be useful to you b. the zombie system is a honeypot c. there is a misbehaving firewall between you and the zombie machine d. this is an expected result during an IDLE scan

a. Your IDLE scan results will not be useful to you It's super important for the zombie to remain idle to all other traffic during an IDLE scan.

Which of the following commands is used to open a collection of Windows administrative tools that you can use to manage a local or remote computer? a. compmgmt.msc b. services.msc c. ncpa.cp d. gpedit

a. compmgmt.msc This is used to open the Computer Management console (kind of looks like that huh? ;) )

A security staff implements a network IDS and a host-based IDS. Which security control role is being implemented? a. detective b. preventive c. defensive d. corrective

a. detective (pikachu)

An organization implements an access control system that allows the data owner to set security permissions on an object. Which of the following best describes this?

a. discretionary access control

Which of the following are valid options to explore in improivng DNS security?

a. implement split horizon operation (look it up, i needed to) b. restrict zone transfers Split horizon DNS (also known as split view) is a method of providing different answers to DNS queries based on the source address of the DNS request.

A use accesses the company website ww.somebiz.com from his home computer and is presented with a defaced site containing disturbing images. He calls the IT department toreport the website hack and is told they do not see any problem with the site -- no files have been changes and when accessed from their terminals (inside the company) the site appears normal. The use connects over VPN into the company website and notices the site appears normally. which of the following might explain the issue? a. web poisining b. sql injection c. arp poisoning d. DNS poisoning

d. DNS poisoning, homies. it's DNS poisoning This is where the DNS server responding to the user's home computer is poisoned and is sending him to a fake site.

A system admin notices log entries from a host named MACHINE_A (195.16.88.12) are not showing up on the syslog server (195.16.88.150). which of the following wireshark filters would show any attempted syslog communication from the machine to the syslog server. a. tcp.dstport==514 && ip.dst==195.16.88.150 b. tcp.srcport==514 && ip.src==195.16.88.12 c. tcp.dstport==514 && ip.src==195.16.88.12 d. ucp.dstport==514 && ip.src==195.16.88.12

d. ucp.dstport==514 && ip.src==195.16.88.12 This is saying "show all packets with a destination port matching syslog (default UDP 514) coming from MACHINE_A

Which of the following would be the best defense against sniffing in your organizations network? a. implement mac filtering on wireless access points b. use static ip addressing c. Ensure strong physical security controls prevent unauthorized access to the server room d. use encryption throughout the network

d. use encryption throughout the network

A security administrator is validating web links on the corporate site and wants to speed up her efforts. which of the following is the best way to speed up the validation of multiple web pages? a. use mget to download all pages locally b. use get* to download all pages locally c. use get() to download all pages locally d. use wget to download all pages locally

d. use wget DUHHHHH

When will a secondary server within a namespace ask for a zone transfer from the primary? a. once every hour b. only when the secondary reboots c. only when manually prompted to do so d. when it's serial number is lower than the primarys e. when its serial number is higher than the primarys

d. when it's serial number is lower than the primary's Every time the primary updates the zone, it increments the serial number. When the secondary checks in, if it's serial number is LOWER than the PRIMARY's then it knows a change has occurred and asks for a zone transfer

Common Criteria is framework in which computer system users can specify their security functional and assurance requirements. Which of the following are aspects of the Common Criteria testing process? a. TOE b. ST c. PP d. EAL e. All of the above

e. All of the above! There are four requirements for the test 1. TOE, the system being tested 2. ST the documentation describing the TOE (Target of Eval)and requirements, PP protection profile, the requirements for the type of product being tested, and the evaluation assurance level (EAL, the rating level, ranked for 1 to 7)

nmap scan to run a reliable but stealthy command

nmap -sS <target ip address>

A pen-test member verifies the entire IP address range owned by the target, discovered details of their domain name registration, and visits job boards and financial websites regarding the target. What activity is being performed?

passive footprinting