Udemy Certified Ethical Hacker Test 3
Transmission Control Protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCP segment. A TCP segment consists of a segment header and a data section. The segment header contains 10 mandatory fields and an optional extension field. Which of the suggested fields is not included in the TCP segment header?
source IP address
John, a cybersecurity specialist, wants to perform a syn scan in his company's network. He has two machines. The first machine (192.168.0.98) has snort installed, and the second machine (192.168.0.151) has kiwi Syslog installed. When he started a syn scan in the network, he notices that kiwi Syslog is not receiving the alert message from snort. He decides to run Wireshark in the snort machine to check if the messages are going to the kiwi Syslog machine. What Wireshark filter will show the connections from the snort machine to kiwi Syslog machine?
tcp.dstport==514 && ip.dst==192.168.0.151
The SOC analyst of the company wants to track the transfer of files over the unencrypted FTP protocol, which filter for the Wireshark sniffer should he use?
tcp.port==21
Identify a tool that can be used for passive OS fingerprinting?
tcpdump
Jack needs to analyze the files produced by several packet-capture programs such as Wireshark, tcpdump, EtherPeek and WinDump. Which of the following tools will Jack use?
tcptrace
Which of the following nmap options can be used for very fast scanning?
-T5
What is the minimum number of network connections needed for a multi-homed firewall?
2
The company is trying to prevent the security breach by applying a security policy in which all Web browsers must automatically delete their HTTP browser cookies upon termination. Identify the security breach that the company is trying to prevent?
Attempts by attackers to access websites that trust the Web browser user by stealing the employee's authentication credentials.
During the security audit, Gabriella used Wget to read exposed information from a remote server and got this result: Server: nginx/1.21.0 Date: Mon, 02 Aug 2021 13:29:13 EST Content-Type: text/html Content-Length: 5683 Last-Modified: Thu, 05 Jul 2021 17:44:09 EST Connection: keep-alive ETag: n"5bb65169-1633" Accept-Ranges: bytes What is the name of this method of obtaining information?
Banner Grabbing
Which of the following stops vehicles from crashing through the doors of a building?
Bollards
Buffer overflow mainly occurs when a created memory partition (or buffer) is written beyond its intended boundaries. If an attacker manages to do this from outside the program, this can cause security problems since it can potentially allow them to manipulate arbitrary memory cells, although many modern operating systems protect against the worst cases of this. What programming language is this example in? char a[4]; strcpy(a, "a string longer than 4 characters"); printf("%s\n",a[6]);
C
Which of the following is an entity in a PKI that will vouch for the identity of an individual or company?
CA
Which of the following Linux-based tools will help you change any user's password or activate disabled accounts if you have physical access to a Windows 2008 R2 and an Ubuntu 9.10 Linux LiveCD?
CHNTPW
Jenny, a pentester, conducts events to detect viruses in systems. She uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which of the following methods does Jenny use?
Code Emulation
A digital signature is the digital equivalent of a handwritten signature or stamped seal. It is intended to solve the problem of tampering and impersonation in digital communications. Which of the following option does a digital signature NOT provide?
Confidentiality
Evil Russian hacker Ivan is attacking again! This time, he got a job in a large American company to steal commercial information for his customer to gain a competitive advantage in the market. In his attack, Ivan used all available means, especially blackmail, bribery, and technological surveillance. What is the name of such an attack?
Corporate Espionage
An attacker tries to infect as many devices connected to the Internet with malware as possible to get the opportunity to use their computing power and functionality for automated attacks hidden from the owners of these devices. Which of the proposed approaches fits description of the attacker's actions?
Creating a botnet
Lisandro is a novice fraudster, he uses special software purchased in the depths of the network for sending his malware. This program allows it to deceive pattern-based detection mechanisms and even some behavior-based ones, disguising malwares as harmless programs. What does Lisandro use?
Crypter
Shortly after replacing the outdated equipment, John, the company's system administrator, discovered a leak of critical customer information. Moreover, among the stolen data was the new user's information that excludes incorrect disposal of old equipment. IDS did not notice the intrusion, and the logging system shows that valid credentials were used. Which of the following is most likely the cause of this problem?
Default Credential
The company secretly hired hacker Ivan to attack its competitors before a major tender. Ivan did not start with complex technological attacks but decided to hit the employees and their reputation. To do this, he collected personal information about key employees of a competitor company. Then he began to distribute it in the open form on the Internet by adding false information about past racist statements of employees. As a result of the scandal in social networks and the censure of employees, competitors lost the opportunity to win the tender, and Ivan's work was done. What is the name of this form of attack?
Doxing
Which of the following components of IPsec provides confidentiality for the content of packets?
ESP
Identify the type of partial breaks in which the attacker discovers a functionally equivalent algorithm for encryption and decryption, but without learning the key?
Global deduction
A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. They are classified according to the place of their injection. What type of rootkit loads itself underneath the computer's operating system and can intercept hardware calls made by the original operating system.
Hypervisor (Virtualized) Rootkits
Which of the following is a component of IPsec that performs protocol-level functions required to encrypt and decrypt the packets?
IPsec driver
Alex, the system administrator, should check the firewall configuration. He knows that all traffic from workstations must pass through the firewall to access the bank's website. Alex must ensure that workstations in network 10.10.10.0/24 can only reach the bank website 10.20.20.1 using HTTPS. Which of the following firewall rules best meets this requirement?
If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit
What property is provided by using hash?
Integrity
The fraudster Lisandro, masquerading as a large car manufacturing company recruiter, massively sends out job offers via e-mail with the promise of a good salary, a friendly team, unlimited coffee, and medical insurance. He attaches Microsoft Word or Excel documents to his letters into which he embeds a special virus written in Visual Basic that runs when the document is opened and infects the victim's computer. What type of virus does Lisandro use?
Macro virus
IPsec is a suite of protocols developed to ensure the integrity, confidentiality, and authentication of data communications over an IP network. Which protocol is NOT included in the IPsec suite?
Media Access Control (MAC)
Maria, the leader of the Blue Team, wants to use network traffic analysis to implement the ability to detect an intrusion in her network of several hosts quickly. Which tool is best suited to perform this task?
NIDS
Enumeration is a process which establishes an active connection to the target hosts to discover potential attack vectors in the system, and the same can be used for further exploitation of the system. What type of enumeration is used to get shared resources on individual hosts on the network and a list of computers belonging to the domain?
Netbios enumeration
Leonardo, an employee of a cybersecurity firm, conducts an audit for a third-party company. First of all, he plans to run a scanning that looks for common misconfigurations and outdated software versions. Which of the following tools is most likely to be used by Leonardo?
Nikto
An attacker gained access to a Linux host and stolen the password file from /etc/passwd. Which of the following scenarios best describes what an attacker can do with this file?
Nothing because the password file does not contain the passwords themselves
Lisandro is engaged in sending spam. To avoid blocking, he connects to incorrectly configured SMTP servers that allow e-mail relay without authentication (which allows Lisandro to fake information about the sender's identity). What is the name of such an SMTP server?
Open mail relay
NIST defines risk management as the process of identifying, assessing, and controlling threats to an organization's capital and earnings. But what is the "risk" itself?
Potential that a threat will exploit vulnerabilities of an asset or group of assets
NIST defines risk management as the process of identifying, assessing, and controlling threats to an organization's capital and earnings. But what is the "risk" itself?
Potential that a threat will exploit vulnerabilities of an asset or group of assets.
Which of the following types of keys does the Heartbleed bug expose to the Internet, making exploiting any compromised system very easy?
Private
Alex, a network administrator, received a warning from IDS about a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. Now Alex needs to determine if these packets are genuinely malicious or simply a false positive. Which of the following type of network tools will he use?
Protocol Analyzer
Which of the following is true about the AES and RSA encryption algorithms?
RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data.
What is the first and most important phase that is the starting point for penetration testing in the work of an ethical hacker?
Reconnaissance
Which of the following is most useful for quickly checking for SQL injection vulnerability by sending a special character to web applications?
Single Quoation
Which of the following is an access control mechanism that allows multiple systems to use a CAS that permits users to authenticate once and gain access to multiple systems?
Single sign-on
Which of the following is correct?
Sniffers operate on Layer 2 of the OSI Model
Identify the type of DNS configuration in which first DNS server on the internal network and second DNS in DMZ?
Split DNS
When choosing a biometric system for your company, you should take into account the factors of system performance and whether they are suitable for you or not. What determines such a factor as the throughput rate?
The data collection speeds, data processing speed, or enrollment time.
Sniffing is a process of monitoring and capturing all data packets passing through a given network. An intruder can capture and analyze all network traffic by placing a packet sniffer on a network in promiscuous mode. Sniffing can be either Active or Passive in nature. How does passive sniffing work?
This is the process of sniffing through the hub
The flexible SNMP architecture allows you to monitor and manage all network devices from a single console. The data exchange is based on the Protocol Data Unit (PDU). There are 7 PDUs in the latest version of the SNMP protocol. Which of them sends a notification about the past event immediately, without waiting for the manager's request, and does not need confirmation of receipt?
Trap
What flags will be set when scanning when using the following command: #nmap -sX host.companydomain.com
URG, PUSH and FIN are set
Which of the following is a common IDS evasion technique?
Unicode characters
You need to conduct a technical assessment of the network for a small company that supplies medical services. All computers in the company use Windows OS. What is the best approach for discovering vulnerabilities?
Use a scan tool like Nessus
The ping utility is used to check the integrity and quality of connections in networks. In the process, it sends an ICMP Echo-Request and captures the incoming ICMP Echo-Reply, but quite often remote nodes block or ignore ICMP. Which of the options will solve this problem?
Use hping
How can resist an attack using rainbow tables?
Use password salting
Which of the following is the most effective way against encryption ransomware?
Use the 3-2-1 backup rule.
Alex works as a network administrator at ClassicUniversity. There are many Ethernet ports are available for professors and authorized visitors (but not for students) on the university campus. However, Alex realized that some students connect their notebooks to the wired network to have Internet access. He identified this when the IDS alerted for malware activities in the network. What should Alex do to avoid this problem?
Use the 802.1x protocol
The attacker managed to gain access to Shellshock, and now he can execute arbitrary commands and gain unauthorized access to many Internet-facing services. Which of the following operating system can't be affected by an attacker yet?
Windows
Identify the algorithm according to the following description: That wireless security algorithm was rendered useless by capturing packets and discovering the passkey in seconds. This vulnerability was strongly affected to TJ Maxx company. This vulnerability led to a network invasion of the company and data theft through a technique known as wardriving.
Wired Equivalent Privacy (WEP)
What Linux command will you use to resolve a domain name into an IP address?
host -t a resolveddomain.com
When getting information about the web server, you should be familiar with methods GET, POST, HEAD, PUT, DELETE, TRACE. There are two critical methods in this list: PUT (upload a file to the server) and DELETE (delete a file from the server). When using nmap, you can detect all these methods. Which of the following nmap scripts will help you detect these methods?
http-methods
Organizations need to deploy a web-based software package that requires three separate servers and internet access. What is the recommended architecture in terms of server placement?
A web server facing the Internet, an application server on the internal network, a database server on the internal network
