26-50 Flashcards
- Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?
. Tcpsplice
. Burp
. Hydra
d. Whisker
- You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.
What is the best Nmap command you will use?
. nmap -T4 -q 10.10.0.0/24
b. nmap -T4 -F 10.10.0.0/24
. nmap -T4 -r 10.10.1.0/24
. nmap -T4 -O 10.10.0.0/24
- As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.
What document describes the specifics of the testing, the associated violations, and essentially protects both the organization’s interest and your liabilities as a tester?
. Service Level Agreement
. Project Scope
c. Rules of Engagement
. Non-Disclosure Agreement
- Which of the following is the BEST way to defend against network sniffing?
a. Using encryption protocols to secure network communications
. Register all machines MAC Address in a Centralized Database
. Use Static IP Address
. Restrict Physical Access to Server Rooms hosting Critical Servers
- Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?
. Iris patterns
. Voice
c. Height and Weight
. Fingerprints
- Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?
. SFTP
b. Ipsec
. SSL
. FTPS
- To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?
a. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit
. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit
. If (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port matches 443) then permit
. If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit
- Jim’s company regularly performs backups of their critical servers. But the company cannot afford to send backup tapes to an off-site vendor for long-term storage and archiving. Instead, Jim’s company keeps the backup tapes in a safe in the office. Jim’s company is audited each year, and the results from this year’s audit show a risk because backup tapes are not stored off-site. The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit?
a. Encrypt the backup tapes and transport them in a lock box.
. Degauss the backup tapes and transport them in a lock box.
. Hash the backup tapes and transport them in a lock box.
. Encrypt the backup tapes and use a courier to transport them.
- You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL.
What may be the problem?
a. Traffic is Blocked on UDP Port 53
. Traffic is Blocked on TCP Port 80
. Traffic is Blocked on TCP Port 54
. Traffic is Blocked on UDP Port 80
- Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?
a. Kismet
. Abel
. Netstumbler
. Nessus
- You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.
While monitoring the data, you find a high number of outbound connections. You see that IP’s owned by XYZ (Internal) and private IP’s are communicating to a Single Public IP. Therefore, the Internal IP’s are sending data to the Public IP.
After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.
What kind of attack does the above scenario depict?
a. Botnet Attack
. Spear Phishing Attack
. Advanced Persistent Threats
. Rootkit Attack
- Scenario1:
- Victim opens the attacker’s web site.
- Attacker sets up a web site which contains interesting and attractive content like ‘Do you want to make
$1000 in a day?’. - Victim clicks to the interesting and attractive content URL.
- Attacker creates a transparent ‘iframe’ in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the ‘Do you want to make $1000 in a day?’ URL but actually he/she clicks to the content or URL that exists in the transparent ‘iframe’ which is setup by the attacker.
What is the name of the attack which is mentioned in the scenario?
. Session Fixation
. HTML Injection
. HTTP Parameter Pollution
d. Clickjacking Attack
- A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named “nc.” The FTP server’s access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server’s software. The “ps” command shows that the “nc” file is running as process, and the netstat command shows the “nc” process is listening on a network port.
What kind of vulnerability must be present to make this remote attack possible?
a. File system permissions
. Privilege escalation
. Directory traversal
. Brute force login
39. Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in bounds checking mechanism?
Code:
#include int main(){ char buffer[8];
strcpy(buffer, ""11111111111111111111111111111"");} Output: Segmentation fault. C#
. Python
. Java
d. C++
- Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite provides different functionality. Collective IPsec does everything except.
. Protect the payload and the headers
. Encrypt
c. Work at the Data Link Layer
. Authenticate
- An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?
a. Make sure that legitimate network routers are configured to run routing protocols with authentication.
. Disable all routing protocols and only use static routes
. Only using OSPFv3 will mitigate this risk.
. Redirection of the traffic cannot happen unless the admin allows it explicitly.
- Which method of password cracking takes the most time and effort?
. Dictionary attack
. Shoulder surfing
. Rainbow tables
d. Brute force
- An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain access to the DNS server and redirect the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?
. MAC Flooding
. Smurf Attack
c. DNS spoofing
. ARP Poisoning
- A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering that NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8
. The host is likely a Linux machine.
b. The host is likely a printer.
. The host is likely a router.
. The host is likely a Windows machine.
- When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?
. The amount of time and resources that are necessary to maintain a biometric system
. How long it takes to setup individual user accounts
c. The amount of time it takes to be either accepted or rejected from when an individual provides identification and authentication information
. The amount of time it takes to convert biometric data into a template on a smart card
- What does the -oX flag do in an Nmap scan?
. Perform an eXpress scan
. Output the results in truncated format to the screen
c. Output the results in XML format to a file
. Perform an Xmas scan
- Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments?
. Honeypots
. Firewalls
c. Network-based intrusion detection system (NIDS)
. Host-based intrusion detection system (HIDS)
- The collection of potentially actionable, overt, and publicly available information is known as
a. Open-source intelligence
. Real intelligence
. Social intelligence
. Human intelligence
- What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?
a. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.
. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.
. Symmetric encryption allows the server to security transmit the session keys out-of-band.
. Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.
