CEH Assessment from CEH Flashcards

1
Q

Hacker is a person who illegally breaks into a system or network without any authorization to destroy, steal sensitive data or to perform any malicious attacks.

Black hat hackers are:

  • Individuals with extraordinary computing skills, resorting to malicious or destructive activities and are also known as crackers
  • Individuals professing hacker skills and using them for defensive purposes and are also known as security analysts
  • Individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing 30 years in jail for their actions
  • Individuals who work both offensively and defensively at various times
A

A. Individuals with extraordinary computing skills, resorting to malicious or destructive activities and are also known as crackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In order to compromise or to hack a system or network the hackers go through various phases of the hacking.

What is the first hacking phase that hackers perform to gather information about a target prior to launching an attack?
Reconnaissance
Scanning
Gaining Access
Maintaining Access
Clearing Track
A

A. Reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Defense-in-depth is a security strategy in which several protection layers are placed throughout an information system. It helps to prevent direct attacks against an information system and data because a break in one layer only leads the attacker to the next layer.
True
False

A

A. TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Penetration testing is a method of actively evaluating the security of an information system or network by simulating an attack from a malicious source.

Which of the following technique is used to simulate an attack from someone who is unfamiliar with the system?
Black box pen testing
White box pen testing
Grey box pen testing
Maintaining Access
Announced pen testing
A

Black Box Penetration Test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
Which of the following scanning technique attackers use to bypass firewall rules, logging mechanism, and hide themselves as usual network traffic?
Stealth scanning technique
TCP connect scanning technique
Xmas scanning technique
Maintaining Access
FIN scanning technique
A

Stealth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
Which of the following scan only works if operating system’s TCP/IP implementation is based on RFC 793?
NULL scan
IDLE scan
TCP connect scan
Maintaining Access
FTP bounce scan
A

NULL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

OS fingerprinting is the method used to determine the operating system running on a remote target system. It is an important scanning method, as the attacker will have a greater probability of success if he/she knows the OS. Active stack fingerprinting is one of the types of OS fingerprinting.

Which of the following is true about active stack fingerprinting?
Uses password crackers to escalate system privileges
Is based on the fact that various vendors of OS implement the TCP stack differently
TCP connect scan
Uses sniffing techniques instead of the scanning techniques
Is based on the differential implantation of the stack and the various ways an OS responds to it

A

B. Is based on the fact that various vendors of OS implement the TCP stack differently

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Proxy is a network computer that can serve as an intermediary for connecting with other computers.

Which of the following sentence is true about a proxy?
Protects the local network from outside access
Does not allow the connection of a number of computers to the Internet when having only one IP address
Allows attacker to view the desktop of users system
Cannot be used to filter out unwanted content

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IP spoofing refers to the procedure of an attacker changing his or her IP address so that he or she appears to be someone else.

Which of the following IP spoofing detection technique succeed only when the attacker is in a different subnet?
Direct TTL probes technique
IP identification number technique
TCP flow control method
UDP flow control method
A
  • Direct TTL Probes – Sending a packet to the claimed host will result in a reply, if the TTL in the reply is not the same as the packet being checked, it is a spoofed packet. This technique is successful when attacker is in a different subnet
  • IP Identification Number – Sending a probe packet to the claimed host will result in a reply, if the IPID number in the reply in the near value as the packet being checked, it is a spoofed packet. This technique is successful even if the attacker is in the same subnet
  • TCP Flow Control Method – If attacker is sending spoofed packets, he will not receive the target´s ACK packets and will not respond with SYN+ACK packet. If the attacker does not stop sending packets after the initial window size is exhausted, most probably the packets are spoofed.

//Answer is A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Enumeration is defined as the process of extracting user names, machine names, network resources, shares, and services from a system.

Which of the following enumeration an attacker uses to obtain list of computers that belongs to a domain?
Netbios enumeration
SNMP enumeration
NTP enumeration
SMTP enumeration
A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Network Time Protocol (NTP) is designed to synchronize clocks of networked computers.

Which of the following port NTP uses as its primary means of communication?
UDP port 123
UDP port 113
UDP port 161
UDP port 320
A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Rootkits are kernel programs having the ability to hide themselves and cover up traces of activities. It replaces certain operating system calls and utilities with its own modified versions of those routines.

Which of the following rootkit modifies the boot sequence of the machine to load themselves instead of the original virtual machine monitor or operating system?
Hypervisor level rootkit
Kernel level rootkit
Boot loader level rootkit
Library level rootkits
A

A Hypervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Steganography is a technique of hiding a secret message within an ordinary message and extracting it at the destination to maintain confidentiality of data.

Which of the following steganography technique embed secret message in the frequency domain of a signal?
Substitution techniques
Transform domain techniques
Spread spectrum techniques
Domain distortion techniques
Cover generation techniques
A

B Transform Domain Techniques

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A virus is a self-replicating program that produces its own code by attaching copies of it into other executable codes.

Which of the following virus evade the anti-virus software by intercepting its requests to the operating system?
Stealth/Tunneling virus
Cluster virus
Macro virus
System or boot sector virus
A

A Stealth/Tunneling Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Lawful intercept is a process that enables a Law Enforcement Agency (LEA) to perform electronic surveillance on a target as authorized by a judicial or administrative order.

Which of the following statement is true for lawful intercept?
Affects the subscriber’s services on the router
Hides information about lawful intercepts from all but the most privileged users
Does not allows multiple LEAs to run a lawful intercept on the same target without each others knowledge
Allows wiretaps only for outgoing communication
alters the traffic

A

B Hides information about lawful intercepts from all but the most privileged users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
Sniffer turns the NIC of a system to the promiscuous mode so that it listens to all the data transmitted on its segment. It can constantly read all information entering the computer through the NIC by decoding the information encapsulated in the data packet. Passive sniffing is one of the types of sniffing. Passive sniffing refers to:
Sniffing through a hub
Sniffing through a router
Sniffing through a switch
Sniffing through a bridge
A

Sniffing is the process of capturing traffic sent between two systems.A sniffer can be a packet-capturing or frame-capturing tool. Depending on how the sniffer is used and the security measures in place, a hacker can use a sniffer to discover usernames,passwords, and other confidential information transmitted on the network. Several hacking attacks and various hacking tools require the use of a sniffer to obtain important information sent from the target system.

…There are two different types of sniffing: passive and active…
Passive sniffing—- involves listening and capturing traffic, and is useful in a network connected by hubs;
active sniffing—-involves launching an Address Resolution Protocol (ARP) spoofing or traffic-flooding attack against a switch in order to capture traffic.
As the names indicate, active sniffing is detectable but passive sniffing isn’t.

NOTE-The term packet refers to the data at layer 3 or the network layer of the OSI model whereas frame refers to data at layer 2 or the data link layer. Frames contain MAC addresses, and packets contain IP addresses.

//A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
Address Resolution Protocol (ARP) is a protocol for mapping an IP address to a physical machine address that is recognized in the local network. ARP Spoofing involves constructing a large number of forged ARP request and reply packets to overload:
Switch
Router
Hub
Bridge
A

Switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Denial of Service (DoS) is an attack on a computer or network that prevents legitimate use of its resources. In a DoS attack, attackers flood a victim system with non-legitimate service requests or traffic to overload its resources, which prevents it from performing intended tasks.

Which of the following is a symptom of a DoS attack?
Unavailability of a particular website
Decrease in the amount of spam emails received
Automatic increase in network bandwidth
Automatic increase in network performance

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Session Hijacking refers to the exploitation of a valid computer session where an attacker takes over a session between two computers.

Which of the following factor contribute to a successful session hijacking attack?
Account lockout for invalid session IDs
Definite session expiration time
Weak session ID generation algorithm
No clear text transmission
A

C Weak session ID generation algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
Buffer Overflow occurs when an application writes more data to a block of memory, or buffer, than the buffer is allocated to hold. Buffer overflow attacks allow an attacker to modify the \_\_\_\_\_\_\_\_\_\_\_ in order to control the process execution, crash the process and modify internal variables.
Target process’s address space
Target remote access
Target rainbow table
Target SAM file
A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which wireless standard has bandwidth up to 54 Mbps and signals in a regulated frequency spectrum around 5 GHz?

  1. 11a
  2. 11b
  3. 11g
  4. 11i
A

802.11a

22
Q
Which device in a wireless local area network (WLAN) determines the next network point to which a packet should be forwarded toward its destination?
Wireless modem
Antenna
Wireless router
Mobile station
A

C Wireless Router

23
Q

Wireless antenna is an electrical device which converts electric currents into radio waves, and vice versa.

Which of the following antenna used in wireless base stations and provides a 360 degree horizontal radiation pattern?
Omnidirectional antenna
Parabolic grid antenna
Yagi antenna
Dipole antenna
A

A Omnidirectional Antenna

24
Q
Wi-Fi Protected Access (WPA) is a data encryption method for WLANs based on 802.11 standards. It improves on the authentication and encryption features of WEP (Wired Equivalent Privacy). Temporal Key Integrity Protocol (TKIP) enhances WEP by adding a rekeying mechanism to provide fresh encryption and integrity keys. Temporal keys are changed for every \_\_\_\_\_\_\_\_\_\_\_.
1,000 packets
5,000 packets
10,000 packets
15,000 packets
A

10,000

25
Q

Firewall is a set of related programs, located at a network gateway server that protects the resources of a private network from users from other networks. A firewall examines all traffic routed between the two networks to see if it meets certain criteria.
Packet filter is one of the categories of firewall.
Packet filtering firewall works at which of these layers of the OSI model?
Network layer
Physical layer
Session layer
Application layer

A

NW Layer

26
Q

Keystroke loggers are stealth software packages that are used to monitor keyboard activities. Which is the best location to place such keyloggers?
Keyboard hardware and the operating system
UPS and keyboard
Operating system and UPS
Monitor and keyboard software

A

A Keyboard Hardware & OS

27
Q

You have invested millions of dollars for protecting your corporate network. You have the best IDS, firewall with strict rules and routers with no configuration errors.
Which of the following techniques practiced by an attacker exploits human behavior to make your network vulnerable to attacks?
Social Engineering
Buffer overflow
Denial of Service
SQL injection

A

A Social Engineering

28
Q

Firewalls are categorized into two; namely hardware firewall and software firewall. Identify the correct statement for a software firewall.
Software firewall is placed between the desktop and the software components of the operating system
Software firewall is placed between the router and the networking components of the operating system
Software firewall is placed between the anti-virus application and the IDS components of the operating system
Software firewall is placed between the normal application and the networking components of the operating system

A

D SW firewall is placed between the normal application & the networking components of the OS

29
Q
Nmap is a free open source utility, which is designed to rapidly scan large networks. Identify the Nmap Scan method that is often referred to as half open scan because it does not open a full TCP connection.
ACK Scan
SYN Stealth
Half open
Windows Scan
A

B SYN stealth

30
Q
As a system administrator, you are responsible for maintaining the website of your company which deals in online recharge of mobile phone cards. One day to your surprise, you find the home page of your company’s website defaced. What is the reason for webpage defacement?
Denial of Service attack
Session Hijacking
DNS attack through cache poisoning
Buffer overflow
A

C DNS Attack through cache poisoning

31
Q
Which of the following protocols are susceptible to sniffing?
SNMP
FTP
NNTP
Telnet
A

Telnet

32
Q

RSA is a public-key cryptosystem developed by MIT professors Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman in 1977 in an effort to help ensure Internet security. RSA uses modular arithmetic and elementary number theory to do computations using two very large prime numbers. Identify the statement which is true for RC6 algorithm:
Is a variable key-size stream cipher with byte-oriented operations and is based on the use of a random permutation
Includes integer multiplication and the use of four 4-bit working registers
Is a parameterized algorithm with a variable block size, key size, and a variable number of rounds
Is a 64 bit block cipher that uses a key length that can vary between 32 and 448 bits

A

B Includes integer multiplication and the use of four 4-bit working registers

33
Q
Password cracking is a technique used to extract user’s password of application/files without the knowledge of the legitimate user. Which of the password cracking technique will the attacker use if he/she gets some information about the password to crack?
Denial of Service Attack
Syllable Attack
Rule-based Attack
Distributed Network Attack (DNA)
A

C Rule-based Attack

34
Q
Secure Hashing Algorithm (SHA) is an algorithm for generating cryptographically secure one-way hash, published by the National Institute of Standards and Technology as a U.S. Federal Information Processing Standard. What is the block (word) size used by SHA-512 algorithm?
32-bit
64-bit
128-bit
256-bit
A

B 64

35
Q
Which of the following cryptographic attack refers to extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or torture?
Ciphertext-only Attack
Chosen-ciphertext Attack
Adaptive Chosen-plaintext Attack
Rubber Hose Attack
A

B Rubber Hose Attack

36
Q

Which of the following is a mutation technique used for writing buffer overflow exploits in order to avoid IDS and other filtering mechanisms?
Assuming that a string function is exploited, send a long string as the input
Randomly replace the NOPs with functionally equivalent segments of the code (e.g.: x++; x-; ? NOP NOP)
Pad the beginning of the intended buffer overflow with a long run of NOP instructions (a NOP slide or sled) so the CPU will do nothing until it gets to the “main event”
makes a buffer to overflow on the lower part of heap, overwriting other dynamic variables, which can have unexpected and unwanted effects

A

B Randomly replace the NOPs with functionally equivalent segments of the code (e.g.: x++; x-; ? NOP NOP)

37
Q
Firewall implementation and design for an enterprise can be a daunting task. Choices made early in the design process can have far-reaching security implications for years to come. Which of the following firewall architecture is designed to host servers that offer public services?
Bastion Host
Screened subnet
Screened host
Screened
A

B Screened subnet

38
Q
An intrusion detection system (IDS) gathers and analyzes information from within a computer or a network, to identify the possible violations of security policy, including unauthorized access, as well as misuse. Attackers use various IDS evasion techniques to bypass intrusion detection mechanisms. Which of the following evasion technique rely on Time-to-Live (TTL) fields of a TCP/IP packet?
Denial-of-Service Attack
Obfuscation
Insertion Attack
Unicode Evasion
A

C Insertion Attack

39
Q

Attackers craft malicious probe packets and scan for services such as HTTP over SSL (HTTPS), SMTP over SSL (SMPTS) and IMAP over SSL (IMAPS) to detect honeypots in a network. Which of the following condition shows the presence of a honeypot?
Ports show a particular service running but deny a three-way handshake connection
Ports show a particular service running and allow a three-way handshake connection
Ports do not show any particular service running
Scan shows that no scanned port is live on the network

A

A Ports show a particular service running but deny a three-way handshake connection

40
Q
Identify the denial-of-service attack that is carried out using a method known as “bricking a system.” Unlike other DoS attacks, it sabotages the system hardware, requiring the victim to replace or reinstall the hardware.
ICMP Flood Attack
Application Level Flood Attacks
Phlashing
Bandwidth Attacks
A

C Phlashing

41
Q
Some viruses affect computers as soon as their code is executed; other viruses lie dormant until a pre-determined logical circumstance is met. Identify the virus that modifies the directory table entries so that directory entries point to the virus code instead of the actual program.
Macro Viruses
Cluster Viruses
Encryption Viruses
Boot Sector Viruses
A

Cluster

42
Q
Which of the following Wi-Fi chalking method refers to drawing symbols in public places to advertise open Wi-Fi networks?
WarWalking
WarFlying
WarChalking
WarDriving
A

WarChalking

43
Q
Wired Equivalent Privacy (WEP) is an IEEE 802.11 wireless protocol which provides security algorithms for data confidentiality during wireless transmissions. WEP uses stream cipher RC4 for confidentiality, and the CRC-32 checksum for integrity of wireless transmission. What is the size of WEP initialization vector (IV)?
8-bit
16-bit
24-bit
32-bit
A

A 128-bit WEP key is usually entered as a string of 26 hexadecimal characters. 26 digits of 4 bits each gives 104 bits; adding the 24-bit IV produces the complete 128-bit WEP key (4 bits × 26 + 24 bits IV = 128 bits of WEP key).

24 bits

44
Q

Bluetooth hacking refers to exploitation of Bluetooth stack implementation vulnerabilities to compromise sensitive data in Bluetooth-enabled devices and networks.
Which of the following Bluetooth attack refers to sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as PDA and mobile phones?
Bluesmacking
Bluejacking
Blue Snarfing
BlueSniff

A

Bluejacking

45
Q
Enumeration is defined as the process of extracting user names, machine names, network resources, shares, and services from a system. Which of the following command can be used in UNIX environment to enumerate the shared directories on a machine?
showmount
finger
rpcinfo
rpcclient
A

showmount

46
Q

CAM table in switch stores information such as MAC addresses available on physical ports with their associated VLAN parameters. What happens when the CAM table is full?
Additional ARP request traffic will not be forwarded to any port on the switch
The switch will stop functioning and get disconnected from network
Additional ARP request traffic will flood every port on the switch
It does not affect the switch functioning

A

C Additional ARP request traffic will flood every port on the switch

47
Q
Identify the web application attack where attackers exploit webpage vulnerabilities to force an unsuspecting user’s browser to send malicious requests they did not intend. The victim holds an active session with a trusted site and simultaneously visits a malicious site, which injects an HTTP request for the trusted site into the victim user’s session, compromising its integrity
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
LDAP Injection attack
SQL injection attack
A

B Cross-Site Request Forgery (CSRF)

48
Q
Jason, a penetration tester, is testing a web application that he knows is vulnerable to an SQL injection but the results of the injection are not visible to him. He tried waitfor delay command to check the SQL execution status which confirmed the presence of the SQL injection vulnerability. Which type of SQL injection Jason is attempting on the web application?
Blind SQL injection
Error-based SQL injection
UNION SQL Injection
Simple SQL Injection
A

Blind

49
Q

Consider the attack scenario given below:
Step 1: User browses a web page
Step 2: Web server replies with requested page and sets a cookie on the user’s browser
Step 3: Attacker steals cookie (Sniffing, XSS, phishing attack)
Step 4: Attacker orders for product using modified cookie
Step 5: Product is delivered to attacker’s address
Identify the web application attack.
Session fixation attack
Unvalidated redirects attack
Cookie poisoning attack
Denial-of-Service (DoS) attack

A

Cookie Poisoning

50
Q

An intrusion detection system (IDS) gathers and analyzes information from within a computer or a network, to identify the possible violations of security policy, including unauthorized access, as well as misuse.
Which of the following IDS detection technique detects the intrusion based on the fixed behavioral characteristics of the users and components in a computer system?
Signature recognition
Anomaly detection
Protocol anomaly detection
All of the above

A

B Anomaly detection