CEH Certified Ethical Hacker Class

Question 1

DNS poisoning

Answer 1

Modifying the DNS server so it might send out the bad guys address instead of the correct address

Question 2

Spoofing

Answer 2

The creation of Internet Protocol (IP) packets with false source IP addresses

Question 3

Pharming

Answer 3

redirection to a bogus site (harvest large groups of people)

Question 4

Phishing-

Answer 4

Collect access credentials redirecting the user and presenting them with something that looks familiar, but is not

Question 5

Threats come from many areas:

Physical- _________________________

Answer 5

Theft, intrusion, sabatage

Question 6

Threats come from many areas:

Natural- _________________________

Answer 6

Disasters

-Earthquakes, weather related natural disasters

Question 7

Threats come from many areas:

Human- _________________________

Answer 7

Hackers, social engineering, security training, insider-threats

Question 8

Threats come from many areas:

Network- _________________________

Answer 8

Spoofing, sniffing, ARP, Dos, MitM

Question 9

Threats come from many areas:

Host (based attacts)- _________________________

Answer 9

Malware, password, code, exec, Back Door, Footpring, DOS

Question 10

Threats come from many areas:

Application- _________________________

Answer 10

Session Mgmt, Input validation, authentication, Buffer overflow, error handling

Question 11

ARP

Answer 11

The Address Resolution Protocol (ARP) is a communication protocol used for discovering the link layer address associated with a given IPv4 address, a critical function in the Internet protocol suite.

Question 12

What are areas (ethical hacker/hacker) threats can come from?

Answer 12

Physical- theft, intrusion, sabatage
Natural- ie earthquakes, and other natural disasters
Human- Hackers, Social engineering, insider threats
Network- Spoofing, sniffing, ARP, Dos MitM
Host (host based attacks)-malware, backdoor, footprintng
Application- Authentication, Error handling

Question 13

What are some attack vectors (paths by which a hacker can gain access to a host in order to deliver a payload or malicious outcome)?

Answer 13

cloud,
cyber crime,
insider threats

Question 14

What are some attack vectors (paths by which a hacker can gain access to a host in order to deliver a payload or malicious outcome)?

Answer 14

botnets
Deficient Security policies
Networked applications

Question 15

What are some attack vectors (paths by which a hacker can gain access to a host in order to deliver a payload or malicious outcome)?

Answer 15

Mobile Devices
Audit compliance
Insufficient security funding

Question 16

What are some attack vectors (paths by which a hacker can gain access to a host in order to deliver a payload or malicious outcome)?

Answer 16

social networking
unpatched software
malware

Question 17

unpatched software

Answer 17

A patch is a piece of software designed to update a computer program or its supporting data, to fix or improve it. This includes fixing security vulnerabilities and other bugs, with such patches usually called bugfixes or bug fixes, and improving the usability or performance.

Question 18

Ethical Hacking Attack Phases

Answer 18

Recon
Scan
Access

Question 19

Ethical Hacking Attack Phases

Answer 19

Recon
Scan
Access
Maintain (Access)
Cover Tracks

Question 20

DoS

Answer 20

Denial of Service attack- denies the clients/host the ability to use the network (the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.) leads to unavailability or very slowed

Question 21

A DoS or DDoS (distributed) attack analogy

Answer 21

A DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.

Question 22

Recon Phase of Ethical Hacking

Answer 22

Information gathering ie operating system, services

Question 23

passive recon-

Answer 23

gathering intel without target interaction (ie just using the internet to gather info and use tools available on the internet

Question 24

active recon-

Answer 24

Interacting with the target to gather intel

Question 25

scan (phase of ethical hacking attack)

Answer 25

using tool to automatically scan devices - probe for network ports, live hosts, open ports. operating system details

Question 26

access (phase of ethical hacking attack)

Answer 26

Exploiting a vulnerability (that we have discovered) to gain access to the system. Part of that process will also be privilege escalation which could include :

• password cracking
• buffer overflows
• session hijack

Question 27

maintain (access) (phase of ethical hacking attack)

Answer 27

Once we have access, we want to maintain it:
- back doors - so we can get back in
- root kits - provide ways to get back in
& can help hide tracks
-binary executable replacement
- launch point of future attacks

Question 28

cover tracks (phase of ethical hacking attack)

Answer 28

• evidence of a breech removed
• modify or deleting log files
• history of sessions removed

Question 29

DHCP Snooping

Answer 29

you tell the switch the only port the trusted port the offer traffic…. since you set up the If you see xxxxx
DHCP snooping acts like a firewall between trusted DHCP servers and untrusted hosts. … When DHCP snooping is enabled on a switched network or VLAN, it examines all DHCP messages sent from untrusted hosts associated with the network or VLAN and extracts their IP addresses and lease information only letting through trusted port xxxxx

Question 30

ARP

Answer 30

When one machine needs to communicate with another, it looks up its ARP table.

Question 31

ARP spoofing

Answer 31

ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network.

Question 32

Threats of ARP Poisoning

Answer 32

Using fake ARP messages, an attacker can divert all communication between two machines so that all traffic is exchanged via his/her PC

Question 33

DNS Poisoning techniques

Answer 33

tricks a DNS server into believing that it has received authentic information when, in reality, it has not. It results in a substitution of a false IP address at the DNS level where web addresses are converted into numeric IP addresses.

Question 34

How do I know if someone is sniffing?

Answer 34

Ping method- send ping request to the suspect machine

Question 35

These hackers do not have permission or authorization for their activities; Typically their actions fall outside the law.

Answer 35

Black Hats

Question 36

These hackers have permission to perform their tasks and never share information about a client with anyone other than that client.

Answer 36

White Hats

Question 37

These hackers cross into both offensive and defensive actions at different times.

Answer 37

Grey Hats

Question 38

These hackers use hacking to push or promote a political agenda. Targets have included government agencies and large corporations.

Answer 38

Hactivists

Question 39

May attract an above average level of attention from an attacker.

Answer 39

Hack value

Question 40

The act of targeting and actively engaging a TOE

Answer 40

Attack

Question 41

TOE

Answer 41

Target of Evaluation (specified in a contract with the client)

Question 42

Clearly defined way to breach the security of a system

Answer 42

Exploit

Question 43

A threat of vulnerability that is unknown to developers and has not been addresses. It is considered a serious problem in many cases.

Answer 43

Zero Day

Question 44

The state of well-being in an environment- Only actions that are defined are allowed

Answer 44

Security

Question 45

Potential violation of security

Answer 45

Threat

Question 46

Threat

Answer 46

Potential violation of security

Question 47

primarily using passive methods of gaining information from a target prior to performing the later active methods

Answer 47

Footprinting

Question 48

the phase in which you take the information learned from the footprinting phase and use it to target your attack much more precisely-

Answer 48

Scanning Phase

Question 49

performing ping sweeps, port scans and observations of facilities.

Answer 49

included as examples of scanning

Question 50

scanning includes

Answer 50

performing ping sweeps, port scans and observations of facilities.

Question 51

Enumeration

Answer 51

Where you extract much more detailed information about what you uncovered in the scanning phase to determine if it is useful.

Question 52

Where you extract much more detailed information about what you uncovered in the scanning phase to determine if it is useful.

Answer 52

Enumeration