Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CEH Practice Exam from Marcus > Day 3 1-38 > Flashcards

Day 3 1-38 Flashcards

1
Q

3.1 You want to send various traffic to a remote host, but you’re worried that someone might monitor the link and capture the traffic. You want to tunnel the data but you do not have VPN capabilities. Which of the following tools can you use to protect the link?

A. MD5

B. PGP

C. RSA

D. SSH

A

D. SSH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

3.2 A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?

A. Locate type=ns

B. Request type=ns

C. Set type=ns

D. Transfer type=ns

A

C. Set type=ns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3.3 You have been hired to perform a penetration test. You start by doing lookups on the client’s DNS servers, scanning their IP ranges, Googling for news concerning the client, staking out the client’s building to watch employee activity, looking at their job postings, and dumpster diving at the client’s office. Which stage of the penetration test does this describe?

A. Information reporting

B. Vulnerability assessment

C. Active information gathering

D. Passive information gathering

A

D. Passive information gathering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

3.4 Bob finds out that his company will be laying him off in a few weeks and he is very angry. He places trojans, viruses, and logic bombs on his network to make his company pay for what they’re doing to him. Bob doesn’t care if he ends up in jail for 20 years because of this. What is Bob considered?

A. Bob would be considered a Suicide Hacker

B. Since he does not care about going to jail, he would be considered a Black Hat

C. Because Bob works for the company currently; he would be a White Hat

D. Bob is a Hacktivist Hacker since he is standing up to a company that is downsizing

A

A. Bob would be considered a Suicide Hacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

3.5 What does FIN in TCP flag define?

A. Used to abort a TCP connection abruptly

B. Used to close a TCP connection

C. Used to acknowledge receipt of a previous packet or transmission

D. Used to indicate the beginning of a TCP connection

A

B. Used to close a TCP connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

3.6 How could you detect IP spoofing from an outside attacker?

A. Check the IPID of the spoofed packet and compare it with TLC checksum. If the numbers match then it is spoofed packet

B. Probe a SYN Scan on the claimed host and look for a response SYN/FIN packet, if the connection completes then it is a spoofed packet

C. Turn on ‘Enable Spoofed IP Detection’ in Wireshark, you will see a flag tick if the packet is spoofed

D. Sending a packet to the claimed host will result in a reply. If the TTL in the reply is not the same as the packet being checked then it is a spoofed packet

A

D. Sending a packet to the claimed host will result in a reply. If the TTL in the reply is not the same as the packet being checked then it is a spoofed packet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

3.7 Which method can help protect against enumeration?

A. Reject all invalid email received via SMTP.

B. Allow full DNS zone transfers.

C. Remove A records for internal hosts.

D. Enable null session pipes.

A

C. Remove A records for internal hosts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

3.8 Where can you go to see past versions and pages of a website?

A.Samspade.org

B.Search.com

C.Archive.org

D.AddressPast.com

A

C.Archive.org

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

3.9 Passive reconnaissance involves collecting information through which of the following?

A. Social engineering

B. Network traffic sniffing

C. Man in the middle attacks

D. Publicly accessible sources

A

D. Publicly accessible sources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

3.10 In order to market his penetration testing skills, a consultant posts on his website several audits that he has performed in the past. Which is the most likely outcome of this?

A. The consultant will ask for money on the bid because of great work.

B. The consultant may expose vulnerabilities of other companies.

C. The company accepting bids will want the same type of format of testing.

D. The company accepting bids will hire the consultant because of the great work performed.

A

B. The consultant may expose vulnerabilities of other companies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

3.11 Which of these consists of a publicly available database that contains domain name registration contact information?

A. WHOIS

B. IANA

C. CAPTCHA

D. IETF

A

A. WHOIS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

3.12 You’ve performed a penetration test for a customer, but they haven’t paid you for a long time and they keep making excuses. What should you do?

A

A. Threaten to publish the penetration test results if not paid.

B. Follow proper legal procedures against the company to request payment.

C. Tell other customers of the problems with payments from this company.

D. Exploit some of the vulnerabilities found on the company webserver to deface it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

3.13 What’s the first thing a penetration tester should do after being brought in to a company?

A. Begin security testing.

B. Turn over deliverables.

C. Sign a formal contract with non-disclosure.

D. Assess what the organization is trying to protect.

A

C. Sign a formal contract with non-disclosure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

3.14 You are a penetration tester for a large security research company. Your friend asks you to perform a penetration test and vulnerability assessment of his new company as a favor. What should you do before starting work on this job?

A. Start by foot printing the network and mapping out a plan of attack.

B. Ask your employer for authorization to perform the work outside your company.

C. Begin the reconnaissance phase with passive information gathering and then move into active information gathering.

D. Use social engineering techniques on the friend’s employees to help identify areas that may be susceptible to attack.

A

B. Ask your employer for authorization to perform the work outside your company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

3.15 After doing a WHOIS on your domain name, what can an attacker do if you have shared too much information about your company through these public domain records? (select TWO answers)

A. Search engines like Google and Bing will expose information listed on the WHOIS record

B. An attacker can attempt phishing and social engineering on targeted individuals using the information from WHOIS records

C. Spammers can send unsolicited e-mails to addresses listed in the WHOIS record

D. IRS Agents will use this information to track individuals using the WHOIS record information

A

B and C

B. An attacker can attempt phishing and social engineering on targeted individuals using the information from WHOIS records

C. Spammers can send unsolicited e-mails to addresses listed in the WHOIS record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

3.16 Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the Internet and is able to open web sites by using an IP address in place of the URL. The administrator runs the nslookup command for www.eccouncil.org and receives an error message stating there is no response from the server. What should the administrator do next?

A. Configure the firewall to allow traffic on TCP ports 53 and UDP port 53.

B. Configure the firewall to allow traffic on TCP ports 80 and UDP port 443.

C. Configure the firewall to allow traffic on TCP port 53.

D. Configure the firewall to allow traffic on TCP port 8080.

A

A. Configure the firewall to allow traffic on TCP ports 53 and UDP port 53.

17
Q

3.17 The following is part of a log file taken from the machine on the network with the IP address of 192.168.1.106:

Time:Mar 13 17:30:15 Port:20 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:17 Port:21 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:19 Port:22 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:21 Port:23 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:22 Port:25 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:23 Port:80 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:30 Port:443 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

What type of activity has been logged?

A. Port scan targeting 192.168.1.103

B. Teardrop attack targeting 192.168.1.106

C. Denial of service attack targeting 192.168.1.103

D. Port scan targeting 192.168.1.106

A

D. Port scan targeting 192.168.1.106

18
Q

3.18 A company has five different subnets: 192.168.1.0, 192.168.2.0, 192.168.3.0, 192.168.4.0 and 192.168.5.0. How can NMAP be used to scan these adjacent Class C networks?

A. NMAP 192.168.1-5.*

B. NMAP 192.168.0.0/16

C. NMAP 192.168.1.0,2.0,3.0,4.0,5.0

D. NMAP 192.168.1/17

A

A. NMAP 192.168.1-5.*

19
Q

3.19 Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?

A. NMAP

B. Metasploit

C. Nessus

D. BeEF

A

C. Nessus

20
Q

3.20 An NMAP scan of a server shows port 25 is open. What risk could this pose?

A. Open printer sharing

B. Web portal data leak

C. Clear text authentication

D. Active mail relay

A

D. Active mail relay

21
Q

3.21 If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

A. Hping

B. Traceroute

C. TCP ping

D. Broadcast ping

A

A. Hping

22
Q

3.22 Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection?

A. NMAP -PN -A -O -sS 192.168.2.0/24

B. NMAP -P0 -A -O -p 1-65535 192.168.0.0/24

C. NMAP -P0 -A -sT -p 0-65535 192.168.0.0/16

D. NMAP -PN -O -sS -p 1-1024 192.168.0.0/8

A

B. NMAP -P0 -A -O -p 1-65535 192.168.0.0/24

23
Q

3.23 When using NMap to scan a network a consultant decides to skip the information gathering phase and just use a broad scope scan. He uses the following command:

NMAP –sT –n –T0 –P0 –p 0-65535 172.0.0.0/8

Approximately how many hosts/ports will be scanned?

A. 16 Million hosts x 65536 ports each
B. Cannot determine since only discovered hosts will be port scanned
C. 4 Billion hosts x 65535 ports each
D. Zero since /8 is not a valid mask for a 172 network

A

A. 16 Million hosts x 65536 ports each

24
Q

3.24 TCP SYN Flood attack abuses the three-way handshake mechanism.

  • An attacker at system A sends a SYN packet to victim at system B.
  • System B sends a SYN/ACK packet to victim A.
  • Normally, A should send an ACK packet to system B, however, system A does not send an ACK packet to system B. In this case client B is waiting for an ACK packet from client A.

This status of client B is called _________________?

A. “half-closed”

B. “half open”

C. “full-open”

D. “xmas-open”

A

B. “half open”

25
Q

3.25 You have a new router with an IP address of 192.168.5.1. Which of the following commands could you use to test the router to see if it is susceptible to a DoS attack?

A. Use the command ping -l 56550 192.168.5.1 -t.

B. Use the command ping 56550 192.168.5.1.

C. Use the command ping 192.168.5.1.

D. Use the command ping -4 56550 192.168.5.1.

A

A. Use the command ping -l 56550 192.168.5.1 -t.

26
Q

3.26 Which nmap command produced the following output?

A. nmap -A -sV -p21,23,80,119 192.168.3.6

B. nmap -F -sV -p21,23,80,119 192.168.3.6

C. nmap -O -sV -p21,23,80,119 192.168.3.6

D. nmap -T -sV -p21,23,80,119 192.168.3.6

A

C. nmap -O -sV -p21,23,80,119 192.168.3.6

27
Q

3.27 Name this type of scan:

You send a FIN packet to an open port and get no response. You send a FIN packet to a closed port and get a RST/ACK returned.

A. Idle Scan

B. FIN Scan

C. XMAS Scan

D. Windows Scan

A

B. FIN Scan

28
Q

3.28 What tool would allow you to crack a password by pre-computing the hashes for all possible permutations of the password?

A. SMBCrack

B. SmurfCrack

C. PSCrack

D. RainbowTables

A

D. RainbowTables

29
Q

3.29 ICMP ping and ping sweeps are used to check for active systems and to check

A. if ICMP ping traverses a firewall.

B. the route that the ICMP ping took.

C. the location of the switchport in relation to the ICMP ping.

D. the number of hops an ICMP ping takes to reach a destination.

A

A. if ICMP ping traverses a firewall.

30
Q

3.30 Which of the following hping2 commands would be used to perform an XMAS scan?

A.hping -S -R -P -A -F -U 192.168.3.20 -p 80 -c 5 -t 60

B.hping -F -Q -J -A -C -W 192.168.3.20 -p 80 -c 5 -t 60

C.hping -D -V -R -S -Z -Y 192.168.3.20 -p 80 -c 5 -t 60

D.hping -G -T -H -S -L -W 192.168.3.20 -p 80 -c 5 -t 60

A

A.hping -S -R -P -A -F -U 192.168.3.20 -p 80 -c 5 -t 60

31
Q

3.31 Jess the hacker runs L0phtCrack’s built-in sniffer utility that grabs SMB password hashes and stores them for offline cracking. Once cracked, these passwords can provide easy access to whatever network resources the user account has access to. But Jess is not picking up hashes from the network. Why?

A. The network protocol is configured to use SMB Signing

B. The physical network wire is on fiber optic cable

C. The network protocol is configured to use IPSEC

D. L0phtCrack SMB sniffing only works through Switches and not Hubs

A

C. The network protocol is configured to use IPSEC

32
Q

3.32 You are scanning a network to ensure it is as secure as possible. You send a TCP probe packet to a host with a FIN flag and you receive a RST/ACK response. What does this mean about the port you are scanning?

A. This response means the port is open.

B. The RST/ACK response means the port is disabled.

C. This means the port is half open.

D. This means that the port is closed.

A

D. This means that the port is closed.

33
Q

3.33 Your company has blocked all the ports via external firewall and only allows port 80/443 to connect to the Internet. You want to use FTP to connect to some remote server on the Internet.

How would you accomplish this?

A. Use HTTP Tunneling

B. Use Proxy Chaining

C. Use TOR Network

D. Use Reverse Chaining

A

A. Use HTTP Tunneling

34
Q

3.34 Attackers send an ACK probe packet with random sequence number, no response means port is filtered (Stateful firewall is present) and RST response means the port is not filtered. What type of Port Scanning is this?

A. RST flag scanning

B. FIN flag scanning

C. SYN flag scanning

D. ACK flag scanning

A

D. ACK flag scanning

35
Q

3.35 Your network has been breached. You review your logs and discover that an unknown IP address has accessed the network through a high-level port that was not closed. You trace the IP to a proxy server in Argentina. After calling the company that owns the server, they trace it to another proxy in Germany. You call them and they trace it to another proxy in China. What proxy tool has the attacker used to cover his tracks?

A. ISA proxy

B. IAS proxy

C. TOR proxy

D. Cheops proxy

A

C. TOR proxy

36
Q

3.36 From an outside IP, you perform an XMAS scan against your company using Nmap. Almost every port scanned does not generate a response. What can you infer from this kind of response?

A. These ports are open because they do not send a response.

B. These ports are in stealth mode.

C. If a port does not respond to an XMAS scan using NMAP, that port is closed.

D. The scan was not performed correctly using NMAP since all ports, no matter what their state, will send some sort of response from an XMAS scan.

A

A. These ports are open because they do not send a response.

37
Q

3.37 Which flags are set in an XMAS scan?

A.FIN, RST, URG

B.PSH, ACK, RST

C.FIN, URG, PSH

D.URG, PSH, RST

A

C.FIN, URG, PSH

38
Q

3.38 Some of your users are visiting offensive websites during business hours. You use a content-filtering system so such access is not authorized. What technique could they be using to bypass your filtering system and access these sites?

A. They are using UDP that is always authorized at the firewall

B. They are using HTTP tunneling software that allows them to communicate with protocols in a way it was not intended

C. They have been able to compromise the firewall, modify the rules, and give themselves proper access

D. They are using an older version of Internet Explorer that allow them to bypass the proxy server

A

B. They are using HTTP tunneling software that allows them to communicate with protocols in a way it was not intended

CEH Practice Exam from Marcus (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions