Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CEH Practice Exam from Marcus > Day 4 39-75 > Flashcards

Day 4 39-75 Flashcards

1
Q

4.39 The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24.

Which of the following has occurred?

A. The Gateway and the computer are not on the same network
B. The computer is not using a private IP address
C. The computer is using an invalid IP address
D. The gateway is not routing to a public IP address

A

D. The gateway is not routing to a public IP address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

4.40 What results will the following command yield: ‘NMAP –sS –O –p 123-153 192.168.100.3?

A. A stealth scan, checking open ports 123 to 153
B. A stealth scan, checking all open ports excluding ports 123 to 153
C. A stealth scan, opening port 123 and 153
D. A stealth scan, determine operating system, and scanning ports 123 to 153

A

D. A stealth scan, determine operating system, and scanning ports 123 to 153

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

4.41 Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?

A. Hashing is faster compared to more traditional encryption algorithms
B. It is impossible to crack hashed user passwords unless the key used to encrypt them is obtained
C. Passwords stored using hashes are nonreversible, making finding the password much more difficult
D. If a user forgets the password, it can be easily retrieved using the hash key stored by administrators

A

C. Passwords stored using hashes are nonreversible, making finding the password much more difficult

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

4.42 A botnet can be managed through which of the following?

A. Email
B. LinkedIn and Facebook
C. A vulnerable FTP server
D. IRC

A

D. IRC

IRC = Internet Relay Chat. This is a protocol that allows you to relay text messages via discussion forums. IRC is often used as a means to control infected “bots” or “zombies”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

4.43 Fingerprinting VPN firewalls is possible with which of the following tools?

A. arp-scan
B. ike-scan
C. Nikto
D. Angry IP

A

B. ike-scan

http://sectools.org/tool/ike-scan/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

4.44 What is the outcome of the command ”nc -l -p 3030 | nc 192.168.5.10 5555”?

A. Netcat will listen on the 192.168.5.10 interface for 5555 seconds on port 3030.

B. Netcat will listen on port 3030 and output anything received to a remote connection on 192.168.5.10 port 5555.

C. Netcat will listen for a connection from 192.168.5.10 on port 5555 and output anything received to port 3030.

D. Netcat will listen on port 3030 and then output anything received to local interface 192.168.5.10.

A

B. Netcat will listen on port 3030 and output anything received to a remote connection on 192.168.5.10 port 5555.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

4.45 What information should an IT system analysis provide to the risk assessor?

A. Threat statement
B. Impact analysis
C. Security architecture
D. Management buy-in

A

C. Security architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

4.46 Which security strategy requires using several, varying methods to protect IT systems against attacks?

A. Three-way handshake
B. Exponential backoff algorithm
C. Covert channels
D. Defense in depth

A

D. Defense in depth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

4.47 Which of the following business challenges could be solved by using a vulnerability scanner?

A. Auditors want to discover if all systems are following a standard naming convention
B. There is an emergency need to remove administrator access from multiple machines for an employee that quit
C. A Web server was compromised and management needs to know if any further systems were compromised
D. There is a monthly requirement to test corporate compliance with host application usage and security policies

A

D. There is a monthly requirement to test corporate compliance with host application usage and security policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

4.48 If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?

A. SDLC process
B. Honeypot
C. SQL injection
D. Trapdoor

A

D. Trapdoor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

4.49 At midnight your firewall logs are at the expected size of 4MB. Exactly 2 hours later the size has decreased considerably. Another hour goes by and the log files have shrunk in size again. Which of the following actions should be taken?

A. Run an antivirus scan because it is likely the system is infected by malware
B. Log the event as suspicious activity, continue to investigate, and act according to the site’s security policy
C. Log the event as suspicious activity, call a manager, and report this as soon as possible
D. Log the event as suspicious activity and report this behavior to the incident response team immediately

A

B. Log the event as suspicious activity, continue to investigate, and act according to the site’s security policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

4.50 Which of the following open source tools would be the best choice to scan a network for potential targets?

A. NIKTO
B. CAIN
C. John the Ripper
D. NMAP

A

D. NMAP4.51 Which tool can be used to silently copy files to USB devices?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

4.51 Which tool can be used to silently copy files to USB devices?

A. USB dumper
B. USB sniffer
C. USB grabber
D. USB Snoopy

A

C. USB grabber

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

4.52 How can a policy help improve an employee’s security awareness?

A. By implanting written security procedures, enabling employee’s security training, and promoting the benefits of security
B. By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees
C. By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative helpline
D. By decreasing an employee’s vacation time, addressing ad hoc employment clauses, and ensuring that managers no employee strengths

A

A. By implanting written security procedures, enabling employee’s security training, and promoting the benefits of security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

4.53 In the software security development lifecycle process, threat modeling occurs in which phase?

A. Design
B. Requirements
C. Verification
D. Implementation

A

A. Design

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

4.54 Which statement is true regarding network firewalls preventing Web application attacks?

A. Network firewalls can prevent attacks because they can detect malicious HTTP traffic
B. Network firewalls can prevent attacks if they are properly configured
C. Network firewalls cannot prevent attacks because ports 80 and 443 must be open
D. Network firewalls cannot prevent attacks because they are too complex to configure

A

C. Network firewalls cannot prevent attacks because ports 80 and 443 must be open

17
Q

4.55 Which of the following is used to indicate a single line comment in structured query language (SQL)?

A. –
B. %%
C. “
D. #

18
Q

4.57 Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?

A. Ping of death
B. Smurf attack
C. TCP hijacking
D. SYN flood

A

A. Ping of death

19
Q

4.58 What statement is true regarding LM hashes?

A. LM hashes are not generated when the password length exceeds 15 characters
B. Uppercase characters in the password are converted to lowercase
C. LM hashes consist in 48 hexadecimal characters
D. LM hashes are based on AES 128 cryptographic standard

A

A. LM hashes are not generated when the password length exceeds 15 characters

20
Q

4.59 After gaining access to the password hashes used to protect access to a web-based application, knowledge of which cryptographic algorithms would be useful to gain access to the application ?

A. SHA1
B. AES
C. RSA
D. Diffie Hellman

21
Q

4.60 Which of the following problems can be solved by using Wireshark?

A. Tracking version changes of source code
B. Resetting the administer password on multiple systems
C. Troubleshooting communication resets between two systems
D. Checking creation dates on all webpages on a server

A

C. Troubleshooting communication resets between two systems

22
Q

4.61 A newly discovered flaw in a software application would be considered which kind of security vulnerability?

A. Input validation flaw
B. HTTP header injection vulnerability
C. Time to check to time to use flaw
D. 0-day vulnerability

A

D. 0-day vulnerability

23
Q

4.62 What is the command used to create a binary log file using tcpdump?

A. tcpdump -w ./log
B. tcpdump -r log
C. tcpdump -vde logtcpdump -vde ? log
D. tcpdump -l /var/log/

A

A. tcpdump -w ./log

24
Q

4.63 The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?

A. Thresholding interferes with the IDS’s ability to reassemble fragmented packets
B. An attacker, working slowly enough, can evade detection by the IDS
C. Network packets are dropped if the volume exceeds the threshold
D. The IDS will not distinguish among packets or originating from different sources

A

B. An attacker, working slowly enough, can evade detection by the IDS

An alert threshold (in snort for example) says to only alert me when you see more than X number of matches per time-period. For example, when you see more than 10 matching packets per minute.

25
4.64 Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target service? A. Banner grabbing B. Port scanning C. Injecting arbitrary data D. Analyzing service response
D. Analyzing service response
26
4.65 Which of the following defines the role of a root CA in a public key infrastructure? A. The root CA stores the users hash value for safekeeping B. The CA is the trusted root that issues certificates C. The root CA is the recovery agent used to encrypt data when a user certificate is lost D. The root CA is used to encrypt email messages to prevent unintended disclosure of data
B. The CA is the trusted root that issues certificates
27
4.66 The precaution of prohibiting employees from bringing personal computer devices into a facility is what type of security control? A. Procedural B. Compliance C. Physical D. Technical
A. Procedural
28
4.67 You are attempting to map out the firewall policy for an organization. You discover your target system is one hop beyond the firewall. Using hping2 tool, you send SYN packets with the exact TTL of the target system starting at port 1 and going to port 1024. What is this process called? A. Footprinting B. Firewalking C. Enumeration D. Idle Scanning
B. Firewalking
29
4.68 You want to hide a secret.txt document inside c:\windows\system32\tcpip.dll kernel library using ADS streams. How will you accomplish this? A. copy secret.txt c:\windows\system32\tcpip.dll kernel>secret.txt B. copy secret.txt c:\windows\system32\tcpip.dll:secret.txt C. copy secret.txt c:\windows\system32\tcpip.dll |secret.txt D. copy secret.txt >< c:\windows\system32\tcpip.dll kernel secret.txt
B. copy secret.txt c:\windows\system32\tcpip.dll:secret.txt
30
4.69 Which of these has built-in functionality to decode Cisco passwords contained in .pcf config files? A. Cupp B. Nessus C. Cain and Abel D. John The Ripper Pro
C. Cain and Abel
31
4.70 Which of these tools can automate SQL injections? A. DataThief B. NetCat C. Cain and Abel D. SQLInjector
D. SQLInjector
32
4.71 Which tool can scan web servers for problems like potentially dangerous files and vulnerable CGI’s? A. Snort B. Dsniff C. Nikto D. John the Ripper
C. Nikto Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.
33
4.72 Which port number is involved with file sharing on a Windows computer? A. 445 B. 3389 C. 1433 D. 161
A. 445
34
4.73 You are combing through event logs from your firewall, IDS, and proxy server looking for a possible security breach. When you correlate the data from the logs, you find that the sequence of many of the events don’t match up. What is the most likely reason for this? A. The network devices are not all synchronized B. Proper chain of custody was not observed while collecting the logs C. The attacker altered or erased events from the logs D. The security breach was a false positive
C. The attacker altered or erased events from the logs
35
4.74 From your computer, which of these is the best way to send traffic through the network undetected, evading the IDS? A. Use Alternate Data Streams to hide the outgoing packets B. Use HTTP so that all traffic can be routed via a browser, thus evading the internal IDS C. Install Cryptcat and encrypt outgoing packets D. Install and use telnet to encrypt all outgoing traffic
C. Install Cryptcat and encrypt outgoing packets
36
4.75 In which type of system would have a configuration file containing a rule like this: alert tcp any any -> 192.168.100.0/24 21 (msg: "FTP on the network!";) A. FTP Server rule B. An Intrusion Detection System C. A router IPTable D. A firewall IPTable
B. An Intrusion Detection System

CEH Practice Exam from Marcus (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions