Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CEH > Examen 1 > Flashcards

Examen 1 Flashcards

1
Q 
What type of vulnerability/attack is it when the malicious person forces the user's browser to send an authenticated request to a server? 
A. Cross-site request forgery 
B. Cross-site scripting 
C. Session hijacking 
D. Server side request forgery
A

A. Cross-site request forgery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Your next-door neighbor, that you do not get along with, is having issues with their network, so he yells to his spouse the network’s SSID and passowrd and you hear them both clearly. What do you do with this information?
A. Nothing but suggest to him to change the network’s SSID and password.
B. Sell his SSID and password to friends that come to your house, so it doesn’t slow down your network.
C. Log onto to his network, after all it’s his fault you can get in.
D. Only use his network when you have large downloads so you don’t tax your own network.

A

A. Nothing but suggest to him to change the network’s SSID and password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.
A. SQL injection attack
B. Cross-Site Scripting (XSS)
C. LDAP Injection attack
D. Cross-Site Request Forgery (CSRF)
A

B. Cross-Site Scripting (XSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network.
Which AAA protocol is most likely able to handle this requirement?
A. RADIUS
B. DIAMETER
C. Kerberos
D. TACACS+

A

A. RADIUS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
A recent security audit revealed that there were indeed several occasions that the company's network was breached. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving? 
A. True positive 
B. False negative
C. False positive 
D. False positive
A

B. False negative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which among the following is a Windows command that a hacker can use to list all the
shares to which the current user context has access?
A. NET FILE
B. NET USE
C. NET CONFIG
D. NET VIEW

A

B. NET USE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q 
Which of the following prgramming languages is most vulnerable to buffer overflow
attacks?
A. Perl
B. C++
C. Python
D. Java
A

B. C++

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
Which of the following command line switch would you use ofr OS detection in Nmap?
A. -D 
B. -O 
C. -P
D. -X
A

B. -O

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust
relationship exists and that a certificate is still valid for specific operations?
A. Certificate issuance
B. Certificate validation
C. Certificate cryptography
D. Certificate revocation

A

B. Certificate validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q 
Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her?
A. Password protected files
B. Hidden folders
C. BIOS password
D. Full disk encryption.
A

D. Full disk encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is a characteristic of Public Key Infrastructure (PKI)?
A. Public-key cryptosystems are faster than symmetric-key cryptosystems.
B. Public-key cryptosystems distribute public-keys within digital signatures.
C. Public-key cryptosystems do not require a secure key distribution channel.
D. Public-key cryptosystems do not provide technical non-repudiation via digital signatures

A

B. Public-key cryptosystems distribute public-keys within digital signatures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The chance of a hard drive failure is once every three years. The cost to buy a new ard
drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will
require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).
What is the closest approximate cost of this replacement and recovery operation per year?
A. $146
B. $1320
C. $440
D. $100

A

A. $146

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Due to a slowdown of normal network operations, IT department decided to monitor
internet traffic for all of the employees. From a legal stand point, what would be troublesome to take this kind of measure?
A. All of the employees would stop normal work activities
B. IT department would be telling employees who the boss is
C. Not informing the employees that they are going to be monitored could be an invasion of privacy.
D. The network could still experience traffic slow down.

A

C. Not informing the employees that they are going to be monitored could be an invasion of privacy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q 
If executives are found liable for not properly protecting their company's assets and information systems, what type of law would apply in this situation?
A. Civil
B. International
C. Criminal
D. Common
A

A. Civil

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What hacking attack is challenge/response authentication used to prevent?

A

A. Replay attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers. Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?
A. Hardware, Software, and Sniffing.
B. Hardware and Software Keyloggers.
C. Passwords are always best obtained using Hardware key loggers.
D. Software only, they are the most effective.

A

A. Hardware, Software, and Sniffing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q 
Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?
A. UDP 123
B. UDP 541
C. UDP 514
D. UDP 415
A

C. UDP 514

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Code injection is a form of attack in which a malicious user:
A. Inserts text into a data field that gets interpreted as code
B. Gets the server to execute arbitrary code using a buffer overflow
C. Inserts additional code into the JavaScript running in the browser
D. Gains access to the codebase on the server and inserts new code

A

A. Inserts text into a data field that gets interpreted as code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q 
Darius is analysing IDS logs. During the investigation, he noticed that there was nothing suspicious found and an alert was triggered on normal web application traffic. He can mark this alert as: 
A. False negative 
B. False positive
C. True positive 
D. False signature
A

B. False positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q 
PGP, SSL, and IKE are all examples of which type of cryptography?
A. Public key
B. Secret Key 
C. Hash Algorithm
D. Digest
A

A. Public key
B. Secret key
C. Hash Algorithm
D. Digest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed to achieve compliance. Which of the following requirements would best fit under the objective, “implement stron access control measures”?
A. Regularly test security system and proccesses
B. Encrypt transmission of cardholder data across open, public networks
C. Assign a unique ID to each person with computer access.
D. Use and regularly update anti-virus software on all systems commonly affected by malware.

A

C. Assign a unique ID to each person with computer access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q 
The purpose of a \_\_\_\_\_\_\_\_\_\_ is to deny network access to local area networks and other information assets by unauthorized wireless devices.
A. Wireless Intrusion Prevention System
B. Wireless Access Point
C. Wireless Access Control List
D. Wireless Analyzer
A

A. Wireless Intrusion Prevention System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is GINA?
A. Gateway Interface Network Application
B. GUI Installed Network Application CLASS
C. Global Internet National Authority
D. Graphical Identification and Authentication DLL

A

D. Graphical Identification and Authentication DLL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q 
A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming into the network over pots 20 and 21. During analysis, there were no signs of attack on the FTP servers. How should the administrator classify this situation? 
A. True negatives
B. False negatives
C. True positives
D. False positives
A

D. False positives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q 
A company recently hired your team of Ethical Hackers to test the security of their network systems. The company wants to have the attack be as realistic as possible. They did not provide any information besides the name of their company. What phase of security testing would your team jump in right away?
A. Scanning
B. Reconnaissance
C. Escalation
D. Enumeration
A

B. Reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment more than one value. Why do you think this occurs?
A. The zombie you are using is not truly idle
B. A stateful inspection firewall is resetting your queries
C. Hping2 canot be used for idle scanning
D. These ports are actually open on the target system

A

A. The zombie you are using is not truly idle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd (cuentas de usuarios, asi como las claves de accesos y privilegios). How can he use it?
A. The password file does not contain the passwords themselves
B. He can open it and read the user ids and corresponding passwords
C. The file reveals the passwords to the root user only
D. He cannot read it because it is encrypted

A

A. The password file does not contain the passwords themselves.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q 
Which of the following is a hashing algorithm? 
A. MD5
B. PGP 
C. DES 
D. ROT13
A

A. MD5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q 
Which of the following is a successor of SSL? 
A. TLS
B. RSA 
C. GRE 
D. IPSec
A

A. TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q 
What would you type on the Windows command line in order to launch the Computer Management Console provided that you are logged in as an admin? 
A. c:\compmgmt.msc
B. c:\gpedit
C. c:\ncpa.cpl
D. c:\services.msc
A

A. c:\compmgmt.msc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Switches maintain a CAM Table that maps individual MAC addresses on the network to
physical ports on the switch. In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?
A. Switch then acts as hub by broadcasting packets to all machines on the network
B. The CAM overflow table will cause the switch to crash causing Denial of Service
C. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF
D. Every packet is dropped and the switch sends out SNMP alerts to the IDS port

A

A. Switch then acts as hub by broadcasting packets to all machines on the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

After gaining access to the password hashes used to protect access to a web based
application, knowledge of which cryptographic algorithms would be useful to gain access to the
application?
A. SHA1
B. Diffie-Helman
C. RSA
D. AES

A

A. SHA1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q 
Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?
A. 768 bit key
B. 1025 bit key
C. 1536 bit key
D. 2048 bit key
A

C. 1536 bit key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q 
The establishment of a TCP connection involves a negotiation called 3 way handshake. What type of message sends the client to the server in order to begin this negotiation?
A. RST
B. ACK
C. SYN-ACK
D. SYN
A

D. SYN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What is the following command used for?
net use \targetipc$ “” /u:””
A. Grabbing the etc/passwd file
B. Grabbing the SAM
C. Connecting to a Linux computer through Samba.
D. This command is used to connect as a null session
E. Enumeration of Cisco routers

A

C. Connecting to a Linux computer through Samba.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q 
A security engineer has been asked to depoloy a secure remote access solution that will allow employees to connect to the company's internal network. Which of the following can be implemented to minimize the opportunity for the man-in-the-middle attack to occur? 
A. SSL 
B. Mutual authentication 
C. IPSec
D. Static IP addresses
A

C. IPSec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q 
Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network. Which of these tools would do the SNMP enumeration he is looking for? Select the best answers.
A. SNMPUtil
B. SNScan
C. SNMPScan
D. Solarwinds IP Network Browser
E. Nmap
A

A. SNMPUtil
B. SNScan
D. Solarwinds IP Network Browser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q 
Which of the following tools will scan a network to perform vulnerability checks and
compliance auditing?
A. NMAP
B. Metasploit
C. Nessus
D. BeEF (Browser Exploitation Framework)
A

C. Nessus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTMLcode to embed a malicious applet in all HTTP connections.
When users accessed any page, the applet ran and exploited many machines.
Which one of the following tools the hacker probably used to inject HTML code?
A. Wireshark
B. Ettercap
C. Aircrack-ng
D. Tcpdump

A

B. Ettercap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Which of the following describes the characteristics of a Boot Sector Virus?
A. Moves the MBR to another location on the hard disk and copies itself to the original location the MBR
B. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR
C. Modifies directory table entries so that directory entries point to the virus code instead of the actual program
D. Overwrites the original MBR and only executes the new virus code

A

A. Moves the MBR to another location on the hard disk and copies itself to the original location the MBR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q 
Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP? 
A. Metasploit scripting engine 
B. Nessus scripting engine 
C. NMAP scripting engine 
D. SAINT scripting engine
A

C. NMAP scripting engine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q 
Supposed you are the Chief Network Engineer of a certain Telco. Your company is planning for a big business expansion and it requires that your network authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over Frame Relay network. Which AAA protocol would you implement? 
A. TACACS+ 
B. DIAMETER
C. Kerberos 
D. RADIUS
A

D. RADIUS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q 
Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?
A. WebBugs
B. WebGoat
C. VULN_HTML
D. WebScarab
A

B. WebGoat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q 
Which protocol is used for setting up secured channels between two devices, typically in VPNs?
A. IPSEC
B. PEM
C. SET
D. PPP
A

A. IPSEC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q 
A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to sniff all fo the packets in the network? 
A. Fraggle 
B. MAC Flood 
C. Smurf
D. Tear Drop
A

B. MAC Flood

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q 
Sid is a judge for a programming contest. Before the code reaches him it goes through a restricted OS and is tested there. If it passes, then it moves onto Sid. What is this middle step called?
A. Fuzzy-testing the code 
B. Third party running the code
C. Sandboxing the code
D. String validating the code
A

A. Fuzzy-testing the code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

You jsut set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration?
alert tcp any any -> 192.168.100.0/24 (msg: “FTP on the network!”;)
A. An Intrusion Detection System
B. A firewall IPTable
C. A Router IPTable
D. FTP Server rule

A

A. An Intrusion Detection System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q 
What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation?
A. Blue Book
B. ISO 26029
C. Common Criteria
D. The Wassenaar Agreement
A

C. Common Criteria

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Joseph was the Web site administrator for the Mason Insurance in New York, who’s main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker’s message ‘‘Hacker Message: You are dead! Freaks!” From his office, which was directly connected to Mason Insurance’s internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact. No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using his dial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:
After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal
network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack?
A. ARP spoofing
B. SQL injection
C. DNS poisoning
D. Routing table injection

A

C. DNS poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q 
Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?
A. Penetration testing
B. Social engineering
C. Vulnerability scanning
D. Access control list reviews
A

A. Penetration testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company’s network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place. Your peer, Peter Smith who works at the same department disagrees with you. He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of “weakest link” in the security chain. What is Peter Smith talking about?
A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain
B. “zero-day” exploits are the weakest link in the security chain since the IDS will not be able to
detect these attacks
C. “Polymorphic viruses” are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks
D. Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway

A

A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain

52
Q 
Which of the following open source tools would be the best choice to scan a network for potential targets? 
A. NMAP 
B. NIKTO
C. CAIN 
D. John the Ripper
A

A. NMAP

53
Q 
Which of the following Secure Hashing Algorithm (SHA) produces a 160-bit digest from a message with a maximum length of (264-1) bits and resembles the MD5 algorithm?
A. SHA-2
B. SHA-3
C. SHA-1
D. SHA-0
A

C. SHA-1

54
Q

Which of the following is an NMAP script that could help detect HTTP Methods such as GET, POST, HEAD, PUT, DELETE, TRACE?
A. http-git (checks for a git repository)
B. http-headers (performs a HEAD request for the root folder)
C. http-enum (Enumerates directories used by popuular web applications and servers)
D. http.methods

A

D. http-methods

55
Q 
Using Windows CMD, how would an attacker list al lthe shares to which the current user has access? 
A. NET USE
B. NET CONFIG 
C. NET FILE 
D. NET VIEW
A

B. NET USE

56
Q

An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?
A. He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.
B. He will activate OSPF on the spoofed root bridge.
C. He will repeat the same attack against all L2 switches of the network.
D. He will repeat this action so that it escalates to a DoS attack.

A

A. He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.

57
Q

You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System. What is the best approach?
A. Install Cryptcat and encrypt outgoing packets from this server.
B. Install and use Telnet to encrypt all outgoing traffic from this server.
C. Use Alternate Data Streams to hide the outgoing packets from this server.
D. Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion
Detection Systems.

A

A. Install Cryptcat and encrypt outgoing packets from this server.

58
Q 
Which of the following represents the initial two commands that an IRC client sends to join an IRC network?
A. USER, NICK
B. LOGIN, NICK
C. USER, PASS
D. LOGIN, USER
A

A. USER, NICK

59
Q 
Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit? 
A. SHA-1
B. MD5
C. HAVAL
D. MD4
A

A. SHA-1

60
Q

Which of the following is a wireless network detector that is commonly found on Linux?
A. Kismet
B. Abel (Cain y Abel recovery password tool)
C. Netstumbler (detección redes inalámbricas Windows)
D. Nessus

A

A. Kismet

61
Q

You’ve gained physical access to a Windows 2008 R2 server which has an accessible disc
drive. When you attempt to boot the server and log in, you are unable to guess the password. In your tool kit you have an Ubuntu 9.10 Linux LiveCD. Which Linux based tool has the ability to change any user’s password or to activate disabled Windows accounts?
A. CHNTPW
B. Cain & Abel
C. SET
D. John the Ripper

A

A. CHNTPW

62
Q 
The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top Ten Project Most Critical Web Application Security Risks?
A. Injection
B. Cross Site Scripting 
C. Cross Site Request Forgery
D. Path Disclosure
A

A. Injection

63
Q 
In order to show improvement of security over time, what must be developed?
A. Reports
B. Testing tools
C. Metrics
D. Taxonomy of vulnerabilities
A

Answer: C

64
Q 
Which of the following programming languages is most susceptible to buffer overflow
attacks, due to its lack of a built-in-bounds checking mechanism?
Code: 
#include  
int main() {
char buffer [8]; 
strcpy (buffer, ""1111111111111111111111111""); 
}
Output:
Segmentation fault
A. C#
B. Python
C. Java
D. C++
A

D. C++

65
Q

Which of the following lists are valid data-gathering activities associated with a risk assessment?
A. Threat identification, vulnerability identification, control analysis
B. Threat identification, response identification, mitigation identification
C. Attack profile, defense profile, loss profile
D. System profile, vulnerability identification, security determination

A

A. Threat identification, vulnerability identification, control analysis

66
Q

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.
A. Use port security on his switches.
B. Use a tool like ARPwatch to monitor for strange ARP activity.
C. Use a firewall between all LAN segments.
D. If you have a small network, use static ARP entries.
E. Use only static IP addresses on all PC’s.

A

A. Use port security on his switches.
B. Use a tool like ARPwatch to monitor for strange ARP activity.
D. If you have a small network, use static ARP entries.

67
Q 
During the process of encryption and decryption, what keys are shared? 
A. Private keys
B. User passwords
C. Public keys
D. Public and private keys
A

C. Public keys

68
Q 
A security analyst is performing an audit on the network to determine if ther are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out model installed. Which security policy must the security analyst check to see if dial-out modems are allowed? 
A. Firewall-management policy 
B. Acceptable-use policy 
C. Remote-access policy 
D. Permisive policy
A

C. Remote-acces policy

69
Q

You are monitoring the network of your organizations. You notice that:
(no hay info)
Which of the following solution will you suggest?
A. Block the Blacklist IP’s @ Firewall
B. Update the Latest Signatures on your IDS/IPS
C. Clean the Malware which are trying to Communicate with the External Blacklist IP’s
D. Both B and C

A

D. Both B and C

70
Q

Smart cards use which protocol to transfer the certificate in a secure manner?
A. Extensible Authentication Protocol (EAP)
B. Point to Point Protocol (PPP)
C. Point to Point Tunneling Protocol (PPTP)
D. Layer 2 Tunneling Protocol (L2TP)

A

A. Extensible Authentication Protocol (EAP)

71
Q 
On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured? 
A. nessus +
b. nessus *s 
C. nessus & 
D. nessus -d
A

C. nessus &

72
Q

Emil uses nmap to scan two hosts using this command.
nmap -sS -T4 -O 192.168.99.1 192.168.99.7
He receives this output:
What is his conclusion?
A. Host 192.168.99.7 is an iPad.
B. He performed a SYN scan and OS scan on hosts 192.168.99.1 and 192.168.99.7.
C. Host 192.168.99.1 is the host that he launched the scan from.
D. Host 192.168.99.7 is down.

A

B. He performed a SYN scan and OS scan on hosts 192.168.99.1 and 192.168.99.7.

73
Q

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network.
What is this type of DNS configuration commonly called?
A Split DNS
B. DNSSEC
C. DynDNS
D. DNS Scheme

A

A. Split DNS

74
Q

What is the role of test automation in security testing?
A. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.
B. It is an option but it tends to be very expensive.
C. It should be used exclusively. Manual testint is outdated because of low speed and possible test setup inconsistencies.
D. Test automation is not usable in security due to the complexisty of the tests.

A

A. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

75
Q

Least privilege is a security concept that requires that a user is
A. limited to those functions required to do the job
B. given root or administrative privileges
C. trusted to keep all data and access to that data under their sole control
D. given privileges equal to everyone else in the department

A

A. limited to those functions required to do the job

76
Q 
Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?
A. Ping of death
B. SYN flooding
C. TCP hijacking
D. Smurf attack
A

A. Ping of death

77
Q 
You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?
A. hping2 host.domain.com
B. hping2 --set-ICMP host.domain.com
C. hping2 -i host.domain.com
D. hping2 -1 host.domain.com
A

D. hping2 -1 host.domain.com

78
Q 
What is the approximate cost of replacement and recovery operation per year of a hard drive that has a value of $300 given that the technician who charges $10/hr would need 10 hours to restore OS and Software and needs further 4 hours to restore the database from the last backup to the new hard disk? Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).
A. $440
B. $100
C. $1320
D. $146
A

D. $146

79
Q

A security administrator notices that the log file of the company’s webserver contains suspicious entries:
(cosas de sql)
Based on source code analysis, the analyst concludes that the login.php script is vulnerable to
A. command injection
B. sql injection
C. directory traversal
D. LDAP injection

A

B. SQL injection

80
Q 
Which of the following is used to indicate a single-line comment in structured query language (SQL)? 
A. --
B. | |
C. %%
D. "
A

A. –

81
Q 
If an attacker uses the command SELECT*FROM user WHERE name = 'x' AND userid IS NULL; --'; which type of SQL injection attack is the attacker performing? 
A. End of Line Comment 
B. UNION SQL Injection 
C. Illegal/Logically Incorrect Query
D. Tautology
A

D. Tautology

82
Q 
On the OSI model, where does PPTP encryption take place?
A. Transport layer 
B. Application layer 
C. Data link layer 
D. Network layer
A

C. Data link layer

83
Q

Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?
A. Validate and escape all information sent to a server
B. Use security policies and procedures to define and implement proper security settings
C. Verify access right before allowing access to protected information and UI controls
D. Use digital certificates to authenticate a server prior to sending data

A

A. Validate and escape all information sent to a server

84
Q

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?
A. Restore a random file.
B. Perform a full restore.
C. Read the first 512 bytes of the tape.
D. Read the last 512 bytes of the tape.

A

B. Perform a full restore

85
Q 
If you want only to scan fewer ports than the default scan using Nmap tool, which option would you use?
A. -sP 
B. -P 
C. -r
D. -F
A

B. -P

86
Q 
One way to defeat a multi-level security solution is to leak data via 
A. a bypass regulator
B. steganography 
C. a covert channel 
D. asymmetric routing
A

C. a covert channel

87
Q

Under what conidtions does a secondary name server request a zone transfer from a primary name server?
A. When a primary SOA is higher that a secondary SOA
B. When a secondary SOA is highter that a primary SOA
C. When a primary name server has had its service restarted
D. When a secondary name server has had its service restarted
E. when the TTL falls to zero

A

A. When a primary SOA is higher that a secondary SOA

88
Q 
Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF?
A. Omnidirectional antenna
B. Dipole antenna
C. Yagi antenna
D. Parabolic grid antenna
A

C. Yagi antenna

89
Q 
What is the proper response for a NULL scan is the port is closed? 
A. SYN
B. ACK
C. FIN
D. PSH
E. RST 
F. No response
A

E. RST

90
Q

A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work, so the consultant prins out several audits that have been performed. Which of the following is likely to occur as a result?
A. The consultant will ask for money on the bid because of great work.
B. The consultant may expose vulnerabilities of other companies.
C. The consultant accepting bids will want the same type of format of testing.
D. The company accepting bids will hire the consultant because of the great work perfomed.

A

B. The consultant may expose vulnerabilities of other companies

91
Q 
Which protocol is used for setting up secure channels between two devices, typically in
VPNs?
A. PPP
B. IPSEC
C. PEM
D. SET
A

B. IPSEC

92
Q 
You have successfully gained access to a linux server and would like to ensure that the
succeeding outgoing traffic from this server will not be caught by a Network Based Intrusion
Detection Systems (NIDS).
What is the best way to evade the NIDS?
A. Encryption
B. Protocol Isolation
C. Alternate Data Streams
D. Out of band signaling
A

A. Encryption

93
Q

What tool and process are you going to use in order to remain undetected by an IDS while pivoting and passing traffic over a server you’ve compromised and gained root access to?
A. Install Cryptcat and encrypt outgoing packets from this server.
B. Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion
Detection Systems.
C. Use Alternate Data Streams to hide the outgoing packets from this server.

A

A. Install Cryptcat and encrypt outgoing packets from this server.

94
Q 
Which of the following tools can be used for passive OS fingerprinting?
A. tcpdump
B. nmap
C. ping
D. tracert
A

A. tcpdump

95
Q

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?
A. All are hacking tools developed by the legion of doom
B. All are tools that can be used not only by hackers, but also security personnel
C. All are DDOS tools
D. All are tools that are only effective against Windows
E. All are tools that are only effective against Linux

A

C. All are DDOS tools

96
Q 
A recently hired network security associate at a local bank was given the responsibility to perform daily scans of the internal network to look for unauthorized devices. The employee decides to write a script that will scan the network for unauthorized devices every morning at 5:00 am. Which of the following programming languages would most likely be used?
A. PHP
B. C#
C. Python
D. ASP.NET
A

C. Python

97
Q

Websites and web portals that provide web services commonly user the Simple Object Acces Protocol SOAP. Which of the following is an incorrect definition or characteristics in the protocol?
A. Based on XML
B. Provides a structured model for messaging
C. Exchanges data between web services
D. Only compatible with the application protocol HTTP

A

D. Only compatible with the application protocol HTTP

98
Q

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the transport layer security (TLS) protocols defined in RFC6520.
What type of key does this bug leave exposed to the Internet making exploitation of any
compromised system very easy?
A. Private
B. Public
C. Shared
D. Root

A

A. Private

99
Q 
A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop anti-virus and E-mail gateway. This approach can be used to mitigate which kind of attack? 
A. Forensic attack
B. ARP spoofing attack
C. Social engineering attack 
D. Scanning attack
A

C. Social engineering attack

100
Q

Craig received a report of all the computers on the network that showed all the missing
patches and weak passwords. What type of software generated this report?
A. a port scanner
B. a vulnerability scanner
C. a virus scanner
D. a malware scanner

A

B. a vulnerability scanner

101
Q

A Network Administrator was recently promoted to Chief Security Officer at a local uniersity. One of employee’s new responsabilities is to manage the implementation of an RFID card access system to a new server room on campus. The server room will house student enrollment information that is securely backed up to an off-site location.
During a meeting with an outside consultant, the Chief Security Officer explains that he is concerned that the existing security controls have not been designed properly. Currently, the Network Administrator is responsible for approving and issuing RFID card access to the server room, as well as reviewing the electronic access logs on a weekly basis.
Which of the following is an issue with the situation?
A. Segregation of duties
B. Undue influence
C. Lack of experience
D. Inadequate disaster recovery plan

A

A. Segregation duties

102
Q

A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content.
Which sort of trojan infects this server?
A. Botnet Trojan
B. Turtle Trojans
C. Banking Trojans
D. Ransomware Trojans

A

A. Botnet Trojan

103
Q 
Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?
A. Kismet (Linux)
B. Nessus
C. Netstumbler (Windows)
D. Abel
A

A. Kismet

104
Q 
Which of the following types of firewalls ensures that the packets are part of the established session? 
A. Stateful inspection firewall 
B. Circuit-level firewall 
C. Application-level firewall 
D. Switch-level firewall
A

A. Stateful inspection firewall

105
Q

When discussing passwords, what is considered a brute force attack?
A. You attempt every single possibility until you exhaust all possible combinations or discover the password
B. You threaten to use the rubber hose on someone unless they reveal their password
C. You load a dictionary of words into your cracking program
D. You create hashes of a large number of words and compare it with the encrypted passwords
E. You wait until the password expires

A

A. You attempt every single possibility until you exhaust all possible combinations or discover the password

106
Q 
What is the process of logging, recording and resolving events that take place in an organization? 
A. Incident MAnagement Process
B. Security Policy 
C. Internal Procedure 
D. Metrics
A

A. Incident Management Process

107
Q

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?
A. Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security
B. Maintenance of the nation’s Internet infrastructure builds out new Internet infrastructure, and decommissions old Internet infrastructure.
C. Registration of critical penetration testing for the Department of Homeland Security and public and private sectors.
D. Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors

A

A. Incident response services to any user, company, government agency, or organizaiton in partnership with the Department of Homeland Security

108
Q

What does the following command in netcat do?
nc -l -u -p55555 < /etc/passwd
A. logs the incoming connections to /etc/passwd file
B. loads the /etc/passwd file to the UPD port 55555
C. grabs the /etc/passwd file when connected to the UDP port 55555
D. deletes the /etc/psswd file when connected to the UDP port 55555

A

C. grabs the /etc/psswd file when connected to the UDP port 55555

109
Q

What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?
A. Set a BIOS password
B. Encrypt the data on the hard drive
C. Use a strong logon password to the operating system
D. Backup everything on the laptop and store the backup in a safe place.

A

B. Encrypt the data on the hard drive

110
Q

Sandra si the security administrator of XYZ.com. One day she notices that the XYZ.com Oracle database server has been compromised and customer information along with financial data has been stolen. The financial loss will be estimated in millions of dollars if the database gets into the hands of competitors. Sandra wants to report this crime to the law enforcement agencies immediately.
Which organization coordinates computer crime investigations throughout the United States?
A. NDCA
B. NICP
C. CIRP
D. NPC
E. CIA

A

D. NPC (National Crime Prevention Council)

111
Q 
Which of the following commands runs snort in packet logger mode? 
A. ./snort -dev -h ./log
B. ./snort -dev -l ./log
C. ./snort -dev -o ./log
D. ./snort -dev -p ./log
A

B. ./snort -dev -l ./log

112
Q

When comparing the testing methodologies of Open Web Application Security Project
(OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is:
A. OWASP is for web applications and OSSTMM does not include web applications.
B. OSSTMM is gray box testing and OWASP is black box testing.
C. OWASP addresses controls and OSSTMM does not.
D. OSSTMM addresses controls and OWASP does not.

A

D. OSSTMM addresses controls and OWASP does not.

113
Q 
These hackers have limited or no training and know how to use only basic techniques or tools. What kind of hackers are we talking about?
A. Black-Hat Hackers A
B. Script Kiddies
C. White-Hat Hackers
D. Gray-Hat Hacker
A

B. Script Kiddies

114
Q

You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What wireshark filter will show the connections from the snort machine to kiwi syslog machine?
A. tcp.dstport==514 && ip.dst==192.168.0.150
B. tcp.srcport==514 && ip.src==192.168.0.99
C. tcp.dstport==514 && ip.dst==192.168.0.0/16
D. tcp.srcport==514 && ip.src==192.168.150

A

A. tcp.dstport==514 && ip.dst==192.168.0.150

115
Q

Which of the following act requires employer’s standard national numbers to identify them on standard transactions?
A. SOX (Sarbanes-Oxley Act)
B. HIPAA (Health Insurance Portability and Accountability Act)
C. DMCA (Digital Milennium Copyright Act)
D. PCI-DSS (Payment Card Industry Data Security Standard)

A

B. HIPAA (Health Insurance Portability and Accountability Act)

116
Q 
Study the snort rule given below:
(foto)
From the options below, choose the exploit against which this rule applies.
A. WebDav
B. SQL Slammer
C. MS Blaster
D. MyDoom
A

C. MS Blaster

117
Q 
As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing. What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester?
A. Terms of Engagement
B. Project Scope
C. Non-Disclosure Agreement
D. Service Level Agreement
A

A. Terms of Engagement

118
Q 
Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's sistems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms. What is this document called?
A. Information Audit Policy (IAP) 
B. Information Security Policy (ISP) 
C. Penetration Testing Policy (PTP) 
D. Company Compliance Policy (CCP)
A

B. Information Security Policy (ISP)

119
Q

Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has estabished a session with his computer. How wan Fred accomplish this?
A. Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer
B. He can send an IP packet with the SYN bit and the source address of his computer
C. Fred can send and IP packet with the ACK bit set to zero and the source address of the switch.
D. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

A

D. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

120
Q 
A common cryptographical tool is the use of XOR. XOR the following binary values: 
10110001
00111010
A. 10001011
B. 11011000
C. 10011101
D. 10111100
A

A. 10001011

121
Q 
What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?
A. Residual risk
B. Inherent risk
C. Deferred risk
D. Impact risk
A

A. Residual risk

122
Q 
Which of the following tools is used to analyze the files produced by several packet-captureprograms such as tcpdump, WinDump, Wireshark, and EtherPeek?
A. tcptrace
B. tcptraceroute
C. Nessus
D. OpenVAS
A

A. tcptrace

123
Q

You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.
Dear valued customers, We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your antivirus code:
or you may contact us at the following address: Media Internet Consultants, Edif. Neptuno, Planta Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama
How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?
A. Look at the website design, if it looks professional then it is a Real Anti-Virus website
B. Connect to the site using SSL, if you are successful then the website is genuine
C. Search using the URL and Anti-Virus product name into Google and lookout for suspicious
warnings against this site
D. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
E. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

A

C. Search using the URL and Anti-Virus product name into Google and lookout for suspicious
warnings against this site

124
Q 
Which DNS resource record can indicate how long any "DNS poisoning" could last? 
A. MX (mail exchange) 
B. SOA (start of authority) 
C. NS (name server) 
D. TIMEOUT
A

B. SOA (start of authority)

125
Q

You are logged in as a local admin on a Windows 7 system and you need to launch the
Computer Management Console from command line.
Which command would you use?
A. c:\compmgmt.msc
B. c:\services.msc
C. c:\ncpa.cp
D. c:\gpedit

A

A. c:\compmgmt.msc

CEH (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions