Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CEH v9 > Mock Exam - 1 > Flashcards

Mock Exam - 1 Flashcards

1
Q

Describe the characteristics of a Boot Sector Virus?

A

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the most common method to exploit the “Bash Bug” or “ShellShock” vulnerability?

A

Through web servers utilization CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerability web server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

It’s important to enumerate which HTTP methods (GET POST HEAD PUT DELETE TRACE) a web server had available. Which nmap script will help you perform the task of finding out the methods?

A

http-methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files and one is a binary file named nc (netcat). The logs show the user logged in anonymously uploaded. The files extracted the contents and ran the script using a function provided by the FTP server software. The PS command shows the NC file is running as a process and the netstat command shows the NC process is listening on the network port. What kind of vulnerability had to have existed to make this remote attack possible?

A

File System Permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A new wireless client is configured to join an 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect to it. A wireless tool similar to Wireshark shows that the WAP is not responding to the association requests being sent by the client. What is the possible source of the problem?

A

The WAP does not recognize the client’s MAC address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

If you are with your colleagues and are all sharing files via Bluetooth and one of them starts getting unwanted advertising on their mobile, what attack is happening?

A

Bluejacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a Linux platform?

a. Kismet
b. Nessus
c. Netstumbler
d. Abel

A

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT.Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a collision attack in cryptography?

A

Collision attacks try to find two inputs that produce the same hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An NMAP scan of a server shows port 25 is open. What risk could this pose?

A

Active mail relay since SMTP is open

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Each of the following are methods to detect trojans except:

a. Scan for suspicious registry entries
b. Scan for suspicious modifications to OS files
c. Scan for suspicious open ports
d. Scan for suspicious log-in attempts

A

d. Scan for suspicious log-in attempts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. An attacker has installed a RAT on a host. The attacker now has control of the machine through the RAT. The attacker wants to now ensure that if the user attempts to go to www.BestBank.com that the user is directed to a phishing site. What file does the attacker need to modify to make this happen?
    a. Sudoers
    b. Networks
    c. Hosts
    d. Boot.ini
A

c. Hosts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following answers refer to a loss in wireless signal strength during transmission caused by increasing distance and obstacles encountered on the signal path?

a. Attenuation
b. Amplitude
c. Cross-talk
d. Channel bonding

A

Attentuation = the reduction of the amplitude of a signal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the purpose of an application security policy or standard?

A

To reduce risk created by company applications that access sensitive data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is a protocol specifically designed for transporting event messages?

a. SYSLOG
b. MSI
c. SNMP
d. CMP

A

syslog

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the process of logging, recording and resolving events that take place in an organization?

A

Incident Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The purpose of a ____________ is to deny network access to LAN and other information assets by unauthorized wireless devices.

A

Wireless intrusion prevention system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

A

Transport layer port numbers and application layer headers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

During a blackbox pentest you attempt to pass IRC traffic over port TCP port 80 from a compromised web enabled host. The traffic gets blocked. Outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic

A

Stateful

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Your IDS admin gets an alerts for the IDS. The associated packets are saved as a pcap file. What type of network tool can be used to determine if these packets are generally malicious or simply a false positive?

A

protocol analyzer

20
Q

Which of the following is an extremely common IDS evasion technique in the web world?

a. Using unicode characters
b. Port knocking
c. Subnetting
d. Spyware

A

a. using unicode characters

21
Q

You work as a security analyst for a retail organization. In securing the company’s network, you setup a firewall and an IDS. However, hackers are able to attack the network. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?

a. True negative
b. False negative
c. False positive
d. Ture positive

A

False Negative

22
Q

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? Alert tcp any any -> 192.168.100.0/24 21 (msg: “FTP on the network fool!”;)

a. A router IPtable
b. A firewall IPtable
c. FTP server rule
d. An IDS

A

d. An IDS

23
Q

The heartbleed vulnerability allows hackers to steal

a. Hashes
b. Private keys
c. Public keys
d. Certificates

A

b. Private Keys

24
Q

The recently discovered heartbleed is a:

a. Control
b. Exploit
c. Vulnerability
d. Threat

A

C. Vulnerability

25
Q

In 2014 there was an important vulnerability in GNU’s bash shell. It gives attackers access the ability to run remote commands on a vulnerable system. The malicious software can take control of an infected machine and launch a DoS attack or disrupt websites. What is this vulnerability known as?

A

Shellshock

26
Q

What is the hardware equivalent of the process isolation principle which is used in software?

A

Hardware segmentation

27
Q

Which of the following defines the minimum security and privacy controls for US federal information systems and organizations?

a. NIST 800-53
b. PCI-DSS
c. HIPAA
d. EU Safe Harbor

A

NIST 800-53

28
Q

What is the process of logging, recording, and resolving events that take place in an organization?

A

Incident Management Process

29
Q

What is the purpose of an application security policy or standard?

A

To reduce risk created by company applications that access sensitive data

30
Q

What’s the Android Runtime?

A

The core libraries and virtual machine in Android

31
Q

Which of the following is a program that can jailbreak some Windows Phone/RT 8 devices?

a. evasiOn
b. Super One Click
c. Gingerbreak
d. RT Jailbreak Tool

A

D. RT Jailbreak Tool

32
Q

Droidsheep is an Android application for ___

A

Sidejacking

33
Q

You’ve gained access to a Windows 2008 Server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit you have an Ubuntu 9.10 Linux Live CD. Which Linux based tool has the ability to change any user’s password or active disabled Windows accounts?

a. Set
b. John the Ripper
c. Cain & Able
d. CHNTPW

A

CHNTPW

34
Q

This configuration allows a wired or wireless network interface controller to pass all traffic it receives to the central processing unit (CPU) rather than passing only the frames that the controller is intended to receive. Which of the following is being described?

A

Promiscuous Mode

35
Q

Which of the following tools can be used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

a. Traceroute
b. OpenVAS
c. Nessustcp
d. Tcptrace

A

Tcptrace

36
Q

Nmap -sn 192.168.153.200-215. The above nmap command performs which of the following?

a. A ping scan
b. An operating system detect scan
c. A trace sweep
d. A port scan

A

a ping scan

37
Q

Which command will allow you to enumerate all machines on the network quickly?

a. nmap -T4 -q 10.10.1.0/24
b. nmap -T4 -O 10.10.1.0/24
c. nmap -T4 -F 10.10.1.0/24
d. nmap -T4 -r 10.10.1.0/24

A

c. nmap -T4 -F 10.10.1.0/24

38
Q

You are doing a penetration test and gathering information. You have found pdfs, docs, and images. You decide to extract metadata from these files and analyze it. What tool will help you with the task?

A

Metagoofil

39
Q

Which tool allows analyst and pen testers to examine links between data using graphs and link analysis?

A

Maltego

40
Q
  1. Which of the following is a man-in-the-middle exploit?
    a. Poodle
    b. All of these
    c. Heartbleed
    d. Shellshock
A

Poodle

41
Q

________ is an entity or event with the potential to adversely impact a system through unauthorized access, destruction, disclosures, denial of service or modification of data.

A

Threat

42
Q

Which Google command will help you search for all pages indexed for example.com?

A

Site: example.com

43
Q

You want to perform an aggressive scan on TCP ports 80 and 443 ranging from 10.1.0.1-10.1.1.255. What command would best serve the requirements?

a. Nmap –n –sO –T4 –p80,443 10.1.1.0/24
b. Nmap –n –A –sT –p80,443 10.1.1.0/24
c. Nmap –n –A –sU –T4 –p80,443 10.1.1.0/23
d. Nmap –n –A –sS –p80,443 10.1.0.0/23

A

d. Nmap –n –A –sS –p80,443 10.1.0.0/23

44
Q

How can rainbow tables be defeated?

A

Salting

45
Q

Running an NMAP scan, you discover port 25 is open. What is the primary concern?

A

Active mail relay

46
Q

An NMAP scan shows port 993 closed, 21 open, 23 open, 80 open, 129 open, 515 open, 631 open, 9100 open for host 172.16.40.60. Based on this information, what would you expect the host to be?

a. Server 2003
b. Server 2012
c. VOIP Phone
d. Printer
e. Cisco Wireless AP
f. Cisco Catalyst 2960 Switch

A

D. Port 9100 is the standard port for the “RAW” print protocol. Port 631 is the Internet Printing Protocol. Port 515 is LPD printing protocol.

CEH v9 (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions