Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CEH v10 > Sample Questions 2 > Flashcards

Sample Questions 2 Flashcards

1
Q

503

The “white box testing” methodology enforces what kind of restriction?

A. Only the internal operation of a system is known to the tester.

B. The internal operation of a system is completely known to the tester.

C. The internal operation of a system is only partly accessible to the tester.

D. Only the external operation of a system is accessible to the tester.

A

B. The internal operation of a system is completely known to the tester.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools. Which of the following tools is being described?

A. wificracker

B. Airguard

C. WLAN-crack

D. Aircrack-ng

A

D. Aircrack-ng

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The following is part of a log file taken from the machine on the network with the IP address of 192.168.0.110:

What type of activity has been logged?

A. Teardrop attack targeting 192.168.0.110

B. Denial of service attack targeting 192.168.0.105

C. Port scn targeting 192.168.0.110

D. Port scan targeting 192.168.0.105

A

C. Port scn targeting 192.168.0.110

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?

A. nmap –A - Pn

B. nmap –sP –p-65535-T5

C. nmap –sT –O –T0

D. nmap –A –host-timeout 99-T1

A

C. nmap –sT –O –T0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Bob, your senior colleague, has sent you an email regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days, Bob denies that he had ever sent an email. What do you want to “know” to prove yourself that it was Bob who had send the email?

A. Confidentiality

B. Integrity

C. Non-Repudiation

D. Authentication

A

C. Non-Repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?

A. ACK

B. SYN

C. RST

D. SYN-ACK

A

B. SYN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user’s browser to send malicious requests they did not intend?

A. Command Injection Attacks

B. File Injection Attack

C. Cross-Site Request Forgery (CSRF)

D. Hidden Field Manipulation Attack

A

C. Cross-Site Request Forgery (CSRF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which is the first step followed by Vulnerability Scanners for scanning a network?

A. TCP/UDP Port scanning

B. Firewall detection

C. OS Detection

D. Checking if the remote host is alive

A

D. Checking if the remote host is alive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which attack scenarios will compromise the privacy of her data?

A. None of these scenarios compromise the privacy of Alice’s data

B. Agent Andrew subpoenas Alice, forcing her to reveal her private key. However, the cloud server successfully resists Andrew’s attempt to access the stored data

C. Hacker Harry breaks into the cloud server and steals the encrypted data

D. Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before

A

D. Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Bob, a NW Admin at Big University, realized that some students are connecting their notebooks in the wired NW to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students. He id’d this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem?

A. Disable unused ports in the switches

B. Separate students in a different VLAN

C. Use the 802.1x protocol

D. Ask students to use the wireless network

A

C. Use the 802.1x protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient’s consent, similar to email spamming?

A. Bluesmacking

B. Bluesniffing

C. Bluesnarfing

D. Bluejacking

A

D. Bluejacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which method of password cracking takes the most time and effort?

A. Shoulder surfing

B. Brute force

C. Dictionary attack

D. Rainbow tables

A

B. Brute force

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The following are types of Bluetooth attack EXCEPT_____?

A. Bluejacking

B. Bluesmacking

C. Bluesnarfing

D. Bluedriving

A

D. Bluedriving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following program infects the system boot sector and the executable files at the same time?

A. Stealth virus

B. Polymorphic virus

C. Macro virus

D. Multipartite Virus

A

D. Multipartite Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An IT employee got a call from one of our best customers. The caller wanted to know about the company’s network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?

A. The employees cannot provide any information; but, anyway, he/she will provide the name of the person in charge.

B. Since the company’s policy is all about Customer Service, he/she will provide information.

C. Disregarding the call, the employee should hang up.

D. The employee should not provide any information without previous management authorization.

A

D. The employee should not provide any information without previous management authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8. While monitoring the data, you find a high number of outbound connections. You see that IP’s owned by XYZ (Internal) and private IP’s are communicating to a Single Public IP. Therefore, the Internal IP’s are sending data to the Public IP. After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised. What kind of attack does the above scenario depict?

A. Botnet Attack

B. Spear Phishing Attack

C. Advanced Persistent Threats

D. Rootkit Attack

A

A. Botnet Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?

A. Function Testing

B. Dynamic Testing

C. Static Testing

D. Fuzzing Testing

A

D. Fuzzing Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?

A. Keyed Hashing

B. Key Stretching

C. Salting

D. Double Hashing

A

C. Salting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

A. –T0

B. –T5

C. -O

D. -A

A

B. –T5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following provides a security professional with most information about the system’s security posture?

A. Wardriving, warchalking, social engineering

B. Social engineering, company site browsing, tailgating

C. Phishing, spamming, sending trojans

D. Port scanning, banner grabbing, service identification

A

D. Port scanning, banner grabbing, service identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

A. Deferred risk

B. Impact risk

C. Inherent risk

D. Residual risk

A

D. Residual risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

nmap –sX host.domain.com

An attacker scans a host with the below command. Which three flags are set?

A. This is ACK scan. ACK flag is set

B. This is Xmas scan. SYN and ACK flags are set

C. This is Xmas scan. URG, PUSH and FIN are set

D. This is SYN scan. SYN flag is set

A

C. This is Xmas scan. URG, PUSH and FIN are set

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Due to a slowdown of normal network operations, the IT department decided to monitor internet traffic for all of the employees. From a legal stand point, what would be troublesome to take this kind of measure?

A. All of the employees would stop normal work activities

B. IT department would be telling employees who the boss is

C. Not informing the employees that they are going to be monitored could be an invasion of privacy.

D. The network could still experience traffic slow down.

A

C. Not informing the employees that they are going to be monitored could be an invasion of privacy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which component of IPsec performs protocol-level functions that are required to encrypt and decrypt the packets?

A. Internet Key Exchange (IKE)

B. Oakley

C. IPsec Policy Agent

D. IPsec driver

A

A. Internet Key Exchange (IKE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Info Technologies, there are sub-policies like Computer Security Policy, Info Protection Policy, Info Security Policy, network Security Policy, Physical Security Policy, Remote Access Policy, and User Account Policy. What is the main theme of the sub-policies for Info Technologies?

A. Availability, Non-repudiation, Confidentiality

B. Authenticity, Integrity, Non-repudiation

C. Confidentiality, Integrity, Availability

D. Authenticity, Confidentiality, Integrity

A

C. Confidentiality, Integrity, Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF?

A. Omnidirectional antenna

B. Dipole antenna

C. Yagi antenna

D. Parabolic grid antenna

A

C. Yagi antenna

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Why should the security analyst disable/remove unnecessary ISAPI filters?

A. To defend against social engineering attacks

B. To defend against webserver attacks

C. To defend against jailbreaking

D. To defend against wireless attacks

A

B. To defend against webserver attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Internet Protocol Security IPSec is actually a suite of protocols. Each protocol within the suite provides different functionality. Collective IPSec does everything except.

A. Work at the Data Link Layer

B. Protect the payload and the headers

C. Encrypt

D. Authenticate

A

A. Work at the Data Link Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

A. Black-box

B. Announced

C. White-box

D. Grey-box

A

D. Grey-box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends “many” IP packets, based on the average number of packets sent by all origins and using some thresholds. In concept, the solution developed by Bob is actually:

A. Just a network monitoring tool

B. A signature-based IDS

C. A hybrid IDS

D. A behavior-based IDS

A

A. Just a network monitoring tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which of the following is a low-tech way of gaining unauthorized access to systems?

A. Scanning

B. Sniffing

C. Social Engineering

D. Enumeration

A

C. Social Engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which regulation defines security and privacy controls for Federal information systems and organizations?

A. HIPAA

B. EU Safe Harbor

C. PCI-DSS

D. NIST-800-53

A

D. NIST-800-53

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Your company performs pen tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover info that suggests your client is involved with human trafficking. What should you do?

A. Confront the client in a respectful manner and ask her about the data.

B. Copy the data to removable media and keep it in case you need it.

C. Ignore the data and continue the assessment until completed as agreed.

D. Immediately stop work and contact the proper legal authorities.

A

D. Immediately stop work and contact the proper legal authorities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

A. 123

B. 161

C. 69

D. 113

A

A. 123

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

It has been reported to you that someone has caused an information spillage on their computer. You go to the computer, disconnect it from the network, remove the keyboard and mouse, and power it down. What step in incident handling did you just complete?

A. Discovery

B. Recovery

C. Containment

D. Eradication

A

C. Containment

36
Q

Which of the following cryptography attack is an understatement for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by a coercion or torture?

A. Chosen-Cipher text Attack

B. Ciphertext-only Attack

C. Timing Attack

D. Rubber Hose Attack

A

D. Rubber Hose Attack

37
Q

Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

A. AH permiscuous

B. ESP confidential

C. AH Tunnel mode

D. ESP transport mode

A

D. ESP transport mode

38
Q

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

A. Black-box

B. Announced

C. White-box

D. Grey-box

A

D. Grey-box

39
Q

The company ABC recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What is the following options can be useful to ensure the integrity of the data?

A. The CFO can use a hash algorithm in the document once he approved the financial statements

B. The CFO can use an excel file with a password

C. The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document

D. The document can be sent to the accountant using an exclusive USB for that document

A

A. The CFO can use a hash algorithm in the document once he approved the financial statements

40
Q

Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drown based on these scan results?

TCP port 21 – no response

TCP port 22 – no response

TCP port 23 – Time-to-live exceeded

A. The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error

B. The lack of response from ports 21 and 22 indicate that those services are not running on the destination server

C. The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall

D. The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host

A

C. The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall

41
Q

A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted. Which cryptography attack is the student attempting?

A. Man-in-the-middle attack

B. Session hijacking

C. Brute-force attack

D. Dictionary-attack

A

D. Dictionary-attack

42
Q

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering that NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at 20011-03-15 11:06 NMAP scan report for 172.16.40.65 Host ip up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8

A. The host is likely a Linux machine.

B. The host is likely a printer.

C. The host is likely a router.

D. The host is likely a Windows machine

A

B. The host is likely a printer.

43
Q

Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com”. Which statement below is true?

A. This is scam as everybody can get a @yahoo address, not the Yahoo customer service employees.

B. This is scam because Bob does not know Scott.

C. Bob should write to scottmelby@yahoo.com to verify the identity of Scott.

D. This is probably a legitimate message as it comes from a respectable organization.

A

A. This is scam as everybody can get a @yahoo address, not the Yahoo customer service employees.

44
Q

Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems?

A. Single sign-on

B. Windows authentication

C. Role Based Access Control (RBAC)

D. Discretionary Access Control (DAC)

A

A. Single sign-on

45
Q

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

A. Stealth virus

B. Tunneling virus

C. Cavity virus

D. Polymorphic virus

A

A. Stealth virus

46
Q

What is the difference between the AES and RSA algorithms?

A. Both are symmetric algorithms, but AES uses 256-bit keys

B. AES is asymmetric, which is used to create a public/private key pair; RSA is symmetric, which is used to encrypt data

C. Both are asymmetric algorithms, but RSA uses 1024-bit keys

D. RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data

A

D. RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data

47
Q

In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the passkey in a matter of seconds. This security flaw led to a network invasion of TJ Maxx and data theft through a technique known as wardriving. Which Algorithm is this referring to?

A. Wired Equivalent Privacy (WEP)

B. Wi-Fi Protected Access (WPA)

C. Wi-Fi Protected Access 2 (WPA2)

D. Temporal Key Integrity Protocol (TKIP)

A

A. Wired Equivalent Privacy (WEP)

48
Q

You are an Ethical Hacker who is auditing the ABC company. When you verify the NOC one of the machines has 2 connections, one wired and the other wireless. When you verify the configuration of this Windows system you find two static routes.

route add 10.0.0.0 mask 255.0.0.0 10.0.0.1

route add 0.0.0.0 mask 255.0.0.0 199.168.0.1

What is the main purpose of those static routes?

A. Both static routes indicate that the traffic is external with different gateway.

B. The first static route indicates that the internal traffic will use an external gateway and the second static route indicates that the traffic will be rerouted.

C. Both static routes indicate that the traffic is internal with different gateway.

D. The first static route indicates that the internal addresses are using the internal gateway and the second static route indicates that all the traffic that is not internal must go to an external gateway.

A

D. The first static route indicates that the internal addresses are using the internal gateway and the second static route indicates that all the traffic that is not internal must go to an external gateway.

49
Q

An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?

A. Use fences in the entrance doors.

B. Install a CCTV with cameras pointing to the entrance doors and the street.

C. Use an IDS in the entrance doors and install some of them near the corners.

D. Use lights in all the entrance doors and along the company’s perimeter.

A

B. Install a CCTV with cameras pointing to the entrance doors and the street.

50
Q

Bob learned that his username and password for a popular game has been compromised. He contacts the company and resets all the information. The company suggests he use two-factor authentication; which option below offers that?

A. A fingerprint scanner and his username and password

B. His username and a stronger password

C. A new username and password

D. Disable his username and use just a fingerprint scanner

A

A. A fingerprint scanner and his username and password

51
Q

You have successfully compromised a machine on the network and found a server that is alive on the same network. You tried to ping it but you didn’t get any response back. What is happening?

A. ICMP could be disabled on the target server.

B. The ARP is disabled on the target server.

C. TCP/IP doesn’t support ICMP.

D. You need to run the ping command with root privileges.

A

A. ICMP could be disabled on the target server.

52
Q

Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization?

A. Preparation phase

B. Containment phase

C. Identification phase

D. Recovery phase

A

A. Preparation phase

53
Q

Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications an unpatched security flaws in a computer system?

A. Nessus

B. Metasploit

C. Maltego

D. Wireshark

A

B. Metasploit

54
Q

Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it begins to close. What just happened?

A. Masquerading

B. Tailgating

C. Phishing

D. Whaling

A

B. Tailgating

55
Q

Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening ports on the targeted system. If a scanned port is open, what happens?

A. The port will ignore the packets.

B. The port will send an RST.

C. The port will send an ACK.

D. The port will send a SYN.

A

A. The port will ignore the packets.

56
Q

Seth is starting a penetration test from inside the network. He hasn’t been given any information about the network. What type of test is he conducting?

A. Internal, Blackbox

B. External, Blackbox

C. External, Whitebox

D. Internal, Whitebox

A

A. Internal, Blackbox

57
Q

Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines to create or alter SQL commands to gain access to private data or execute commands in the database. What technique does Jimmy use to compromise a database?

A. Jimmy can submit user input that executes an operating system command to compromise a target system
B. Jimmy can gain control of system to flood the target system with requests,preventing legitimate users from gaining access
C. Jimmy can utilize an incorrect configuration that leads to access with higher-than expected privilege of the database
D. Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate a target system

A

D. Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate a target system

58
Q

What does ICMP (type 11, code 0) denote?

A. Source Quench
B. Destination Unreachable
C. Time Exceeded
D. Unknown Type

A

C. Time Exceeded

59
Q

Neil is a network administrator working in Istanbul. Neil wants to setup a protocol analyzer on his network that will receive a copy of every packet that passes through the main office switch. What type of port will Neil need to setup in order to accomplish this?

A. Neil will have to configure a Bridged port that will copy all packets to the protocol analyzer.
B. Neil will need to setup SPAN port that will copy all network traffic to the protocol analyzer.
C. He will have to setup an Ether channel port to get a copy of all network traffic to the analyzer.
D. He should setup a MODS port which will copy all network traffic.

A

B. Neil will need to setup SPAN port that will copy all network traffic to the protocol analyzer.

60
Q

David is a security administrator working in Boston. David has been asked by the office’s manager to block all POP3 traffic at the firewall because he believes employees are spending too much time reading personal email. How can David block POP3 at the firewall?

A. David can block port 125 at the firewall.
B. David can block all EHLO requests that originate from inside the office.
C. David can stop POP3 traffic by blocking all HELO requests that originate from inside the office.
D. David can block port 110 to block all POP3 traffic.

A

D. David can block port 110 to block all POP3 traffic.

61
Q

While performing a ping sweep of a local subnet you receive an ICMP reply of Code 3/Type 13 for all the pings you have sent out. What is the most likely cause of this?

A. The firewall is dropping the packets
B. An in-line IDS is dropping the packets
C. A router is blocking ICMP
D. The host does not respond to ICMP packets

A

C. A router is blocking ICMP

62
Q

Which of the following is an example of an asymmetric encryption implementation?

A. SHA1
B. PGP
C. 3DES
D. MD5

A

B. PGP

63
Q

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

A

The CA is the trusted root that issues certificates

64
Q

You have successfully comprised a server having an IP address of 10.10.0.5. You would like to

enumerate all machines in the same network quickly.

What is the best nmap command you will use?

A. nmap -T4 -F 10.10.0.0/24

B. nmap -T4 -r 10.10.1.0/24

C. nmap -T4 -O 10.10.0.0/24

D. nmap -T4 -q 10.10.0.0/24

A

A. nmap -T4 -F 10.10.0.0/24

65
Q

The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).

What is the closest approximate cost of this replacement and recovery operation per year?

A

$146

66
Q

The internal operation of a system is only partly accessible to the tester.

A

Gray Box Testing

67
Q

The internal operation of a system is completely known to the tester.

A

White Box Testing

68
Q

PGP, SSL, and IKE are all examples of which type of cryptography?

A

Public Key

69
Q

Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

A. Metasploit

B. Cain & Abel

C. Maltego

D. Wireshark

A

C. Maltego

70
Q

What type of vulnerability/attack is it when the malicious person forces the user’s browser to send an authenticated request to a server?

A. Cross-site request forgery

B. Cross-site scripting

C. Session hijacking

D. Server side request forgery

A

A. Cross-site request forgery

71
Q

You are doing an internal security audit and intend to find out what ports are open on all the servers. What is the best way to find out?

A. Scan servers with Nmap

B. Scan servers with MBSA

C. Telnet to every port on each server

D. Physically go to each server

A

A. Scan servers with Nmap

72
Q

Why should the security analyst disable/remove unnecessary ISAPI filters?

A. To defend against social engineering attacks

B. To defend against webserver attacks

C. To defend against jailbreaking

D. To defend against wireless attacks

A

B. To defend against webserver attacks

73
Q

You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?

A. Event logs on the PC

B. Internet Firewall/Proxy log

C. IDS log

D. Event logs on domain controller

A

B. Internet Firewall/Proxy log

74
Q

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim’s profile to a text file and then submit the data to the attacker’s database.

What is this type of attack (that can use either HTTP GET or HTTP POST) called?

A. Cross-Site Request Forgery

B. SQL Injection

C. Browser Hacking

D. Cross-Site Scripting

A

A. Cross-Site Request Forgery

75
Q

As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find and verify just SMTP traffic. What command in Wireshark will help you to find this kind of traffic?

A. request smtp 25

B. tcp.port eq 25

C. smtp port

D. tcp.contains port 25

A

B. tcp.port eq 25

76
Q

Which type of security feature stops vehicles from crashing through the doors of a building?

A. Turnstile

B. Bollards

C. Mantrap

D. Receptionist

A

B. Bollards

77
Q

Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications an unpatched security flaws in a computer system?

A. Nessus

B. Metasploit

C. Maltego

D. Wireshark

A

B. Metasploit

78
Q

You want to analyze packets on your wireless network. Which program would you use?

A. Wireshark with Airpcap

B. Airsnort with Airpcap

C. Wireshark with Winpcap

D. Ethereal with Winpcap

A

A. Wireshark with Airpcap

79
Q

In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one knows they sent the spam out to thousands of users at a time. Which of the following best describes what spammers use to hide the origin of these types of e-mails?

A. A blacklist of companies that have their mail server relays configured to allow traffic only to their specific domain name.

B. Mail relaying, which is a technique of bouncing e-mail from internal to external mails servers continuously.

C. A blacklist of companies that have their mail server relays configured to be wide open.

D. Tools that will reconfigure a mail server’s relay component to send the e-mail back to the spammers occasionally.

A

B. Mail relaying, which is a technique of bouncing e-mail from internal to external mails servers continuously.

80
Q

A common cryptographical tool is the use of XOR. XOR the following binary values:

10110001

00111010

a. 10001011
b. 11011000
c. 10011101
d. 10111100

A

a. 10001011

81
Q

Which of the following statements regarding ethical hacking is incorrect?

a. Ethical hackers should never use tools or methods that have the potential of exploiting vulnerabilities in an organization’s systems.
b. Testing should be remotely performed offsite.
c. An organization should use ethical hackers who do not sell vendor hardware/software or other consulting services.
d. Ethical hacking should not involve writing or modifying the target systems.

A

a. Ethical hackers should never use tools or methods that have the potential of exploiting vulnerabilities in an organization’s systems.

82
Q

The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123, and 192.168.1.124. An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is: nmap 192.168.1.64/28. Why can’t he see the servers?

a. the network must beb down and the nmap command and IP address are ok.
b. He needs to add the command “ip address” just before the IP address.
c. He is scanning from 192.168.1.64 to 192.168.1.79 because of the mask CIDR /28 and the servers are not in that range.
d. He needs to change the address to 192.168.1.0 with the same mask.

A

c. He is scanning from 192.168.1.64 to 192.168.1.79 because of the mask CIDR /28 and the servers are not in that range.

83
Q

Which of the following BEST describes the mechanism of a Boot Sector Virus?

a. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.
b. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.
c. Overwrites the original MBR and only executes the new virus code.
d. Modifies directory table entries so that directory entries point to the virus code instead of the actual program.

A

a. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.

84
Q

LM (LAN Manager) hash is a compromised password hashing function. Which of the following parameters described LM Hash:?

I - The maximum password length is 14 characters.

II - There are no distinctions between uppercase and lowercase.

III - It’s a simple algorithm, so 10,000,000 hashes can be generated per second.

a. I
b. I, II, III
c. II
d. I and II

A

b. I, II, III

85
Q

You are the Network Admin, and you get a compliant that some of the websites are no longer accessible. You try to ping the server and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem?

a. Traffic is blocked on UDP port 53
b. Traffic is blocked on UDP Port 80
c. Traffic is blocked on UDP Port 54
d. Traffic is blocked on TCP Port 80

A

a. Traffic is blocked on UDP port 53

86
Q

What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?

a. Set a BIOS password
b. Encrypt the data on the hard drive.
c. Use a strong logon password to the operating system.
d. Backup everything on the laptop and store the backup in a safe place.

A

b. Encrypt the data on the hard drive.

87
Q

In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims. What is the difference between pharming and phishing attacks.

a. Both pharming and phishing attacks are identical.
b. In pharming attacks a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name.
c. In a phishing attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name.
d. Both pharming and phishing attacks are purely technical and are not considered forms of social engineering.

A

b. In pharming attacks a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name.

CEH v10 (25 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions