Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CEH v10 > Sample Questions 4 > Flashcards

Sample Questions 4 Flashcards

1
Q

Which of these is capable of searching for and locating rogue access points?

A. HIDS
B. NIDS
C. WISS
D. WIPS

A

D. WIPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer's software and hardware without the owner's permission. Their intention can either be to simply gain knowledge or to illegally make changes.
Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?

A. White Hat
B. Suicide Hacker
C. Gray Hat
D. Black Hat

A

C. Gray Hat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP). Which of the following is an incorrect definition or characteristics of the protocol?

A. Based on XML
B. Only compatible with the application protocol HTTP
C. Exchanges data between web services
D. Provides a structured model for messaging

A

B. Only compatible with the application protocol HTTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user’s password or activate disabled Windows accounts?

A. John the Ripper
B. SET
C. CHNTPW
D. Cain & Abel

A

C. CHNTPW

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

A. At least twice a year or after any significant upgrade or modification
B. At least once a year and after any significant upgrade or modification
C. At least once every two years and after any significant upgrade or modification
D. At least once every three years or after any significant upgrade or modification

A

B. At least once a year and after any significant upgrade or modification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP.
Which tool could the tester use to get a response from a host using TCP?

A. Traceroute
B. Hping
C. TCP ping
D. Broadcast ping

A

B. Hping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following types of jailbreaking allows user-level access but does not allow iboot-level access?

A. Bootrom Exploit
B. iBoot Exploit
C. Sandbox Exploit
D. Userland Exploit

A

D. Userland Exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is attempting an injection attack on a web server based on responses to True/False questions called?

A. DMS-specific SQLi
B. Compound SQLi
C. Blind SQLi
D. Classic SQLi

A

C. Blind SQLi

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?

A. Snort
B. Nmap
C. Cain & Abel
D. Nessus

A

A. Snort

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The collection of potentially actionable, overt, and publicly available information is known as

A. Open-source intelligence
B. Human intelligence
C. Social intelligence
D. Real intelligence

A

A. Open-source intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?

A. [cache:]
B. [site:]
C. [inurl:]
D. [link:]

A

B. [site:]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?

A. Chosen-plaintext attack
B. Ciphertext-only attack
C. Adaptive chosen-plaintext attack
D. Known-plaintext attack

A

A. Chosen-plaintext attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the most common method to exploit the “Bash Bug” or “ShellShock” vulnerability?

A. Manipulate format strings in text fields
B. SSH
C. SYN Flood
D. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

A

D. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?

A. The file reveals the passwords to the root user only.
B. The password file does not contain the passwords themselves.
C. He cannot read it because it is encrypted.
D. He can open it and read the user ids and corresponding passwords.

A

B. The password file does not contain the passwords themselves.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities.
Which type of virus detection method did Chandler use in this context?

A. Heuristic Analysis
B. Code Emulation
C. Integrity checking
D. Scanning

A

B. Code Emulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.
When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code?

A. Wireshark
B. Ettercap
C. Aircrack-ng
D. Tcpdump

A

B. Ettercap

17
Q

Which of the following security policies defines the use of VPN for gaining access to an internal corporate network?

A. Network security policy
B. Information protection policy
C. Access control policy
D. Remote access policy

A

D. Remote access policy

18
Q

Which of the following statements is TRUE?

A. Sniffers operate on Layer 2 of the OSI model
B. Sniffers operate on Layer 3 of the OSI model
C. Sniffers operate on both Layer 2 & Layer 3 of the OSI model.
D. Sniffers operate on the Layer 1 of the OSI model.

A

A. Sniffers operate on Layer 2 of the OSI model

19
Q

What is the least important information when you analyze a public IP address in a security alert?

A. ARP
B. Whois
C. DNS
D. Geolocation

A

A. ARP

20
Q

On performing a risk assessment, you need to determine the potential impacts when some of the critical business process of the company interrupt its service. What is the name of the process by which you can determine those critical business?

A. Risk Mitigation
B. Emergency Plan Response (EPR)
C. Disaster Recovery Planning (DRP)
D. Business Impact Analysis (BIA)

A

D. Business Impact Analysis (BIA)

21
Q

You are looking for SQL injection vulnerability by sending a special character to web applications.
Which of the following is the most useful for quick validation?

A. Double quotation
B. Backslash
C. Semicolon
D. Single quotation

A

D. Single quotation

22
Q

A virus that attempts to install itself inside the file it is infecting is called?

A. Tunneling virus
B. Cavity virus
C. Polymorphic virus
D. Stealth virus

A

B. Cavity virus

23
Q

Fingerprinting an Operating System helps a cracker because:

A. It defines exactly what software you have installed
B. It opens a security-delayed window based on the port being scanned
C. It doesn’t depend on the patches that have been applied to fix existing security holes
D. It informs the cracker of which vulnerabilities he may be able to exploit on your system

A

D. It informs the cracker of which vulnerabilities he may be able to exploit on your system

24
Q

In the context of Windows Security, what is a ‘null’ user?

A. A user that has no skills
B. An account that has been suspended by the admin
C. A pseudo account that has no username and password
D. A pseudo account that was created for security administration purpose

A

C. A pseudo account that has no username and password

25
Q

What hacking attack is challenge/response authentication used to prevent?

A. Replay attacks
B. Scanning attacks
C. Session hijacking attacks
D. Password cracking attacks

A

A. Replay attacks

26
Q

Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network. What is Bob supposed to do next?

A. Take over the session
B. Reverse sequence prediction
C. Guess the sequence numbers
D. Take one of the parties offline

A

C. Guess the sequence numbers

27
Q

This TCP flag instructs the sending system to transmit all buffered data immediately.

A. SYN
B. RST
C. PSH
D. URG
E. FIN

A

C. PSH

28
Q

You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company’s Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

A. Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account
B. Package the Sales.xls using Trojan wrappers and telnet them back your home computer
C. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques
D. Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account

A

C. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques

29
Q

Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this?

A. Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his
computer.
B. He can send an IP packet with the SYN bit and the source address of his computer.
C. Fred can send an IP packet with the ACK bit set to zero and the source address of the switch.
D. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

A

D. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

30
Q

What is a NULL scan?

A. A scan in which all flags are turned off
B. A scan in which certain flags are off
C. A scan in which all flags are on
D. A scan in which the packet size is set to zero
E. A scan with a illegal packet size

A

A. A scan in which all flags are turned off

31
Q

Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?

A. Produces less false positives
B. Can identify unknown attacks
C. Requires vendor updates for a new threat
D. Cannot deal with encrypted network traffic

A

B. Can identify unknown attack

32
Q

A zone file consists of which of the following Resource Records (RRs)?

A. DNS, NS, AXFR, and MX records
B. DNS, NS, PTR, and MX records
C. SOA, NS, AXFR, and MX records
D. SOA, NS, A, and MX records

A

D. SOA, NS, A, and MX records

33
Q

Which DNS resource record can indicate how long any “DNS poisoning” could last?

A. MX
B. SOA
C. NS
D. TIMEOUT

A

B. SOA

34
Q

Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library? This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

A. SSL/TLS Renegotiation Vulnerability
B. Shellshock
C. Heartbleed Bug
D. POODLE

A

C. Heartbleed Bug

35
Q

Cross-site request forgery involves:

A. A request sent by a malicious user from a browser to a server
B. Modification of a request by a proxy between client and server
C. A browser making a request to a server without the user’s knowledge
D. A server making a request to another server without the user’s knowledge

A

C. A browser making a request to a server without the user’s knowledge

36
Q

_________ is a set of extensions to DNS that provide to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attacks types.

A. DNSSEC
B. Resource records
C. Resource transfer
D. Zone transfer

A

A. DNSSEC

37
Q

Which of the following is considered as one of the most reliable forms of TCP scanning?

A. TCP Connect/Full Open Scan
B. Half-open Scan
C. NULL Scan
D. Xmas Scan

A

A. TCP Connect/Full Open Scan

CEH v10 (25 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions