Security

Question 1

What is the main improvement of ipchains over ipfwadm?

Answer 1

Ability to filter packet fragments

Question 2

What is the purpose of conducting security assessments on network resources?

Answer 2

It validates their correct application

Question 3

Which command enables the Windows firewall?

Answer 3

netsh firewall set opmode enable

Question 4

In the command telnet 192.168.5.5 23, what does the number 23 stand for?

Answer 4

Port number

Question 5

Which program replaced ipfwadm in Linux 2.2x?

Answer 5

ipchains

Question 6

Which program controls the packet filtering or firewall capabilities in Linux kernel versions 1.2.x and 2.0.x?

Answer 6

ipfwadm

Question 7

In which CEH system hacking stage do you execute the payload?

Answer 7

Executing applications

Question 8

What is the process of deriving a value that can be used to determine if any changes have been made in a message called?

Answer 8

Hashing

Question 9

What is it called when an attacker attempts to steal passwords through an innocent looking application?

Answer 9

Trojan horse attack

Question 10

Which encryption algorithm is susceptible to a factorization attack?

Answer 10

RSA

Question 11

What is the term for a system failing to prevent traffic or actions that should be not allowed?

Answer 11

False negative

Question 12

What are the three factors of authentication?

Answer 12

Something you know, something you have, and something you are

Question 13

What is it called when an unauthorized person enters the facility by following an authorized person who has successfully authenticated to the physical access system?

Answer 13

Tailgating

Question 14

What type of attack uses nontechnical means to obtain information useful in a network attack?

Answer 14

Social engineering

Question 15

Which Windows security context is a hacker operating from if the hacker can spawn a shell after a successful buffer overflow attack?

Answer 15

LOCAL_SYSTEM

Question 16

In which CEH system hacking stage do you use Brutus?

Answer 16

Cracking passwords

Question 17

Which port number is used for SSH?

Answer 17

22

Question 18

What two values must a hacker guess or estimate to highjack a TCP session?

Answer 18

The next sequence number and acknowledgment number in an exchange

Question 19

Which type of password attack attempts every combination of characters?

Answer 19

Brute force

Question 20

What is the purpose of the Nessus tool?

Answer 20

Vulnerability scanning

Question 21

What type of attack overwhelms a target with requests that utilize all resources on the target?

Answer 21

Denial of service (DoS)

Question 22

What type of authentication is being performed when a USB token and retina scan are both required?

Answer 22

Two-factor or multi-factor authentication

Question 23

Which Windows command line tool can be used to assign, display, or modify ACLs (access control lists) to files or folders?

Answer 23

calcs.exe

Question 24

In which CEH hacking stage do you use steganography?

Answer 24

Hiding files

Question 25

In what type of attack does the attacker use believable language to attempt to gain confidential information, especially login credentials, from personnel?

Answer 25

Social engineering

Question 26

What threat type is a spouse, friend, or even client of an employee who uses the employee’s credentials to gain access?

Answer 26

Insider affiliate

Question 27

What threat type is someone with limited authorized access?

Answer 27

Insider affiliate

Question 28

In what type of attack does an attacker set up a wireless access point that is configured to look exactly like a company’s valid wireless access point by using the same SSID?

Answer 28

Evil Twin

Question 29

In what attack does the attacker assume the IP address of a trusted device in an attempt to access protected resources?

Answer 29

IP spoofing

Question 30

Which program replaced ipchains in Linux 2.4x?

Answer 30

iptables

Question 31

Which port numbers are used for SMB?

Answer 31

137 to 139

Question 32

In which CEH hacking stage do try to break the security of the system?

Answer 32

Penetration testing

Question 33

Which port number is used for DNS?

Answer 33

53

Question 34

What threat type is a non-trusted individual who uses open access to gain access to an organization’s resources?

Answer 34

Outside affiliate

Question 35

What is the most valuable information you can gain from a banner grab?

Answer 35

Operating system and version

Question 36

What type of software is Zonealarm?

Answer 36

Personal firewall software

Question 37

What type of authentication is being performed when both a username and a password are required?

Answer 37

Single-factor authentication

Question 38

What threat type is an employee with all the rights and access associated with being employed by the company?

Answer 38

Pure insider

Question 39

What type of cybersecurity attack is mitigated by redundancy?

Answer 39

Denial of service

Question 40

In which CEH system hacking stage do you dump the SAM file?

Answer 40

Escalate privileges

Question 41

What is the term for the implementation of backup systems to prevent loss of access to resources?

Answer 41

Redundancy or fault tolerance

Question 42

What type of attack is mitigated by an account lockout policy?

Answer 42

Brute force password attack

Question 43

Which algorithm uses a shared private key to exchange public keys?

Answer 43

Diffie-Hellman

Question 44

Which threat agent poses the biggest threat to the disclosure of sensitive data?

Answer 44

Disgruntled employees

Question 45

Which port number is used for ICMP?

Answer 45

792

Question 46

What is the term for the decomposition of a value into a product of other values that give the original value when multiplied together?

Answer 46

Factorization

Question 47

What is the term for writing wireless access information on the side of a building?

Answer 47

War chalking

Question 48

During a TCP handshake, which value is used for the acknowledgement number in a reply packet?

Answer 48

The value of the next sequence number in the packet being acknowledged or replied to

Question 49

In what type of attack does the attacker send high-level personnel an email that appears to come from an individual who might reasonably request confidential information, but the email includes a bogus link?

Answer 49

Spear phishing

Question 50

What is the purpose of recording the steps taken when implementing a new system?

Answer 50

To document what was done and to provide a record for review if problems arise

Question 51

What is the term for a system correctly preventing traffic or actions that should be not allowed?

Answer 51

True negative

Question 52

What three protections does public key cryptography provide?

Answer 52

Encryption, integrity, and non-repudiation

Question 53

Which physical security issue is mitigated by a mantrap?

Answer 53

Tailgating

Question 54

What is the term for a system correctly allowing traffic or actions that should be allowed?

Answer 54

True positive

Question 55

What is the term for a two-door system with a small room between them which allows for visual verification of each person entering a building?

Answer 55

Mantrap

Question 56

Which port numbers are used for SNMP?

Answer 56

161 and 162

Question 57

Which security policy will mitigate the copying of sensitive data to a USB drive?

Answer 57

Controlling the use of USB ports

Question 58

Which port number is commonly used for HTTP?

Answer 58

80. but on development servers ports 81 and 8080 are also used.

Question 59

Which tool can take ownership of a file from the Windows command line?

Answer 59

XCACLS.exe

Question 60

What is it called when a program, while writing data to memory, overruns the memory boundary and overwrites adjacent memory locations?

Answer 60

Buffer overflow

Question 61

What is the term for a system incorrectly preventing traffic or actions that should be allowed?

Answer 61

False positive

Question 62

Which Windows Server 2012 command displays all rules within Windows Firewall?

Answer 62

netsh advfirewall firewall show rule name=all

Question 63

Which security control can prevent data access by a hacker interacting and modifying HTML on a web server?

Answer 63

File permissions

Question 64

In which CEH system hacking stage do you clear the security log?

Answer 64

Cover tracks

Question 65

Which is the port number used for Telnet?

Answer 65

23

Question 66

Which term is used to describe the difficulty of factoring a value generated by large key size?

Answer 66

Trapdoor

Question 67

Which port number is used for FTP?

Answer 67

21

Question 68

What wireless protocol has been compromised because of the way it implements the RC4 algorithm?

Answer 68

WEP

Question 69

What is an unauthorized access point called?

Answer 69

Rogue access point