CEHv12: Certified Ethical Hacker Practice Questions Part 10

Which system consists of a set of databases that are open to the public and contain domain name registration contact information?

For a test, a pen tester configures a Windows laptop. What river and library are necessary when setting up Wireshark to allow the NIC to work in promiscuous mode?

When you scan your company’s network, you see that TCP port 123 is open. What services use TCP port 123 by default?

What does option (*) mean?

Which of the following is a command-line packet analyzer similar to Wireshark’s graphical user interface?

Anthony, a network administrator at BigUniversity, noticed that some students are using the wired network to link their notebooks to the Internet. Professors and approved visitors have access to several Ethernet ports on the university campus, but students do not.
When the IDS alerted him to malware activity in the network, he realized what was going on. What should Anthony do in order to avert this issue?

You get a frantic call from the organization’s security team while executing ping scans into a target network.
They say a denial of service attack is attacking them. The smurf attack incident disappears when you cease scanning from the organization’s IDS monitor.
How can you change your scan to avoid generating this IDS event?

You used the TCP XMAS scan as part of a technical evaluation to identify network vulnerabilities. What would all open ports’ reactions be?

Which of the following procedures can be used to determine whether or not computer files have been modified?

Which tool would you use to collect data from wireless packets?

You work as a company’s security officer. You received an IDS alert indicating that one of your Intranet PCs is connected to a blacklisted Internet IP address (C2 Server). Just before the notice, the IP address was blacklisted. You have launched an investigation to assess the severity of the situation. Which of the following items should be investigated?

The network administrator of a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data?

According to log monitoring programs that do behavioral analysis, several suspect logins on a Linux server occurred during non-business hours. After a closer look at all the login actions, it is clear that none occurred during normal working hours. A Linux administrator examining the issue discovers that the Linux server’s system time is off by more than twelve hours. What time-synchronization protocol on Linux servers has stopped working?

In NMAP, which command-line switch would be used to detect the operating system?

Which Intrusion Detection System is best suited for large situations where vital network assets require extra protection and are suitable for monitoring sensitive network segments?

Which utility can be used to copy files from USB devices invisibly?

The following is an excerpt from a log file collected from a network machine with the IP address 192.168.1.106:

What kind of action was recorded?

What is a denial-of-service attack, and how does it work?

Which form of security document has explicit step-by-step instructions?

Why would an attacker want to do a port 137 scan?

Which of the following is a two-factor authentication example?

Which of the following is the most effective method of preventing network sniffing?

Anthony completed a C programming course and developed a simple C application to monitor network traffic and provide alerts when any origin delivers “many” IP packets, depending on the average number of packets delivered by all origins and specific thresholds.
In terms of concept, Anthony’s solution is as follows ___________.

A server’s NMAP scan reveals that port 25 is open. What dangers might this entail?

Which of the following problems may Wireshark be used to solve?

Even if all theoretically possible safety precautions are implemented, what level of danger will remain?

Peter uses the hacking program “SIDExtractor” to extract the SIDs list from a Windows 2000 Server computer. The output of the SIDs is shown below.

Select the user account with System Administrator rights from the list above

A destination host gets a SYN (synchronize/start) packet from a source host and responds with an SYN/ACK packet when a proper TCP connection is established (synchronize acknowledged). Before the connection can be formed, the destination host must receive an ACK (acknowledgment) of the SYN/ACK. The “TCP three-way handshake” is what it’s called. A connection queue of finite size on the destination host keeps track of connections waiting to be completed while waiting for the ACK to the SYN-ACK. Because the ACK is expected to come a few milliseconds after the SYN-ACK, this queue usually clears fast.
How would an attacker use a TCP SYN attack to take advantage of this design?

A server’s NMAP scan reveals that port 69 is open. What dangers might this entail?

Which physical traits are least likely to be used in a large company’s biometric control system?

Which IPsec component is responsible for protocol-level functions such as encrypting and decrypting packets?

A modest healthcare provider engaged your firm to analyze the network’s technological capabilities.
What is the most effective method for detecting vulnerabilities on a Windows computer?

Which IPsec mode should you use to ensure data security and secrecy within a LAN?

Which tools do extensive testing on web servers, including malware and CGIs?

A simple dictionary attack in the context of password security entails putting a dictionary file (a text file containing dictionary words) into a cracking application like L0phtCrack or John the Ripper and executing it against user accounts discovered by the application. The dictionary attack is more effective when the word and word fragment selection is larger. The brute force method is the most comprehensive but also the slowest. It usually attempts every possible letter and number combination in its automated exploration. What would you term such an attack if you used both brute force and dictionary approaches to generate a variety of words?

For Active Directory, a corporation uses Windows Server 2003. What is the most efficient method for cracking AD user passwords?

Threat actors hack a carefully selected website by introducing an exploit, resulting in malware infection, in order to launch an attack against targeted businesses and organizations. The attackers use exploits on well-known and trusted websites that their intended victims are likely to visit. These attacks use zero-day exploits to target unpatched vulnerabilities and carefully select sites to hack. As a result, the targeted entities have little or no protection against these vulnerabilities.
In the scenario, what kind of attack is described?

Nedved works as an IT Security Manager for a bank in his home nation. Based on an investigation of a suspicious connection from the email server to an unknown IP Address, he discovered that his company’s email server had been hacked.
Before contacting the incident response team, what is the first thing Nedved should do?

On a Windows NT4 web server, a tester used the msadc.pl, attack script to run arbitrary instructions. While it is effective, the tester finds performing extended functions to be tedious. Further investigation led to the discovery of a perl script that performs the following msadc functions:

Which exploit does this script point to?

Which of the following is happening in the two screenshots below?

What tool can listen to network traffic and crack Windows SMB passwords?

What is the difference between AES and RSA encryption algorithms?

What is the LDAP protocol’s port number?

Which of the following jailbreaking methods gives user-level access but not iboot-level access?

Using the Nmap syntax, Jack attempted to fingerprint all machines on the network:

invictus@victim_server:~$ nmap -T4 -0 10.10.0.0/24

TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx QUITTING! Clearly, it is not going to work. What exactly is the problem here?

What were the results of the following commands?

Which of the following encryption levels does WPA2 use for wireless data encryption?

You notice that people can telnet into the SMTP server on port 25 when looking through audit logs. You want to stop it, even though there is no evidence of an attack or other wrongdoing. However, you are apprehensive about harming the email server’s usual operation. Choose the best option for achieving this goal from the list below.

You are working on a buffer overflow exploit and want to include a 200-byte NOP sled in the exploit.c

What does the NOP instruction’s hexadecimal value mean?

A virus that tries to install itself inside the infected file is referred to as a _____________.

The security officer has requested that Todd purchase a counter-based authentication system. Which of the following statements best describes this system?

Which NMAP command combination would allow a tester to fingerprint and service detect any TCP port on a class C network that is obstructing ICMP?

Port scanning can be used as part of a technical evaluation to discover network vulnerabilities. The TCP XMAS scan is utilized on the targeted machine to locate listening ports. What happens if a scanned port is open?

Which security element prevents automobiles from crashing through a building’s doors?

Which programs are most commonly used to promote Microsoft Office products?

An engineer is using the exploit tool Backtrack to learn how to create exploits in C++. The engineer wants to compile the most recent C++ exploit and give it the name calc.exe. To accomplish this, what command would the engineer use?

A network administrator has been notified by an Intrusion Detection System (IDS) about a potentially harmful sequence of packets transmitted to a Web server in the network’s external DMZ. The packet traffic was recorded and saved to a PCAP file by the IDS.
What network tool can be utilized to determine if these packets are malicious or just a false positive?

A specific sort of Trojan has infected a server. It was intended for the hacker to use it to send and host spam emails. What kind of Trojan was used by the hacker?

ABC’s security administrator must allow Internet traffic through host 10.0.0.2 and UDP traffic through host 10.0.0.3. He must also allow all FTP traffic to the rest of the network while blocking all other traffic. Nobody can access the ftp after he applied his ACL setup to the router, and the approved hosts cannot access the Internet. According to the following configuration, what is going on in the network.

What will the output of the following command be?
‘NMAP -sS -O -p 123-153 192.168.100.3’

What is the meaning of type 3 code 13? (Choose two)

Which access control approach allows numerous systems to use a Central Authentication Server (CAS) to grant users access to multiple systems after a single authentication?

A hacker is trying to figure out which ports on a network have been left open. The hacker would utilize which NMAP switch?

The output from a penetration tester’s machine attacking a machine with the IP address 192.168.1.106 looks like this:

What is the most likely scenario?

XYZ has requested that you evaluate the security of their perimeter email gateway. You compose a specially structured email message and transmit it via the Internet to an employee of Company XYZ from your New York office. Your test is known to an employee of Company XYZ.
This is how your email message appears:
From: [email protected]
To: [email protected]
Subject: Test message
Date: 4/3/2021 14:36
An employee of Company receives your email message XYZ.
What does this demonstrate about Company XYZ’s email gateway?

Which of the LM hashes below represents a password with less than eight characters? (Choose two options)

In an attempt to crash the program, a software tester generates erroneous inputs at random. Which of the following is a software testing technique for determining whether or not a software program can handle a wide range of invalid input?

Which technology is used to format information in SOAP services?

Which sniffing technique is commonly referred to as a MiTM attack?

Which IPsec mode should you use when data security and secrecy within the same LAN are critical?

You are doing an internal security audit and want to know which ports are open on all of the servers. What is the most efficient way to figure this out?

Session splicing is an IDS evasion technique in which the attacker sends data to the target computer in many tiny packets, making it harder for the IDS to detect the attack signatures.
Session splicing attacks can be carried out with which tool?

A bank engaged a penetration tester to conduct a penetration test. The tester began looking for IP ranges owned by the bank, performing DNS lookups on the bank’s servers, reading news articles about the bank online, watching when bank employees arrive and depart, searching the bank’s job postings (paying special attention to IT-related jobs), and visiting the bank’s corporate office dumpster. At which stage of the penetration test is the tester now?

Which of the following is an example of an advanced encryption standard?

To accomplish a zone transfer, which of the following tools can be used?

You can use a smart card and pin for two-factor authentication that meets the following requirements: _____________.

Credit card numbers have been included in the data that your company backs up on tape. Which of the following is the best practice for your company to follow?

A penetration test is what you are doing. You gained access with a buffer overflow hack and proceeded to look for interesting data, such as usernames and passwords in files. You discover a hidden folder containing the administrator’s bank account password and bitcoin account login information.
So, what are your options?

According to corporate policy, employees must send files using protocols that encrypt communication. Because employees dislike change, you assume that some employees are still transferring files over unencrypted protocols. You’ve set up a network sniffer to gather traffic from the data intake department’s employees’ laptops. Which command may be used as a display filter to discover unencrypted file transfers when using Wire shark to analyze the collected traffic?

When certain TPNQM SA subscribers attempted to access the TPNQM main site, they were diverted to a fraudulent site. Anthony, a system administrator at TPNQM SA, discovered TPNQM SA’s DNS Cache Poisoning.
What advice does Anthony have for dealing with a threat like this?

An IS auditor discovered no written security procedures during a security audit of IT activities. What is the role of the IS auditor?

The Web development team at a corporation has discovered a certain type of security flaw in their Web software. To reduce the risk of this vulnerability being exploited, the team wishes to change the software requirements so that customers cannot add HTML to their Web applications.
What kind of Web application vulnerability does their program most likely have?

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

Which service in a PKI will vouch for the identity of an individual or company?

It is a flaw in the GNU bash shell that was found in September 2014 that allows attackers to run remote commands on a susceptible system. The malicious software can take control of an infected machine, disrupt websites with denial-of-service attacks, and scan for other vulnerable machines (including routers).
Which of the following security flaws is being discussed?

What term was coined to describe the process of tracking, recording, and resolving events in a business?

Windows file servers are frequently used to store sensitive files, databases, passwords, and other information. Which of the following is a common vulnerability that they are usually exposed to?

Examine the following log extract to determine the source of the attack.

Cracking programs are used to recover passwords and reverse the hashing process. (True/False)

What does a firewall look for to prohibit packets from entering an organization through specific ports and applications?

You come across the following while evaluating the results of a scanning run against a target network:

Which of the following methods can be used to obtain this result?

_____________ is a program that can hide programs from the task manager, as well as files, registry items, and keystrokes.

Which of the following is a client-server tool that is used to get around firewall checks?

Which of the following scanning programs is designed particularly to discover potential vulnerabilities in Microsoft Windows products?

Two-factor authentication is implemented in which set of access control solutions?

In a subnet of 254 addresses, an attacker is using nmap to perform a ping sweep and port scan.
What is the best order for him to complete these steps?

Which form of Intrusion Detection System is capable of monitoring and alerting on attacks but not of stopping them?

What does a “rubber-hose” attack mean in the realm of cryptanalysis?

An attacker has effectively altered the purchase price of things purchased on the company’s website.
The security admins say the web server and Oracle database have not been directly hacked.
They also checked the logs of the Intrusion Detection System (IDS) and discovered no evidence of an attack. What is the most likely method by which the attacker was able to change the purchase price?

In the web world, which of the following is a very prevalent IDS evasion technique?