312-50 : CEH Certified Ethical Hacker (312-50v9) : Part 08

312-50 : CEH Certified Ethical Hacker (312-50v9) : Part 08

1. After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?

   • SHA1
   • Diffie-Helman
   • RSA
   • AES

2. What statement is true regarding LM hashes?

   • LM hashes consist in 48 hexadecimal characters.
   • LM hashes are based on AES128 cryptographic standard.
   • Uppercase characters in the password are converted to lowercase.
   • LM hashes are not generated when the password length exceeds 15 characters.

3. A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field?

   • if (billingAddress = 50) {update field} else exit
   • if (billingAddress != 50) {update field} else exit
   • if (billingAddress >= 50) {update field} else exit
   • if (billingAddress <= 50) {update field} else exit

4. A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application’s search form and introduces the following code in the search input field:

   

   When the analyst submits the form, the browser returns a pop-up window that says “Vulnerable”.
   Which web applications vulnerability did the analyst discover?

   • Cross-site request forgery
   • Command injection
   • Cross-site scripting
   • SQL injection

5. A security administrator notices that the log file of the company’s webserver contains suspicious entries:

   

   Based on source code analysis, the analyst concludes that the login.php script is vulnerable to

   • command injection.
   • SQL injection.
   • directory traversal.
   • LDAP injection.

6. Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?

   • Firewall
   • Honeypot
   • Core server
   • Layer 4 switch

7. Which command lets a tester enumerate alive systems in a class C network via ICMP using native Windows tools?

   • ping 192.168.2.
   • ping 192.168.2.255
   • for %V in (1 1 255) do PING 192.168.2.%V
   • for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I “Reply”

8. What results will the following command yield: ‘NMAP -sS -O -p 123-153 192.168.100.3’?

   • A stealth scan, opening port 123 and 153
   • A stealth scan, checking open ports 123 to 153
   • A stealth scan, checking all open ports excluding ports 123 to 153
   • A stealth scan, determine operating system, and scanning ports 123 to 153

9. Which of the following parameters enables NMAP’s operating system detection feature?

   • NMAP -sV
   • NMAP -oS
   • NMAP -sR
   • NMAP -O

10. Which of the following open source tools would be the best choice to scan a network for potential targets?

    • NMAP
    • NIKTO
    • CAIN
    • John the Ripper

11. A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?

    • -sO
    • -sP
    • -sS
    • -sU

12. A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to sniff all of the packets in the network?

    • Fraggle
    • MAC Flood
    • Smurf
    • Tear Drop

13. Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity?

    • Netstat WMI Scan
    • Silent Dependencies
    • Consider unscanned ports as closed
    • Reduce parallel connections on congestion

14. How does an operating system protect the passwords used for account logins?

    • The operating system performs a one-way hash of the passwords.
    • The operating system stores the passwords in a secret file that users cannot find.
    • The operating system encrypts the passwords, and decrypts them when needed.
    • The operating system stores all passwords in a protected segment of non-volatile memory.

15. Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

    • Cavity virus
    • Polymorphic virus
    • Tunneling virus
    • Stealth virus

16. An attacker has been successfully modifying the purchase price of items purchased on the company’s web site. The security administrators verify the web server and Oracle database have not been compromised directly. They have also verified the Intrusion Detection System (IDS) logs and found no attacks that could have caused this. What is the mostly likely way the attacker has been able to modify the purchase price?

    • By using SQL injection
    • By changing hidden form values
    • By using cross site scripting
    • By utilizing a buffer overflow attack

17. Which tool can be used to silently copy files from USB devices?

    • USB Grabber
    • USB Dumper
    • USB Sniffer
    • USB Snoopy

18. Which of the following is used to indicate a single-line comment in structured query language (SQL)?

    • —
    • ||
    • %%
    • ”

19. A security engineer is attempting to map a company’s internal network. The engineer enters in the following NMAP command:

    NMAP –n –sS –P0 –p 80 ***.***.**.**

    What type of scan is this?

    • Quick scan
    • Intense scan
    • Stealth scan
    • Comprehensive scan

20. What is the broadcast address for the subnet 190.86.168.0/22?

    • 190.86.168.255
    • 190.86.255.255
    • 190.86.171.255
    • 190.86.169.255