312-50 : CEH Certified Ethical Hacker (312-50v9) : Part 12

312-50 : CEH Certified Ethical Hacker (312-50v9) : Part 12

1. Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?

   • Sarbanes-Oxley Act (SOX)
   • Gramm-Leach-Bliley Act (GLBA)
   • Fair and Accurate Credit Transactions Act (FACTA)
   • Federal Information Security Management Act (FISMA)

2. How can a policy help improve an employee’s security awareness?

   • By implementing written security procedures, enabling employee security training, and promoting the benefits of security
   • By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees
   • By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line
   • By decreasing an employee’s vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths

3. Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?

   • Penetration testing
   • Social engineering
   • Vulnerability scanning
   • Access control list reviews

4. Which of the following guidelines or standards is associated with the credit card industry?

   • Control Objectives for Information and Related Technology (COBIT)
   • Sarbanes-Oxley Act (SOX)
   • Health Insurance Portability and Accountability Act (HIPAA)
   • Payment Card Industry Data Security Standards (PCI DSS)

5. International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

   • guidelines and practices for security controls.
   • financial soundness and business viability metrics.
   • standard best practice for configuration management.
   • contract agreement writing standards.

6. Which type of security document is written with specific step-by-step details?

   • Process
   • Procedure
   • Policy
   • Paradigm

7. An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker’s next step be before starting work on this job?

   • Start by foot printing the network and mapping out a plan of attack.
   • Ask the employer for authorization to perform the work outside the company.
   • Begin the reconnaissance phase with passive information gathering and then move into active information gathering.
   • Use social engineering techniques on the friend’s employees to help identify areas that may be susceptible to attack.

8. A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?

   • Threaten to publish the penetration test results if not paid.
   • Follow proper legal procedures against the company to request payment.
   • Tell other customers of the financial problems with payments from this company.
   • Exploit some of the vulnerabilities found on the company webserver to deface it.

9. Which initial procedure should an ethical hacker perform after being brought into an organization?

   • Begin security testing.
   • Turn over deliverables.
   • Sign a formal contract with non-disclosure.
   • Assess what the organization is trying to protect.

10. A consultant has been hired by the V.P. of a large financial organization to assess the company’s security posture. During the security testing, the consultant comes across child pornography on the V.P.’s computer. What is the consultant’s obligation to the financial organization?

    • Say nothing and continue with the security testing.
    • Stop work immediately and contact the authorities.
    • Delete the pornography, say nothing, and continue security testing.
    • Bring the discovery to the financial organization’s human resource department.

11. A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash. The technician researches the bug and discovers that no one else experienced the problem. What is the appropriate next step?

    • Ignore the problem completely and let someone else deal with it.
    • Create a document that will crash the computer when opened and send it to friends.
    • Find an underground bulletin board and attempt to sell the bug to the highest bidder.
    • Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

12. A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband’s email account in order to find proof so she can take him to court. What is the ethical response?

    • Say no; the friend is not the owner of the account.
    • Say yes; the friend needs help to gather evidence.
    • Say yes; do the job for free.
    • Say no; make sure that the friend knows the risk she’s asking the CEH to take.

13. It is an entity or event with the potential to adversely impact a system through unauthorized access, destruction, disclosure, denial of service or modification of data.

    Which of the following terms best matches the definition?

    • Threat
    • Attack
    • Vulnerability
    • Risk

    Explanation:

    A threat is a any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.

14. As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.

    What document describes the specifics of the testing, the associated violations, and essentially protects both the organization’s interest and your liabilities as a tester?

    • Terms of Engagement
    • Project Scope
    • Non-Disclosure Agreement
    • Service Level Agreement

15. Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known to incorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits.

    What type of attack is outlined in the scenario?

    • Watering Hole Attack
    • Heartbleed Attack
    • Shellshock Attack
    • Spear Phising Attack

    Explanation:

    Watering Hole is a computer attack strategy, in which the victim is a particular group (organization, industry, or region). In this attack, the attacker guesses or observes which websites the group often uses and infects one or more of them with malware. Eventually, some member of the targeted group gets infected.

    Incorrect Answers:
    B: Heartbleed is a security bug disclosed in April 2014 in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. Heartbleed may be exploited regardless of whether the party using a vulnerable OpenSSL instance for TLS is a server or a client. It results from improper input validation (due to a missing bounds check) in the implementation of the TLS heartbeat extension, thus the bug’s name derives from “heartbeat”.
    C: Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.
    D: Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business.

16. You have successfully gained access to your client’s internal network and successfully comprised a Linux server which is part of the internal IP network. You want to know which Microsoft Windows workstations have file sharing enabled.

    Which port would you see listening on these Windows machines in the network?

    • 445
    • 3389
    • 161
    • 1433

    Explanation:

    The following ports are associated with file sharing and server message block (SMB) communications:
    Microsoft file sharing SMB: User Datagram Protocol (UDP) ports from 135 through 139 and Transmission Control Protocol (TCP) ports from 135 through 139.
    Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UPD).

17. It is a short-range wireless communication technology intended to replace the cables connecting portable of fixed devices while maintaining high levels of security. It allows mobile phones, computers and other devices to connect and communicate using a short-range wireless connection.

    Which of the following terms best matches the definition?

    • Bluetooth
    • Radio-Frequency Identification
    • WLAN
    • InfraRed

    Explanation:

    Bluetooth is a standard for the short-range wireless interconnection of mobile phones, computers, and other electronic devices.

18. A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content.

    Which sort of trojan infects this server?

    • Botnet Trojan
    • Turtle Trojans
    • Banking Trojans
    • Ransomware Trojans

    Explanation:

    In computer science, a zombie is a computer connected to the Internet that has been compromised by a hacker, computer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam and launch denial-of-service attacks. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombies. A coordinated DDoS attack by multiple botnet machines also resembles a zombie horde attack.

    Incorrect Answers:
    B: Turtle Trojans are about getting backdoor access to an intruder.
    C: A Banker Trojan-horse (commonly called Banker Trojan) is a malicious program used in an attempt to obtain confidential information about customers and clients using online banking and payment systems.
    D: Ransomware is a type of malware that can be covertly installed on a computer without knowledge or intention of the user that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Some forms of ransomware systematically encrypt files on the system’s hard drive, which become difficult or impossible to decrypt without paying the ransom for the encryption key, while some may simply lock the system and display messages intended to coax the user into paying. Ransomware typically propagates as a Trojan.

19. You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System.

    What is the best approach?

    • Install Cryptcat and encrypt outgoing packets from this server.
    • Install and use Telnet to encrypt all outgoing traffic from this server.
    • Use Alternate Data Streams to hide the outgoing packets from this server.
    • Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection Systems.

    Explanation:

    Cryptcat enables us to communicate between two systems and encrypts the communication between them with twofish.

20. It is a kind of malware (malicious software) that criminals install on your computer so they can lock it from a remote location. This malware generates a pop-up window, webpage, or email warning from what looks like an official authority. It explains that your computer has been locked because of possible illegal activities on it and demands payment before you can access your files and programs again.

    Which of the following terms best matches the definition?

    • Ransomware
    • Adware
    • Spyware
    • Riskware

    Explanation:

    Ransomware is a type of malware that can be covertly installed on a computer without knowledge or intention of the user that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Some forms of ransomware systematically encrypt files on the system’s hard drive, which become difficult or impossible to decrypt without paying the ransom for the encryption key, while some may simply lock the system and display messages intended to coax the user into paying. Ransomware typically propagates as a Trojan.