312-50 : CEH Certified Ethical Hacker (312-50v9) : Part 18
-
Which of the following is a low-tech way of gaining unauthorized access to systems?
- Social Engineering
- Sniffing
- Eavesdropping
- Scanning
Explanation:
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access. -
PGP, SSL, and IKE are all examples of which type of cryptography?
- Public Key
- Secret Key
- Hash Algorithm
- Digest
Explanation:
Public-key algorithms are fundamental security ingredients in cryptosystems, applications and protocols. They underpin various Internet standards, such as Secure Sockets Layer (SSL),Transport Layer Security (TLS), S/MIME, PGP, Internet Key Exchange (IKE or IKEv2), and GPG. -
Which method of password cracking takes the most time and effort?
- Brute force
- Rainbow tables
- Dictionary attack
- Shoulder surfing
Explanation:
Brute-force cracking, in which a computer tries every possible key or password until it succeeds, is typically very time consuming. More common methods of password cracking, such as dictionary attacks, pattern checking, word list substitution, etc. attempt to reduce the number of trials required and will usually be attempted before brute force. -
What is the most common method to exploit the “Bash Bug” or “ShellShock” vulnerability?
- Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server
- Manipulate format strings in text fields
- SSH
- SYN Flood
Explanation:
Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell.
One specific exploitation vector of the Shellshock bug is CGI-based web servers.Note: When a web server uses the Common Gateway Interface (CGI) to handle a document request, it passes various details of the request to a handler program in the environment variable list. For example, the variable HTTP_USER_AGENT has a value that, in normal usage, identifies the program sending the request. If the request handler is a Bash script, or if it executes one for example using the system call, Bash will receive the environment variables passed by the server and will process them. This provides a means for an attacker to trigger the Shellshock vulnerability with a specially crafted server request.
-
Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?
- Nikto
- Snort
- John the Ripper
- Dsniff
Explanation:
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. -
Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?
- tcptrace
- tcptraceroute
- Nessus
- OpenVAS
Explanation:
tcptrace is a tool for analysis of TCP dump files. It can take as input the files produced by several popular packet-capture programs, including tcpdump/WinDump/Wireshark, snoop, EtherPeek, and Agilent NetMetrix. -
Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?
- Kismet
- Nessus
- Netstumbler
- Abel
Explanation:
Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11a, 802.11b, 802.11g, and 802.11n traffic. The program runs under Linux, FreeBSD, NetBSD, OpenBSD, and Mac OS X. -
Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, smallsized packets to the target computer, making it very difficult for an IDS to detect the attack signatures.
Which tool can be used to perform session splicing attacks?
- Whisker
- tcpsplice
- Burp
- Hydra
Explanation:
One basic technique is to split the attack payload into multiple small packets, so that the IDS must reassemble the packet stream to detect the attack. A simple way of splitting packets is by fragmenting them, but an adversary can also simply craft packets with small payloads. The ‘whisker’ evasion tool calls crafting packets with small payloads ‘session splicing’. -
Which of the following tools can be used for passive OS fingerprinting?
- tcpdump
- nmap
- ping
- tracert
Explanation:
The passive operating system fingerprinting is a feature built into both the pf and tcpdump tools. -
You are the Systems Administrator for a large corporate organization. You need to monitor all network traffic on your local network for suspicious activities and receive notifications when an attack is occurring. Which tool would allow you to accomplish this goal?
- Network-based IDS
- Firewall
- Proxy
- Host-based IDS
Explanation:
A network-based intrusion detection system (NIDS) is used to monitor and analyze network traffic to protect a system from network-based threats.
A NIDS reads all inbound packets and searches for any suspicious patterns. When threats are discovered, based on its severity, the system can take action such as notifying administrators, or barring the source IP address from accessing the network. -
What does a firewall check to prevent particular ports and applications from getting packets into an organization?
- Transport layer port numbers and application layer headers
- Presentation layer headers and the session layer port numbers
- Network layer headers and the session layer port numbers
- Application layer port numbers and the transport layer headers
Explanation:
Newer firewalls can filter traffic based on many packet attributes like source IP address, source port, destination IP address or transport layer port, destination service like WWW or FTP. They can filter based on protocols, TTL values, netblock of originator, of the source, and many other attributes.
Application layer firewalls are responsible for filtering at 3, 4, 5, 7 layer. Because they analyze the application layer headers, most firewall control and filtering is performed actually in the software. -
You work as a Security Analyst for a retail organization. In securing the company’s network, you set up a firewall and an IDS. However, hackers are able to attack the network. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?
- False Negative
- False Positive
- True Negative
- True Positive
Explanation:
A false negative error, or in short false negative, is where a test result indicates that a condition failed, while it actually was successful. I.e. erroneously no effect has been assumed. -
Which of the following types of firewalls ensures that the packets are part of the established session?
- Stateful inspection firewall
- Circuit-level firewall
- Application-level firewall
- Switch-level firewall
Explanation:A stateful firewall is a network firewall that tracks the operating state and characteristics of network connections traversing it. The firewall is configured to distinguish legitimate packets for different types of connections. Only packets matching a known active connection (session) are allowed to pass the firewall.
-
Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization?
- Preparation phase
- Containment phase
- Identification phase
- Recovery phase
Explanation:
There are several key elements to have implemented in preparation phase in order to help mitigate any potential problems that may hinder one’s ability to handle an incident. For the sake of brevity, the following should be performed:
– Policy – a policy provides a written set of principles, rules, or practices within an Organization.
– Response Plan/Strategy – after establishing organizational policies, now it is time to create a plan/strategy to handle incidents. This would include the creation of a backup plan.
– Communication – having a communication plan is necessary, due to the fact that it may be necessary to contact specific individuals during an incident.
– Documentation – it is extremely beneficial to stress that this element is particularly necessary and can be a substantial life saver when it comes to incident response. -
Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique provides ‘security through obscurity’.
What technique is Ricardo using?
- Steganography
- Public-key cryptography
- RSA algorithm
- Encryption
Explanation:
Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. -
During a security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?
- Identify and evaluate existing practices
- Create a procedures document
- Conduct compliance testing
- Terminate the audit
Explanation:
The auditor should first evaluated existing policies and practices to identify problem areas and opportunities. -
Which of the following statements regarding ethical hacking is incorrect?
- Ethical hackers should never use tools or methods that have the potential of exploiting vulnerabilities in an organization’s systems.
- Testing should be remotely performed offsite.
- An organization should use ethical hackers who do not sell vendor hardware/software or other consulting services.
- Ethical hacking should not involve writing to or modifying the target systems.
Explanation:
Ethical hackers use the same methods and techniques, including those that have the potential of exploiting vulnerabilities, to test and bypass a system’s defenses as their less-principled counterparts, but rather than taking advantage of any vulnerabilities found, they document them and provide actionable advice on how to fix them so the organization can improve its overall security. -
Craig received a report of all the computers on the network that showed all the missing patches and weak passwords. What type of software generated this report?
- a port scanner
- a vulnerability scanner
- a virus scanner
- a malware scanner
-
What two conditions must a digital signature meet?
- Has to be unforgeable, and has to be authentic.
- Has to be legible and neat.
- Must be unique and have special characters.
- Has to be the same number of characters as a physical signature and must be unique.
-
An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gains access to the DNS server and redirects the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?
- ARP Poisoning
- Smurf Attack
- DNS spoofing
- MAC Flooding