312-50 : CEH Certified Ethical Hacker (312-50v9) : Part 20

  1. Bob learned that his username and password for a popular game has been compromised. He contacts the company and resets all the information. The company suggests he use two-factor authentication, which option below offers that?

    • A new username and password
    • A fingerprint scanner and his username and password.
    • Disable his username and use just a fingerprint scanner.
    • His username and a stronger password.
  2. Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?

    • A race condition is being exploited, and the operating system is containing the malicious process.
    • A page fault is occurring, which forces the operating system to write data from the hard drive.
    • Malware is executing in either ROM or a cache memory area.
    • Malicious code is attempting to execute instruction in a non-executable memory region.
  3. Attempting an injection attack on a web server based on responses to True/False questions is called which of the following?

    • Blind SQLi
    • DMS-specific SQLi
    • Classic SQLi
    • Compound SQLi
  4. In order to have an anonymous Internet surf, which of the following is best choice?

    • Use SSL sites when entering personal information
    • Use Tor network with multi-node
    • Use shared WiFi
    • Use public VPN
  5. A penetration test was done at a company. After the test, a report was written and given to the company’s IT authorities. A section from the report is shown below:

    – Access List should be written between VLANs.
    – Port security should be enabled for the intranet.
    – A security solution which filters data packets should be set between intranet (LAN) and DMZ.
    – A WAF should be used in front of the web applications.

    According to the section from the report, which of the following choice is true?

    • MAC Spoof attacks cannot be performed.
    • Possibility of SQL Injection attack is eliminated.
    • A stateful firewall can be used between intranet (LAN) and DMZ.
    • There is access control policy between VLANs.
  6. Websites and web portals that provide web services commonly use the Simple Object Access Protocol SOAP. Which of the following is an incorrect definition or characteristics in the protocol?

    • Based on XML
    • Provides a structured model for messaging
    • Exchanges data between web services
    • Only compatible with the application protocol HTTP
  7. An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

    • He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.
    • He will activate OSPF on the spoofed root bridge.
    • He will repeat the same attack against all L2 switches of the network.
    • He will repeat this action so that it escalates to a DoS attack.
  8. A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?

    • Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed.
    • As long as the physical access to the network elements is restricted, there is no need for additional measures.
    • There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.
    • The operator knows that attacks and down time are inevitable and should have a backup site.
  9. When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?

    • The amount of time it takes to convert biometric data into a template on a smart card.
    • The amount of time and resources that are necessary to maintain a biometric system.
    • The amount of time it takes to be either accepted or rejected form when an individual provides Identification and authentication information.
    • How long it takes to setup individual user accounts.
  10. Due to a slow down of normal network operations, IT department decided to monitor internet traffic for all of the employees. From a legal stand point, what would be troublesome to take this kind of measure?

    • All of the employees would stop normal work activities
    • IT department would be telling employees who the boss is
    • Not informing the employees that they are going to be monitored could be an invasion of privacy.
    • The network could still experience traffic slow down.
  11. In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one knows they sent the spam out to thousands of users at a time. Which of the following best describes what spammers use to hide the origin of these types of e-mails?

    • A blacklist of companies that have their mail server relays configured to allow traffic only to their specific domain name.
    • Mail relaying, which is a technique of bouncing e-mail from internal to external mails servers continuously.
    • A blacklist of companies that have their mail server relays configured to be wide open.
    • Tools that will reconfigure a mail server’s relay component to send the e-mail back to the spammers occasionally.
  12. You are an Ethical Hacker who is auditing the ABC company. When you verify the NOC one of the machines has 2 connections, one wired and the other wireless. When you verify the configuration of this Windows system you find two static routes.

    route add 10.0.0.0 mask 255.0.0.0 10.0.0.1
    route add 0.0.0.0 mask 255.0.0.0 199.168.0.1

    What is the main purpose of those static routes?

    • Both static routes indicate that the traffic is external with different gateway.
    • The first static route indicates that the internal traffic will use an external gateway and the second static route indicates that the traffic will be rerouted.
    • Both static routes indicate that the traffic is internal with different gateway.
    • The first static route indicates that the internal addresses are using the internal gateway and the second static route indicates that all the traffic that is not internal must go to an external gateway.
  13. What is the correct process for the TCP three-way handshake connection establishment and connection termination?

    • Connection Establishment: FIN, ACK-FIN, ACK
      Connection Termination: SYN, SYN-ACK, ACK
    • Connection Establishment: SYN, SYN-ACK, ACK
      Connection Termination: ACK, ACK-SYN, SYN
    • Connection Establishment: ACK, ACK-SYN, SYN
      Connection Termination: FIN, ACK-FIN, ACK
    • Connection Establishment: SYN, SYN-ACK, ACK
      Connection Termination: FIN, ACK-FIN, ACK
  14. Emil uses nmap to scan two hosts using this command.

    nmap -sS -T4 -O 192.168.99.1 192.168.99.7

    He receives this output:

    312-50 Part 20 Q14 019
    312-50 Part 20 Q14 019
    312-50 Part 20 Q14 020
    312-50 Part 20 Q14 020

    What is his conclusion?

    • Host 192.168.99.7 is an iPad.
    • He performed a SYN scan and OS scan on hosts 192.168.99.1 and 192.168.99.7.
    • Host 192.168.99.1 is the host that he launched the scan from.
    • Host 192.168.99.7 is down.
  15. You’re doing an internal security audit and you want to find out what ports are open on all the servers. What is the best way to find out?

    • Scan servers with Nmap
    • Physically go to each server
    • Scan servers with MBSA
    • Telent to every port on each server
  16. Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it begins to close.

    What just happened?

    • Phishing
    • Whaling
    • Tailgating
    • Masquerading
  17. Which protocol is used for setting up secured channels between two devices, typically in VPNs?

    • IPSEC
    • PEM
    • SET
    • PPP
  18. In cryptanalysis and computer security, ‘pass the hash’ is a hacking technique that allows an attacker to authenticate to a remote server/service by using the underlying NTLM and/or LanMan hash of a user’s password, instead of requiring the associated plaintext password as is normally the case.
    Metasploit Framework has a module for this technique: psexec. The psexec module is often used by penetration testers to obtain access to a given system that you already know the credentials for. It was written by sysinternals and has been integrated within the framework. Often as penetration testers, successfully gain access to a system through some exploit, use meterpreter to grab the passwords or other methods like fgdump, pwdump, or cachedump and then utilize rainbowtables to crack those hash values.

    Which of the following is true hash type and sort order that is using in the psexec module’s ‘smbpass’?

    • NT:LM
    • LM:NT
    • LM:NTLM
    • NTLM:LM
  19. Which of the following Nmap commands will produce the following output?

    Output:

    312-50 Part 20 Q19 021
    312-50 Part 20 Q19 021
    • nmap -sN -Ps -T4 192.168.1.1
    • nmap -sT -sX -Pn -p 1-65535 192.168.1.1
    • nmap -sS -Pn 192.168.1.1
    • nmap -sS -sU -Pn -p 1-65535 192.168.1.1
  20. Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

    • msfpayload
    • msfcli
    • msfencode
    • msfd