312-50 : CEH Certified Ethical Hacker (312-50v9) : Part 21

  1. You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

    • hping2 host.domain.com
    • hping2 –set-ICMP host.domain.com
    • hping2 -i host.domain.com
    • hping2 -1 host.domain.com
  2. Which of the following is a passive wireless packet analyzer that works on Linux-based systems?

    • Burp Suite
    • OpenVAS
    • tshark
    • Kismet
  3. The establishment of a TCP connection involves a negotiation called 3 way handshake. What type of message sends the client to the server in order to begin this negotiation?

    • RST
    • ACK
    • SYN-ACK
    • SYN
  4. Internet Protocol Security IPSec is actually a suite of protocols. Each protocol within the suite provides different functionality. Collective IPSec does everything except.

    • Protect the payload and the headers
    • Authenticate
    • Encrypt
    • Work at the Data Link Layer
  5. Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

    • A biometric system that bases authentication decisions on behavioral attributes.
    • A biometric system that bases authentication decisions on physical attributes.
    • An authentication system that creates one-time passwords that are encrypted with secret keys.
    • An authentication system that uses passphrases that are converted into virtual passwords.
  6. An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

    • Only using OSPFv3 will mitigate this risk.
    • Make sure that legitimate network routers are configured to run routing protocols with authentication.
    • Redirection of the traffic cannot happen unless the admin allows it explicitly.
    • Disable all routing protocols and only use static routes.
  7. Look at the following output. What did the hacker accomplish?

    312-50 Part 21 Q07 022
    312-50 Part 21 Q07 022
    • The hacker used whois to gather publicly available records for the domain.
    • The hacker used the “fierce” tool to brute force the list of available domains.
    • The hacker listed DNS records on his own domain.
    • The hacker successfully transfered the zone and enumerated the hosts.
  8. What network security concept requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities?

    • Security through obscurity
    • Host-Based Intrusion Detection System
    • Defense in depth
    • Network-Based Intrusion Detection System
  9. Scenario:

    1. Victim opens the attacker’s web site.

    2. Attacker sets up a web site which contains interesting and attractive content like ‘Do you want to make $1000 in a day?’.

    3. Victim clicks to the interesting and attractive content url.

    4. Attacker creates a transparent ‘iframe’ in front of the url which victim attempt to click, so victim thinks that he/she clicks to the ‘Do you want to make $1000 in a day?’ url but actually he/she clicks to the content or url that exists in the transparent ‘iframe’ which is setup by the attacker.

    What is the name of the attack which is mentioned in the scenario?

    • HTTP Parameter Pollution
    • HTML Injection
    • Session Fixation
    • ClickJacking Attack
  10. If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used?

    • Spoof Scan
    • TCP Connect scan
    • TCP SYN
    • Idle Scan
  11. What is correct about digital signatures?

    • A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.
    • Digital signatures may be used in different documents of the same type.
    • A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.
    • Digital signatures are issued once for each user and can be used everywhere until they expire.
  12. What is not a PCI compliance recommendation?

    • Limit access to card holder data to as few individuals as possible.
    • Use encryption to protect all transmission of card holder data over any public network.
    • Rotate employees handling credit card transactions on a yearly basis to different departments.
    • Use a firewall between the public network and the payment card data.
  13. Which Intrusion Detection System is best applicable for large environments where critical assets on the network need extra security and is ideal for observing sensitive network segments?

    • Network-based intrusion detection system (NIDS)
    • Host-based intrusion detection system (HIDS)
    • Firewalls
    • Honeypots
  14. An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses.

    In which order should he perform these steps?

    • The sequence does not matter. Both steps have to be performed against all hosts.
    • First the port scan to identify interesting services and then the ping sweep to find hosts responding to icmp echo requests.
    • First the ping sweep to identify live hosts and then the port scan on the live hosts. This way he saves time.
    • The port scan alone is adequate. This way he saves time.
  15. What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?

    • User Access Control (UAC)
    • Data Execution Prevention (DEP)
    • Address Space Layout Randomization (ASLR)
    • Windows firewall
  16. Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetric algorithms?

    • Scalability
    • Speed
    • Key distribution
    • Security
  17. By using a smart card and pin, you are using a two-factor authentication that satisfies

    • Something you know and something you are
    • Something you have and something you know
    • Something you have and something you are
    • Something you are and something you remember
  18. What is the difference between the AES and RSA algorithms?

    • Both are asymmetric algorithms, but RSA uses 1024-bit keys.
    • RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data.
    • Both are symmetric algorithms, but AES uses 256-bit keys.
    • AES is asymmetric, which is used to create a public/private key pair; RSA is symmetric, which is used to encrypt data.
  19. Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism?

    312-50 Part 21 Q19 023
    312-50 Part 21 Q19 023

    Output:
    Segmentation fault

    • C#
    • Python
    • Java
    • C++
  20. The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. Also he needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he applied his ACL configuration in the router nobody can access to the ftp and the permitted hosts cannot access to the Internet. According to the next configuration what is happening in the network?

    312-50 Part 21 Q20 024
    312-50 Part 21 Q20 024
    • The ACL 110 needs to be changed to port 80
    • The ACL for FTP must be before the ACL 110
    • The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router
    • The ACL 104 needs to be first because is UDP