Last Updated on July 23, 2021 by InfraExam
312-50 : CEH Certified Ethical Hacker (312-50v9) : Part 24
While doing a technical assessment to determine network vulnerabilities, you used the TCP XMAS scan. What would be the response of all open ports?
- The port will send an ACK
- The port will send a SYN
- The port will ignore the packets
- The port will send an RST
Which of the following tools is used by pen testers and analysts specifically to analyze links between data using link analysis and graphs?
- Cain & Abel
If you are to determine the attack surface of an organization, which of the following is the BEST thing to do?
- Running a network scan to detect network services in the corporate DMZ
- Reviewing the need for a security clearance for each employee
- Using configuration management to determine when and where to apply security patches
- Training employees on the security policy regarding social engineering
What is the best Nmap command to use when you want to list all devices in the same network quickly after you successfully identified a server whose IP address is 10.10.0.5?
- nmap -T4 -F 10.10.0.0/24
- nmap -T4 -q 10.10.0.0/24
- nmap -T4 -O 10.10.0.0/24
- nmap -T4 -r 10.10.1.0/24
You’ve just discovered a server that is currently active within the same network with the machine you recently compromised. You ping it but it did not respond. What could be the case?
- TCP/IP doesn’t support ICMP
- ARP is disabled on the target server
- ICMP could be disabled on the target server
- You need to run the ping command with root privileges
What tool should you use when you need to analyze extracted metadata from files you collected when you were in the initial stage of penetration test (information gathering)?
Which of the following is NOT an ideal choice for biometric controls?
- Iris patterns
- Height and weight
While you were gathering information as part of security assessments for one of your clients, you were able to gather data that show your client is involved with fraudulent activities. What should you do?
- Immediately stop work and contact the proper legal authorities
- Ignore the data and continue the assessment until completed as agreed
- Confront the client in a respectful manner and ask her about the data
- Copy the data to removable media and keep it in case you need it
In order to prevent particular ports and applications from getting packets into an organization, what does a firewall check?
- Network layer headers and the session layer port numbers
- Presentation layer headers and the session layer port numbers
- Application layer port numbers and the transport layer headers
- Transport layer port numbers and application layer headers
Suppose you’ve gained access to your client’s hybrid network. On which port should you listen to in order to know which Microsoft Windows workstations has its file sharing enabled?
Which of the following BEST describes the mechanism of a Boot Sector Virus?
- Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR
- Moves the MBR to another location on the RAM and copies itself to the original location of the MBR
- Overwrites the original MBR and only executes the new virus code
- Modifies directory table entries so that directory entries point to the virus code instead of the actual program
What is the term coined for logging, recording and resolving events in a company?
- Internal Procedure
- Security Policy
- Incident Management Process
XOR is a common cryptographic tool. 10110001 XOR 00111010 is?
A server has been infected by a certain type of Trojan. The hacker intended to utilize it to send and host junk mails. What type of Trojan did the hacker use?
- Turtle Trojans
- Ransomware Trojans
- Botnet Trojan
- Banking Trojans
First thing you do every office day is to check your email inbox. One morning, you received an email from your best friend and the subject line is quite strange. What should you do?
- Delete the email and pretend nothing happened.
- Forward the message to your supervisor and ask for her opinion on how to handle the situation.
- Forward the message to your company’s security response team and permanently delete the message from your computer.
- Reply to the sender and ask them for more information about the message contents.
LM hash is a compromised password hashing function. Which of the following parameters describe LM Hash:?
I – The maximum password length is 14 characters.
II – There are no distinctions between uppercase and lowercase.
III – It’s a simple algorithm, so 10,000,000 hashes can be generated per second.
- I, II, and III
- I and II
Defining rules, collaborating human workforce, creating a backup plan, and testing the plans are within what phase of the Incident Handling Process?
- Preparation phase
- Containment phase
- Recovery phase
- Identification phase
Which of the following BEST describes how Address Resolution Protocol (ARP) works?
- It sends a reply packet for a specific IP, asking for the MAC address
- It sends a reply packet to all the network elements, asking for the MAC address from a specific IP
- It sends a request packet to all the network elements, asking for the domain name from a specific IP
- It sends a request packet to all the network elements, asking for the MAC address from a specific IP
Which of the following is a form of penetration testing that relies heavily on human interaction and often involves tricking people into breaking normal security procedures?
- Social Engineering
What tool and process are you going to use in order to remain undetected by an IDS while pivoting and passing traffic over a server you’ve compromised and gained root access to?
- Install and use Telnet to encrypt all outgoing traffic from this server.
- Install Cryptcat and encrypt outgoing packets from this server.
- Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection Systems.
- Use Alternate Data Streams to hide the outgoing packets from this server.