Last Updated on July 23, 2021 by InfraExam

312-50 : CEH Certified Ethical Hacker (312-50v9) : Part 27

  1. Which of the following command line switch would you use for OS detection in Nmap?

    • -D
    • -O
    • -P
    • –X
  2. Why would an attacker want to perform a scan on port 137?

    • To discover proxy servers on a network
    • To disrupt the NetBIOS SMB service on the target host
    • To check for file and print sharing on Windows systems
    • To discover information about a target host using NBTSTAT
  3. Which Type of scan sends a packets with no flags set?

    • Open Scan
    • Null Scan
    • Xmas Scan
    • Half-Open Scan
  4. Sandra has been actively scanning the client network on which she is doing a vulnerability assessment test.

    While conducting a port scan she notices open ports in the range of 135 to 139.

    What protocol is most likely to be listening on those ports?

    • Finger
    • FTP
    • Samba
    • SMB
  5. SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. This protocol has long been used by hackers to gather great amount of information about remote hosts. Which of the following features makes this possible? (Choose two.)

    • It used TCP as the underlying protocol.
    • It uses community string that is transmitted in clear text.
    • It is susceptible to sniffing.
    • It is used by all network devices on the market.
  6. Bob is acknowledged as a hacker of repute and is popular among visitors of “underground” sites.

    Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.

    In this context, what would be the most effective method to bridge the knowledge gap between the “black” hats or crackers and the “white” hats or computer security professionals? (Choose the test answer.)

    • Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.
    • Hire more computer security monitoring personnel to monitor computer systems and networks.
    • Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.
    • Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.
  7. Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool “SIDExtractor”. Here is the output of the SIDs:

    312-50 Part 27 Q07 030
    312-50 Part 27 Q07 030

    From the above list identify the user account with System Administrator privileges.

    • John
    • Rebecca
    • Sheela
    • Shawn
    • Somia
    • Chang
    • Micah
  8. Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing “server publishing”?

    • Overloading Port Address Translation
    • Dynamic Port Address Translation
    • Dynamic Network Address Translation
    • Static Network Address Translation
  9. What is the following command used for?

    net use \targetipc$ "" /u:""
    • Grabbing the etc/passwd file
    • Grabbing the SAM
    • Connecting to a Linux computer through Samba.
    • This command is used to connect as a null session
    • Enumeration of Cisco routers
  10. What is the proper response for a NULL scan if the port is closed?

    • SYN
    • ACK
    • FIN
    • PSH
    • RST
    • No response
  11. One of your team members has asked you to analyze the following SOA record.

    What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)

    • 200303028
    • 3600
    • 604800
    • 2400
    • 60
    • 4800
  12. One of your team members has asked you to analyze the following SOA record. What is the version?

    Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.) (Choose four.)

    • 200303028
    • 3600
    • 604800
    • 2400
    • 60
    • 4800
  13. MX record priority increases as the number increases. (True/False.)

    • True
    • False
  14. Which of the following tools can be used to perform a zone transfer?

    • NSLookup
    • Finger
    • Dig
    • Sam Spade
    • Host
    • Netcat
    • Neotrace
  15. Under what conditions does a secondary name server request a zone transfer from a primary name server?

    • When a primary SOA is higher that a secondary SOA
    • When a secondary SOA is higher that a primary SOA
    • When a primary name server has had its service restarted
    • When a secondary name server has had its service restarted
    • When the TTL falls to zero
  16. What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?

    • 110
    • 135
    • 139
    • 161
    • 445
    • 1024
  17. What is a NULL scan?

    • A scan in which all flags are turned off
    • A scan in which certain flags are off
    • A scan in which all flags are on
    • A scan in which the packet size is set to zero
    • A scan with an illegal packet size
  18. What is the proper response for a NULL scan if the port is open?

    • SYN
    • ACK
    • FIN
    • PSH
    • RST
    • No response
  19. Which of the following statements about a zone transfer is correct? (Choose three.)

    • A zone transfer is accomplished with the DNS
    • A zone transfer is accomplished with the nslookup service
    • A zone transfer passes all zone information that a DNS server maintains
    • A zone transfer passes all zone information that a nslookup server maintains
    • A zone transfer can be prevented by blocking all inbound TCP port 53 connections
    • Zone transfers cannot occur on the Internet
  20. You have the SOA presented below in your Zone.

    Your secondary servers have not been able to contact your primary server to synchronize information. How long will the secondary servers attempt to contact the primary server before it considers that zone is dead and stops responding to queries?

    collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)

    • One day
    • One hour
    • One week
    • One month