312-50v10 : Certified Ethical Hacker v10 Exam : Part 03

  1. Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

    • SQL injection attack
    • Cross-Site Scripting (XSS)
    • LDAP Injection attack
    • Cross-Site Request Forgery (CSRF)
  2. This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.

    Which of the following tools is being described?

    • wificracker
    • Airguard
    • WLAN-crack
    • Aircrack-ng
  3. The following is part of a log file taken from the machine on the network with the IP address of 192.168.0.110:

    312-50v10 Part 03 Q03 003
    312-50v10 Part 03 Q03 003

    What type of activity has been logged?

    • Teardrop attack targeting 192.168.0.110
    • Denial of service attack targeting 192.168.0.105
    • Port scan targeting 192.168.0.110
    • Port scan targeting 192.168.0.105
  4. You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?

    • nmap -A – Pn
    • nmap -sP -p-65535 -T5
    • nmap -sT -O -T0
    • nmap -A –host-timeout 99 -T1
  5. Bob, your senior colleague, has sent you a mail regarding aa deal with one of the clients. You are requested to accept the offer and you oblige.

    After 2 days, Bob denies that he had ever sent a mail.

    What do you want to “know” to prove yourself that it was Bob who had send a mail?

    • Confidentiality
    • Integrity
    • Non-Repudiation
    • Authentication
  6. What is attempting an injection attack on a web server based on responses to True/False questions called?

    • DMS-specific SQLi
    • Compound SQLi
    • Blind SQLi
    • Classic SQLi
  7. The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?

    • ACK
    • SYN
    • RST
    • SYN-ACK
  8. You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?

    • Snort
    • Nmap
    • Cain & Abel
    • Nessus
  9. Which of the following will perform an Xmas scan using NMAP?

    • nmap -sA 192.168.1.254
    • nmap -sP 192.168.1.254
    • nmap -sX 192.168.1.254
    • nmap -sV 192.168.1.254
  10. Code injection is a form of attack in which a malicious user:

    • Inserts text into a data field that gets interpreted as code
    • Gets the server to execute arbitrary code using a buffer overflow
    • Inserts additional code into the JavaScript running in the browser
    • Gains access to the codebase on the server and inserts new code
  11. The collection of potentially actionable, overt, and publicly available information is known as

    • Open-source intelligence
    • Human intelligence
    • Social intelligence
    • Real intelligence
  12. Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?

    • [cache:]
    • [site:]
    • [inurl:]
    • [link:]
  13. This asymmetry cipher is based on factoring the product of two large prime numbers.

    What cipher is described above?

    • SHA
    • RSA
    • MD5
    • RC5
  14. Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules.

    Which of the following types of firewalls can protect against SQL injection attacks?

    • Data-driven firewall
    • Stateful firewall
    • Packet firewall
    • Web application firewall
  15. During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network.

    What is this type of DNS configuration commonly called?

    • DynDNS
    • DNS Scheme
    • DNSSEC
    • Split DNS
  16. In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?

    • Chosen-plaintext attack
    • Ciphertext-only attack
    • Adaptive chosen-plaintext attack
    • Known-plaintext attack
  17. Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user’s browser to send malicious requests they did not intend?

    • Command Injection Attacks
    • File Injection Attack
    • Cross-Site Request Forgery (CSRF)
    • Hidden Field Manipulation Attack
  18. Which is the first step followed by Vulnerability Scanners for scanning a network?

    • TCP/UDP Port scanning
    • Firewall detection
    • OS Detection
    • Checking if the remote host is alive
  19. Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

    • Linux
    • Unix
    • OS X
    • Windows
  20. Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the following attack scenarios will compromise the privacy of her data?

    • None of these scenarios compromise the privacy of Alice’s data
    • Agent Andrew subpoenas Alice, forcing her to reveal her private key. However, the cloud server successfully resists Andrew’s attempt to access the stored data
    • Hacker Harry breaks into the cloud server and steals the encrypted data
    • Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before