312-50v10 : Certified Ethical Hacker v10 Exam : Part 08

  1. To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?

    • If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit
    • If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit
    • If (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port matches 443) then permit
    • If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit
  2. If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used?

    • Spoof Scan
    • TCP SYN 
    • TCP Connect scan
    • Idle scan
  3. There are several ways to gain insight on how a cryptosystem works with the goal of reverse engineering the process. A term describes when two pieces of data result in the value is?

    • Polymorphism
    • Escrow
    • Collusion
    • Collision 
  4. A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm’s public facing web servers. The engineer decides to start by using netcat to port 80.
    The engineer receives this output:

    HTTP/1.1 200 OK
    Server: Microsoft-IIS/6
    Expires: Tue, 17 Jan 2011 01:41:33 GMT
    Date: Mon, 16 Jan 2011 01:41:33 GMT
    Content-Type: text/html
    Accept-Ranges: bytes
    Last-Modified: Wed, 28 Dec 2010 15:32:21 GMT
    ETag: “b0aac0542e25c31:89d”
    Content-Length: 7369

    Which of the following is an example of what the engineer performed?

    • Cross-site scripting
    • Banner grabbing
    • SQL injection
    • Who is database query
  5. A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing – Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str… corporate network. What tool should the analyst use to perform a Blackjacking attack?

    • Paros Proxy
    • BBProxy 
    • Blooover
    • BBCrack
  6. What attack is used to crack passwords by using a precomputed table of hashed passwords?

    • Brute Force Attack
    • Rainbow Table Attack 
    • Dictionary Attack
    • Hybrid Attack
  7. The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive.

    Which of the following is being described?

    • Multi-cast mode
    • Promiscuous mode
    • WEM
    • Port forwarding
  8. A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named “nc.” The FTP server’s access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server’s software. The “ps” command shows that the “nc” file is running as process, and the netstat command shows the “nc” process is listening on a network port.

    What kind of vulnerability must be present to make this remote attack possible?

    • File system permissions
    • Privilege escalation
    • Directory traversal
    • Brute force login
  9. When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners. What proxy tool will help you find web vulnerabilities?

    • Burpsuite
    • Maskgen
    • Dimitry
    • Proxychains
  10. By using a smart card and pin, you are using a two-factor authentication that satisfies

    • Something you know and something you are
    • Something you have and something you know
    • Something you have and something you are
    • Something you are and something you remember
  11. Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and that are related to various aspects in information security such as data confidentially, data integrity, authentication, and non-repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.

    Basic example to understand how cryptography works is given below:

    312-50v10 Part 08 Q11 005
    312-50v10 Part 08 Q11 005

    Which of the following choices true about cryptography?

    • Algorithm is not the secret; key is the secret.
    • Public-key cryptography, also known as asymmetric cryptography, public key is for decrypt, private key is for encrypt.
    • Secure Sockets Layer (SSL) use the asymmetric encryption both (public/private key pair) to deliver the shared session key and to achieve a communication way. 
    • Symmetric-key algorithms are a class of algorithms for cryptography that use the different cryptographic keys for both encryption of plaintext and decryption of ciphertext.
  12. What is the difference between the AES and RSA algorithms?

    • Both are symmetric algorithms, but AES uses 256-bit keys
    • AES is asymmetric, which is used to create a public/private key pair; RSA is symmetric, which is used to encrypt data
    • Both are asymmetric algorithms, but RSA uses 1024-bit keys
    • RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data
  13. In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the passkey in a matter of seconds. This security flaw led to a network invasion of TJ Maxx and data theft through a technique known as wardriving.

    Which Algorithm is this referring to?

    • Wired Equivalent Privacy (WEP)
    • Wi-Fi Protected Access (WPA)
    • Wi-Fi Protected Access 2 (WPA2)
    • Temporal Key Integrity Protocol (TKIP)
  14. You are an Ethical Hacker who is auditing the ABC company. When you verify the NOC one of the machines has 2 connections, one wired and the other wireless. When you verify the configuration of this Windows system you find two static routes.

    route add 10.0.0.0 mask 255.0.0.0 10.0.0.1
    route add 0.0.0.0 mask 255.0.0.0 199.168.0.1

    What is the main purpose of those static routes?

    • Both static routes indicate that the traffic is external with different gateway.
    • The first static route indicates that the internal traffic will use an external gateway and the second static route indicates that the traffic will be rerouted.
    • Both static routes indicate that the traffic is internal with different gateway.
    • The first static route indicates that the internal addresses are using the internal gateway and the second static route indicates that all the traffic that is not internal must go to an external gateway.
  15. An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.

    What is the most likely cause?

    • The network devices are not all synchronized.
    • Proper chain of custody was not observed while collecting the logs.
    • The attacker altered or erased events from the logs.
    • The security breach was a false positive.
  16. An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses.

    In which order should he perform these steps?

    • The sequence does not matter. Both steps have to be performed against all hosts.
    • First the port scan to identify interesting services and then the ping sweep to find hosts responding to icmp echo requests.
    • First the ping sweep to identify live hosts and then the port scan on the live hosts. This way he saves time.
    • The port scan alone is adequate. This way he saves time.
  17. Look at the following output. What did the hacker accomplish?

    312-50v10 Part 08 Q17 006
    312-50v10 Part 08 Q17 006
    • The hacker used who is to gather publicly available records for the domain.
    • The hacker used the “fierce” tool to brute force the list of available domains.
    • The hacker listed DNS records on his own domain.
    • The hacker successfully transferred the zone and enumerated the hosts.
  18. Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

    • Application Layer
    • Data tier
    • Presentation tier
    • Logic tier
  19. An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?

    • Use fences in the entrance doors.
    • Install a CCTV with cameras pointing to the entrance doors and the street.
    • Use an IDS in the entrance doors and install some of them near the corners.
    • Use lights in all the entrance doors and along the company’s perimeter.
  20. Bob learned that his username and password for a popular game has been compromised. He contacts the company and resets all the information. The company suggests he use two-factor authentication; which option below offers that?

    • A fingerprint scanner and his username and password 
    • His username and a stronger password
    • A new username and password
    • Disable his username and use just a fingerprint scanner