312-50v10 : Certified Ethical Hacker v10 Exam : Part 14

  1. While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user?

    • Clickjacking
    • Cross-Site Scripting
    • Cross-Site Request Forgery 
    • Web form input validation
  2. Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: -Verifies success or failure of an attack – Monitors system activities – Detects attacks that a network-based IDS fails to detect. – Near real-time detection and response – Does not require additional hardware – Lower entry cost. Which type of IDS is best suited for Tremp’s requirements?

    • Network-based IDS
    • Open source-based IDS
    • Host-based IDS 
    • Gateway-based IDS
  3. Which of the following parameters describe LM Hash:

    I – The maximum password length is 14 characters
    II – There are no distinctions between uppercase and lowercase
    III – The password is split into two 7-byte halves

    • II
    • I
    • I, II, and III
    • I and II
  4. Which of the following is not a Bluetooth attack?

    • Bluesnarfing
    • Bluedriving
    • Bluesmacking
    • Bluejacking
  5. The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP’s Top Ten Project Most Critical Web Application Security Risks?

    • Cross Site Scripting
    • Injection 
    • Path disclosure
    • Cross Site Request Forgery
  6. A pen-tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?

    • Winprom
    • Libpcap
    • Winpsw
    • Winpcap 
  7. Analyst is investigating proxy logs and found out that one of the internal user visited website storing suspicious java scripts. After opening one of them, he noticed that it is very hard to understand the code and that all codes differ from the typical java script. What is the name of this technique to hide the code and extend analysis time?

    • Steganography
    • Code encoding
    • Obfuscation 
    • Encryption
  8. During the security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?

    • Create a procedures document
    • Terminate the audit
    • Conduct compliance testing
    • Identify and evaluate existing practices 
  9. You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg:““FTP on the network!””;)

    • A firewall IPTable
    • FTP Server rule
    • A Router IPTable
    • An Intrusion Detection System 
  10. While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences. He then decided to conduct: nmap –Pn –p –sl kiosk.adobe.com www.riaa.com kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using “-sl” with Nmap?

    • Conduct stealth scan
    • Conduct ICMP scan
    • Conduct IDLE scan 
    • Conduct silent scan
  11. What is the process of logging, recording, and resolving events that take place in an organization?

    • Incident Management Process 
    • Security Policy
    • Internal Procedure
    • Metrics
  12. During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

    • Circuit
    • Stateful
    • Application 
    • Packet Filtering
  13. The change of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1(100%). What is the closest approximate cost of this replacement and recovery operation per year?

    • $1320
    • $440
    • $100
    • $146
  14. Which of the following is an extremely common IDS evasion technique in the web world?

    • Unicode Characters
    • Subnetting
    • Port Knocking
    • Spyware
  15. You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?

    • ICMP
    • TCP 
    • UPX
    • UPD
  16. What is a “Collision attack” in cryptography?

    • Collision attacks try to get the public key
    • Collision attacks try to break the hash into three parts to get the plaintext value
    • Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key
    • Collision attacks try to find two inputs producing the same hash
  17. Which of the following is the successor of SSL?

    • GRE
    • IPSec
    • RSA
    • TLS 
  18. This international organization regulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach. Which of the following organization is being described?

    • Institute of Electrical and Electronics Engineers(IEEE)
    • International Security Industry Organization (ISIO)
    • Center for Disease Control (CDC)
    • Payment Card Industry (PCI) 
  19. Which of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server? The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.

    • Stacheldraht
    • LOIC
    • R-U-Dead-Yet? (RUDY) 
    • MyDoom
  20. WPA2 uses AES for wireless data encryption at which of the following encryption levels?

    • 64 bit and CCMP
    • 128 bit and CRC
    • 128 bit and CCMP 
    • 128 bi and TKIP