312-50v11 : Certified Ethical Hacker v11 Exam : Part 06

  1. While using your bank’s online servicing you notice the following string in the URL bar:
    “http://www.MyPersonalBank.com/account?id=368940911028389&Damount=10980&Camount=21”

    You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes.

    Which type of vulnerability is present on this site?

    • Cookie Tampering
    • SQL Injection
    • Web Parameter Tampering
    • XSS Reflection
  2. The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?

    • ACK
    • SYN
    • RST
    • SYN-ACK
  3. Which type of security feature stops vehicles from crashing through the doors of a building?

    • Bollards
    • Receptionist
    • Mantrap
    • Turnstile
  4. The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. Which of the following options can be useful to ensure the integrity of the data?

    • The CFO can use a hash algorithm in the document once he approved the financial statements
    • The CFO can use an excel file with a password
    • The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document
    • The document can be sent to the accountant using an exclusive USB for that document
  5. What is the purpose of a demilitarized zone on a network?

    • To scan all traffic coming through the DMZ to the internal network
    • To only provide direct access to the nodes within the DMZ and protect the network behind it
    • To provide a place to put the honeypot
    • To contain the network devices you wish to protect
  6. Which of the following Linux commands will resolve a domain name into IP address?

    • >host-t a hackeddomain.com
    • >host-t ns hackeddomain.com
    • >host -t soa hackeddomain.com
    • >host -t AXFR hackeddomain.com
  7. Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

    • Linux
    • Unix
    • OS X
    • Windows
  8. Which regulation defines security and privacy controls for Federal information systems and organizations?

    • HIPAA
    • EU Safe Harbor
    • PCI-DSS
    • NIST-800-53
  9. What is a “Collision attack” in cryptography?

    • Collision attacks try to get the public key
    • Collision attacks try to break the hash into three parts to get the plaintext value
    • Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key
    • Collision attacks try to find two inputs producing the same hash
  10. Which of the following tools can be used for passive OS fingerprinting?

    • nmap
    • tcpdump
    • tracert
    • ping
  11. Which of the following describes the characteristics of a Boot Sector Virus?

    • Modifies directory table entries so that directory entries point to the virus code instead of the actual program.
    • Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.
    • Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.
    • Overwrites the original MBR and only executes the new virus code.
  12. Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?

    • Use the built-in Windows Update tool
    • Use a scan tool like Nessus
    • Check MITRE.org for the latest list of CVE findings
    • Create a disk image of a clean Windows installation
  13. Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

    • nessus
    • tcpdump
    • ethereal
    • jack the ripper
  14. DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

    • Spanning tree
    • Dynamic ARP Inspection (DAI)
    • Port security
    • Layer 2 Attack Prevention Protocol (LAPP)
  15. Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students.

    He identified this when the IDS alerted for malware activities in the network.

    What should Bob do to avoid this problem?

    • Disable unused ports in the switches
    • Separate students in a different VLAN
    • Use the 802.1x protocol
    • Ask students to use the wireless network
  16. A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?

    • tcp.port = = 21
    • tcp.port = 23
    • tcp.port = = 21 | | tcp.port = =22
    • tcp.port ! = 21
  17. You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ““FTP on the network!””;)

    • A firewall IPTable
    • FTP Server rule
    • A Router IPTable
    • An Intrusion Detection System
  18. Which of the following program infects the system boot sector and the executable files at the same time?

    • Polymorphic virus
    • Stealth virus
    • Multipartite Virus
    • Macro virus
  19. To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.

    What term is commonly used when referring to this type of testing?

    • Randomizing
    • Bounding
    • Mutating
    • Fuzzing
  20. An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network’s external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

    • Protocol analyzer
    • Network sniffer
    • Intrusion Prevention System (IPS)
    • Vulnerability scanner