Ceh V9

1. Which of the following countermeasure can specifically protect against both the MAC Flood and MAC Spoofing attacks?

Configure Port Security on the switch

Install antivirus software on the network devices.

Enable the firewall on the router.

Implement intrusion detection systems (IDS).

Configuring Port Security on the switch allows you to restrict the number of MAC addresses that can be learned on a specific port, preventing MAC Flood attacks. Additionally, Port Security can detect and block MAC Spoofing attempts by only allowing specific MAC addresses to communicate through the port.

Explanation

Configuring Port Security on the switch allows you to restrict the number of MAC addresses that can be learned on a specific port, preventing MAC Flood attacks. Additionally, Port Security can detect and block MAC Spoofing attempts by only allowing specific MAC addresses to communicate through the port.

2. What technique does an attacker use to compromise a database by taking advantage of poorly designed input validation routines?

Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate a target system

Phishing attack

Cross-site scripting attack

Man-in-the-middle attack

An SQL injection attack allows an attacker to manipulate SQL queries to gain unauthorized access to a database.

Explanation

An SQL injection attack allows an attacker to manipulate SQL queries to gain unauthorized access to a database.

3. What technique involves splitting a datagram into multiple fragments to evade IDS detection?

Port Scanning

IP Fragmentation or Session Splicing

Protocol Spoofing

Packet Encryption

IP Fragmentation or Session Splicing involves splitting a datagram into multiple fragments, making it harder for IDS to detect the true nature of the datagram. Packet Encryption, Port Scanning, and Protocol Spoofing are other techniques used for security purposes but do not specifically involve splitting datagrams in the same way.

Explanation

IP Fragmentation or Session Splicing involves splitting a datagram into multiple fragments, making it harder for IDS to detect the true nature of the datagram. Packet Encryption, Port Scanning, and Protocol Spoofing are other techniques used for security purposes but do not specifically involve splitting datagrams in the same way.

4. If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of business, they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they will be in the organization. How would you prevent such type of attacks?

Rely solely on the interview process to screen potential candidates.

Consider hiring only internal referrals to reduce risk.

Conduct thorough background checks before you engage them

Implement strict non-disclosure agreements upon hiring.

The correct answer to prevent such attacks is conducting thorough background checks to ensure the candidate's credibility and prevent any malicious intent in the hiring process.

Explanation

The correct answer to prevent such attacks is conducting thorough background checks to ensure the candidate's credibility and prevent any malicious intent in the hiring process.

5. Which type of Port Scanning technique splits TCP header into several packets so that the packet filters are not able to detect what the packets intend to do?

IP Fragment Scanning

XMAS Scan

SYN Flood Scanning

Null Scan

IP Fragment Scanning is a technique where the TCP header is split into multiple IP fragments to evade detection by packet filters. SYN Flood Scanning floods the target with SYN packets, Null Scan sends packets with no flag set, and XMAS Scan sets various flags to detect open ports.

Explanation

IP Fragment Scanning is a technique where the TCP header is split into multiple IP fragments to evade detection by packet filters. SYN Flood Scanning floods the target with SYN packets, Null Scan sends packets with no flag set, and XMAS Scan sets various flags to detect open ports.

6. What is the term used to describe the activity of Joel and her team going through tons of garbage, recycled paper, and other rubbish in order to find information about the target they are attempting to penetrate?

Garbage Gleaning

Rubbish Rummaging

Dumpster Diving

Trash Treasuring

Dumpster Diving is the term used to describe the activity of searching through waste in order to find valuable information. The other options do not accurately capture the concept of going through garbage for information.

Explanation

Dumpster Diving is the term used to describe the activity of searching through waste in order to find valuable information. The other options do not accurately capture the concept of going through garbage for information.

7. In which situations would you want to use anonymizer? (Select 3 answers).

To track your online activity and sell the data to third parties

To speed up internet connection by accessing websites through a proxy server

To protect your privacy and Identity on the InternetTo bypass blocking applications that would prevent access to Web sites or parts of sites that you want to visit.Post negative entries in blogs without revealing your IP identity

To share personal information freely without any consequences

An anonymizer is used primarily to protect privacy and identity, bypass blocking applications, and post anonymously. The incorrect answers do not align with the usual purpose of using an anonymizer.

Explanation

An anonymizer is used primarily to protect privacy and identity, bypass blocking applications, and post anonymously. The incorrect answers do not align with the usual purpose of using an anonymizer.

8. What type of attack involves an unauthorized individual intercepting communication between two parties?

Phishing Attack

Denial-of-Service (DoS) Attack

Buffer Overflow Attack

Man-in-the-Middle (MiTM) Attack

A Man-in-the-Middle (MiTM) attack occurs when a third party intercepts communication between two parties without their knowledge. It can lead to eavesdropping, data theft, and more.

Explanation

A Man-in-the-Middle (MiTM) attack occurs when a third party intercepts communication between two parties without their knowledge. It can lead to eavesdropping, data theft, and more.

9. What kind of attack is being illustrated in the scenario provided?

Social Engineering

SQL Injection

Phishing

Denial of Service

In the scenario, Jack uses manipulation and deception to trick Jane into revealing her password by pretending to be someone he is not. This type of attack is known as Social Engineering, where the attacker exploits human psychology to gain access to sensitive information.

Explanation

In the scenario, Jack uses manipulation and deception to trick Jane into revealing her password by pretending to be someone he is not. This type of attack is known as Social Engineering, where the attacker exploits human psychology to gain access to sensitive information.

10. How can you defend against ARP Spoofing?

Enable WEP encryption on the network

Ignore ARP requests from unknown devices

Install antivirus software on all devices

Use ARPWALL system and block ARP spoofing attacksUse private VLANSPlace static ARP entries on servers,workstation and routers

11. TCP SYN Flood attack uses the three-way handshake mechanism. An attacker at system A sends a SYN packet to victim at system B. System B sends a SYN/ACK packet to victim A. As a normal three-way handshake mechanism system A should send an ACK packet to system B, however, system A does not send an ACK packet to system B. In this case client B is waiting for an ACK packet from client A. This status of client B is called_______________.

Partially connected

Semi open

"half open"

Closed half

The correct term for the state of client B waiting for an ACK packet from client A in TCP SYN Flood attack is 'half open'.

Explanation

The correct term for the state of client B waiting for an ACK packet from client A in TCP SYN Flood attack is 'half open'.

12. What technique was used by the Kiley Innovators employee to send information to the rival marketing company?

The employee used phishing to trick the rival marketing company into revealing information.

The employee used ransomware to encrypt the information before sending it to the rival marketing company.

The employee used steganography to hide information in the picture attachments

The employee used keylogging to capture sensitive information and send it to the rival marketing company.

13. You run nmap port Scan on 10.0.0.5 and attempt to gain banner/server information from services running on ports 21, 110 and 123. Here is the output of your scan results:Which of the following nmap command did you run?

Nmap -A -p21,110,123 10.0.0.5

Nmap -sS -p21,110,123 10.0.0.5

Nmap -O -sV -p21,110,123 10.0.0.5

Nmap -T4 -A -p21,110,123 10.0.0.5

The correct nmap command for this scenario should include the options -O (perform OS detection), -sV (probe open ports to determine service/version info) and -p21,110,123 (specify ports 21, 110, and 123). The incorrect answers either lack the necessary options for gaining server information or use different scan types that do not match the desired outcome.

Explanation

The correct nmap command for this scenario should include the options -O (perform OS detection), -sV (probe open ports to determine service/version info) and -p21,110,123 (specify ports 21, 110, and 123). The incorrect answers either lack the necessary options for gaining server information or use different scan types that do not match the desired outcome.

14. How can you prevent Privilege Escalation?

Disable all security protocols

Grant full admin rights to all users

Install more memory on the server

Use encryption to protect sensitive dataRestrict the interactive logon privilegesRun services as unprivileged accountsRun users and applications on the least privileges

Privilege Escalation is a security issue where an attacker gains elevated privileges on a system. The correct measures to prevent Privilege Escalation include using encryption to protect data, restricting interactive logon privileges, running services as unprivileged accounts, and ensuring users and applications run on the least privileges. Installing more memory, granting full admin rights to all users, or disabling security protocols will not effectively prevent Privilege Escalation.

Explanation

Privilege Escalation is a security issue where an attacker gains elevated privileges on a system. The correct measures to prevent Privilege Escalation include using encryption to protect data, restricting interactive logon privileges, running services as unprivileged accounts, and ensuring users and applications run on the least privileges. Installing more memory, granting full admin rights to all users, or disabling security protocols will not effectively prevent Privilege Escalation.

15. What does ICMP (type 11, code 0) denote?

Time Exceeded

Destination Unreachable

Echo Reply

Fragmentation Needed

ICMP (type 11, code 0) denotes Time Exceeded, which is used by routers to indicate that a packet has expired its time to live (TTL) value or it encountered a routing loop.

Explanation

ICMP (type 11, code 0) denotes Time Exceeded, which is used by routers to indicate that a packet has expired its time to live (TTL) value or it encountered a routing loop.

16. You are the security administrator of Jaco Banking Systems located in Boston. You are setting up e-banking website (https://www.ejacobank.com) authentication system. Instead of issuing banking customer with a single password, you give them a printed list of 100 unique passwords. Each time the customer needs to log into the e-banking system website, the customer enters the next password on the list. If someone sees them type the password using shoulder surfing, MiTM or keyloggers, then no damage is done because the password will not be accepted a second time. Once the list of 100 passwords is almost finished, the system automatically sends out a new password list by encrypted e-mail to the customer. You are confident that this security implementation will protect the customer from password abuse. Two months later, a group of hackers called 'HackJihad' found a way to access the one-time password list issued to customers of Jaco Banking Systems. The hackers set up a fake website (https://www.e-jacobank.com) and used phishing attacks to direct ignorant customers to it. The fake website asked users for their e-banking username and password, and the next unused entry from their one-time password sheet. The hackers collected 200 customer's username/passwords this way. They transferred money from the customer's bank account to various offshore accounts. Your decision of password policy implementation has cost the bank with USD 925,000 to hackers. You immediately shut down the e-banking website while figuring out the next best security solution. What effective security solution will you recommend in this case?

Use biometric authentication system for e-banking login

Continue with the usage of one-time password lists with improved encryption

Implement RSA SecureID based authentication system

Implement SMS-based 2-factor authentication system

17. How does a polymorphic shellcode work?

They encrypt the shellcode by XORing values over the shellcode,using loader code to decrypt the shellcode,and then executing the decrypted shellcode

It relies on the use of basic encryption algorithms to hide the shellcode.

It obfuscates the shellcode by changing the file extension.

It uses the same shellcode signature as common IDSs to avoid detection.

Polymorphic shellcode works by encrypting the shellcode using XOR operation, utilizing loader code for decryption, and running the decrypted shellcode. The incorrect answers do not accurately describe how polymorphic shellcode operates.

Explanation

Polymorphic shellcode works by encrypting the shellcode using XOR operation, utilizing loader code for decryption, and running the decrypted shellcode. The incorrect answers do not accurately describe how polymorphic shellcode operates.

18. What is the signature of a SYN Flood attack?

The attacker floods the network with UDP packets.

A large number of SYN packets appearing on a network without the corresponding reply packets

The attacker establishes full TCP connections with the target but does not transmit any data.

An attacker sends large amounts of ICMP packets to a target network.

A SYN Flood attack involves overwhelming a target with SYN packets to exhaust resources and disrupt services by not completing the three-way handshake. The other options do not accurately describe the signature of a SYN Flood attack.

Explanation

A SYN Flood attack involves overwhelming a target with SYN packets to exhaust resources and disrupt services by not completing the three-way handshake. The other options do not accurately describe the signature of a SYN Flood attack.

19. Which of the following type of scanning utilizes an automated process to proactively identify vulnerabilities of the computing systems present on a network?

Port Scanning

Packet Sniffing

Banner Grabbing

Vulnerability Scanning

Vulnerability scanning is a proactive approach to identifying weaknesses in computing systems by using automated tools to scan for known vulnerabilities. Port scanning, packet sniffing, and banner grabbing are different techniques that focus on gathering information about network services and configurations, rather than specifically targeting vulnerabilities.

Explanation

Vulnerability scanning is a proactive approach to identifying weaknesses in computing systems by using automated tools to scan for known vulnerabilities. Port scanning, packet sniffing, and banner grabbing are different techniques that focus on gathering information about network services and configurations, rather than specifically targeting vulnerabilities.

20. The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user: SELECT*FROM OrdersTable WHERE ShipCity = 'Chicago' How will you delete the OrdersTable from the database using SQL Injection?

DELETE FROM OrdersTable;

TRUNCATE TABLE OrdersTable;

DROP TABLE OrdersTable;

Chicago';

In this scenario, the correct SQL injection string to delete the OrdersTable from the database is 'Chicago';'. The incorrect options like DROP TABLE OrdersTable, TRUNCATE TABLE OrdersTable, and DELETE FROM OrdersTable can also have destructive consequences on the database, but they are not the specific string needed to achieve the deletion in this particular situation.

Explanation

In this scenario, the correct SQL injection string to delete the OrdersTable from the database is 'Chicago';'. The incorrect options like DROP TABLE OrdersTable, TRUNCATE TABLE OrdersTable, and DELETE FROM OrdersTable can also have destructive consequences on the database, but they are not the specific string needed to achieve the deletion in this particular situation.

21. What are the limitations of Vulnerability scanners? (Select 2 answers)

Vulnerability scanners are always up-to-date with the latest vulnerabilities

Vulnerability scanners can detect all types of vulnerabilities

There are often better at detecting well-known vulnerabilities than more esoteric onesIt is impossible for any,one scanning product to incorporate all known vulnerabilities in a timely manner

Vulnerability scanners can prevent attacks before they occur

Vulnerability scanners have limitations in their ability to detect all vulnerabilities and may not always be up-to-date with the latest threats, making them less effective at preventing attacks before they occur.

Explanation

Vulnerability scanners have limitations in their ability to detect all vulnerabilities and may not always be up-to-date with the latest threats, making them less effective at preventing attacks before they occur.

22. Stephanie works as a senior security analyst for a manufacturing company in Detroit. Her colleague Jason informed her that he found confidential corporate information leaked on a website. Stephanie wants to see past versions and pages of the website, where can she go?

Stephanie can use Google Cache to view past versions of the website.

Stephanie can go to Archive.org to see past versions of the company website

Stephanie can use a website backup tool like Wayback Machine to view past versions of the website.

Stephanie can contact the company's hosting provider for past website versions.

23. Dan is conducting penetration testing and has found a vulnerability in a Web Application which gave him the sessionID token via a cross site scripting vulnerability. Dan wants to replay this token. However, the session ID manager (on the server) checks the originating IP address as well. Dan decides to spoof his IP address in order to replay the sessionID. Why do you think Dan might not be able to get an interactive session?

The sessionID manager checks the User-Agent header along with the IP address.

The sessionID token is encrypted and cannot be replayed.

The server will send replies back to the spoofed IP address

Spoofing an IP address requires physical access to the server.

24. Jason is questioned about how his company's marketing material ended up in the hands of competitors. He claims to have no knowledge of it. However, his supervisor finds emails sent to the competitors with attached jpg files that contained the marketing material. What technique has Jason most likely used?

Social Engineering

Image Steganography Technique

Phishing Attack

Data Encryption

Jason most likely used the Image Steganography Technique to hide the marketing material within the jpg files. This technique allows information to be concealed within images without altering the visual appearance of the image. Social Engineering, Phishing Attack, and Data Encryption are not likely methods used in this scenario.

Explanation

Jason most likely used the Image Steganography Technique to hide the marketing material within the jpg files. This technique allows information to be concealed within images without altering the visual appearance of the image. Social Engineering, Phishing Attack, and Data Encryption are not likely methods used in this scenario.

25. What type of virus is shown here?

Sparse Infector Virus

Ransomware Virus

Trojan Horse Virus

Worm Virus

The correct answer is Sparse Infector Virus because it is a type of virus that infects files by inserting their code into them, but only does so occasionally and sparingly to avoid detection.

Explanation

The correct answer is Sparse Infector Virus because it is a type of virus that infects files by inserting their code into them, but only does so occasionally and sparingly to avoid detection.