CEH Quiz (101-200) Take This Quiz

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Porterwb
P
Porterwb
Community Contributor
Quizzes Created: 2 | Total Attempts: 1,173
| Attempts: 711
Quiz Flashcard
SettingsSettings
Please wait...
  • 1/100 Questions

    Within the context of Computer Security, which of the following statements describes Social Engineering best?

    • Social Engineering is the act of publicly disclosing information
    • Social Engineering is the means put in place by human resource to perform time accounting
    • Social Engineering is the act of getting needed information from a person rather than breaking into a system
    • Social Engineering is a training program within sociology studies
Please wait...
CEH Quiz (101-200) Take This Quiz - Quiz
About This Quiz

This CEH Quiz (101-200) assesses skills in cybersecurity, focusing on practical scenarios like footprinting, encryption, and attack detection. It's designed for professionals aiming to validate their ethical hacking expertise.

Quiz Preview

  • 2. 

    How does a denial-of-service attack work?

    • A hacker prevents a legitimate user (or group of users) from accessing a service

    • A hacker uses every character, word, or letter he or she can think of to defeat authentication

    • A hacker tries to decipher a password by using a system, which subsequently crashes the network

    • A hacker attemptsto imitate a legitimate user by confusing a computer or even another person

    Correct Answer
    A. A hacker prevents a legitimate user (or group of users) from accessing a service
    Explanation
    In a denial-of-service attack, a hacker intentionally disrupts the availability of a service by overwhelming it with a flood of illegitimate requests or by exploiting vulnerabilities in the system. This prevents legitimate users from accessing the service, causing it to become unavailable or slow down significantly. The hacker may use various techniques such as sending a large volume of traffic, exploiting software vulnerabilities, or conducting a distributed attack using multiple compromised devices. The goal is to exhaust the resources of the targeted service, making it unable to respond to legitimate requests.

    Rate this question:

  • 3. 

    John the hacker is sniffing the network to inject ARP packets. He injects broadcast frames onto the wire to conduct MiTM attack. What is the destination MAC address of a broadcast frame?

    • 0xFFFFFFFFFFFF

    • 0xDDDDDDDDDDDD

    • 0xAAAAAAAAAAAA

    • 0xBBBBBBBBBBBB

    Correct Answer
    A. 0xFFFFFFFFFFFF
    Explanation
    The destination MAC address of a broadcast frame is 0xFFFFFFFFFFFF. In Ethernet, a broadcast frame is sent to all devices on the network, so the destination MAC address is set to the broadcast address, which is represented by all Fs in hexadecimal notation.

    Rate this question:

  • 4. 

    This method is used to determine the Operating system and version running on a remote target system. What is it called?

    • Service Degradation

    • OS Fingerprinting

    • Manual Target System

    • Identification Scanning

    Correct Answer
    A. OS Fingerprinting
    Explanation
    OS fingerprinting is a method used to determine the operating system and version running on a remote target system. This technique involves analyzing network packets or responses from the target system to identify specific characteristics or behaviors that are unique to different operating systems. By analyzing these fingerprints, security professionals can gain valuable information about the target system, which can be used for vulnerability assessment or penetration testing purposes.

    Rate this question:

  • 5. 
    William has received a Chess game from someone in his computer programming class through email. William does not really know the person who sent the game very well, but decides to install the game anyway because he really likes Chess. After William installs the game, he plays it for a couple of hours. The next day, William plays the Chess game again and notices that his machine has begun to slow down. He brings up his Task Manager and sees the following programs running: - ProProfs

    William has received a Chess game from someone in his computer programming class through email. William does not really know the person who sent the game very well, but decides to install the game anyway because he really likes Chess. After William installs the game, he plays it for a couple of hours. The next day, William plays the Chess game again and notices that his machine has begun to slow down. He brings up his Task Manager and sees the following programs running:

    • Zombie Zapper (ZoZ)

    • Remote Access Trojan (RAT)

    • Bot IRC Tunnel (BIT)

    • Root Digger (RD)

    Correct Answer
    A. Remote Access Trojan (RAT)
    Explanation
    The correct answer is Remote Access Trojan (RAT). A RAT is a type of malware that allows an attacker to remotely control a victim's computer. In this scenario, William's computer has been infected with a RAT after installing the Chess game. This explains why his machine has started to slow down and why he sees the RAT program running in his Task Manager. The RAT is likely responsible for the decrease in performance and may also be compromising William's privacy and security by allowing the attacker to access and control his computer remotely.

    Rate this question:

  • 6. 

    You are footprinting an organization and gathering competitive intelligence. You visit the company's website for contact information and telephone numbers but do not find them listed there. You know they had the entire staff directory listed on their website 12 months ago but now it is not there. Is there any way you can retrieve information from a website that is outdated?

    • Visit Google's search engine and view the cached copy

    • Crawl the entire website and store them into your computer

    • Visit Archive.org web site to retrieve the Internet archive of the company's website

    • Visit the company's partners and customers website for this information

    Correct Answer
    A. Visit Archive.org web site to retrieve the Internet archive of the company's website
    Explanation
    The Archive.org website is known for its Wayback Machine feature, which allows users to view archived versions of websites from the past. By visiting the Archive.org website, you can access the Internet archive of the company's website and retrieve the information that was previously listed, including the staff directory and contact information. This can be a useful method to retrieve outdated information from a website that no longer has it listed.

    Rate this question:

  • 7. 

    While testing web applications, you attempt to insert the following test script into the search area on the company's web site:   <script>alert('Testing Testing Testing')</script>   Later, when you press the search button, a pop up box appears on your screen with the text "Testing Testing Testing". What vulnerability is detected in the web application here?

    • Cross Site Scripting

    • Password attacks

    • A Buffer Overflow

    • A hybrid attack

    Correct Answer
    A. Cross Site Scripting
    Explanation
    The vulnerability detected in the web application in this scenario is Cross Site Scripting (XSS). This is evident from the fact that when the test script is inserted into the search area and the search button is pressed, a pop-up box appears on the screen with the text "Testing Testing Testing". This indicates that the web application is not properly sanitizing or validating user input, allowing the execution of malicious scripts.

    Rate this question:

  • 8. 
    What framework architecture is shown in this exhibit? - ProProfs

    What framework architecture is shown in this exhibit?

    • Core Impact

    • Metaspolit

    • Immunity Canvas

    • Nessus

    Correct Answer
    A. Metaspolit
    Explanation
    The correct answer is Metasploit. Metasploit is a framework that provides information about security vulnerabilities and aids in penetration testing. It allows users to exploit vulnerabilities in systems and gain unauthorized access. The exhibit likely shows the architecture of the Metasploit framework, which includes various components and modules used for scanning, exploiting, and post-exploitation activities.

    Rate this question:

  • 9. 

    Yancey is a network security administrator for a large electric company. This company provides power for over 100,000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him. What would Yancey be considered?

    • Yancey would be considered a Suicide Hacker

    • Since he does not care about going to jail, he would be considered a Black Hat

    • Because Yancey works for the company currently; he would be a White Hat

    • Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing

    Correct Answer
    A. Yancey would be considered a Suicide Hacker
    Explanation
    Yancey would be considered a Suicide Hacker because he is willing to face severe consequences, such as going to jail for 30 or more years, in order to take down the company that is downsizing and causing him to lose his job.

    Rate this question:

  • 10. 
    What is the correct order of steps in CEH System Hacking Cycle? - ProProfs

    What is the correct order of steps in CEH System Hacking Cycle?

    • Option A

    • Option B

    • Option C

    • Option D

    Correct Answer
    A. Option A
    Explanation
    The correct order of steps in the CEH System Hacking Cycle is Option A. However, without further information or context, it is not possible to provide a specific explanation for this answer.

    Rate this question:

  • 11. 

    You are the CIO for Avantes Finance International, a global finance company based in Geneva. You are responsible for network functions and logical security throughout the entire corporation. Your company has over 250 servers running Windows Server, 5000 workstations running Windows Vista, and 200 mobile users working from laptops on Windows 7.   Last week, 10 of your company's laptops were stolen from salesmen while at a conference in Amsterdam.  These laptops contained proprietary company information. While doing damage assessment on the possible public relations nightmare this may become, a news story leaks about the stolen laptops and also that sensitive information from those computers was posted to a blog online.   What built-in Windows feature could you have implemented to protect the sensitive information on these laptops?

    • You should have used 3DES which is built into Windows

    • If you would have implemented Pretty Good Privacy (PGP) which is built into Windows, the sensitive information on the laptops would not have leaked out

    • You should have utilized the built-in feature of Distributed File System (DFS) to protect the sensitive information on the laptops

    • You could have implemented Encrypted File System (EFS) to encrypt the sensitive files on the laptops

    Correct Answer
    A. You could have implemented Encrypted File System (EFS) to encrypt the sensitive files on the laptops
    Explanation
    The correct answer suggests that implementing Encrypted File System (EFS) could have protected the sensitive information on the stolen laptops. EFS is a built-in Windows feature that allows users to encrypt individual files and folders, providing an additional layer of security. By encrypting the sensitive files on the laptops, even if the laptops are stolen, the information would remain encrypted and inaccessible to unauthorized users. This would help prevent the leakage of sensitive information in case of theft or unauthorized access to the laptops.

    Rate this question:

  • 12. 
    What type of attack is shown here? - ProProfs

    What type of attack is shown here?

    • Bandwidth exhaust Attack

    • Denial of Service Attack

    • Cluster Service Attack

    • Distributed Denial of Service Attack

    Correct Answer
    A. Distributed Denial of Service Attack
    Explanation
    The correct answer is Distributed Denial of Service Attack. This type of attack involves multiple compromised computers, often spread across different locations, flooding a target system with an overwhelming amount of traffic or requests. This causes the target system to become unavailable to its intended users, resulting in a denial of service.

    Rate this question:

  • 13. 
    What type of session hijacking attack is shown in the exhibit? - ProProfs

    What type of session hijacking attack is shown in the exhibit?

    • Session Sniffing Attack

    • Cross-site scripting Attack

    • SQL Injection Attack

    • Token sniffing Attack

    Correct Answer
    A. Session Sniffing Attack
    Explanation
    The correct answer is Session Sniffing Attack. In a session sniffing attack, an attacker intercepts and monitors network traffic to capture session information, such as session IDs or cookies. This allows the attacker to impersonate the user and gain unauthorized access to the user's account or sensitive information. The exhibit likely shows evidence of this type of attack being carried out.

    Rate this question:

  • 14. 

    In which step does Steganography fits in CEH System Hacking Cycle (SHC)

    • Step 1: Enumerate users

    • Step 2: Crack the password

    • Step 3: Escalate privileges

    • Step 4: Execute applications

    • Step 5: Hide files

    • Step 6: Cover your tracks

    Correct Answer
    A. Step 5: Hide files
    Explanation
    Steganography fits in Step 5: Hide files of the CEH System Hacking Cycle (SHC). Steganography is the technique of hiding secret information within an ordinary file or message to avoid detection. In this step, the attacker may use steganography to hide files or data within seemingly harmless files or images, making it difficult for security measures to detect the hidden information. This allows the attacker to maintain covert access to the compromised system without raising suspicion.

    Rate this question:

  • 15. 

    You have successfully gained access to a victim's computer using Windows 2003 Server SMB Vulnerability.   Which command will you run to disable auditing from the cmd?

    • Stoplog stoplog ?

    • EnterPol /nolog

    • EventViewer o service

    • Auditpol.exe /disable

    Correct Answer
    A. Auditpol.exe /disable
    Explanation
    To disable auditing from the command prompt after gaining access to a victim's computer using the Windows 2003 Server SMB Vulnerability, the command that should be run is "auditpol.exe /disable". This command will disable auditing on the system, preventing any further logging or tracking of activities.

    Rate this question:

  • 16. 

    In which location, SAM hash passwords are stored in Windows 7?

    • C:\windows\system32\config\SAM

    • C:\winnt\system32\machine\SAM

    • C:\windows\etc\drivers\SAM

    • C:\windows\config\etc\SAM

    Correct Answer
    A. C:\windows\system32\config\SAM
    Explanation
    SAM hash passwords in Windows 7 are stored in the c:\windows\system32\config\SAM location.

    Rate this question:

  • 17. 

    Which of the following steganography utilities exploits the nature of white space and allows the user to conceal information in these white spaces?  

    • Image Hide

    • Snow

    • Gif-it-up

    • NiceText

    Correct Answer
    A. Snow
    Explanation
    Snow is a steganography utility that exploits the nature of white space and allows the user to conceal information in these white spaces.

    Rate this question:

  • 18. 

    In this type of Man-in-the-Middle attack, packets and authentication tokens are captured using a sniffer. Once the relevant information is extracted, the tokens are placed back on the network to gain access.

    • Token Injection Replay attacks

    • Shoulder surfing attack

    • Rainbow and Hash generation attack

    • Dumpster diving attack

    Correct Answer
    A. Token Injection Replay attacks
    Explanation
    In a Token Injection Replay attack, the attacker captures packets and authentication tokens using a sniffer. They then extract the relevant information and place the tokens back on the network to gain access. This allows the attacker to impersonate a legitimate user and bypass authentication measures.

    Rate this question:

  • 19. 

    What port number is used by LDAP protocol?

    • 110

    • 389

    • 464

    • 445

    Correct Answer
    A. 389
    Explanation
    The correct answer is 389. LDAP (Lightweight Directory Access Protocol) uses port number 389 for communication. LDAP is a protocol used for accessing and maintaining distributed directory information services over an IP network. Port number 389 is the default port assigned to LDAP, and it is used for both clear text and secure communication.

    Rate this question:

  • 20. 

    You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

    • Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account

    • Package the Sales.xls using Trojan wrappers and telnet them back your home computer

    • You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques

    • Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account

    Correct Answer
    A. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques
    Explanation
    Steganography is a technique that allows you to hide data within other files, such as images. By concealing the Sales.xls database within a file like photo.jpg, you can send it out in an innocent-looking email or file transfer without raising suspicion. This method allows you to bypass the company's network security restrictions and monitoring systems, as the data appears to be a harmless image file.

    Rate this question:

  • 21. 

    John is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Moreover, the database detects DDoS zombies and Trojans as well. What would be the name of this tool?  

    • Hping2

    • Nessus

    • Nmap

    • Make

    Correct Answer
    A. Nessus
    Explanation
    Nessus is the correct answer because it is a popular and widely used vulnerability scanning tool for Linux platforms. It has a comprehensive database of signatures that can detect various vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Additionally, Nessus is capable of detecting DDoS zombies and Trojans, making it a versatile tool for security professionals.

    Rate this question:

  • 22. 

    Identify SQL injection attack from the HTTP requests shown below:

    • http://www.myserver.c0m/search.asp? lname=smith%27%3bupdate%20usertable%20set%20passwd%3d%27hAx0r%27%3b--%00

    • Http://www.myserver.c0m/script.php?mydata=%3cscript%20src=%22

    • Http%3a%2f%2fwww.yourserver.c0m%2fbadscript.js%22%3e%3c%2fscript%3e

    • Http://www.victim.com/example accountnumber=67891&creditamount=999999999

    Correct Answer
    A. http://www.myserver.c0m/search.asp? lname=smith%27%3bupdate%20usertable%20set%20passwd%3d%27hAx0r%27%3b--%00
    Explanation
    The given HTTP request is an example of a SQL injection attack. In this attack, the attacker is attempting to manipulate the SQL query by adding additional SQL statements within the input parameter "lname". The injected SQL statement is "update usertable set passwd='hAx0r'--", which aims to update the "passwd" field in the "usertable" table. This type of attack can allow unauthorized access to the database and potentially compromise sensitive information.

    Rate this question:

  • 23. 

    Study the snort rule given below and interpret the rule.   alert tcp any any --> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msg: "mountd access";)

    • An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111

    • An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet

    • An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet

    • An alertis generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111

    Correct Answer
    A. An alertis generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111
    Explanation
    The given snort rule is designed to generate an alert when a TCP packet is observed on the network originating from any IP address and destined for any IP address on the 192.168.1.0 subnet on port 111. The content parameter in the rule specifies the hexadecimal value "|00 01 86 a5|" that must be present in the packet payload for the rule to match. The msg parameter provides a descriptive message for the alert, indicating that it is related to "mountd access".

    Rate this question:

  • 24. 

    You are gathering competitive intelligence on an organization. You notice that they have jobs listed on a few Internet job-hunting sites. There are two jobs for network and system administrators. How can this help you in foot printing the organization?

    • To learn about the IP range used by the target network

    • To identify thenumber of employees working for the company

    • To test the limits of the corporate security policy enforced in the company

    • To learn about the operating systems, services and applications used on the network

    Correct Answer
    A. To learn about the operating systems, services and applications used on the network
    Explanation
    By observing the job listings for network and system administrators, one can infer the specific operating systems, services, and applications that are being used by the organization. This information can be valuable for foot printing the organization as it provides insight into the technology infrastructure and potential vulnerabilities that may exist.

    Rate this question:

  • 25. 

    This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.   <ahref="http://foobar.com/index.html?id=%3Cscript%20src=%22http://baddomain.com/badscript.js %22%3E% 3C/script%3E">See foobar</a>   What is this attack?

    • Cross-site-scripting attack

    • SQL Injection

    • URL Traversal attack

    • Buffer Overflow attack

    Correct Answer
    A. Cross-site-scripting attack
    Explanation
    This attack is a cross-site scripting (XSS) attack. It occurs when a website displays user-provided data without properly sanitizing it, allowing malicious scripts to be injected and executed on the user's browser. In this case, the provided code snippet includes a script tag with a source from a malicious domain, which can be used to carry out unauthorized actions on the user's behalf.

    Rate this question:

  • 26. 
    The programmers on your team are analyzing the free, open source software being used to run FTP services on a server in your organization. They notice that there is excessive number of functions in the source code that might lead to buffer overflow. These C++ functions do not check bounds. Identify the line in the source code that might lead to buffer overflow? - ProProfs

    The programmers on your team are analyzing the free, open source software being used to run FTP services on a server in your organization. They notice that there is excessive number of functions in the source code that might lead to buffer overflow. These C++ functions do not check bounds. Identify the line in the source code that might lead to buffer overflow?

    • 9

    • 17

    • 20

    • 32

    • 35

    Correct Answer
    A. 17
    Explanation
    Line 17 in the source code might lead to buffer overflow because the C++ functions at that line do not check bounds, which means that they do not verify if the data being written to the buffer exceeds its allocated size. This can result in writing data beyond the buffer's boundaries, causing a buffer overflow vulnerability.

    Rate this question:

  • 27. 

    Johnny is a member of the hacking group Orpheus1. He is currently working on breaking into the Department of Defense's front end Exchange Server. He was able to get into the server, located in a DMZ, by using an unused service account that had a very weak password that he was able to guess. Johnny wants to crack the administrator password, but does not have a lot of time to crack it. He wants to use a tool that already has the LM hashes computed for all possible permutations of the administrator password.   What tool would be best used to accomplish this?

    • SMBCrack

    • SmurfCrack

    • PSCrack

    • RainbowTables

    Correct Answer
    A. RainbowTables
    Explanation
    RainbowTables would be the best tool to accomplish this task because it already has the precomputed LM hashes for all possible permutations of the administrator password. This means that Johnny can quickly compare the LM hash of the target password with the precomputed hashes in the RainbowTables to find a match, significantly reducing the time required to crack the password.

    Rate this question:

  • 28. 

    _____________ is a type of symmetric-key encryption algorithm that transforms a fixed-length block of plaintext (unencrypted text) data into a block of ciphertext (encrypted text) data of the same length.

    • Stream Cipher

    • Block Cipher

    • Bit Cipher

    • Hash Cipher

    Correct Answer
    A. Block Cipher
    Explanation
    A block cipher is a type of symmetric-key encryption algorithm that operates on fixed-length blocks of plaintext data. It transforms each block of plaintext into a block of ciphertext of the same length using a specific encryption algorithm and a secret key. Unlike stream ciphers that encrypt data bit by bit or byte by byte, block ciphers encrypt data in fixed-sized blocks, providing a higher level of security. The ciphertext produced by a block cipher is also of the same length as the plaintext, making it suitable for applications that require fixed-length data encryption.

    Rate this question:

  • 29. 

    The FIN flag is set and sent from host A to host B when host A has no more data to transmit (Closing a TCP connection). This flag releases the connection resources. However, host A can continue to receive data as long as the SYN sequence numbers of transmitted packets from host B are lower than the packet segment containing the set FIN flag.  

    • False

    • True

    Correct Answer
    A. True
    Explanation
    The explanation for the given correct answer is that the FIN flag is indeed set and sent from host A to host B when host A has no more data to transmit and wants to close the TCP connection. This flag is used to release the connection resources. However, even after sending the FIN flag, host A can still receive data as long as the SYN sequence numbers of the transmitted packets from host B are lower than the packet segment containing the set FIN flag. Therefore, the statement is true.

    Rate this question:

  • 30. 
    Jason is the network administrator of Spears Technology. He has enabled SNORT IDS to detect attacks going through his network. He receives Snort SMS alerts on his iPhone whenever there is an attempted intrusion to his network.   He receives the following SMS message during the weekend. An attacker Chew Siew sitting in Beijing, China had just launched a remote scan on Jason's network with the hping command.   Which of the following hping2 command is responsible for the above snort alert? - ProProfs

    Jason is the network administrator of Spears Technology. He has enabled SNORT IDS to detect attacks going through his network. He receives Snort SMS alerts on his iPhone whenever there is an attempted intrusion to his network.   He receives the following SMS message during the weekend. An attacker Chew Siew sitting in Beijing, China had just launched a remote scan on Jason's network with the hping command.   Which of the following hping2 command is responsible for the above snort alert?

    • Chenrocks:/home/siew # hping -S -R -P -A -F -U 192.168.2.56 -p 22 -c 5 -t 118

    • Chenrocks:/home/siew # hping -F -Q -J -A -C -W 192.168.2.56 -p 22 -c 5 -t 118

    • Chenrocks:/home/siew # hping -D -V -R -S -Z -Y 192.168.2.56 -p 22 -c 5 -t 118

    • Chenrocks:/home/siew # hping -G -T -H -S -L -W 192.168.2.56 -p 22 -c 5 -t 118

    Correct Answer
    A. Chenrocks:/home/siew # hping -S -R -P -A -F -U 192.168.2.56 -p 22 -c 5 -t 118
    Explanation
    The hping2 command responsible for the above snort alert is "hping -S -R -P -A -F -U 192.168.2.56 -p 22 -c 5 -t 118". This command includes various flags that indicate different types of TCP/IP packets being sent to the target IP address and port. The flags -S, -R, -P, -A, -F, and -U represent SYN, RST, PUSH, ACK, FIN, and UDP packets respectively. The fact that these flags are included in the command indicates that the attacker is attempting to perform a remote scan on Jason's network.

    Rate this question:

  • 31. 

    Charlie is the network administrator for his company. Charlie just received a new Cisco router and wants to test its capabilities out and to see if it might be susceptible to a DoS attack resulting in its locking up. The IP address of the Cisco switch is 172.16.0.45. What command can Charlie use to attempt this task?

    • Charlie can use the command: ping -l 56550 172.16.0.45 -t.

    • Charlie can try using the command: ping 56550 172.16.0.45.

    • By using the command ping 172.16.0.45 Charlie would be able to lockup the router

    • He could use the command: ping -4 56550 172.16.0.45.

    Correct Answer
    A. Charlie can use the command: ping -l 56550 172.16.0.45 -t.
    Explanation
    Charlie can use the command "ping -l 56550 172.16.0.45 -t" to attempt to test the capabilities of the new Cisco router and see if it is susceptible to a DoS attack resulting in its locking up.

    Rate this question:

  • 32. 

    Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours, without any consideration for others. Neil knows that he has an up-to-date content filtering system and such access should not be authorized. What type of technique might be used by these offenders to access the Internet without restriction?

    • They are using UDP that is always authorized at the firewall

    • They are using HTTP tunneling software that allows them to communicate with protocols in a way it was not intended

    • They have been able to compromise the firewall, modify the rules, and give themselves proper access

    • They are using an older version of Internet Explorer that allow them to bypass the proxy server

    Correct Answer
    A. They are using HTTP tunneling software that allows them to communicate with protocols in a way it was not intended
    Explanation
    The offenders are using HTTP tunneling software to bypass the content filtering system. This software allows them to communicate with protocols in a way that it was not intended, effectively bypassing any restrictions or filters in place. This allows them to access offensive websites during work hours without being detected by Neil's firewall rules and logs.

    Rate this question:

  • 33. 

    "Testing the network using the same methodologies and tools employed by attackers" Identify the correct terminology that defines the above statement.

    • Vulnerability Scanning

    • Penetration Testing

    • Security Policy Implementation

    • Designing Network Security

    Correct Answer
    A. Penetration Testing
    Explanation
    Penetration testing refers to the process of assessing the security of a network by simulating real-world attacks. It involves using the same methodologies and tools employed by attackers to identify vulnerabilities and weaknesses in the network's defenses. This helps organizations understand their security posture and take necessary measures to strengthen their network security.

    Rate this question:

  • 34. 

    You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.   Dear valued customers, We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your antivirus code: Antivirus code: 5014 http://www.juggyboy/virus/virus.html Thank you for choosing us, the worldwide leader Antivirus solutions. Mike Robertson PDF Reader Support Copyright Antivirus 2010 ?All rights reserved If you want to stop receiving mail, please go to: http://www.juggyboy.com or you may contact us at the following address: Media Internet Consultants, Edif. Neptuno, Planta Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

    • Look at the website design, if it looks professional then it is a Real Anti-Virus website

    • Connect to the site using SSL, if you are successful then the website is genuine

    • Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site

    • Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

    • Download and install Anti-Virus software from this suspicious looking site, yourWindows 7 will prompt you and stop the installation if the downloaded file is a malware

    Correct Answer
    A. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site
    Explanation
    The suggested explanation is that searching the URL and Anti-Virus product name into Google and looking out for suspicious warnings against the site is the best way to determine if the website is a real Anti-Virus or fake Anti-Virus website. This is because Google search results can often provide information and warnings from other users who may have encountered the website before and can indicate if it is trustworthy or not.

    Rate this question:

  • 35. 

    Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms. What is this document called?

    • Information Audit Policy (IAP)

    • Information SecurityPolicy (ISP)

    • Penetration Testing Policy (PTP)

    • Company Compliance Policy (CCP)

    Correct Answer
    A. Information SecurityPolicy (ISP)
    Explanation
    This document is called an Information Security Policy (ISP). It is a formal written document that outlines what employees are allowed to use the company's systems for, what is prohibited, and the consequences of breaking the rules. Two printed copies of the policy should be given to every employee, and they should sign one copy to acknowledge their acceptance of its terms. The signed copy should be filed by the company. The ISP ensures that employees are aware of the company's expectations regarding the use of its computer systems and helps maintain security and compliance.

    Rate this question:

  • 36. 

    A digital signature is simply a message that is encrypted with the public key instead of the private key.

    • True

    • False

    Correct Answer
    A. False
    Explanation
    A digital signature is not simply a message that is encrypted with the public key instead of the private key. In fact, a digital signature is created by encrypting a hash value of the message with the sender's private key. The recipient can then use the sender's public key to decrypt the digital signature and verify the integrity and authenticity of the message.

    Rate this question:

  • 37. 

    When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK. How would an attacker exploit this design by launching TCP SYN attack?

    • Attacker generates TCP SYN packets with random destination addresses towards a victim host

    • Attacker floods TCP SYN packets with random source addresses towards a victim host

    • Attacker generatesTCP ACK packets with random source addresses towards a victim host

    • Attacker generates TCP RST packets with random source addresses towards a victim host

    Correct Answer
    A. Attacker floods TCP SYN packets with random source addresses towards a victim host
    Explanation
    An attacker would exploit this design by launching a TCP SYN attack by flooding TCP SYN packets with random source addresses towards a victim host. This flood of SYN packets overwhelms the connection queue on the victim host, causing it to fill up and preventing legitimate connections from being established. This is known as a SYN flood attack, and it can effectively deny service to the victim host by consuming its resources and causing it to become unresponsive.

    Rate this question:

  • 38. 

    You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network.  You are confident that hackers will never be able to gain access to your network with complex security system in place. Your peer, Peter Smith who works at the same department disagrees with you. He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain. What is Peter Smith talking about?

    • Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain

    • "zero-day"exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks

    • "Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks

    • Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway

    Correct Answer
    A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain
    Explanation
    Peter Smith is referring to untrained staff or ignorant computer users as the weakest link in the security chain. Despite having advanced security technologies in place, these individuals can unknowingly compromise the network by falling victim to social engineering attacks, clicking on malicious links or attachments, or sharing sensitive information. Their lack of knowledge or awareness makes them vulnerable to hackers, bypassing the strong security measures implemented. This highlights the importance of educating and training employees to recognize and respond appropriately to potential security threats.

    Rate this question:

  • 39. 

    Which definition below best describes a covert channel?

    • A server program using a port that is not well known

    • Making use of a protocol in a way it was not intended to be used

    • It is the multiplexing taking place on a communication link

    • It is one of the weak channels used by WEP that makes it insecure

    Correct Answer
    A. Making use of a protocol in a way it was not intended to be used
    Explanation
    A covert channel refers to the act of using a protocol in a manner that it was not originally designed or intended for. This involves exploiting the protocol's features or vulnerabilities to transmit information or perform actions that were not authorized or expected. By using a protocol in an unintended way, individuals can establish hidden communication channels or bypass security measures, making it a covert channel. This can be done to evade detection or gain unauthorized access to systems or information.

    Rate this question:

  • 40. 

    How do you defend against MAC attacks on a switch?

    • Disable SPAN port on the switch

    • Enable SNMP Trap on the switch

    • Configure IP security on the switch

    • Enable Port Security on the switch

    Correct Answer
    A. Enable Port Security on the switch
    Explanation
    Enabling port security on a switch is an effective way to defend against MAC attacks. Port security allows the switch to restrict the number of MAC addresses that can be learned on a specific port. This prevents attackers from flooding the switch with fake MAC addresses or attempting to overload the switch's MAC address table. By limiting the number of MAC addresses, port security ensures that only trusted devices are allowed to connect to the network, thereby protecting against unauthorized access and MAC attacks.

    Rate this question:

  • 41. 

    What is the command used to create a binary log file using tcpdump?

    • Tcpdump -w ./log

    • Tcpdump -r log

    • Tcpdump -vde logtcpdump -vde ? log

    • Tcpdump -l /var/log/

    Correct Answer
    A. Tcpdump -w ./log
    Explanation
    The command "tcpdump -w ./log" is used to create a binary log file using tcpdump. The "-w" option specifies the file name and location for the log file. In this case, the log file will be created in the current directory with the name "log".

    Rate this question:

  • 42. 

    Gerald, the Systems Administrator for Hyped Enterprises, has just discovered that his network has been breached by an outside attacker. After performing routine maintenance on his servers, he discovers numerous remote tools were installed that no one claims to have knowledge of in his department. Gerald logs onto the management console for his IDS and discovers an unknown IP address that scanned his network constantly for a week and was able to access his network through a high-level port that was not closed. Gerald traces the IP address he found in the IDS log to a proxy server in Brazil. Gerald calls the company that owns the proxy server and after searching through their logs, they trace the source to another proxy server in Switzerland. Gerald calls the company in Switzerland that owns the proxy server and after scanning through the logs again, they trace the source back to a proxy server in China. What proxy tool has Gerald's attacker used to cover their tracks?

    • ISA proxy

    • IAS proxy

    • TOR proxy

    • Cheops proxy

    Correct Answer
    A. TOR proxy
    Explanation
    The attacker has used a TOR proxy to cover their tracks. TOR (The Onion Router) is a network of servers that allows users to browse the internet anonymously by encrypting and routing their traffic through multiple nodes. By using a TOR proxy, the attacker can hide their true IP address and location, making it difficult for Gerald to trace back the source of the attack.

    Rate this question:

  • 43. 

    In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam. Which of the following statement is incorrect related to this attack?

    • Do not reply to email messages or popup ads asking for personal or financial information

    • Do not trust telephone numbers in e-mails or popup ads

    • Review credit card and bank account statements regularly

    • Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks

    • Do not send credit card numbers, and personal orfinancial information via e-mail

    Correct Answer
    A. Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks
    Explanation
    The statement "Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks" is incorrect because while these software can help detect and prevent certain types of attacks, they may not be able to easily detect sophisticated phishing scams like the one described in the question. Phishing attacks often rely on social engineering tactics and can be designed to bypass security software. Therefore, relying solely on antivirus, anti-spyware, and firewall software is not enough to protect against such attacks.

    Rate this question:

  • 44. 

    Bob was frustrated with his competitor, Brownies Inc., and decided to launch an attack that would result in serious financial losses. He planned the attack carefully and carried out the attack at the appropriate moment.   Meanwhile, Trent, an administrator at Brownies Inc., realized that their main financial transaction server had been attacked. As a result of the attack, the server crashed and Trent needed to reboot the system, as no one was able to access the resources of the company. This process involves human interaction to fix it.   What kind of Denial of Service attack was best illustrated in the scenario above?

    • Simple DDoS attack

    • DoS attacks which involves flooding a network or system

    • DoS attacks which involves crashing a network or system

    • DoS attacks which is done accidentally or deliberately

    Correct Answer
    A. DoS attacks which involves crashing a network or system
    Explanation
    The scenario described in the question involves Bob launching an attack that results in serious financial losses for Brownies Inc. The attack causes their main financial transaction server to crash, requiring human interaction to fix it and rendering the company's resources inaccessible. This aligns with the definition of a Denial of Service (DoS) attack, specifically one that involves crashing a network or system.

    Rate this question:

  • 45. 
    Finding tools to run dictionary and brute forcing attacks against FTP and Web servers is an easy task for hackers. They use tools such as arhontus or brutus to break into remote servers. A command such as this, will attack a given 10.0.0.34 FTP and Telnet servers simultaneously with a list of passwords and a single login name: linksys. Many FTP-specific password-guessing tools are also available from major security sites.   What defensive measures will you take to protect your network from these attacks? - ProProfs

    Finding tools to run dictionary and brute forcing attacks against FTP and Web servers is an easy task for hackers. They use tools such as arhontus or brutus to break into remote servers. A command such as this, will attack a given 10.0.0.34 FTP and Telnet servers simultaneously with a list of passwords and a single login name: linksys. Many FTP-specific password-guessing tools are also available from major security sites.   What defensive measures will you take to protect your network from these attacks?

    • Never leave a default password

    • Never use a password that can be found in a dictionary

    • Never use a password related to your hobbies, pets, relatives, or date of birth.

    • Use a word that has more than 21 characters from a dictionary as the password

    • Never use a password related to the hostname, domain name, or anything else that can be found with whois

    Correct Answer(s)
    A. Never leave a default password
    A. Never use a password that can be found in a dictionary
    A. Never use a password related to your hobbies, pets, relatives, or date of birth.
    A. Never use a password related to the hostname, domain name, or anything else that can be found with whois
    Explanation
    The correct answer is a combination of several defensive measures to protect the network from dictionary and brute force attacks. By never leaving a default password, the network eliminates the risk of hackers easily guessing the password. Additionally, by avoiding passwords that can be found in a dictionary and ones related to personal information such as hobbies, pets, relatives, or date of birth, the network increases the complexity of the password, making it harder to crack. Furthermore, using a password that is not related to the hostname, domain name, or any other information that can be found with whois adds another layer of security. By implementing these measures, the network reduces the vulnerability to dictionary and brute force attacks.

    Rate this question:

  • 46. 

    Data is sent over the network as clear text (unencrypted) when Basic Authentication is configured on Web Servers.  

    • True

    • False

    Correct Answer
    A. True
    Explanation
    When Basic Authentication is configured on web servers, data is sent over the network as clear text, meaning it is not encrypted. This means that anyone who intercepts the data can easily read and understand its contents. This lack of encryption can pose a security risk, as sensitive information such as passwords or personal data can be easily accessed by unauthorized individuals. Therefore, it is important to use additional security measures, such as SSL/TLS encryption, to protect data when Basic Authentication is used.

    Rate this question:

  • 47. 

    What type of encryption does WPA2 use?

    • DES 64 bit

    • AES-CCMP 128 bit

    • MD5 48 bit

    • SHA 160 bit

    Correct Answer
    A. AES-CCMP 128 bit
    Explanation
    WPA2 (Wi-Fi Protected Access 2) uses AES-CCMP (Advanced Encryption Standard - Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) with a key length of 128 bits. AES is a symmetric encryption algorithm widely used for securing sensitive data. CCMP is a cryptographic protocol that provides data confidentiality, integrity, and authentication. The combination of AES and CCMP ensures a high level of security for wireless networks.

    Rate this question:

  • 48. 
    ViruXine.W32 virus hides their presence by changing the underlying executable code. This Virus code mutates while keeping the original algorithm intact, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all. Here is a section of the Virus code: What is this technique called? - ProProfs

    ViruXine.W32 virus hides their presence by changing the underlying executable code. This Virus code mutates while keeping the original algorithm intact, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all. Here is a section of the Virus code: What is this technique called?

    • Polymorphic Virus

    • Metamorphic Virus

    • Dravidic Virus

    • Stealth Virus

    Correct Answer
    A. Polymorphic Virus
    Explanation
    The technique described in the given code is called a Polymorphic Virus. This type of virus hides its presence by continually changing its underlying executable code while keeping the original algorithm intact. Each time the virus runs, it mutates the code, but the function of the code remains the same. This allows the virus to evade detection by antivirus software that relies on signature-based detection methods.

    Rate this question:

  • 49. 

    Bob has been hired to do a web application security test. Bob notices that the site is dynamic and must make use of a back end database. Bob wants to see if SQL Injection would be possible. What is the first character that Bob should use to attempt breaking valid SQL request?

    • Semi Column

    • Double Quote

    • Single Quote

    • Exclamation Mark

    Correct Answer
    A. Single Quote
    Explanation
    Bob should use the single quote character to attempt breaking a valid SQL request because it is commonly used in SQL injection attacks to manipulate the structure of the SQL query and potentially gain unauthorized access to the database. By injecting a single quote, Bob can test if the application is vulnerable to SQL injection by observing any error messages or unexpected behavior from the application.

    Rate this question:

Quiz Review Timeline (Updated): Mar 22, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 22, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Oct 27, 2013
    Quiz Created by
    Porterwb

Recent Quizzes

CEH Quiz (201 - 261) CEH Quiz (201 - 261)
CEH and Countermeasures v7 Version 4.2 CEH and Countermeasures v7 Version 4.2
CEH quick pop quiz CEH quick pop quiz
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.