Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

GAQM CEH-001 - Certified Ethical Hacker (CEH)

Page: 13 / 14
Total 878 questions

WWW wanderers or spiders are programs that traverse many pages in the World Wide Web by recursively retrieving linked pages. Search engines like Google, frequently spider web pages for indexing. How will you stop web spiders from crawling certain directories on your website?

A.

Place robots.txt file in the root of your website with listing of directories that you don't want to be crawled

B.

Place authentication on root directories that will prevent crawling from these spiders

C.

Enable SSL on the restricted directories which will block these spiders from crawling

D.

Place "HTTP:NO CRAWL" on the html pages that you don't want the crawlers to index

You are trying to hijack a telnet session from a victim machine with IP address 10.0.0.5 to Cisco router at 10.0.0.1. You sniff the traffic and attempt to predict the sequence and acknowledgement numbers to successfully hijack the telnet session.

Here is the captured data in tcpdump.

What are the next sequence and acknowledgement numbers that the router will send to the victim machine?

A.

Sequence number: 82980070 Acknowledgement number: 17768885A.

B.

Sequence number: 17768729 Acknowledgement number: 82980070B.

C.

Sequence number: 87000070 Acknowledgement number: 85320085C.

D.

Sequence number: 82980010 Acknowledgement number: 17768885D.

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed?

A.

Firewall-management policy

B.

Acceptable-use policy

C.

Remote-access policy

D.

Permissive policy

Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform contract work for a large state agency in Michigan. Jeremy's first task is to scan all the company's external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the website. James types in the following statement in the username field:

SELECT * from Users where username='admin' ?AND password='' AND email like '%@testers.com%'

What will the SQL statement accomplish?

A.

If the page is susceptible to SQL injection, it will look in the Users table for usernames of admin

B.

This statement will look for users with the name of admin, blank passwords, and email addresses that end in @testers.com

C.

This Select SQL statement will log James in if there are any users with NULL passwords

D.

James will be able to see if there are any default user accounts in the SQL database

Perimeter testing means determining exactly what your firewall blocks and what it allows. To conduct a good test, you can spoof source IP addresses and source ports. Which of the following command results in packets that will appear to originate from the system at 10.8.8.8? Such a packet is useful for determining whether the firewall is allowing random packets in or out of your network.

A.

hping3 -T 10.8.8.8 -S netbios -c 2 -p 80

B.

hping3 -Y 10.8.8.8 -S windows -c 2 -p 80

C.

hping3 -O 10.8.8.8 -S server -c 2 -p 80

D.

hping3 -a 10.8.8.8 -S springfield -c 2 -p 80

Which of the following processes evaluates the adherence of an organization to its stated security policy?

A.

Vulnerability assessment

B.

Penetration testing

C.

Risk assessment

D.

Security auditing

Which of the following identifies the three modes in which Snort can be configured to run?

A.

Sniffer, Packet Logger, and Network Intrusion Detection System

B.

Sniffer, Network Intrusion Detection System, and Host Intrusion Detection System

C.

Sniffer, Host Intrusion Prevention System, and Network Intrusion Prevention System

D.

Sniffer, Packet Logger, and Host Intrusion Prevention System

Simon is security analyst writing signatures for a Snort node he placed internally that captures all mirrored traffic from his border firewall. From the following signature, what will Snort look for in the payload of the suspected packets?

alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (msG. "BACKDOOR SIG - SubSseven 22";flags: A+; content: "|0d0a5b52504c5d3030320d0a|"; reference:arachnids, 485;) alert

A.

The payload of 485 is what this Snort signature will look for.

B.

Snort will look for 0d0a5b52504c5d3030320d0a in the payload.

C.

Packets that contain the payload of BACKDOOR SIG - SubSseven 22 will be flagged.

D.

From this snort signature, packets with HOME_NET 27374 in the payload will be flagged.

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?

A.

Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security

B.

Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure

C.

Registration of critical penetration testing for the Department of Homeland Security and public and private sectors

D.

Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors

Hayden is the network security administrator for her company, a large finance firm based in Miami. Hayden just returned from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. Hayden is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established she sends RST packets to those hosts to stop the session. She does this to see how her intrusion detection system will log the traffic. What type of scan is Hayden attempting here?

A.

Hayden is attempting to find live hosts on her company's network by using an XMAS scan

B.

She is utilizing a SYN scan to find live hosts that are listening on her network

C.

The type of scan, she is using is called a NULL scan

D.

Hayden is using a half-open scan to find live hosts on her network

Neil is an IT security consultant working on contract for Davidson Avionics. Neil has been hired to audit the network of Davidson Avionics. He has been given permission to perform any tests necessary. Neil has created a fake company ID badge and uniform. Neil waits by one of the company's entrance doors and follows an employee into the office after they use their valid access card to gain entrance. What type of social engineering attack has Neil employed here?

A.

Neil has used a tailgating social engineering attack to gain access to the offices

B.

He has used a piggybacking technique to gain unauthorized access

C.

This type of social engineering attack is called man trapping

D.

Neil is using the technique of reverse social engineering to gain access to the offices of Davidson Avionics

Keystroke logging is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.

How will you defend against hardware keyloggers when using public computers and Internet Kiosks? (Select 4 answers)

A.

Alternate between typing the login credentials and typing characters somewhere else in the focus window

B.

Type a wrong password first, later type the correct password on the login page defeating the keylogger recording

C.

Type a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter.

D.

The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd".

Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies

"asdfsd"

E.

The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd".

Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies

"asdfsd"

NTP allows you to set the clocks on your systems very accurately, to within 100ms and sometimes-even 10ms. Knowing the exact time is extremely important for enterprise security. Various security protocols depend on an accurate source of time information in order to prevent "playback" attacks. These protocols tag their communications with the current time, to prevent attackers from replaying the same communications, e.g., a login/password interaction or even an entire communication, at a later date. One can circumvent this tagging, if the clock can be set back to the time the communication was recorded. An attacker attempts to try corrupting the clocks on devices on your network. You run Wireshark to detect the NTP traffic to see if there are any irregularities on the network. What port number you should enable in Wireshark display filter to view NTP packets?

A.

TCP Port 124

B.

UDP Port 125

C.

UDP Port 123

D.

TCP Port 126

Which tool would be used to collect wireless packet data?

A.

NetStumbler

B.

John the Ripper

C.

Nessus

D.

Netcat

Web servers are often the most targeted and attacked hosts on organizations' networks. Attackers may exploit software bugs in the Web server, underlying operating system, or active content to gain unauthorized access.

Identify the correct statement related to the above Web Server installation?

A.

Lack of proper security policy, procedures and maintenance

B.

Bugs in server software, OS and web applications

C.

Installing the server with default settings

D.

Unpatched security flaws in the server software, OS and applications

Trojan horse attacks pose one of the most serious threats to computer security. The image below shows different ways a Trojan can get into a system. Which are the easiest and most convincing ways to infect a computer?

A.

IRC (Internet Relay Chat)

B.

Legitimate "shrink-wrapped" software packaged by a disgruntled employee

C.

NetBIOS (File Sharing)

D.

Downloading files, games and screensavers from Internet sites

A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.

Which cryptography attack is the student attempting?

A.

Man-in-the-middle attack

B.

Brute-force attack

C.

Dictionary attack

D.

Session hijacking

Which of the following are password cracking tools? (Choose three.)

A.

BTCrack

B.

John the Ripper

C.

KerbCrack

D.

Nikto

E.

Cain and Abel

F.

Havij

Why attackers use proxy servers?

A.

To ensure the exploits used in the attacks always flip reverse vectors

B.

Faster bandwidth performance and increase in attack speed

C.

Interrupt the remote victim's network traffic and reroute the packets to attackers machine

D.

To hide the source IP address so that an attacker can hack without any legal corollary

Wayne is the senior security analyst for his company. Wayne is examining some traffic logs on a server and came across some inconsistencies. Wayne finds some IP packets from a computer purporting to be on the internal network. The packets originate from 192.168.12.35 with a TTL of 15. The server replied to this computer and received a response from 192.168.12.35 with a TTL of 21. What can Wayne infer from this traffic log?

A.

The initial traffic from 192.168.12.35 was being spoofed.

B.

The traffic from 192.168.12.25 is from a Linux computer.

C.

The TTL of 21 means that the client computer is on wireless.

D.

The client computer at 192.168.12.35 is a zombie computer.