Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

GAQM CEH-001 - Certified Ethical Hacker (CEH)

Page: 3 / 14
Total 878 questions

Sandra is conducting a penetration test for XYZ.com. She knows that XYZ.com is using wireless networking for some of the offices in the building right down the street. Through social engineering she discovers that they are using 802.11g. Sandra knows that 802.11g uses the same 2.4GHz frequency range as 802.11b. Using NetStumbler and her 802.11b wireless NIC, Sandra drives over to the building to map the wireless networks. However, even though she repositions herself around the building several times, Sandra is not able to detect a single AP.

What do you think is the reason behind this?

A.

Netstumbler does not work against 802.11g.

B.

You can only pick up 802.11g signals with 802.11a wireless cards.

C.

The access points probably have WEP enabled so they cannot be detected.

D.

The access points probably have disabled broadcasting of the SSID so they cannot be detected.

E.

802.11g uses OFDM while 802.11b uses DSSS so despite the same frequency and 802.11b card cannot see an 802.11g signal.

F.

Sandra must be doing something wrong, as there is no reason for her to not see the signals.

You have successfully run a buffer overflow attack against a default IIS installation running on a Windows 2000 Server. The server allows you to spawn a shell. In order to perform the actions you intend to do, you need elevated permission. You need to know what your current privileges are within the shell. Which of the following options would be your current privileges?

A.

Administrator

B.

IUSR_COMPUTERNAME

C.

LOCAL_SYSTEM

D.

Whatever account IIS was installed with

In an attempt to secure his wireless network, Bob implements a VPN to cover the wireless communications. Immediately after the implementation, users begin complaining about how slow the wireless network is. After benchmarking the network’s speed. Bob discovers that throughput has dropped by almost half even though the number of users has remained the same.

Why does this happen in the VPN over wireless implementation?

A.

The stronger encryption used by the VPN slows down the network.

B.

Using a VPN with wireless doubles the overhead on an access point for all direct client to access point communications.

C.

VPNs use larger packets then wireless networks normally do.

D.

Using a VPN on wireless automatically enables WEP, which causes additional overhead.

Jim’s organization has just completed a major Linux roll out and now all of the organization’s systems are running the Linux 2.5 kernel. The roll out expenses has posed constraints on purchasing other essential security equipment and software. The organization requires an option to control network traffic and also perform stateful inspection of traffic going into and out of the DMZ.

Which built-in functionality of Linux can achieve this?

A.

IP Tables

B.

IP Chains

C.

IP Sniffer

D.

IP ICMP

In order to attack a wireless network, you put up an access point and override the signal of the real access point. As users send authentication data, you are able to capture it. What kind of attack is this?

A.

Rouge access point attack

B.

Unauthorized access point attack

C.

War Chalking

D.

WEP attack

An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application.

Which of the following strategies can be used to defeat detection by a network-based IDS application? (Choose the best answer)

A.

Create a network tunnel.

B.

Create a multiple false positives.

C.

Create a SYN flood.

D.

Create a ping flood.

What is the key advantage of Session Hijacking?

A.

It can be easily done and does not require sophisticated skills.

B.

You can take advantage of an authenticated connection.

C.

You can successfully predict the sequence number generation.

D.

You cannot be traced in case the hijack is detected.

You are doing IP spoofing while you scan your target. You find that the target has port 23 open. Anyway you are unable to connect. Why?

A.

A firewall is blocking port 23

B.

You cannot spoof + TCP

C.

You need an automated telnet tool

D.

The OS does not reply to telnet even if port 23 is open

If you perform a port scan with a TCP ACK packet, what should an OPEN port return?

A.

RST

B.

No Reply

C.

SYN/ACK

D.

FIN

What does black box testing mean?

A.

You have full knowledge of the environment

B.

You have no knowledge of the environment

C.

You have partial knowledge of the environment

Which of the following attacks takes best advantage of an existing authenticated connection?

A.

Spoofing

B.

Session Hijacking

C.

Password Sniffing

D.

Password Guessing

Snort is an open source Intrusion Detection system. However, it can also be used for a few other purposes as well.

Which of the choices below indicate the other features offered by Snort?

A.

IDS, Packet Logger, Sniffer

B.

IDS, Firewall, Sniffer

C.

IDS, Sniffer, Proxy

D.

IDS, Sniffer, content inspector

There is some dispute between two network administrators at your company. Your boss asks you to come and meet with the administrators to set the record straight. Which of these are true about PKI and encryption?

Select the best answers.

A.

PKI provides data with encryption, compression, and restorability.

B.

Public-key encryption was invented in 1976 by Whitfield Diffie and Martin Hellman.

C.

When it comes to eCommerce, as long as you have authenticity, and authenticity, you do not need encryption.

D.

RSA is a type of encryption.

Kevin has been asked to write a short program to gather user input for a web application. He likes to keep his code neat and simple. He chooses to use printf(str) where he should have ideally used printf(?s? str). What attack will his program expose the web application to?

A.

Cross Site Scripting

B.

SQL injection Attack

C.

Format String Attack

D.

Unicode Traversal Attack

Which of the following is NOT a reason 802.11 WEP encryption is vulnerable?

A.

There is no mutual authentication between wireless clients and access points

B.

Automated tools like AirSnort are available to discover WEP keys

C.

The standard does not provide for centralized key management

D.

The 24 bit Initialization Vector (IV) field is too small

Say that "abigcompany.com" had a security vulnerability in the javascript on their website in the past. They recently fixed the security vulnerability, but it had been there for many months. Is there some way to 4go back and see the code for that error?

Select the best answer.

A.

archive.org

B.

There is no way to get the changed webpage unless you contact someone at the company

C.

Usenet

D.

Javascript would not be in their html so a service like usenet or archive wouldn't help you

Derek has stumbled upon a wireless network and wants to assess its security. However, he does not find enough traffic for a good capture. He intends to use AirSnort on the captured traffic to crack the WEP key and does not know the IP address range or the AP. How can he generate traffic on the network so that he can capture enough packets to crack the WEP key?

A.

Use any ARP requests found in the capture

B.

Derek can use a session replay on the packets captured

C.

Derek can use KisMAC as it needs two USB devices to generate traffic

D.

Use Ettercap to discover the gateway and ICMP ping flood tool to generate traffic

Which is the right sequence of packets sent during the initial TCP three way handshake?

A.

FIN, FIN-ACK, ACK

B.

SYN, URG, ACK

C.

SYN, ACK, SYN-ACK

D.

SYN, SYN-ACK, ACK

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) then it was intended to hold.

What is the most common cause of buffer overflow in software today?

A.

Bad permissions on files.

B.

High bandwidth and large number of users.

C.

Usage of non standard programming languages.

D.

Bad quality assurance on software produced.

What would best be defined as a security test on services against a known vulnerability database using an automated tool?

A.

A penetration test

B.

A privacy review

C.

A server audit

D.

A vulnerability assessment