Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

GAQM CEH-001 - Certified Ethical Hacker (CEH)

GAQM CEH-001 Premium Access     Download Demo    
Page: 6 / 14
Total 878 questions

Which of the following LM hashes represents a password of less than 8 characters?

A.

0182BD0BD4444BF836077A718CCDF409

B.

44EFCE164AB921CQAAD3B435B51404EE

C.

BA810DBA98995F1817306D272A9441BB

D.

CEC52EB9C8E3455DC2265B23734E0DAC

E.

B757BF5C0D87772FAAD3B435B51404EE

F.

E52CAC67419A9A224A3B108F3FA6CB6D

Which of the following command line switch would you use for OS detection in Nmap?

A.

-D

B.

-O

C.

-P

D.

-X

An Nmap scan shows the following open ports, and nmap also reports that the OS guessing results to match too many signatures hence it cannot reliably be identified:

21 ftp

23 telnet

80 http

443 https

What does this suggest?

A.

This is a Windows Domain Controller

B.

The host is not firewalled

C.

The host is not a Linux or Solaris system

D.

The host is not properly patched

Exhibit

(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)

Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?

What is odd about this attack? Choose the best answer.

A.

This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

B.

This is back orifice activity as the scan comes form port 31337.

C.

The attacker wants to avoid creating a sub-carries connection that is not normally valid.

D.

These packets were crafted by a tool, they were not created by a standard IP stack.

John has scanned the web server with NMAP. However, he could not gather enough information to help him identify the operating system running on the remote host accurately.

What would you suggest to John to help identify the OS that is being used on the remote web server?

A.

Connect to the web server with a browser and look at the web page.

B.

Connect to the web server with an FTP client.

C.

Telnet to port 8080 on the web server and look at the default page code.

D.

Telnet to an open port and grab the banner.

What port scanning method involves sending spoofed packets to a target system and then looking for adjustments to the IPID on a zombie system?

A.

Blind Port Scanning

B.

Idle Scanning

C.

Bounce Scanning

D.

Stealth Scanning

E.

UDP Scanning

At a Windows Server command prompt, which command could be used to list the running services?

A.

Sc query type= running

B.

Sc query \\servername

C.

Sc query

D.

Sc config

Which of the following ICMP message types are used for destinations unreachables?

A.

0

B.

3

C.

11

D.

13

E.

17

_________ is one of the programs used to wardial.

A.

DialIT

B.

Netstumbler

C.

TooPac

D.

Kismet

E.

ToneLoc

Sandra has been actively scanning the client network on which she is doing a vulnerability assessment test. While conducting a port scan she notices open ports in the range of 135 to 139. What protocol is most likely to be listening on those ports?

A.

Finger

B.

FTP

C.

Samba

D.

SMB

What is the proper response for a NULL scan if the port is closed?

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

While investigating a claim of a user downloading illegal material, the investigator goes through the files on the suspect's workstation. He comes across a file that is just called "file.txt" but when he opens it, he finds the following:

What can he infer from this file?

A.

A picture that has been renamed with a .txt extension

B.

An encrypted file

C.

An encoded file

D.

A buffer overflow

Exhibit

Joe Hacker runs the hping2 hacking tool to predict the target host’s sequence numbers in one of the hacking session.

What does the first and second column mean? Select two.

A.

The first column reports the sequence number

B.

The second column reports the difference between the current and last sequence number

C.

The second column reports the next sequence number

D.

The first column reports the difference between current and last sequence number

Bob has been hired to perform a penetration test on XYZ.com. He begins by looking at IP address ranges owned by the company and details of domain name registration. He then goes to News Groups and financial web sites to see if they are leaking any sensitive information of have any technical details online.

Within the context of penetration testing methodology, what phase is Bob involved with?

A.

Passive information gathering

B.

Active information gathering

C.

Attack phase

D.

Vulnerability Mapping

What is "Hacktivism"?

A.

Hacking for a cause

B.

Hacking ruthlessly

C.

An association which groups activists

D.

None of the above

A company is legally liable for the content of email that is sent from its systems, regardless of whether the message was sent for private or business-related purposes. This could lead to prosecution for the sender and for the company's directors if, for example, outgoing email was found to contain material that was pornographic, racist, or likely to incite someone to commit an act of terrorism. You can always defend yourself by "ignorance of the law" clause.

A.

true

B.

false

Ann would like to perform a reliable scan against a remote target. She is not concerned about being stealth at this point.

Which of the following type of scans would be the most accurate and reliable option?

A.

A half-scan

B.

A UDP scan

C.

A TCP Connect scan

D.

A FIN scan

While performing ping scans into a target network you get a frantic call from the organization’s security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization’s IDS monitor. How can you modify your scan to prevent triggering this event in the IDS?

A.

Scan more slowly.

B.

Do not scan the broadcast IP.

C.

Spoof the source IP address.

D.

Only scan the Windows systems.

While attempting to discover the remote operating system on the target computer, you receive the following results from an nmap scan:

Remote operating system guess: Too many signatures match to reliably guess the OS.

Nmap run completed -- 1 IP address (1 host up) scanned in 277.483 seconds

What should be your next step to identify the OS?

A.

Perform a firewalk with that system as the target IP

B.

Perform a tcp traceroute to the system using port 53

C.

Run an nmap scan with the -v-v option to give a better output

D.

Connect to the active services and review the banner information

While performing a ping sweep of a subnet you receive an ICMP reply of Code 3/Type 13 for all the pings sent out.

What is the most likely cause behind this response?

A.

The firewall is dropping the packets.

B.

An in-line IDS is dropping the packets.

C.

A router is blocking ICMP.

D.

The host does not respond to ICMP packets.