Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GAQM CEH-001 - Certified Ethical Hacker (CEH)

GAQM CEH-001 Premium Access     Download Demo    
Page: 8 / 14
Total 878 questions

Which type of attack is port scanning?

A.

Web server attack

B.

Information gathering

C.

Unauthorized access

D.

Denial of service attack

Which DNS resource record can indicate how long any "DNS poisoning" could last?

A.

MX

B.

SOA

C.

NS

D.

TIMEOUT

Exhibit:

ettercap –NCLzs --quiet

What does the command in the exhibit do in “Ettercap”?

A.

This command will provide you the entire list of hosts in the LAN

B.

This command will check if someone is poisoning you and will report its IP.

C.

This command will detach from console and log all the collected passwords from the network to a file.

D.

This command broadcasts ping to scan the LAN instead of ARP request of all the subnet IPs.

Exhibit:

Study the following log extract and identify the attack.

A.

Hexcode Attack

B.

Cross Site Scripting

C.

Multiple Domain Traversal Attack

D.

Unicode Directory Traversal Attack

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site.

One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!

From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact. No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using his dial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith.

After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

H@cker Mess@ge:

Y0u @re De@d! Fre@ks!

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact.

How did the attacker accomplish this hack?

A.

ARP spoofing

B.

SQL injection

C.

DNS poisoning

D.

Routing table injection

One of your junior administrator is concerned with Windows LM hashes and password cracking. In your discussion with them, which of the following are true statements that you would point out?

Select the best answers.

A.

John the Ripper can be used to crack a variety of passwords, but one limitation is that the output doesn't show if the password is upper or lower case.

B.

BY using NTLMV1, you have implemented an effective countermeasure to password cracking.

C.

SYSKEY is an effective countermeasure.

D.

If a Windows LM password is 7 characters or less, the hash will be passed with the following characters, in HEX- 00112233445566778899.

E.

Enforcing Windows complex passwords is an effective countermeasure.

What is a Trojan Horse?

A.

A malicious program that captures your username and password

B.

Malicious code masquerading as or replacing legitimate code

C.

An unauthorized user who gains access to your user database and adds themselves as a user

D.

A server that is to be sacrificed to all hacking attempts in order to log and monitor the hacking activity

Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

For /f "tokens=1 %%a in (hackfile.txt) do net use * \\10.1.2.3\c$ /user:"Administrator" %%a

What is Eve trying to do?

A.

Eve is trying to connect as an user with Administrator privileges

B.

Eve is trying to enumerate all users with Administrative privileges

C.

Eve is trying to carry out a password crack for user Administrator

D.

Eve is trying to escalate privilege of the null user to that of Administrator

What file system vulnerability does the following command take advantage of?

type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe

A.

HFS

B.

ADS

C.

NTFS

D.

Backdoor access

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging in.

What do you think is the most likely reason behind this?

A.

There is a NIDS present on that segment.

B.

Kerberos is preventing it.

C.

Windows logons cannot be sniffed.

D.

L0phtcrack only sniffs logons to web servers.

What tool can crack Windows SMB passwords simply by listening to network traffic?

Select the best answer.

A.

This is not possible

B.

Netbus

C.

NTFSDOS

D.

L0phtcrack

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

A.

All are hacking tools developed by the legion of doom

B.

All are tools that can be used not only by hackers, but also security personnel

C.

All are DDOS tools

D.

All are tools that are only effective against Windows

E.

All are tools that are only effective against Linux

In Linux, the three most common commands that hackers usually attempt to Trojan are:

A.

car, xterm, grep

B.

netstat, ps, top

C.

vmware, sed, less

D.

xterm, ps, nc

Which of the following are well know password-cracking programs?(Choose all that apply.

A.

L0phtcrack

B.

NetCat

C.

Jack the Ripper

D.

Netbus

E.

John the Ripper

Which of the following LM hashes represent a password of less than 8 characters? (Select 2)

A.

BA810DBA98995F1817306D272A9441BB

B.

44EFCE164AB921CQAAD3B435B51404EE

C.

0182BD0BD4444BF836077A718CCDF409

D.

CEC52EB9C8E3455DC2265B23734E0DAC

E.

B757BF5C0D87772FAAD3B435B51404EE

F.

E52CAC67419A9A224A3B108F3FA6CB6D

You suspect that your Windows machine has been compromised with a Trojan virus. When you run anti-virus software it does not pick of the Trojan. Next you run netstat command to look for open ports and you notice a strange port 6666 open.

What is the next step you would do?

A.

Re-install the operating system.

B.

Re-run anti-virus software.

C.

Install and run Trojan removal software.

D.

Run utility fport and look for the application executable that listens on port 6666.

You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters.

With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?

A.

Online Attack

B.

Dictionary Attack

C.

Brute Force Attack

D.

Hybrid Attack

Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

A.

USER, NICK

B.

LOGIN, NICK

C.

USER, PASS

D.

LOGIN, USER

Exhibit:

You have captured some packets in Ethereal. You want to view only packets sent from 10.0.0.22. What filter will you apply?

A.

ip = 10.0.0.22

B.

ip.src == 10.0.0.22

C.

ip.equals 10.0.0.22

D.

ip.address = 10.0.0.22

As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security? Select the best answers.

A.

Use the same machines for DNS and other applications

B.

Harden DNS servers

C.

Use split-horizon operation for DNS servers

D.

Restrict Zone transfers

E.

Have subnet diversity between DNS servers