Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

GAQM CEH-001 - Certified Ethical Hacker (CEH)

GAQM CEH-001 Premium Access     Download Demo    
Page: 9 / 14
Total 878 questions

Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing? (Select the Best Answer.)

A.

Install DNS logger and track vulnerable packets

B.

Disable DNS timeouts

C.

Install DNS Anti-spoofing

D.

Disable DNS Zone Transfer

Windows LAN Manager (LM) hashes are known to be weak. Which of the following are known weaknesses of LM? (Choose three)

A.

Converts passwords to uppercase.

B.

Hashes are sent in clear text over the network.

C.

Makes use of only 32 bit encryption.

D.

Effective length is 7 characters.

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

A.

There is no way to tell because a hash cannot be reversed

B.

The right most portion of the hash is always the same

C.

The hash always starts with AB923D

D.

The left most portion of the hash is always the same

E.

A portion of the hash will be all 0's

How would you describe a simple yet very effective mechanism for sending and receiving unauthorized information or data between machines without alerting any firewalls and IDS's on a network?

A.

Covert Channel

B.

Crafted Channel

C.

Bounce Channel

D.

Deceptive Channel

What did the following commands determine?

C: user2sid \earth guest

S-1-5-21-343818398-789336058-1343024091-501

C:sid2user 5 21 343818398 789336058 1343024091 500

Name is Joe

Domain is EARTH

A.

That the Joe account has a SID of 500

B.

These commands demonstrate that the guest account has NOT been disabled

C.

These commands demonstrate that the guest account has been disabled

D.

That the true administrator is Joe

E.

Issued alone, these commands prove nothing

Web servers often contain directories that do not need to be indexed. You create a text file with search engine indexing restrictions and place it on the root directory of the Web Server.

User-agent: *

Disallow: /images/

Disallow: /banners/

Disallow: /Forms/

Disallow: /Dictionary/

Disallow: /_borders/

Disallow: /_fpclass/

Disallow: /_overlay/

Disallow: /_private/

Disallow: /_themes/

What is the name of this file?

A.

robots.txt

B.

search.txt

C.

blocklist.txt

D.

spf.txt

XSS attacks occur on Web pages that do not perform appropriate bounds checking on data entered by users. Characters like < > that mark the beginning/end of a tag should be converted into HTML entities.

What is the correct code when converted to html entities?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

What is War Dialing?

A.

War dialing involves the use of a program in conjunction with a modem to penetrate the modem/PBX-based systems

B.

War dialing is a vulnerability scanning technique that penetrates Firewalls

C.

It is a social engineering technique that uses Phone calls to trick victims

D.

Involves IDS Scanning Fragments to bypass Internet filters and stateful Firewalls

One of the effective DoS/DDoS countermeasures is 'Throttling'. Which statement correctly defines this term?

A.

Set up routers that access a server with logic to adjust incoming traffic to levels that will be safe for the server to process

B.

Providers can increase the bandwidth on critical connections to prevent them from going down in the event of an attack

C.

Replicating servers that can provide additional failsafe protection

D.

Load balance each server in a multiple-server architecture

Bret is a web application administrator and has just read that there are a number of surprisingly common web application vulnerabilities that can be exploited by unsophisticated attackers with easily available tools on the Internet. He has also read that when an organization deploys a web application, they invite the world to send HTTP requests. Attacks buried in these requests sail past firewalls, filters, platform hardening, SSL, and IDS without notice because they are inside legal HTTP requests. Bret is determined to weed out vulnerabilities.

What are some of the common vulnerabilities in web applications that he should be concerned about?

A.

Non-validated parameters, broken access control, broken account and session management, cross-site scripting and buffer overflows are just a few common vulnerabilities

B.

Visible clear text passwords, anonymous user account set as default, missing latest security patch, no firewall filters set and no SSL configured are just a few common vulnerabilities

C.

No SSL configured, anonymous user account set as default, missing latest security patch, no firewall filters set and an inattentive system administrator are just a few common vulnerabilities

D.

No IDS configured, anonymous user account set as default, missing latest security patch, no firewall filters set and visible clear text passwords are just a few common vulnerabilities

Syslog is a standard for logging program messages. It allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them. It also provides devices, which would otherwise be unable to communicate a means to notify administrators of problems or performance.

What default port Syslog daemon listens on?

A.

242

B.

312

C.

416

D.

514

You are the security administrator of Jaco Banking Systems located in Boston. You are setting up e-banking website (http://www.ejacobank.com) authentication system. Instead of issuing banking customer with a single password, you give them a printed list of 100 unique passwords. Each time the customer needs to log into the e-banking system website, the customer enters the next password on the list. If someone sees them type the password using shoulder surfing, MiTM or keyloggers, then no damage is done because the password will not be accepted a second time. Once the list of 100 passwords is almost finished, the system automatically sends out a new password list by encrypted e-mail to the customer.

You are confident that this security implementation will protect the customer from password abuse.

Two months later, a group of hackers called "HackJihad" found a way to access the one-time password list issued to customers of Jaco Banking Systems. The hackers set up a fake website (http://www.e-jacobank.com) and used phishing attacks to direct ignorant customers to it. The fake website asked users for their e-banking username and password, and the next unused entry from their one-time password sheet. The hackers collected 200 customer 's username/passwords this way. They transferred money from the customer's bank account to various offshore accounts.

Your decision of password policy implementation has cost the bank with USD 925, 000 to hackers. You immediately shut down the e-banking website while figuring out the next best security solution

What effective security solution will you recommend in this case?

A.

Implement Biometrics based password authentication system. Record the customers face image to the authentication database

B.

Configure your firewall to block logon attempts of more than three wrong tries

C.

Enable a complex password policy of 20 characters and ask the user to change the password immediately after they logon and do not store password histories

D.

Implement RSA SecureID based authentication system

In which part of OSI layer, ARP Poisoning occurs?

A.

Transport Layer

B.

Datalink Layer

C.

Physical Layer

D.

Application layer

An attacker has successfully compromised a remote computer. Which of the following comes as one of the last steps that should be taken to ensure that the compromise cannot be traced back to the source of the problem?

A.

Install patches

B.

Setup a backdoor

C.

Install a zombie for DDOS

D.

Cover your tracks

BankerFox is a Trojan that is designed to steal users' banking data related to certain banking entities.

When they access any website of the affected banks through the vulnerable Firefox 3.5 browser, the Trojan is activated and logs the information entered by the user. All the information entered in that website will be logged by the Trojan and transmitted to the attacker's machine using covert channel.

BankerFox does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer.

What is the most efficient way an attacker located in remote location to infect this banking Trojan on a victim's machine?

A.

Physical access - the attacker can simply copy a Trojan horse to a victim's hard disk infecting the machine via Firefox add-on extensions

B.

Custom packaging - the attacker can create a custom Trojan horse that mimics the appearance of a program that is unique to that particular computer

C.

Custom packaging - the attacker can create a custom Trojan horse that mimics the appearance of a program that is unique to that particular computer

D.

Custom packaging - the attacker can create a custom Trojan horse that mimics the appearance of a program that is unique to that particular computer

E.

Downloading software from a website? An attacker can offer free software, such as shareware programs and pirated mp3 files

While performing a ping sweep of a local subnet you receive an ICMP reply of Code 3/Type 13 for all the pings you have sent out. What is the most likely cause of this?

A.

The firewall is dropping the packets

B.

An in-line IDS is dropping the packets

C.

A router is blocking ICMP

D.

The host does not respond to ICMP packets

Consider the following code:

URL:http://www.certified.com/search.pl?

text=

If an attacker can trick a victim user to click a link like this, and the Web application does not validate input, then the victim's browser will pop up an alert showing the users current set of cookies. An attacker can do much more damage, including stealing passwords, resetting your home page, or redirecting the user to another Web site.

What is the countermeasure against XSS scripting?

A.

Create an IP access list and restrict connections based on port number

B.

Replace "<" and ">" characters with "& l t;" and "& g t;" using server scripts

C.

Disable Javascript in IE and Firefox browsers

D.

Connect to the server using HTTPS protocol instead of HTTP

This attack technique is used when a Web application is vulnerable to an SQL Injection but the results of the Injection are not visible to the attacker.

A.

Unique SQL Injection

B.

Blind SQL Injection

C.

Generic SQL Injection

D.

Double SQL Injection

The SYN flood attack sends TCP connections requests faster than a machine can process them.

    Attacker creates a random source address for each packet

    SYN flag set in each packet is a request to open a new connection to the server from the spoofed IP address

    Victim responds to spoofed IP address, then waits for confirmation that never arrives (timeout wait is about 3 minutes)

    Victim's connection table fills up waiting for replies and ignores new connections

    Legitimate users are ignored and will not be able to access the server

How do you protect your network against SYN Flood attacks?

A.

SYN cookies. Instead of allocating a record, send a SYN-ACK with a carefully constructed sequence number generated as a hash of the clients IP address, port number, and other information. When the client responds with a normal ACK, that special sequence number will be included, which the server then verifies. Thus, the server first allocates memory on the third packet of the handshake, not the first.

B.

RST cookies - The server sends a wrong SYN/ACK back to the client. The client should then generate a RST packet telling the server that something is wrong. At this point, the server knows the client is valid and will now accept incoming connections from that client normally

C.

Check the incoming packet's IP address with the SPAM database on the Internet and enable the filter using ACLs at the Firewall

D.

Stack Tweaking. TCP stacks can be tweaked in order to reduce the effect of SYN floods. Reduce the timeout before a stack frees up the memory allocated for a connection

E.

Micro Blocks. Instead of allocating a complete connection, simply allocate a micro record of 16-bytes for the incoming SYN object

Which type of scan does NOT open a full TCP connection?

A.

Stealth Scan

B.

XMAS Scan

C.

Null Scan

D.

FIN Scan