312-50 Certified Ethical Hacker Certification Practice Exam Set 12

Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them? 




Options are :

  • Cross-site scripting
  • SQL injection
  • CRLF injection
  • Missing patches (Correct)

Answer : Missing patches

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy? 



Options are :

  • A bottom-up approach
  • A senior creation approach
  • An IT assurance approach
  • A top-down approach (Correct)

Answer : A top-down approach

Which results will be returned with the following Google search query? 

site:target.com -site:Marketing.target.com accounting 



Options are :

  • Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting
  • Results matching all words in the query
  • Results for matches on target.com and Marketing.target.com that include the word “accounting”
  • Results matching “accounting” in domain target.com but not on the site Marketing.target.com (Correct)

Answer : Results matching “accounting” in domain target.com but not on the site Marketing.target.com

A covert channel is a channel that 



Options are :

  • transfers information over, within a computer system, or network that is outside of the security policy. (Correct)
  • transfers information over, within a computer system, or network that is encrypted.
  • transfers information over, within a computer system, or network that is within the security policy.
  • transfers information via a communication path within a computer system, or network for transfer of data.

Answer : transfers information over, within a computer system, or network that is outside of the security policy.

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80.

The engineer receives this output: 

HTTP/1.1 200 OK

Server: Microsoft-IIS/6

Expires: Tue, 17 Jan 2011 01:41:33 GMT

Date: Mon, 16 Jan 2011 01:41:33 GMT

Content-Type: text/html

Accept-Ranges: bytes

Last-Modified: Wed, 28 Dec 2010 15:32:21 GMT

ETag: "b0aac0542e25c31:89d"

Content-Length: 7369 

Which of the following is an example of what the engineer performed? 



Options are :

  • SQL injection
  • Banner grabbing (Correct)
  • Whois database query
  • Cross-site scripting

Answer : Banner grabbing

The following is part of a log file taken from the machine on the network with the IP address of 192.168.1.106: 

Time:Mar 13 17:30:15 Port:20 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:17 Port:21 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:19 Port:22 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:21 Port:23 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:22 Port:25 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:23 Port:80 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:30 Port:443 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP 

What type of activity has been logged? 



Options are :

  • Port scan targeting 192.168.1.103
  • Teardrop attack targeting 192.168.1.106
  • Port scan targeting 192.168.1.106 (Correct)
  • Denial of service attack targeting 192.168.1.103

Answer : Port scan targeting 192.168.1.106

Which statement is TRUE regarding network firewalls preventing Web Application attacks? 



Options are :

  • Network firewalls can prevent attacks if they are properly configured.
  • Network firewalls cannot prevent attacks because ports 80 and 443 must be opened. (Correct)
  • Network firewalls can prevent attacks because they can detect malicious HTTP traffic.
  • Network firewalls cannot prevent attacks because they are too complex to configure.

Answer : Network firewalls cannot prevent attacks because ports 80 and 443 must be opened.

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack? 



Options are :

  • Blooover
  • BBProxy (Correct)
  • Paros Proxy
  • BBCrack

Answer : BBProxy

Which security control role does encryption meet? 



Options are :

  • Preventative (Correct)
  • Detective
  • Defensive
  • Offensive

Answer : Preventative

Which of the following techniques will identify if computer files have been changed? 



Options are :

  • Permission sets
  • Integrity checking hashes (Correct)
  • Firewall alerts
  • Network sniffing

Answer : Integrity checking hashes

Which of the following is an application that requires a host application for replication? 



Options are :

  • Worm
  • Micro
  • Trojan
  • Virus (Correct)

Answer : Virus

Which type of scan is used on the eye to measure the layer of blood vessels? 



Options are :

  • Signature kinetics scan
  • Iris scan
  • Facial recognition scan
  • Retinal scan (Correct)

Answer : Retinal scan

What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on? 



Options are :

  • Systems security and architecture review
  • Analysis of interrupts within the software (Correct)
  • Secure coding principles
  • Proper testing

Answer : Analysis of interrupts within the software

An NMAP scan of a server shows port 69 is open. What risk could this pose? 



Options are :

  • Web portal data leak
  • Unauthenticated access (Correct)
  • Weak SSL version
  • Cleartext login

Answer : Unauthenticated access

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed? 



Options are :

  • Remote-access policy (Correct)
  • Permissive policy
  • Acceptable-use policy
  • Firewall-management policy

Answer : Remote-access policy

Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function? 



Options are :

  • Fast processor to help with network traffic analysis
  • Similar RAM requirements
  • Fast network interface cards
  • They must be dual-homed (Correct)

Answer : They must be dual-homed

An NMAP scan of a server shows port 25 is open. What risk could this pose? 



Options are :

  • Web portal data leak
  • Active mail relay (Correct)
  • Open printer sharing
  • Clear text authentication

Answer : Active mail relay

A circuit level gateway works at which of the following layers of the OSI Model? 



Options are :

  • Layer 4 – TCP (Correct)
  • Layer 2 – Data link
  • Layer 3 – Internet protocol
  • Layer 5 - Application

Answer : Layer 4 – TCP

At a Windows Server command prompt, which command could be used to list the running services? 



Options are :

  • Sc query type= running
  • Sc config
  • Sc query \\servername
  • Sc query (Correct)

Answer : Sc query

A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop anti-virus and E-mail gateway.  This approach can be used to mitigate which kind of attack? 



Options are :

  • Forensic attack
  • Scanning attack
  • Social engineering attack (Correct)
  • ARP spoofing attack

Answer : Social engineering attack

A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, searching the bank's job postings (paying special attention to IT related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in? 



Options are :

  • Vulnerability assessment
  • Passive information gathering (Correct)
  • Information reporting
  • Active information gathering

Answer : Passive information gathering

Which type of access control is used on a router or firewall to limit network activity? 



Options are :

  • Role-based
  • Mandatory
  • Rule-based (Correct)
  • Discretionary

Answer : Rule-based

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform? 



Options are :

  • Social engineering
  • Man trap
  • Tailgating (Correct)
  • Shoulder surfing

Answer : Tailgating

While performing data validation of web content, a security technician is required to restrict malicious input. Which of the following processes is an efficient way of restricting malicious input? 



Options are :

  • Validate web content input for type, length, and range. (Correct)
  • Validate web content input for extraneous queries.
  • Validate web content input with scanning tools.
  • Validate web content input for query strings.

Answer : Validate web content input for type, length, and range.

Which property ensures that a hash function will not produce the same hashed value for two different messages? 



Options are :

  • Collision resistance (Correct)
  • Key strength
  • Entropy
  • Bit length

Answer : Collision resistance

Which system consists of a publicly available set of databases that contain domain name registration contact information? 



Options are :

  • IETF
  • WHOIS (Correct)
  • IANA
  • CAPTCHA

Answer : WHOIS

What information should an IT system analysis provide to the risk assessor? 



Options are :

  • Threat statement
  • Impact analysis
  • Management buy-in
  • Security architecture (Correct)

Answer : Security architecture

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS? 

Starting NMAP 5.21 at 2011-03-15 11:06

NMAP scan report for 172.16.40.65

Host is up (1.00s latency).

Not shown: 993 closed ports

PORT  STATE  SERVICE

21/tcp  open  ftp

23/tcp  open  telnet

80/tcp  open  http

139/tcp  open  netbios-ssn

515/tcp  open   

631/tcp  open  ipp

9100/tcp  open   

MAC Address: 00:00:48:0D:EE:89 



Options are :

  • The host is likely a printer. (Correct)
  • The host is likely a Linux machine.
  • The host is likely a router.
  • The host is likely a Windows machine.

Answer : The host is likely a printer.

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's computer to update the router configuration. What type of an alert is this? 



Options are :

  • False negative
  • False positive (Correct)
  • True positve
  • True negative

Answer : False positive

Which of the following is considered an acceptable option when managing a risk?



Options are :

  • Deny the risk.
  • Initiate the risk.
  • Reject the risk.
  • Mitigate the risk. (Correct)

Answer : Mitigate the risk.