312-50 Certified Ethical Hacker Certification Practice Exam Set 2

It is a vulnerability in GNU's bash shell, discovered in September of 2014, that gives attackers access to run remote commands on a vulnerable system. The malicious software can take control of an infected machine, launch denial-of-service attacks to disrupt websites, and scan for other vulnerable devices (including routers). 

Which of the following vulnerabilities is being described? 



Options are :

  • Rootshell
  • Rootshock
  • Shellbash
  • Shellshock (Correct)

Answer : Shellshock

You have successfully compromised a machine on the network and found a server that is alive on the same network. You tried to ping it but you didn't get any response back. 

What is happening? 



Options are :

  • The ARP is disabled on the target server.
  • TCP/IP doesn't support ICMP.
  • You need to run the ping command with root privileges.
  • ICMP could be disabled on the target server. (Correct)

Answer : ICMP could be disabled on the target server.

You are performing information gathering for an important penetration test. You have found pdf, doc, and images in your objective. You decide to extract metadata from these files and analyze it. 

What tool will help you with the task? 



Options are :

  • Metagoofil (Correct)
  • cdpsnarf
  • Dimitry
  • Armitage

Answer : Metagoofil

How does the Address Resolution Protocol (ARP) work? 



Options are :

  • It sends a reply packet for a specific IP, asking for the MAC address.
  • It sends a request packet to all the network elements, asking for the MAC address from a specific IP. (Correct)
  • It sends a request packet to all the network elements, asking for the domain name from a specific IP.
  • It sends a reply packet to all the network elements, asking for the MAC address from a specific IP.

Answer : It sends a request packet to all the network elements, asking for the MAC address from a specific IP.

During a blackbox pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. 

What type of firewall is inspecting outbound traffic?



Options are :

  • Circuit
  • Packet Filtering
  • Stateful
  • Application (Correct)

Answer : Application

A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server. 

Based on this information, what should be one of your key recommendations to the bank? 



Options are :

  • Place a front-end web server in a demilitarized zone that only handles external web traffic (Correct)
  • Move the financial data to another server on the same IP subnet
  • Require all employees to change their passwords immediately
  • Issue new certificates to the web servers from the root certificate authority

Answer : Place a front-end web server in a demilitarized zone that only handles external web traffic

You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's bank account password and login information for the administrator's bitcoin account. 

What should you do? 



Options are :

  • Report immediately to the administrator (Correct)
  • Do not report it and continue the penetration test.
  • Do not transfer the money but steal the bitcoins.
  • Transfer money from the administrator's account to another account.

Answer : Report immediately to the administrator

Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking. 

What should you do? 



Options are :

  • Ignore the data and continue the assessment until completed as agreed.
  • Confront the client in a respectful manner and ask her about the data.
  • Copy the data to removable media and keep it in case you need it.
  • Immediately stop work and contact the proper legal authorities. (Correct)

Answer : Immediately stop work and contact the proper legal authorities.

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the transport layer security (TLS) protocols defined in RFC6520. 

What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy? 




Options are :

  • Root
  • Shared
  • Private (Correct)
  • Public

Answer : Private

This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools. 

Which of the following tools is being described? 



Options are :

  • Aircrack-ng (Correct)
  • WLAN-crack
  • wificracker
  • Airguard

Answer : Aircrack-ng

You've gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your tool kit you have an Ubuntu 9.10 Linux LiveCD. Which Linux based tool has the ability to change any user's password or to activate disabled Windows accounts? 



Options are :

  • John the Ripper
  • CHNTPW (Correct)
  • Cain & Abel
  • SET

Answer : CHNTPW

env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd' 

What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host? 



Options are :

  • Removes the passwd file
  • Display passwd content to prompt (Correct)
  • Add new user to the passwd file
  • Changes all passwords in passwd

Answer : Display passwd content to prompt

Which of the following is not a Bluetooth attack? 



Options are :

  • Bluedriving (Correct)
  • Bluesmacking
  • Bluejacking
  • Bluesnarfing

Answer : Bluedriving

When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it. 

What should you do? 



Options are :

  • Forward the message to your supervisor and ask for her opinion on how to handle the situation
  • Reply to the sender and ask them for more information about the message contents.
  • Delete the email and pretend nothing happened
  • Forward the message to your company’s security response team and permanently delete the message from your computer. (Correct)

Answer : Forward the message to your company’s security response team and permanently delete the message from your computer.

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network. 

What is this type of DNS configuration commonly called?



Options are :

  • DynDNS
  • DNS Scheme
  • Split DNS (Correct)
  • DNSSEC

Answer : Split DNS

You've just been hired to perform a pen test on an organization that has been subjected to a largescale attack. The CIO is concerned with mitigating threats and vulnerabilities to totally eliminate risk. 

What is one of the first things you should do when given the job? 



Options are :

  • Start the wireshark application to start sniffing network traffic.
  • Establish attribution to suspected attackers.
  • Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels. (Correct)
  • Interview all employees in the company to rule out possible insider threats.

Answer : Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.

Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it begins to close. 

What just happened? 



Options are :

  • Piggybacking (Correct)
  • Whaling
  • Phishing
  • Masqurading

Answer : Piggybacking

A common cryptographical tool is the use of XOR. XOR the following binary values:

10110001

00111010 



Options are :

  • 11011000
  • 10011101
  • 10001011 (Correct)
  • 10111100

Answer : 10001011

You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line. 

Which command would you use? 



Options are :

  • c:\gpedit
  • c:\compmgmt.msc (Correct)
  • c:\ncpa.cp
  • c:\services.msc

Answer : c:\compmgmt.msc

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim’s profile to a text file and then submit the data to the attacker’s database. 

<iframe src="http://www.vulnweb.com/updateif.php" style="display:none"></iframe> 

What is this type of attack (that can use either HTTP GET or HTTP POST) called? 



Options are :

  • Browser Hacking
  • SQL Injection
  • Cross-Site Scripting
  • Cross-Site Request Forgery (Correct)

Answer : Cross-Site Request Forgery

Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening ports on the targeted system. 

If a scanned port is open, what happens? 



Options are :

  • The port will ignore the packets. (Correct)
  • The port will send an RST.
  • The port will send a SYN.
  • The port will send an ACK.

Answer : The port will ignore the packets.

Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name. 

What should be the first step in security testing the client? 



Options are :

  • Enumeration
  • Escalation
  • Scanning
  • Reconnaissance (Correct)

Answer : Reconnaissance

What is the process of logging, recording, and resolving events that take place in an organization? 



Options are :

  • Security Policy
  • Internal Procedure
  • Incident Management Process (Correct)
  • Metrics

Answer : Incident Management Process

It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure. 

Which of the following regulations best matches the description? 



Options are :

  • HIPAA (Correct)
  • ISO/IEC 27002
  • COBIT
  • FISMA

Answer : HIPAA

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8



Options are :

  • The host is likely a Windows machine.
  • The host is likely a router.
  • The host is likely a printer. (Correct)
  • The host is likely a Linux machine.

Answer : The host is likely a printer.

Perspective clients want to see sample reports from previous penetration tests. 

What should you do next? 



Options are :

  • Share full reports with redactions.
  • Share full reports, not redacted.
  • Decline but, provide references. (Correct)
  • Share reports, after NDA is signed.

Answer : Decline but, provide references.

This asymmetry cipher is based on factoring the product of two large prime numbers. 

What cipher is described above? 



Options are :

  • SHA
  • MD5
  • RSA (Correct)
  • RC5

Answer : RSA

What is the benefit of performing an unannounced Penetration Testing? 



Options are :

  • Network security would be in a "best state" posture.
  • The tester could not provide an honest analysis.
  • It is best to catch critical infrastructure unpatched.
  • The tester will have an actual security posture visibility of the target network. (Correct)

Answer : The tester will have an actual security posture visibility of the target network.

Which regulation defines security and privacy controls for Federal information systems and organizations? 



Options are :

  • NIST-800-53 (Correct)
  • EU Safe Harbor
  • PCI-DSS
  • HIPAA

Answer : NIST-800-53

Your company was hired by a small healthcare provider to perform a technical assessment on the network. 

What is the best approach for discovering vulnerabilities on a Windows-based computer? 



Options are :

  • Check MITRE.org for the latest list of CVE findings
  • Use a scan tool like Nessus (Correct)
  • Create a disk image of a clean Windows installation
  • Use the built-in Windows Update tool

Answer : Use a scan tool like Nessus

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions