312-50 Certified Ethical Hacker Certification Practice Exam Set 4

Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?



Options are :

  • They use the same packet capture utility. (Correct)
  • They send alerts to security monitors.
  • They use the same packet analysis engine.
  • They are written in Java.

Answer : They use the same packet capture utility.

An attacker uses a communication channel within an operating system that is neither designed nor intended to transfer information. What is the name of the communications channel? 



Options are :

  • Overt
  • Covert (Correct)
  • Encrypted
  • Classified

Answer : Covert

A security policy will be more accepted by employees if it is consistent and has the support of 



Options are :

  • executive management. (Correct)
  • the security officer.
  • coworkers.
  • a supervisor.

Answer : executive management.

When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following? 



Options are :

  • Continues to evaluate the packet until all rules are checked (Correct)
  • Blocks the connection with the source IP address in the packet
  • Drops the packet and moves on to the next one
  • Stops checking rules, sends an alert, and lets the packet continue

Answer : Continues to evaluate the packet until all rules are checked

A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company’s internal network. Which of the following can be implemented to minimize the opportunity for the man-in-the-middle attack to occur? 



Options are :

  • IPSec (Correct)
  • Mutual authentication
  • Static IP addresses
  • SSL

Answer : IPSec

The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities? 



Options are :

  • The IDS will not distinguish among packets originating from different sources.
  • Network packets are dropped if the volume exceeds the threshold.
  • Thresholding interferes with the IDS’ ability to reassemble fragmented packets.
  • An attacker, working slowly enough, can evade detection by the IDS. (Correct)

Answer : An attacker, working slowly enough, can evade detection by the IDS.

What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation? 



Options are :

  • ISO 26029
  • Blue Book
  • Common Criteria (Correct)
  • The Wassenaar Agreement

Answer : Common Criteria

A hacker was able to sniff packets on a company's wireless network. The following information was discovered: 

The Key  10110010 01001011

The Cyphertext  01100101 01011010 

Using the Exlcusive OR, what was the original message? 



Options are :

  • 11110010 01011011
  • 00101000 11101110
  • 00001101 10100100
  • 11010111 00010001 (Correct)

Answer : 11010111 00010001

Which of the following types of firewall inspects only header information in network traffic?



Options are :

  • Stateful inspection
  • Application-level gateway
  • Packet filter (Correct)
  • Circuit-level gateway

Answer : Packet filter

Which of the following is an example of an asymmetric encryption implementation? 



Options are :

  • 3DES
  • MD5
  • SHA1
  • PGP (Correct)

Answer : PGP

Which command line switch would be used in NMAP to perform operating system detection? 



Options are :

  • -OS
  • -sO
  • -O (Correct)
  • -sP

Answer : -O

A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use? 



Options are :

  • -sP
  • -sS
  • -sO (Correct)
  • -sU

Answer : -sO

What is the main reason the use of a stored biometric is vulnerable to an attack? 



Options are :

  • A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric. (Correct)
  • The digital representation of the biometric might not be unique, even if the physical characteristic is unique.
  • A stored biometric is no longer "something you are" and instead becomes "something you have".
  • Authentication using a stored biometric compares a copy to a copy instead of the original to a copy.

Answer : A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.

Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application? 



Options are :

  • The victim user must open the malicious link with a Firefox prior to version 3.
  • The victim user must open the malicious link with an Internet Explorer prior to version 8.
  • The session cookies generated by the application do not have the HttpOnly flag set.
  • The web application should not use random tokens. (Correct)

Answer : The web application should not use random tokens.

Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations? 



Options are :

  • Nikto
  • Hping
  • John the Ripper
  • Cain (Correct)

Answer : Cain

In the software security development life cycle process, threat modeling occurs in which phase? 



Options are :

  • Verification
  • Requirements
  • Design (Correct)
  • Implementation

Answer : Design

To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?



Options are :

  • Master encryption key
  • Recipient's public key (Correct)
  • Sender's public key
  • Recipient's private key

Answ