312-50 Certified Ethical Hacker Certification Practice Exam Set 6

Which initial procedure should an ethical hacker perform after being brought into an organization? 


Options are :

  • Turn over deliverables.
  • Assess what the organization is trying to protect.
  • Sign a formal contract with non-disclosure. (Correct)
  • Begin security testing.

Answer : Sign a formal contract with non-disclosure.

While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web site: 

<script>alert(" Testing Testing Testing ")</script> 

Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text: "Testing Testing Testing". Which vulnerability has been detected in the web application? 



Options are :

  • Distributed denial of service
  • Buffer overflow
  • Cross-site request forgery
  • Cross-site scripting (Correct)

Answer : Cross-site scripting

Which of the following items is unique to the N-tier architecture method of designing software applications? 



Options are :

  • Application layers can be written in C, ASP.NET, or Delphi without any performance loss.
  • Application layers can be separated, allowing each layer to be upgraded independently from other layers. (Correct)
  • Data security is tied into each layer and must be updated for all layers when any upgrade is performed.
  • It is compatible with various databases including Access, Oracle, and SQL.

Answer : Application layers can be separated, allowing each layer to be upgraded independently from other layers.

As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing. 

What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester? 



Options are :

  • Terms of Engagement (Correct)
  • Non-Disclosure Agreement
  • Project Scope
  • Service Level Agreement

Answer : Terms of Engagement

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take? 



Options are :

  • Exploit some of the vulnerabilities found on the company webserver to deface it.
  • Threaten to publish the penetration test results if not paid.
  • Tell other customers of the financial problems with payments from this company.
  • Follow proper legal procedures against the company to request payment. (Correct)

Answer : Follow proper legal procedures against the company to request payment.

Which of the following guidelines or standards is associated with the credit card industry? 



Options are :

  • Control Objectives for Information and Related Technology (COBIT)
  • Sarbanes-Oxley Act (SOX)
  • Payment Card Industry Data Security Standards (PCI DSS) (Correct)
  • Health Insurance Portability and Accountability Act (HIPAA)

Answer : Payment Card Industry Data Security Standards (PCI DSS)

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide? 



Options are :

  • Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure
  • Registration of critical penetration testing for the Department of Homeland Security and public and private sectors
  • Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors
  • Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security (Correct)

Answer : Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use? 



Options are :

  • RSA 1024 bit strength (Correct)
  • AES 512 bit strength
  • AES 1024 bit strength
  • RSA 512 bit strength

Answer : RSA 1024 bit strength

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network’s IDS? 



Options are :

  • Fingerprinting to identify which operating systems are running on the network
  • Timing options to slow the speed that the port scan is conducted (Correct)
  • Traceroute to control the path of the packets sent during the scan
  • ICMP ping sweep to determine which hosts on the network are not available

Answer : Timing options to slow the speed that the port scan is conducted

Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company?



Options are :

  • Cross certification (Correct)
  • Cross-site exchange
  • Poly key exchange
  • Poly key reference

Answer : Cross certification

Which of the following is a characteristic of Public Key Infrastructure (PKI)? 



Options are :

  • Public-key cryptosystems do not require a secure key distribution channel.
  • Public-key cryptosystems do not provide technical non-repudiation via digital signatures.
  • Public-key cryptosystems distribute public-keys within digital signatures. (Correct)
  • Public-key cryptosystems are faster than symmetric-key cryptosystems.

Answer : Public-key cryptosystems distribute public-keys within digital signatures.

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred? 



Options are :

  • The computer is using an invalid IP address.
  • The computer is not using a private IP address.
  • The gateway and the computer are not on the same network.
  • The gateway is not routing to a public IP address. (Correct)

Answer : The gateway is not routing to a public IP address.

Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known to incorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits. 

What type of attack is outlined in the scenario? 



Options are :

  • Watering Hole Attack (Correct)
  • Heartbleed Attack
  • Spear Phising Attack
  • Shellshock Attack

Answer : Watering Hole Attack

It is an entity or event with the potential to adversely impact a system through unauthorized access, destruction, disclosure, denial of service or modification of data.

Which of the following terms best matches the definition? 



Options are :

  • Vulnerability
  • Attack
  • Risk
  • Threat (Correct)

Answer : Threat

Which statement best describes a server type under an N-tier architecture? 



Options are :

  • A group of servers at a specific layer
  • A group of servers with a unique role (Correct)
  • A single server with a specific role
  • A single server at a specific layer

Answer : A group of servers with a unique role

Which of the following is an example of IP spoofing? 



Options are :

  • Cross-site scripting
  • ARP poisoning
  • Man-in-the-middle (Correct)
  • SQL injections

Answer : Man-in-the-middle

Which security strategy requires using several, varying methods to protect IT systems against attacks? 



Options are :

  • Covert channels
  • Defense in depth (Correct)
  • Three-way handshake
  • Exponential backoff algorithm

Answer : Defense in depth

A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the best remediation against this type of attack?



Options are :

  • Implementing server-side PKI certificates for all connections
  • Mandating only client-side PKI certificates for all connections
  • Requiring client and server PKI certificates for all connections (Correct)
  • Requiring strong authentication for all DNS queries

Answer : Requiring client and server PKI certificates for all connections

A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer. What is the consultant's obligation to the financial organization? 



Options are :

  • Say nothing and continue with the security testing.
  • Stop work immediately and contact the authorities. (Correct)
  • Bring the discovery to the financial organization's human resource department.
  • Delete the pornography, say nothing, and continue security testing.

Answer : Stop work immediately and contact the authorities.

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job? 



Options are :

  • Ask the employer for authorization to perform the work outside the company. (Correct)
  • Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack.
  • Begin the reconnaissance phase with passive information gathering and then move into active information gathering.
  • Start by foot printing the network and mapping out a plan of attack.

Answer : Ask the employer for authorization to perform the work outside the company.

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)? 



Options are :

  • CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.
  • CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide. (Correct)
  • CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.
  • CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.

Answer : CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)? 



Options are :

  • The CA is the trusted root that issues certificates. (Correct)
  • The root CA is used to encrypt email messages to prevent unintended disclosure of data.
  • The root CA stores the user's hash value for safekeeping.
  • The root CA is the recovery agent used to encrypt data when a user's certificate is lost.

Answer : The CA is the trusted root that issues certificates.

How can a policy help improve an employee's security awareness? 



Options are :

  • By decreasing an employee's vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths
  • By implementing written security procedures, enabling employee security training, and promoting the benefits of security (Correct)
  • By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line
  • By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees

Answer : By implementing written security procedures, enabling employee security training, and promoting the benefits of security

Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack? 



Options are :

  • SYN flood
  • Teardrop (Correct)
  • Ping of death
  • Smurf attack

Answer : Teardrop

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services? 



Options are :

  • A security certification for hardened web applications
  • An extensible security framework named COBIT
  • Web application patches
  • A list of flaws and how to fix them (Correct)

Answer : A list of flaws and how to fix them

What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes? 



Options are :

  • Contractual, regulatory, industry
  • Audit, standards based, regulatory
  • Legal, performance, audit
  • Legislative, contractual, standards based (Correct)

Answer : Legislative, contractual, standards based

An IT security engineer notices that the company’s web server is currently being hacked. What should the engineer do next? 



Options are :

  • Unplug the network connection on the company’s web server.
  • Record as much information as possible from the attack. (Correct)
  • Determine the origin of the attack and launch a counterattack.
  • Perform a system restart on the company’s web server.

Answer : Record as much information as possible from the attack.

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response? 



Options are :

  • Say no; make sure that the friend knows the risk she’s asking the CEH to take.
  • Say yes; do the job for free.
  • Say no; the friend is not the owner of the account. (Correct)
  • Say yes; the friend needs help to gather evidence.

Answer : Say no; the friend is not the owner of the account.

Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities? 



Options are :

  • WebGoat (Correct)
  • VULN_HTML
  • WebBugs
  • WebScarab

Answer : WebGoat

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as? 



Options are :

  • Trap door (Correct)
  • SQL injection
  • Honey pot
  • SDLC process

Answer : Trap door

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions