312-50 Certified Ethical Hacker Certification Practice Exam Set 7

Which of the following is the greatest threat posed by backups? 



Options are :

  • An un-encrypted backup can be misplaced or stolen. (Correct)
  • A backup is the source of Malware or illicit information.
  • A backup is incomplete because no verification was performed.
  • A backup is unavailable during disaster recovery.

Answer : An un-encrypted backup can be misplaced or stolen.

A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application. 

What kind of Web application vulnerability likely exists in their software?



Options are :

  • Cross-site Request Forgery vulnerability
  • Cross-site scripting vulnerability (Correct)
  • SQL injection vulnerability
  • Web site defacement vulnerability

Answer : Cross-site scripting vulnerability

Which of the following is a command line packet analyzer similar to GUI-based Wireshark? 



Options are :

  • etherea
  • nessus
  • Jack the ripper
  • tcpdump (Correct)

Answer : tcpdump

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up. 

What is the most likely cause? 



Options are :

  • The security breach was a false positive.
  • The network devices are not all synchronized. (Correct)
  • Proper chain of custody was not observed while collecting the logs.
  • The attacker altered or erased events from the logs.

Answer : The network devices are not all synchronized.

What does a firewall check to prevent particular ports and applications from getting packets into an organization? 



Options are :

  • Application layer port numbers and the transport layer headers
  • Transport layer port numbers and application layer headers (Correct)
  • Presentation layer headers and the session layer port numbers
  • Network layer headers and the session layer port numbers

Answer : Transport layer port numbers and application layer headers

Which of the following is a low-tech way of gaining unauthorized access to systems? 



Options are :

  • Social Engineering (Correct)
  • Sniffing
  • Eavesdropping
  • Scanning

Answer : Social Engineering

The "white box testing" methodology enforces what kind of restriction? 



Options are :

  • Only the internal operation of a system is known to the tester.
  • Only the external operation of a system is accessible to the tester.
  • The internal operation of a system is completely known to the tester. (Correct)
  • The internal operation of a system is only partly accessible to the tester.

Answer : The internal operation of a system is completely known to the tester.

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port. 

What kind of vulnerability must be present to make this remote attack possible? 




Options are :

  • Directory traversal
  • Brute force login
  • File system permissions (Correct)
  • Privilege escalation

Answer : File system permissions

Which of the following statements regarding ethical hacking is incorrect? 



Options are :

  • Testing should be remotely performed offsite.
  • Ethical hackers should never use tools or methods that have the potential of exploiting vulnerabilities in an organization's systems. (Correct)
  • An organization should use ethical hackers who do not sell vendor hardware/software or other consulting services.
  • Ethical hacking should not involve writing to or modifying the target systems.

Answer : Ethical hackers should never use tools or methods that have the potential of exploiting vulnerabilities in an organization's systems.

Which of the following tools can be used for passive OS fingerprinting? 



Options are :

  • tracert
  • ping
  • nmap
  • tcpdump (Correct)

Answer : tcpdump

A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate? 



Options are :

  • Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.
  • Attempts by attackers to access the user and password information stored in the company's SQL database.
  • Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.
  • Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials. (Correct)

Answer : Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.

Which of the following is a protocol specifically designed for transporting event messages? 



Options are :

  • ICMP
  • SYSLOG (Correct)
  • SNMP
  • SMS

Answer : SYSLOG

Which of the following is a design pattern based on distinct pieces of software providing application functionality as services to other applications? 



Options are :

  • Service Oriented Architecture (Correct)
  • Object Oriented Architecture
  • Lean Coding
  • Agile Process

Answer : Service Oriented Architecture

What two conditions must a digital signature meet? 



Options are :

  • Has to be unforgeable, and has to be authentic. (Correct)
  • Must be unique and have special characters.
  • Has to be the same number of characters as a physical signature and must be unique.
  • Has to be legible and neat.

Answer : Has to be unforgeable, and has to be authentic.

The purpose of a __________ is to deny network access to local area networks and other information assets by unauthorized wireless devices. 



Options are :

  • Wireless Access Control List
  • Wireless Analyzer
  • Wireless Intrusion Prevention System (Correct)
  • Wireless Access Point

Answer : Wireless Intrusion Prevention System

Which of the following security operations is used for determining the attack surface of an organization? 



Options are :

  • Reviewing the need for a security clearance for each employee
  • Using configuration management to determine when and where to apply security patches
  • Training employees on the security policy regarding social engineering
  • Running a network scan to detect network services in the corporate DMZ (Correct)

Answer : Running a network scan to detect network services in the corporate DMZ

You are using NMAP to resolve domain names into IP addresses for a ping sweep later. 

Which of the following commands looks for IP addresses? 



Options are :

  • >host -t a hackeddomain.com (Correct)
  • >host -t AXFR hackeddomain.com
  • >host -t soa hackeddomain.com
  • >host -t ns hackeddomain.com

Answer : >host -t a hackeddomain.com

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, smallsized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. 

Which tool can be used to perform session splicing attacks? 



Options are :

  • Burp
  • Whisker (Correct)
  • tcpsplice
  • Hydra

Answer : Whisker

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed? 



Options are :

  • Impact risk
  • Deferred risk
  • Inherent risk
  • Residual risk (Correct)

Answer : Residual risk

In Risk Management, how is the term "likelihood" related to the concept of "threat?" 



Options are :

  • Likelihood is the probability that a threat-source will exploit a vulnerability. (Correct)
  • Likelihood is the likely source of a threat that could exploit a vulnerability.
  • Likelihood is a possible threat-source that may exploit a vulnerability.
  • Likelihood is the probability that a vulnerability is a threat-source.

Answer : Likelihood is the probability that a threat-source will exploit a vulnerability.

An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gains access to the DNS server and redirects the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack? 



Options are :

  • DNS spoofing (Correct)
  • Smurf Attack
  • MAC Flooding
  • ARP Poisoning

Answer : DNS spoofing

Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange? 



Options are :

  • single sign on
  • biometrics
  • SOA
  • PKI (Correct)

Answer : PKI

Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN? 



Options are :

  • ESP transport mode (Correct)
  • AH permiscuous
  • AH Tunnel mode
  • ESP confidential

Answer : ESP transport mode

An attacker gains access to a Web server's database and displays the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem? 



Options are :

  • Insufficient exception handling
  • Insufficient database hardening
  • Insufficient security management
  • Insufficient input validation (Correct)

Answer : Insufficient input validation

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek? 



Options are :

  • tcptrace (Correct)
  • tcptraceroute
  • OpenVAS
  • Nessus

Answer : tcptrace

While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. 

What Web browser-based security vulnerability was exploited to compromise the user? 



Options are :

  • Clickjacking
  • Cross-Site Request Forgery (Correct)
  • Web form input validation
  • Cross-Site Scripting

Answer : Cross-Site Request Forgery

A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. 

What is a possible source of this problem? 



Options are :

  • Client is configured for the wrong channel
  • The wireless client is not configured to use DHCP
  • The WAP does not recognize the client’s MAC address (Correct)
  • The client cannot see the SSID of the wireless network

Answer : The WAP does not recognize the client’s MAC address

Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications? 



Options are :

  • Validate and escape all information sent to a server (Correct)
  • Verify access right before allowing access to protected information and UI controls
  • Use digital certificates to authenticate a server prior to sending data
  • Use security policies and procedures to define and implement proper security settings

Answer : Validate and escape all information sent to a server

What is the most common method to exploit the “Bash Bug” or “ShellShock" vulnerability? 



Options are :

  • SSH
  • Manipulate format strings in text fields
  • Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server (Correct)
  • SYN Flood

Answer : Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs? 



Options are :

  • Dsniff
  • Nikto (Correct)
  • Snort
  • John the Ripper

Answer : Nikto

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions