312-50V8 Ethical Hacker V8 Certification Practice Test Set 3

You are trying to break into a highly classified top-secret mainframe computer with highest security
system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional
hacking doesn't work in this case, because organizations such as banks are generally tight and
secure when it comes to protecting their systems. In other words you are trying to penetrate an
otherwise impenetrable system. How would you proceed?


Options are :

  • Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques
  • Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network
  • Try to hang around the local pubs or restaurants near the bank,get talking to a poorly-paid or disgruntled employee,and offer them money if they'll abuse their access privileges by providing you with sensitive information (Correct)
  • Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100,000 or more "zombies" and "bots"

Answer : Try to hang around the local pubs or restaurants near the bank,get talking to a poorly-paid or disgruntled employee,and offer them money if they'll abuse their access privileges by providing you with sensitive information

Yancey is a network security administrator for a large electric company. This company provides
power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15
years and has become very successful. One day, Yancey comes in to work and finds out that the
company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and
decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down
the company once he has left. Yancey does not care if his actions land him in jail for 30 or more
years, he just wants the company to pay for what they are doing to him. What would Yancey be
considered?


Options are :

  • Because Yancey works for the company currently; he would be a White Hat
  • Yancey would be considered a Suicide Hacker (Correct)
  • Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing
  • Since he does not care about going to jail,he would be considered a Black Hat

Answer : Yancey would be considered a Suicide Hacker

In TCP communications there are 8 flags; FIN, SYN, RST, PSH, ACK, URG, ECE, CWR. These
flags have decimal numbers assigned to them:
FIN = 1
SYN = 2
RST = 4
PSH = 8
ACK = 16
URG = 32
ECE = 64
CWR =128
Example: To calculate SYN/ACK flag decimal value, add 2 (which is the decimal value of the SYN
flag) to 16 (which is the decimal value of the ACK flag), so the result would be 18. 
Based on the above calculation, what is the decimal value for XMAS scan?


Options are :

  • 23
  • 24
  • 64
  • 41 (Correct)

Answer : 41

ECCouncil EC0-349 Computer Hack Forensic Investigator Exam Set 10

Joseph has just been hired on to a contractor company of the Department of Defense as their
Senior Security Analyst. Joseph has been instructed on the company's strict security policies that
have been implemented, and the policies that have yet to be put in place. Per the Department of
Defense, all DoD users and the users of their contractors must use two-factor authentication to
access their networks. Joseph has been delegated the task of researching and implementing the
best two-factor authentication method for his company. Joseph's supervisor has told him that they
would like to use some type of hardware device in tandem with a security or identifying pin 
number. Joseph's company has already researched using smart cards and all the resources
needed to implement them, but found the smart cards to not be cost effective. What type of device
should Joseph use for two-factor authentication?


Options are :

  • Security token (Correct)
  • Proximity cards
  • Biometric device
  • OTP

Answer : Security token

In which step Steganography fits in CEH System Hacking Cycle (SHC)


Options are :

  • Step 5: Hide files (Correct)
  • Step 1: Enumerate users
  • Step 2: Crack the password
  • Step 3: Escalate privileges
  • Step 4: Execute applications
  • Step 6: Cover your tracks

Answer : Step 5: Hide files

Study the snort rule given below and interpret the rule.
alert tcp any any --> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msG. "mountd access";)


Options are :

  • An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet
  • An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet
  • An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111 (Correct)
  • An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111

Answer : An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111

ECCouncil ECSS Certified Security Specialist Practice Exam Set 5

What type of encryption does WPA2 use?


Options are :

  • MD5 48 bit
  • SHA 160 bit
  • AES-CCMP 128 bit (Correct)
  • DES 64 bit

Answer : AES-CCMP 128 bit

A digital signature is simply a message that is encrypted with the public key instead of the private key.


Options are :

  • true
  • false (Correct)

Answer : false

Which type of password cracking technique works like dictionary attack but adds some numbers
and symbols to the words from the dictionary and tries to crack the password?


Options are :

  • Brute forcing attack
  • Syllable attack
  • Dictionary attack
  • Hybrid attack (Correct)
  • Rule-based attack

Answer : Hybrid attack

ECCouncil EC0-349 Computer Hack Forensic Investigator Exam Set 3

"Testing the network using the same methodologies and tools employed by attackers" Identify the
correct terminology that defines the above statement.


Options are :

  • Security Policy Implementation
  • Vulnerability Scanning
  • Penetration Testing (Correct)
  • Designing Network Security

Answer : Penetration Testing

This is an attack that takes advantage of a web site vulnerability in which the site displays content
that includes un-sanitized user-provided data.
<ahref="http://foobar.com/index.html?id=%3Cscript%20src=%22http://baddomain.com/badscript.js
%22%3E%3C/script%3E">See foobar</a>
What is this attack?


Options are :

  • URL Traversal attack
  • Cross-site-scripting attack (Correct)
  • SQL Injection
  • Buffer Overflow attack

Answer : Cross-site-scripting attack

Fred is the network administrator for his company. Fred is testing an internal switch. From an
external IP address, Fred wants to try and trick this switch into thinking it already has established a
session with his computer. How can Fred accomplish this?


Options are :

  • Fred can send an IP packet with the ACK bit set to zero and the source address of the switch.
  • Fred can send an IP packet to the switch with the ACK bit and the source address of his machine. (Correct)
  • He can send an IP packet with the SYN bit and the source address of his computer.
  • Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer.

Answer : Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

ECCouncil 312-50 Certified Ethical Hacker Practical Exam Set 6

You are writing security policy that hardens and prevents Footprinting attempt by Hackers. Which
of the following countermeasures will NOT be effective against this attack?


Options are :

  • Disable directory and use split-DNS
  • Configure routers to restrict the responses to Footprinting requests
  • Configure Web Servers to avoid information leakage and disable unwanted protocols
  • Use an IDS that can be configured to refuse suspicious traffic and pick up Footprinting patterns
  • Evaluate the information before publishing it on the Website/Intranet
  • Monitor every employee computer with Spy cameras,keyloggers and spy on them (Correct)
  • Perform Footprinting techniques and remove any sensitive information found on DMZ sites
  • Lock the ports with suitable Firewall configuration
  • Prevent search engines from caching a Webpage and use anonymous registration services

Answer : Monitor every employee computer with Spy cameras,keyloggers and spy on them

Bob is going to perform an active session hijack against Brownies Inc. He has found a target that
allows session oriented connections (Telnet) and performs the sequence prediction on the target
operating system. He manages to find an active session due to the high level of traffic on the
network. What is Bob supposed to do next?


Options are :

  • Guess the sequence numbers (Correct)
  • Reverse sequence prediction
  • Take over the session
  • Take one of the parties offline

Answer : Guess the sequence numbers

Why attackers use proxy servers?


Options are :

  • To ensure the exploits used in the attacks always flip reverse vectors
  • Interrupt the remote victim's network traffic and reroute the packets to attackers machine
  • To hide the source IP address so that an attacker can hack without any legal corollary (Correct)
  • Faster bandwidth performance and increase in attack speed

Answer : To hide the source IP address so that an attacker can hack without any legal corollary

ECCouncil 312-76Disaster Recover Professional Practice Exam Set 1

Charlie is the network administrator for his company. Charlie just received a new Cisco router and
wants to test its capabilities out and to see if it might be susceptible to a DoS attack resulting in its
locking up. The IP address of the Cisco switch is 172.16.0.45. What command can Charlie use to
attempt this task?


Options are :

  • Charlie can try using the commanD. ping 56550 172.16.0.45.
  • By using the command ping 172.16.0.45 Charlie would be able to lockup the router
  • Charlie can use the commanD. ping -l 56550 172.16.0.45 -t. (Correct)
  • None of the Above
  • He could use the commanD. ping -4 56550 172.16.0.45.

Answer : Charlie can use the commanD. ping -l 56550 172.16.0.45 -t.

The SNMP Read-Only Community String is like a password. The string is sent along with each
SNMP Get-Request and allows (or denies) access to a device. Most network vendors ship their
equipment with a default password of "public". This is the so-called "default public community
string". How would you keep intruders from getting sensitive information regarding the network
devices using SNMP? (Select 2 answers)A. Enable SNMPv3 which encrypts username/password authentication
B. Use your company name as the public community string replacing the default 'public'
C. Enable IP filtering to limit access to SNMP device
D. The default configuration provided by device vendors is highly secure and you don't need to
change anything


Options are :

  • A,C (Correct)
  • B,D
  • B,C
  • A,B

Answer : A,C

You went to great lengths to install all the necessary technologies to prevent hacking attacks,
such as expensive firewalls, antivirus software, anti-spam systems and intrusion
detection/prevention tools in your company's network. You have configured the most secure
policies and tightened every device on your network. You are confident that hackers will never be
able to gain access to your network with complex security system in place. Your peer, Peter Smith
who works at the same department disagrees with you. He says even the best network security
technologies cannot prevent hackers gaining access to the network because of presence of
"weakest link" in the security chain. What is Peter Smith talking about?


Options are :

  • Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway
  • Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain (Correct)
  • "zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks
  • "Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks

Answer : Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain

ECCouncil 312-38 Network Security Administrator (ENSA) Exam Set 8

NTP allows you to set the clocks on your systems very accurately, to within 100ms and
sometimes-even 10ms. Knowing the exact time is extremely important for enterprise security.
Various security protocols depend on an accurate source of time information in order to prevent
"playback" attacks. These protocols tag their communications with the current time, to prevent
attackers from replaying the same communications, e.g., a login/password interaction or even an
entire communication, at a later date. One can circumvent this tagging, if the clock can be set back
to the time the communication was recorded. An attacker attempts to try corrupting the clocks on
devices on your network. You run Wireshark to detect the NTP traffic to see if there are any
irregularities on the network. What port number you should enable in Wireshark display filter to
view NTP packets?


Options are :

  • UDP Port 123 (Correct)
  • TCP Port 126
  • TCP Port 124
  • UDP Port 125

Answer : UDP Port 123

Identify SQL injection attack from the HTTP requests shown below:


Options are :

  • http://www.victim.com/example accountnumber=67891&creditamount=999999999
  • http://www.myserver.c0m/script.php?mydata=%3cscript%20src=%22
  • http%3a%2f%2fwww.yourserver.c0m%2fbadscript.js%22%3e%3c%2fscript%3e
  • http://www.myserver.c0m/search.asp? lname=smith%27%3bupdate%20usertable%20set%20passwd%3d%27hAx0r%27%3b--%00 (Correct)

Answer : http://www.myserver.c0m/search.asp? lname=smith%27%3bupdate%20usertable%20set%20passwd%3d%27hAx0r%27%3b--%00

Which definition below best describes a covert channel?


Options are :

  • It is the multiplexing taking place on a communication link
  • It is one of the weak channels used by WEP that makes it insecure
  • Making use of a protocol in a way it was not intended to be used (Correct)
  • A server program using a port that is not well known

Answer : Making use of a protocol in a way it was not intended to be used

ECCouncil 312-38 Network Security Administrator (ENSA) Exam Set 2

How does a denial-of-service attack work?


Options are :

  • A hacker attempts to imitate a legitimate user by confusing a computer or even another person
  • A hacker prevents a legitimate user (or group of users) from accessing a service (Correct)
  • A hacker tries to decipher a password by using a system,which subsequently crashes the network
  • A hacker uses every character,word,or letter he or she can think of to defeat authentication

Answer : A hacker prevents a legitimate user (or group of users) from accessing a service

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start)
packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The
destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is
established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to
the SYN ACK, a connection queue of finite size on the destination host keeps track of connections
waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive
a few milliseconds after the SYN ACK. How would an attacker exploit this design by launching
TCP SYN attack?


Options are :

  • Attacker generates TCP SYN packets with random destination addresses towards a victim host
  • Attacker floods TCP SYN packets with random source addresses towards a victim host (Correct)
  • Attacker generates TCP ACK packets with random source addresses towards a victim host
  • Attacker generates TCP RST packets with random source addresses towards a victim host

Answer : Attacker floods TCP SYN packets with random source addresses towards a victim host

Blane is a network security analyst for his company. From an outside IP, Blane performs an XMAS
scan using Nmap. Almost every port scanned does not illicit a response. What can he infer from
this kind of response?


Options are :

  • He can tell that these ports are in stealth mode.
  • These ports are open because they do not illicit a response. (Correct)
  • The scan was not performed correctly using NMAP since all ports,no matter what their state,will illicit some sort of response from an XMAS scan.
  • If a port does not respond to an XMAS scan using NMAP,that port is closed.

Answer : These ports are open because they do not illicit a response.

ECCouncil 312-76Disaster Recover Professional Practice Exam Set 5

One of the most common and the best way of cracking RSA encryption is to begin to derive the
two prime numbers, which are used in the RSA PKI mathematical process. If the two numbers p
and q are discovered through a _____________ process, then the private key can be derived.


Options are :

  • Brute-forcing
  • Factorization (Correct)
  • Hashing
  • Prime Detection

Answer : Factorization

Frederickson Security Consultants is currently conducting a security audit on the networks of
Hawthorn Enterprises, a contractor for the Department of Defense. Since Hawthorn Enterprises
conducts business daily with the federal government, they must abide by very stringent security
policies. Frederickson is testing all of Hawthorn's physical and logical security measures including
biometrics, passwords, and permissions. The federal government requires that all users must
utilize random, non-dictionary passwords that must take at least 30 days to crack. Frederickson
has confirmed that all Hawthorn employees use a random password generator for their network
passwords. The Frederickson consultants have saved off numerous SAM files from Hawthorn's
servers using Pwdump6 and are going to try and crack the network passwords. What method of
attack is best suited to crack these passwords in the shortest amount of time?


Options are :

  • Dictionary attack
  • Brute service attack
  • Birthday attack
  • Brute force attack (Correct)

Answer : Brute force attack

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP
cache of these switches. If these switches' ARP cache is successfully flooded, what will be the
result?


Options are :

  • The switches will route all traffic to the broadcast address created collisions.
  • If the ARP cache is flooded,the switches will drop into pix mode making it less susceptible to attacks.
  • Depending on the switch manufacturer,the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.
  • The switches will drop into hub mode if the ARP cache is successfully flooded. (Correct)

Answer : The switches will drop into hub mode if the ARP cache is successfully flooded.

ECCouncil 312-49v8 Computer Hacking Investigator Exam Set 6

To see how some of the hosts on your network react, Winston sends out SYN packets to an IP
range. A number of IPs respond with a SYN/ACK response. Before the connection is established
he sends RST packets to those hosts to stop the session. Winston has done this to see how his
intrusion detection system will log the traffic. What type of scan is Winston attempting here?


Options are :

  • He is using a half-open scan to find live hosts on your network. (Correct)
  • Winston is attempting to find live hosts on your company's network by using an XMAS scan.
  • He is utilizing a SYN scan to find live hosts that are listening on your network.
  • This type of scan he is using is called a NULL scan.

Answer : He is using a half-open scan to find live hosts on your network.

Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have
complained to Neil that there are a few employees who are visiting offensive web site during work
hours, without any consideration for others. Neil knows that he has an up-to-date content filtering
system and such access should not be authorized. What type of technique might be used by these
offenders to access the Internet without restriction?


Options are :

  • They are using UDP that is always authorized at the firewall
  • They are using an older version of Internet Explorer that allow them to bypass the proxy server
  • They are using HTTP tunneling software that allows them to communicate with protocols in a way it was not intended (Correct)
  • They have been able to compromise the firewall,modify the rules,and give themselves proper access

Answer : They are using HTTP tunneling software that allows them to communicate with protocols in a way it was not intended

A simple compiler technique used by programmers is to add a terminator 'canary word' containing
four letters NULL (0x00), CR (0x0d), LF (0x0a) and EOF (0xff) so that most string operations are
terminated. If the canary word has been altered when the function returns, and the program
responds by emitting an intruder alert into syslog, and then halts what does it indicate?


Options are :

  • A buffer overflow attack has been attempted (Correct)
  • An intrusion detection system has been triggered
  • A buffer overflow attack has already occurred
  • A firewall has been breached and this is logged
  • The system has crashed

Answer : A buffer overflow attack has been attempted

ECCouncil 312-50 Certified Ethical Hacker Practice Test Set 3

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions