CEH v11

INDEX

Q331 - While performing data validation of web content, a security technician is required to restrict malicious input. Which of the following processes is an efficient way of restricting malicious input?

  1. Validate web content input for query strings.
  2. Validate web content input with scanning tools.
  3. Validate web content input for type, length, and range.
  4. Validate web content input for extraneous queries.

Answer: C

Q332 - A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

  1. Perform a vulnerability scan of the system.
  2. Determine the impact of enabling the audit feature.
  3. Perform a cost/benefit analysis of the audit feature.
  4. Allocate funds for staffing of audit log review.

Answer: B

Q333 - Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules. Which of the following types of firewalls can protect against SQL injection attacks?

  1. Data-driven firewall
  2. Stateful firewall
  3. Packet firewall
  4. Web application firewall

Answer: D

Q334 - Which of these options is the most secure procedure for storing backup tapes?

  1. In a climate controlled facility offsite
  2. On a different floor in the same building
  3. Inside the data center for faster retrieval in a fireproof safe
  4. In a cool dry environment

Answer: A

Q335 - Which of the following items of a computer system will an anti-virus program scan for viruses?

  1. Boot Sector
  2. Deleted Files
  3. Windows Process List
  4. Password Protected Files

Answer: A

Q336 - When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?

  1. Identifying operating systems, services, protocols and devices
  2. Modifying and replaying captured network traffic
  3. Collecting unencrypted information about usernames and passwords
  4. Capturing a network traffic for further analysis

Answer: B

Q337 - Passive reconnaissance involves collecting information through which of the following?

  1. Social engineering
  2. Network traffic sniffing
  3. Man in the middle attacks
  4. Publicly accessible sources

Answer: D

Q338 - In cryptanalysis and computer security, 'pass the hash' is a hacking technique that allows an attacker to authenticate to a remote server/service by using the underlying NTLM and/or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case. Metasploit Framework has a module for this technique: psexec. The psexec module is often used by penetration testers to obtain access to a given system that you already know the credentials for. It was written by sysinternals and has been integrated within the framework. Often as penetration testers, successfully gain access to a system through some exploit, use meterpreter to grab the passwords or other methods like fgdump, pwdump, or cachedump and then utilize rainbowtables to crack those hash values. Which of the following is true hash type and sort order that is using in the psexec module's 'smbpass'?

  1. NT:LM
  2. LM:NT
  3. LM:NTLM
  4. NTLM:LM

Answer: B

Q339 - Which of the following descriptions is true about a static NAT?

  1. A static NAT uses a many-to-many mapping.
  2. A static NAT uses a one-to-many mapping.
  3. A static NAT uses a many-to-one mapping.
  4. A static NAT uses a one-to-one mapping.

Answer: D

Q340 - Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Information Technologies, there are sub-policies like Computer Security Policy, Information Protection Policy, Information Security Policy, network Security Policy, Physical Security Policy, Remote Access Policy, and User Account Policy. What is the main theme of the sub-policies for Information Technologies?

  1. Availability, Non-repudiation, Confidentiality
  2. Authenticity, Integrity, Non-repudiation
  3. Confidentiality, Integrity, Availability
  4. Authenticity, Confidentiality, Integrity

Answer: C

Q341 - What are two things that are possible when scanning UDP ports? (Choose two.)

  1. A reset will be returned
  2. An ICMP message will be returned
  3. The four-way handshake will not be completed
  4. An RFC 1294 message will be returned
  5. Nothing

Answer: B and E

Q342 - Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

  1. har.txt
  2. SAM file
  3. wwwroot
  4. Repair file

Answer: B

Q343 - The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?

  1. Physical
  2. Procedural
  3. Technical
  4. Compliance

Answer: B

Q344 - Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access. A camera captures people walking and identifies the individuals using Steve's approach. After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:

  1. Although the approach has two phases, it actually implements just one authentication factor
  2. The solution implements the two authentication factors: physical object and physical characteristic
  3. The solution will have a high level of false positives
  4. Biological motion cannot be used to identify people

Answer: B

Q345 - A pentester gains access to a Windows application server and needs to determine the settings of the built-in Windows firewall. Which command would be used?

  1. Netsh firewall show config
  2. WMIC firewall show config
  3. Net firewall show config
  4. Ipconfig firewall show config

Answer: A

Q346 - You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select?

  1. Nmap
  2. Cain & Abel
  3. Nessus
  4. Snort

Answer: D

Q347 - The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?

  1. An attacker, working slowly enough, can evade detection by the IDS.
  2. Network packets are dropped if the volume exceeds the threshold.
  3. Thresholding interferes with the IDS' ability to reassemble fragmented packets.
  4. The IDS will not distinguish among packets originating from different sources.

Answer: A

Q348 - Look at the following output. What did the hacker accomplish?

  1. The hacker used whois to gather publicly available records for the domain.
  2. The hacker used the "fierce" tool to brute force the list of available domains.
  3. The hacker listed DNS records on his own domain.
  4. The hacker successfully transferred the zone and enumerated the hosts.

Answer: D

Q349 - What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25?

  1. tcp.src == 25 and ip.host == 192.168.0.125
  2. host 192.168.0.125:25
  3. port 25 and host 192.168.0.125
  4. tcp.port == 25 and ip.host == 192.168.0.125

Answer: D

Q350 - A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port. What kind of vulnerability must be present to make this remote attack possible?

  1. File system permissions
  2. Privilege escalation
  3. Directory traversal
  4. Brute force login

Answer: A

Q351 - You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.

What seems to be wrong?

  1. OS Scan requires root privileges.
  2. The nmap syntax is wrong.
  3. This is a common behavior for a corrupted nmap application.
  4. The outgoing TCP/IP fingerprinting is blocked by the host firewall.

Answer: A

Q352 - A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?

  1. Locate type=ns
  2. Request type=ns
  3. Set type=ns
  4. Transfer type=ns

Answer: C

Q353 - Which of the following processes evaluates the adherence of an organization to its stated security policy?

  1. Vulnerability assessment
  2. Penetration testing
  3. Risk assessment
  4. Security auditing

Answer: D

Q354 - What is the main reason the use of a stored biometric is vulnerable to an attack?

  1. The digital representation of the biometric might not be unique, even if the physical characteristic is unique.
  2. Authentication using a stored biometric compares a copy to a copy instead of the original to acopy.
  3. A stored biometric is no longer "something you are" and instead becomes "something you have".
  4. A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.

Answer: D

Q355 - A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted. Which cryptography attack is the student attempting?

  1. Man-in-the-middle attack
  2. Brute-force attack
  3. Dictionary attack
  4. Session hijacking

Answer: C

Q356 - Which of the following is the best countermeasure to encrypting ransomwares?

  1. Use multiple antivirus softwares
  2. Keep some generation of off-line backup
  3. Analyze the ransomware to get decryption key of encrypted data
  4. Pay a ransom

Answer: B

Q357 - You have successfully compromised a machine on the network and found a server that is alive on the same network. You tried to ping it but you didn't get any response back. What is happening?

  1. ICMP could be disabled on the target server.
  2. The ARP is disabled on the target server.
  3. TCP/IP doesn't support ICMP.
  4. You need to run the ping command with root privileges.

Answer: A

Q358 - Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker?

  1. DataThief
  2. NetCat
  3. Cain and Abel
  4. SQLInjector

Answer: A

Q359 - A security engineer is attempting to map a company's internal network. The engineer enters in the following NMAP command:
NMAP -n -sS -P0 -p 80 ***.***.**.**
What type of scan is this?

  1. Quick scan
  2. Intense scan
  3. Stealth scan
  4. Comprehensive scan

Answer: C

Q360 - Which of the following is an example of an asymmetric encryption implementation?

  1. SHA1
  2. PGP
  3. 3DES
  4. MD5

Answer: B