CEH v11

INDEX

Q631 - Based on the below log, which of the following sentences are true?
Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip

  1. SSH communications are encrypted it's impossible to know who is the client or the server
  2. Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server
  3. Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server
  4. Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the server

Answer: C

Q632 - Which of the statements concerning proxy firewalls is correct?

  1. Proxy firewalls increase the speed and functionality of a network.
  2. Firewall proxy servers decentralize all activity for an application.
  3. Proxy firewalls block network packets from passing to and from a protected network.
  4. Computers establish a connection with a proxy firewall which initiates a new network connection for the client.

Answer: D

Q633 - A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?

  1. The WAP does not recognize the client's MAC address
  2. The client cannot see the SSID of the wireless network
  3. Client is configured for the wrong channel
  4. The wireless client is not configured to use DHCP

Answer: A

Q634 - Which method of password cracking takes the most time and effort?

  1. Brute force
  2. Rainbow tables
  3. Dictionary attack
  4. Shoulder surfing

Answer: A

Q635 - How can rainbow tables be defeated?

  1. Password salting
  2. Use of non-dictionary words
  3. All uppercase character passwords
  4. Lockout accounts under brute force password cracking attempts

Answer: A

Q636 - When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?

  1. A bottom-up approach
  2. A top-down approach
  3. A senior creation approach
  4. An IT assurance approach

Answer: B

Q637 - The "white box testing" methodology enforces what kind of restriction?

  1. The internal operation of a system is completely known to the tester.
  2. Only the external operation of a system is accessible to the tester.
  3. Only the internal operation of a system is known to the tester.
  4. The internal operation of a system is only partly accessible to the tester.

Answer: A

Q638 - You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption. What encryption algorithm will you be decrypting?

  1. MD4
  2. DES
  3. SHA
  4. SSL

Answer: B

Q639 - Which of the following business challenges could be solved by using a vulnerability scanner?

  1. Auditors want to discover if all systems are following a standard naming convention.
  2. A web server was compromised and management needs to know if any further systems were compromised.
  3. There is an emergency need to remove administrator access from multiple machines for an employee that quit.
  4. There is a monthly requirement to test corporate compliance with host application usage and security policies.

Answer: D

Q640 - What is the main advantage that a network-based IDS/IPS system has over a host-based solution?

  1. They do not use host system resources.
  2. They are placed at the boundary, allowing them to inspect all traffic.
  3. They are easier to install and configure.
  4. They will not interfere with user interfaces.

Answer: A

Q641 - An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. The attacker can now use which cryptanalytic technique to attempt to discover the encryption key?

  1. Birthday attack
  2. Plaintext attack
  3. Meet in the middle attack
  4. Chosen ciphertext attack

Answer: D

Q642 - One of the Forbes 500 companies has been subjected to a large scale attack. You are one of the shortlisted pen testers that they may hire. During the interview with the CIO, he emphasized that he wants to totally eliminate all risks. What is one of the first things you should do when hired?

  1. Interview all employees in the company to rule out possible insider threats.
  2. Establish attribution to suspected attackers.
  3. Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.
  4. Start the Wireshark application to start sniffing network traffic.

Answer: C

Q643 - Which of the following types of firewall inspects only header information in network traffic?

  1. Packet filter
  2. Stateful inspection
  3. Circuit-level gateway
  4. Application-level gateway

Answer: A

Q644 - In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?

  1. Keyed Hashing
  2. Key Stretching
  3. Salting
  4. Double Hashing

Answer: C

Q645 - Analyst is investigating proxy logs and found out that one of the internal user visited website storing suspicious Java scripts. After opening one of them, he noticed that it is very hard to understand the code and that all codes differ from the typical Java script. What is the name of this technique to hide the code and extend analysis time?

  1. Encryption
  2. Code encoding
  3. Obfuscation
  4. Steganography

Answer: A

Q646 - You've just gained root access to a Centos 6 server after days of trying. What tool should you use to maintain access?

  1. Disable Key Services
  2. Create User Account
  3. Download and Install Netcat
  4. Disable IPTables

Answer: B

Q647 - E-mail scams and mail fraud are regulated by which of the following?

  1. 18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers
  2. 18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices
  3. 18 U.S.C. par. 1362 Communication Lines, Stations, or Systems
  4. 18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication

Answer: A

Q648 - The chance of a hard drive failure is known to be once every four years. The cost of a new hard drive is $500. EF (Exposure Factor) is about 0.5. Calculate for the Annualized Loss Expectancy (ALE).

  1. $62.5
  2. $250
  3. $125
  4. $65.2

Answer: A

Q649 - A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging in. What do you think is the most likely reason behind this?

  1. There is a NIDS present on that segment.
  2. Kerberos is preventing it.
  3. Windows logons cannot be sniffed.
  4. L0phtcrack only sniffs logons to web servers.

Answer: B

Q650 - In the software security development life cycle process, threat modeling occurs in which phase?

  1. Design
  2. Requirements
  3. Verification
  4. Implementation

Answer: A

Q651 - Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name. What should be the first step in security testing the client?

  1. Reconnaissance
  2. Enumeration
  3. Scanning
  4. Escalation

Answer: A

Q652 - Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

What is Eve trying to do?

  1. Eve is trying to connect as a user with Administrator privileges
  2. Eve is trying to enumerate all users with Administrative privileges
  3. Eve is trying to carry out a password crack for user Administrator
  4. Eve is trying to escalate privilege of the null user to that of Administrator

Answer: C

Q653 - You are the Systems Administrator for a large corporate organization. You need to monitor all network traffic on your local network for suspicious activities and receive notifications when an attack is occurring. Which tool would allow you to accomplish this goal?

  1. Network-based IDS
  2. Firewall
  3. Proxy
  4. Host-based IDS

Answer: A

Q654 - An attacker uses a communication channel within an operating system that is neither designed nor intended to transfer information. What is the name of the communications channel?

  1. Classified
  2. Overt
  3. Encrypted
  4. Covert

Answer: D

Q655 - What does the -oX flag do in an Nmap scan?

  1. Perform an express scan
  2. Output the results in truncated format to the screen
  3. Perform an Xmas scan
  4. Output the results in XML format to a file

Answer: D

Q656 - In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one knows they sent the spam out to thousands of users at a time. Which of the following best describes what spammers use to hide the origin of these types of e-mails?

  1. A blacklist of companies that have their mail server relays configured to allow traffic only to their specific domain name.
  2. Mail relaying, which is a technique of bouncing e-mail from internal to external mails servers continuously.
  3. A blacklist of companies that have their mail server relays configured to be wide open.
  4. Tools that will reconfigure a mail server's relay component to send the e-mail back to the spammers occasionally.

Answer: B

Q657 - What is correct about digital signatures?

  1. A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.
  2. Digital signatures may be used in different documents of the same type.
  3. A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.
  4. Digital signatures are issued once for each user and can be used everywhere until they expire.

Answer: A

Q658 - Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

  1. 137 and 139
  2. 137 and 443
  3. 139 and 443
  4. 139 and 445

Answer: D

Q659 - Backing up data is a security must. However, it also has certain level of risks when mishandled. Which of the following is the greatest threat posed by backups?

  1. A backup is the source of Malware or illicit information
  2. A backup is incomplete because no verification was performed
  3. A backup is unavailable during disaster recovery
  4. An unencrypted backup can be misplaced or stolen

Answer: D

Q660 - What is the best description of SQL Injection?

  1. It is an attack used to gain unauthorized access to a database.
  2. It is an attack used to modify code in an application.
  3. It is a Man-in-the-Middle attack between your SQL Server and Web App Server.
  4. It is a Denial of Service Attack.

Answer: A