43PuX9Uz

1
2
3Question 1 of 125 Certified Ethical Hacker
4Id executives are found liable for not properly protecting their company’s assets and information systems, what type of law would apply in this situation ? 
5 Civil 
6 Criminal 
7 International 
8 Common 
9
10Question 2 of 125 Certified Ethical Hacker
11You want to analyze packets on your wireless network. Which program would you use? 
12 Ethereal with Winpcap 
13 Wireshark with Airpcap 
14 Airsnort with Airpcap 
15 Wireshark with Winpcap 
16
17Question 3 of 125 Certified Ethical Hacker
18There are several ways to gain insight on how a cryptosystem works with the goal of reverse engineering the process. A term describes when two pieces of data result in the same value is ?
19 Escrow 
20 Collision 
21 Collusion 
22 Polymorphism 
23
24Question 4 of 125 Certified Ethical Hacker
25An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain access to the DNS server and redirect the direction www.google.com to his own IP address. Now when the employees of the office wants to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack? 
26 DNS spoofing 
27 Smurf Attack 
28 ARP Poisoning 
29 MAC Flooding 
30
31Question 5 of 125 Certified Ethical Hacker
32Due to a slow down of normal network operations, IT department decided to monitor internet traffic for all of the employees. From a legal stand point, what would be troublesome to take this kind of measure?
33 The network could still experience traffic slow down. 
34 All of the employees would stop normal work activities 
35 Not informing the employees that they are going to be monitored could be an invasion of privacy. 
36 IT department would be telling employees who the boss is 
37
38Question 6 of 125 Certified Ethical Hacker
39What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?
40 Distributive 
41 Active 
42 Passive 
43 Reflective 
44
45Question 7 of 125 Certified Ethical Hacker
46Craig received a report of all the computers on the network that showed all the missing patches and weak passwords. What type of software generated this report? 
47 A vulnerability scanner 
48 A malware scanner 
49 A port scanner 
50 A virus scanner 
51
52Question 8 of 125 Certified Ethical Hacker
53What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall.
54 Man-in-the-middle attack 
55 Session hijacking 
56 Firewalking 
57 Network sniffing 
58
59Question 9 of 125 Certified Ethical Hacker
60The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124. 
61An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is:
62nmap 192.168.1.64/28
63Why he cannot see the servers?
64 He needs to add the command ""ip address"" just before the IP address 
65 He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are not in that range 
66 He needs to change the address to 192.168.1.0 with the same mask 
67 The network must be down and the nmap command and IP address are ok 
68
69Question 10 of 125 Certified Ethical Hacker
70The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the transport layer security (TLS) protocols defined in RFC6520.
71What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?
72 Shared 
73 Public 
74 Private 
75 Root 
76
77Question 11 of 125 Certified Ethical Hacker
78A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content.
79Which sort of trojan infects this server?
80 Banking Trojans 
81 Turtle Trojans 
82 Botnet Trojan 
83 Ransomware Trojans 
84
85Question 12 of 125 Certified Ethical Hacker
86You have successfully compromised a machine on the network and found a server that is alive on the same network. You tried to ping it but you didn't get any response back.
87What is happening?
88 TCP/IP doesn't support ICMP. 
89 You need to run the ping command with root privileges. 
90 ICMP could be disabled on the target server. 
91 The ARP is disabled on the target server. 
92
93Question 13 of 125 Certified Ethical Hacker
94Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?
95 Polymorphic virus 
96 Stealth virus 
97 Cavity virus 
98 Tunneling virus
99
100Question 14 of 125 Certified Ethical Hacker
101As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find and verify just SMTP traffic. What command in Wireshark will help you to find this kind of traffic? 
102 smtp port 
103 tcp.contains port 25 
104 tcp.port eq 25 
105 request smtp 25 
106
107Question 15 of 125 Certified Ethical Hacker
108A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed?
109 Permissive policy 
110 Acceptable-use policy 
111 Firewall-management policy 
112 Remote-access policy 
113
114Question 16 of 125 Certified Ethical Hacker
115A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client.
116What is a possible source of this problem?
117 The client cannot see the SSID of the wireless network 
118 Client is configured for the wrong channel 
119 The WAP does not recognize the client’s MAC address 
120 The wireless client is not configured to use DHCP 
121
122Question 17 of 125 Certified Ethical Hacker
123What is correct about digital signatures? 
124 A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party. 
125 Digital signatures may be used in different documents of the same type. 
126 A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content. 
127 Digital signatures are issued once for each user and can be used everywhere until they expire.
128
129Question 18 of 125 Certified Ethical Hacker
130A penetration test was done at a company. After the test, a reportwas written and given to the company's IT authorities. A section from the report is shown below:
131• Access List should be written between VLANs.
132• Port security should be enabled for the intranet.
133• A security solution which filters data packets should be set between intranet (LAN) and DMZ.
134• A WAF should be used in front of the web applications.
135According to the section from the report, which of the following choice is true? 
136 There is access control policy between VLANs. 
137 Possibility of SQL Injection attack is eliminated. 
138 A stateful firewall can be used between intranet (LAN) and DMZ. 
139 MAC Spoof attacks cannot be performed.
140
141Question 19 of 125 Certified Ethical Hacker
142Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers? 
143 Application Layer 
144 Logic tier 
145 Data tier 
146 Presentation tier
147
148Question 20 of 125 Certified Ethical Hacker
149 
150Which protocol is used for setting up secured channels between two devices, typically in VPNs ? 
151 IPSEC 
152 SET 
153 PEM 
154 PPP 
155
156Question 21 of 125 Certified Ethical Hacker
157A newly discovered flaw in a software application would be considered which kind of security vulnerability?
158 Time-to-check to time-to-use flaw 
159 Input validation flaw 
160 0-day vulnerability 
161 HTTP header injection vulnerability
162
163Question 22 of 125 Certified Ethical Hacker
164It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure.
165Which of the following regulations best matches the description?
166 HIPAA 
167 FISMA 
168 ISO/IEC 27002 
169 COBIT
170 
171
172Question 23 of 125 Certified Ethical Hacker
173 
174Which of these is capable of searching for and locating rogue access points ? 
175 WISS 
176 HIDS 
177 NIDS 
178 WIPS
179
180Question 24 of 125 Certified Ethical Hacker
181Bob received this text message on his mobile phone: ""Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com"". Which statement below is true?
182 This is a scam because Bob does not know Scott 
183 This is probably a legitimate message as it comes from a respectable organization. 
184 Bob should write to scottsmelby@yahoo.com to verify the identity of Scott. 
185 This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.
186
187Question 25 of 125 Certified Ethical Hacker
188In cryptanalysis and computer security, 'pass the hash' is a hacking technique that allows an attacker to authenticate to a remote server/service by using the underlying NTLM and/or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case.
189Metasploit Framework has a module for this technique; psexec. The psexec module is often used by penetration testers to obtain access to a given system that you already know the credentials for. It was written by sysinternals and has been integrated within the framework. Often as penetration testers, successfully gain ğşaccess to a system through some exploit, use meterpreter to grab the passwords or other methods like fgdump, pwdump, or cachedump and then utilize rainbowtables to crack those hash values.
190Which of the following is true hash type and sort order that is using in the psexec module's 'smbpass'
191 NTLM:LM 
192 LM:NTLM 
193 NT:LM 
194 LM:NT
195
196Question 26 of 125 Certified Ethical Hacker
197You are an Ethical Hacker who is auditing the ABC company. When you verify the NOC one of the machines has 2 connections, one wired and the other wireless. When you verify the configuration of his Windows system you find two static routes:
198route add 10.0.0.0 mask 255.0.0.0 10.0.0.1
199route add 0.0.0.0 mask 255.0.0.0 199.168.0.1
200What is the main purpose of those static routes?
201 The first static route indicates that the internal traffic will use an external gateway and the second static route indicates that the traffic will be rerouted 
202 Both static routes indicate that the traffic is internal with different gateway 
203 The first static route indicates that the internal addresses are using the internal gateway and the second static route indicates that all the traffic that is not internal must go to and external gateway 
204 Both static routes indicate that the traffic is external with different gateway 
205
206Question 27 of 125 Certified Ethical Hacker
207#!/usr/bin/python
208import socket
209buffer=[""A""]
210counter=50
211while len(buffer) <= 100:
212buffer.append(""A""*counter)
213counter=counter+50
214commands=[""HELP"",""STATS ."",""RTIME ."",""LTIME ."",""SRUN ."",""TRUN ."",""GMON ."",""GDOG ."",""KSTET ."",""GTER ."",""HTER ."",""LTER ."",""KSTAN .""]
215for command in commands:
216 for buffstring in buffer:
217 print ""Exploiting "" +command +"":""+str(len(buffstring))
218 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
219 s.connect(('127.0.0.1', 9999))
220 s.recv(50)
221 s.send(command + buffstring)
222 s.close()
223What is the code written for?
224 Bruteforce 
225 Buffer Overflow 
226 Encryption 
227 Denial-of-service (DoS)
228
229Question 28 of 125 Certified Ethical Hacker
230An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses.
231In which order should he perform these steps?
232 The port scan alone is adequate. This way he saves time. 
233 First the ping sweep to identify live hosts and then the port scan on the live hosts. This way he saves time. 
234 First the port scan to identify interesting services and then the ping sweep to find hosts responding to icmp echo requests. 
235 The sequence does not matter. Both steps have to be performed against all hosts. 
236
237Question 29 of 125 Certified Ethical Hacker
238What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?
239 Use a strong logon password to the operating system 
240 Back up everything on the laptop and store the backup in a safe place 
241 Encrypt the data on the hard drive 
242 Set a BIOS password
243
244Question 30 of 125 Certified Ethical Hacker
245A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.
246Based on this information, what should be one of your key recommendations to the bank?
247 Require all employees to change their anti-virus program with a new one. 
248 Issue new certificates to the web servers from the root certificate authority 
249 Move the financial data to another server on the same IP subnet 
250 Place a front-end web server in a demilitarized zone that only handles external web traffic
251
252Question 31 of 125 Certified Ethical Hacker
253What network security concept requires multiple layers of security controls to be placed through out an IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities?
254 Security through obscurity 
255 Defense in depth 
256 Network-Based Intrusion Detection System 
257 Host-Based Intrusion Detection System
258
259Question 32 of 125 Certified Ethical Hacker
260A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd How can he use it?
261 The password file does not contain the passwords themselves. 
262 The file reveals the passwords to the root user only. 
263 He cannot read it because it is encrypted 
264 He can open it and read the user ids and corresponding passwords.
265
266Question 33 of 125 Certified Ethical Hacker
267An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.
268What is the most likely cause?
269 The network devices are not all synchronized. 
270 The security breach was a false positive. 
271 Proper chain of custody was not observed while collecting the logs. 
272 The attacker altered or erased events from the logs.
273
274Question 34 of 125 Certified Ethical Hacker
275Which Intrusion Detection System is best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments? 
276 Host-based intrusion detection system (HIDS) 
277 Network-based intrusion detection system (NIDS) 
278 Honeypots 
279 Firewalls
280
281Question 35 of 125 Certified Ethical Hacker
282Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results? TCP port 21 – no response TCP port 22 – no response TCP port 23 – Time-to-live exceeded
283 The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error 
284 The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall 
285 The lack of response from ports 21 and 22 indicate that those services are not running on the destination server 
286 The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host
287
288Question 36 of 125 Certified Ethical Hacker
289Which of the following security policies defines the use of VPN for gaining access to an internal corporate network? 
290 Network security policy 
291 Remote access policy 
292 Access control policy 
293 Information protection policy
294
295Question 37 of 125 Certified Ethical Hacker
296An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim’s profile to a text file and then submit the data to the attacker’s database.
297< iframe src=""http://www.vulnweb.com/updateif.php"" style=""display:none"" > < /iframe >
298What is this type of attack (that can use either HTTP GET or HTTP POST) called?
299 SQL Injection 
300 Cross-Site Scripting 
301 Browser Hacking 
302 Cross-Site Request Forgery
303
304Question 38 of 125 Certified Ethical Hacker
305When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?
306 The amount of time it takes to convert biometric data into a template on a smart card 
307 The amount of time it takes to be either accepted or rejected from when an individual provides Identification and authentication information.
308 How long it takes to setup individual user accounts 
309 The amount of time and resources that are necessary to maintain a biometric system
310
311Question 39 of 125 Certified Ethical Hacker
312In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4? 
313 Vulnerabilities in the application layer are greatly different from IPv4 
314 Implementing IPv4 security in a dual-stack network offers protection from IPv6 atttacks too. 
315 Due to the extensive security measures built in IPv6, application layer vulnerabilities need not be addressed 
316 Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation techniques are almost identical.
317
318Question 40 of 125 Certified Ethical Hacker
319What does a firewall check to prevent particular ports and applications from getting packets into an organization? 
320 Network layer headers and the session layer port numbers 
321 Transport layer port numbers and application layer headers 
322 Application layer port numbers and the transport layer headers 
323 Presentation layer headers and the session layer port numbers
324 
325
326Question 41 of 125 Certified Ethical Hacker
327A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database. In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?
328 Single quote 
329 Semicolon 
330 Double quote 
331 Exclamation mark
332
333Question 42 of 125 Certified Ethical Hacker
334An IT employee got a call from one our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do? 
335 Disregarding the call, the employee should hang up. 
336 The employee should not provide any information without previous management authorization. 
337 Since the company's policy is all about Customer Service, he/she will provide information. 
338 The employee can not provide any information; but, anyway, he/she will provide the name of the person in charge.
339
340Question 43 of 125 Certified Ethical Hacker
341An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next? 
342 He will activate OSPF on the spoofed root bridge. 
343 He will repeat the same attack against all L2 switches of the network. 
344 He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer. 
345 He will repeat this action so that it escalates to a DoS attack.
346
347Question 44 of 125 Certified Ethical Hacker
348A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?
349 Allocate funds for staffing of audit log review 
350 Perform a vulnerability scan of the system 
351 Determine the impact of enabling the audit feature 
352 Perform a cost/benefit analysis of the audit feature
353
354Question 45 of 125 Certified Ethical Hacker
355In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information; How can he achieve this? 
356 Privilege Escalation 
357 Hacking Active Directory 
358 Shoulder-Surfing 
359 Port Scanning
360
361Question 46 of 125 Certified Ethical Hacker
362Which service in a PKI will vouch for the identity of an individual or company ? 
363 CBC 
364 CR 
365 CA 
366 KDC
367
368Question 47 of 125 Certified Ethical Hacker
369When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's Computer to update the router configuration. What type of an alert is this?
370 True negative 
371 True positive 
372 False negative 
373 False positive
374
375Question 48 of 125 Certified Ethical Hacker
376A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named ""nc."" The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port.
377What kind of vulnerability must be present to make this remote attack possible?
378 Brute force login 
379 Privilege escalation 
380 Directory traversal 
381 File system permissions
382
383Question 49 of 125 Certified Ethical Hacker
384The establishment of a TCP connection involves a negotiation called 3 way handshake. What type of message sends the client to the server in order to begin this negotiation? 
385 SYN-ACK 
386 SYN 
387 RST 
388 ACK
389
390Question 50 of 125 Certified Ethical Hacker
391The following is part of a log file taken from the machine on the network with the IP address of 192.168.1.106: Time:Mar 13 17:30:15 Port:20 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP Time:Mar 13 17:30:17 Port:21 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP Time:Mar 13 17:30:19 Port:22 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP Time:Mar 13 17:30:21 Port:23 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP Time:Mar 13 17:30:22 Port:25 Source:192.168.1.103 Destination:192.168.1.106
392Protocol:TCP Time:Mar 13 17:30:23 Port:80 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP Time:Mar 13 17:30:30 Port:443 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP What type of activity has been logged?
393 Port scan targeting 192.168.1.106 
394 Port scan targeting 192.168.1.103 
395 Denial of service attack targeting 192.168.1.103 
396 Teardrop attack targeting 192.168.1.106
397
398Question 51 of 125 Certified Ethical Hacker
399env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd'
400What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host?
401 Display passwd content to prompt 
402 Removes the passwd file 
403 Add new user to the passwd file 
404 Changes all passwords in passwd
405
406Question 52 of 125 Certified Ethical Hacker
407Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and unpatched security flaws in a computer system? 
408 Wireshark 
409 Nessus 
410 Metasploit 
411 Maltego
412
413Question 53 of 125 Certified Ethical Hacker
414A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing - Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str... corporate network. What tool should the analyst use to perform a Blackjacking attack?
415 BBProxy 
416 Paros Proxy 
417 Blooover 
418 BBCrack
419
420Question 54 of 125 Certified Ethical Hacker
421What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script? 
422 Windows firewall 
423 User Access Control (UAC) 
424 Data Execution Prevention (DEP) 
425 Address Space Layout Randomization (ASLR)
426
427Question 55 of 125 Certified Ethical Hacker
428Shellshock had the potential for an unauthorized user to gain access to a server. It affected many internet-facing services, which OS did it not directly affect?
429 Windows 
430 OS X 
431 Unix 
432 Linux
433
434Question 56 of 125 Certified Ethical Hacker
435Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems?
436 Role Based Access Control (RBAC) 
437 Windows authentication 
438 Discretionary Access Control (DAC) 
439 Single sign-on
440
441Question 57 of 125 Certified Ethical Hacker
442Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system ? 
443 An authentication system that uses passphrases that are converted into virtual passwords 
444 A biometric system that bases authentication decisions on physical attributes. 
445 A biometric system that bases authentication decisions on behavioral attributes 
446 An authentication system that creates one-time passwords that are encrypted with secret keys
447
448Question 58 of 125 Certified Ethical Hacker
449Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization? 
450 Containment phase 
451 Recovery phase 
452 Identification phase 
453 Preparation phase
454
455Question 59 of 125 Certified Ethical Hacker
456Which of the following programs is usually targeted at Microsoft Office products?
457 Polymorphic virus 
458 Multipart virus 
459 Stealth virus 
460 Macro virus
461
462Question 60 of 125 Certified Ethical Hacker
463The company ABC recently contract a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data? 
464 The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document 
465 The CFO can use a hash algorithm in the document once he approved the financial statements 
466 The document can be sent to the accountant using an exclusive USB for that document 
467 he CFO can use an excel file with a password
468
469Question 61 of 125 Certified Ethical Hacker
470What is the role of test automation in security testing?
471 It is an option but it tends to be very expensive 
472 Test automation is not usable in security due to the complexity of the tests 
473 It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely. 
474 It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies
475
476Question 62 of 125 Certified Ethical Hacker
477What two conditions must a digital signature meet? 
478 Has to be legible and neat. 
479 Has to be unforgeable, and has to be authentic. 
480 Has to be the same number of characters as a physical signature and must be unique. 
481 Must be unique and have special characters.
482
483Question 63 of 125 Certified Ethical Hacker
484In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities.
485Example:
486allintitle: root passwd
487 Reconnaissance 
488 Maintaining Access 
489 Gaining Access 
490 Scanning and Enumeration
491
492Question 64 of 125 Certified Ethical Hacker
493Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her? 
494 Full disk encryption 
495 Password protected files 
496 Hidden folders 
497 BIOS password
498
499Question 65 of 125 Certified Ethical Hacker
500How can rainbow tables be defeated? 
501 All uppercase character passwords 
502 Password salting 
503 Lockout accounts under brute force password cracking attempts 
504 Use of non-dictionary words
505
506Question 66 of 125 Certified Ethical Hacker
507The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. Also he needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he applied his ACL configuration in the router no body can access to the ftp and the permitted hosts cannot access to the Internet. According to the next configuration what is happening in the network?
508access-list 102 deny tcp any any
509access-list 104 permit udp host 10.0.0.3 any
510access-list 110 permit tcp host 10.0.0.2 eq www any
511access-list 108 permit tcp any eq ftp any
512 The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router 
513 The ACL for FTP must be before the ACL 110 
514 The ACL 110 needs to be changed to port 80 
515 The ACL 104 needs to be first because is UDP
516
517Question 67 of 125 Certified Ethical Hacker
518An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack? 
519 Redirection of the traffic cannot happen unless the admin allows it explicitly. 
520 Only using OSPFv3 will mitigate this risk. 
521 Make sure that legitimate network routers are configured to run routing protocols with authentication. 
522 Disable all routing protocols and only use static routes
523
524Question 68 of 125 Certified Ethical Hacker
525An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job? 
526 Use an IDS in the entrance doors and install some of them near the corners 
527 Install a CCTV with cameras pointing to the entrance doors and the street 
528 Use fences in the entrance doors 
529 Use lights in all the entrance doors and along the company's perimeter
530
531Question 69 of 125 Certified Ethical Hacker
532Which results will be returned with the following Google search query? site:target.com -site:Marketing.target.com accounting
533 Results matching “accounting” in domain target.com but not on the site Marketing.target.com 
534 Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting 
535 Results for matches on target.com and Marketing.target.com that include the word “accounting” 
536 Results matching all words in the query
537
538Question 70 of 125 Certified Ethical Hacker
539Which system consists of a publicly available set of databases that contain domain name registration contact information?
540 CAPTCHA 
541 IETF 
542 IANA 
543 WHOIS
544
545Question 71 of 125 Certified Ethical Hacker
546What is not a PCI compliance recommendation? 
547 Limit access to card holder data to as few individuals as possible. 
548 Rotate employees handling credit card transactions on a yearly basis to different departments. 
549 Use encryption to protect all transmission of card holder data over any public network. 
550 Use a firewall between the public network and the payment card data
551
552Question 72 of 125 Certified Ethical Hacker
553By using a smart card and pin, you are using a two-factor authentication that satisfies
554 Something you know and something you are 
555 Something you are and something you remember 
556 Something you have and something you are 
557 Something you have and something you know
558
559Question 73 of 125 Certified Ethical Hacker
560In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one knows they sent the spam out to thousands of users at a time. Which of the following best describes what spammers use to hide the origin of these types of e-mails? 
561 A blacklist of companies that have their mail server relays configured to allow traffic only to their specific domain name. 
562 A blacklist of companies that have their mail server relays configured to be wide open. 
563 Mail relaying, which is a technique of bouncing e-mail from internal to external mail servers continuously. 
564 Tools that will reconfigure a mail server’s relay component to send the e-mail back to the spammers occasionally.
565
566Question 74 of 125 Certified Ethical Hacker
567What is the difference between the AES and RSA algorithms? 
568 Both are symmetric algorithms, but AES uses 256-bit keys. 
569 Both are asymmetric algorithms, but RSA uses 1024-bit keys. 
570 RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data. 
571 AES is asymmetric, which is used to create a public/private key pair; RSA is symmetric, which is used to encrypt data.
572
573Question 75 of 125 Certified Ethical Hacker
574Which of the following Nmap commands will produce the following output?
575Output:
576Starting Nmap 6.47 ( http://nmap.org ) at 2015-05-26 12:50 EDT
577Nmap scan report for 192.168.1.1
578Host is up (0.00042s latency).
579Not shown: 65530 open|filtered ports, 65529 filtered ports
580PORT STATE SERVICE
581111/tcp open rpcbind
582999/tcp open garcon
5831017/tcp open unknown
5841021/tcp open exp1
5851023/tcp open netvenuechat
5862049/tcp open nfs
58717501/tcp open unknown
588111/udp open rpcbind
589123/udp open ntp
590137/udp open netbios-ns
5912049/udp open nfs
5925353/udp open zeroconf
59317501/udp open|filtered unknown
59451857/udp open|filtered unknown
59554358/udp open|filtered unknown
59656228/udp open|filtered unknown
59757598/udp open|filtered unknown
59859488/udp open|filtered unknown
59960027/udp open|filtered unknown
600 nmap -sN -Ps -T4 192.168.1.1 
601 nmap -sS -Pn 192.168.1.1 
602 nmap -sS -sU -Pn -p 1-65535 192.168.1.1 
603 nmap -sT -sX -Pn -p 1-65535 192.168.1.1
604
605Question 76 of 125 Certified Ethical Hacker
606The company ABC recently discover that their new product was released by the opposition before their premiere. They contract and investigator who discovered that the maid threw away papers with confidential information about the new product and the opposition found it in the garbage. What is the name of the technique used by the opposition? 
607 Dumpster diving 
608 Spying 
609 Sniffing 
610 Hack attack
611
612Question 77 of 125 Certified Ethical Hacker
613Seth is starting a penetration test from inside the network. He hasn't been given any information about the network. What type of test is he conducting?
614 Internal, Blackbox 
615 External,Blackbox 
616 Internal, Whitebox 
617 External, Whitebox
618
619Question 78 of 125 Certified Ethical Hacker
620If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used? 
621 Idle Scan 
622 TCP Connect scan 
623 TCP SYN 
624 Spoof Scan
625
626Question 79 of 125 Certified Ethical Hacker
627You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax? 
628 hping2 --set-ICMP host.domain.com 
629 hping2 host.domain.com 
630 hping2 -i host.domain.com 
631 hping2 -1 host.domain.com
632
633Question 80 of 125 Certified Ethical Hacker
634John the Ripper is a technical assessment tool used to test the weakness of which of the following?
635 Passwords 
636 File permissions 
637 Firewall rulesets 
638 Usernames
639
640Question 81 of 125 Certified Ethical Hacker
641Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'.
642What technique is Ricardo using?
643 Public-key cryptography 
644 Encryption 
645 Steganography 
646 RSA algorithm
647
648Question 82 of 125 Certified Ethical Hacker
649Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems? 
650 msfd 
651 msfpayload 
652 msfcli 
653 msfencode
654
655Question 83 of 125 Certified Ethical Hacker
656What attack is used to crack passwords by using a precomputed table of hashed passwords?
657 Dictionary Attack 
658 Hybrid Attack 
659 Brute Force Attack 
660 Rainbow Table Attack
661
662Question 84 of 125 Certified Ethical Hacker
663........ is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.
664Fill in the blank with appropriate choice.
665 Collision Attack 
666 Sinkhole Attack 
667 Signal Jamming Attack 
668 Evil Twin Attack
669
670Question 85 of 125 Certified Ethical Hacker
671A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8 
672 The host is likely a Linux machine. 
673 The host is likely a Windows machine. 
674 The host is likely a printer. 
675 The host is likely a router.
676
677Question 86 of 125 Certified Ethical Hacker
678Websites and web portals that provide web services commonly use the Simple Object Access Protocol SOAP. Which of the following is an incorrect definition or characteristics in the protocol? 
679 Based on XML 
680 Provides a structured model for messaging 
681 Exchanges data between web services 
682 Only compatible with the application protocol HTTP
683
684Question 87 of 125 Certified Ethical Hacker
685Which of the following will perform an Xmas scan using NMAP? 
686 nmap -sV 192.168.1.254 
687 nmap -sA 192.168.1.254 
688 nmap -sP 192.168.1.254 
689 nmap -sX 192.168.1.254
690
691Question 88 of 125 Certified Ethical Hacker
692In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims. What is the difference between pharming and phishing attacks? 
693 Both pharming and phishing attacks are identical 
694 Both pharming and phishing attacks are purely technical and are not considered forms of social engineering 
695 In a phishing attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a pharming attack an attacker provides the victim with a URL that is either misspelled or looks very similar to the actual websites domain name 
696 In a pharming attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name
697
698Question 89 of 125 Certified Ethical Hacker
699___________ Is a set of extensions to DNS that provide to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attacks types. 
700 Resource records 
701 Resource transfer 
702 Zone transfer 
703 DNSSEC
704
705Question 90 of 125 Certified Ethical Hacker
706Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:
707[eve@localhost ~]$ john secret.txt
708Loaded 2 password hashes with no different salts (LM [DES 128/128 SSE2-16])
709Press 'q' or Ctrl-C to abort, almost any other key for status
7100g 0:00:00:03 3/3 0g/s 86168p/s 86168c/s 172336C/s MERO..SAMPLUI
7110g 0:00:00:04 3/3 0g/s 3296Kp/s 3296Kc/s 6592KC/s GOS..KARIS4
7120g 0:00:00:07 3/3 0g/s 8154Kp/s 8154Kc/s 16309KC/s NY180K..NY1837
7130g 0:00:00:10 3/3 0g/s 7958Kp/s 7958Kc/s 15917KC/s SHAGRN..SHENY9
714 
715What is she trying to achieve?
716 She is using John the Ripper to view the contents of the file. 
717 She is using ftp to transfer the file to another hacker named John. 
718 She is using John the Ripper to crack the passwords in the secret.txt file. 
719 She is encrypting the file.
720
721Question 91 of 125 Certified Ethical Hacker
722Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and that are related to various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.
723Basic example to understand how cryptography works is given below:
724SECURE (plain text)
725+1 (+1 next letter. for example, the letter ""T"" is used for ""S"" to encrypt.)
726TFDVSF (encrypted text)
727+ = logic => Algorithm
7281 = Factor => Key
729Which of the following choices true about cryptography?
730 Symmetric-key algorithms are a class of algorithms for cryptography that use the different cryptographic keys for both encryption of plaintext and decryption of ciphertext 
731 Algorithm is not the secret, key is the secret. 
732 Secure Sockets Layer (SSL) use the asymmetric encryption both (public/private key pair) to deliver the shared session key and to achieve a communication way. 
733 Public-key cryptography, also known as asymmetric cryptography, public key is for decrypt, private key is for encrypt.
734
735Question 92 of 125 Certified Ethical Hacker
736Look at the following output. What did the hacker accomplish?
737; <<>> DiG 9.7.-P1 <<>> axfr domain.com @192.168.1.105
738;; global options: +cmd
739domain.com. 3600 IN SOA srv1.domain.com. hostsrv1.domain.com. 131 900 600 86400 3600
740domain.com. 600 IN A 192.168.1.102
741domain.com. 600 IN A 192.168.1.105
742domain.com. 3600 IN NS srv1.domain.com.
743domain.com. 3600 IN NS srv2.domain.com.
744vpn.domain.com. 3600 IN A 192.168.1.1
745server.domain.com. 3600 IN A 192.168.1.3
746office.domain.com. 3600 IN A 192.168.1.4
747remote.domain.com. 3600 IN A 192.168.1.48
748support.domain.com. 3600 IN A 192.168.1.47
749ns1.domain.com. 3600 IN A 192.168.1.41
750ns2.domain.com. 3600 IN A 192.168.1.42
751ns3.domain.com. 3600 IN A 192.168.1.34
752ns4.domain.com. 3600 IN A 192.168.1.45
753srv1.domain.com. 3600 IN A 192.168.1.102
754srv2.domain.com. 1200 IN A 192.168.1.105
755domain.com. 3600 IN SOA srv1.domain.com. hostsrv1.domain.com. 131 900 600 86400 3600
756;; Query time: 269 msec
757;; SERVER: 192.168.1.105#53(192.168.1.105)
758;; WHEN: Sun Aug 11 20:07:59 2013
759;; XFR size: 65 records (messages 65, bytes 4501)
760 The hacker used whois to gather publicly available records for the domain. 
761 The hacker successfully transfered the zone and enumerated the hosts. 
762 The hacker listed DNS records on his own domain 
763 The hacker used the ""fierce"" tool to brute force the list of available domains.
764
765Question 93 of 125 Certified Ethical Hacker
766Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in bounds checking mechanism?
767Code:
768#include <string.h>
769int main(){
770 char buffer[8];
771 strcpy(buffer,""11111111111111111111111111111"");
772}
773Output:
774Segmentation fault
775 Java 
776 C# 
777 Python 
778 C++
779
780Question 94 of 125 Certified Ethical Hacker
781In order to have a anonymous Internet surf, which of the following is best choice? 
782 Use public VPN 
783 Use shared WiFi 
784 Use SSL sites when entering personal information 
785 Use Tor network with multi-node
786
787Question 95 of 125 Certified Ethical Hacker
788What is the correct process for the TCP three-way handshake connection establishment and connection termination? 
789 Connection Establishment: FIN, ACK-FIN, ACK
790Connection Termination: SYN, SYN-ACK, ACK 
791 Connection Establishment: SYN, SYN-ACK, ACK
792Connection Termination: ACK, ACK-SYN, SYN 
793 Connection Establishment: ACK, ACK-SYN, SYN
794Connection Termination: FIN, ACK-FIN, ACK 
795 Connection Establishment: SYN, SYN-ACK, ACK
796Connection Termination: FIN, ACK-FIN, ACK
797
798Question 96 of 125 Certified Ethical Hacker
799Your next door neighbor, that you do not get along with, is having issues with their network, so he yells to his spouse the network's SSID and password and you hear them both clearly. What do you do with this information? 
800 Log onto to his network, after all its his fault that you can get in. 
801 Only use his network when you have large downloads so you don't tax you own network. 
802 Nothing, but suggest to him to change the network's SSID and password. 
803 Sell his SSID and password to friends that come to your house, so it doesn't slow down your network.
804
805Question 97 of 125 Certified Ethical Hacker
806Bob learned that his username and password for a popular game has been compromised. He contacts the company and resets all the information. The company suggests he use two-factor authentication, which option below offers that? 
807 Disable his username and use just a fingerprint scanner. 
808 His username and a stronger password 
809 A new username and password 
810 A fingerprint scanner and his username and password
811
812Question 98 of 125 Certified Ethical Hacker
813Which type of security feature stops vehicles from crashing through the doors of a building? 
814 Bollards 
815 Receptionist 
816 Mantrap 
817 Turnstile
818
819Question 99 of 125 Certified Ethical Hacker
820A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
821What kind of Web application vulnerability likely exists in their software?
822 Session management vulnerability 
823 Cross-site Request Forgery vulnerability 
824 SQL injection vulnerability 
825 Cross-site scripting vulnerability
826
827Question 100 of 125 Certified Ethical Hacker
828A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80. The engineer receives this output: HTTP/1.1 200 OK Server: Microsoft-IIS/6 Expires: Tue, 17 Jan 2011 01:41:33 GMT Date: Mon, 16 Jan 2011 01:41:33 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Wed, 28 Dec 2010 15:32:21 GMT ETag: "b0aac0542e25c31:89d" Content-Length: 7369
829Which of the following is an example of what the engineer performed?
830 Whois database query 
831 Cross-site scripting 
832 SQL injection 
833 Banner grabbing
834
835Question 101 of 125 Certified Ethical Hacker
836If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?
837 TCP ping 
838 Traceroute 
839 Broadcast ping 
840 Hping
841
842Question 102 of 125 Certified Ethical Hacker
843A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted. Which cryptography attack is the student attempting?
844 Session hijacking 
845 Dictionary attack 
846 Man-in-the-middle attack 
847 Brute-force attack
848
849Question 103 of 125 Certified Ethical Hacker
850When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.
851What proxy tool will help you find web vulnerabilities?
852 Proxychains 
853 Burpsuite 
854 Maskgen 
855 Dimitry
856
857Question 104 of 125 Certified Ethical Hacker
858Jesse receives an email with an attachment labeled “Court_Notice_21206.zip”. Inside the zip file is a file named “Court_Notice_21206.docx.exe” disguised as a word document. Upon execution, a window appears stating, “This word document is corrupt.” In the background, the file copies itself to Jesse APPDATA\local directory and begins to beacon to a C2 server to download additional malicious binaries.
859What type of malware has Jesse encountered?
860 Macro Virus 
861 Worm 
862 Trojan 
863 Key-Logger
864
865Question 105 of 125 Certified Ethical Hacker
866Scenario:
8671. Victim opens the attacker's web site.
8682. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make $1000 in a day?'.
8693. Victim clicks to the interesting and attractive content url.
8704. Attacker creates a transparent 'iframe' in front of the url which victim attempt to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' url but actually he/she clicks to the content or url that exists in the transparent 'iframe' which is setup by the attacker.
871What is the name of the attack which is mentioned in the scenario?
872 HTTP Parameter Pollution 
873 HTML Injection 
874 Session Fixation 
875 ClickJacking Attack
876
877Question 106 of 125 Certified Ethical Hacker
878Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place ?
879 Malicious code is attempting to execute instruction in a non-executable memory region. 
880 A race condition is being exploited, and the operating system is containing the malicious process 
881 A page fault is occurring, which forces the operating system to write data from the hard drive 
882 Malware is executing in either ROM or a cache memory area.
883
884Question 107 of 125 Certified Ethical Hacker
885Sid is a judge for a programming contest. Before the code reaches him it goes through a restricted OS and is tested there. If it passes, then it moves onto Sid. What is this middle step called?
886 Fuzzy-testing the code 
887 Third party running the code 
888 Sandboxing the code 
889 String validating the code
890
891Question 108 of 125 Certified Ethical Hacker
892In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the passkey in a matter of seconds. This security flaw led to a network invasion of TJ Maxx and data theft through a technique known as wardriving.
893Which Algorithm is this referring to?
894 Wi-Fi Protected Access (WPA) 
895 Wi-Fi Protected Access 2 (WPA2) 
896 Wired Equivalent Privacy (WEP) 
897 Temporal Key Integrity Protocol (TKIP)
898
899Question 109 of 125 Certified Ethical Hacker
900You're doing an internal security audit and you want to find out what ports are open on all the servers. What is the best way to find out? 
901 Scan servers with Nmap 
902 Telnet to every port on each server 
903 Physically go to each server 
904 Scan servers with MBSA
905
906Question 110 of 125 Certified Ethical Hacker
907Which of the following is a passive wireless packet analyzer that works on Linux-based systems? 
908 OpenVAS 
909 tshark 
910 Kismet 
911 Burp Suite
912
913Question 111 of 125 Certified Ethical Hacker
914An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", that the user is directed to a phishing site.
915Which file does the attacker need to modify?
916 Boot.ini 
917 Hosts 
918 Networks 
919 Sudoers
920
921Question 112 of 125 Certified Ethical Hacker
922Emil uses nmap to scan two hosts using this command:
923 
924nmap -sS -T4 -O 192.168.99.1 192.168.99.7
925 
926He receives this output:
927 
928Nmap scan report for 192.168.99.1
929Host is up (0.00082s latency).
930Not shown: 994 filtered ports
931PORT STATE SERVICE
93221/tcp open ftp
93323/tcp open telnet
93453/tcp open domain
93580/tcp open http
936161/tcp closed snmp
937MAC Address: B0:75:D5:33:57:74 (ZTE)
938Device type: general purpose
939Running: Linux 2.6.X
940OS CPE: cpe:/o:linux:linux_kernel:2.6
941OS details: Linux 2.6.9 - 2.6.33
942Network Distance: 1 hop
943 
944Nmap scan report for 192.168.99.7
945Host is up (0.000047s latency).
946All 1000 scanned ports on 192.168.99.7 are closed
947Too many fingerprints match this host to give specific OS details
948Network Distance: 0 hops
949 
950What is his conclusion?
951 Host 192.168.99.1 is the host that he launched the scan from 
952 He performed a SYN scan and OS scan on hosts 192.168.99.1 and 192.168.99.7 
953 Host 192.168.99.7 is down 
954 Host 192.168.99.7 is a an iPad.
955
956Question 113 of 125 Certified Ethical Hacker
957As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.
958What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester?
959 Non-Disclosure Agreement 
960 Project Scope 
961 Rules of Engagement 
962 Service Level Agreement
963
964Question 114 of 125 Certified Ethical Hacker
965It has been reported to you that someone has caused an information spillage on their computer. You go to the computer, disconnect it from the network, remove the keyboard and mouse, and power it down. What step in incident handling did you just complete?
966 Discovery 
967 Eradication 
968 Recovery 
969 Containment
970
971Question 115 of 125 Certified Ethical Hacker
972A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?
973 The computer is not using a private IP address 
974 The gateway and the computer are not on the same network 
975 The gateway is not routing to a public IP address 
976 The computer is using an invalid IP address
977
978Question 116 of 125 Certified Ethical Hacker
979Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. 
980 SSL/TLS Renegotiation Vulnerability 
981 Heartbleed Bug 
982 Shellshock 
983 POODLE
984
985Question 117 of 125 Certified Ethical Hacker
986Jimmy is standing outside a secure entrance to a facility. He is pretending to having a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it begins to close. What just happened?
987 Tailgating 
988 Whaling 
989 Masquerading 
990 Phishing
991
992Question 118 of 125 Certified Ethical Hacker
993An attacker tries to do banner grabbing on a remote web server and executes the following command.
994$ nmap -sV host.domain.com -p 80
995He gets the following output. 
996Starting Nmap 6.47 ( http://nmap.org ) at 2014-12-08 19:10 EST
997Nmap scan report for host.domain.com (108.61.158.211)
998Host is up (0.032s latency).
999PORT STATE SERVICE VERSION
100080/tcp open http Apache httpd
1001Service detection performed. Please report any incorrect results at http://nmap.org/submit/.
1002Nmap done: 1 IP address (1 host up) scanned in 6.42 seconds
1003What did the hacker accomplish?
1004 The hacker successfully completed the banner grabbing. 
1005 nmap can't retrieve the version number of any running remote service. 
1006 The hacker failed to do banner grabbing as he didn't get the version of the Apache web server. 
1007 The hacker should've used nmap -O host.domain.com
1008
1009Question 119 of 125 Certified Ethical Hacker
1010Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetric algorithms ? 
1011 Security 
1012 Scalability 
1013 Key distribution 
1014 Speed
1015
1016Question 120 of 125 Certified Ethical Hacker
1017A well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he do? 
1018 Notify the web site owner so that corrective action be taken as soon as possible to patch the vulnerability. 
1019 Ignore it. 
1020 Exploit the vulnerability without harming the web site owner so that attention be drawn to the problem. 
1021 Try to sell the information to a well-paying party on the dark web.
1022
1023Question 121 of 125 Certified Ethical Hacker
1024Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening ports on the targeted system. 
1025If a scanned port is open, what happens
1026 The port will send a SYN. 
1027 The port will ignore the packets. 
1028 The port will send an RST 
1029 The port will send an ACK
1030
1031Question 122 of 125 Certified Ethical Hacker
1032You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's bank account password and login information for the administrator's bitcoin account.
1033What should you do?
1034 Do not report it and continue the penetration test 
1035 Do not transfer the money but steal the bitcoins. 
1036 Transfer money from the administrator's account to another account 
1037 Report immediately to the administrator.
1038
1039Question 123 of 125 Certified Ethical Hacker
1040Internet Protocol Security IPSec is actually a suite of protocols. Each protocol within the suite provides different functionality. Collective IPSec does everything except. 
1041 Authenticate 
1042 Work at the Data Link Layer 
1043 Protect the payload and the headers 
1044 Encrypt
1045
1046Question 124 of 125 Certified Ethical Hacker
1047A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup? 
1048 Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed. 
1049 The operator knows that attacks and down time are inevitable and should have a backup site 
1050 There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist. 
1051 As long as the physical access to the network elements is restricted, there is no need for additional measures
1052
1053Question 125 of 125 Certified Ethical Hacker
1054Attempting an injection attack on a web server based on responses to True/False 
1055Questions is called which of the following? 
1056 DMS-specific SQLi 
1057 Classic SQLi 
1058 Compound SQLi 
1059 Blind SQLi