Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. XSS attacks occur on Web pages that do not perform appropriate bounds checking on data entered by users. Characters like < > that mark the beginning/end of a tag should be converted into HTML entities.
What is the correct code when converted to html entities?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: D
Q2. Windows LAN Manager (LM) hashes are known to be weak. Which of the following are known weaknesses of LM? (Choose three)
A. Converts passwords to uppercase.
B. Hashes are sent in clear text over the network.
C. Makes use of only 32 bit encryption.
D. Effective length is 7 characters.
Answer: ABD
Explanation: The LM hash is computed as follows.1. The user’s password as an OEM string is converted to uppercase. 2. This password is either null-padded or truncated to 14 bytes. 3. The “fixed-length” password is split into two 7-byte halves. 4. These values are used to create two DES keys, one from each 7-byte half. 5. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values. 6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash. The hashes them self are sent in clear text over the network instead of sending the password in clear text.
Q3. In an attempt to secure his wireless network, Bob implements a VPN to cover the wireless communications. Immediately after the implementation, users begin complaining about how slow the wireless network is. After benchmarking the network’s speed. Bob discovers that throughput has dropped by almost half even though the number of users has remained the same.
Why does this happen in the VPN over wireless implementation?
A. The stronger encryption used by the VPN slows down the network.
B. Using a VPN with wireless doubles the overhead on an access point for all direct client to access point communications.
C. VPNs use larger packets then wireless networks normally do.
D. Using a VPN on wireless automatically enables WEP, which causes additional overhead.
Answer: B
Explanation: By applying VPN the access point will have to recalculate all headers destined for client and from clients twice.
Q4. Which of the following statement correctly defines ICMP Flood Attack? (Select 2 answers) A. Bogus ECHO reply packets are flooded on the network spoofing the IP and MAC address
B. The ICMP packets signal the victim system to reply and the combination of traffic saturates the bandwidth of the victim's network
C. ECHO packets are flooded on the network saturating the bandwidth of the subnet causing denial of service
D. A DDoS ICMP flood attack occurs when the zombies send large volumes of ICMP_ECHO_REPLY packets to the victim system.
Answer: BD
Q5. You have installed antivirus software and you want to be sure that your AV signatures are working correctly. You don't want to risk the deliberate introduction of a live virus to test the AV software. You would like to write a harmless test virus, which is based on the European Institute for Computer Antivirus Research format that can be detected by the AV software.
How should you proceed?
A. Type the following code in notepad and save the file as SAMPLEVIRUS.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it. X5O!P%@AP[4\PZX54(P^)7CC)7}$SAMPLEVIRUS-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
B. Type the following code in notepad and save the file as AVFILE.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it. X5O!P%@AP[4\PZX54(P^)7CC)7}$AVFILE-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
C. Type the following code in notepad and save the file as TESTAV.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it. X5O!P%@AP[4\PZX54(P^)7CC)7}$TESTAV-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
D. Type the following code in notepad and save the file as EICAR.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Answer: D
Explanation: The EICAR test file (official name: EICAR Standard Anti-Virus Test File) is a file, developed by the European Institute for Computer Antivirus Research, to test the response of computer antivirus (AV) programs. The rationale behind it is to allow people, companies, and AV programmers to test their software without having to use a real computer virus that could cause actual damage should the AV not respond correctly. EICAR likens the use of a live virus to test AV software to setting a fire in a trashcan to test a fire alarm, and promotes the EICAR test file as a safe alternative.
Q6. You are scanning the target network for the first time. You are able to detect few convention open ports. While attempting to perform conventional service identification by connecting to the open ports, the scan yields either bad or no result. As you are unsure of the protocols in use, you want to discover as many different protocols as possible. Which of the following scan options can help you achieve this?
A. Nessus sacn with TCP based pings
B. Netcat scan with the switches
C. Nmap scan with the P (ping scan) switch
D. Nmap with the O (Raw IP Packets switch
Answer: D
Explanation: -sO IP protocol scans: This method is used to determine which IP protocols are supported on a host. The technique is to send raw IP packets without any further protocol header to each specified protocol on the target machine. If we receive an ICMP protocol unreachable message, then the protocol is not in use. Otherwise we assume it is open. Note that some hosts (AIX, HP-UX, Digital UNIX) and firewalls may not send protocol unreachable messages.
Q7. Which of the following tools are used for enumeration? (Choose three.)
A. SolarWinds
B. USER2SID
C. Cheops
D. SID2USER
E. DumpSec
Answer: BDE
Explanation: USER2SID, SID2USER, and DumpSec are three of the tools used for system enumeration. Others are tools such as NAT and Enum. Knowing which tools are used in each step of the hacking methodology is an important goal of the CEH exam. You should spend a portion of your time preparing for the test practicing with the tools and learning to understand their output.
Q8. Dave has been assigned to test the network security of Acme Corp. The test was announced to the employees. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a sand clock to mark the progress of the test. Dave successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access. How was security compromised and how did the firewall respond?
A. The attack did not fall through as the firewall blocked the traffic
B. The attack was social engineering and the firewall did not detect it
C. The attack was deception and security was not directly compromised
D. Security was not compromised as the webpage was hosted internally
Answer: B
Explanation: This was just another way to trick the information out of the users without the need to hack into any systems. All traffic is outgoing and initiated by the user so the firewall will not react.
Q9. _____ is the process of converting something from one representation to the simplest form. It deals with the way in which systems convert data from one form to another.
A. Canonicalization
B. Character Mapping
C. Character Encoding
D. UCS transformation formats
Answer: A
Explanation: Canonicalization (abbreviated c14n) is the process of converting data that has more than one possible representation into a "standard" canonical representation. This can be done to compare different representations for equivalence, to count the number of distinct data structures (e.g., in combinatorics), to improve the efficiency of various algorithms by eliminating repeated calculations, or to make it possible to impose a meaningful sorting order.
Q10. _________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.
A. Trojan
B. RootKit
C. DoS tool
D. Scanner
E. Backdoor
Answer: B
Explanation: Rootkits are tools that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.
Q11. After a client sends a connection request (SYN) packet to the server, the server will respond (SYN-ACK) with a sequence number of its choosing, which then must be acknowledge (ACK) by the client. This sequence number is predictable; the attack connects to a service first with its own IP address, records the sequence number chosen and then opens a second connection from a forget IP address. The attack doesn’t see the SYN-ACK (or any other packet) from the server, but can guess the correct responses. If the source IP Address is used for authentication, the attacker can use the one-side communication to break into the server.
What attacks can you successfully launch against a server using the above technique?
A. Session Hijacking attacks
B. Denial of Service attacks
C. Web Page defacement attacks
D. IP Spoofing Attacks
Answer: A
Explanation: The term Session Hijacking refers to the exploitation of a valid computer session -sometimes also called a session key - to gain unauthorised access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer.
Topic 11, Hacking Web Servers
Q12. Once an intruder has gained access to a remote system with a valid username and password, the attacker will attempt to increase his privileges by escalating the used account to one that has increased privileges. such as that of an administrator. What would be the best countermeasure to protect against escalation of priveges?
A. Give users tokens
B. Give user the least amount of privileges
C. Give users two passwords
D. Give users a strong policy document
Answer: B
Explanation: With less privileges it is harder to increase the privileges.
Q13. Sabotage, Advertising and Covering are the three stages of _____
A. Social engineering
B. Reverse Social Engineering
C. Reverse Software Engineering
D. Rapid Development Engineering
Answer: B
Explanation: Typical social interaction dictates that if someone gives us something then it is only right for us to return the favour. This is known as reverse social engineering, when an attacker sets up a situation where the victim encounters a problem, they ask the attacker for help and once the problem is solved the victim then feels obliged to give the information requested by the attacker.
Q14. What is the tool Firewalk used for?
A. To test the IDS for proper operation
B. To test a firewall for proper operation
C. To determine what rules are in place for a firewall
D. To test the webserver configuration
E. Firewalk is a firewall auto configuration tool
Answer: C
Explanation: Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device "firewall" will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway host does not allow the traffic, it will likely drop the packets and no response will be returned.
Q15. Exhibit
You receive an e-mail with the message displayed in the exhibit.
From this e-mail you suspect that this message was sent by some hacker since you have using their e-mail services for the last 2 years and they never sent out an e-mail as this. You also observe the URL in the message and confirm your suspicion about 340590649. You immediately enter the following at the Windows 2000 command prompt.
ping 340590649
You get a response with a valid IP address. What is the obstructed IP address in the e-mail URL?
A. 192.34.5.9
B. 10.0.3.4
C. 203.2.4.5
D. 199.23.43.4
Answer: C
Explanation: Convert the number in binary, then start from last 8 bits and convert them to decimal to get the last octet (in this case .5)