Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?
A. Copy the system files from a known good system
B. Perform a trap and trace
C. Delete the files and try to determine the source
D. Reload from a previous backup
E. Reload from known good media
Answer: E
Explanation: If a rootkit is discovered, you will need to reload from known good media. This typically means performing a complete reinstall.
Q2. In which step Steganography fits in CEH System Hacking Cycle (SHC)
A. Step 2: Crack the password
B. Step 1: Enumerate users
C. Step 3: Escalate privileges
D. Step 4: Execute applications
E. Step 5: Hide files
F. Step 6: Cover your tracks
Answer: ACDEF
Q3. Which Type of scan sends a packets with no flags set ?
Select the Answer
A. Open Scan
B. Null Scan
C. Xmas Scan
D. Half-Open Scan
Answer: B
Explanation:
The types of port connections supported are:
Q4. Liza has forgotten her password to an online bookstore. The web application asks her to key in her email so that they can send her the password. Liza enters her email liza@yahoo.com'. The application displays server error. What is wrong with the web application?
A. The email is not valid
B. User input is not sanitized
C. The web server may be down
D. The ISP connection is not reliable
Answer: B
Explanation: All input from web browsers, such as user data from HTML forms and cookies, must be stripped of special characters and HTML tags as described in the following CERT advisories: http://www.cert.org/advisories/CA-1997-25.html http://www.cert.org/advisories/CA-2000-02.html
Q5. You run nmap port Scan on 10.0.0.5 and attempt to gain banner/server information from services running on ports 21, 110 and 123.
Here is the output of your scan results:
Which of the following nmap command did you run?
A. nmap -A -sV -p21,110,123 10.0.0.5
B. nmap -F -sV -p21,110,123 10.0.0.5
C. nmap -O -sV -p21,110,123 10.0.0.5
D. nmap -T -sV -p21,110,123 10.0.0.5
Answer: C
Q6. You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters.
With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?
A. Online Attack
B. Dictionary Attack
C. Brute Force Attack
D. Hybrid Attack
Answer: D
Explanation: A dictionary attack will not work as strong passwords are enforced, also the minimum length of 8 characters in the password makes a brute force attack time consuming. A hybrid attack where you take a word from a dictionary and exchange a number of letters with numbers and special characters will probably be the fastest way to crack the passwords.
Q7. In an attempt to secure his wireless network, Bob turns off broadcasting of the SSID. He concludes that since his access points require the client computer to have the proper SSID, it would prevent others from connecting to the wireless network. Unfortunately unauthorized users are still able to connect to the wireless network.
Why do you think this is possible?
A. Bob forgot to turn off DHCP.
B. All access points are shipped with a default SSID.
C. The SSID is still sent inside both client and AP packets.
D. Bob’s solution only works in ad-hoc mode.
Answer: B
Explanation: All access points are shipped with a default SSID unique to that manufacturer, for example 3com uses the default ssid comcomcom.
Q8. When Jason moves a file via NFS over the company's network, you want to grab a copy of it by sniffing. Which of the following tool accomplishes this?
A. macof
B. webspy
C. filesnarf
D. nfscopy
Answer: C
Explanation: Filesnarf - sniff files from NFS traffic
OPTIONS
-i interface
Specify the interface to listen on.
-v "Versus" mode. Invert the sense of matching, to
select non-matching files.
pattern
Specify regular expression for filename matching.
expression
Specify a tcpdump(8) filter expression to select
traffic to sniff.
SEE ALSO
Dsniff, nfsd
Q9. Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?
A. Overloading Port Address Translation
B. Dynamic Port Address Translation
C. Dynamic Network Address Translation
D. Static Network Address Translation
Answer: D
Explanation: Mapping an unregistered IP address to a registered IP address on a one-to-one basis. Particularly useful when a device needs to be accessible from outside the network.
Q10. What is "Hacktivism"?
A. Hacking for a cause
B. Hacking ruthlessly
C. An association which groups activists
D. None of the above
Answer: A
Explanation: The term was coined by author/critic Jason Logan King Sack in an article about media artist Shu Lea Cheang. Acts of hacktivism are carried out in the belief that proper use of code will have leveraged effects similar to regular activism or civil disobedience.
Q11. Vulnerability scanners are automated tools that are used to identify vulnerabilities and misconfigurations of hosts. They also provide information regarding mitigating discovered vulnerabilities.
Which of the following statements is incorrect?
A. Vulnerability scanners attempt to identify vulnerabilities in the hosts scanned.
B. Vulnerability scanners can help identify out-of-date software versions, missing patches, or system upgrades
C. They can validate compliance with or deviations from the organization's security policy
D. Vulnerability scanners can identify weakness and automatically fix and patch the vulnerabilities without user intervention
Answer: D
Q12. In Trojan terminology, what is required to create the executable file chess.exe as shown below?
A. Mixer
B. Converter
C. Wrapper
D. Zipper
Answer: C
Q13. Charlie is the network administrator for his company. Charlie just received a new Cisco router and wants to test its capabilities out and to see if it might be susceptible to a DoS attack resulting in its locking up. The IP address of the Cisco switch is 172.16.0.45. What command can Charlie use to attempt this task?
A. Charlie can use the command: ping -l 56550 172.16.0.45 -t.
B. Charlie can try using the command: ping 56550 172.16.0.45.
C. By using the command ping 172.16.0.45 Charlie would be able to lockup the router
D. He could use the command: ping -4 56550 172.16.0.45.
Answer: A
Q14. If you send a SYN to an open port, what is the correct response?(Choose all correct answers.
A. SYN
B. ACK
C. FIN
D. PSH
Answer: AB
Explanation: The proper response is a SYN / ACK. This technique is also known as half-open scanning.
Q15. Scanning for services is an easy job for Bob as there are so many tools available from the Internet. In order for him to check the vulnerability of company, he went through a few scanners that are currently available. Here are the scanners that he uses:
-Axent’s NetRecon (http://www.axent.com)
-SARA, by Advanced Research Organization (http://www-arc.com/sara)
-VLAD the Scanner, by Razor (http://razor.bindview.com/tools/)
However, there are many other alternative ways to make sure that the services that have been scanned will be more accurate and detailed for Bob.
What would be the best method to accurately identify the services running on a victim host?
A. Using Cheops-ng to identify the devices of company.
B. Using the manual method of telnet to each of the open ports of company.
C. Using a vulnerability scanner to try to probe each port to verify or figure out which service is running for company.
D. Using the default port and OS to make a best guess of what services are running on each port for company.
Answer: B
Explanation: By running a telnet connection to the open ports you will receive banners that tells you what service is answering on that specific port.