Practice Exam Questions

1.

You just noticed a member of your pen test team sending an email to an address that you know does not exist within the company for which you are contracted to perform the penetration test. Why is he doing this?

A. To determine who is the holder of the root account

B. To determine if the email server is vulnerable to a relay attack

C. To test the network's IDS systems

D. To generate a response back that will reveal information about email servers

2.

What is the range for dynamic random ports?

A. 102449151

B. 11024

C. 4915265535

D. 01023

3.

What does the following command achieve?

Telnet  
HEAD /HTTP/1.0


 

A. This command returns the home page for the IP address specified.

B. This command opens a backdoor Telnet session to the IP address specified.

C. This command returns the banner of the website specified by the IP address.

D. This command allows a hacker to determine if the server has a SQL database.

4.

You would like to perform a port scan that would allow you to determine if a stateless firewall is being used. Which of the following would be the best option?

A. XMAS scan

B. Idle scan

C. Stealth scan

D. ACK scan

   
5.

You have become concerned that someone could attempt to poison your DNS server. What determines how long cache poisoning would last?

A. A record

B. CNAME

C. SOA

D. MX

6.

Which of the following Trojans uses port 6666?

A. Subseven

B. NetBus

C. Amitis

D. Beast

7.

Which of the following best describes a wrapper?

A. Wrappers are used as tunneling programs.

B. Wrappers are used to cause a Trojan to self execute when previewed within email.

C. Wrappers are used as backdoors to allow unauthenticated access.

D. Wrappers are used to package covert programs with overt programs.

8.

Loki uses which of the following by default?

A. ICMP

B. UDP 69

C. TCP 80

D. IGRP

9.

You have become concerned that one of your workstations might be infected with a malicious program. Which of the following netstat switches would be the best to use?

A. netstat -an

B. netstat -r

C. netstat -p

D. netstat -s

   
10.

You have just completed a scan of your servers, and you found port 12345 open. Which of the following programs uses that port by default?

A. Donald Dick

B. Back Orifice

C. Subseven

D. NetBus

11.

Which of the following federal laws makes it a crime to knowingly and intentionally use cellular telephones that are altered or have been cloned?

A. 18 USC 2701

B. 18 USC 2511

C. 18 USC 2319

D. 18 USC 1029

12.

You have been reading about SSIDs and how they are transmitted in clear text. Which of the following is correct about SSIDs?

A. SSIDs are up to 32 bits and are not case sensitive.

B. SSIDs are up to 24 bits and are case sensitive.

C. SSIDs are up to 32 bits and are case sensitive.

D. SSIDs are up to 24 bits and are not case sensitive.

13.

You have been asked to install and turn on WEP on an access point that is used in the shipping area. Which of the following statements is true?

A. The MAC addresses can still be sniffed.

B. The IP header can still be sniffed.

C. FTP passwords will still be seen in clear text if a hacker sniffs the wireless network.

D. WEP will make the network secure from DoS attacks.

14.

Which of the following does not provide server authentication?

A. EAP-TLS

B. PEAP

C. LEAP

D. EAP-MD5

   
15.

You would like to scan for Bluetooth devices that are used in the office. Which of the following tools would work best?

A. Airsnort

B. Aeropeek

C. RedFang

D. NetStumbler

16.

Rosa would like to make sure that the digital photos and art she produces are recognizable in case her work is stolen and placed on another website. What should she do?

A. Copyright it

B. Use steganography

C. Digital watermark

D. Use a digital certificate

17.

What do programs, such as Tripwire, MD5sum, and Windows System File Protection, all rely on?

A. Digital certificates

B. Hashing

C. Digital signatures

D. Steganography

18.

How many characters is the output of an MD5sum?

A. 128 characters

B. 64 characters

C. 32 characters

D. 16 characters

19.

What binary coding is most commonly used for email purposes?

A. UUencode

B. SMTP

C. XOR

D. Base64

   
20.

What hashing algorithm produces a 128-bit hash value?

A. MD5

B. 3DES

C. SHA-1

D. AES

21.

During a penetration text, you found several systems connected to the Internet that have a low security level, which allows for the free recording of cookies. This creates a risk because cookies locally store which of the following?

A. Information about the web server

B. Information about the user

C. Information for the Internet connection

D. Specific Internet pages

22.

You have been asked to analyze the following portion of a web page:


 

[View full width]

 

What do you surmise?

A. This is part of a web script that is used for PKI authentication.

B. This is part of a web script for a customer solutions page.

C. This is part of a web script that uses an insecure authentication mechanism.

D. You see no problems with the script as written.

   
23.

While performing a penetration test for an ISP that provides. Internet connection services to airports for their wireless customers, you have been presented with the following issues: The ISP uses Wireless Transport Layer Security (WTLS) and Secure Socket Layers (SSL) technology to protect the airports end users' authentication and payment transactions. Which of the following are you most concerned about?

A. If a hacker were to compromise the Wireless Application Protocol (WAP) gateway

B. If a hacker installed a sniffing program in front of the server

C. If a hacker stole a user's laptop at the security checkpoint

D. If a hacker sniffed the wireless transmission

24.

Peter has successfully stolen the SAM from a system he has been examining for several days. Here is the output:

Administrator:1008:6145CBC5A0A3E8C6AAD3B435B51404EE
Donald:1000:16AC416C2658E00DAAD3B435B51404EE
Tony:1004:AA79E536EDFC475E813EFCA2725F52B0
Chris:0:A00B9194BEDB81FEAAD3B435B51404EE
George:1003:6ABB219687320CFFAAD3B435B51404EE
Billy:500:648948730C2D6B9CAAD3B435B51404EE:
 

From the preceding list, identify the user with Administrator privileges?

A. Administrator

B. Donald

C. Chris

D. Billy

25.

You have been asked to set up an access point and override the signal of a real access point. This way, you can capture the user's authentication as he attempts to log in. What kind of attack is this?

A. Wardriving

B. Rogue access point

C. Denial of service

D. Bluejacking

   
26.

Which of the following can help you detect changes made by a hacker to the system log of a server?

A. Mirroring the system log onto a second server

B. Writing the system log to not only the server, but also on a write-once disk

C. Setting permissions to write protect the directory containing the system log

D. Storing the backup of the system log offsite

27.

Which of the following is not one of the three items that security is based on?

A. Confidentiality

B. Availability

C. Authentication

D. Integrity

28.

Which of the following best describes a phreaker?

A. A hacker who is skilled in manipulating the phone system

B. A hacker who is skilled in social engineering

C. A hacker who is skilled in manipulating the Voice over IP (VoIP)

D. A hacker who is skilled in manipulating cryptographic algorithms

29.

Which of the following terms best describes malware?

A. Risks

B. Threats

C. Vulnerabilities

D. Exploit

30.

Which of the following best describes the principle of defense in-depth?

A. Two firewalls in parallel to check different types of incoming traffic

B. Making sure that the outside of a computer center building has no signs or marking so that it is not easily found

C. Using a firewall as well as encryption to control and secure incoming network traffic

D. Using two firewalls made by different vendors to consecutively check the incoming network traffic

   
31.

Which of the following are the two primary U.S. laws that address cybercrime?

A. 1030 and 2701

B. 2510 and 1029

C. 2510 and 2701

D. 1029 and 1030

32.

Which of the following is the most serious risk associated with vulnerability assessment tools?

A. False positives

B. False negatives

C. Non-specific reporting features

D. Platform dependent

33.

You have successfully extracted the SAM from a Windows 2000 server. Is it possible to determine if an LM hash that you're looking at contains a password fewer than eight characters long?

A. A hash cannot be reversed; therefore, you are unable to tell.

B. The rightmost portion of the hash will always have the same value.

C. The hash always starts with 1404EE.

D. The leftmost portion of the hash will always have the same value.

34.

You have been tasked with examining the web pages of a target site. You have grown tired of looking at each online. Which of the following offers a more efficient way of performing this task?

A. Using wget to download all pages for further inspection

B. Using pwdump to download all pages for further inspection

C. Using dumpsec to download all pages for further inspection

D. Using Achilles to download all pages for further inspection

35.

You would like to find out more information about a website from a company based in France. Which of the following is a good starting point?

A. AfriNIC

B. ARIN

C. APNIC

D. RIPE

   
36.

Which of the following best describes passive information gathering?

A. Scanning

B. Maintaining access

C. Cover tracks and placing backdoors

D. Reconnaissance

37.

While scanning the target network, you discovered that all the web servers in the DMS respond to ACK packets on port 80. What does this tell you?

A. All the servers are Windows based.

B. The target organization is not using an IDS.

C. All the servers are UNIX based.

D. The target organization is using a packet filter.

38.

After gaining access to a span of network that connects local systems to a remote site, you discover that you can easily intercept traffic and data. Which of the follow should you recommend in your report as a countermeasure?

A. Installing high-end switches

B. Encryption

C. Callback modems

D. Message authentication

39.

As you prepare to set up a covert channel using Netcat, you are worried about your traffic being sniffed on the network. Which of the following is your best option?

A. Use netcat with the v option

B. Use netcat with the p option

C. Use cryptcat instead

D. Use netcat with the e option

40.

You were successful in your dumpster diving raids against the target organization, and you uncovered sensitive information. In your final report, what is the best solution you can recommend to prevent this kind of hacking attack?

A. Signs warning against trespassing

B. CCTV cameras in the dumpster area

C. Shredders

D. Locks on dumpsters

   
41.

The ability to capture a stream of data packets and then insert them back into the network as a valid message is known as which of the following?

A. Eavesdropping

B. Message modification

C. Brute-force attack

D. Packet replay

42.

A SYN flood can be detected by which of the following?

A. A large number of SYN packets appearing on the network without corresponding ACK responses

B. Packets that have both the same source and destination IP addresses

C. A large number of SYN packets appearing on the network with random segment sizes

D. Packets that have both the same source and destination port addresses

43.

While preparing to hack a targeted network, you would like to check the configuration of the DNS server. What port should you look for to attempt a zone transfer?

A. 53 UDP

B. 79 TCP

C. 53 TCP

D. 79 UDP

44.

Refer to the following figure. What is the destination MAC address?

A. A multicast

B. A broadcast

C. The default gateway

D. C0 A8 7B 65

   
45.

Which of the following is used to verify the proof of identity?

A. Asymmetric encryption

B. Symmetric encryption

C. Non-repudiation

D. Hashing

46.

Which type of lock would be considered the easiest to pick?

A. Cipher

B. Warded

C. Device

D. Tumbler

47.

You have successfully run an exploit against an IIS4 server. Which of the following is the default privilege you will have within the command shell that you have spawned?

A. Local system

B. Administrator

C. IIS default account

D. IUSR_Computername

48.

An idle scan makes use of which of the following parameters?

A. The datagram size

B. The segment size

C. The IPID

D. The ACK number

49.

Which of the following can be used to ensure a sender's authenticity and an email's confidentiality?

A. By first encrypting the hash of the message with the sender's private key and then encrypting the hash of the message with the receiver's public key

B. Having the sender digitally signing the message and then encrypting the hash of the message with the sender's private key

C. By first encrypting the hash of the message with the sender's private key and then encrypting the message with the receiver's public key

D. By first encrypting the message with the sender's private key and then encrypting the message hash with the receiver's public key

   
50.

Which of the following is used for integrity?

A. DES

B. Diffie-Hellman

C. MD5

D. AES

51.

Which kind of lock includes a keypad that can be used to control access into areas?

A. Cipher

B. Warded

C. Device

D. Tumbler

52.

You have been given the data capture in the following figure to analyze. What type of packet is this?

A. It was generated by Loki.

B. It is a Linux ping packet.

C. There is not enough information to tell.

D. It is a Windows ping packet.

53.

When working with Windows systems, what is the RID of the first user account?

A. 100

B. 500

C. 1000

D. 1001

   
54.

Which of the following GUI scanners is designed to run on a Windows platform and is used for port 80 vulnerability scans?

A. Nessus

B. Ethereal

C. N-Stealth

D. Whisker

55.

Which of the following represents the weakest form of encryption?

A. DES ECB

B. RC5

C. Base64

D. AES

56.

During a physical assessment of an organization, you noticed that there is only an old dilapidated wood fence around the organization's R&D facility. As this building is a key asset, what height chain-link fence should you recommend be installed to deter a determined intruder?

A. Four foot

B. Five foot

C. Six foot

D. Eight foot

57.

You have been asked if there are any tools that can be used to run a covert channel over ICMP. What should you suggest?

A. Netbus

B. Loki

C. Fpipe

D. Sid2User

58.

This DoS tool is characterized by the fact that it sends packets with the same source and destination address. What is it called?

A. Ping of death

B. Smurf

C. Land

D. Targa

   
59.

Your sniffing attempts have been less than successful, as the targeted LAN is using a switched network. Luckily, a co-worker introduced you to Cain. What type of attack can Cain perform against switches to make your sniffing attempt more successful?

A. MAC flooding

B. ICMP redirect

C. ARP poisoning

D. IP forwarding

60.

Which of the following uses the same key to encode and decode data?

A. RSA

B. El Gamel

C. ECC

D. RC5

61.

This type of active sniffing attack attempts to overflow the switch's content addressable memory (CAM).

A. MAC flooding

B. ICMP redirect

C. ARP poisoning

D. IP forwarding

62.

You have been asked to prepare a quote for a potential client who is requesting a penetration test. Which of the following listed items is the most important to ensure the success of the penetration test?

A. A well-documented planned testing procedure

B. A proper schedule that specifies the timed length of the test

C. The involvement of the management of the client organization

D. The experience and qualifications of the staff involved in the pen test

   
63.

You were able to log on to a user's computer and plant a keystroke logger after you saw the user get up and walk away without logging out or turning off his computer. When preparing your final report, what should you recommend to the client as the best defense to prevent this from happening?

A. The use of encryption

B. Instruct users to switch off the computers when leaving or stepping away from the system

C. Enforcing strict passwords

D. Implementing screensaver passwords

64.

Which of the following can be used to lure attackers away from real servers and allow for their detection?

A. Honeypots

B. Jails

C. IDS systems

D. Firewalls

65.

Which of the following best describes what happens when two message digests produce the same hash?

A. Fragments

B. Collisions

C. Agreements

D. Hash completion

66.

Which of the following is one of the primary ways that people can get past controlled doors?

A. Shoulder surfing

B. Piggybacking

C. Spoofing

D. Lock picking

67.

You are preparing to perform a subnet scan. Which of the following Nmap switches would be useful for performing a UDP scan of the lower 1024 UDP ports?

A. Nmap -hU

B. Nmap -sU -p 1-1024

C. Nmap -u -v -w2 1-1024

D. Nmap -sS -O target/1024

   
68.

You are concerned that the target network is running PortSentry to block Nmap scanning. Which of the following should you attempt to bypass their defense?

A. Nmap -O

B. Nmap -sT -p 1-1024

C. Nmap -s0 -PT -O -T1

D. Nmap -sA -T1

69.

What is the real reason that WEP is vulnerable?

A. RC4 is not a real encryption standard.

B. The 24-bit IV field is too small.

C. 40-bit encryption was shown to be weak when cracked in the 1980s.

D. Tools, such as WEPCrack, can brute force WEP by trying all potential keys in just a few minutes.

70.

What encryption standard was chosen as the replacement for 3DES?

A. RC5

B. ECC

C. Knapsack

D. Rijndael

71.

You recently used social engineering to talk your way into a secure facility. Which of the following should you recommend in your ethical hacking report as the best defense to prevent this from happening in the future?

A. Guests are escorted.

B. Guests are required to wear badges.

C. Guests must sign in.

D. Guests are searched before they can enter.

   
72.

This method of transmission operates by taking a broad slice of the bandwidth spectrum and dividing it into smaller subchannels of about 1MHz. The transmitter then hops between subchannels and sends out short bursts of data on each subchannel for a short period of time. What method was just described?

A. Frequency-hopping spread spectrum (FHSS)

B. Wired equivalent protection (WEP)

C. Direct-sequence spread spectrum (DSSS)

D. Wi-Fi Protected Access (WPA)

73.

Which of the following software products is not used to defend against buffer overflows?

A. Return Address Defender (RAD)

B. C+

C. StackGuard

D. Immunix

74.

This type of virus scanning examines computer files for irregular or unusual instructions. Which of the following matches that description?

A. Integrity checking

B. Heuristic scanning

C. Activity blocker

D. Signature scanning

75.

Which of the following is considered the weakest form of DES?

A. DES ECB

B. DES CBC

C. DES CFM

D. DES OFB

76.

Which of the following is the best example of a strong two factor authentication?

A. A passcard and a token

B. A token and a pin number

C. A username and a password

D. A hand scan and fingerprint scan

   
77.

While looking over data gathered by one of your co-workers, you come across the following data:

system.sysDescr.0 = OCTET STRING: "Sun SNMP Agent, "
system.sysObjectID.0 = OBJECT IDENTIFIER: enterprises.42.2.1.1
system.sysUpTime.0 = Timeticks: (5660402) 15:43:24
system.sysContact.0 = OCTET STRING: "System administrator"
system.sysName.0 = OCTET STRING: "unixserver"
system.sysLocation.0 = OCTET STRING: "System admins office"
system.sysServices.0 = INTEGER: 72
interfaces.ifNumber.0 = INTEGER: 2
interfaces.ifTable.ifEntry.ifIndex.1 = INTEGER: 1
interfaces.ifTable.ifEntry.ifIndex.2 = INTEGER: 2
 

What was used to obtain this output?

A. An Nmap scan

B. A Nessus scan

C. An SNMP walk

D. SolarWinds

78.

You found the following information that had been captured by a keystroke log:

Type nc.exe > sol.exe:nc.exe
 

What is the purpose of the command?

A. An attacker is using a wrapper.

B. An attacker is streaming a file.

C. An attacker is using a dropper.

D. An attacker has used a steganographic tool.

79.

You're planning on planting a sniffing program on a Linux system but are worried that it will be discovered when someone runs an ifconfig -a. Which of the following is your best option for hiding the tool?

A. Run the tool in stealth mode.

B. Replace the original version of ifconfig with a rootkit version.

C. Redirect screen output should someone type the ifconfig command.

D. Store the tool in a hidden directory with an ADS.

   
80.

Which of the following is a program used to wardial?

A. Toneloc

B. Kismet

C. SuperScan

D. NetStumbler

81.

Which of the following best describes Tripwire?

A. It is used as a firewall to prevent attacks.

B. It is used as an IPS to defend against intruders.

C. It is used encrypt sensitive files.

D. It is used to verify integrity.

82.

You are preparing to attack several critical servers and perform the following command:

net use \windows_serveripc$ "" /u:""
 

What is its purpose?

A. Grabbing the etc/passwd file

B. Stealing the SAM

C. Probing a Linux-based Samba server

D. Establishing a null session

83.

Several of your co-workers are having a discussion about the etc/passwd file. They are at odds over what types of encryption are used to secure Linux passwords. Which of the following is the least likely to be used?

A. Linux passwords can be encrypted with MD5.

B. Linux passwords can be encrypted with DES.

C. Linux passwords can be encrypted with Blowfish.

D. Linux passwords are encrypted with asymmetric algorithms.

   
84.

You noticed the following entry:

http://server/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
 

What is the attacker attempting to do?

A. DoS the targeted web server

B. Exploit a vulnerability in a CGI script

C. Exploit a vulnerability in an Internet Information Server

D. Gain access on a SQL server

85.

You discovered the following in the logs:

192.186.13.100/myserver.aspx..%255C..%255C..%255C..%255C..%255C.
.%255C..%255C..%255C..%255C..%255
..c:winntsystem32cmd.exe%/c:dir
 

What is the hacker attempting to do?

A. Directory traversal attack

B. Buffer overflow

C. .+htr attack

D. Execute MS Blaster

86.

DES has an effective key length of which of the following?

A. 48 bit

B. 56 bit

C. 64 bit

D. 128 bit

87.

Because of findings discovered during a penetration test, you have been asked to investigate bio-metric authentication devices. Which of the following would represent the best system to install?

A. A system with a high CER

B. A system with a high FAR

C. A system with a low CER

D. A system with a high FRR

   
88.

One of your team members has asked you to analyze the following SOA record:

ExamCram2.com.SOA NS1.ExamCram2.com pearson.com (200509024 3600
3600 604800 2400)
 

Based on this information, which of the following is the correct TTL?

A. 200509024

B. 3600

C. 604800

D. 2400

89.

Which of the following statements about SSIDs is correct?

A. The SSID is the same value on all systems.

B. The SSID is only 32 bits in length.

C. The SSID is broadcast in clear text.

D. The SSID and the wireless AP's MAC address will always be the same.

90.

While examining a file from a suspected hacker's laptop, you come across the following snippet of code:

char linuxcode[]= /* Lam3rZ chroot() code */
 "x31xc0x31xdbx31xc9xb0x46xcdx80x31xc0x31xdb"
 "x43x89xd9x41xb0x3fxcdx80xebx6bx5ex31xc0x31"
 "xc9x8dx5ex01x88x46x04x66xb9xffxffx01xb0x27"
 "xcdx80x31xc0x8dx5ex01xb0x3dxcdx80x31xc0x31"
 "xdbx8dx5ex08x89x43x02x31xc9xfexc9x31xc0x8d"
 "x5ex08xb0x0cxcdx80xfexc9x75xf3x31xc0x88x46"
 "x09x8dx5ex08xb0x3dxcdx80xfex0exb0x30xfexc8"
 "x88x46x04x31xc0x88x46x07x89x76x08x89x46x0c"
 "x89xf3x8dx4ex08x8dx56x0cxb0x0bxcdx80x31xc0"
 "x31xdbxb0x01xcdx80xe8x90xffxffxffxffxffxff"
 "x30x62x69x6ex30x73x68x31x2ex2ex31x31";
#define MAX_FAILED 4
#define MAX_MAGIC 100
static int magic[MAX_MAGIC],magic_d[MAX_MAGIC];
static char *magic_str=NULL;
int before_len=0;
char *target=NULL,*username="ftp",*password=NULL;
 

What is its purpose?

A. The hex dump of a bitmap picture

B. A buffer overflow

C. An encrypted file

D. A password cracking program

   
91.

Which of the following is considered a vulnerability of SNMP?

A. Clear text community strings

B. Its use of TCP

C. The fact that it is on by default in Windows 2000 server

D. The fact that it is on by default in Windows XP Professional

92.

Disabling which of the following would make your wireless network more secure against unauthorized access?

A. Wired Equivalent Privacy (WEP)

B. Media access control (MAC) address filtering

C. Extensible Authentication Protocol (EAP)

D. Service Set ID (SSID) broadcasting

93.

You are hoping to exploit a DNS server and access the zone records. As such, when does a secondary name server request a zone transfer from a primary name server?

A. When a secondary SOA serial number is higher than a primary SOA

B. When a primary name server has had its service restarted

C. When the TTL reaches 0

D. When a primary SOA serial number is higher that a secondary SOA

94.

Which of the following indicates an ICMP destination unreachable type?

A. 0

B. 3

C. 5

D. 13

95.

This form of antivirus scan looks at the beginning and end of executable files for known virus signatures. Which of the following matches that description?

A. Integrity checking

B. Heuristic scanning

C. Activity blocker

D. Signature scanning

   
96.

You have successfully run an exploit against an IIS6 server. Which of the following default privileges will you have within the command shell that you have spawned?

A. Local system

B. Administrator

C. IIS default account

D. IUSR_Computername

97.

Which of the following protocols was developed to be used for key exchange?

A. Diffie-Hellman

B. MD5

C. Rijndael

D. Base64

98.

This type of access control system uses subjects, objects, and labels.

A. DAC

B. MAC

C. Kerberos

D. TACACS

99.

Jack is conducting an assessment of a target network. He knows that there are services, such as web and mail, although he cannot get a ping reply from these devices. Which of the following is the most likely reason that he is having difficulty with this task?

A. A packet filter is blocking ping.

B. UDP is blocked by the gateway.

C. The hosts are down.

D. The TTL value is incorrect.

100.

Locks are considered what type of control?

A. Detective

B. Preventive

C. Expanded

D. Weak

   
101.

Which of the following best describes firewalking?

A. It's a tool used to discover promiscuous settings on NIC cards, and, as such, it can enumerate firewalls.

B. It is a technique used to discover what rules are configured on the gateway.

C. It is a tool used to cause a buffer overflow on a firewall.

D. It is a technique used to map wireless networks.

102.

The art of hiding information in graphics or music files is known as which of the following?

A. Non-repudiation

B. Steganography

C. Hashing

D. Encryption

103.

What is the following Snort rule used for?


 

[View full width]

#alert tcp any any -> $HOME_NET 22 (msg: "Policy Violation Detected"; dsize: 52; flags: AP; threshold: type both, track by_src, count 3, seconds 60; classtype: successful-user; sid:2001637; rev:3;)  

A. This rule detects if someone attempts to use FTP.

B. This rule detects if someone attempts to use Telnet.

C. This rule detects if someone attempts to use SSH.

D. This rule detects if someone attempts to use TFTP.

104.

What is the purpose of the following Snort rule?

alert tcp any any -> 192.168.160.0/24 12345 (msg:"Possible Trojan access";)
 

A. This rule detects a Subseven scan.

B. This rule detects a Netbus scan.

C. This rule detects a Back Orfice scan.

D. This rule detects a Donald Dick scan.

   
105.

Because of a recent penetration test, you have been asked to recommend a new firewall for a rapidly expanding company. You have been asked what type of firewall would be best for the organization if used in conjunction with other products and only needs the capability to statelessly filter traffic by port or IP address.

A. An access control list implemented on a router

B. Operating systembased firewall

C. Host-based firewall

D. Demilitarized design

106.

Which of the following describes programs that can run independently, travel from system to system, and disrupt computer communications?

A. Trojans

B. Viruses

C. Worms

D. Droppers

107.

How many bits does SYSKEY use for encryption?

A. 48 bits

B. 56 bits

C. 128 bits

D. 256 bits

108.

While examining the company's website for vulnerabilities, you received the following error: Microsoft OLE DB Provider for ODBC Drivers error '80040e14'. What does it mean?

A. The site has a scripting error.

B. The site is vulnerable to SQL injection.

C. The site is vulnerable to a buffer overflow.

D. The site has a CGI error.

   
109.

While searching a website, you have been unable to find information that was on the site several months ago. What might you do to attempt to locate that information?

A. Visit Google's cached page to view the older copy.

B. Forget about it, as there is no way to find this information.

C. Visit a partner site of the organization to see if it is there.

D. Use the wayback machine.

110.

What program is used to conceal messages in ASCII text by appending whitespace to the end of lines?

A. Snow

B. wget

C. Blindside

D. Wrapper

Answers to Practice Exam Questions

Part I: Exam Preparation

The Business Aspects of Penetration Testing

The Technical Foundations of Hacking

Footprinting and Scanning

Enumeration and System Hacking

Linux and Automated Security Assessment Tools

Trojans and Backdoors

Sniffers, Session Hijacking, and Denial of Service

Web Server Hacking, Web Applications, and Database Attacks

Wireless Technologies, Security, and Attacks

IDS, Firewalls, and Honeypots

Buffer Overflows, Viruses, and Worms

Cryptographic Attacks and Defenses

Physical Security and Social Engineering

Part II: Final Review

Part III: Appendixes

Appendix A. Using the ExamGear Special Edition Software



Certified Ethical Hacker Exam Prep
Certified Ethical Hacker Exam Prep
ISBN: 0789735318
EAN: 2147483647
Year: 2007
Pages: 247
Authors: Michael Gregg

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net