1. |
You just noticed a member of your pen test team sending an email to an address that you know does not exist within the company for which you are contracted to perform the penetration test. Why is he doing this?
|
2. |
What is the range for dynamic random ports?
|
3. |
What does the following command achieve? Telnet HEAD /HTTP/1.0
|
4. |
You would like to perform a port scan that would allow you to determine if a stateless firewall is being used. Which of the following would be the best option?
|
5. |
You have become concerned that someone could attempt to poison your DNS server. What determines how long cache poisoning would last?
|
6. |
Which of the following Trojans uses port 6666?
|
7. |
Which of the following best describes a wrapper?
|
8. |
Loki uses which of the following by default?
|
9. |
You have become concerned that one of your workstations might be infected with a malicious program. Which of the following netstat switches would be the best to use?
|
10. |
You have just completed a scan of your servers, and you found port 12345 open. Which of the following programs uses that port by default?
|
11. |
Which of the following federal laws makes it a crime to knowingly and intentionally use cellular telephones that are altered or have been cloned?
|
12. |
You have been reading about SSIDs and how they are transmitted in clear text. Which of the following is correct about SSIDs?
|
13. |
You have been asked to install and turn on WEP on an access point that is used in the shipping area. Which of the following statements is true?
|
14. |
Which of the following does not provide server authentication?
|
15. |
You would like to scan for Bluetooth devices that are used in the office. Which of the following tools would work best?
|
16. |
Rosa would like to make sure that the digital photos and art she produces are recognizable in case her work is stolen and placed on another website. What should she do?
|
17. |
What do programs, such as Tripwire, MD5sum, and Windows System File Protection, all rely on?
|
18. |
How many characters is the output of an MD5sum?
|
19. |
What binary coding is most commonly used for email purposes?
|
20. |
What hashing algorithm produces a 128-bit hash value?
|
21. |
During a penetration text, you found several systems connected to the Internet that have a low security level, which allows for the free recording of cookies. This creates a risk because cookies locally store which of the following?
|
22. |
You have been asked to analyze the following portion of a web page: [View full width] What do you surmise?
|
23. |
While performing a penetration test for an ISP that provides. Internet connection services to airports for their wireless customers, you have been presented with the following issues: The ISP uses Wireless Transport Layer Security (WTLS) and Secure Socket Layers (SSL) technology to protect the airports end users' authentication and payment transactions. Which of the following are you most concerned about?
|
24. |
Peter has successfully stolen the SAM from a system he has been examining for several days. Here is the output: Administrator:1008:6145CBC5A0A3E8C6AAD3B435B51404EE Donald:1000:16AC416C2658E00DAAD3B435B51404EE Tony:1004:AA79E536EDFC475E813EFCA2725F52B0 Chris:0:A00B9194BEDB81FEAAD3B435B51404EE George:1003:6ABB219687320CFFAAD3B435B51404EE Billy:500:648948730C2D6B9CAAD3B435B51404EE: From the preceding list, identify the user with Administrator privileges?
|
25. |
You have been asked to set up an access point and override the signal of a real access point. This way, you can capture the user's authentication as he attempts to log in. What kind of attack is this?
|
26. |
Which of the following can help you detect changes made by a hacker to the system log of a server?
|
27. |
Which of the following is not one of the three items that security is based on?
|
28. |
Which of the following best describes a phreaker?
|
29. |
Which of the following terms best describes malware?
|
30. |
Which of the following best describes the principle of defense in-depth?
|
31. |
Which of the following are the two primary U.S. laws that address cybercrime?
|
32. |
Which of the following is the most serious risk associated with vulnerability assessment tools?
|
33. |
You have successfully extracted the SAM from a Windows 2000 server. Is it possible to determine if an LM hash that you're looking at contains a password fewer than eight characters long?
|
34. |
You have been tasked with examining the web pages of a target site. You have grown tired of looking at each online. Which of the following offers a more efficient way of performing this task?
|
35. |
You would like to find out more information about a website from a company based in France. Which of the following is a good starting point?
|
36. |
Which of the following best describes passive information gathering?
|
37. |
While scanning the target network, you discovered that all the web servers in the DMS respond to ACK packets on port 80. What does this tell you?
|
38. |
After gaining access to a span of network that connects local systems to a remote site, you discover that you can easily intercept traffic and data. Which of the follow should you recommend in your report as a countermeasure?
|
39. |
As you prepare to set up a covert channel using Netcat, you are worried about your traffic being sniffed on the network. Which of the following is your best option?
|
40. |
You were successful in your dumpster diving raids against the target organization, and you uncovered sensitive information. In your final report, what is the best solution you can recommend to prevent this kind of hacking attack?
|
41. |
The ability to capture a stream of data packets and then insert them back into the network as a valid message is known as which of the following?
|
42. |
A SYN flood can be detected by which of the following?
|
43. |
While preparing to hack a targeted network, you would like to check the configuration of the DNS server. What port should you look for to attempt a zone transfer?
|
44. |
Refer to the following figure. What is the destination MAC address?
|
45. |
Which of the following is used to verify the proof of identity?
|
46. |
Which type of lock would be considered the easiest to pick?
|
47. |
You have successfully run an exploit against an IIS4 server. Which of the following is the default privilege you will have within the command shell that you have spawned?
|
48. |
An idle scan makes use of which of the following parameters?
|
49. |
Which of the following can be used to ensure a sender's authenticity and an email's confidentiality?
|
50. |
Which of the following is used for integrity?
|
51. |
Which kind of lock includes a keypad that can be used to control access into areas?
|
52. |
You have been given the data capture in the following figure to analyze. What type of packet is this?
|
53. |
When working with Windows systems, what is the RID of the first user account?
|
54. |
Which of the following GUI scanners is designed to run on a Windows platform and is used for port 80 vulnerability scans?
|
55. |
Which of the following represents the weakest form of encryption?
|
56. |
During a physical assessment of an organization, you noticed that there is only an old dilapidated wood fence around the organization's R&D facility. As this building is a key asset, what height chain-link fence should you recommend be installed to deter a determined intruder?
|
57. |
You have been asked if there are any tools that can be used to run a covert channel over ICMP. What should you suggest?
|
58. |
This DoS tool is characterized by the fact that it sends packets with the same source and destination address. What is it called?
|
59. |
Your sniffing attempts have been less than successful, as the targeted LAN is using a switched network. Luckily, a co-worker introduced you to Cain. What type of attack can Cain perform against switches to make your sniffing attempt more successful?
|
60. |
Which of the following uses the same key to encode and decode data?
|
61. |
This type of active sniffing attack attempts to overflow the switch's content addressable memory (CAM).
|
62. |
You have been asked to prepare a quote for a potential client who is requesting a penetration test. Which of the following listed items is the most important to ensure the success of the penetration test?
|
63. |
You were able to log on to a user's computer and plant a keystroke logger after you saw the user get up and walk away without logging out or turning off his computer. When preparing your final report, what should you recommend to the client as the best defense to prevent this from happening?
|
64. |
Which of the following can be used to lure attackers away from real servers and allow for their detection?
|
65. |
Which of the following best describes what happens when two message digests produce the same hash?
|
66. |
Which of the following is one of the primary ways that people can get past controlled doors?
|
67. |
You are preparing to perform a subnet scan. Which of the following Nmap switches would be useful for performing a UDP scan of the lower 1024 UDP ports?
|
68. |
You are concerned that the target network is running PortSentry to block Nmap scanning. Which of the following should you attempt to bypass their defense?
|
69. |
What is the real reason that WEP is vulnerable?
|
70. |
What encryption standard was chosen as the replacement for 3DES?
|
71. |
You recently used social engineering to talk your way into a secure facility. Which of the following should you recommend in your ethical hacking report as the best defense to prevent this from happening in the future?
|
72. |
This method of transmission operates by taking a broad slice of the bandwidth spectrum and dividing it into smaller subchannels of about 1MHz. The transmitter then hops between subchannels and sends out short bursts of data on each subchannel for a short period of time. What method was just described?
|
73. |
Which of the following software products is not used to defend against buffer overflows?
|
74. |
This type of virus scanning examines computer files for irregular or unusual instructions. Which of the following matches that description?
|
75. |
Which of the following is considered the weakest form of DES?
|
76. |
Which of the following is the best example of a strong two factor authentication?
|
77. |
While looking over data gathered by one of your co-workers, you come across the following data: system.sysDescr.0 = OCTET STRING: "Sun SNMP Agent, " system.sysObjectID.0 = OBJECT IDENTIFIER: enterprises.42.2.1.1 system.sysUpTime.0 = Timeticks: (5660402) 15:43:24 system.sysContact.0 = OCTET STRING: "System administrator" system.sysName.0 = OCTET STRING: "unixserver" system.sysLocation.0 = OCTET STRING: "System admins office" system.sysServices.0 = INTEGER: 72 interfaces.ifNumber.0 = INTEGER: 2 interfaces.ifTable.ifEntry.ifIndex.1 = INTEGER: 1 interfaces.ifTable.ifEntry.ifIndex.2 = INTEGER: 2 What was used to obtain this output?
|
78. |
You found the following information that had been captured by a keystroke log: Type nc.exe > sol.exe:nc.exe What is the purpose of the command?
|
79. |
You're planning on planting a sniffing program on a Linux system but are worried that it will be discovered when someone runs an ifconfig -a. Which of the following is your best option for hiding the tool?
|
80. |
Which of the following is a program used to wardial?
|
81. |
Which of the following best describes Tripwire?
|
82. |
You are preparing to attack several critical servers and perform the following command: net use \windows_serveripc$ "" /u:"" What is its purpose?
|
83. |
Several of your co-workers are having a discussion about the etc/passwd file. They are at odds over what types of encryption are used to secure Linux passwords. Which of the following is the least likely to be used?
|
84. |
You noticed the following entry: http://server/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd What is the attacker attempting to do?
|
85. |
You discovered the following in the logs: 192.186.13.100/myserver.aspx..%255C..%255C..%255C..%255C..%255C. .%255C..%255C..%255C..%255C..%255 ..c:winntsystem32cmd.exe%/c:dir What is the hacker attempting to do?
|
86. |
DES has an effective key length of which of the following?
|
87. |
Because of findings discovered during a penetration test, you have been asked to investigate bio-metric authentication devices. Which of the following would represent the best system to install?
|
88. |
One of your team members has asked you to analyze the following SOA record: ExamCram2.com.SOA NS1.ExamCram2.com pearson.com (200509024 3600 3600 604800 2400) Based on this information, which of the following is the correct TTL?
|
89. |
Which of the following statements about SSIDs is correct?
|
90. |
While examining a file from a suspected hacker's laptop, you come across the following snippet of code: char linuxcode[]= /* Lam3rZ chroot() code */ "x31xc0x31xdbx31xc9xb0x46xcdx80x31xc0x31xdb" "x43x89xd9x41xb0x3fxcdx80xebx6bx5ex31xc0x31" "xc9x8dx5ex01x88x46x04x66xb9xffxffx01xb0x27" "xcdx80x31xc0x8dx5ex01xb0x3dxcdx80x31xc0x31" "xdbx8dx5ex08x89x43x02x31xc9xfexc9x31xc0x8d" "x5ex08xb0x0cxcdx80xfexc9x75xf3x31xc0x88x46" "x09x8dx5ex08xb0x3dxcdx80xfex0exb0x30xfexc8" "x88x46x04x31xc0x88x46x07x89x76x08x89x46x0c" "x89xf3x8dx4ex08x8dx56x0cxb0x0bxcdx80x31xc0" "x31xdbxb0x01xcdx80xe8x90xffxffxffxffxffxff" "x30x62x69x6ex30x73x68x31x2ex2ex31x31"; #define MAX_FAILED 4 #define MAX_MAGIC 100 static int magic[MAX_MAGIC],magic_d[MAX_MAGIC]; static char *magic_str=NULL; int before_len=0; char *target=NULL,*username="ftp",*password=NULL; What is its purpose?
|
91. |
Which of the following is considered a vulnerability of SNMP?
|
92. |
Disabling which of the following would make your wireless network more secure against unauthorized access?
|
93. |
You are hoping to exploit a DNS server and access the zone records. As such, when does a secondary name server request a zone transfer from a primary name server?
|
94. |
Which of the following indicates an ICMP destination unreachable type?
|
95. |
This form of antivirus scan looks at the beginning and end of executable files for known virus signatures. Which of the following matches that description?
|
96. |
You have successfully run an exploit against an IIS6 server. Which of the following default privileges will you have within the command shell that you have spawned?
|
97. |
Which of the following protocols was developed to be used for key exchange?
|
98. |
This type of access control system uses subjects, objects, and labels.
|
99. |
Jack is conducting an assessment of a target network. He knows that there are services, such as web and mail, although he cannot get a ping reply from these devices. Which of the following is the most likely reason that he is having difficulty with this task?
|
100. |
Locks are considered what type of control?
|
101. |
Which of the following best describes firewalking?
|
102. |
The art of hiding information in graphics or music files is known as which of the following?
|
103. |
What is the following Snort rule used for? [View full width] #alert tcp any any -> $HOME_NET 22 (msg: "Policy Violation Detected"; dsize: 52; flags: AP; threshold: type both, track by_src, count 3, seconds 60; classtype: successful-user; sid:2001637; rev:3;)
|
104. |
What is the purpose of the following Snort rule? alert tcp any any -> 192.168.160.0/24 12345 (msg:"Possible Trojan access";)
|
105. |
Because of a recent penetration test, you have been asked to recommend a new firewall for a rapidly expanding company. You have been asked what type of firewall would be best for the organization if used in conjunction with other products and only needs the capability to statelessly filter traffic by port or IP address.
|
106. |
Which of the following describes programs that can run independently, travel from system to system, and disrupt computer communications?
|
107. |
How many bits does SYSKEY use for encryption?
|
108. |
While examining the company's website for vulnerabilities, you received the following error: Microsoft OLE DB Provider for ODBC Drivers error '80040e14'. What does it mean?
|
109. |
While searching a website, you have been unable to find information that was on the site several months ago. What might you do to attempt to locate that information?
|
110. |
What program is used to conceal messages in ASCII text by appending whitespace to the end of lines?
|
Answers to Practice Exam Questions |
Part I: Exam Preparation
The Business Aspects of Penetration Testing
The Technical Foundations of Hacking
Footprinting and Scanning
Enumeration and System Hacking
Linux and Automated Security Assessment Tools
Trojans and Backdoors
Sniffers, Session Hijacking, and Denial of Service
Web Server Hacking, Web Applications, and Database Attacks
Wireless Technologies, Security, and Attacks
IDS, Firewalls, and Honeypots
Buffer Overflows, Viruses, and Worms
Cryptographic Attacks and Defenses
Physical Security and Social Engineering
Part II: Final Review
Part III: Appendixes
Appendix A. Using the ExamGear Special Edition Software