312-50 - Ethical Hacking and Countermeasures (CEHv6)
Go back to ECCouncil
A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:89
The host is likely a printer.
This method is used to determine the Operating system and version running on a remote target system. What is it called?
Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform contract work for a large state agency in Michigan. Jeremy's first task is to scan all the company's external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the website. James types in the following statement in the username field: SELECT * from Users where username='admin' ?AND password='' AND email like '%@testers.com%' What will the SQL statement accomplish?
This statement will look for users with the name of admin, blank passwords, and email addresses that end in @testers.com
Which of the following ICMP message types are used for destinations unreachables?
In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
chain of custody
An attacker is attempting to telnet into a corporation's system in the DMZ. The attacker doesn't want to get caught and is spoofing his IP address. After numerous tries he remains unsuccessful in connecting to the system. The attacker rechecks that the target system is actually listening on Port 23 and he verifies it with both nmap and hping2. He is still unable to connect to the target system. What could be the reason?
He cannot spoof his IP and successfully use TCP
John is using a special tool on his Linux platform that has a signature database and is therefore able to detect hundred of vulnerabilities in UNIX, Windows, and commonly-used web CGI scripts. Additionally, the database detects DDoS zombies and Trojans. What would be the name of this multifunctional tool?
Which of the following is one of the key features found in a worm but not seen in a virus?
It is self replicating without need for user intervention.
Which of the following processes evaluates the adherence of an organization to its stated security policy?
Which of the following examples best represents a logical or technical control?
Which of the following is the best way an attacker can passively learn about technologies used in an organization?
By searching regional newspapers and job databases for skill sets technology hires need to possess in the organization
Which of the following cryptography attack methods is usually performed without the use of a computer?
Rubber hose attack
In order to attack a wireless network, you put up an access point and override the signal of the real access point. As users send authentication data, you are able to capture it. What kind of attack is this?
Rouge access point attack
A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed?
Which property ensures that a hash function will not produce the same hashed value for two different messages?
What file system vulnerability does the following command take advantage of? type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe
Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites. Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well. In this context, what would be the most affective method to bridge the knowledge gap between the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the test answer)
Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.
Attackers can potentially intercept and modify unsigned SMB packets, modify the traffic and forward it so that the server might perform undesirable actions. Alternatively, the attacker could pose as the server or client after a legitimate authentication and gain unauthorized access to data. Which of the following is NOT a means that can be used to minimize or protect against such an attack?
Sequence numbers monitoring
Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms. What is this document called?
Information Security Policy (ISP)
You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years. You navigate to archive. org and view the HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal: What have you found?
Under what conditions does a secondary name server request a zone transfer from a primary name server?
When a primary SOA is higher that a secondary SOA
Jake is a network administrator who needs to get reports from all the computer and network devices on his network. Jake wants to use SNMP but is afraid that won't be secure since passwords and messages are in clear text. How can Jake gather network information in a secure manner?
He can use SNMPv3
A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?
Create a route statement in the meterpreter.
John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enables Lophtcrack program to sniffing mode. John sends Hillary an email with a link to Error! Reference source not found. What information will he be able to gather from this?
Hillary network username and password hash
During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?
The session cookies do not have the HttpOnly flag set.
Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and uses the special card in order to access the restricted area of the target company. Just as the employee opens the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so that he can enter. What is the best way to undermine the social engineering activity of tailgating?
Educate and enforce physical security policies of the company to all the employees on a regular basis
Item 2If you come across a sheepdip machine at your client site, what would you infer?
Asheepdip computer is used only for virus-checking.
Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this?
Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.
This TCP flag instructs the sending system to transmit all buffered data immediately.
A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop anti- virus and E-mail gateway. This approach can be used to mitigate which kind of attack?
Social engineering attack
You suspect that your Windows machine has been compromised with a Trojan virus. When you run anti-virus software it does not pick of the Trojan. Next you run netstat command to look for open ports and you notice a strange port 6666 open. What is the next step you would do?
Run utility fport and look for the application executable that listens on port 6666.
The use of technologies like IPSec can help guarantee the followinG. authenticity, integrity, confidentiality and
Which statement is TRUE regarding network firewalls preventing Web Application attacks?
Network firewalls cannot prevent attacks because ports 80 and 443 must be opened.
A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the best remediation against this type of attack?
Requiring client and server PKI certificates for all connections
SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake and opens a large number of half-open TCP connections. The signature of attack for SYN Flood contains:
A large number of SYN packets appearing on a network without the corresponding reply packets
What do you call a pre-computed hash?
The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?
The same key on each end of the transmission medium
Which is a standard procedure to perform during all computer forensics investigations?
with the hard drive removed from the suspect PC, check the date and time in the system's CMOS
Your company has blocked all the ports via external firewall and only allows port 80/443 to connect to the Internet. You want to use FTP to connect to some remote server on the Internet. How would you accomplish this?
Use HTTP Tunneling
Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored? (Choose the best answer)
Which of the statements concerning proxy firewalls is correct?
Computers establish a connection with a proxy firewall which initiates a new network connection for the client.
James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testing against his network?
There is some dispute between two network administrators at your company. Your boss asks you to come and meet with the administrators to set the record straight. Which of these are true about PKI and encryption? Select the best answers.
Public-key encryption was invented in 1976 by Whitfield Diffie and Martin Hellman.
RSA is a type of encryption.
Which Type of scan sends a packets with no flags set? Select the Answer
How would you describe a simple yet very effective mechanism for sending and receiving unauthorized information or data between machines without alerting any firewalls and IDS's on a network?
You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the Internet. What search string will you use to locate them?
Which of the following is not considered to be a part of active sniffing?
The MD5 program is used to:
verify that a disk is not altered when you examine it
Bill is attempting a series of SQL queries in order to map out the tables within the database that he is trying to exploit. Choose the attack type from the choices given below.
You are a Administrator of Windows server. You want to find the port number for POP3. What file would you find the information in and where? Select the best answer.