Podcast
Questions and Answers
Which of the following best describes a counter-based authentication system?
Which of the following best describes a counter-based authentication system?
- A biometric system that bases authentication decisions on physical attributes.
- An authentication system that uses passphrases that are converted into virtual passwords.
- An authentication system that creates one-time passwords that are encrypted with secret keys. (correct)
- A biometric system that bases authentication decisions on behavioral attributes.
What term is commonly used when referring to testing a software program with invalid input to attempt to crash it?
What term is commonly used when referring to testing a software program with invalid input to attempt to crash it?
- Bounding
- Fuzzing (correct)
- Mutating
- Randomizing
Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?
Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?
- AH Tunnel mode
- ESP confidential
- AH promiscuous
- ESP transport mode (correct)
What is the first step followed by Vulnerability Scanners for scanning a network?
What is the first step followed by Vulnerability Scanners for scanning a network?
What type of attack does the log extract describe?
What type of attack does the log extract describe?
Which of the following is not a Bluetooth attack?
Which of the following is not a Bluetooth attack?
What testing method was used when an employee was tricked into opening links that contained malware?
What testing method was used when an employee was tricked into opening links that contained malware?
What kind of vulnerability must be present to make the remote attack possible?
What kind of vulnerability must be present to make the remote attack possible?
What does a firewall check to prevent particular ports and applications from getting packets into an organization?
What does a firewall check to prevent particular ports and applications from getting packets into an organization?
Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a Linux platform?
Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a Linux platform?
What type of key does the Heartbleed bug leave exposed to the Internet, making exploitation of any compromised system very easy?
What type of key does the Heartbleed bug leave exposed to the Internet, making exploitation of any compromised system very easy?
Which system consists of a publicly available set of databases that contain domain name registration contact information?
Which system consists of a publicly available set of databases that contain domain name registration contact information?
Which of the following is assured by the use of a hash?
Which of the following is assured by the use of a hash?
Choose the exploit against which the given snort rule applies.
Choose the exploit against which the given snort rule applies.
Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication.
Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication.
How did the attacker accomplish the hack on the Mason Insurance website?
How did the attacker accomplish the hack on the Mason Insurance website?
What may be the problem if some websites are not accessible using the URL but can be accessed using the IP address?
What may be the problem if some websites are not accessible using the URL but can be accessed using the IP address?
If a token and 4-digit PIN are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?
If a token and 4-digit PIN are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?
What did the following commands determine?
What did the following commands determine?
What does the –oX flag do in an Nmap scan?
What does the –oX flag do in an Nmap scan?
What would be the most effective method to bridge the knowledge gap between 'black' hats and 'white' hats?
What would be the most effective method to bridge the knowledge gap between 'black' hats and 'white' hats?
What is the recommended architecture for deploying a new web-based software package that requires three separate servers?
What is the recommended architecture for deploying a new web-based software package that requires three separate servers?
Which of the following Linux commands will resolve a domain name into an IP address?
Which of the following Linux commands will resolve a domain name into an IP address?
What can be said about Bob's conclusion that a DMZ is not needed if a firewall is properly configured?
What can be said about Bob's conclusion that a DMZ is not needed if a firewall is properly configured?
Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network?
Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network?
Which type of security feature stops vehicles from crashing through the doors of a building?
Which type of security feature stops vehicles from crashing through the doors of a building?
The collection of potentially actionable, overt, and publicly available information is known as?
The collection of potentially actionable, overt, and publicly available information is known as?
At what layer of the OSI model does the encryption and decryption of the message take place?
At what layer of the OSI model does the encryption and decryption of the message take place?
Which other option could the tester use to get a response from a host using TCP?
Which other option could the tester use to get a response from a host using TCP?
What does receiving the email message prove about CompanyXYZ’s email gateway?
What does receiving the email message prove about CompanyXYZ’s email gateway?
What Nmap script will help you detect HTTP methods available on a web server?
What Nmap script will help you detect HTTP methods available on a web server?
Which risk decision will be the best for the project's successful continuation with the most business profit?
Which risk decision will be the best for the project's successful continuation with the most business profit?
What is the TTL in the SOA record 'Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400)?'
What is the TTL in the SOA record 'Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400)?'
Under what conditions does a secondary name server request a zone transfer from a primary name server?
Under what conditions does a secondary name server request a zone transfer from a primary name server?
Which of the following programs is usually targeted at Microsoft Office products?
Which of the following programs is usually targeted at Microsoft Office products?
Which of the following is a component of a risk assessment?
Which of the following is a component of a risk assessment?
Which tool can be used to perform session splicing attacks?
Which tool can be used to perform session splicing attacks?
Which of the following tools can be used to perform a zone transfer?
Which of the following tools can be used to perform a zone transfer?
What is the name of the attack mentioned in the scenario where an attacker uses a transparent iframe?
What is the name of the attack mentioned in the scenario where an attacker uses a transparent iframe?
Which regulation defines security and privacy controls for Federal information systems and organizations?
Which regulation defines security and privacy controls for Federal information systems and organizations?
What is being described when a network interface passes all traffic it receives to the CPU?
What is being described when a network interface passes all traffic it receives to the CPU?
PGP, SSL, and IKE are all examples of which type of cryptography?
PGP, SSL, and IKE are all examples of which type of cryptography?
Which of the following program infects the system boot sector and the executable files at the same time?
Which of the following program infects the system boot sector and the executable files at the same time?
Which of the following represents the initial two commands that an IRC client sends to join an IRC network?
Which of the following represents the initial two commands that an IRC client sends to join an IRC network?
What is a possible source of the problem when a wireless client can see the network but cannot connect?
What is a possible source of the problem when a wireless client can see the network but cannot connect?
What is the proper response for a NULL scan if the port is open?
What is the proper response for a NULL scan if the port is open?
What is not a PCI compliance recommendation?
What is not a PCI compliance recommendation?
What is the name of the command used by SMTP to transmit email over TLS?
What is the name of the command used by SMTP to transmit email over TLS?
What kind of attack is Susan carrying on when she synchronizes her boss's sessions and intercepts his traffic?
What kind of attack is Susan carrying on when she synchronizes her boss's sessions and intercepts his traffic?
What type of authentication factors does Steve's technological solution implement?
What type of authentication factors does Steve's technological solution implement?
What should Bob do to avoid students connecting their notebooks to the wired network?
What should Bob do to avoid students connecting their notebooks to the wired network?
Which incident handling process phase is responsible for defining rules, collaborating, creating backup plans, and testing plans?
Which incident handling process phase is responsible for defining rules, collaborating, creating backup plans, and testing plans?
Why is a penetration test considered to be more thorough than a vulnerability scan?
Why is a penetration test considered to be more thorough than a vulnerability scan?
What should you do if you discover information suggesting your client is involved with human trafficking during a security assessment?
What should you do if you discover information suggesting your client is involved with human trafficking during a security assessment?
What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?
What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?
Based on the extract from the log of a compromised machine, what is the hacker really trying to steal?
Based on the extract from the log of a compromised machine, what is the hacker really trying to steal?
........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises.
........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises.
A zone file consists of which of the following Resource Records (RRs)?
A zone file consists of which of the following Resource Records (RRs)?
The time a hacker spends performing research to locate this information about a company is known as?
The time a hacker spends performing research to locate this information about a company is known as?
What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?
What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?
Which results will be returned with the following Google search query? site:target.com – site:Marketing.target.com accounting
Which results will be returned with the following Google search query? site:target.com – site:Marketing.target.com accounting
Which hacking process is Peter doing when searching for information about DX Company?
Which hacking process is Peter doing when searching for information about DX Company?
What type of firewall is inspecting outbound traffic when outbound HTTP traffic is unimpeded but IRC traffic is blocked?
What type of firewall is inspecting outbound traffic when outbound HTTP traffic is unimpeded but IRC traffic is blocked?
Which command can be used as a display filter to find unencrypted file transfers?
Which command can be used as a display filter to find unencrypted file transfers?
What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems?
What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems?
What is the purpose of a demilitarized zone on a network?
What is the purpose of a demilitarized zone on a network?
What is the proper response for a NULL scan if the port is closed?
What is the proper response for a NULL scan if the port is closed?
What is the best Nmap command to quickly enumerate all machines in the network 10.10.0.0/24?
What is the best Nmap command to quickly enumerate all machines in the network 10.10.0.0/24?
Which of the following statements about a zone transfer is correct? (Choose three.)
Which of the following statements about a zone transfer is correct? (Choose three.)
What is the purpose of the command 'net use \targetipc$ "" /u:""'?
What is the purpose of the command 'net use \targetipc$ "" /u:""'?
Which tool did the hacker probably use to inject HTML code during an MITM attack?
Which tool did the hacker probably use to inject HTML code during an MITM attack?
What will an attacker do next if he has launched a successful STP manipulation attack?
What will an attacker do next if he has launched a successful STP manipulation attack?
What has occurred if a computer is able to transfer files locally but cannot reach the Internet?
What has occurred if a computer is able to transfer files locally but cannot reach the Internet?
What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?
What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?
Why would you consider sending an email to an address that does not exist within a company you are testing?
Why would you consider sending an email to an address that does not exist within a company you are testing?
Which DNS resource record indicates how long any 'DNS poisoning' could last?
Which DNS resource record indicates how long any 'DNS poisoning' could last?
What means can Bob adopt to retrieve passwords from client hosts and servers?
What means can Bob adopt to retrieve passwords from client hosts and servers?
Which layer 3 protocol allows for end-to-end encryption of FTP connections?
Which layer 3 protocol allows for end-to-end encryption of FTP connections?
Which Intrusion Detection System is ideal for observing sensitive network segments?
Which Intrusion Detection System is ideal for observing sensitive network segments?
Which algorithms can guarantee the integrity of messages?
Which algorithms can guarantee the integrity of messages?
What type of vulnerability is present if modifying parameters in the URL affects the displayed data?
What type of vulnerability is present if modifying parameters in the URL affects the displayed data?
Which method of password cracking takes the most time and effort?
Which method of password cracking takes the most time and effort?
Why should the security analyst disable/remove unnecessary ISAPI filters?
Why should the security analyst disable/remove unnecessary ISAPI filters?
What can the CFO use to ensure the integrity of financial statements sent to an accountant?
What can the CFO use to ensure the integrity of financial statements sent to an accountant?
What is a ‘Collision attack’ in cryptography?
What is a ‘Collision attack’ in cryptography?
Which network tool can determine if captured packets are malicious or a false positive?
Which network tool can determine if captured packets are malicious or a false positive?
From the provided SIDs list, identify the user account with System Administrator privileges.
From the provided SIDs list, identify the user account with System Administrator privileges.
What two conditions must a digital signature meet?
What two conditions must a digital signature meet?
Which statement is true regarding the text message Bob received?
Which statement is true regarding the text message Bob received?
Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?
Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?
What tool should the analyst use to perform a Blackjacking attack?
What tool should the analyst use to perform a Blackjacking attack?
What sort of security breach is the policy attempting to mitigate if all web browsers must automatically delete their HTTP browser cookies upon termination?
What sort of security breach is the policy attempting to mitigate if all web browsers must automatically delete their HTTP browser cookies upon termination?
What type of attack occurs when Eric relays information between two entities without either party noticing?
What type of attack occurs when Eric relays information between two entities without either party noticing?
What is the best approach for discovering vulnerabilities on a Windows-based computer?
What is the best approach for discovering vulnerabilities on a Windows-based computer?
Which TCP and UDP ports must you filter to check null sessions on your network?
Which TCP and UDP ports must you filter to check null sessions on your network?
Which tools would be effective for SNMP enumeration?
Which tools would be effective for SNMP enumeration?
What is the minimum number of network connections in a multihomed firewall?
What is the minimum number of network connections in a multihomed firewall?
What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?
What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?
Which of the following tools can be used for passive OS fingerprinting?
Which of the following tools can be used for passive OS fingerprinting?
What type of alert is logged when an external router is accessed by the administrator’s computer to update the router configuration?
What type of alert is logged when an external router is accessed by the administrator’s computer to update the router configuration?
Which security feature on switches leverages the DHCP snooping database to help prevent man-in-the-middle attacks?
Which security feature on switches leverages the DHCP snooping database to help prevent man-in-the-middle attacks?
What is the known plaintext attack used against DES which shows that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?
What is the known plaintext attack used against DES which shows that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?
What can a network admin do to prevent ARP spoofing or poisoning?
What can a network admin do to prevent ARP spoofing or poisoning?
How long will the secondary servers attempt to contact the primary server before they consider the zone dead?
How long will the secondary servers attempt to contact the primary server before they consider the zone dead?
What is the first step that the bank should take before enabling the audit feature?
What is the first step that the bank should take before enabling the audit feature?
Which command line packet analyzer is similar to GUI-based Wireshark?
Which command line packet analyzer is similar to GUI-based Wireshark?
Which tools would be effective for enumeration? (Choose three.)
Which tools would be effective for enumeration? (Choose three.)
What is the role of test automation in security testing?
What is the role of test automation in security testing?
What is meant by a 'rubber-hose' attack in cryptanalysis?
What is meant by a 'rubber-hose' attack in cryptanalysis?
What is the best security policy concerning a secured data center housing network elements?
What is the best security policy concerning a secured data center housing network elements?
What is the version in the following SOA record: Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400)?
What is the version in the following SOA record: Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400)?
By using a smart card and PIN, you are using a two-factor authentication that satisfies:
By using a smart card and PIN, you are using a two-factor authentication that satisfies:
Flashcards are hidden until you start studying
Study Notes
Certified Ethical Hacker Exam (CEHv12) Overview
- Exam code for certification: 312-50v12
- Total number of questions: 572
- Contact for support: [email protected]
Exam Topic Breakdown
- Topic 1 (Exam Pool A): 141 questions
- Topic 2 (Exam Pool B): 182 questions
- Topic 3 (Exam Pool C): 249 questions
OSI Model and Encryption
- Encryption occurs at the Presentation Layer (Layer 6) of the OSI model, responsible for data formatting and translation.
- Decryption also takes place within the presentation layer, handling data received by applications.
Network Testing and Pinging
- When ICMP is disabled and TCP is used, Hping can be employed as an alternative to receive responses from hosts.
Email Security Assessments
- Email spoofing is when a malicious sender fabricates an email header to appear as though it originated from a legitimate source.
- Testing email gateways is crucial to ensure they can detect and prevent email spoofing.
HTTP Methods and Nmap
- Common HTTP methods: GET, POST, PUT, DELETE, among others.
- Nmap's http-methods script detects available HTTP methods on a web server.
Risk Management in Security
- Risk Acceptance is preferable when risk levels drop below the company’s risk threshold after mitigation efforts.
- Different strategies include Risk Mitigation, Avoidance, Limitation, and Transference, each with distinct approaches to handling risks.
Domain Name System (DNS) Records
- When analyzing SOA (Start of Authority) records, the Time to Live (TTL) indicates how long the data remains valid.
- A secondary name server requests a zone transfer when the primary SOA record has a higher version identifier.
Malware and Security Threats
- Macro viruses specifically target Microsoft Office applications, executing automatically when infected documents are opened.
- Clickjacking is an attack tricking users into clicking on transparent links, redirecting them to malicious sites.
Federal Security Regulations
- NIST-800-53 regulates security and privacy controls for federal information systems and organizations in the U.S.
Network Interface Modes
- Promiscuous mode allows a network interface to pass all traffic to the CPU instead of just intended frames, useful for monitoring.
Cryptography Types
- PGP, SSL, and IKE are examples of Public Key cryptography, utilized for secure communications.
Network Traffic Analysis
- To identify unencrypted file transfers, use the Wireshark display filter tcp.port == 21 for FTP traffic.
Detection Techniques in Antivirus Software
- Cloud-based detection identifies malware through data analysis from protected systems, enabling real-time threat detection and response.
Demilitarized Zones (DMZs)
- A DMZ serves to protect internal networks while allowing controlled access to nodes within the DMZ itself.
Nmap and Network Enumeration
- The optimal Nmap command for quick enumeration of machines on the same network:
nmap -T4 -F 10.10.0.0/24
.### Nmap Scanning nmap -T4 -O 10.10.0.0/24
command used for fast, aggressive scanning with OS detection.- The
-T
flag adjusts scan speed from 0 (paranoid) to 5 (insane), impacting stealth and performance. - The
-F
option reduces scanned ports from 1000 to 100 for a faster scan.
Zone Transfers
- Zone transfers are DNS operations that transfer all zone information from a primary to a secondary DNS server.
- Can be prevented by blocking inbound TCP connections on port 53.
Null Session Connections
- Command
net use \targetipc$ "" /u:""
is a method to create a null session connection. - Null session allows unauthenticated access to an NT or Windows 2000 machine.
Man-in-the-Middle (MITM) Attacks
- Attackers can use tools like Ettercap to inject malicious code into HTTP traffic through MITM attacks.
- MITM utilizes rogue access points to manipulate traffic between users and servers.
STP Manipulation
- Attacker can perform Spanning Tree Protocol (STP) manipulation to redirect network traffic after gaining access to internal networks.
Wireless Connection Issues
- A failure to connect to the internet while local file transfers can occur may suggest that gateways are not routing properly to public IP addresses.
Risk Management
- The concept of residual risk refers to the remaining risk after vulnerabilities are addressed and countermeasures are applied.
Email Testing in Penetration Testing
- Sending emails to non-existent addresses can reveal information about email server treatment of undeliverable mail, aiding security assessments.
Digital Signature Integrity
- Digital signatures must be unforgeable and authentic to ensure document integrity.
Vulnerability Detection Tools
- Nikto is a comprehensive web server vulnerability scanner capable of identifying dangerous files and CGIs.
Encryption Protocols
- IPsec is an effective layer 3 protocol that provides encryption for FTP and other connections, ensuring secure communications.
Cryptography and Hashing
- Collision attacks in cryptography aim to find two inputs that produce the same hash output.
Intrusion Detection Systems (IDS)
- Network-based IDS (NIDS) is particularly effective in large environments for monitoring sensitive network segments.
Password Cracking Methods
- Brute force attacks take the most effort and time, testing every possible combination until the correct one is found.
HTTP Cookie Security
- Policies to delete HTTP cookies upon browser closure are aimed at mitigating risks related to stolen authentication credentials.
Dsniff Tool Usage
- Dsniff can intercept communications, allowing an attacker to relay information unnoticed, demonstrating a man-in-the-middle attack.
Vulnerability Assessment Best Practices
- Utilizing dedicated scanning tools, like Nessus, is best for identifying vulnerabilities on Windows-based systems.### SNMP Enumeration Tools
- Recommended tools for SNMP enumeration include SNMPUtil, SNScan, and Solarwinds IP Network Browser.
Network Connections in Multihomed Firewalls
- The minimum number of network connections required is two.
L0phtcrack and SMB Sniffing
- Kerberos usage is likely preventing the ability to capture Windows logon credentials.
SSL/TLS Cryptography
- Using both symmetric and asymmetric cryptography provides efficiency for devices with limited processing power.
Passive OS Fingerprinting
- Tcpdump is the tool utilized for passive operating system fingerprinting.
IDS Log Analysis Alerts
- An alert logged for accessing an external router during a legitimate operation is considered a false positive.
DHCP Snooping and Security Features
- Dynamic ARP Inspection (DAI) uses the DHCP snooping database to mitigate ARP spoofing attacks.
Meet-in-the-Middle Attack on DES
- A known plaintext attack demonstrating that Double DES is not more secure than using a single key is called a meet-in-the-middle attack.
Preventing ARP Spoofing
- Recommended actions to prevent ARP spoofing include using port security, monitoring with ARPwatch, and using static ARP entries.
Zone Transfer Attempt Duration
- Secondary servers will attempt to contact primary servers for up to one week before considering the zone dead.
Audit Feature Activation
- Before enabling audit features in sensitive systems, evaluate the impact of enabling them.
Command Line Packet Analyzer
- Tcpdump serves as a command line packet analyzer, similar to the GUI-based Wireshark.
Enumeration Tools
- USER2SID, SID2USER, and DumpSec are effective tools used for enumeration.
Role of Test Automation in Security Testing
- Test automation accelerates security benchmark tests but does not fully replace manual testing.
Rubber-Hose Attack
- This term refers to the extraction of cryptographic secrets through coercion or extreme pressure on individuals.
Security Policy for Data Centers
- Ensure network elements are secured with strong user IDs and regular security audits.
SOA Record Version Identification
- The version from an SOA record can be determined as 200302028.
Two-Factor Authentication
- Two-factor authentication includes something the user has (like a smart card) and something they know (like a PIN).
Vulnerability Causing Remote Attacks on FTP Servers
- Improper file system permissions can lead to unauthorized executive actions on a Linux FTP server.
Firewall Packet Checking
- Firewalls check transport layer port numbers and application layer headers to restrict packet flow.
Wireless LAN Detection Tool
- Kismet detects wireless LANs compliant with 802.11 standards on Linux platforms.
Heartbleed Bug Vulnerability
- The Heartbleed bug exposes private keys, making it easier to exploit compromised systems.
WHOIS Database
- A publicly available database holding domain name registration contact information is known as WHOIS.
Hash Function Assurance
- The use of a hash guarantees data integrity, ensuring that information has not been altered.
Snort Rule Target
- The Snort rule was designed to apply against the MS Blaster exploit.
NTP UDP Port
- The primary UDP port used by Network Time Protocol (NTP) is 123.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.