CEH Chapter 0 Assessment Test PDF

Summary

This document is a practice assessment test, focusing on fundamental concepts in network security and related topics like protocols and methods. It includes assessment questions to help test knowledge on network security.

Full Transcript

Assessment Test xxv

Assessment Test
1. Which header field is used to reassemble fragmented IP packets?
A. Destination address
B. IP identification
C. Don’t fragment bit
D. ToS field

2. If you were to see the following in a packet capture, what would you expect was happening?
' or 1=1;
A. Cross-­site scripting
B. Command injection
C. SQL injection
D. XML external entity injection

3. What method might you use to successfully get malware onto a mobile device?
A. Through the Apple Store or Google Play Store
B. External storage on an Android
C. Third-­party app store
D. Jailbreaking

4. What protocol is used to take a destination IP address and get a packet to a destination on
the local network?
A. DHCP
B. ARP
C. DNS
D. RARP

5. What would be the result of sending the string AAAAAAAAAAAAAAAAA into a variable
that has been allocated space for 8 bytes?
A. Heap spraying
B. SQL injection
C. Buffer overflow
D. Slowloris attack

6. If you were to see the subnet mask 255.255.248.0, what CIDR notation (prefix) would you
use to indicate the same thing?
A. /23
B. /22
C. /21
D. /20
xxvi Assessment Test

7. What is the primary difference between a worm and a virus?
A. A worm uses polymorphic code.
B. A virus uses polymorphic code.
C. A worm can self-­propagate.
D. A virus can self-­propagate.

8. How would you calculate risk?
A. Probability * loss
B. Probability * mitigation factor
C. (Loss + mitigation factor) * (loss/probability)
D. Loss * mitigation factor

9. How does an evil twin attack work?
A. Phishing users for credentials
B. Spoofing an SSID
C. Changing an SSID
D. Injecting four-­way handshakes

10. To remove malware in the network before it gets to the endpoint, you would use which of
the following?
A. Antivirus
B. Application layer gateway
C. Unified threat management appliance
D. Stateful firewall

11. What is the purpose of a security policy?
A. Providing high-­level guidance on the role of security
B. Providing specific direction to security workers
C. Increasing the bottom line of a company
D. Aligning standards and practices

12. What has been done to the following string?
%3Cscript%3Ealert('wubble');%3C/script%3E
A. Base64 encoding
B. URL encoding
C. Encryption
D. Cryptographic hashing
 Assessment Test xxvii

13. What would you get from running the command dig ns domain.com?
A. Mail exchanger records for domain.com
B. Name server records for domain.com
C. Caching name server for domain.com
D. IP address for the hostname ns

14. What technique would you ideally use to get all of the hostnames associated with a domain?
A. DNS query
B. Zone copy
C. Zone transfer
D. Recursive request

15. If you were to notice operating system commands inside a DNS request while looking at a
packet capture, what might you be looking at?
A. Tunneling attack
B. DNS amplification
C. DNS recursion
D. XML entity injection

16. What would be the purpose of running a ping sweep?
A. You want to identify responsive hosts without a port scan.
B. You want to use something that is light on network traffic.
C. You want to use a protocol that may be allowed through the firewall.
D. All of the above.

17. How many functions are specified by NIST’s cybersecurity framework?
A. 0
B. 3
C. 5
D. 4

18. What would be one reason not to write malware in Python?
A. The Python interpreter is slow.
B. The Python interpreter may not be available.
C. There is inadequate library support.
D. Python is a hard language to learn.
xxviii Assessment Test

19. If you saw the following command line, what would you be capturing?
tcpdump -­
i eth2 host 192.168.10.5
A. Traffic just from 192.168.10.5
B. Traffic to and from 192.168.10.5
C. Traffic just to 192.168.10.5
D. All traffic other than from 192.168.10.5

20. What is Diffie-­Hellman used for?
A. Key management
B. Key isolation
C. Key exchange
D. Key revocation

21. Which social engineering principle may allow a phony call from the help desk to be effective?
A. Social proof
B. Imitation
C. Scarcity
D. Authority

22. How do you authenticate with SNMPv1?
A. Username/password
B. Hash
C. Public string
D. Community string

23. What is the process Java programs identify themselves to if they are sharing procedures over
the network?
A. RMI registry
B. RMI mapper
C. RMI database
D. RMI process

24. What do we call an ARP response without a corresponding ARP request?
A. Is-­at response
B. Who-­has ARP
C. Gratuitous ARP
D. IP response
 Assessment Test xxix

25. What are the three times that are typically stored as part of file metadata?
A. Moves, adds, changes
B. Modified, accessed, deleted
C. Moved, accessed, changed
D. Modified, accessed, created

26. Which of these is a reason to use an exploit against a local vulnerability?
A. Pivoting
B. Log manipulation
C. Privilege escalation
D. Password collection

27. What principle is used to demonstrate that a signed message came from the owner of the key
that signed it?
A. Nonrepudiation
B. Nonverifiability
C. Integrity
D. Authority

28. What is a viable approach to protecting against tailgating?
A. Biometrics
B. Badge access
C. Phone verification
D. Man traps

29. Why is bluesnarfing potentially more dangerous than bluejacking?
A. Bluejacking sends, while bluesnarfing receives.
B. Bluejacking receives, while bluesnarfing sends.
C. Bluejacking installs keyloggers.
D. Bluesnarfing installs keyloggers.

30. Which of the security triad properties does the Biba security model relate to?
A. Confidentiality
B. Integrity
C. Availability
D. All of them