EXAMEN DE CERTIFICACION DE CEH V9
1. In 2007, this wireless security algoritnm was rendered useless by capturing packets and discovering the passkey in a matter of seconds. This security aw led to a network invasi!n of T" #a$$ and data theft through a techni%ue known as wardriving. &hich 'lgorithm is this referring to(
) 2. To determine if a software program properly handles a wide range of invalid input, a form of automated testing can ve used to ramdomly generate invalid input in an attempt to crash the program. &hat term is commonly used when referring to this type of testing(
) *. &ich of the following types of +rewalls ensures that the packets are part of the established sesi!n(
) ). &hich of the following is a lowtech way of gaining unauthori-ed 'ccess to systems(
) . /ow does the 'ddress esolution esolution rotocol '3 work(
* 4. isks 5 Threats $ 6ulnerabilities is referred to as the
* 7. 8ou 8ou have successfully compromised a machine on the network and found a server that is alive on the network. 8ou 8ou tried to ping it but you didn9t get any response back. &hat is happening( 2 :. It is an entity or event with the potencial to adversely impact a system through unauthori-ed 'ccess, disclosure, disclosure, denial of service or modi+cation of data. &hich of the following terms best matches the de+nition(
) ;. <#' =sn 1;2.14:.11.20021 The <#' command above performs performs which of the following(
1 10. This international organi-ation regulates billions of transactions daily and provides security guidelines to protect personally identi+able information II3. These security controls provide a baseline and prevent lowlevel hackers hackers sometimes known as script kiddies from causing a data breach. &hich of the following organi-ations is being described(
2 11. ' company9s security policy states that all &eb browsers must automatically delete their /TT browser cookies upon terminating. &hat sort of security breach is this policy attempting to mitigate(
) 12. &hich of the following is the leastlikely physical characteristic to be used in biometric control that supports a large company(
* 1*. 8ou are using <#' to resolve domain names into I addresses for a ping sweep later. &hich of the following commands looks for I addresses(
) 1). &hich regulation de+nes security and privacy controls for >ederal information systems and organi-ations(
* 1. The purpose of a ????????? is to deny network 'ccess to local area networks and other information assets by unauthori-ed wireless devices.
* 14. Initiating an attack against targeted businesses and organi-ations, threat actors compromise a carefully selected website by inserting an e$ploit resulting in malware infection. The attackers run e$ploits on well known and trusted sites likely to be visited by their targeted victims. 'side from carefully choosing sites to compromise, these attacks are known to incorporate -eroday e$ploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these e$ploits. &hat type of attack is outlined in the scenario(
* 17. @uring a security audit of IT processes, an IA auditor found that there were no documented security procedures. &hat should the IA auditor do(
* 1:. &hich of the following tools can be used for passive BA +ngerprinting(
2 1;. &hich of the following parameters describe C# /ash I = The ma$imum password length is 1) characters. II = There are no distinctions between uppercase and lowercase. III = The password is split into two 7 = byte halves.
1
20. ' new wireless client con+gured to Doin a :02.11 network. This client uses the same hardware and software as many of the other cli ents on the network. The client can see the network, but cannot connect. ' wireless packet sniEer shows that the &ireless 'ccess oint &'3 is not responding to the association re%uest being sent by the wireless client. &hat is a possible source of this problem(
* 21. &hich of the following is one of the most eEective ways to prevent Frosssite Acripting GAA3 aws in software applications(
2 22. It is a kind of malware malicious software3 that criminals install on your computer so they can lock it from a remote location. This malware generates a popup window, webpage, or email warning from what looks like an oHcial authority. It e$plains that your computer has been locked because of possible illegal activities on it and demands payment before you can access your +les and programs again. &hich of the following terms best matches the de+nition(
) 2*. &hich of the following is designed to indentify malicious attempts to penetrate systems(
2 2). &hen you are collecting information to perform a data analysis, oogle commands are very useful to +nd sensitive information and +les. These +les may contain information about passwords, system functions, or documentation. &hat command will help you to search +les using oogle as a search engine(
* 2. &hich of the following tools is used to detect wireless C'
) 24. 8ou are logged in as a local admin on a &indows 7 system and you need to launch the Fomputer #anagement Fonsole from command line. &hich command would you use(
* 27. Aession splicing is an I@A evasion techni%ue in which an attacker delivers data in multiple, smallsi-ed packets to the target computer, making it very diHcult for an I@A to detect the attack signatures. &hich tool can be used to perform session splicing attacks(
2 2:. &hich mode of IAec should you use to assure security and con+dentiality of data within the same C'<(
2 2;. &hich of the following is a command line packet analy-er similar to KI based &ireshark(
) *0. This phase will increase the odds of success in later phases of the penetration test. It is also the very +rst step in Information athering, and it will tell you what the LlandscapeM looks like. &hat is the most important phase of ethical hacking in which you need to spend a considerable amount of time(
2 *1. 's a certi+ed Nthical /acker, you were contracted by a private +rm to conduct an e$ternal security assessment through penetration testing. &hat document describes the speci+cs of the testing, the associated violations, and essentially protects both the organi-ation9s interest and your liabilities as a tester(
1 *2. In isk #anagement, how is term LlikelihoodM related to the concept of Lthreat(M
1 **. &hich of the following security operations is used for determining the attack surface of an organi-ation(
2
*). To maintain compliance with regulatory re%uirements, a security audit of the system on a network must be performed to determine their compliance with security policies. &hich one of the following tools would most likely be used in such an audit(
2 *. It is a vulnerability in
2 *4. The /eartbleed bug was discovered in 200) and is widely referred to under #ITN9s Fommon 6ulnerabilities and N$posures F6N3 as F6N201) 0140. This bug aEects the BpenAAC implementation of the transport layer security TCA3 protocols de+ned in >F420. &hat type of key does this bug leave e$posed to the Internet making e$ploitation of any compromised system very easy(
* *7. &hich method of password cracking takes the most time and eEort(
2 *:. 'n attacker has installed a 'T on a host. The attacker wants to ensure that when a user attempts to go to www.#yersonalOank.com, that the user id directed to a phishing site. &hich +le does the attacker need to modify(
* *;. @uring a recent security assessment, you discover the organi-ation has one @omain
* )0. &hen you are getting information about a web server, it is very important to know the /TT #ethods NT, BAT, /N'@, KT, @NCNTN, T'FN3 that are available because there are two critical methods KT and @NCNTN3. KT can upload a +le to the server and @NCNTN can delete a +le from the server. 8ou can detect all these methods NT, BAT, /N'@, KT, @NCNTN, T'FN3 using <#' script engine. &hat nmap script will help you with this task(
1 )1. erspective clients want to see sample reports from previous penetration tests. &hat should you do ne$t(
* )2. 8ou9ve gained physical access to a &indows 200: 2 server which has an accessible disc drive. &hen you attempt to boot the server and log in, you are unable to guess the password. In your tool kit you have an Kbuntu ;.10 Cinu$ CiveF@. &hich Cinu$ based tool has the ability to change any user9s password or to activate disabled &indows accounts(
*
)*. &hen you return to your desk after a lunch break, you notice a strange email in your inbo$. The sender is someone you did business with recently, but the subDect line has strange characters in it. &hat should you do(
* )). ' regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal +nancial data from the bank by compromising only a single server. Oased on this information, what should be one of your key recommendations to the bank(
2 ). &hich of the following can the administrator do to verify that a tape backup can be recovered in its entirety(
) )4. &hat is the process of logging, recording, and resolving events that take place in an organi-ation(
2 )7. &hich of the following is assured by the use of a hash(
* ):. &hich of the following statements regarding ethical hacking is incorrect(
) );. &hich of the following is the successor of AAC(
* 0. &hich of the following describes the characteristics of a Ooot Aector 6irus(
* 1. icardo wants to send secret messages to a competitor company. To secure these messages, he uses a techni%ue of hiding a secret message within an ordinary message. The techni%ue provides Qsecurity through obscurity9. &hat techni%ue is icardo using(
1 2. &hich of the following incident handling process phases is responsible for de+ning rules, collaborating human workforce, creating a backup plan, and testing the plans for an organi-ation(
1 *. &hich security strategy re%uires using several, varying methods to protect IT systems against attacks(
* ). ort scanning can be used as part of a technical assessment to determine network vulnerabilities. The TF G#'A scan is used to identify ports on the targeted system. If a scanned port is open, what happens(
1 . 8ou have successfully gained access to a linu$ server and would like to ensure that the succeeding outgoing traHc from this server will not be caught by a
) 4. 8ou work as a Aecurity 'nalyst for a retail organi-ation. In securing the company9s network, you set up a +rewall and an I@A. /owever, hackers are able to attack the network. 'fter investigating, you discover that your I@A is not unable to trigger alarms when needed. &hat type of alert is the I@A giving(
1 7. &hich of the following is a component of a risk assessment(
) :. &hich of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data e$change(
1 ;. &hich of the following is an e$tremely common I@A evasion techni%ue in the web world(
2 40. 8ou have compromised a server on a network and successfully opened a shell. 8ou aimed to identify all operating systems running on the network. /owever, as you attempt to +ngerprint all machines in the network using going through.
2 41. ' common cryptographical tool is the use of GB. GB the following binary values
) 42. &hile using your bank9s online servicing you notice the following string in the KC bar 8ou observe that if you modify the @amount R Famount values and submit the re%uest, that data on the web page reect the changes. &hich type of vulnerability is present on this site(
) 4*. &hile performing online banking using a &eb browser, a user receives an email that contains a link to an interesting &eb site. &hen the user clicks on the link, another &eb browser session starts and displays a video of cats playing a piano. The ne$t business day, the user receives what looks like an email from his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authori-ation of a funds transfer that took place. &hat &eb browserbased security vulnerability was e$ploited to compromise the user(
* 4). 8ou have compromised a server and successfully gained a root access. 8ou want to pivot and pass traHc undetected over the network and evade any possible Intrusion @etection Aystem. &hat is the best approach(
1 4. &hich protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a +rewall(
1 44. "immy is standing outside a secure entrance to a facility. /e is pretending to having a tense conversation on his cell phone as an authori-ed employee badges in "immy, while still on the phone, grabs the door as it begins to close. &hat Dust happened(
*
47. ' network administrator discovers several unknown +les in the root directory of his Cinu$ >T server. Bne of the +les is a tarball, two are shell script +les, and the third is a binary +le is named LncM. The >T server9s access logs show that the anonymous user account logged in to the server, uploaded the +les, and e$tracted the contents of the tarball and ran the script using a function provided by the >T server9s software. The ps command shows that the nc +le is running as process, and the netstat command shows the nc process is listening on a network port. &hat kind of vulnerability must be present to make this remote attack possible(
1 4:. &hich tool can be used to silently copy +les from KAO devices(
2 4;. 8ou Dust set up a security system in your network. In what kind of system would you +nd the following string of characters used as a rule within its con+guration(
* 70. This asymmetry cipher is based on factoring the product of two large prime numbers. &hat cipher is described above(
1 71. @uring a blackbo$ pen test you attempt to pass IF traHc over port :0JTF from a compromised web enabled host. The traHc gets blockedS however, outbound /TT traHc is unimpeded. &hat type of +rewall is inspecting outbound traHc(
1 72. 'n Internet Aervice rovider IA3 has a need to authenticate users connecting using analog modems, @igital Aubscriber Cines @AC3, wireless data services, and 6irtual rivate rame elay network. &hich ''' protocol is most likely able to handle this re%uirement(
2 7*. 8ou are performing a penetration test. 8ou achieved access via buEer overow e$ploit and you proceed to +nd interesting data, such as +les with usernames and passwords. 8ou +nd a hidden folder that has the administrator9s bank account password and login information for the administrator9s bitcoin account. &hat should you do(
* 7). ' hacker has successfully infected an internetfacing server which he will then use to send Dunk mail, take part in coordinated attacks, or host Dunk email content. &hich sort of TroDan infects this server(
2 7. &hich of these options is the most secure procedure for storing backup tapes(
2 74. 8ou have successfully gained access to your client9s internal network and successfully comprised a linu$ server which is part of the internal I
network. 8ou want to know which #icrosoft &indows workstations have +le sharing enabled. &hich port would you see listening on these &indows machines in the network(
)
77. 'n attacker changes the pro+le information of a particular user victim3 on the target website. The attacker uses this string to update the victim9s pro+le to a te$t +le and then submit the data to the attacker9s database.
) 7:. &hich tool allows analysts and pen testers to e$amine links between data using graphs and link analysis(
* 7;. 8our team has won a contract to in+ltrate an organi-ation. The company wants to have the attack be as realistic as possibleS therefore, they did not provide any information besides the company name. &hat should be the +rst step in security testing the client(
2 :0. ' company9s &eb development team has become aware of a certain type of security vulnerability in their &eb software. To mitigate the possibility of this vulnerability being e$ploited, the team wants to modify the software re%uirements to disallow users from entering /T#C as input into their &eb application. &hat kind of &eb application vulnerability likely e$ists in their software(
1
:1. It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing and sharing any electronic medical data to keep patient data secure. &hich of the following regulations best matches the description(
2 :2. &hich of the following tools is used to analy-e the +les produced by several packetcapture programs such as tcpdump, &in@ump, &ireshark, and Nthereek(
1 :*. The security concept of Lseparation of dutiesM is most similar to the operation of which type of security device(
1 :). "esse receives an email with an attachment labeled LFourt?
* :. The con+guration allows a wired or wireless network interface controller to pass all traHc it receives to the central processing unit FK3, rather than passing only the frames that the controller is intended to receive. &hich of the following is being described(
2 :4. This tool is an :02.11 &N and &'A keys cracking program that can recover keys once enough data packets have been captured. It implements the standard >#A attack along with some optimi-ations like ore attacks, as well as the T& attack, thus making the attack much faster compared to other &N cracking tools. &hich of the following tools is being described(
2 :7. &hat is the best description of AUC inDection(
2 ::. 8ou are a
1 :;. 8ou have successfully comprised a server having an I address of 10.10.0.. 8ou would like to enumerate all machines in the same network %uickly. &hat is the best nmap command you will use(
)
;0. &hat is a Lcollision attackM in cryptography(
1 ;1. &hich of the following is a design pattern based on distinct pieces of software providing application functionality as services to other applications(
) ;2. The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is V*00. It will re%uire 10 hours to restore the BA and software to the new hard disk. It will re%uire a further ) hours to restore the database from the last backup to the new hard disk. The recovery person earns V10Jhour. Falculate the ACN, 'B, and 'CN assume the N>51100W3. &hat is the closest appro$imate cost of this replacement and recovery operation per year(
* ;*. The network administrator contacts you and tells you that she noticed the temperature on the internal router increases by more than 20W during weekend hours when the oHce was closed. Ahe asks you to investigate the issue because she is busy dealing with a big conference and she doesn9t have time to perform the task. &hat tool can you use to view the network traHc being sent and received by the wireless router(
2 ;). The Bpen &eb 'pplication Aecurity roDect B&'A3 is the worldwide notforpro+t charitable organi-ation focused on improving the security of software. &hat item is the primary concern on B&'A9A Top Ten roDect #ost Fritical &eb 'pplication Aecurity isks(
) ;. The Lblack bo$ testingM methodology enforces which kind of restriction(
* ;4. It is a shortrange wireless communication technology intended to replace the cables connecting portable of +$ed devices while maintaining high levels of security. It allows mobile phones, computers and other devices to shortrange wireless connection. &hich of the following terms best matches the de+nition(
2 ;7. &hich of the following statements is TKN(
1 ;:. &'M uses 'NA for wireless data encryption at which of the following encryption levels(
1 ;;. ' penetration tester is conducting a port scan on a speci+c host. The tester found several ports opened that were confusing in concluding the Bperating Aystem BA3 version installed. Fonsidering the <#' result below, which of the following is likely to be installed on the target machine by the BA( Atarting <#' .21 at 20110*1 1104 <#' scan report for 172.14.)0.4 /ost is up 1.00s latency3.
BT AT'TN AN6IFN 21Jtco open ftp 2*Jtcp open telnet :0Jtcp open http 1*;Jtcp open netbiosssn 1Jtcp open 4*1Jtcp open ipp ;100Jtcp open #'F 'ddress 0000):0@NN:
1 100. 'n attacker gains access to a &eb server9s database and displays the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the &eb site9s user login page that the software9s designers did not e$pect to be entered. This is an e$ample of what kind of software design problem(
* 101. The Lgray bo$ testingM methodology enforces what kind of restriction(
1 102. &hich of the following is the ONAT way to defend against network sniHng(
* 10*. &hat does a +rewall check to prevent particular ports and applications from getting packets into an organi-ation(
) 10). &hich of the following is a protocol speci+cally designed for transporting event messages(
) 10. 'n incident investigator asks to receive a copy of the event logs from all +rewalls, pro$y servers, and Intrusion @etection Aystems I@A3 on the network of an organi-ation that has e$perienced a possible breach of security. &hen the investigator attempts to correlate the information in all of the logs, the se%uence of many of the logged events do not match up. &hat is the most likely cause(
* 104. 8ou are tasked to perform a penetration test. &hile you are performing information gathering, you +nd an employee list in oogle. 8ou +nd the receptionist9s email, and you send her an email changing the source email to her boss9s email bossXcompany3. In this email, you ask for a pdf with information. Ahe reads your email and sends back a pdf with links. 8ou e$change the pdf links with your malicious links these links contain malware3 and send back the modi+ed pdf, saying that the links don9t work. Ahe reads your email, opens the links, and her machine gets infected. 8ou now have access to the company network. &hat testing method did you use(
1 107. &hich of the following tools performs comprehensive tests against web servers, including dangerous +les and FIs(
) 10:. ' mediumsi-ed healthcare IT business decides to implement a risk management strategy. &hich of the following is
) 10;. 8ou are attempting to maninthemiddle a session. &hich protocol will allow you to guess a se%uence number(
* 110. 8ou are performing information gathering for an important penetration test. 8ou have found pdf, doc, and images in your obDective. 8ou decide to e$tract metadata from these +les and analy-e it. &hat tool will help you with the task(
* 111. The Lwhite bo$ testingM methodology enforces what kind of restriction(
* 112. 8our company was hired by a small healthcare provider to perform a technical assessment on the network. &hat is the best approach for discovering vulnerabilities on a &indowsbased computer(
) 11*. &hen you are testing a web application, it is very useful to employ a pro$y tool to save every re%uest and response. 8ou can manually test every re%uest and analy-e the response to +nd vulnerabilities. 8ou can test parameter and headers manually to get more precise results than if using web vulnerability scanners. &hat pro$y tool will help you +nd web vulnerabilities(
1 11). &hich of the following is not a Oluetooth attack(
) 11. , AAC and IN are all e$amples of which type of cryptography(
1 114. env $593Y SZS echo e$ploit9 bash =c QcatJetcJpasswd9 &hat is the Ahellshock bash vulnerability attempting to do on an vulnerable Cinu$ host(
* 117. &hat term describes the amount of risk that remains after the vulnerabilities are classi+ed and the counter measures have been deployed(
2 11:. 8ou are the Aystems 'dministrator for a large corporate organi-ation. 8ou need to monitor all network traHc on your local network for suspicious activities and receive noti+cations when an attack is occurring. &hich tool would allow you to accomplish this goal(
1 11;. 8ou9ve Dust been hired to perform a pen test on an organi-ation that has been subDected to a largescale attack. The FIB is concerned with mitigating threats and vulnerabilities to totally eliminate risk. &hat is one of the +rst things you should do when given the Dob(
2 120. &hat is the most common method to e$ploit the LOash OugM or LAhellAhockM vulnerability(
2 121. 8our company performs penetration tests and security assessments for small and mediumsi-ed business in the local area. @uring a routine security assessment, you discover information that suggests your client is involved with human traHcking. &hat should you do(
1 122. 'n Intrusion @etection Aystem I@A3 has alerted the network administrator to a possibly malicious se%uence of packets sent to a &eb server in the network9s e$ternal @#P. The packet traHc was captured by the I@A and saved to a F' +le. &hat type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive(
* 12*.
) 12). "ohn is an incident handler at a +nancial institution. /is steps in a recent incident are not up to the standards of the company. "ohn fre%uently forgets some steps and procedures while handling responses as they are very stressful to perform. &hich of the following actions should "ohn take to overcome this problem with the least administrative eEort(
* 12. 8ou have several plainte$t +rewall logs that you must review to evaluate network traHc. 8ou know that in order to do fast, eHcient searches of the logs you must use regular e$pressions. &hich commandline utility are you most likely to use(
*