CEH Chapter 5 UPDATED ACTUAL Exam
Questions and CORRECT Answers
(p113) You are examining test logs from the day's pen test activities and note the following
entries on a Windows 8 machine:
Which of the following is true regarding the code listing?
A. The team member added a user account.
B. The team member switched his login to that of a different user.
C. The team member changed the password of a user.
D. The team member renamed a user account. - CORRECT ANSWER- C
Amanda works as a security administrator for a large organization. She discovers some remote
tools installed on a server and has no record of a change request asking for them. After some
investigation, she discovers an unknown IP address connection that was able to access the
network through a high-level port that was not closed. The IP address is first traced to a proxy
server in Mexico. Further investigation shows the connection bounced between several proxy
servers in many locations. Which of the following is the most likely proxy tool used by the
attacker to cover his tracks?
A. ISA proxy
B. IAS proxy
C. TOR proxy
D. Netcat - CORRECT ANSWER- C
(p113) The following HOSTS file was pulled during an incident response:
Which of the following best describes the HOSTS file?
A. A user on the machine attempting to go to check their bank account at mybank.com will be
directed to a Chinese IP address instead.
B. A user on the machine attempting to go to google.com will receive an HTTP return code of
400.
C. A user on the machine attempting to go to gmail.com will redirect to the local host.
, D. Any DNS resolution to IP 220.181.0.16 will be redirected to one of the five sites listed in
round-robin fashion. - CORRECT ANSWER- A
Which of the following opens the Computer Management MMC in a Windows command line?
A. compmgmt.mmc
B. compmgmt.msc
C. compmgmt.exe
D. computermgmt.exe - CORRECT ANSWER- B
Which of the following will extract an executable file from NTFS streaming?
A. c:\> cat file1.txt:hidden.exe > visible.exe
B. c:\> more file1.txt | hidden.exe > visible.exe
C. c:\> type notepad.exe > file1.txt:hidden.exe
D. c:\> list file1.txt$hidden.exe > visible.exe - CORRECT ANSWER- A
Which command is used to allow all privileges to the user, read-only to the group, and read-only
for all others to a particular file, on a Linux machine?
A. chmod 411 file1
B. chmod 114 file1
C. chmod 117 file1
D. chmod 711 file1
E. chmod 744 file1 - CORRECT ANSWER- D
(p114) Examine the following passwd file:
Which of the following statements are true regarding this passwd file? (Choose all that apply.)
A. None of the user accounts has passwords assigned.
B. The system makes use of the shadow file.
C. The root account password is root.
Questions and CORRECT Answers
(p113) You are examining test logs from the day's pen test activities and note the following
entries on a Windows 8 machine:
Which of the following is true regarding the code listing?
A. The team member added a user account.
B. The team member switched his login to that of a different user.
C. The team member changed the password of a user.
D. The team member renamed a user account. - CORRECT ANSWER- C
Amanda works as a security administrator for a large organization. She discovers some remote
tools installed on a server and has no record of a change request asking for them. After some
investigation, she discovers an unknown IP address connection that was able to access the
network through a high-level port that was not closed. The IP address is first traced to a proxy
server in Mexico. Further investigation shows the connection bounced between several proxy
servers in many locations. Which of the following is the most likely proxy tool used by the
attacker to cover his tracks?
A. ISA proxy
B. IAS proxy
C. TOR proxy
D. Netcat - CORRECT ANSWER- C
(p113) The following HOSTS file was pulled during an incident response:
Which of the following best describes the HOSTS file?
A. A user on the machine attempting to go to check their bank account at mybank.com will be
directed to a Chinese IP address instead.
B. A user on the machine attempting to go to google.com will receive an HTTP return code of
400.
C. A user on the machine attempting to go to gmail.com will redirect to the local host.
, D. Any DNS resolution to IP 220.181.0.16 will be redirected to one of the five sites listed in
round-robin fashion. - CORRECT ANSWER- A
Which of the following opens the Computer Management MMC in a Windows command line?
A. compmgmt.mmc
B. compmgmt.msc
C. compmgmt.exe
D. computermgmt.exe - CORRECT ANSWER- B
Which of the following will extract an executable file from NTFS streaming?
A. c:\> cat file1.txt:hidden.exe > visible.exe
B. c:\> more file1.txt | hidden.exe > visible.exe
C. c:\> type notepad.exe > file1.txt:hidden.exe
D. c:\> list file1.txt$hidden.exe > visible.exe - CORRECT ANSWER- A
Which command is used to allow all privileges to the user, read-only to the group, and read-only
for all others to a particular file, on a Linux machine?
A. chmod 411 file1
B. chmod 114 file1
C. chmod 117 file1
D. chmod 711 file1
E. chmod 744 file1 - CORRECT ANSWER- D
(p114) Examine the following passwd file:
Which of the following statements are true regarding this passwd file? (Choose all that apply.)
A. None of the user accounts has passwords assigned.
B. The system makes use of the shadow file.
C. The root account password is root.
