CEH Exam UPDATED Exam Questions
and CORRECT Answers
Tool that can be used to run a covert channel over ICMP. - CORRECT ANSWER- Loki
What is the following Snort rule used for?
#alert tcp any any -> $HOME_NET 22 (msg: "Policy Violation Detected", dsize: 52 flags: AP;
threshold: type both, track by_src, count 3, seconds 60; classtype: successful-user; sid:2001637;
rev:3;) - CORRECT ANSWER- to detect if someone attempts to use SSH
Which Trojan uses port 81?
a. Poison Ivy
b. Obot
c. Loki
d. ICMP send - CORRECT ANSWER- Obot
Which tool is commonly used for enumeration?
A. GetAcct
B. John
C. LCP
D. IAM tool kit - CORRECT ANSWER- A. GetAcct
Which tool is used for web-based password cracking?
A. ObiWan
B. SQLsmack
C. Wikto
D. N-Stealth - CORRECT ANSWER- A. ObiWan
,What type of encryption is used to secure Linux passwords? - CORRECT ANSWER- Linux
passwords are encrypted with asymmetric algorithms.
Which of the following is a LMK rootkit?
a. Flea
b. T0rm
c. Adore
d. Chkroot - CORRECT ANSWER- Adore.
It is a loadable kernel module (LMK) rootkit. It runs in kernel space after the system is running.
A _____ ____ ______ runs in kernel space but can be loaded separately after the system is
running? - CORRECT ANSWER- Loadable Kernel Module
Which of the following uses the same key to encode and decode data?
a. RSA
b. ElGamal
c. ECC
d. RC5 - CORRECT ANSWER- RC5
RC5 is a ___ ____ symemetric cipher in which the number of rounds can range from 0 to 255,
and the key can range from 0 to 2040 bits in size. - CORRECT ANSWER- block-based
____ is the number of rounds RC5 can range is from. The key size can range from __ to ___ bits.
- CORRECT ANSWER- 0 to 255 (rounds)
0 to 2040 (bits)
____ basically puts a program in a sandbox.
a. Tripwire
b. IPChains
, c. Chkrootkit
d. IPTables - CORRECT ANSWER- Chkrootkit
This version of 802.11 wireless operates at the 5.725 to 5.825GHz range.
a. 802.11a
b. 802.11b
c. 802.11g
d. 802.1x - CORRECT ANSWER- 802.11a
the OSSTMM is used for which of the following?
a. Open social engineering testing
b. Security training
c. Audits
d. Security assessments - CORRECT ANSWER- Security assessments
Which of the following properly describes an evasion attack?
a. An IDS blindly believes and accepts a packet that an end system has rejected.
b. Splits data between several packets that the IDS cannot detect.
c. An end system accepts a packet that an IDS rejects
d. Uses polymorphic shell code to avoid detection. - CORRECT ANSWER- c. An end
system accepts a packet that an IDS rejects.
An ______ attack sends packets that the IDS rejects but that the target ___ accepts. - CORRECT
ANSWER- evasion attack
target host
Which of the following is true about Firewalking?
a. It alters the TTL
and CORRECT Answers
Tool that can be used to run a covert channel over ICMP. - CORRECT ANSWER- Loki
What is the following Snort rule used for?
#alert tcp any any -> $HOME_NET 22 (msg: "Policy Violation Detected", dsize: 52 flags: AP;
threshold: type both, track by_src, count 3, seconds 60; classtype: successful-user; sid:2001637;
rev:3;) - CORRECT ANSWER- to detect if someone attempts to use SSH
Which Trojan uses port 81?
a. Poison Ivy
b. Obot
c. Loki
d. ICMP send - CORRECT ANSWER- Obot
Which tool is commonly used for enumeration?
A. GetAcct
B. John
C. LCP
D. IAM tool kit - CORRECT ANSWER- A. GetAcct
Which tool is used for web-based password cracking?
A. ObiWan
B. SQLsmack
C. Wikto
D. N-Stealth - CORRECT ANSWER- A. ObiWan
,What type of encryption is used to secure Linux passwords? - CORRECT ANSWER- Linux
passwords are encrypted with asymmetric algorithms.
Which of the following is a LMK rootkit?
a. Flea
b. T0rm
c. Adore
d. Chkroot - CORRECT ANSWER- Adore.
It is a loadable kernel module (LMK) rootkit. It runs in kernel space after the system is running.
A _____ ____ ______ runs in kernel space but can be loaded separately after the system is
running? - CORRECT ANSWER- Loadable Kernel Module
Which of the following uses the same key to encode and decode data?
a. RSA
b. ElGamal
c. ECC
d. RC5 - CORRECT ANSWER- RC5
RC5 is a ___ ____ symemetric cipher in which the number of rounds can range from 0 to 255,
and the key can range from 0 to 2040 bits in size. - CORRECT ANSWER- block-based
____ is the number of rounds RC5 can range is from. The key size can range from __ to ___ bits.
- CORRECT ANSWER- 0 to 255 (rounds)
0 to 2040 (bits)
____ basically puts a program in a sandbox.
a. Tripwire
b. IPChains
, c. Chkrootkit
d. IPTables - CORRECT ANSWER- Chkrootkit
This version of 802.11 wireless operates at the 5.725 to 5.825GHz range.
a. 802.11a
b. 802.11b
c. 802.11g
d. 802.1x - CORRECT ANSWER- 802.11a
the OSSTMM is used for which of the following?
a. Open social engineering testing
b. Security training
c. Audits
d. Security assessments - CORRECT ANSWER- Security assessments
Which of the following properly describes an evasion attack?
a. An IDS blindly believes and accepts a packet that an end system has rejected.
b. Splits data between several packets that the IDS cannot detect.
c. An end system accepts a packet that an IDS rejects
d. Uses polymorphic shell code to avoid detection. - CORRECT ANSWER- c. An end
system accepts a packet that an IDS rejects.
An ______ attack sends packets that the IDS rejects but that the target ___ accepts. - CORRECT
ANSWER- evasion attack
target host
Which of the following is true about Firewalking?
a. It alters the TTL
