Certified Ethical Hacker V10 Questions and Answers Graded A+

Certified Ethical Hacker V10 Questions and Answers Graded A+ White-hat testing, which involves testing with the knowledge and consent of the organizations IT staff, is also known as: D. Overt testing Social engineering can be used to accomplish: D. All of the above Which nmap command option performs a scan using the initial TCP handshake but sends an RST instead of ACK? A. sS SYN Stealth Scan Which of the following is a Mac OS-X tool used for network discovery and cracking? A. KisMAC The White Box approach to pen testing requires: A. Full knowledge of the system or network to be assessed All of the following are SMTP commands EXCEPT: B. PARSE What is described as searching for sensitive information in the trash that has been thrown out by the target? C. Dumpster Diving The Risk Management process includes all of the following steps EXCEPT: C. Risk Vulnerability Bluejacking does all of the following EXCEPT: D. Exploits a firmware flaw in older devices An email which claims to be from a legitimate source and attempts to solicit information or convince a senior executive to take some sort of action is known as: B. Whaling A web cache poisoning attack can poison all entities EXCEPT: C. Cookies Which of the following is an open-source program offering a visual programming GUI to experiment with cryptographic procedures and animate their results? A. CrypTool Port scanning tools enable a hacker to learn about services running on a host. A. TRUE The spoofing technique that causes the victim system to lose track of the proper sequence number required to continue a secure connection is called: B. Desynchronization Which of the following best describes Steganography? D. The process of hiding data in media files. Which of the following is a collection of Internet information gathering and network troubleshooting utilities? C. NetScanTools Pro A large collection of compromised hosts that are used to conduct DDoS attacks and other malicious actions are known as: B. BotNets A penetration test is the evaluation of the vulnerabilities of an information system or network. B. FALSE Which of the following describes the function of EIP: Extended Instruction Pointer? A. Points to the code that you are currently executing A SSID is used to identify a wireless network. SSIDs are not considered a good security mechanism to protect a wireless network because: A. The SSID is broadcast in clear text. An IDS (Intrusion Detection System) that examines critical files and determines if they have changed is what type of IDS? D. File Integrity Checking An example of Defense In Depth is the combined use of a screening router, a network firewall, a network IDS and a host-based firewall. A. TRUE Which type of SQL Injection allows an attacker to try to alter the SQL statement such that it always returns TRUE (authentication attacks) or performs some function like delete or update? A. Standard The act of altering configuration files and the expected operation of a service is known as what kind of attack? C. Service Reconfiguration Of the common types of DoS/DDoS, an attack that sends packets larger than a target can manage is known as: B. Ping of Death Melissa is a virus that targeted Microsoft Windows platforms. To which category does this virus belong? A. Macro Which of the following attacks exploit OS/application installations that contain scripts or tools meant to help administrators be more efficient, but allow hackers access to powerful tools already installed on the host? A. Shrink Wrap Code Attacks Which of the following established a code of fair information practice that governed the collection, maintenance, use, and dissemination of personally identifiable information (PII)? C. Privacy Act of 1974 A digital signature is a message that is encrypted with the public key instead of the private key. B. FALSE All of the following are examples of evasion techniques EXCEPT: B. Sender Target To steal a password on a Linux machine where would you find the password file? A. /etc/shadow The act of capturing entire packets off the network is achieved through: B. Sniffing Which of the following is a business threat category? E. All of the above Which of the following should organizations create as part of incident response planning? D. All of the Above A worm or virus that infects office documents is known as what kind of virus? B. Macro To attack a wireless network you install an access point and redirect the signal of the original access point. You are now able to capture users authentication data. What kind of attack is this? A. Rogue Access Point Attack What is a self-replicating program that does NOT require user intervention to spread? D. Worm DHCP starvation is a type of denial-of-service attack. A. True HTTP response-splitting attacks are often referred to as a CRLF injection attack. A. TRUE Patch management ensures appropriate patches are installed on all systems. A. TRUE How does a denial-of-service (DoS) attack operate? A. A hacker prevents users from accessing a service. Which of the following forces termination of a TCP session? C. RST (Reset) The system of algorithms, parameters, keys, and/or passwords used for encrypting and decrypting data is called what? A. Cryptosystem All of the following can be used to defend against ARP Spoofing EXCEPT: B. Use ARPWALL system and block ARP spoofing attacks Which of the following was created in response to the September 11, 2001, terrorist attacks? C. U.S. Patriot Act Which of the following is a Windows command-line tool to display account information? B. net user During the vulnerability assessment phase of the vulnerability assessment lifecycle, inference-based techniques use information such as the type of operating system to identify vulnerabilities. B. False Which of the following is NOT a good example of a countermeasure for network security? C. Enable unused ports Which one of the registers gets overwritten with the return address of the exploit code? B. EIP Which of the following describes the wholeness and completeness of the information without any alteration except by authorized sources? B. Integrity A virus that does not increase the size of the infected file by hiding in the "open space" of a file is what type of virus? C. Cavity An attacker tries to access restricted directories and execute commands on the webserver by using the URL to change directories is called what type of attack? D. Directory Traversal Individuals who download and use scripts/exploit tools with no real understanding of the concepts being employed in causing an effect are called? C. Script Kiddies The difference between signature detection and anomaly detection is: B. Anomaly detection relies on finding differences and signature detection relies on known attacks. What does the term Hacktivism mean? C. Hackers who are hacking for a cause. In a public key infrastructure the public key is used to unencrypt a message and sign messages. B. FALSE Bills for unused services are a sign of identity theft. A. True An IDS alert where an intrusion did not occur and an alarm was not raised is a: D. True Negative Which of the following is a central accessible location where public keys are stored? C. Certificate Depository (CD) Which of the following describes the primary function of a proxy? A. System set up to act as an intermediary between the target and attacker The HIPPA Privacy Rule regulates the use and disclosure of protected health information. A. TRUE Drawing of symbols in public places to publicize an open Wi-Fi wireless network is called what? A. WarChalking Which hashing function uses 160-bit digest? B. SHA 1 All of the following can help protect yourself from Google Hacking EXCEPT: C. Keep default pages and samples Bots, as part of a botnet, can be controlled by hackers through: A. IRC Channel Which of the following activities would NOT be considered passive footprinting? A. Scan the range of IP address found in the target's DNS database Which of the following best represents the symptoms a host may have when infected by a virus or worm? D. All of the above A victim receives an SMS requesting they visit a URL, which then infects the phone with malware, is an example of: D. Smishing Which of the following is the most effective countermeasure to password cracking? C. Compose a strong password based on a phrase that results in a random combination of letters and numbers and symbols What does a Brute Force attack use? C. Every combination of letters, numbers, and symbols to obtain a user's password Which of the following would you utilize to obtain information on cyber attack trends since it analyzes breach data reported from organizations? D. Verizon Data Breach Investigations Report Overwhelming an application with traffic is what kind of application attack? C. SYN flood Capturing traffic in a hub environment where a sniffer is usually placed in "promiscuous mode" and listens only is: A. Passive Sniffing Which of the following is a common proxy tool? D. All of the above