CEH practice UPDATED ACTUAL Exam
Questions and CORRECT Answers
Which of the following attacks is specific to UDP?
DDoS
sequence prediction
smurf
fraggle - CORRECT ANSWER- Fraggle uses UDP Echo and Chargen packets with spoofed
source address to spam the source address with responses.
Which of the following does Aircrack-ng use to crack WPA and WPA2 PSKs?
korek
dictionary
PTW
FMS - CORRECT ANSWER- Aircrack-ng uses only the dictionary technique to crack WPA
and WPA2 pre-shared keys (PSKs). Aircrack-ng is used to crack 802.11 WEP, WPA, and WPA2
When using Firewalk to determine which ports a firewall is blocking, which response is Firewalk
not likely to receive on a filtered port?
Destination port unreachable
No response
TTL expired in transit
Communication administratively prohibited - CORRECT ANSWER- "TTL expired in
transit"
Time to live (TTL) values are manipulated by Firewalk so that the packets expire one hop after
the firewall.
Which is an example of blackboard architecture?
Bayesian system designed to learn to recognize spam
API that allows components to communicate and deliver data
,File server that provides access to clients
Single app that contains both UI and code to access data - CORRECT ANSWER-
Blackboard architecture is a design in which a database is established to solve a problem;
Bayesian antispam techniques where users contribute examples of spam to teach the App how to
recognize it exemplify this
What is libwhisker? - CORRECT ANSWER- a Perl module that supports IDS evasion
techniques
Which protocol provides data encryption and authentication?
PPTP
IPSec
L2TP
GRE - CORRECT ANSWER- IPSec provides data encryp and authentication, protecting
MitM attacks.
PPTP - CORRECT ANSWER- point-to-point protocol:
used for data transfers across IP-based VPN, but uses Extensible Authentication Protocol (EAP)
for authentication, operating at the Data Link OSI layer
L2TP - CORRECT ANSWER- Layer 2 Tunneling Protocol:
used to transfer data across VPN, but uses IPSec
GRE - CORRECT ANSWER- Generic Routing Encapsulation is a tunneling protocol that is
used to encapsulate and forward non-IP protocols like IPX or AppleTalk
RSA - CORRECT ANSWER- RSA is an ASYMMETRIC encryption algorithm that uses
factors of prime numbers. Asymmetric encryption is used in PKI. VULNERABLE TO CHOSEN
CIPHERTEXT.
,AES - CORRECT ANSWER- Advanced encryption standard (AES) is a SYMMETRIC
encryption algorithm that encrypts BLOCKS of data
3DES - CORRECT ANSWER- Triple Data Encryption Standard (3DES) is a symmetric
encryption algorithm; uses multiple 56-bit passes to generate a 168-bit key
RC4 - CORRECT ANSWER- a stream cipher that encrypts data in streams of 8 to 2048 bits
FIbonacci SHrinking (FISH) - CORRECT ANSWER- symmetric encryption algorithm
Skipjack - CORRECT ANSWER- symmetric encryption algorithm
Blowfish - CORRECT ANSWER- Symmetric encryption algorithm
HINFO - CORRECT ANSWER- resource type used to configure the OS type of a DNS
record
MINFO - CORRECT ANSWER- resource type used to display eMail Mailbox information
UINFO - CORRECT ANSWER- resource type used to display User information
Which is true of TCPView?
it does not include a GUI
it can be installed on Windows, Linux, and UNIx
It updates every second by default
it only displays TCP connections - CORRECT ANSWER- TCPView updates every second
by default, but can be modified to refresh ever 2sec, 5sec, or pause completely.
TCPView is a GUI tool for Windows-only
, Which of the following options can you select from the Preferences tab when creating a new
policy in Nessus 5.2?
SSH settings
Cleartext protocol settings
Performance
Global variable settings - CORRECT ANSWER- Global variable settings
What security standard is based on BS 7799 and focused on security governance? - CORRECT
ANSWER- ISO 27001 is based on BS 7799 and focused on security governance.
ISO 17799 and ISO 27002 - CORRECT ANSWER- Based on the FIRST part of BS 7799,
define security objectives based on industry best practices, AKA ISO 27002
COBIT - CORRECT ANSWER- Control OBjects for Information and related Technology is
an IT management framework created by Information Systems Audit and Control Association
(ISACA); sorts control objectives into DOMAINS (planning and org, delivery and support, etc.)
You suspect that a firewall is filtering ICMP packets between your host and a target server.
Which command would NOT be useful in testing connectivity?
A. hping2 -c 5 10.10.10.10
B. hping2 -c 5 -1 10.10.10.10
C. hping2 -c 5 0 10.10.10.10
D. hping2 -c 5 -2 10.10.10.10 - CORRECT ANSWER- B
hping2 -c 5 -1 10.10.10.10
-0 or --rawip: raw IP
-1 or --icmp: ICMP
-2 or --upd: UDP
IF ICMP IS BEING FILTERED, DON'T USE -1 or --icmp
Questions and CORRECT Answers
Which of the following attacks is specific to UDP?
DDoS
sequence prediction
smurf
fraggle - CORRECT ANSWER- Fraggle uses UDP Echo and Chargen packets with spoofed
source address to spam the source address with responses.
Which of the following does Aircrack-ng use to crack WPA and WPA2 PSKs?
korek
dictionary
PTW
FMS - CORRECT ANSWER- Aircrack-ng uses only the dictionary technique to crack WPA
and WPA2 pre-shared keys (PSKs). Aircrack-ng is used to crack 802.11 WEP, WPA, and WPA2
When using Firewalk to determine which ports a firewall is blocking, which response is Firewalk
not likely to receive on a filtered port?
Destination port unreachable
No response
TTL expired in transit
Communication administratively prohibited - CORRECT ANSWER- "TTL expired in
transit"
Time to live (TTL) values are manipulated by Firewalk so that the packets expire one hop after
the firewall.
Which is an example of blackboard architecture?
Bayesian system designed to learn to recognize spam
API that allows components to communicate and deliver data
,File server that provides access to clients
Single app that contains both UI and code to access data - CORRECT ANSWER-
Blackboard architecture is a design in which a database is established to solve a problem;
Bayesian antispam techniques where users contribute examples of spam to teach the App how to
recognize it exemplify this
What is libwhisker? - CORRECT ANSWER- a Perl module that supports IDS evasion
techniques
Which protocol provides data encryption and authentication?
PPTP
IPSec
L2TP
GRE - CORRECT ANSWER- IPSec provides data encryp and authentication, protecting
MitM attacks.
PPTP - CORRECT ANSWER- point-to-point protocol:
used for data transfers across IP-based VPN, but uses Extensible Authentication Protocol (EAP)
for authentication, operating at the Data Link OSI layer
L2TP - CORRECT ANSWER- Layer 2 Tunneling Protocol:
used to transfer data across VPN, but uses IPSec
GRE - CORRECT ANSWER- Generic Routing Encapsulation is a tunneling protocol that is
used to encapsulate and forward non-IP protocols like IPX or AppleTalk
RSA - CORRECT ANSWER- RSA is an ASYMMETRIC encryption algorithm that uses
factors of prime numbers. Asymmetric encryption is used in PKI. VULNERABLE TO CHOSEN
CIPHERTEXT.
,AES - CORRECT ANSWER- Advanced encryption standard (AES) is a SYMMETRIC
encryption algorithm that encrypts BLOCKS of data
3DES - CORRECT ANSWER- Triple Data Encryption Standard (3DES) is a symmetric
encryption algorithm; uses multiple 56-bit passes to generate a 168-bit key
RC4 - CORRECT ANSWER- a stream cipher that encrypts data in streams of 8 to 2048 bits
FIbonacci SHrinking (FISH) - CORRECT ANSWER- symmetric encryption algorithm
Skipjack - CORRECT ANSWER- symmetric encryption algorithm
Blowfish - CORRECT ANSWER- Symmetric encryption algorithm
HINFO - CORRECT ANSWER- resource type used to configure the OS type of a DNS
record
MINFO - CORRECT ANSWER- resource type used to display eMail Mailbox information
UINFO - CORRECT ANSWER- resource type used to display User information
Which is true of TCPView?
it does not include a GUI
it can be installed on Windows, Linux, and UNIx
It updates every second by default
it only displays TCP connections - CORRECT ANSWER- TCPView updates every second
by default, but can be modified to refresh ever 2sec, 5sec, or pause completely.
TCPView is a GUI tool for Windows-only
, Which of the following options can you select from the Preferences tab when creating a new
policy in Nessus 5.2?
SSH settings
Cleartext protocol settings
Performance
Global variable settings - CORRECT ANSWER- Global variable settings
What security standard is based on BS 7799 and focused on security governance? - CORRECT
ANSWER- ISO 27001 is based on BS 7799 and focused on security governance.
ISO 17799 and ISO 27002 - CORRECT ANSWER- Based on the FIRST part of BS 7799,
define security objectives based on industry best practices, AKA ISO 27002
COBIT - CORRECT ANSWER- Control OBjects for Information and related Technology is
an IT management framework created by Information Systems Audit and Control Association
(ISACA); sorts control objectives into DOMAINS (planning and org, delivery and support, etc.)
You suspect that a firewall is filtering ICMP packets between your host and a target server.
Which command would NOT be useful in testing connectivity?
A. hping2 -c 5 10.10.10.10
B. hping2 -c 5 -1 10.10.10.10
C. hping2 -c 5 0 10.10.10.10
D. hping2 -c 5 -2 10.10.10.10 - CORRECT ANSWER- B
hping2 -c 5 -1 10.10.10.10
-0 or --rawip: raw IP
-1 or --icmp: ICMP
-2 or --upd: UDP
IF ICMP IS BEING FILTERED, DON'T USE -1 or --icmp
