Get real exam questions for 312-50 Ethical Hacking and Countermeasures (CEHv6). 100% Free.
Q1. Which of the following is true of the wireless Service Set ID (SSID)? (Select all that apply.) A. Identifies the wireless network B. Acts as a password for network access C. Should be left at the factory default setting D. Not broadcasting the SSID defeats NetStumbler and other wireless discovery tools View AnswerAnswer: ABQ2. Jimmy, an attacker, knows that he can take advantage of poo
Q1. What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common? A. All are hacking tools developed by the legion of doom B. All are tools that can be used not only by hackers, but also security personnel C. All are DDOS tools D. All are tools that are only effective against Windows E. All are tools that are only effective against Linux View AnswerAnswer: C Explanation: Al
Q1. Which type of sniffing technique is generally referred as MiTM attack? A. Password Sniffing B. ARP Poisoning C. Mac Flooding D. DHCP Sniffing View AnswerAnswer: CQ2. Destination unreachable administratively prohibited messages can inform the hacker to what? A. That a circuit level proxy has been installed and is filtering traffic B. That his/her scans are being blocked by a honeypot
Q1. What port scanning method involves sending spoofed packets to a target system and then looking for adjustments to the IPID on a zombie system? A. Blind Port Scanning B. Idle Scanning C. Bounce Scanning D. Stealth Scanning E. UDP Scanning View AnswerAnswer: BExplanation: from NMAP:-sI <zombie host[:probeport]> Idlescan: This advanced scan method allows fora truly blind TCP port sc
Q1. Study the snort rule given below: From the options below, choose the exploit against which this rule applies. A. WebDav B. SQL Slammer C. MS Blaster D. MyDoom View AnswerAnswer: CExplanation: MS Blaster scans the Internet for computers that are vulnerable to its attack. Once found, it tries to enter the system through the port 135 to create a buffer overflow. TCP ports 139 and 445 may
Q1. Which of the following command line switch would you use for OS detection in Nmap? A. -D B. -O C. -P D. -X View AnswerAnswer: BExplanation: OS DETECTION: -O: Enable OS detection (try 2nd generation w/fallback to 1st) -O2: Only use the new OS detection system (no fallback) -O1: Only use the old (1st generation) OS detection system --osscan-limit: Limit OS detection to promising targets -
Q1. You have initiated an active operating system fingerprinting attempt with nmap against a target system: [root@ceh NG]# /usr/local/bin/nmap -sT -O 10.0.0.1 Starting nmap 3.28 ( www.insecure.org/nmap/) at 2003-06-18 19:14 IDT Interesting ports on 10.0.0.1: (The 1628 ports scanned but not shown below are in state: closed) Port State Service 21/tcp filtered ftp 22/tcp filtered ssh 25/tcp open s
Q1. In Buffer Overflow exploit, which of the following registers gets overwritten with return address of the exploit code? A. EIP B. ESP C. EAP D. EEP View AnswerAnswer: A Explanation: EIP is the instruction pointer which is a register, it points to your next command. Q2. This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes u
Q1. Bret is a web application administrator and has just read that there are a number of surprisingly common web application vulnerabilities that can be exploited by unsophisticated attackers with easily available tools on the Internet. He has also read that when an organization deploys a web application, they invite the world to send HTTP requests. Attacks buried in these requests sail past fir
Q1. Bank of Timbukut is a medium-sized, regional financial institution in Timbuktu. The bank has deployed a new Internet-accessible Web Application recently. Customers can access their account balances, transfer money between accounts, pay bills and conduct online financial business using a web browser. John Stevens is in charge of information security at Bank of Timbukut. After one month in pro
Q1. Lee is using Wireshark to log traffic on his network. He notices a number of packets being directed to an internal IP from an outside IP where the packets are ICMP and their size is around 65,536 bytes. What is Lee seeing here? A. Lee is seeing activity indicative of a Smurf attack. B. Most likely, the ICMP packets are being sent in this manner to attempt IP spoofing. C. Lee is seeing a Pi
Q1. Which of the following Nmap commands would be used to perform a UDP scan of the lower 1024 ports? A. Nmap -h -U B. Nmap -hU <host(s.> C. Nmap -sU -p 1-1024 <host(s.> D. Nmap -u -v -w2 <host> 1-1024 E. Nmap -sS -O target/1024 View AnswerAnswer: CExplanation: Nmap -sU -p 1-1024 <hosts.> is the proper syntax. Learning Nmap and its switches are critical for successf
Q1. Jason is the network administrator of Spears Technology. He has enabled SNORT IDS to detect attacks going through his network. He receives Snort SMS alerts on his iPhone whenever there is an attempted intrusion to his network. He receives the following SMS message during the weekend. An attacker Chew Siew sitting in Beijing, China had just launched a remote scan on Jason's network with
Q1. While attempting to discover the remote operating system on the target computer, you receive the following results from an nmap scan: Starting nmap V. 3.10ALPHA9 ( www.insecure.org/nmap/ <http://www.insecure.org/nmap/> ) Interesting ports on 172.121.12.222: (The 1592 ports scanned but not shown below are in state: filtered) Port State Service 21/tcp open ftp 25/tcp open smtp 53/tcp clo
Q1. Jake is a network administrator who needs to get reports from all the computer and network devices on his network. Jake wants to use SNMP but is afraid that won't be secure since passwords and messages are in clear text. How can Jake gather network information in a secure manner? A. He can use SNMPv3 B. Jake can use SNMPrev5 C. He can use SecWMI D. Jake can use SecSNMP View AnswerAns
Q1. Which of the following is not an effective countermeasure against replay attacks? A. Digital signatures B. Time Stamps C. System identification D. Sequence numbers View AnswerAnswer: CExplanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. Effective countermeasures should be anything that makes it ha
Q1. In the following example, which of these is the "exploit"? Today, Microsoft Corporation released a security notice. It detailed how a person could bring down the Windows 2003 Server operating system, by sending malformed packets to it. They detailed how this malicious process had been automated using basic scripting. Even worse, the new automated method for bringing down the server has alrea
Q1. Which type of hacker represents the highest risk to your network? A. script kiddies B. grey hat hackers C. black hat hackers D. disgruntled employees View AnswerAnswer: DExplanation: The disgruntled users have some permission on your database, versus a hacker who might not get into the database. Global Crossings is a good example of how a disgruntled employee -- who took the internal pa
Q1. More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers - it basically hides the true nature of the shellcode in different disguises. How does a polymorphic shellcode work? A. They convert the shellcode into Unicode, using loader to convert back to machine code then e
Q1. Bill successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn in interactive shell and plans to deface the main web page. He fist attempts to use the “Echo” command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tires to overwrite it with another page in which als