Q1. What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common? 

A. All are hacking tools developed by the legion of doom 

B. All are tools that can be used not only by hackers, but also security personnel 

C. All are DDOS tools 

D. All are tools that are only effective against Windows 

E. All are tools that are only effective against Linux 

View Answer

Q2. A distributed port scan operates by: 

A. Blocking access to the scanning clients by the targeted host 

B. Using denial-of-service software against a range of TCP ports 

C. Blocking access to the targeted host by each of the distributed scanning clients 

D. Having multiple computers each scan a small number of ports, then correlating the results 

View Answer

Q3. DRAG DROP 

Drag the term to match with it’s description 

Exhibit: 

View Answer

Q4. According to the CEH methodology, what is the next step to be performed after footprinting? 

A. Enumeration 

B. Scanning 

C. System Hacking 

D. Social Engineering 

E. Expanding Influence 

View Answer

Q5. What are the limitations of Vulnerability scanners? (Select 2 answers) 

A. There are often better at detecting well-known vulnerabilities than more esoteric ones 

B. The scanning speed of their scanners are extremely high 

C. It is impossible for any, one scanning product to incorporate all known vulnerabilities in a timely manner 

D. The more vulnerabilities detected, the more tests required 

E. They are highly expensive and require per host scan license 

View Answer

Q6. Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours, without any consideration for others. Neil knows that he has an up-to-date content filtering system and such access should not be authorized. What type of technique might be used by these offenders to access the Internet without restriction? 

A. They are using UDP that is always authorized at the firewall 

B. They are using an older version of Internet Explorer that allow them to bypass the proxy server 

C. They have been able to compromise the firewall, modify the rules, and give themselves proper access 

D. They are using tunneling software that allows them to communicate with protocols in a way it was not intended 

View Answer

Q7. Barney is looking for a Windows NT/2000/XP command-line tool that can be used to assign display or modify ACLs (Access Control Lists) to files or folders and that could also be used within batch files. Which of the following tools could be used for this purpose? 

A. PERM.EXE 

B. CACLS.EXE 

C. CLACS.EXE 

D. NTPERM.EXE 

View Answer

Q8. How do you defend against DHCP Starvation attack? 

A. Enable ARP-Block on the switch 

B. Enable DHCP snooping on the switch 

C. Configure DHCP-BLOCK to 1 on the switch 

D. Install DHCP filters on the switch to block this attack 

View Answer

Q9. Spears Technology, Inc is a software development company located in Los Angeles, California. They reported a breach in security, stating that its “security defenses has been breached and exploited for 2 weeks by hackers. “The hackers had accessed and downloaded 90,000 address containing customer credit cards and password. Spears Technology found this attack to be so to law enforcement officials to protect their intellectual property. 

How did this attack occur? The intruder entered through an employees home machine, which was connected to Spears Technology, Inc’s corporate VPN network. The application called BEAST Trojan was used in the attack to open a “Back Door” allowing the hackers undetected access. The security breach was discovered when customers complained about the usage of their credit cards without their knowledge. 

The hackers were traced back to Beijing China through e-mail address evidence. The credit card information was sent to that same e-mail address. The passwords allowed the hackers to access Spears Technology’s network from a remote location, posing as employees. The intent of the attacker was to steal the source code for their VOIP system and “hold it hostage” from Spears Technology, Inc exchange for ransom. 

The hackers had intended on selling the stolen VOIP software source code to competitors. 

How would you prevent such attacks from occurring in the future at Spears Technology? 

A. Disable VPN access to all your employees from home machines 

B. Allow VPN access but replace the standard authentication with biometric authentication 

C. Replace the VPN access with dial-up modem access to the company’s network 

D. Enable 25 character complex password policy for employees to access the VPN network. 

View Answer

Q10. While scanning a network you observe that all of the web servers in the DMZ are responding to ACK packets on port 80. 

What can you infer from this observation? 

A. They are using Windows based web servers. 

B. They are using UNIX based web servers. 

C. They are not using an intrusion detection system. 

D. They are not using a stateful inspection firewall. 

View Answer