CEH Assessment from CEH Flashcards
Hacker is a person who illegally breaks into a system or network without any authorization to destroy, steal sensitive data or to perform any malicious attacks.
Black hat hackers are:
- Individuals with extraordinary computing skills, resorting to malicious or destructive activities and are also known as crackers
- Individuals professing hacker skills and using them for defensive purposes and are also known as security analysts
- Individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing 30 years in jail for their actions
- Individuals who work both offensively and defensively at various times
A. Individuals with extraordinary computing skills, resorting to malicious or destructive activities and are also known as crackers
In order to compromise or to hack a system or network the hackers go through various phases of the hacking.
What is the first hacking phase that hackers perform to gather information about a target prior to launching an attack? Reconnaissance Scanning Gaining Access Maintaining Access Clearing Track
A. Reconnaissance
Defense-in-depth is a security strategy in which several protection layers are placed throughout an information system. It helps to prevent direct attacks against an information system and data because a break in one layer only leads the attacker to the next layer.
True
False
A. TRUE
Penetration testing is a method of actively evaluating the security of an information system or network by simulating an attack from a malicious source.
Which of the following technique is used to simulate an attack from someone who is unfamiliar with the system? Black box pen testing White box pen testing Grey box pen testing Maintaining Access Announced pen testing
Black Box Penetration Test
Which of the following scanning technique attackers use to bypass firewall rules, logging mechanism, and hide themselves as usual network traffic? Stealth scanning technique TCP connect scanning technique Xmas scanning technique Maintaining Access FIN scanning technique
Stealth
Which of the following scan only works if operating system’s TCP/IP implementation is based on RFC 793? NULL scan IDLE scan TCP connect scan Maintaining Access FTP bounce scan
NULL
OS fingerprinting is the method used to determine the operating system running on a remote target system. It is an important scanning method, as the attacker will have a greater probability of success if he/she knows the OS. Active stack fingerprinting is one of the types of OS fingerprinting.
Which of the following is true about active stack fingerprinting?
Uses password crackers to escalate system privileges
Is based on the fact that various vendors of OS implement the TCP stack differently
TCP connect scan
Uses sniffing techniques instead of the scanning techniques
Is based on the differential implantation of the stack and the various ways an OS responds to it
B. Is based on the fact that various vendors of OS implement the TCP stack differently
Proxy is a network computer that can serve as an intermediary for connecting with other computers.
Which of the following sentence is true about a proxy?
Protects the local network from outside access
Does not allow the connection of a number of computers to the Internet when having only one IP address
Allows attacker to view the desktop of users system
Cannot be used to filter out unwanted content
A
IP spoofing refers to the procedure of an attacker changing his or her IP address so that he or she appears to be someone else.
Which of the following IP spoofing detection technique succeed only when the attacker is in a different subnet? Direct TTL probes technique IP identification number technique TCP flow control method UDP flow control method
- Direct TTL Probes – Sending a packet to the claimed host will result in a reply, if the TTL in the reply is not the same as the packet being checked, it is a spoofed packet. This technique is successful when attacker is in a different subnet
- IP Identification Number – Sending a probe packet to the claimed host will result in a reply, if the IPID number in the reply in the near value as the packet being checked, it is a spoofed packet. This technique is successful even if the attacker is in the same subnet
- TCP Flow Control Method – If attacker is sending spoofed packets, he will not receive the target´s ACK packets and will not respond with SYN+ACK packet. If the attacker does not stop sending packets after the initial window size is exhausted, most probably the packets are spoofed.
//Answer is A
Enumeration is defined as the process of extracting user names, machine names, network resources, shares, and services from a system.
Which of the following enumeration an attacker uses to obtain list of computers that belongs to a domain? Netbios enumeration SNMP enumeration NTP enumeration SMTP enumeration
A
Network Time Protocol (NTP) is designed to synchronize clocks of networked computers.
Which of the following port NTP uses as its primary means of communication? UDP port 123 UDP port 113 UDP port 161 UDP port 320
A
Rootkits are kernel programs having the ability to hide themselves and cover up traces of activities. It replaces certain operating system calls and utilities with its own modified versions of those routines.
Which of the following rootkit modifies the boot sequence of the machine to load themselves instead of the original virtual machine monitor or operating system? Hypervisor level rootkit Kernel level rootkit Boot loader level rootkit Library level rootkits
A Hypervisor
Steganography is a technique of hiding a secret message within an ordinary message and extracting it at the destination to maintain confidentiality of data.
Which of the following steganography technique embed secret message in the frequency domain of a signal? Substitution techniques Transform domain techniques Spread spectrum techniques Domain distortion techniques Cover generation techniques
B Transform Domain Techniques
A virus is a self-replicating program that produces its own code by attaching copies of it into other executable codes.
Which of the following virus evade the anti-virus software by intercepting its requests to the operating system? Stealth/Tunneling virus Cluster virus Macro virus System or boot sector virus
A Stealth/Tunneling Virus
Lawful intercept is a process that enables a Law Enforcement Agency (LEA) to perform electronic surveillance on a target as authorized by a judicial or administrative order.
Which of the following statement is true for lawful intercept?
Affects the subscriber’s services on the router
Hides information about lawful intercepts from all but the most privileged users
Does not allows multiple LEAs to run a lawful intercept on the same target without each others knowledge
Allows wiretaps only for outgoing communication
alters the traffic
B Hides information about lawful intercepts from all but the most privileged users
Sniffer turns the NIC of a system to the promiscuous mode so that it listens to all the data transmitted on its segment. It can constantly read all information entering the computer through the NIC by decoding the information encapsulated in the data packet. Passive sniffing is one of the types of sniffing. Passive sniffing refers to: Sniffing through a hub Sniffing through a router Sniffing through a switch Sniffing through a bridge
Sniffing is the process of capturing traffic sent between two systems.A sniffer can be a packet-capturing or frame-capturing tool. Depending on how the sniffer is used and the security measures in place, a hacker can use a sniffer to discover usernames,passwords, and other confidential information transmitted on the network. Several hacking attacks and various hacking tools require the use of a sniffer to obtain important information sent from the target system.
…There are two different types of sniffing: passive and active…
Passive sniffing—- involves listening and capturing traffic, and is useful in a network connected by hubs;
active sniffing—-involves launching an Address Resolution Protocol (ARP) spoofing or traffic-flooding attack against a switch in order to capture traffic.
As the names indicate, active sniffing is detectable but passive sniffing isn’t.
NOTE-The term packet refers to the data at layer 3 or the network layer of the OSI model whereas frame refers to data at layer 2 or the data link layer. Frames contain MAC addresses, and packets contain IP addresses.
//A
Address Resolution Protocol (ARP) is a protocol for mapping an IP address to a physical machine address that is recognized in the local network. ARP Spoofing involves constructing a large number of forged ARP request and reply packets to overload: Switch Router Hub Bridge
Switch
Denial of Service (DoS) is an attack on a computer or network that prevents legitimate use of its resources. In a DoS attack, attackers flood a victim system with non-legitimate service requests or traffic to overload its resources, which prevents it from performing intended tasks.
Which of the following is a symptom of a DoS attack?
Unavailability of a particular website
Decrease in the amount of spam emails received
Automatic increase in network bandwidth
Automatic increase in network performance
A
Session Hijacking refers to the exploitation of a valid computer session where an attacker takes over a session between two computers.
Which of the following factor contribute to a successful session hijacking attack? Account lockout for invalid session IDs Definite session expiration time Weak session ID generation algorithm No clear text transmission
C Weak session ID generation algorithm
Buffer Overflow occurs when an application writes more data to a block of memory, or buffer, than the buffer is allocated to hold. Buffer overflow attacks allow an attacker to modify the \_\_\_\_\_\_\_\_\_\_\_ in order to control the process execution, crash the process and modify internal variables. Target process’s address space Target remote access Target rainbow table Target SAM file
A