CEH/PEN - Practice Exam_3

Question 1

Nmap scan that executes an XMAS scan every 15 seconds

Answer 1

-sX -sneaky

Question 2

Type of rootkit that will patch, hook, or replace the version of system call in order to hide information

Answer 2

Library level rootkits

Question 3

IPSEC uses which two modes

Answer 3

AH/ESP

Question 4

Firewall with multiple network interfaces

Answer 4

Multihomed firewall

Question 5

Bluejacking is an attack that does what?

Answer 5

Send unsolicited message

Question 6

Honeypot detection tool

Answer 6

Sobek

Question 7

Ways in which an IDS detect intrusion attempts

Answer 7

Signature detection
Anomaly detection

Question 8

What is the length of the IPv6 datagram header?

Answer 8

40 bytes

Question 9

In the IPv6 header, the traffic class field is similar to which field in the IPv4 header?

Answer 9

TOS field

Question 10

Programs that can be used to provide unexpected or random inputs to computer programs are referred to as:

Answer 10

fuzzing

Question 11

In wireshark, the packet bytes pane shows the data of the current packet in which of the following format sytles?

Answer 11

Hex Dump

Question 12

Penetration testers hide Metasploit shellcode to evade Windows Defender by using which of the following Metasploit framework tools?

Answer 12

Msfencode

Question 13

What two security issues are related to containers as compared to VMS

Answer 13

• Open network traffic across services
• Sharing the OS Kernel

Question 14

Within Microsoft Windows NT, which Security Identifier (SID) represents the administrator account

Answer 14

S-1-5- and end with -500

Question 15

(inherent risk) - (impact of risk controls) = ?

Answer 15

Residual risk

Question 16

Vulnerability mapping occurs after which phase of a penetration test

Answer 16

Analysis of host scanning

Question 17

How would you describe an attacker’s attempts to deliver the payload over multiple packets for an extended period of time?

Answer 17

Session splicing

Question 18

What tactics are used in social engineering attacks

Answer 18

Reciprocity
Social Validation
Authority

Question 19

Sending a probe to the target system using a ping scan is a form of which type of reconnaissance?

Answer 19

Active reconnaissance

Question 20

Tool used to scan a webserver for vulnerabilities.

Answer 20

Wikto

Question 21

Which of the following commands will attempt a half-open scan stealthily as possible?

Answer 21

nmap -sS

Question 22

If you wanted an aggressive XMAS scan, perhaps the following might be to your liking:

Answer 22

nmap <IP> -sX -A</IP>

Question 23

What is the process of sending ICMP Echo requests to all IP addresses in the range known as?

Answer 23

Ping sweep

Question 24

Within wireshark, which filter will provide you results from a specific IP address

Answer 24

ip.src ==

Question 25

The nmap TCP Window scan can be performed by using the following commands?

Answer 25

nmap -sW

Question 26

What is the proper command to perform an Nmap XMAS scan every 15 seconds?

Answer 26

nmap -sX -sneaky

Question 27

What type of rootkits will patch, hook, or replace the version of system call in order to hide information?

Answer 27

Library level rootkits

Question 28

What are the port states determined by Nmap?

Answer 28

Open, filtered, unfiltered

Question 29

Which of the following will allow footprinting to be conducted without detection?

Answer 29

ARIN

Question 30

IPSEC uses which two modes?

Answer 30

AH/ESP

Question 31

Toll used for honeypot dection

Answer 31

Sobek

Question 32

Secuirty assessments categories (some)

Answer 32

Penetration testing
Security audits
Vulnerability assessments

Question 33

Method that uses traceroute-like IP packet analysis to determine whether a data packet can pass through the packet-filtering device from the attacker’s host to the victim’s host

Answer 33

Firewalking

Question 34

Used to distribute a public key within the PKI system, verifying the user’s ID to the recipient

Answer 34

Digital certificate

Question 35

Important things to know about symmetic encryption

Answer 35

Algorithms are fast
Good for bulk encryption
Scalability issues

Question 36

Google Hack: Used to display specific text in url title

Answer 36

allintitle

Question 37

Regional Internet address registry for the Asia-Pacific region.

Answer 37

APNIC

Question 38

Linux folder that holds the password and shadow files

Answer 38

/etc

Question 39

Tool used by an attacker to encrypt information before transmitting it on the wire

Answer 39

cryptcat

Question 40

Potential attacks on cryptography (some)

Answer 40

Chose-Ciphertext attack
Replay attack
Man-in-the-Middle attack

Question 41

Three valid types of IPv6 address

Answer 41

• Global unicast
• Unique local
• Multicast

Question 42

Two protocols that can be used to mitigate session hijacking

Answer 42

IPSEC and VPN

Question 43

Tool that maintains a database of Ethernet MAC addresses seen on the network, with their associated IP pairs

Answer 43

Arpwatch

Question 44

Cloud computing as-a-service in which clients are responsible for the maintenance of the cloud-based resources

Answer 44

Infrastructure as a service

Question 45

Cloud computing as-a-service in which clients are responsible for ensuring user access to the application

Answer 45

Software as a service

Question 46

Cloud computing as-a-service in which clients are responsible for building, deploying, managing and maintaining the software applications and services

Answer 46

Platform as a service