Ethical Hacker Answers
1) What is an example of a Network Threat?
- Injection Attack
- Privilege Escalation
- Buffer Overflow
- Man in the Middle (MIDM)
2) What is another reference to a system that can be attacked using a Virus?
- Penetration Test
- Mitigation
- Attack Vector
- Firewall
3) How many questions will be on the 312-50 EC Certified Ethical Hacker Certification?
- 125
- 100
- 150
- 75
4) What is a weakness in a system referred to as in IT security?
- Man in the Middle
- Worm
- Botnet
- Vulnerability
5) In which threat category causes threats targeted on an endpoint Device?
- Host
- Network
- Application
- Organization
6) What is the importance of frequently updating software and firmware in threat management.
- A form of improving performance
- Provide scalability across the system
- A method of defending against threats
- A need to keep the software up to date for operations
7) What type of hacker executes an exploit without any background knowledge on what the exploit does and how it is able to compromise systems?
- White Hat
- Grey Hat
- Script Kiddie
- Black Hat
8) List the phases of the CEH hacking process
Answers will be arranged in the right order
9) Performing research on a target by looking at publicly available information on the Internet is an example of what phase?
- Active Scanning
- Passive Recon
- Passive Scanning
- Active Recon
10) What type of hacker performs an attack to educate the organization on how to better security within the company?
- Grey Hat
- Script Kiddie
- White Hat
- Black Hat
11) Using a tool such as nmap is performed in what phase of the hacking process?
- Access
- Covering Tracks
- Scanning
- Recon
12) Place the steps of security threat modeling in order.
Answers will be arranged in the right order
- Identify Objectives
- Application Overview
- Decompose Application
- Identify Threats
- Identify Vulnerabilities
13) What type of security policy is based on allowing all access except activities specifically blacklisted?
- Passive
- Promiscuous
- Prudent
- Permissive
14) How can a security team ensure that employees are aware of the latest aspects of a security policy?
- Involve Legal in security policy development
- Require staff training regarding the latest security policy
- Have employees read and sign the latest security policy
- Involve HR in security policy development
15) What advantage does segmenting networks into zones provide to security administrators?
- Simplifies firewall rules to control the flow of traffic with a zone
- Simplifies firewall rules to control the flow of traffic between zones
- Ensures firewall rules are as granular as possible
- Simplifies the determination of IP addressing
16) What security requirements would be found in a physical security policy?
- Locking doors
- Logging out of computers
- Implementing man traps
- Installing firewalls
17) What concepts are associated with Information Assurance (IA) rather than Information Security (InfoSec)?
- Implementation
- Risk Assessment
- Mitigation
- Technical Controls
18) Backups are an example of what physical security policy control type?
- Compensating
- Preventative
- Deterrent
- Detective
19) What are some of the duties of the IRT?
- Hide the security incident
- Create the security incident
- Analyze incident data
- Responding to security incidents
20) What is the security term for verifying the credentials provided to gain access to a system?
- Identification
- Accounting
- Authentication
- Authorization
21) Match the access control terms to their definition.
Answer Choices
A: Reference Monitor
B: Object
C: Operation
D: Subject
Q1) Action performed by the subject
Q2) The user or process that needs access to the resource
Q3) Use to check for access control
Q4) The resource that you wish to gain access to
22) What type of access control model involves the owner of a file granting Sue the read permission to the file?
- Identification and Authorization
- Role-based Access Control (RBAC)
- Mandatory Access Control (MAC)
- Discretionary Access Control (DAC)
23) List the remaining steps to the incident management process after preparation and detection and analysis are completed.
Answers will be arranged in the right order
- Classification and Prioritization
- Notification
- Containment
- Forensics Investigation
- Eradication and Recovery
- Post-incident Activities
24) What type of access control model involves the owner of a file granting Sue the read permission to the file?
- Identification and Authorization
- Role-based Access Control (RBAC)
- Mandatory Access Control (MAC)
- Discretionary Access Control (DAC)
25) List the remaining steps to the incident management process after preparation and detection and analysis are completed.
Answers will be arranged in the right order
- Classification and Prioritization
- Notification
- Containment
- Forensics Investigation
- Eradication and Recovery
- Post-incident Activities
26) Match the responsibility with the security team.
Answer Choices
A: Perform penetration testing
B: Detect and defend against intruders
C: Implement security policy
D: Implement technical controls
E: Try to gain unauthorized access to client's systems
Q1) Red Team (bad guys)
Q2) Blue Team (good guys)
27) What are security regulations and standards created by industry and government bodies?
- HIPAA-Health Insurance Portability and Accountability Act
- ADA-Americans with Disabilities Act
- SOX-Sarbanes-Oxley Act
- ESGNCA-Electronic Signatures in Global and National Commerce Act
- PCI-DSS Payment Card Industry Data Security Standard
28) Match the action with the type of security assessment.
Answer Choices
A: Attacks are performed against a system simulating a malicious attacker
B. Evaluating a system against a set of standards or baselines
C: A system is scanned for known vulnerabilities
Q1) Penetration testing
Q2) Vulnerability assessment
Q3) Security audit
29) Match with responsibility with the regulatory act.
Answer Choices
A: Corporate responsibility
B: Enhanced financial disclosures
C: Breach notification rule
D: Compliance and enforcement rule
E: Security rule
F: Auditor independence
Q1) Sarbanes-Oxley Act of 2002
Q2) Health Insurance Portability and Accountability Act of 1996
30) What type of reconnaissance is enumeration?
- passive reconnaissance
- secondary reconnaissance
- active reconnaissance
- primary reconnaissance
31) You have a Windows Server with the IP address of 10.0.0.10 with a username of administrator and a password of Pa$$word. What command on your Kali Linux system can you use to enumerate the Windows Server?
- enu-linux-a 1000 10-u administrator -p Password
- ENUM 10.0.0.10
- eux administratorp Pa55word-a 10.0.0.10
- mum-u administrator -p Password a 100010
32) What is the name of the file you need to administer to configure proxychains on your system?
- proxychains.txt
- proxy.conf
- proxychains.conf
- proxy.txt
33) You would like to use proxychains to start a remote desktop connection to a system with the IP address of 192.168.22.200. What command would you use?
- proxychains rdesktop 192.168.22.200
- desktop proxychains 192.168.22 200
- rdesktop 192.168.22.200
- proxychains rdp 192.168.22.200
34) During the scanning phase you have learned that a few hosts on the network have port 161 open. What tool could you use to perform enumeration on these systems?
- samp-check
- Wget
- net view
- traceroute
35) What steps are in the post engagement phase of the Vulnerability Management Lifecycle?
- Discover, Remediate, Report
- Assess, Remediate, Verify, Monitor
- Remediate, Monitor
- Discover, Assess, Report
36) Match the vulnerability tool type and its definition
Answer Choices
A: Proprietary vulnerability scanner covering a several various technologies
B: Outdated analyzer tool which assess missing security updates and determines security state
C: Open Source terminal-based web application vulnerability assessment tool
D: Opensource software framework offering vulnerability management
Q1) OpenVAS
Q2) Nessus
Q3) Nikto
Q4) Microsoft Security Baseline analyzer tool (MBSA)
37) In Common Vulnerability Scoring System (CVSS) version 3, what is considered the critical range?
- 7.5-10.0
- 9.0-10.0
- 8.0-10.0
- 7.0-10.0
38) Which tool provides a database for vulnerabilities defined by the US government repository of standards?
- NVD
- Nikto
- GFI LanGuard
- CVE
39) Define each Vulnerability Management process by matching its definition
Answer Choices
A: Prioritize and fix all vulnerabilities in priority according to the business risk
B: List all assets across the business and identify host details to develop a baseline
C: Document a security plan, describe known vulnerabilities
D: Enumerate vulnerabilities through forms of scans
Q1) Report
Q2) Discover
Q3) Remediate
Q4) Assess
40) What protocols are susceptible to attacks from a packet sniffing tool such as Wireshark?
41) What password attacks do not require any computer processing power?
- Brute Force Attack
- Social engineering
- Shoulder surfing
- Dictionary Attack
42) What technique makes a password less susceptible to dictionary attacks?
- Passphrases with multiple words
- More complex passwords
- Shorter passwords
- Longer passwords
43) What protection would ensure that a tool like Medusa was unable to crack a password?
- Install antivirus software
- Use longer passwords
- Take a system offline
- Use encrypted protocols
44) What type of password attack is based on understanding how passwords are set up in an organization?
- Brute Force
- Dictionary
- Dumpster diving
- Rule Based
45) Which physical tool provides a mean of capturing login credentials from keystrokes and attached using a USB?
- Anti-Keystroking software
- Keyboard with log capabilities
- Hardware-Type Keystroke Logger
- Special ethernet cable that tracks keystrokes
46) What tool provides a means of capturing audio and screenshots?
- Audio/Visual Spyware
- USB Spyware
- Anti-Spyware software
- Keystroke Loggers
47) What are the types of loggers used to capture keystrokes and data from text files?
- Makeshift and automated keystroke analyzers
- Virtual and Semi-virtual keystroke recorders
- Hardware and software type keystroke loggers
- Analyze and transmit key loggers
48) What options are available for the AuditPol command?
49) What are some methods for covering your track?
- Disable virus protection software
- Clear logs
- Disable auditing mechanisms
- Disable the firewall
- Falsify logs
50) What command creates an alternate data stream (ADS)?
- type malware.exe plain2.txt:malware.exe
- type malware.exe > plain2.txt:malware.exe
- mklink malware.exe | plain2.txt:malware.exe
- mklink malware.exe > plain2.txt:malware.exe
51) Which command creates a symbolic link to a file?
- mklink topsecret.exe plain2.txt > malware.exe
- mklink topsecret.exe plain2.txt:malware.exe
- type topsecret.exe plain2.txt:malware.exe
- type topsecret.exe plain2.txt > malware.exe
52) What are some Trojan countermeasures?
- Block unused ports
- Configure Host-Based firewalls
- Use a VPN connection
- Only connect to protected wireless networks
- Install and update Anti-virus software
53) What are some types of Trojan software?
- Backdoor Trojan
- Firewall Trojan
- Remote Access Trojan
- Rootkit Trojan
- Man-in-the-middle Trojan
54) How is malware distributed?
- Man-in-the-middle attacks
- SEO manipulation
- Spoofing
- Social Engineering
- Phishing
55) What are some of the basic components of Malware?
- Crypter
- Activity
- Injector
- Downloader
- Shipment
56) What techniques can you employ to ensure you are receiving a copy of all data on the network?
- Use an IDS
- Use a network TAP
- Use port mirroring/SPAN
- Use a firewall
- Use a router
57) What command in Linux allows you to change the MAC address of your system?
- changemac
- set-newmacaddress
- macchanger
- set-mac
58) What feature of Wireshark allows you to piece together all of the packets to create the dialog?
- Protocol Filter
- Compose VoIP Call
- Follow TCP Stream
- MAC Filter
59) What type of attack involves the hacker performing an ARP flood attack where it specifies the source MAC of the victim and the destination MAC of the hacker in the ARP flood message?
- Port stealing
- MAC flooding
- DHCP flood
- Port mirroring
60) What web-based tool would you use to get a listing of devices on the Internet such as webcams and industrial control systems?
- dig
- Netcraft
- nslookup
- Shodan
61) You would like to use wget to mirror the website that is running at http://192.168.1.3 and have a 10 second delay between request. What command would you use?
- wget http://192.168.1.3
- wget -mk 10 http://192.168.1.3
- wget -mk -w 10 http://192.168.1.3
- wget -mk http://192.168.1.3
62) What search criteria in Google would you use to find pages from the itpro.tv site that contains the word password?
- site:itpro.tv
- inurl:password
- password
- password site.itpro.tv
63) What tool would you use to retrieve domain name registration information for a company?
- dig
- wget
- httrack
- whois
64) What tool allows you to crawl through a site and create a map of that site?
- Burpsuite
- Ethercap
- dig
- nslookup
65) What type of task is considered passive footprinting /reconnaissance?
- Query DNS records
- Perform a ping sweep
- Perform a port scan
- Surf the target's website
- Look for job postings
66) What graphical tool can you use during footprinting to get a list of technologies used to run a site?
- Netcraft
- theharvester
- nslookup
- dig
67) What tool can you use to create a copy of a website?
- httrack
- netcat
- nslookup
- dig
68) What is the purpose of footprinting?
- Exploit the system
- Clean up
- Covering your tracks
- Discover information about the target
69) Which command can determine the device operating system?
- nmap -o 10.0.0.165
- nmap -os 10.0.0.165
- nmap-0 10.0.0.165
- nmap-sys 10.0.0.165
70) Which command searches for the service and version on port 80?
- nmap serv -p 80 10.0.0.165
- nmap vS -p 80 10.0.0.165
- nmap sV -p 80 10.0.0.165
- nmap SS -p 80 10.0.0.165
