Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 1K views

    CEH Q Bank

    Uploaded by

    aakash
    The documents contain questions from practice tests for the Certified Ethical Hacker (CEH) certification. The questions cover topics such as tools used for hacking networks and systems like Nmap, Wireshark, Hydra; types of attacks like denial of service, man-in-the-middle, password cracking; and security concepts around protocols, ports, and malware.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    CEH Q Bank

    Uploaded by

    aakash
    1K views27 pages
    The documents contain questions from practice tests for the Certified Ethical Hacker (CEH) certification. The questions cover topics such as tools used for hacking networks and systems like Nmap, Wireshark, Hydra; types of attacks like denial of service, man-in-the-middle, password cracking; and security concepts around protocols, ports, and malware.

    Original Description:

    CEH Q bank

    Original Title

    CEH Q bank

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The documents contain questions from practice tests for the Certified Ethical Hacker (CEH) certification. The questions cover topics such as tools used for hacking networks and systems like Nmap, Wireshark, Hydra; types of attacks like denial of service, man-in-the-middle, password cracking; and security concepts around protocols, ports, and malware.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    1K views27 pages

    CEH Q Bank

    Uploaded by

    aakash
    The documents contain questions from practice tests for the Certified Ethical Hacker (CEH) certification. The questions cover topics such as tools used for hacking networks and systems like Nmap, Wireshark, Hydra; types of attacks like denial of service, man-in-the-middle, password cracking; and security concepts around protocols, ports, and malware.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 27

    http://www.gocertify.

    com/quizzes/ceh/

    http://www.gocertify.com/quizzes/ceh/certified-ethical-hacker-practic
    e-quiz-312-50-quiz-1.html
    Question 1 of 10

    Which of the following is used to disable antivirus programs?


    Subroot
    CyberSpy
    LetMeRule
    Firekiller
    Question 2 of 10
    Which of the following tools can be used to extract SAM hash from
    Windows? (Choose two)
    SamDump
    pwdump2
    L0phtCrack
    SMBRelay
    Question 3 of 10
    Ron performed an internal penetration test on his office network and
    found ports 31337 and 31338 had been opened. Which program might be
    using these ports?
    GirlFriend
    BlackOrifice
    DeepThroat
    Netbus
    Question 4 of 10
    Which of the following is a file system integrity-checking program?
    Tripwire
    Stegdetect
    elsave
    PsExec
    Question 5 of 10
    Which of the following TCP flags denotes resetting of the connection?
    RST
    ACK
    URG
    PSH
    Question 6 of 10
    Which of the following is an intrusion detection tool?
    Snort
    Iris
    WireShark
    EtherPeek
    Question 7 of 10
    Which of the following tools can be used against a denial of service
    attack?
    A LAND
    targa
    Bubonic
    All of these
    Question 8 of 10
    Which of the following can be used for password cracking and ARP
    poisoning?
    SMAC
    Packet Crafter
    Hydra
    Cain & Abel
    Question 9 of 10
    Which of the following viruses use encryption to hide its presence?
    Cavity virus
    Camouflage virus
    Polymorphic virus
    Armored virus
    Question 10 of 10
    Tini Trojan listens on which port?
    23476
    7777
    21544
    2140
    http://www.gocertify.com/quizzes/ceh/certified-ethical-hacker-practic
    e-quiz-312-50-quiz-2.html

    Question 1 of 10

    Which of the following NMAP scanning types is also known as half-open


    scanning?
    TCP Connect
    XMAS Tree scan
    ACK Scan
    SYN stealth scan
    Question 2 of 10
    Which of the following is a DNS Enumeration tool?
    NMAP
    Nessus
    Nikto
    NSLookup
    Question 3 of 10
    Which of the following commands will display the following output:

    whois –v gocertify.in
    Nmap gocertify.in
    nikto –h gocertify.in
    Nsllokup gocertify.in
    Question 4 of 10
    Which of the following tools can be used to crack SAM files in Windows?
    Hyena
    Legion
    NTInforScan
    L0phtCrack
    Question 5 of 10
    The following is output from the "tracert" command to find the path to
    gocertify.in? Which protocol does tracert use to find the network path
    shown below?

    ICMP
    HTTP
    STP
    NTP
    Question 6 of 10
    Which of the following services uses registered port numbers?
    CIFS
    Syslog
    Oracle Listener
    FTP
    Question 7 of 10
    Which of the following would you use to save up Internet Addresses (IP)?
    NTP
    NAT
    NAS
    DHCP
    Question 8 of 10
    Which of the following tools enumerates NetBIOS shares?
    Cain and Abel
    Hydra
    Telnet
    Hyena
    Question 9 of 10
    Which of the following tools can be used for War Dialing? (Check all that
    apply)
    Phonesweep
    THC-Scan
    Nmap
    Telesweep
    Question 10 of 10
    Which of the following automates the process of password guessing in
    NetBIOS sessions?
    Legion
    Hyena
    NTInforScan
    L0phtCrack

    http://www.gocertify.com/ethical-hacker/certified-ethical-hacker-prac
    tice-quiz-312-50-quiz-4

    Which of the following commands will show all the connections that are
    currently opened in a Windows host machine?
    Nmap–sP T4 target IP
    nslookup–ao
    netstat–an
    nbtstat–an
    Question 2 of 10
    Which of the following tools can be used to footprint web servers in
    Windows?
    Burp suite
    Nikto
    OpenVas
    Wikto
    Question 3 of 10
    Which of the following tools can NOT be used to enumerate Windows SID
    user accounts?
    DumpSec
    UserInfo
    Enum
    SMBBF
    Question 4 of 10
    Which of the following tools can be used for tunneling traffic through
    HTTP?
    TeleSweep
    BackStealth
    THC-Scan
    PhoneSweep
    Question 5 of 10
    Which of the following is NOT a recommended setting to help secure
    your home wireless network?
    Increase your WLAN transmitter power.
    Change the default SSID.
    Change default administrator passwords and usernames.
    Do not auto-connect to open Wi-Fi networks.
    Question 6 of 10
    Which commands will do Nmap TCP and ICMP Ping?
    Nmap –PB
    Nmap –s0
    Nmap –sA
    Nmap –sI
    Question 7 of 10
    A security administrator is monitoring packets in the network with
    Wireshark. He is finding a lot of ICMP Echo packets directed towards the
    255.2555.255.255 address of his network? What type of attack is he
    looking at?
    Broadcast flooding
    Smurf attack
    SYN flood attack
    ICMP flood attack
    Question 8 of 10
    After performing Nmap TCP port scanning on the company network, Port
    137 is found opened. Which of the following services of this port might
    be used by an attacker?
    NETBIOS
    POP3
    NTP
    SFTP
    Question 9 of 10
    The password for which of the following protocols can be sniffed out of
    an Unencrypted Wireless Network?
    POP3
    HTTPS
    SSH
    SSL
    Question 10 of 10
    Which of the following can be used to identify which methods are allowed
    in the remote web server?
    Acunetix
    NMAP
    Cain and Abel
    Hammer

    http://www.gocertify.com/ethical-hacker/certified-ethical-hacker-prac
    tice-quiz-312-50-quiz-5

    During vulnerability assessment, you rank the public-facing website as


    an integral asset to the company's continued reputation and revenue. But
    there are several potential threats to the Apache HTTP Server that hosts
    the website. The static webpages in particular could be vulnerable to
    defacement.

    Which security control should you implement?


    Assign write-only permission to all HTML files and folders for the www-data group.
    Assign read-only permission to all HTML files and folders for the www-data group.
    Assign write permissions to the web root for only the www-data group.
    Assign read and write permissions to the web root for only the www-data group.

    Question 2 of 10
    You are reviewing source code for any buffer overflow vulnerabilities.
    The following C++ source code handles data extracted from a
    compressed file:
    if (extractedDataLength < 65536) {
    //Break down data into multiple chunks
    }
    else {
    //Handle data in one large chunk
    }
    The data should be broken down into multiple chunks only when the
    buffer of 65,536 characters is reached. How should you modify the
    condition in the first line of the code?
    Change to extractedDataLength > 65536
    Change to extractedDataLength == 65536
    Change to extractedDataLength <= 65536
    Change to extractedDataLength >= 65536
    Question 3 of 10
    You run the following command:
    nmap -p21,80,443 -sV -O 45.33.32.156
    What is the most likely partial output?
    Host is up (0.029s latency).
    Not shown: 992 closed ports
    PORT STATE SERVICE
    22/tcp open ssh
    25/tcp filtered smtp
    80/tcp open http
    135/tcp filtered msrpc
    443/tcp filtered https
    Host is up (0.029s latency).
    PORT STATE SERVICE VERSION
    21/tcp closed ftp
    80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
    443/tcp filtered https
    Device type: general purpose|firewall|router|broadband router|WAP|terminal
    Running: Linux 3.X|2.6.X|2.4.X
    Network Distance: 12 hops
    Host is up (0.029s latency).
    PORT STATE SERVICE VERSION
    21/tcp closed ftp
    80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
    443/tcp filtered https
    Host is up (0.029s latency).
    PORT STATE SERVICE
    21/tcp closed ftp
    80/tcp open http
    443/tcp filtered https
    Question 4 of 10
    You are using a sniffer and you see a frame with a destination address of
    0xFFFFFFFFFFFF. What type of frame is this?
    Layer 2 broadcast frame
    Layer 3 network ID
    Layer 2 network ID
    Layer 3 broadcast address
    Question 5 of 10
    You need to ensure that malicious packets are prevented from entering
    your private network. Packets should be evaluated based on the
    following criteria:
    Source IP addresses
    Protocol and port number
    Which type of security tool will use only these criteria to deny access?
    NIPS
    NIDS
    NTFS permissions
    Router ACL
    Question 6 of 10
    To attack a wireless network, an attacker sets up a wireless access point
    that is configured to look exactly like a company's valid wireless access
    point by using the same SSID. What kind of attack is this?
    WEP attack
    War chalking
    Evil twin
    Rogue access point
    Question 7 of 10
    Which ISO 27000 standard describes audits and certifications?
    27005
    27001
    27006
    27002
    Question 8 of 10
    A hacker was recently caught trying to deface the web site of a company
    with which he had serious disagreement concerning their use of certain
    chemicals in their products. What is this type of hacker called?
    White hat
    Cracker
    Ethical hacker
    Hacktivist
    Question 9 of 10
    Which two of the following are goals of key escrow agreements? (Choose
    two)
    Enhance the security of public keys
    Provide third party access to data
    Facilitate recovery operations
    Enhance the security of private keys
    Question 10 of 10
    You capture the following TCP frames using Wireshark:

    343 61.586595 208.44.193.36 192.168.1.3 TCP (TCP segment of a


    reassembled PDU]
    344 61.590149 192.168.1.3 208.44.193.36 TCP 3202 > http [FIN, ACK]
    Seq=986 Ack=25462 Win=17520 Len=0
    345 61.590208 208.44.193.36 192.168.1.3 HTTP HTTP/1.1 404 Not Found
    (text/html)
    346 61.590264 192.168.1.3 208.44.193.36 TCP 3203 > http [RST, ACK]
    Seq=987 Ack=25797 Win=0 Len=0
    347 66.229719 192.168.1.3 208.44.193.36 TCP 3206 > http [SYN] Seq=0
    Len=0 MSS=1460
    348 66.369449 208.44.193.36 192.168.1.3 TCP http > 3206 [SYN, ACK]
    Seq=O Ack=1 Win=l460 Len=0 MSS=l460
    349 66.369526 192.168.1.3 208.44.193.36 TCP 3206 > http [ACK] Seq=1
    Ack=1 Win=17520 Len=0
    350 66.369745 192.168.1.3 208.44.193.36 HTTP GET
    /images/product-images/practicetest/Image:cert-312-50.png HTTP/1.1
    351 66.736536 208.44.193.36 192.168.1.3 TCP http > 3206 [ACK] Seq=1
    Ack=625 Win=63616 Len=0
    352 66.913117 208.44.193.36 192.168.1.3 TCP [TCP segment of a
    reassembled PDU]
    353 66.927650 208.44.193.36 192.168.1.3 TCP [TCP segment of a
    reassembled PDU]
    354 66.927706 192.168.1.3 208.44.193.36 TCP 3206 > http [ACK] Seq=625
    Ack=2025 Win=17520 Len=0
    355 66.948746 192.168.1.3 208.44.193.36 TCP 3207 > http [SYN] Seq=0
    Len=0 MSS=1460
    356 67.145268 208.44.193.36 192.168.1.3 TCP [TCP Previous segment lost]
    [TCP Segment of a reassembled PDU]
    What is the purpose of frame 354?
    Second step in the TCP handshake
    Final acknowledgement in a TCP handshake
    First step in the TCP handshake
    Acknowledgement of a data packet

    http://www.gocertify.com/ethical-hacker/certified-ethical-hacker-prac
    tice-quiz-312-50-quiz-6

    Question 1 of 10

    In a Linux/Unix system, the etc/password file can be encrypted with


    which of the following encryptions?
    BLOWFISH
    DES
    MD5
    SHA
    Question 2 of 10
    Which tool can be used to attack a netware server?
    Websleuth
    Pandora
    Nmap
    Sam Spade
    Question 3 of 10
    Which of the following tools can be used for footprinting?
    Tracert
    Neotrace
    Wireshark
    John the Ripper
    Question 4 of 10
    Bob wants to perform a Dictionary attack on a netware server in his
    account. Which tool should he consider using?
    Nwcrack
    Getcrack
    Nmap
    NWPCrack
    Question 5 of 10
    The command: SID: S-1-5-21domain-501, suggests which type of
    account?
    Administrator
    Normal Guest account
    Power Users
    Domain admin
    Question 6 of 10
    What is the TTL value for the following SOA record:
    fairfex.edu.SOA NS1.fairfex.edu ipad.college.edu (200302028 3600 3600
    604800 2400)
    200302028
    3600
    2400
    604800
    Question 7 of 10
    Hunt-tool is used for which task?
    ARP poisoning
    Sniffing traffic
    Password cracking
    MTM attacks

    Question 8 of 10
    The below command does which of the following:
    Address: 10.10.12.15
    > set type=any
    > ls -d wayne.net > dns.wayne.net
    Zone transfer
    Looks at the server name
    DNS poisoning
    ARP Spoofing
    Question 9 of 10
    NetStumbler cannot detect which wireless standard?
    802.11 b
    802.11g
    802.11a
    802.11
    Question 10 of 10
    Sniffing a password from a wireless network is what type of attack?
    Passive attack
    Brute-force attack
    Active attack
    Dictionary attack

    http://www.gocertify.com/ethical-hacker/certified-ethical-hacker-prac
    tice-quiz-312-50-quiz-7

    Question 1 of 10

    Which of the following attacks is hardest to identify?


    Password brute force attack
    DNS spoofing attack
    DDOS attack
    Insider attack
    Question 2 of 10
    What type of attack is it when a hacker tries to impersonate an authority
    figure in order to trick users into giving up sensitive information?
    Reverse Social Engineering Attack
    Social Engineering Attack
    Shoulder Surfing
    Insider Attack
    Question 3 of 10
    Sam Spade is a tool that enables a hacker to perform which of the
    following tasks?
    Enumeration
    Escalating privileges
    Vulnerability testing
    Foot-printing

    Question 4 of 10
    A Black Hat hacker, wants to get more information on a publicly traded
    company. Which tool will help him find useful information on the
    company?
    Netcraft
    Edgar
    NSlookup
    Whois
    Question 5 of 10
    A firewall deployed as “stateful” will inspect which part of a packet
    passing through the network?
    Tail of the packet
    Header of the packet
    Both header and data
    Data packet
    Question 6 of 10
    An incident reported via the helpdesk disclosed that a fraudulent caller
    disguised himself as an employee and asked the phone operator to tell
    him his network password. What is the best way to prevent such attacks?
    Providing training to all phone operators
    Call logging
    Setting up a VOIP solution
    Call blocking
    Question 7 of 10
    Which of the following NMAP scans will have a greater chance of being
    detected?
    XMAS tree scan
    Null scan
    ACK scan
    TCP connect scan
    Question 8 of 10
    Which of the following can be a great resource for hackers to find
    information concerning the hardware or software used in a targeted
    company?
    LinkedIn
    Newspapers
    Job Postings
    Journals
    Question 9 of 10
    Which Nmap switch will prevent pinging of a target machine?
    –PM
    –PN
    –sR
    –Po
    Question 10 of 10
    An SNMP device uses two passwords in order to configure and view its
    configuration. Which of the following passwords is used to view its
    configuration?
    Community string
    MIB
    SNMPUtil
    SNMPEnum

    http://www.gocertify.com/ethical-hacker/certified-ethical-hacker-prac
    tice-quiz-312-50-quiz-8

    Question 1 of 10

    Which of the following tools can be used to exploit a local procedure call
    (LPC) flaw in windows?
    PsExec
    HK.exe
    None of the above
    Eblaster
    Question 2 of 10
    Which of the following is NetBIOS DDOS tool?
    NBName
    NBTcracker
    Netsh
    NBTdeputy

    Question 3 of 10
    A hacker is trying to discover the password for the windows
    administration account using the tool “john the ripper.” He is trying to
    brute force his way to the password of an admin SAM file he enumerated
    earlier from the target Windows machine. What type of attack he is
    carrying out?
    Active online attack
    None of above
    Offline attack
    Passive online attack
    Question 4 of 10
    John wants to send a tracking tool inside of a valid program to his
    colleague so that he can track his activities in his computer. Which of the
    following techniques can John exploit to make his tracking tool
    effective?
    MITM
    Hashing
    Alternate file stream
    Cryptography
    Question 5 of 10
    Which tool will increase the L0phtCrack’s dumping sessions on the
    system?
    SMBDie
    SMBGrind
    NBTdeputy
    C2MYAZZ
    Question 6 of 10
    A Replay attack is an example of which type of attack?
    None of above
    Offline attack
    Active online attack
    Passive online attack
    Question 7 of 10
    Eblaster is able to perform which of the following actions? (Choose all
    that apply)
    Log chat messages
    Monitor e-mail
    Keystroke logging
    Monitor websites visited
    Question 8 of 10
    Which of the following is an example of a steganography attack tool?
    Camerashy
    Snow
    Binder
    Mp3Stego
    Question 9 of 10
    Which of the following tools can perform a "man in the middle" attack
    (MITM)?
    SMBRelay
    SMBReplay
    C2MYAZZ
    pwdump2
    Question 10 of 10
    A Rainbow table attack on a password is which type of attack?
    Active online attack
    None of above
    Offline attack
    Passive online attack

    http://www.gocertify.com/ethical-hacker/certified-ethical-hacker-prac
    tice-quiz-312-50-quiz-9
    Question 1 of 10

    In wireless security, what is the main difference between WPA and


    WPA2?
    WPA uses AES as the stream cipher and includes all the features of TKIP, while WPA2
    changes the IV with each frame and includes key mixing.
    WPA uses RC4 for the stream cipher but supports longer keys than WEP, while WPA2
    uses AES as the stream cipher and includes all the features of TKIP.
    WPA uses AES for the stream cipher with a 24 bit IV, while WPA2 uses AES as the stream
    cipher and includes all the features of TKIP.
    WPA uses RC4 for the stream cipher with a 24 bit IV, while WPA2 uses AES as the stream
    cipher and includes all the features of TKIP.
    Question 2 of 10
    Which of the following attacks will compromise a cloud server by placing
    a malicious virtual machine in close proximity, taking advantage of
    shared physical resources to steal data? (Choose two)
    DNS poisoning attack
    Cross-guest VM breach
    Wrapping attack
    Side channel attack
    Question 3 of 10
    Which of the following is NOT a countermeasure for port scanning?
    Filter all ICMP messages at the firewalls and router.
    Ensure that anti-scanning and anti-spoofing rules are configured.
    Configure firewall and IDS rules to detect and block probes.
    Restrict permissions within the desktop environment.
    Question 4 of 10
    A new payment card company is seeking to comply with the PCI-DSS
    standard. How often should it conduct internal and external penetration
    tests?
    At least thrice a year and after any significant upgrade or modification
    At least every two years and after any significant upgrade or modification
    At least twice a year and after any significant upgrade or modification
    At least once a year and after any significant upgrade or modification
    Question 5 of 10
    What Trojan is used to attack popular banking websites and steal login
    credentials?
    Neverquest
    Ghost Eye
    Darlloz
    M4sT3r
    Question 6 of 10
    Which cryptographic algorithm uses modular arithmetic and elementary
    number theories to perform computations using two large prime
    numbers?
    RC6
    SHA3
    RSA
    3DES
    Question 7 of 10
    What is the first procedure a white-hat hacker should perform after being
    introduced to IT management?
    Sign a formal contract including non-disclosure.
    Undertake dumpster diving.
    Run a Nessus scan on the internal LAN.
    Perform reconnaissance on the company.
    Question 8 of 10
    Which of the following is NOT a technique for defending against botnets?
    Smurf
    Black Hole
    RFC 3704
    Cisco IPS
    Question 9 of 10
    Which is the correct sequence of the stages of a virus’ life?
    Design, Incorporation, Replication, Launch, Detection, Elimination
    Design, Detection, Launch, Replication, Incorporation, Elimination
    Design, Incorporation, Launch, Replication, Detection, Elimination
    Design, Replication, Launch, Detection, Incorporation, Elimination
    Question 10 of 10
    After successfully compromising a company server having the IP
    10.15.0.8, a script kiddie wants to enumerate all the devices on the
    company’s network as fast as possible. Which nmap command would be
    best for this purpose?
    Nmap –T4 –A 10.15.0.0/24
    Nmap –T4 –V 10.15.0.0/24
    Nmap –T4 –O 10.15.0.0/24
    Nmap –T4 –F 10.15.0.0/24
    http://www.gocertify.com/ethical-hacker/ethical-hacking-general-knowl
    edge-quiz

    Question 1 of 10

    Precomputed hashes that are intended to contain every possible


    combination of characters for the purpose of comparing them against a
    captured password are known as which of the following?
    Salt mines
    Dictionaries
    Rainbow tables
    Water Lillies
    Question 2 of 10
    As you read entries in a log file, you notice something suspicious. One
    user is attempting to access a resource, and failing, by an IP address
    then a URL, then an e-mail address. He seems to be systematically failing
    to connect to the resource.
    In the vernacular of IT security, this is known as which of the following?
    groping
    probing
    fumbling
    fingering
    Question 3 of 10
    The default Time-To-Live (TTL) value for IP packets differs based on
    operating system. What is the default TTL value in Windows?
    128
    64
    255
    32
    Question 4 of 10
    You suspect a miscreant has hidden a dangerous program within a
    harmless executable and posted it where several employees of your
    organization downloaded it.
    Such merging/hiding a dangerous program with another to effectively
    create a Trojan is known as using which of the following?
    binders
    strings
    wrappers
    tape
    Question 5 of 10
    Which command line tool, included with Wireshark, reads a capture and
    returns statistics on that file?
    text2cap
    tshark
    dumpcap
    capinfos
    Question 6 of 10
    Which of the following refers to a location in memory where data is
    cyclically dumped?
    filter discard
    rolling buffer
    fifo dump
    L2 cache
    None of these
    Question 7 of 10
    Within Windows, which log class stores events from remote hosts?
    System log
    Security log
    Forwardedevents log
    Config log
    Methods log
    Question 8 of 10
    Which of the following is the default port for MySQL?
    5432
    3306
    1521
    1433
    Question 9 of 10
    Which of the following tools can scan a network and give you information
    about open ports, the version of the server software on those ports, and
    identify potential risks?
    ScrappyDoo
    $access
    Nmap
    Get_em
    Question 10 of 10
    Within HTTP, which header includes the URL of the web page containing
    the link that initiated the current request?
    Referer
    Send
    Host
    Post
    User-Agent

    http://www.gocertify.com/quizzes/ceh/ceh1.html

    CEH Practice Quiz 1


    Enjoy the following 15 questions from McGraw-Hill. At the conclusion of the
    quiz you will get a score with explanations for any missed questions.
    1. Scanning is performed in which phase of a pen test?
    Hint: Pen-test steps are different from the five hacking steps.
     Pre-attack
     Post-attack
     Attack
     Reconnaissance
    2. What will an open port return from an ACK scan?
    Hint: Scan types return different things for open and closed ports.
     FIN
     Nothing
     SYN/ACK
     RST
    3. Your target system is behind a firewall. Using hping2, you craft SYN
    packets to send with a hop count capable of reaching the host. You then
    send these packets out with port numbers from 1 to 1024. What action
    are you performing?
    Hint: Be familiar with the definitions of these terms.
     Firewalling
     XMAS scan
     Passive footprinting
     Firewalking
    4. What is the preferred communications method used with systems on a
    bot-net?
    Hint: What would be a good way to instantaneously contact a whole bunch of
    clients at once?
     IRC
     TFTP
     ICMP
     E-mail
    5. Which of the following best describes a distributed denial-of-service
    attack?
    Hint: This term is closely associated with bot-nets.
     A DoS carried out by multiple systems
     A DoS against an entire subnet, affecting multiple systems
     A DoS against similar systems in different target networks
     A DoS against multiple systems across an enterprise network
    6. What does the program EliteWrap do?
    Hint: Knowledge of tools in every facet of pen testing is vital
     Ports code easily between different operating systems
     Binds Trojans to legitimate files for exploitation later
     Provides secure, encrypted tunneling between hosts
     Provides proxy services to obfuscate source IPs
    7. What is the attack called “evil twin”?
    Hint: Wireless attacks are pretty simple.
     Rogue access point
     MAC spoofing
     ARP poisoning
     Session hijacking
    8. Which of the following is a passive wireless discovery tool?
    Hint: Again, knowing the tools is key for this exam.
     Kismet
     Aircrack
     NetStumbler
     Netsniff
    9. What is TKIP and how does it make WPA-2 a better security choice for
    your wireless network?
    Hint: The name should give it away.
     Temporal Key Integrity Protocol. It forces a key change every 10,000
    packets or so.
     Temporary Key Integration Protocol. It forces a key change every
    10,000 packets or so.
     Temporal Key Integrity Protocol. It forces a key change every time a bit
    is sent.
     Temporary Key Integration Protocol. It forces a key change every time a
    bit is sent.
    10. Which of the following is true regarding WEP cracking?
    Hint: Considering the efforts needed to crack something, only one of these
    answers makes sense.
     Initialization vectors are small, get reused frequently, but are encrypted
    during transmission.
     Initialization vectors are small, get reused frequently, and are sent in
    cleartext.
     Initialization vectors are large, get reused frequently, and are sent in
    cleartext.
     Initialization vectors are large, get reused frequently, but are encrypted
    during transmission.
    11. What is another term for turning off the SSID broadcast?
    Hint: Another wireless definition term to memorize
     SSID Sec
     SSID stealth
     SSID unicast
     SSID cloaking
    12. What is the maximum length of an SSID?
    Hint: SSID basic knowledge
     Sixty-four characters
     Sixteen characters
     Thirty-two characters
     Eight characters
    13. Which wireless mode connects machines directly to one another,
    without the use of an access point?
    Hint: The wording here gives the answer away
     Ad hoc
     ESS
     Infrastructure
     Point to point
     BSS
    14. Which wireless standard can operate at speeds of 100+ Mbps and
    uses the 2.4GHz to 5GHz range?
    Hint: The 802.11 standards are relatively easy to remember.
     802.11a
     802.11n
     802.11b
     802.11g
    15. You are assigned to begin testing on a particular subnet. On
    examination of the segment, you notice the network is fully switched.
    Which of the following would allow you to begin sniffing traffic to or from
    devices on the subnet?
    Hint: The key to this question lies with the ‘fully switched’ designator.
     Use snort to view all packets.
     Use etherflood to create a MAC flood.
     None of the above.
     Use nmap to begin a port scan

    http://www.gocertify.com/ethical-hacker/certified-ethical-hacker-prac
    tice-quiz-312-50-quiz-3

    Question 1 of 10

    Which of the following tools can perform a "Man in the middle" attack
    (MITM)?
    SMBReplay
    C2MYAZZ
    pwdump2
    SMBRelay
    Question 2 of 10
    A Replay attack is an example of which type of attack?
    None of above
    Passive online attack
    Active online attack
    Offline attack
    Question 3 of 10
    Which of the following is an example of a steganography attack tool?
    Mp3Stego
    Camerashy
    Snow
    All of these options
    Question 4 of 10
    John wants to send a tracking tool inside of a valid program to his
    colleague so that he can track his activities in his computer. Which of the
    following techniques can John exploit to make his tracking tool
    effective?
    Cryptography
    Alternate file stream
    MITM
    Hashing
    Question 5 of 10
    Which of the following is NetBIOS DDOS tool?
    NBName
    NBTcracker
    Netsh
    NBTdeputy
    Question 6 of 10
    A Rainbow table attack on a password is which type of attack?
    Passive online attack
    Offline attack
    Active online attack
    None of the above
    Question 7 of 10
    Eblaster is able to perform which of the following actions?
    Monitor website visited
    Monitor e-mail
    Keystroke logging
    All of the above
    Log Chat message
    Question 8 of 10
    A hacker is trying to discover the password for the Windows
    administration account using the tool "john the ripper." He is trying to
    brute force his way to the password of an admin SAM file he enumerated
    earlier from the target windows machine. What type of attack he is
    carrying out?
    Offline attack
    Passive online attack
    None of above
    Active online attack
    Question 9 of 10
    Which following tools can be used to exploit a local procedure call (LPC)
    flaw in windows?
    HK.exe
    Eblaster
    None of the above
    PsExec
    Question 10 of 10
    Which tool will increase the L0phtCrack's dumping sessions on the
    system?
    SMBDie
    SMBGrind
    C2MYAZZ
    NBTdeputy

    https://www.greycampus.com/opencampus/itil-foundation/introduction-ab
    out-service-design

    You might also like