Q1. Which of the following tools are used for enumeration? (Choose three.)
A. SolarWinds
B. USER2SID
C. Cheops
D. SID2USER
E. DumpSec
Answer: BDE
Explanation: USER2SID, SID2USER, and DumpSec are three of the tools used for system enumeration. Others are tools such as NAT and Enum. Knowing which tools are used in each step of the hacking methodology is an important goal of the CEH exam. You should spend a portion of your time preparing for the test practicing with the tools and learning to understand their output.
Q2. John has scanned the web server with NMAP. However, he could not gather enough information to help him identify the operating system running on the remote host accurately.
What would you suggest to John to help identify the OS that is being used on the remote web server?
A. Connect to the web server with a browser and look at the web page.
B. Connect to the web server with an FTP client.
C. Telnet to port 8080 on the web server and look at the default page code.
D. Telnet to an open port and grab the banner.
Answer: D
Explanation: Most people don’t care about changing the banners presented by applications listening to open ports and therefore you should get fairly accurate information when grabbing banners from open ports with, for example, a telnet application.
Q3. One of the most common and the best way of cracking RSA encryption is to being to derive the two prime numbers, which are used in the RSA PKI mathematical process. If the two numbers p and q are discovered through a _________________ process, then the private key can be derived.
A. Factorization
B. Prime Detection
C. Hashing
D. Brute-forcing
Answer: A
Explanation: In April 1994, an international cooperative group of mathematicians and computer scientists solved a 17-year-old challenge problem, the factoring of a 129-digit number, called RSA-129, into two primes. That is, RSA-129 = 1143816257578888676692357799761466120102182 9672124236256256184293570693524573389783059 7123563958705058989075147599290026879543541 = 34905295108476509491478496199038 98133417764638493387843990820577 times 32769132993266709549961988190834 461413177642967992942539798288533. Se more at http://en.wikipedia.org/wiki/RSA_Factoring_Challenge
Q4. A digital signature is simply a message that is encrypted with the public key instead of the private key.
A. True
B. False
Answer: B
Explanation: Digital signatures enable the recipient of information to verify the authenticity of the information's origin, and also verify that the information is intact. Thus, public key digital signatures provide authentication and data integrity. A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information. Instead of encrypting information using someone else's public key, you encrypt it with your private key. If the information can be decrypted with your public key, then it must have originated with you.
Q5. Jake works as a system administrator at Acme Corp. Jason, an accountant of the firm befriends him at the canteen and tags along with him on the pretext of appraising him about potential tax benefits. Jason waits for Jake to swipe his access card and follows him through the open door into the secure systems area. How would you describe Jason's behavior within a security context?
A. Trailing
B. Tailgating
C. Swipe Gating
D. Smooth Talking
Answer: B
Explanation: Tailgating, in which an unauthorized person follows someone with a pass into an office, is a very simple social engineering attack. The intruder opens the door, which the authorized user walks through, and then engages them in conversation about the weather or weekend sport while they walk past the reception area together.
Q6. While testing web applications, you attempt to insert the following test script into the search area on the company's web site:
<script>alert('Testing Testing Testing')</script>
Afterwards, when you press the search button, a pop up box appears on your screen with the text "Testing Testing Testing". What vulnerability is detected in the web application here?
A. A hybrid attack
B. A buffer overflow
C. Password attacks
D. Cross Site Scripting
Answer: D
Explanation: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.
Q7. What is the expected result of the following exploit?
A. Opens up a telnet listener that requires no username or password.
B. Create a FTP server with write permissions enabled.
C. Creates a share called “sasfile” on the target system.
D. Creates an account with a user name of Anonymous and a password of noone@nowhere.com.
Answer: A
Explanation: The script being depicted is in perl (both msadc.pl and the script their using as a wrapper) -- $port, $your, $user, $pass, $host are variables that hold the port # of a DNS server, an IP, username, and FTP password. $host is set to argument variable 0 (which means the string typed directly after the command). Essentially what happens is it connects to an FTP server and downloads nc.exe (the TCP/IP swiss-army knife -- netcat) and uses nc to open a TCP port spawning cmd.exe (cmd.exe is the Win32 DOS shell on NT/2000/2003/XP), cmd.exe when spawned requires NO username or password and has the permissions of the username it is being executed as (probably guest in this instance, although it could be administrator). The #'s in the script means the text following is a comment, notice the last line in particular, if the # was removed the script would spawn a connection to itself, the host system it was running on.
Q8. What type of port scan is represented here.
A. Stealth Scan
B. Full Scan
C. XMAS Scan
D. FIN Scan
Answer: A
Q9. What type of session hijacking attack is shown in the exhibit?
A. Cross-site scripting Attack
B. SQL Injection Attack
C. Token sniffing Attack
D. Session Fixation Attack
Answer: D
Q10. What are the default passwords used by SNMP?(Choose two.)
A. Password
B. SA
C. Private
D. Administrator
E. Public
F. Blank
Answer: CE
Explanation: Besides the fact that it passes information in clear text, SNMP also uses well-known passwords. Public and private are the default passwords used by SNMP.