312-50v11 Exam - Certified Ethical Hacker Exam (CEH v11)

NEW QUESTION 1
You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

• A. tcp.srcport= = 514 && ip.src= = 192.168.0.99
• B. tcp.srcport= = 514 && ip.src= = 192.168.150
• C. tcp.dstport= = 514 && ip.dst= = 192.168.0.99
• D. tcp.dstport= = 514 && ip.dst= = 192.168.0.150

Answer: D

NEW QUESTION 2
You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

• A. All three servers need to be placed internally
• B. A web server facing the Internet, an application server on the internal network, a database server on the internal network
• C. A web server and the database server facing the Internet, an application server on the internal network
• D. All three servers need to face the Internet so that they can communicate between themselves

Answer: B

NEW QUESTION 3
Which of the following program infects the system boot sector and the executable files at the same time?

• A. Polymorphic virus
• B. Stealth virus
• C. Multipartite Virus
• D. Macro virus

Answer: C

NEW QUESTION 4
Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days. Bob denies that he had ever sent a mail. What do you want to ""know"" to prove yourself that it was Bob who had send a mail?

• A. Authentication
• B. Confidentiality
• C. Integrity
• D. Non-Repudiation

Answer: D

NEW QUESTION 5
A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering that NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8

• A. The host is likely a Linux machine.
• B. The host is likely a printer.
• C. The host is likely a router.
• D. The host is likely a Windows machine.

Answer: B

NEW QUESTION 6
What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

• A. Black-box
• B. Announced
• C. White-box
• D. Grey-box

Answer: D

NEW QUESTION 7
A zone file consists of which of the following Resource Records (RRs)?

• A. DNS, NS, AXFR, and MX records
• B. DNS, NS, PTR, and MX records
• C. SOA, NS, AXFR, and MX records
• D. SOA, NS, A, and MX records

Answer: D

NEW QUESTION 8
In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam. Which of the following statement is incorrect related to this attack?

• A. Do not reply to email messages or popup ads asking for personal or financial information
• B. Do not trust telephone numbers in e-mails or popup ads
• C. Review credit card and bank account statements regularly
• D. Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks
• E. Do not send credit card numbers, and personal or financial information via e-mail

Answer: D

NEW QUESTION 9
Which of the following statements about a zone transfer is correct? (Choose three.)

• A. A zone transfer is accomplished with the DNS
• B. A zone transfer is accomplished with the nslookup service
• C. A zone transfer passes all zone information that a DNS server maintains
• D. A zone transfer passes all zone information that a nslookup server maintains
• E. A zone transfer can be prevented by blocking all inbound TCP port 53 connections
• F. Zone transfers cannot occur on the Internet

Answer: ACE

NEW QUESTION 10
This TCP flag instructs the sending system to transmit all buffered data immediately.

• A. SYN
• B. RST
• C. PSH
• D. URG
• E. FIN

Answer: C

NEW QUESTION 11
Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

• A. Overloading Port Address Translation
• B. Dynamic Port Address Translation
• C. Dynamic Network Address Translation
• D. Static Network Address Translation

Answer: D

NEW QUESTION 12
How does a denial-of-service attack work?

• A. A hacker prevents a legitimate user (or group of users) from accessing a service
• B. A hacker uses every character, word, or letter he or she can think of to defeat authentication
• C. A hacker tries to decipher a password by using a system, which subsequently crashes the network
• D. A hacker attempts to imitate a legitimate user by confusing a computer or even another person

Answer: A

NEW QUESTION 13
Under what conditions does a secondary name server request a zone transfer from a primary name server?

• A. When a primary SOA is higher that a secondary SOA
• B. When a secondary SOA is higher that a primary SOA
• C. When a primary name server has had its service restarted
• D. When a secondary name server has had its service restarted
• E. When the TTL falls to zero

Answer: A

NEW QUESTION 14
You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ““FTP on the network!””;)

• A. A firewall IPTable
• B. FTP Server rule
• C. A Router IPTable
• D. An Intrusion Detection System

Answer: D

NEW QUESTION 15
You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.
What is the best Nmap command you will use?

• A. nmap -T4 -q 10.10.0.0/24
• B. nmap -T4 -F 10.10.0.0/24
• C. nmap -T4 -r 10.10.1.0/24
• D. nmap -T4 -O 10.10.0.0/24

Answer: B

NEW QUESTION 16
You are analysing traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs - 192.168.8.0/24. What command you would use?

• A. wireshark --fetch ''192.168.8*''
• B. wireshark --capture --local masked 192.168.8.0 ---range 24
• C. tshark -net 192.255.255.255 mask 192.168.8.0
• D. sudo tshark -f''net 192 .68.8.0/24''

Answer: D

NEW QUESTION 17
As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.
What document describes the specifics of the testing, the associated violations, and essentially protects both the organization’s interest and your liabilities as a tester?

• A. Service Level Agreement
• B. Project Scope
• C. Rules of Engagement
• D. Non-Disclosure Agreement

Answer: C

NEW QUESTION 18
Which of the following is a component of a risk assessment?

• A. Administrative safeguards
• B. Physical security
• C. DMZ
• D. Logical interface

Answer: A

NEW QUESTION 19
The change of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1(100%). What is the closest approximate cost of this replacement and recovery operation per year?

• A. $1320
• B. $440
• C. $100
• D. $146

Answer: D

NEW QUESTION 20
You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

• A. Social engineering
• B. Piggybacking
• C. Tailgating
• D. Eavesdropping

Answer: A

NEW QUESTION 21
By using a smart card and pin, you are using a two-factor authentication that satisfies

• A. Something you are and something you remember
• B. Something you have and something you know
• C. Something you know and something you are
• D. Something you have and something you are

Answer: B

NEW QUESTION 22
In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

• A. Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.
• B. A backdoor placed into a cryptographic algorithm by its creator.
• C. Extraction of cryptographic secrets through coercion or torture.
• D. Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.

Answer: C

NEW QUESTION 23
Which of the following describes the characteristics of a Boot Sector Virus?

• A. Modifies directory table entries so that directory entries point to the virus code instead of the actual program.
• B. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.
• C. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.
• D. Overwrites the original MBR and only executes the new virus code.

Answer: C

NEW QUESTION 24
The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.
What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

• A. Public
• B. Private
• C. Shared
• D. Root

Answer: B

NEW QUESTION 25
A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file transfers?

• A. tcp.port = = 21
• B. tcp.port = 23
• C. tcp.port = = 21 | | tcp.port = =22
• D. tcp.port ! = 21

Answer: A

NEW QUESTION 26
......