312-50v11 Exam - Certified Ethical Hacker Exam (CEH v11)

NEW QUESTION 1
Password cracking programs reverse the hashing process to recover passwords. (True/False.)

• A. True
• B. False

Answer: B

NEW QUESTION 2
What two conditions must a digital signature meet?

• A. Has to be the same number of characters as a physical signature and must be unique.
• B. Has to be unforgeable, and has to be authentic.
• C. Must be unique and have special characters.
• D. Has to be legible and neat.

Answer: B

NEW QUESTION 3
Fingerprinting an Operating System helps a cracker because:

• A. It defines exactly what software you have installed
• B. It opens a security-delayed window based on the port being scanned
• C. It doesn't depend on the patches that have been applied to fix existing security holes
• D. It informs the cracker of which vulnerabilities he may be able to exploit on your system

Answer: D

NEW QUESTION 4
You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user’s password or activate disabled Windows accounts?

• A. John the Ripper
• B. SET
• C. CHNTPW
• D. Cain & Abel

Answer: C

NEW QUESTION 5
The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following is being described?

• A. Multi-cast mode
• B. Promiscuous mode
• C. WEM
• D. Port forwarding

Answer: B

NEW QUESTION 6
What is the purpose of a demilitarized zone on a network?

• A. To scan all traffic coming through the DMZ to the internal network
• B. To only provide direct access to the nodes within the DMZ and protect the network behind it
• C. To provide a place to put the honeypot
• D. To contain the network devices you wish to protect

Answer: B

NEW QUESTION 7
Due to a slowdown of normal network operations, the IT department decided to monitor internet traffic for all of the employees. From a legal standpoint, what would be troublesome to take this kind of measure?

• A. All of the employees would stop normal work activities
• B. IT department would be telling employees who the boss is
• C. Not informing the employees that they are going to be monitored could be an invasion of privacy.
• D. The network could still experience traffic slow down.

Answer: C

NEW QUESTION 8
A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The “ps” command shows that the “nc” file is running as process, and the netstat command shows the “nc” process is listening on a network port.
What kind of vulnerability must be present to make this remote attack possible?

• A. File system permissions
• B. Privilege escalation
• C. Directory traversal
• D. Brute force login

Answer: A

NEW QUESTION 9
Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

• A. Kismet
• B. Abel
• C. Netstumbler
• D. Nessus

Answer: A

NEW QUESTION 10
Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

• A. tcptrace
• B. Nessus
• C. OpenVAS
• D. tcptraceroute

Answer: A

NEW QUESTION 11
When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

• A. Data items and vulnerability scanning
• B. Interviewing employees and network engineers
• C. Reviewing the firewalls configuration
• D. Source code review

Answer: A

NEW QUESTION 12
Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.

In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?

• A. Switch then acts as hub by broadcasting packets to all machines on the network
• B. The CAM overflow table will cause the switch to crash causing Denial of Service
• C. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF
• D. Every packet is dropped and the switch sends out SNMP alerts to the IDS port

Answer: A

NEW QUESTION 13
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

• A. Traceroute
• B. Hping
• C. TCP ping
• D. Broadcast ping

Answer: B

NEW QUESTION 14
What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the premiers environment

• A. VCloud based
• B. Honypot based
• C. Behaviour based
• D. Heuristics based

Answer: A

NEW QUESTION 15
In the context of Windows Security, what is a 'null' user?

• A. A user that has no skills
• B. An account that has been suspended by the admin
• C. A pseudo account that has no username and password
• D. A pseudo account that was created for security administration purpose

Answer: C

NEW QUESTION 16
Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

• A. Macro virus
• B. Stealth/Tunneling virus
• C. Cavity virus
• D. Polymorphic virus

Answer: B

NEW QUESTION 17
Scenario1:
* 1. Victim opens the attacker's web site.
* 2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make
$1000 in a day?'.
* 3. Victim clicks to the interesting and attractive content URL.
* 4. Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' URL but actually he/she clicks to the content or URL that exists in the transparent 'iframe' which is setup by the attacker.
What is the name of the attack which is mentioned in the scenario?

• A. Session Fixation
• B. HTML Injection
• C. HTTP Parameter Pollution
• D. Clickjacking Attack

Answer: D

NEW QUESTION 18
The “Gray-box testing” methodology enforces what kind of restriction?

• A. Only the external operation of a system is accessible to the tester.
• B. The internal operation of a system in only partly accessible to the tester.
• C. Only the internal operation of a system is known to the tester.
• D. The internal operation of a system is completely known to the tester.

Answer: B

NEW QUESTION 19
Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

• A. nessus
• B. tcpdump
• C. ethereal
• D. jack the ripper

Answer: B

NEW QUESTION 20
Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

• A. symmetric algorithms
• B. asymmetric algorithms
• C. hashing algorithms
• D. integrity algorithms

Answer: C

NEW QUESTION 21
These hackers have limited or no training and know how to use only basic techniques or tools. What kind of hackers are we talking about?

• A. Black-Hat Hackers A
• B. Script Kiddies
• C. White-Hat Hackers
• D. Gray-Hat Hacker

Answer: C

NEW QUESTION 22
Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his company's email server based on analysis of a suspicious connection from the email server to an unknown IP Address.
What is the first thing that Nedved needs to do before contacting the incident response team?

• A. Leave it as it Is and contact the incident response te3m right away
• B. Block the connection to the suspicious IP Address from the firewall
• C. Disconnect the email server from the network
• D. Migrate the connection to the backup email server

Answer: C

NEW QUESTION 23
Which of the following tools can be used to perform a zone transfer?

• A. NSLookup
• B. Finger
• C. Dig
• D. Sam Spade
• E. Host
• F. Netcat
• G. Neotrace

Answer: ACDE

NEW QUESTION 24
Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?

• A. Use the built-in Windows Update tool
• B. Use a scan tool like Nessus
• C. Check MITRE.org for the latest list of CVE findings
• D. Create a disk image of a clean Windows installation

Answer: B

NEW QUESTION 25
During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

• A. Circuit
• B. Stateful
• C. Application
• D. Packet Filtering

Answer: B

NEW QUESTION 26
......