CEH-001 Practice Questions and Answers Online

This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and the IDS will not spot the true nature of the fully assembled datagram. The datagram is not reassembled until it reaches its final destination. It would be a processor- intensive task for IDS to reassemble all fragments itself, and on a busy system the packet will slip through the IDS onto the network. What is this technique called?

A. IP Routing or Packet Dropping

B. IDS Spoofing or Session Assembly

C. IP Fragmentation or Session Splicing

D. IP Splicing or Packet Reassembly

What type of Trojan is this?

A. RAT Trojan

B. E-Mail Trojan

C. Defacement Trojan

D. Destructing Trojan

E. Denial of Service Trojan

William has received a Chess game from someone in his computer programming class through email. William does not really know the person who sent the game very well, but decides to install the game anyway because he really likes Chess.

After William installs the game, he plays it for a couple of hours. The next day, William plays the Chess game again and notices that his machine has begun to slow down. He brings up his Task Manager and sees the following programs running:

What has William just installed?

A. Zombie Zapper (ZoZ)

B. Remote Access Trojan (RAT)

C. Bot IRC Tunnel (BIT)

D. Root Digger (RD)

_____________ is a type of symmetric-key encryption algorithm that transforms a fixed- length block of plaintext (unencrypted text) data into a block of ciphertext (encrypted text) data of the same length.

A. Stream Cipher

B. Block Cipher

C. Bit Cipher

D. Hash Cipher

Jake is a network administrator who needs to get reports from all the computer and network devices on his network. Jake wants to use SNMP but is afraid that won't be secure since passwords and messages are in clear text. How can Jake gather network information in a secure manner?

A. He can use SNMPv3

B. Jake can use SNMPrev5

C. He can use SecWMI

D. Jake can use SecSNMP

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS?

A. Timing options to slow the speed that the port scan is conducted

B. Fingerprinting to identify which operating systems are running on the network

C. ICMP ping sweep to determine which hosts on the network are not available

D. Traceroute to control the path of the packets sent during the scan

Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?

A. Cross-site scripting

B. SQL injection

C. Missing patches

D. CRLF injection

Because UDP is a connectionless protocol: (Select 2)

A. UDP recvfrom() and write() scanning will yield reliable results

B. It can only be used for Connect scans

C. It can only be used for SYN scans

D. There is no guarantee that the UDP packets will arrive at their destination

E. ICMP port unreachable messages may not be returned successfully

MX record priority increases as the number increases. (True/False.

A. True

B. False

The follows is an email header. What address is that of the true originator of the message?

A. 19.25.19.10

B. 51.32.123.21

C. 168.150.84.123

D. 215.52.220.122

E. 8.10.2/8.10.2

802.11b is considered a ____________ protocol.

A. Connectionless

B. Secure

C. Unsecure

D. Token ring based

E. Unreliable

You have just installed a new Linux file server at your office. This server is going to be used by several individuals in the organization, and unauthorized personnel must not be able to modify any data.

What kind of program can you use to track changes to files on the server?

A. Network Based IDS (NIDS)

B. Personal Firewall

C. System Integrity Verifier (SIV)

D. Linux IP Chains

What makes web application vulnerabilities so aggravating? (Choose two)

A. They can be launched through an authorized port.

B. A firewall will not stop them.

C. They exist only on the Linux platform.

D. They are detectable by most leading antivirus software.

During the intelligence gathering phase of a penetration test, you come across a press release by a security products vendor stating that they have signed a multi- million dollar agreement with the company you are targeting. The contract was for vulnerability assessment tools and network based IDS systems. While researching on that particular brand of IDS you notice that its default installation allows it to perform sniffing and attack analysis on one NIC and caters to its management and reporting on another NIC. The sniffing interface is completely unbound from the TCP/IP stack by default. Assuming the defaults were used, how can you detect these sniffing interfaces?

A. Use a ping flood against the IP of the sniffing NIC and look for latency in the responses.

B. Send your attack traffic and look for it to be dropped by the IDS.

C. Set your IP to that of the IDS and look for it as it attempts to knock your computer off the network.

D. The sniffing interface cannot be detected.

Which of the following best describes session key creation in SSL?

A. It is created by the server after verifying theuser's identity

B. It is created by the server upon connection by the client

C. It is created by the client from the server's public key

D. It is created by the client after verifying the server's identity