CEH-001 Online Practice Questions and Answers

What is War Dialing?

A. War dialing involves the use of a program in conjunction with a modem to penetrate the modem/PBX-based systems

B. War dialing is a vulnerability scanning technique that penetrates Firewalls

C. It is a social engineering technique that uses Phone calls to trick victims

D. Involves IDS Scanning Fragments to bypass Internet filters and stateful Firewalls

Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours, without any consideration for others. Neil knows that he has an up-to- date content filtering system and such access should not be authorized. What type of technique might be used by these offenders to access the Internet without restriction?

A. They are using UDP that is always authorized at the firewall

B. They are using HTTP tunneling software that allows them to communicate with protocols in a way it was not intended

C. They have been able to compromise the firewall, modify the rules, and give themselves proper access

D. They are using an older version of Internet Explorer that allow them to bypass the proxy server

Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this?

A. Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer.

B. He can send an IP packet with the SYN bit and the source address of his computer.

C. Fred can send an IP packet with the ACK bit set to zero and the source address of the switch.

D. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

Which of the following guidelines or standards is associated with the credit card industry?

A. Control Objectives for Information and Related Technology (COBIT)

B. Sarbanes-Oxley Act (SOX)

C. Health Insurance Portability and Accountability Act (HIPAA)

D. Payment Card Industry Data Security Standards (PCI DSS)

A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer. What is the consultant's obligation to the financial organization?

A. Say nothing and continue with the security testing.

B. Stop work immediately and contact the authorities.

C. Delete the pornography, say nothing, and continue security testing.

D. Bring the discovery to the financial organization's human resource department.

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:89

A. The host is likely a Windows machine.

B. The host is likely a Linux machine.

C. The host is likely a router.

D. The host is likely a printer.

An NMAP scan of a server shows port 69 is open. What risk could this pose?

A. Unauthenticated access

B. Weak SSL version

C. Cleartext login

D. Web portal data leak

A company has hired a security administrator to maintain and administer Linux and Windows-based systems. Written in the nightly report file is the followinG.

Firewall log files are at the expected value of 4 MB. The current time is 12am. Exactly two hours later the size has decreased considerably. Another hour goes by and the log files have shrunk in size again.

Which of the following actions should the security administrator take?

A. Log the event as suspicious activity and report this behavior to the incident response team immediately.

B. Log the event as suspicious activity, call a manager, and report this as soon as possible.

C. Run an anti-virus scan because it is likely the system is infected by malware.

D. Log the event as suspicious activity, continue to investigate, and act according to the site's security policy.

When Jason moves a file via NFS over the company's network, you want to grab a copy of it by sniffing. Which of the following tool accomplishes this?

A. macof

B. webspy

C. filesnarf

D. nfscopy

Carl has successfully compromised a web server from behind a firewall by exploiting a vulnerability in the web server program. He wants to proceed by installing a backdoor program. However, he is aware that not all inbound ports on the firewall are in the open state.

From the list given below, identify the port that is most likely to be open and allowed to reach the server that Carl has just compromised.

A. 53

B. 110

C. 25

D. 69