Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Master the Certified Ethical Hacker (CEH) CEH-001 Exam with Confidence!

Questions 61

You are a Administrator of Windows server. You want to find the port number for POP3. What file would you find the information in and where?

Select the best answer.

Options:

A.

%windir%\\etc\\services

B.

system32\\drivers\\etc\\services

C.

%windir%\\system32\\drivers\\etc\\services

D.

/etc/services

E.

%windir%/system32/drivers/etc/services

Buy Now
Questions 62

This kind of password cracking method uses word lists in combination with numbers and special characters:

Options:

A.

Hybrid

B.

Linear

C.

Symmetric

D.

Brute Force

Buy Now
Questions 63

Password cracking programs reverse the hashing process to recover passwords.(True/False.

Options:

A.

True

B.

False

Buy Now
Questions 64

Study the snort rule given below:

CEH-001 Question 64

From the options below, choose the exploit against which this rule applies.

Options:

A.

WebDav

B.

SQL Slammer

C.

MS Blaster

D.

MyDoom

Buy Now
Questions 65

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

Options:

A.

There is no way to tell because a hash cannot be reversed

B.

The right most portion of the hash is always the same

C.

The hash always starts with AB923D

D.

The left most portion of the hash is always the same

E.

A portion of the hash will be all 0's

Buy Now
Questions 66

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

Options:

A.

137 and 139

B.

137 and 443

C.

139 and 443

D.

139 and 445

Buy Now
Questions 67

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored? (Choose the best answer)

Options:

A.

symmetric algorithms

B.

asymmetric algorithms

C.

hashing algorithms

D.

integrity algorithms

Buy Now
Questions 68

Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standard "hexdump" representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet?

Options:

A.

Port 1890 (Net-Devil Trojan)

B.

Port 1786 (Net-Devil Trojan)

C.

Port 1909 (Net-Devil Trojan)

D.

Port 6667 (Net-Devil Trojan)

Buy Now
Questions 69

You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption.

What encryption algorithm will you be decrypting?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Buy Now
Questions 70

Which type of attack is port scanning?

Options:

A.

Web server attack

B.

Information gathering

C.

Unauthorized access

D.

Denial of service attack

Buy Now
Questions 71

Exhibit:

ettercap –NCLzs --quiet

What does the command in the exhibit do in “Ettercap”?

Options:

A.

This command will provide you the entire list of hosts in the LAN

B.

This command will check if someone is poisoning you and will report its IP.

C.

This command will detach from console and log all the collected passwords from the network to a file.

D.

This command broadcasts ping to scan the LAN instead of ARP request of all the subnet IPs.

Buy Now
Questions 72

Which of the following statements about a zone transfer correct?(Choose three.

Options:

A.

A zone transfer is accomplished with the DNS

B.

A zone transfer is accomplished with the nslookup service

C.

A zone transfer passes all zone information that a DNS server maintains

D.

A zone transfer passes all zone information that a nslookup server maintains

E.

A zone transfer can be prevented by blocking all inbound TCP port 53 connections

F.

Zone transfers cannot occur on the Internet

Buy Now
Questions 73

_____ is the process of converting something from one representation to the simplest form. It deals with the way in which systems convert data from one form to another.

Options:

A.

Canonicalization

B.

Character Mapping

C.

Character Encoding

D.

UCS transformation formats

Buy Now
Questions 74

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.

Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

Options:

A.

Hardware, Software, and Sniffing.

B.

Hardware and Software Keyloggers.

C.

Passwords are always best obtained using Hardware key loggers.

D.

Software only, they are the most effective.

Buy Now
Questions 75

Which of the following Netcat commands would be used to perform a UDP scan of the lower 1024 ports?

Options:

A.

Netcat -h -U

B.

Netcat -hU <host(s.>

C.

Netcat -sU -p 1-1024 <host(s.>

D.

Netcat -u -v -w2 <host> 1-1024

E.

Netcat -sS -O target/1024

Buy Now
Questions 76

What happens during a SYN flood attack?

Options:

A.

TCP connection requests floods a target machine is flooded with randomized source address & ports for the TCP ports.

B.

A TCP SYN packet, which is a connection initiation, is sent to a target machine, giving the target host’s address as both source and destination, and is using the same port on the target host as both source and destination.

C.

A TCP packet is received with the FIN bit set but with no ACK bit set in the flags field.

D.

A TCP packet is received with both the SYN and the FIN bits set in the flags field.

Buy Now
Questions 77

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site.

One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!

From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact. No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using his dial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith.

After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

H@cker Mess@ge:

Y0u @re De@d! Fre@ks!

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact.

How did the attacker accomplish this hack?

Options:

A.

ARP spoofing

B.

SQL injection

C.

DNS poisoning

D.

Routing table injection

Buy Now
Questions 78

If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

Options:

A.

Birthday

B.

Brute force

C.

Man-in-the-middle

D.

Smurf

Buy Now
Questions 79

Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two.

What would you call this attack?

Options:

A.

Interceptor

B.

Man-in-the-middle

C.

ARP Proxy

D.

Poisoning Attack

Buy Now
Questions 80

What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

Options:

A.

Copy the system files from a known good system

B.

Perform a trap and trace

C.

Delete the files and try to determine the source

D.

Reload from a previous backup

E.

Reload from known good media

Buy Now