Filters
Question type
Study Flashcards

While DNS walking during the recon phase, Ryan discovers two hosts that should exist and have available services, but when he performs an inverse scan on them he gets confusing results. He can reach them through a web browser, confirming they have http services running, but the scan produces only RST, ACK responses. Why?


A) Ryan is inverse scanning a Windows host
B) Ryan is inverse scanning a Linux host
C) The filter is returning the RST flags to discourage the scan
D) The HTTP server always responds with a RST if the browser agent is not Mozilla or IE

Correct Answer

verifed

verified

When performing a pen test Russell have been asked to perform a thorough network footprint for small company of about 50 hosts. He checks the address of his own machine and notices that it is a class c. Knowing there are multiple network segments he runs the following command: nmap -sS -p 0-65535 -P0 -O 192.0.0.0/8 >> /root/footprint.nmap Which of the following statements describes what Russell has done?


A) The -sS scan looks for "Services" and this is not compatible with the -P0 (Do not ping first) option
B) He shouldn't run a dangerous scan like this as root, otherwise its OK
C) He is being thorough just as his boss asked him to. This range will be sure to notice everything.
D) He tried to scan 65536 ports on about 16 Million addresses. This is excessive traffic and is not a good approach.

Correct Answer

verifed

verified

Brian wants to demonstrate an example of hacking Google's adsense system. He decides to setup a "splog". What is Brian trying to illustrate?


A) Articles full of keywords but with dubious content value
B) Splurging on a burst of advertising on high cost, high impact traffic sites
C) Posting comments on trendy, spur of the moment type blog articles that have timely and up to the minute reporting
D) A network of connected sites that promote high click through actions. Example" "Click here" results in a sentence or two of promotion copy only to require yet another click to hopefully one day view some content.

Correct Answer

verifed

verified

Which of the following are valid RIRs?


A) LACNIC, LAPNIC, AFLAC
B) ARIN, LAPNIC, RIPE NCC
C) ARIN, APNIC, LAPNIC
D) ARIN, LACNIC, AfriNIC

Correct Answer

verifed

verified

Which of the following represents an OID?


A) S-1-5-7-341656734543-512
B) S-1-5-7-545632867586-1001
C) AD3424FDA31404EE
D) 1.2.1.1.1.2.1.3.1.4.6

Correct Answer

verifed

verified

D

Which of the following represents a stealth scan?


A) SYN; SYN/ACK; ACK; RST
B) SYN; SYN/ACK; RST
C) SYN; SYN/ACK; FIN
D) SYN; SYN/ACK

Correct Answer

verifed

verified

Shalicia wants to find all of the currently open connections on a Windows host; which command would provide this information?


A) netstats -an
B) netstat /an
C) nbtstat -an
D) nmap -sT -P0 -v [target ip]

Correct Answer

verifed

verified

Which of the following tools is best used for passive OS fingerprinting?


A) Cheops
B) Queso
C) NMap
D) p0f

Correct Answer

verifed

verified

Cade ran a scan on a system and could not identify the operating system. There does seem to be a webserver running though. How can that fact help Cade figure out the rest of the system?


A) Telnet to the open port an grab a banner
B) Use a browser to view the web page
C) Use an FTP client to connect to port 80 and observe the error messages
D) View the source code of the index.html page

Correct Answer

verifed

verified

How long will the secondary server wait before asking for a zone update if the regular update hasn't yet been answered? Lab.dom. IN SOA ns.lab.dom. (200030432 7200 3600 1209600 1800)


A) 2 Hours
B) 60 Minutes
C) 14 Days
D) 1 Week

Correct Answer

verifed

verified

Chris is using a Linux box and is also attempting to enumerate the network for computer names and shares. What command below would he run?


A) smbclient -L [target ip]
B) nbtstat -L [target ip]
C) net view \ \[domain]
D) Linux doesn't support Windows file sharing, so Chris is wasting his time

Correct Answer

verifed

verified

When attempting an operating system fingerprinting scan, NMap requires which of the following?


A) An open port
B) Specific services like HTTP on the target since OS detection is basically a banner grab
C) A packet filtering firewall between the scanner and the target
D) One open port and one closed port

Correct Answer

verifed

verified

Janet read on the Internet that free hosting services will offer scripts to customers that have security holes. It is possible that these holes are not always patched. She also read that Matt's PERL scripts are quite popular. What would Janet do next? (Choose two)


A) Use Google to locate Matt's script archive, guess on a popular script like formmail.pl, and use Google to look for vulnerabilities. Pop a code string into Google again and try to find vulnerable sites.
B) Use Google to search for webhosts that use these scripts and sign up for a free account. Download the scripts and analyze them for vulnerabilities.
C) These scripts are old and outdated. No one uses stuff like this anymore so Janet should ignore the article and move on.
D) Webhosts would not release vulnerable code, particularly the free services. They recognize their responsibility and invest a lot of money in ensuring the safety of their products. Janet has no angle here and should move on.

Correct Answer

verifed

verified

Which of the following tools can an attacker use for almost all footprinting needs, including whois, http banner grabbing, and traceroutes?


A) Google Earth
B) My IP Suite
C) Neotrace
D) Sam Spade

Correct Answer

verifed

verified

Based on the following command, which of the following statements are true? (Choose two) Lynx -dump http://www.google.com/search?q=site:eccouncil.org+ceh > ceh_search.txt


A) Lynx is a command line browser. We are passing in a URL that contains a search and dumping the results to a text file for further review.
B) Lynx is a command line browser and is extremely useful to the attacker that only has a remote shell on a system (no GUI) .
C) Lynx is a little known tool in the Google API. It provides access to undocumented functions and can access even Darknet data.
D) Lynx is an internal Linux command that tunnels an HTTP connection across a firewall and permits access to data anonymously. Since we do not want to be caught searching for a hacking class, this is the best tool to use.

Correct Answer

verifed

verified

A, B

During the network footprinting phase it is often helpful to get information from DNS that can reveal hosts, which in turn reveal network segments and traceroute can reveal even more. Obtaining records like CNAME, MX, and A are examples of this. Of the following answers, what is the best way to describe what the attacker is looking for?


A) Zone harvest
B) Zone Poison
C) Zone transfer
D) Zone estimate

Correct Answer

verifed

verified

Joe extracts a SID using the tool "SIDExtracter." Which of the following SIDs has administrator privileges? S-1-5-21-1147638176-875867241-945 Fred S-1-5-21-1147638176-875867241-134 Paul S-1-5-21-1147638176-875867241-777 Steve S-1-5-21-1147638176-875867241-500 Liz


A) Fred
B) Paul
C) Steve
D) Liz

Correct Answer

verifed

verified

What of the following lists of tools are used in a Linux system to gather information locally about what is running?


A) netstat, pstools, nbtstat, procmon
B) top, netstat, lsof, ps
C) ps, top, nbstat, net use
D) rpcinfo, ldap, nbstat, ps

Correct Answer

verifed

verified

B

Which of the following are ways to footprint email addresses or systems?


A) Send an email to a domain that will bounce back and analyze the headers
B) Telnet into port 25 and issue the VRFY command on names collected from the company directory
C) Embed a "web bug" in the HTML email and spam it out to everyone
D) All of the above

Correct Answer

verifed

verified

Monty wants to check a block of phone numbers for rogue infrastructure, what tool or technique would he use?


A) War dialing with Ettercap
B) War dialing with THC-Scan
C) Dialing for Dollars with Cold-Call Pro DX
D) Robo-dialing with DialDick.exe

Correct Answer

verifed

verified

Showing 1 - 20 of 65

Related Exams

Exam 1

Ethical Hacking and Testing

52 Questions

Exam 3

Malicious Code

58 Questions

Exam 4

Operating Systems and Applications

63 Questions

Exam 5

Networks and Services

64 Questions

Show Answer