Certified Ethical Hacker 312-50v10 – Question232

While using your banks online servicing you notice the following string in the URL bar:
http: // www. MyPersonalBank. com/ account?id=368940911028389&Damount=10980&Camount=21
You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflects the changes.
Which type of vulnerability is present on this site?


A.
Cookie Tampering
B. SQL Injection
C. Web Parameter Tampering
D. XSS Reflection

Correct Answer: C

Certified Ethical Hacker 312-50v10 – Question230

John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the company. John frequently forgets some steps and procedures while handling responses as they are very stressful to perform. Which of the following actions should John take to overcome this problem with the least administrative effort?


A.
Increase his technical skills
B. Read the incident manual every time it occurs
C. Select someone else to check the procedures
D. Create an incident checklist

Correct Answer: D

Certified Ethical Hacker 312-50v10 – Question229

Which of the following describes the characteristics of a Boot Sector Virus?


A.
Modifies directory table entries so that directory entries point to the virus code instead of the actual program.
B. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.
C. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.
D. Overwrites the original MBR and only executes the new virus code.

Correct Answer: C

Certified Ethical Hacker 312-50v10 – Question228

OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?


A.
openssl s_client site www.website.com:443
B. openssl_client site www.website.com:443
C. openssl_client connect www.website.com:443
D. openssl s_client connect www.website.com:443

Correct Answer: D

Certified Ethical Hacker 312-50v10 – Question226

Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name. What should be the first step in security testing the client?


A.
Reconnaissance
B. Escalation
C. Scanning
D. Enumeration

Correct Answer: A

Certified Ethical Hacker 312-50v10 – Question225

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionists email, and you send her an email changing the source email to her bosss email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links dont work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?


A.
Social engineering
B. Piggybacking
C. Tailgating
D. Eavesdropping

Correct Answer: A

Certified Ethical Hacker 312-50v10 – Question224

To maintain compliance with regulatory requirements, a security audit of the systems on a network must be performed to determine their compliance with security policies. Which one of the following tools would most likely be used in such an audit?


A.
Protocol analyzer
B. Intrusion Detection System
C. Port scanner
D. Vulnerability scanner

Correct Answer: D

Certified Ethical Hacker 312-50v10 – Question223

A companys security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?


A.
Attempts by attackers to access the user and password information stored in the companys SQL database.
B. Attempts by attackers to access Web sites that trust the Web browser user by stealing the users authentication credentials.
C. Attempts by attackers to access password stored on the users computer without the users knowledge.
D. Attempts by attackers to determine the users Web browser usage patterns, including when sites were visited and for how long.

Correct Answer: B