Tag: Certified Ethical Hacker – CEH – 312-50

Certified Ethical Hacker – CEH – 312-50 – Question284

Which regulation defines security and privacy controls for Federal information systems and organizations?


A. NIST-800-53

B. PCI-DSS
C. EU Safe Harbor
D. HIPAA

Correct Answer: A

Explanation:

NIST Special Publication 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations,” provides a catalog of security controls for all U.S. federal information systems except those related to national security.

References: https://en.wikipedia.org/wiki/NIST_Special_Publication_800-53

Certified Ethical Hacker – CEH – 312-50 – Question283

Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name.

What should be the first step in security testing the client?


A. Reconnaissance
B. Enumeration
C. Scanning
D. Escalation

Correct Answer: A

Explanation:

Phases of hacking
Phase 1Reconnaissance
Phase 2Scanning
Phase 3Gaining Access
Phase 4Maintaining Access
Phase 5Covering Tracks

Phase 1: Passive and Active Reconnaissance
Passive reconnaissance involves gathering information regarding a potential target without the targeted individuals or companys knowledge.

Active reconnaissance involves probing the network to discover individual hosts, IP addresses, and services on the network.
References: http://hack-o-crack.blogspot.se/2010/12/five-stages-of-ethical-hacking.html

Certified Ethical Hacker – CEH – 312-50 – Question282

You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?


A. TCP
B. UPD
C. ICMP
D. UPX

Correct Answer: A

Explanation:

At the establishment of a TCP session the client starts by sending a SYN-packet (SYN=synchronize) with a sequence number. To hijack a session it is required to send a packet with a right seq-number, otherwise they are dropped.

References: https://www.exploit-db.com/papers/13587/

Certified Ethical Hacker – CEH – 312-50 – Question281

Which of the following is the successor of SSL?


A. TLS
B. RSA
C. GRE
D. IPSec

Correct Answer: A

Explanation:

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as ‘SSL’, are cryptographic protocols that provide communications security over a computer network.

References: https://en.wikipedia.org/wiki/Transport_Layer_Security

Certified Ethical Hacker – CEH – 312-50 – Question280

A common cryptographical tool is the use of XOR. XOR the following binary values:
10110001
00111010


A. 10001011
B. 11011000
C. 10011101
D. 10111100

Correct Answer: A

Explanation:

The XOR gate is a digital logic gate that implements an exclusive or; that is, a true output (1/HIGH) results if one, and only one, of the inputs to the gate is true. If both inputs are false (0/LOW) or both are true, a false output results. XOR represents the inequality function, i.e., the output is true if the inputs are not alike otherwise the output is false. A way to remember XOR is “one or the other but not both”.

References: https://en.wikipedia.org/wiki/XOR_gate

Certified Ethical Hacker – CEH – 312-50 – Question279

Using Windows CMD, how would an attacker list all the shares to which the current user context has access?


A. NET USE
B. NET CONFIG
C. NET FILE
D. NET VIEW

Correct Answer: A

Explanation:

Connects a computer to or disconnects a computer from a shared resource, or displays information about computer connections. The command also controls persistent net connections. Used without parameters, net use retrieves a list of network connections.

References: https://technet.microsoft.com/en-us/library/bb490717.aspx

Certified Ethical Hacker – CEH – 312-50 – Question278

env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd'
What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host?


A. Display passwd content to prompt
B. Removes the passwd file
C. Changes all passwords in passwd
D. Add new user to the passwd file

Correct Answer: A

Explanation:

To extract private information, attackers are using a couple of techniques. The simplest extraction attacks are in the form:
() {:;}; /bin/cat /etc/passwd
That reads the password file /etc/passwd, and adds it to the response from the web server. So an attacker injecting this code through the Shellshock vulnerability would see the password file dumped out onto their screen as part of the web page returned.

References: https://blog.cloudflare.com/inside-shellshock/

Certified Ethical Hacker – CEH – 312-50 – Question276

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", that the user is directed to a phishing site.
Which file does the attacker need to modify?


A. Hosts
B. Sudoers
C. Boot.ini
D. Networks

Correct Answer: A

Explanation:

The hosts file is a computer file used by an operating system to map hostnames to IP addresses. The hosts file contains lines of text consisting of an IP address in the first text field followed by one or more host names.
References: https://en.wikipedia.org/wiki/Hosts_(file)

Certified Ethical Hacker – CEH – 312-50 – Question275

You've gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your tool kit you have an Ubuntu 9.10 Linux LiveCD. Which Linux based tool has the ability to change any user's password or to activate disabled Windows accounts?


A. CHNTPW
B. Cain & Abel
C. SET
D. John the Ripper

Correct Answer: A

Explanation:

chntpw is a software utility for resetting or blanking local passwords used by Windows NT, 2000, XP, Vista, 7, 8 and 8.1. It does this by editing the SAM database where Windows stores password hashes.
References: https://en.wikipedia.org/wiki/Chntpw