EC-Council 312-50v11 Certified Ethical Hacker Exam – C|EH v11 Online Training

1. You are attempting to run an Nmap port scan on a web server.

Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?

2. In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information.

How can he achieve this?

3. Which of the following tools can be used to perform a zone transfer?

4. A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The “ps” command shows that the “nc” file is running as process, and the netstat command shows the “nc” process is listening on a network port.

What kind of vulnerability must be present to make this remote attack possible?

5. While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place.

What Web browser-based security vulnerability was exploited to compromise the user?

6. You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select?

7. CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test.

Your email message looks like this:

From: [email protected]

To: [email protected] Subject: Test message

Date: 4/3/2017 14:37

The employee of CompanyXYZ receives your email message.

This proves that CompanyXYZ’s email gateway doesn’t prevent what?

8. Why is a penetration test considered to be more thorough than vulnerability scan?

9. A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems.

However, he is unable to capture any logons though he knows that other users are logging in.

What do you think is the most likely reason behind this?

10. John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the company. John frequently forgets some steps and procedures while handling responses as they are very stressful to perform.

Which of the following actions should John take to overcome this problem with the least administrative effort?

11. Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

12. Peter is surfing the internet looking for information about DX Company.

Which hacking process is Peter doing?

13. What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

14. Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network.

Which of these tools would do the SNMP enumeration he is looking for? Select the best answers.

15. When discussing passwords, what is considered a brute force attack?

16. What is the purpose of DNS AAAA record?

17. Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has taken some measures and implemented the necessary controls. After that, another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%.

Which of the following risk decisions will be the best for the project in terms of its successful continuation with the most business profit?

18. Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

A camera captures people walking and identifies the individuals using Steve’s approach.

After that, people must approximate their RFID badges. Both the identifications are required to open the door.

In this case, we can say:

19. What port number is used by LDAP protocol?

20. Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

21. A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing C Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str... corporate network.

What tool should the analyst use to perform a Blackjacking attack?

22. Why containers are less secure that virtual machines?

23. Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

24. Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

25. John the Ripper is a technical assessment tool used to test the weakness of which of the following?

26. Fred is the network administrator for his company. Fred is testing an internal switch.

From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer.

How can Fred accomplish this?

27. Which of the following LM hashes represent a password of less than 8 characters? (Choose two.)

28. CORRECT TEXT

You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.

What is the best Nmap command you will use?

29. MX record priority increases as the number increases. (True/False.)

30. Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

31. Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours.

What protocol used on Linux servers to synchronize the time has stopped working?

32. You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet.

What is the recommended architecture in terms of server placement?

33. What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

34. Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn’t log out from emails or other social media accounts, and etc.

After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons.

Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret?

35. Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.





What is Eve trying to do?

36. A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24.

Which of the following has occurred?

37. Study the following log extract and identify the attack.

38. Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory.

What kind of attack is Susan carrying on?

39. A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system.

What is the first step that the bank should take before enabling the audit feature?

40. In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

41. The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it.

Which of the following options can be useful to ensure the integrity of the data?

42. The “Gray-box testing” methodology enforces what kind of restriction?

43. A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network.

What are some things he can do to prevent it? Select the best answers.

44. What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

45. You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles.

You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems.

In other words, you are trying to penetrate an otherwise impenetrable system.

How would you proceed?

46. Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful.

What type of SQL injection is Elliot most likely performing?

47. A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems.

What is the best security policy concerning this setup?

48. Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

49. Which of the following programs is usually targeted at Microsoft Office products?

50. Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite provides different functionality. Collective IPsec does everything except.

51. Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company.

He is looking for an IDS with the following characteristics:

- Verifies success or failure of an attack

- Monitors system activities Detects attacks that a network-based IDS fails to detect

- Near real-time detection and response

- Does not require additional hardware

- Lower entry cost Which type of IDS is best suited for Tremp's requirements?

52. Which of the following steps for risk assessment methodology refers to vulnerability identification?

53. Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]”.

Which statement below is true?

54. When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

55. Which of the following is a component of a risk assessment?

56. Todd has been asked by the security officer to purchase a counter-based authentication system.

Which of the following best describes this type of system?

57. What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the premiers environment-

58. PGP, SSL, and IKE are all examples of which type of cryptography?

59. You just set up a security system in your network.

In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ““FTP on the network!””;)

60. Which of the following is assured by the use of a hash?