CEH Practical Exam Solutions Part 3/5

MCQ CEH Practical Exam Solutions

202. What attack is used to crack passwords by using a precomputed table of hashed passwords?
A. Brute Force Attack
B. Hybrid Attack
C. Rainbow Table Attack
D. Dictionary Attack

203. A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?
A. Perform a dictionary attack.
B. Perform a brute force attack.
C. Perform an attack with a rainbow table.
D. Perform a hybrid attack.

204. Which method of password cracking takes the most time and effort?
Brute force
Dictionary attack
Rainbow tables
Shoulder surfing

205. How can rainbow tables be defeated?
Password salting
Lockout accounts under brute force password cracking attempts
All uppercase character passwords
Use of non-dictionary words

206. A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted. Which cryptography attack is the student attempting?
A. Session hijacking
B. Man-in-the-middle attack
C. Brute-force attack
D. Dictionary attack

207. You have gained physical access to a Windows 2008 R2 server, which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user’s password or activate disabled Windows accounts?
Cain & Abel
SET
John the Ripper
CHNTPW

208. A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd How can he use it?
He can open it and read the user ids and corresponding passwords.
The password file does not contain the passwords themselves.
He cannot read it because it is encrypted
The file reveals the passwords to the root user only.

209. John the Ripper is a technical assessment tool used to test the weakness of which of the following?
Firewall rulesets
File permissions
Passwords
Usernames

210. There are several ways to gain insight on how a cryptosystem works with the goal of reverse engineering the process. A term describes when two pieces of data result in the same value is?


A. Collision
B. Collusion
C. Polymorphism
D. Escrow

211. What is a “Collision attack” in cryptography?
A. Collision attacks try to find two inputs producing the same hash.
B. Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key.
C. Collision attacks try to get the public key.
D. Collision attacks try to break the hash into three parts to get the plaintext value.

212. Which property ensures that a hash function will not produce the same hashed value for two different messages?
A. Collision resistance
B. Bit length
C. Key strength
D. Entropy

213. A hacker searches in Google for filetype:pcf to find Cisco VPN config files. Those files may contain connectivity passwords that can be decoded with which of the following?
A. Cupp
B. Nessus
C. Cain and Abel
D. John The Ripper Pro

214. The following is a sample of output from a penetration tester’s machine targeting a machine with the IP address of 192.168.1.106:

CEH Practical Exam Solutions Part 3/5

What is most likely taking place?
A. Ping sweep of the 192.168.1.106 network
B. Remote service brute force attempt
C. Port scan of 192.168.1.106
D. Denial of service attack on 192.168.1.106

215. Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique provides ‘security through obscurity’. What technique is Ricardo using?
Public-key cryptography
RSA algorithm
Steganography
Encryption

216. Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:
[[email protected] ~]$ john secret.txt
Loaded 2 password hashes with no different salts (LM [DES 128/128 SSE2-16])
Press ‘q’ or Ctrl-C to abort, almost any other key for status
0g 0:00:00:03 3/3 0g/s 86168p/s 86168c/s 172336C/s MERO..SAMPLUI
0g 0:00:00:04 3/3 0g/s 3296Kp/s 3296Kc/s 6592KC/s GOS..KARIS4
0g 0:00:00:07 3/3 0g/s 8154Kp/s 8154Kc/s 16309KC/s NY180K..NY1837
0g 0:00:00:10 3/3 0g/s 7958Kp/s 7958Kc/s 15917KC/s SHAGRN..SHENY9
What is she trying to achieve?
She is encrypting the file.
She is using John the Ripper to crack the passwords in the secret.txt file.
She is using John the Ripper to view the contents of the file.
She is using ftp to transfer the file to another hacker named John.

217. Which of the following is an application that requires a host application for replication?
A. Micro
B. Worm (Operates by itself)
C. Trojan (Spread through user interaction e.g. email attachment)
D. Virus (Rely on host to spread)

218. It is a kind of malware (malicious software) that criminals install on your computer so they can lock it from a remote location. This malware generates a pop-up window, webpage, or email warning from what looks like an official authority. It explains that your computer has been locked because of possible illegal activities on it and demands payment before you can access your files and programs again. What type of malware is it that restricts access to a computer system that it infects and demands that the user pay a certain amount of money, cryptocurrency, etc. to the operators of the malware to remove the restriction?
A. Ransomware
B. Riskware
C. Adware
D. Spyware

219. Which of the following is the best countermeasure to encrypting ransomwares
Ans: Keep some generation of off-line backup

220. Which of the following programs is usually targeted at Microsoft Office products?
A. Polymorphic virus
B. Multipart virus
C. Stealth virus
D. Macro virus

221. A virus that attempts to install itself inside of the file it is infecting is called?
Polymorphic virus
Tunneling virus (Bypass/intercept anti-virus, installing itself)
Stealth virus
Cavity virus (Install itself without damaging program itself)

222. Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?
Cavity virus (Install itself without damaging program itself)
Tunneling virus
Polymorphic virus
Stealth virus

223. Which of the following program infects the system boot sector and the executable files at the same time?
Multipartite Virus
Macro virus (Written in macro, infects Microsoft or similar applications)
Polymorphic virus (Self-encrypted virus designed to avoid detection, duplicates itself)
Stealth virus (Hidden computer virus that attacks OS processes and averts anti-virus scans)

224. A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content.
Which sort of trojan infects this server?
Turtle Trojans
Banking Trojans
Botnet Trojan
Ransomware Trojans

225. A server has been infected by a certain type of Trojan. The hacker intended to utilize it to send and host junk mails. What type of Trojan did the hacker use?
A. Turtle Trojans
B. Ransomware Trojans
C. Botnet Trojan
D. Banking Trojans

226. A botnet can be managed through which of the following?
A. IRC
B. E-Mail
C. Linkedin and Facebook
D. A vulnerable FTP server

227. You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8. While monitoring the data, you find a high number of outbound connections. You see that IP’s owned by XYZ (Internal) and private IP’s are communicating to a Single Public IP. Therefore, the Internal IP’s are sending data to the Public IP. After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.
What kind of attack does the above scenario depict?
Ans: Botnet Attack (Issuing commands to perform malicious activities such as DDoS, sending of spam mail, information theft)

228. Which of the following items of a computer system will an anti-virus program scan for viruses?
A. Boot Sector
B. Deleted Files
C. Windows Process List
D. Password Protected Files

229. Which of the following BEST describes the mechanism of a Boot Sector Virus?


A. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR (Master Boot Record)
B. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR
C. Overwrites the original MBR and only executes the new virus code
D. Modifies directory table entries so that directory entries point to the virus code instead of the actual program

230. Matthew received an email with an attachment named “YouWon$10Grand.zip.” The zip file contains a file named “HowToClaimYourPrize.docx.exe.” Out of excitement and curiosity, Matthew opened the said file. Without his knowledge, the file copies itself to Matthew’s APPDATA\\IocaI directory and begins to beacon to a Command-and-control server to download additional malicious binaries. What type of malware has Matthew encountered?
A. Key-logger
B. Trojan
C. Worm
D. Macro Virus

231. Jesse receives an email with an attachment labeled “Court_Notice_21206.zip”. Inside the zip file is a file named “Court_Notice_21206.docx.exe” disguised as a word document. Upon execution, a window appears stating, “This word document is corrupt.” In the background, the file copies itself to Jesse APPDATA\local directory and begins to beacon to a C2 server to download additional malicious binaries.
What type of malware has Jesse encountered?
Trojan
Macro Virus
Worm
Key-Logger

232. Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known to incorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits.
What type of attack is outlined in the scenario?
A. Watering Hole Attack (attack a group)
B. Heartbleed Attack
C. Shellshock Attack
D. Spear Phishing Attack

233. Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.
A. Heartbleed Bug
B. POODLE
C. SSL/TLS Renegotiation Vulnerability
D. Shellshock

234. The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the transport layer security (TLS) protocols defined in RFC6520. What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?
Root
Shared
Public
Private

235. An engineer is learning to write exploits in C++ and is using the exploit tool Backtrack. The engineer wants to compile the newest C++ exploit and name it calc.exe. Which command would the engineer use to accomplish this?
A. g++ hackersExploit.cpp -o calc.exe
B. g++ hackersExploit.py -o calc.exe
C. g++ -i hackersExploit.pl -o calc.exe
D. g++ –compile –i hackersExploit.cpp -o calc.exe

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context?
Ans: Code emulation

236. Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place ?
Malware is executing in either ROM or a cache memory area.
Malicious code is attempting to execute instruction in a non-executable memory region.
A race condition is being exploited, and the operating system is containing the malicious process
A page fault is occurring, which forces the operating system to write data from the hard drive

237. How is sniffing broadly categorized?
A. Active and passive
B. Broadcast and unicast
C. Unmanaged and managed
D. Filtered and unfiltered

238. You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?
Cain & Abel
Nessus
Nmap
Snort

239. Which of the following identifies the three modes in which Snort can be configured to run?
A. Sniffer, Packet Logger, and Network Intrusion Detection System
B. Sniffer, Network Intrusion Detection System, and Host Intrusion Detection System
C. Sniffer, Host Intrusion Prevention System, and Network Intrusion Prevention System
D. Sniffer, Packet Logger, and Host Intrusion Prevention System

240. This configuration allows NIC to pass all traffic it receives to the Central Processing Unit (CPU), instead of passing only the frames that the controller is intended to receive. Select the option that BEST describes the above statement.
A. Multi-cast mode
B. WEM
C. Promiscuous mode
D. Port forwarding

241. Which of the following is the BEST way to defend against network sniffing?
A. Using encryption protocols to secure network communications
B. Register all machines MAC Address in a Centralized Database
C. Restrict Physical Access to Server Rooms hosting Critical Servers
D. Use Static IP Address

242. Which of the following statements is TRUE?
Sniffers operate on Layer 2 of the OSI model
Sniffers operate on both Layer 2 & Layer 3 of the OSI model
Sniffers operate on the Layer 1 of the OSI model
Sniffers operate on Layer 3 of the OSI model

243. A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to sniff all of the packets in the network?
A. Fraggle (Send UDP traffic to IP broadcast)
B. MAC Flood
C. Smurf
D. Tear Drop

244. When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?
Identifying operating systems, services, protocols and devices
Collecting unencrypted information about usernames and passwords
Capturing a network traffic for further analysis
Modifying and replaying captured network traffic

245. Which of the following is a form of penetration testing that relies heavily on human interaction and often involves tricking people into breaking normal security procedures?
A. Social Engineering
B. Piggybacking
C. Tailgating
D. Eavesdropping

246. Which of the following is a low-tech way of gaining unauthorized access to systems
Eavesdropping
Sniffing
Scanning
Social engineering

247. You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email( [email protected] ). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network.
What testing method did you use?
A. Social engineering
B. Tailgating
C. Piggybacking
D. Eavesdropping

248. A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop anti-virus and E-mail gateway. This approach can be used to mitigate which kind of attack?
A. Forensic attack
B. ARP spoofing attack
C. Social engineering attack
D. Scanning attack

249. When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial?
A. Vulnerability scanning
B. Social engineering
C. Application security testing
D. Network sniffing

250. The company ABC recently discovered that their new product was released by the opposition before their premiere. They contract an investigator who discovered that the maid threw away papers with confidential information about the new product and the opposition found it in the garbage. What is the name of the technique used by the opposition?
A. Hack attack
B. Sniffing
C. Dumpster diving
D. Spying

251. The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP’s Top Ten Project Most Critical Web Application Security Risks?
A. Injection
B. Cross Site Scripting
C. Cross Site Request Forgery
D. Path disclosure

252. Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?
A. WebBugs
B. WebGoat
C. VULN_HTML
D. WebScarab

253. When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is
A. OWASP is for web applications and OSSTMM does not include web applications.
B. OSSTMM is gray box testing and OWASP is black box testing.
C. OWASP addresses controls and OSSTMM does not.
D. OSSTMM addresses controls and OWASP does not.

254. The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?
A. An extensible security framework named COBIT
B. A list of flaws and how to fix them
C. Web application patches
D. A security certification for hardened web applications

255. If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?
A. SDLC process
B. Honey pot
C. SQL injection
D. Trap door

256. A hacker was able to easily gain access to a website. He was able to log in via the frontend user login form of the website using default or commonly used credentials. This exploitation is an example of what Software design flaw?
A. Insufficient security management
B. Insufficient database hardening
C. Insufficient input validation
D. Insufficient exception handling

257. While performing data validation of web content, a security technician is required to restrict malicious input. Which of the following processes is an efficient way of restricting malicious input?
A. Validate web content input for query strings.
B. Validate web content input with scanning tools.
C. Validate web content input for type, length, and range.
D. Validate web content input for extraneous queries.

258. Code injection is a form of attack in which a malicious user
Inserts text into a data field that gets interpreted as code.
Gains access to the codebase on the server and inserts new code.
Gets the server to execute arbitrary code using a buffer overflow.
Inserts additional code into the JavaScript running in the browser.

259. An attacker has been successfully modifying the purchase price of items purchased on the company’s web site. The security administrators verify the web server and Oracle database have not been compromised directly. They have also verified the Intrusion Detection System (IDS) logs and found no attacks that could have caused this. What is the mostly likely way the attacker has been able to modify the purchase price?
A. By using SQL injection
B. By changing hidden form values
C. By using cross site scripting
D. By utilizing a buffer overflow attack

260. While performing online banking using a Web browser, Kyle receives an email that contains an image of a wellcrafted art. Upon clicking the image, a new tab on the web browser opens and shows an animated GIF of bills and coins being swallowed by a crocodile. After several days, Kyle noticed that all his funds on the bank was gone. What Web browser-based security vulnerability got exploited by the hacker?
A. Clickjacking
B. Web Form Input Validation
C. Cross-Site Request Forgery
D. Cross-Site Scripting

261. Cross-site request forgery involves
A browser making a request to a server without the user’s knowledge
Modification of a request by a proxy between client and server.
A server making a request to another server without the user’s knowledge
A request sent by a malicious user from a browser to a server

262. What type of a vulnerability/attack is it when the malicious person forces the user’s browser to send an authenticated request to a server?
Cross-site request forgery
Server side request forgery
Cross-site scripting
Session hijacking

263. Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?
A. The victim user must open the malicious link with an Internet Explorer prior to version 8.
B. The session cookies generated by the application do not have the HttpOnly flag set.
C. The victim user must open the malicious link with a Firefox prior to version 3.
D. The web application should not use random tokens.

264. Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
LDAP Injection attack
SQL injection attack

265. A company’s Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?
Session management vulnerability
Cross-site Request Forgery vulnerability
Cross-site scripting vulnerability
SQL injection vulnerability

266. While testing the company’s web applications, a tester attempts to insert the following test script into the search area on the company’s web site:
alert(” Testing Testing Testing “)
Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text: “Testing Testing Testing”. Which vulnerability has been detected in the web application?
A. Buffer overflow
B. Cross-site request forgery
C. Distributed denial of service
D. Cross-site scripting

267. A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application’s search form and introduces the following code in the search input field:
IMG SRC=vbscript:msgbox(“Vulnerable”);> originalAttribute=”SRC” originalPath=”vbscript:msgbox
(“Vulnerable”);>”
When the analyst submits the form, the browser returns a pop-up window that says “Vulnerable”.
Which web applications vulnerability did the analyst discover?
A. Cross-site request forgery
B. Command injection
C. Cross-site scripting
D. SQL injection

268. During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?
A. The web application does not have the secure flag set.
B. The session cookies do not have the HttpOnly flag set.
C. The victim user should not have an endpoint security solution.
D. The victim’s browser must have ActiveX technology enabled.

269. An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim’s profile to a text file and then submit the data to the attacker’s database.
< iframe src=””http://www.vulnweb.com/updateif.php”” style=””display:none”” > < /iframe >
What is this type of attack (that can use either HTTP GET or HTTP POST) called?
SQL Injection
Cross-Site Scripting
Browser Hacking
Cross-Site Request Forgery

270. Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned. Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability
GET /restricted/goldtransferto=Rob&from=1 or 1=1′ HTTP1.1Host westbank.com
GET /restricted/bank.getaccount(‘Ned’) HTTP1.1 Host westbank.com
GET /restricted/accounts/?name=Ned HTTP1.1 Host westbank.com
GET /restricted/\r\n\accountNedaccess HTTP1.1 Host westbank.com

271. Which of the following is the BEST way to protect Personally Identifiable Information (PII) from being exploited due to vulnerabilities of varying web applications?
A. Use cryptographic storage to store all PII
B. Use full disk encryption on all hard drives to protect PII
C. Use encrypted communications protocols to transmit PII
D. Use a security token to log into all Web applications that use PII

272. Which of the following is the BEST approach to prevent Cross-site Scripting (XSS) flaws?
A. Use digital certificates to authenticate a server prior to sending data.
B. Verify access right before allowing access to protected information and UI controls.
C. Verify access right before allowing access to protected information and UI controls.
D. Validate and escape all information sent to a server.

273. A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field?
A. if (billingAddress = 50) {update field} else exit
B. if (billingAddress != 50) {update field} else exit
C. if (billingAddress >= 50) {update field} else exit
D. if (billingAddress <= 50) {update field} else exit

274. A recently hired network security associate at a local bank was given the responsibility to perform daily scans of the internal network to look for unauthorized devices. The employee decides to write a script that will scan the network for unauthorized devices every morning at 5:00 am. Which of the following programming languages would most likely be used?
A. PHP
B. C#
C. Python
D. ASP.NET

275. Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of
a built-in-bounds checking mechanism?
Code:
#include
int main(){
char buffer[8];
strcpy(buffer, ““11111111111111111111111111111””);
}
Output:
Segmentation fault
A. C#
B. Python
C. Java
D. C++

276. #!/usr/bin/python
import socket
buffer=[“A”]counter=50
while len(buffer)<=100:
buffer.apend (“A”*counter)
counter=counter+50
commands=
[“HELP”,“STATS.”,“RTIME.”,“LTIME.”,“SRUN.”,“TRUN.”,“GMON.”,“GDOG.”,“KSTET.”,“GTER.”,“HTER.”,“LTER.
”,“KSTAN.”]
for command in commands:
for buffstring in buffer:
print “Exploiting” +command+“:”+str(len(buffstring))
s=socket.socket(socket.AF_INET.socket.SOCK_STREAM)
s.connect((‘127.0.0.1’,9999))
s.recv(50)
s.send(command+buffstring)
s.close()
What is the code written for?
A. Buffer Overflow
B. Encryption
C. Bruteforce
D. Denial-of-service (Dos)

277. A company’s security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?
A. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user’s authentication credentials.
B. Attempts by attackers to access the user and password information stored in the company’s SQL database.
C. Attempts by attackers to access passwords stored on the user’s computer without the user’s knowledge.
D. Attempts by attackers to determine the user’s Web browser usage patterns, including when sites were visited and for how long.

278. While using your bank’s online servicing you notice the following string in the URL bar: “http://www.MyPersonalBank.com/account?id=368940911028389&Damount=10980&Camount=21” You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes. Which type of vulnerability is present on this site?
A. Web Parameter Tampering
B. Cookie Tampering
C. XSS Reflection
D. SQL injection

279. What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?
A. Injecting parameters into a connection string using semicolons as a separator
B. Inserting malicious Javascript code into input parameters
C. Setting a user’s session identifier (SID) to an explicit known value
D. Adding multiple parameters with the same name in HTTP requests

280. When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.
What proxy tool will help you find web vulnerabilities?
Dimitry
Proxychains
Burpsuite
Maskgen

281. You are looking for SQL injection vulnerability by sending a special character to web applications. Which of the following is the most useful for quick validation?
Blackslash
Semicolon
Double quotation
Single quotation

282. A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database. In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?
Semicolon
Single quote
Double quote
Exclamation mark

283. What is the best description of SQL Injection?
A. It is an attack used to gain unauthorized access to a database.
B. It is an attack used to modify code in an application.
C. It is a Man-in-the-Middle attack between your SQL Server and Web App Server.
D. It is a Denial of Service Attack.

284. Which of the following is used to indicate a single-line comment in structured query language (SQL)?
A. —
B. ||
C. %%
D. ”

285. Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker?
A. DataThief
B. NetCat
C. Cain and Abel
D. SQLInjector

286. What is attempting an injection attack on a web server based on responses to True/False questions called?
A. Compound SQLi
B. DMS-specific SQLi
C. Classic SQLi
D. Blind SQLi

287. What is the main difference between a “Normal” SQL Injection and a “Blind” SQL Injection vulnerability?
A. The request to the web server is not visible to the administrator of the vulnerable application.
B. The attack is called “Blind” because, although the application properly filters user input, it is still vulnerable to code injection.
C. The successful attack does not show an error message to the administrator of the affected application.
D. The vulnerable application does not display errors with information about the injection results to the attacker.

288. A security administrator notices that the log file of the company’s webserver contains suspicious entries:
Based on source code analysis, the analyst concludes that the login.php script is vulnerable to
A. command injection.
B. SQL injection.
C. directory traversal.
D. LDAP injection.

289. If an attacker uses the command SELECT FROM user WHERE name = ‘x’ AND userid IS NULL; –‘; which type of SQL injection attack is the attacker performing
A. Tautology (Use OR operator so that query always TRUE)
B. Piggy-backed (Input additional queries to original, first query is valid and the subsequent are injected queries)
C. Union (Returns a dataset that is union of the result of original query and injected queries)

290. You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?
A. TCP
B. UPD
C. ICMP
D. UPX

291. An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?
A. Only using OSPFv3 will mitigate this risk.
B. Make sure that legitimate network routers are configured to run routing protocols with authentication.
C. Redirection of the traffic cannot happen unless the admin allows it explicitly.
D. Disable all routing protocols and only use static routes.

292. An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections. When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code?
Ans: Ettercap (putting network interface to promiscuous mode, ARP poisoning target machines)

293. Which of the following is an example of IP spoofing?
A. SQL injections
B. Man-in-the-middle
C. Cross-site scripting
D. ARP poisoning

294. Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?
A. Nikto
B. Snort
C. John the Ripper
D. Dsniff

295. Why should the security analyst disable/remove unnecessary ISAPI filters?
To defend against webserver attacks
To defend against social engineering attacks
To defend against wireless attacks
To defend against jailbreaking

296. How does an operating system protect the passwords used for account logins?
A. The operating system performs a one-way hash of the passwords.
B. The operating system stores the passwords in a secret file that users cannot find.
C. The operating system encrypts the passwords, and decrypts them when needed.
D. The operating system stores all passwords in a protected segment of non-volatile memory.

297. Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target service?
A. Port scanning
B. Banner grabbing
C. Injecting arbitrary data
D. Analyzing service response

298. Which tool can be used to silently copy files from USB devices?
A. USB Grabber
B. USB Dumper
C. USB Sniffer
D. USB Snoopy

299. Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?
A. Cross-site scripting
B. SQL injection
C. Missing patches
D. CRLF injection

300. At a Windows Server command prompt, which command could be used to list the running services?
A. Sc query type= running
B. Sc query \\\\servername
C. Sc query
D. Sc config

301. What is the most common method to exploit the “Bash Bug” or “ShellShock” vulnerability?
A. SSH
B. SYN Flood
C. Through web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server
D. Manipulate format strings in text fields

Leave a Comment

close
error: Content is protected !!
Free Udemy Courses and Hacking Resources Join Us on TelegramClick Here
+