312-50v11 215qtn PDF

Preview

Summary

312-50v11 215qtn PA...

Description

312-50v11.prepaway.premium.exam.215q Number:312-50v11 PassingScore:800 TimeLimit:120min FileVersion:2.0

312-50v11 Certified Ethical Hacker v11 Exam Version 2.0

40625B860D595D76F874EF86ABE14545

Exam A QUESTION 1 WhileperformingonlinebankingusingaWebbrowser,auserreceivesanemailthatcontainsalinktoan interestingWebsite.Whentheuserclicksonthelink,anotherWebbrowsersessionstartsanddisplaysa videoofcatsplayingapiano.Thenextbusinessday,theuserreceiveswhatlookslikeanemailfromhisbank, indicatingthathisbankaccounthasbeenaccessedfromaforeigncountry.Theemailaskstheusertocallhis bankandverifytheauthorizationofafundstransferthattookplace.WhatWebbrowser-basedsecurity vulnerabilitywasexploitedtocompromisetheuser? A. B. C. D.

Clickjacking Cross-SiteScripting Cross-SiteRequestForgery Webforminputvalidation

Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 2 WhichserviceinaPKIwillvouchfortheidentityofanindividualorcompany? A. B. C. D.

KDC CR CBC CA

Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 3 Identifythewebapplicationattackwheretheattackersexploitvulnerabilitiesindynamicallygeneratedweb pagestoinjectclient-sidescriptintowebpagesviewedbyotherusers. A. B. C. D.

LDAPInjectionattack Cross-SiteScripting(XSS) SQLinjectionattack Cross-SiteRequestForgery(CSRF)

Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 4 UserAiswritingasensitiveemailmessagetouserBoutsidethelocalnetwork.UserAhaschosentousePKI tosecurehismessageandensureonlyuserBcanreadthesensitiveemail.AtwhatlayeroftheOSIlayer

40625B860D595D76F874EF86ABE14545

doestheencryptionanddecryptionofthemessagetakeplace? A. B. C. D.

Application Transport Session Presentation

Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 5 Anewwirelessclientisconfiguredtojoina802.11network.Thisclientusesthesamehardwareandsoftware asmanyoftheotherclientsonthenetwork.Theclientcanseethenetwork,butcannotconnect.Awireless packetsniffershowsthattheWirelessAccessPoint(WAP)isnotrespondingtotheassociationrequestsbeing sentbythewirelessclient.Whatisapossiblesourceofthisproblem? A. B. C. D.

TheWAPdoesnotrecognizetheclient’sMACaddress TheclientcannotseetheSSIDofthewirelessnetwork Clientisconfiguredforthewrongchannel ThewirelessclientisnotconfiguredtouseDHCP

Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 6 IfyouwanttoonlyscanfewerportsthanthedefaultscanusingNmaptool,whichoptionwouldyouuse? A. B. C. D.

-r -F -P -sP

Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 7 Whichofthefollowingisthestructuredesignedtoverifyandauthenticatetheidentityofindividualswithinthe enterprisetakingpartinadataexchange? A. B. C. D.

SOA biometrics singlesignon PKI

40625B860D595D76F874EF86ABE14545

Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 8 Youaretaskedtoperformapenetrationtest.Whileyouareperforminginformationgathering,youfindan employeelistinGoogle.Youfindthereceptionist’semail,andyousendheranemailchangingthesource emailtoherboss’semail(boss@company).Inthisemail,youaskforapdfwithinformation.Shereadsyour emailandsendsbackapdfwithlinks.Youexchangethepdflinkswithyourmaliciouslinks(theselinkscontain malware)andsendbackthemodifiedpdf,sayingthatthelinksdon’twork.Shereadsyouremail,opensthe links,andhermachinegetsinfected.Younowhaveaccesstothecompanynetwork.Whattestingmethoddid youuse? A. B. C. D.

Socialengineering Piggybacking Tailgating Eavesdropping

Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 9 Ifatesterisattemptingtopingatargetthatexistsbutreceivesnoresponseoraresponsethatstatesthe destinationisunreachable,ICMPmaybedisabledandthenetworkmaybeusingTCP.Whichotheroption couldthetesterusetogetaresponsefromahostusingTCP? A. B. C. D.

Traceroute Hping TCPping Broadcastping

Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 10 WhichisthefirststepfollowedbyVulnerabilityScannersforscanninganetwork? A. B. C. D.

OSDetection Firewalldetection TCP/UDPPortscanning Checkingiftheremotehostisalive

Correct Answer: D Section: (none)

40625B860D595D76F874EF86ABE14545

Explanation Explanation/Reference: QUESTION 11 WhichofthefollowingprogramsisusuallytargetedatMicrosoftOfficeproducts? A. B. C. D.

Polymorphicvirus Multipartvirus Macrovirus Stealthvirus

Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 12 Inaninternalsecurityaudit,thewhitehathackergainscontroloverauseraccountandattemptstoacquire accesstoanotheraccount'sconfidentialfilesandinformation.Howcanheachievethis? A. B. C. D.

PrivilegeEscalation Shoulder-Surfing HackingActiveDirectory PortScanning

Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 13 AtechnicianisresolvinganissuewhereacomputerisunabletoconnecttotheInternetusingawireless accesspoint.Thecomputerisabletotransferfileslocallytoothermachines,butcannotsuccessfullyreachthe Internet.WhenthetechnicianexaminestheIPaddressanddefaultgatewaytheyarebothonthe 192.168.1.0/24.Whichofthefollowinghasoccurred? A. B. C. D.

ThecomputerisnotusingaprivateIPaddress. ThegatewayisnotroutingtoapublicIPaddress. Thegatewayandthecomputerarenotonthesamenetwork. ThecomputerisusinganinvalidIPaddress.

Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 14 IdentifytheUDPportthatNetworkTimeProtocol(NTP)usesasitsprimarymeansofcommunication?

40625B860D595D76F874EF86ABE14545

A. B. C. D.

113 69 123 161

Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 15 Duetoaslowdownofnormalnetworkoperations,theITdepartmentdecidedtomonitorinternettrafficforallof theemployees.Fromalegalstandpoint,whatwouldbetroublesometotakethiskindofmeasure? A. B. C. D.

Alloftheemployeeswouldstopnormalworkactivities ITdepartmentwouldbetellingemployeeswhothebossis Notinformingtheemployeesthattheyaregoingtobemonitoredcouldbeaninvasionofprivacy. Thenetworkcouldstillexperiencetrafficslowdown.

Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 16 Whichofthefollowingtoolsperformscomprehensivetestsagainstwebservers,includingdangerousfilesand CGIs? A. B. C. D.

Nikto JohntheRipper Dsniff Snort

Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 17 Anincidentinvestigatoraskstoreceiveacopyoftheeventlogsfromallfirewalls,proxyservers,andIntrusion DetectionSystems(IDS)onthenetworkofanorganizationthathasexperiencedapossiblebreachofsecurity. Whentheinvestigatorattemptstocorrelatetheinformationinallofthelogs,thesequenceofmanyofthe loggedeventsdonotmatchup. Whatisthemostlikelycause? A. Thenetworkdevicesarenotallsynchronized. B. Properchainofcustodywasnotobservedwhilecollectingthelogs. C. Theattackeralteredorerasedeventsfromthelogs.

40625B860D595D76F874EF86ABE14545

D. Thesecuritybreachwasafalsepositive. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 18 DNScachesnoopingisaprocessofdeterminingifthespecifiedresourceaddressispresentintheDNScache records.Itmaybeusefulduringtheexaminationofthenetworktodeterminewhatsoftwareupdateresources areused,thusdiscoveringwhatsoftwareisinstalled. WhatcommandisusedtodetermineiftheentryispresentinDNScache? A. B. C. D.

nslookup-fullrecursiveupdate.antivirus.com dnsnooping-rtupdate.antivirus.com nslookup-norecursiveupdate.antivirus.com dns--snoopupdate.antivirus.com

Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 19 WhichofthefollowingisanextremelycommonIDSevasiontechniqueinthewebworld? A. B. C. D.

Spyware Subnetting UnicodeCharacters PortKnocking

Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 20 JohntheRipperisatechnicalassessmenttoolusedtotesttheweaknessofwhichofthefollowing? A. B. C. D.

Passwords Filepermissions Firewallrulesets Usernames

Correct Answer: A Section: (none) Explanation Explanation/Reference:

40625B860D595D76F874EF86ABE14545

QUESTION 21 SomeclientsofTPNQMSAwereredirectedtoamalicioussitewhentheytriedtoaccesstheTPNQMmain site.Bob,asystemadministratoratTPNQMSA,foundthattheywerevictimsofDNSCachePoisoning. WhatshouldBobrecommendtodealwithsuchathreat? A. B. C. D.

Theuseofsecurityagentsinclients’computers TheuseofDNSSEC Theuseofdouble-factorauthentication Clientawareness

Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 22 Duringablack-boxpentestyouattempttopassIRCtrafficoverport80/TCPfromacompromisedweb enabledhost.Thetrafficgetsblocked;however,outboundHTTPtrafficisunimpeded.Whattypeoffirewallis inspectingoutboundtraffic? A. B. C. D.

Circuit Stateful Application PacketFiltering

Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 23 Byusingasmartcardandpin,youareusingatwo-factorauthenticationthatsatisfies A. B. C. D.

Somethingyouareandsomethingyouremember Somethingyouhaveandsomethingyouknow Somethingyouknowandsomethingyouare Somethingyouhaveandsomethingyouare

Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 24 “........isanattacktypeforarogueWi-Fiaccesspointthatappearstobealegitimateoneofferedonthe premises,butactuallyhasbeensetuptoeavesdroponwirelesscommunications.Itisthewirelessversionof thephishingscam.Anattackerfoolswirelessusersintoconnectingalaptopormobilephonetoatainted hotspotbyposingasalegitimateprovider.Thistypeofattackmaybeusedtostealthepasswordsof unsuspectingusersbyeithersnoopingthecommunicationlinkorbyphishing,whichinvolvessettingupa

40625B860D595D76F874EF86ABE14545

fraudulentwebsiteandluringpeoplethere.” Fillintheblankwithappropriatechoice. A. B. C. D.

EvilTwinAttack SinkholeAttack CollisionAttack SignalJammingAttack

Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 25 Aregionalbankhiresyourcompanytoperformasecurityassessmentontheirnetworkafterarecentdata breach.Theattackerwasabletostealfinancialdatafromthebankbycompromisingonlyasingleserver. Basedonthisinformation,whatshouldbeoneofyourkeyrecommendationstothebank? A. B. C. D.

Placeafront-endwebserverinademilitarizedzonethatonlyhandlesexternalwebtraffic Requireallemployeestochangetheiranti-virusprogramwithanewone MovethefinancialdatatoanotherserveronthesameIPsubnet Issuenewcertificatestothewebserversfromtherootcertificateauthority

Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 26 Whattermdescribestheamountofriskthatremainsafterthevulnerabilitiesareclassifiedandthe countermeasureshavebeendeployed? A. B. C. D.

Residualrisk Impactrisk Deferredrisk Inherentrisk

Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 27 Whichofthefollowingisthebestcountermeasuretoencryptingransomwares? A. Usemultipleantivirussoftwares B. Payaransom C. Keepsomegenerationofoff-linebackup

40625B860D595D76F874EF86ABE14545

D. Analyzetheransomwaretogetdecryptionkeyofencrypteddata Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 28 SessionsplicingisanIDSevasiontechniqueinwhichanattackerdeliversdatainmultiple,smallsizedpackets tothetargetcomputer,makingitverydifficultforanIDStodetecttheattacksignatures.Whichtoolcanbe usedtoperformsessionsplicingattacks? A. B. C. D.

tcpsplice Burp Hydra Whisker

Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 29 YouhavesuccessfullycomprisedaserverhavinganIPaddressof10.10.0.5.Youwouldliketoenumerateall machinesinthesamenetworkquickly. WhatisthebestNmapcommandyouwilluse? A. B. C. D.

nmap-T4-q10.10.0.0/24 nmap-T4-F10.10.0.0/24 nmap-T4-r10.10.1.0/24 nmap-T4-O10.10.0.0/24

Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 30 AsaCertifiedEthicalHacker,youwerecontractedbyaprivatefirmtoconductanexternalsecurityassessment throughpenetrationtesting. Whatdocumentdescribesthespecificsofthetesting,theassociatedviolations,andessentiallyprotectsboth theorganization’sinterestandyourliabilitiesasatester? A. B. C. D.

ServiceLevelAgreement ProjectScope RulesofEngagement Non-DisclosureAgreement

Correct Answer: C 40625B860D595D76F874EF86ABE14545

Section: (none) Explanation Explanation/Reference: QUESTION 31 WhichofthefollowingistheBESTwaytodefendagainstnetworksniffing? A. B. C. D.

Usingencryptionprotocolstosecurenetworkcommunications RegisterallmachinesMACAddressinaCentralizedDatabase UseStaticIPAddress RestrictPhysicalAccesstoServerRoomshostingCriticalServers

Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 32 Whichofthefollowingistheleast-likelyphysicalcharacteristictobeusedinbiometriccontrolthatsupportsa largecompany? A. B. C. D.

Irispatterns Voice HeightandWeight Fingerprints

Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 33 AlthoughFTPtrafficisnotencryptedbydefault,whichlayer3protocolwouldallowforend-to-endencryptionof theconnection? A. B. C. D.

SFTP Ipsec SSL FTPS

Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 34 Toreachabankwebsite,thetrafficfromworkstationsmustpassthroughafirewall.Youhavebeenaskedto reviewthefirewallconfigurationtoensurethatworkstationsinnetwork10.10.10.0/24canonlyreachthebank 40625B860D595D76F874EF86ABE14545

website10.20.20.1usinghttps.Whichofthefollowingfirewallrulesmeetsthisrequirement? A. if(sourcematches10.10.10.0/24anddestinationmatches10.20.20.1andportmatches443)thenpermit B. if(sourcematches10.10.10.0/24anddestinationmatches10.20.20.1andportmatches80or443)then permit C. if(sourcematches10.20.20.1anddestinationmatches10.10.10.0/24andportmatches443)thenpermit D. if(sourcematches10.10.10.0anddestinationmatches10.20.20.1andportmatches443)thenpermit Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 35 Jim’scompanyregularlyperformsbackupsoftheircriticalservers.Butthecompanycannotaffordtosend backuptapestoanoff-sitevendorforlong-termstorageandarchiving.Instead,Jim’scompanykeepsthe backuptapesinasafeintheoffice.Jim’scompanyisauditedeachyear,andtheresultsfromthisyear’saudit showariskbecausebackuptapesarenotstoredoff-site.TheManagerofInformationTechnologyhasaplan totakethebackuptapeshomewithhimandwantstoknowwhattwothingshecandotosecurethebackup tapeswhileintransit? A. B. C. D.

Encryptthebackuptapesandtransporttheminalockbox. Degaussthebackuptapesandtransporttheminalockbox. Hashthebackuptapesandtransporttheminalockbox. Encryptthebackuptapesanduseacouriertotransportthem.

Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 36 YouaretheNetworkAdmin,andyougetacomplaintthatsomeofthewebsitesarenolongeraccessible.You trytopingtheserversandfindthemtobereachable.ThenyoutypetheIPaddressandthenyoutryonthe browser,andfindittobeaccessible.ButtheyarenotaccessiblewhenyoutryusingtheURL. Whatmaybetheproblem? A. B. C. D.

TrafficisBlockedonUDPPort53 TrafficisBlockedonTCPPort80 TrafficisBlockedonTCPPort54 TrafficisBlockedonUDPPort80

Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 37 WhichofthefollowingtoolsisusedtodetectwirelessLANsusingthe802.11a/b/g/nWLANstandardsona Linuxplatform?

40625B860D595D76F874EF86ABE14545

A. B. C. D.

Kismet Abel Netstumbler Nessus

Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 38 YouareworkingasaSecurityAnalystinacompanyXYZthatownsthewholesubnetrangeof23.0.0.0/8and 192.168.0.0/8. Whilemonitoringthedata,youfindahighnumberofoutboundconnections.YouseethatIP’sownedbyXYZ (Internal)andprivateIP’sarecommunicatingtoaSinglePublicIP.Therefore,theInternalIP’saresending datatothePublicIP. Afterfurtheranalysis,youfindoutthatthisPublicIPisablacklistedIP,andtheinternalcommunicatingdevices arecompromised. Whatkindofattackdoestheabovescenariodepict? A. B. C. D.

BotnetAttack SpearPhishingAttack AdvancedPersistentThreats RootkitAttack

Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 39 Scenario: 1.Victimopenstheattacker’swebsite. 2.Attackersetsupawebsitewhichcontainsinterestingandattractivecontentlike‘Doyouwanttomake $1000inaday?’. 3.VictimclickstotheinterestingandattractivecontentURL. 4.Attackercreatesatransparent‘iframe’infrontoftheURLwhichthevictimattemptstoclick,sothevictim thinksthathe/sheclicksonthe‘Doyouwanttomake$1000inaday?’URLbutactuallyhe/sheclicksonthe contentorURLthatexistsinthetransparent'iframe'whichissetupbytheattacker. Whatisthenameoftheattackwhichismentionedinthescenario? A. B. C. D.

SessionFixation HTMLInjection HTTPParameterPollution ClickjackingAttack

Correct Answer: D

40625B860D595D76F874EF86ABE14545

Section: (none) Explanation Explanation/Reference: QUESTION 40 AnetworkadministratordiscoversseveralunknownfilesintherootdirectoryofhisLinuxFTPserver.Oneof thefilesisatarball,twoareshellscriptfiles,andthethirdisabinaryfileisnamed“nc.”TheFTPserver’s accesslogsshowthattheanonymoususeraccountloggedintotheserver,uploadedthefiles,andextracted thecontentsofthetarballandranthescriptusingafunctionprovidedbytheFTPserver’ssoftware.Theps commandshowsthatthencfileisrunningasprocess,andthenetstatcommandshowsthencprocessis listeningonanetworkport. Whatkindofvulnerabilitymustbepresenttomakethisremoteattackpossible? A. B. C. D.

F...