NEW QUESTION 1

Which DNS resource record can indicate how long any "DNS poisoning" could last?

• A. MX
• B. SOA
• C. NS
• D. TIMEOUT

Answer: B

NEW QUESTION 2

Study the snort rule given below and interpret the rule. alert tcp any any --> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msG. "mountd access";)

• A. An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111
• B. An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet
• C. An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet
• D. An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111

Answer: D

NEW QUESTION 3

Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. This further allows the transmission of web-service requests and response messages using different TCP connections. Which of the following attack techniques is used by Stella to compromise the web services?

• A. XML injection
• B. WS-Address spoofing
• C. SOAPAction spoofing
• D. Web services parsing attacks

Answer: B

Explanation:
WS-Address provides additional routing information in the SOAP header to support asynchronous communication. This technique allows the transmission of web service requests and response messages using different TCP connections
https://www.google.com/search?client=firefox-b-d&q=WS-Address+spoofing CEH V11 Module 14 Page 1896

NEW QUESTION 4

An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's machines to detect which ports are attached to services such as an email server, a web server or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests. What is the type of vulnerability assessment solution that James employed in the above scenario?

• A. Product-based solutions
• B. Tree-based assessment
• C. Service-based solutions
• D. inference-based assessment

Answer: D

Explanation:
In an inference-based assessment, scanning starts by building an inventory of the protocols found on the machine. After finding a protocol, the scanning process starts to detect which ports are attached to services, such as an email server, web server, or database server. After finding services, it selects vulnerabilities on each machine and starts to execute only those relevant tests.

NEW QUESTION 5

Which definition among those given below best describes a covert channel?

• A. A server program using a port that is not well known.
• B. Making use of a protocol in a way it is not intended to be used.
• C. It is the multiplexing taking place on a communication link.
• D. It is one of the weak channels used by WEP which makes it insecure

Answer: B

NEW QUESTION 6

env x=’(){ :;};echo exploit’ bash –c ‘cat/etc/passwd’
What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

• A. Removes the passwd file
• B. Changes all passwords in passwd
• C. Add new user to the passwd file
• D. Display passwd content to prompt

Answer: D

NEW QUESTION 7

infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology?

• A. Reconnaissance
• B. Maintaining access
• C. Scanning
• D. Gaining access

Answer: D

Explanation:
This phase having the hacker uses different techniques and tools to realize maximum data from the system.
they’re –• Password cracking – Methods like Bruteforce, dictionary attack, rule-based attack, rainbow table a used. Bruteforce is trying all combinations of the password. Dictionary attack is trying an inventory of meaningful words until the password matches. Rainbow table takes the hash value of the password and compares with pre-computed hash values until a match is discovered.• Password attacks – Passive attacks like wire sniffing, replay attack. Active online attack like Trojans, keyloggers, hash injection, phishing. Offline attacks like pre-computed hash, distributed network and rainbow. Non electronic attack like shoulder surfing, social engineering and dumpster diving.

NEW QUESTION 8


Identify the correct terminology that defines the above statement.

• A. Vulnerability Scanning
• B. Penetration Testing
• C. Security Policy Implementation
• D. Designing Network Security

Answer: B

NEW QUESTION 9

One of your team members has asked you to analyze the following SOA record.
What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)

• A. 200303028
• B. 3600
• C. 604800
• D. 2400
• E. 60
• F. 4800

Answer: D

NEW QUESTION 10

Which of the following is a low-tech way of gaining unauthorized access to systems?

• A. Social Engineering
• B. Eavesdropping
• C. Scanning
• D. Sniffing

Answer: A

NEW QUESTION 11

Fingerprinting an Operating System helps a cracker because:

• A. It defines exactly what software you have installed
• B. It opens a security-delayed window based on the port being scanned
• C. It doesn't depend on the patches that have been applied to fix existing security holes
• D. It informs the cracker of which vulnerabilities he may be able to exploit on your system

Answer: D

NEW QUESTION 12

what is the port to block first in case you are suspicious that an loT device has been compromised?

• A. 22
• B. 443
• C. 48101
• D. 80

Answer: C

Explanation:
TCP port 48101 uses the Transmission management Protocol. transmission control protocol is one in all the most protocols in TCP/IP networks. transmission control protocol could be a connection-oriented protocol, it needs acknowledgement to line up end-to-end communications. only a association is about up user’s knowledge may be sent bi-directionally over the association.
Attention! transmission control protocol guarantees delivery of knowledge packets on port 48101 within the same order during which they were sent. bonded communication over transmission control protocol port 48101 is that the main distinction between transmission control protocol and UDP. UDP port 48101 wouldn’t have bonded communication as transmission control protocol.
UDP on port 48101 provides Associate in Nursing unreliable service and datagrams might arrive duplicated, out of order, or missing unexpectedly. UDP on port 48101 thinks that error checking and correction isn’t necessary or performed within the application, avoiding the overhead of such process at the network interface level.
UDP (User Datagram Protocol) could be a borderline message-oriented Transport Layer protocol (protocol is documented in IETF RFC 768).
Application examples that always use UDP: vocalisation IP (VoIP), streaming media and period multiplayer games. several internet applications use UDP, e.g. the name System (DNS), the Routing info Protocol (RIP), the Dynamic Host Configuration Protocol (DHCP), the straightforward Network Management Protocol (SNMP).

NEW QUESTION 13

You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user’s password or activate disabled Windows accounts?

• A. John the Ripper
• B. SET
• C. CHNTPW
• D. Cain & Abel

Answer: C

NEW QUESTION 14

Which of the following is the primary objective of a rootkit?

• A. It opens a port to provide an unauthorized service
• B. It creates a buffer overflow
• C. It replaces legitimate programs
• D. It provides an undocumented opening in a program

Answer: C

NEW QUESTION 15

Which system consists of a publicly available set of databases that contain domain name registration contact information?

• A. WHOIS
• B. CAPTCHA
• C. IANA
• D. IETF

Answer: A

NEW QUESTION 16

Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.
Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.
In this context, what can you say?

• A. Bob can be right since DMZ does not make sense when combined with stateless firewalls
• B. Bob is partially righ
• C. He does not need to separate networks if he can create rules by destination IPs, one by one
• D. Bob is totally wron
• E. DMZ is always relevant when the company has internet servers and workstations
• F. Bob is partially righ
• G. DMZ does not make sense when a stateless firewall is available

Answer: C

NEW QUESTION 17
......