ITdumpsFree. Get free valid exam dumps and pass your exam test with confidence

Transcription

1 ITdumpsFree Get free valid exam dumps and pass your exam test with confidence

2 Exam : v10 Title : Certified Ethical Hacker Exam (CEH v10) Vendor : EC-COUNCIL Version : DEMO Get Latest & Valid v10 Exam's Question and Answers 1 from Itdumpsfree.com. 1

3 NO.1 The tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what? A. Security incident and event Monitoring B. Vulnerability Scanner C. network Sniffer D. Intrusion prevention Server NO.2 You are a Network Security Officer. You have two machines. The first machine ( ) has snort installed, and the second machine ( ) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What wireshark filter will show the connections from the snort machine to kiwi syslog machine? A. tcp.dstport==514 && ip.dst== /16 B. tcp.srcport==514 && ip.src== C. tcp.srcport==514 && ip.src== D. tcp.dstport==514 && ip.dst== Answer: D We need to configure destination port at destination ip. The destination ip is , where the kiwi syslog is installed. References: NO.3 How is sniffing broadly categorized? A. Broadcast and unicast B. Active and passive C. Unmanaged and managed D. Filtered and unfiltered NO.4 Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'. What technique is Ricardo using? A. Steganography B. RSA algorithm C. Public-key cryptography D. Encryption Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. Get Latest & Valid v10 Exam's Question and Answers 2 from Itdumpsfree.com. 2

4 References: NO.5 There are several ways to gain insight on how a cryptosystem works with the goal of reverse engineering the process. A term describes when two pieces of data result in the same value is? A. Polymorphism B. Collision C. Escrow D. Collusion NO.6 An organization hires a tester to do a wireless penetration test. Previous reports indicate that the last test did not contain management or control packets in the submitted traces. Which of the following is the most likely reason for lack of management or control packets? A. The wrong network card drivers were in use by Wireshark. B. Certain operating systems and adapters do not collect the management or control packets. C. On Linux and Mac OS X, only headers are received in promiscuous mode. D. The wireless card was not turned on. NO.7 Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)? A. CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset. B. CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide. C. CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad. D. CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations. NO.8 Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports? A. Fair and Accurate Credit Transactions Act (FACTA) B. Sarbanes-Oxley Act (SOX) C. Federal Information Security Management Act (FISMA) D. Gramm-Leach-Bliley Act (GLBA) NO.9 While performing ping scans into a target network you get a frantic call from the organization's security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization's IDS monitor. Get Latest & Valid v10 Exam's Question and Answers 3 from Itdumpsfree.com. 3

5 How can you modify your scan to prevent triggering this event in the IDS? A. Spoof the source IP address. B. Do not scan the broadcast IP. C. Scan more slowly. D. Only scan the Windows systems. NO.10 If you are to determine the attack surface of an organization, which of the following is the BEST thing to do? A. Training employees on the security policy regarding social engineering B. Reviewing the need for a security clearance for each employee C. Using configuration management to determine when and where to apply security patches D. Running a network scan to detect network services in the corporate DMZ Answer: D NO.11 It is a widely used standard for message logging. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. This protocol is specifically designed for transporting event messages. Which of the following is being described? A. ICMP B. SNMP C. SYSLOG D. SMS Answer: C NO.12 This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data. What is this attack? A. SQL Injection B. URL Traversal attack C. Cross-site-scripting attack D. Buffer Overflow attack Answer: C NO.13 Which regulation defines security and privacy controls for Federal information systems and organizations? A. NIST B. PCI-DSS C. HIPAA D. EU Safe Harbor Get Latest & Valid v10 Exam's Question and Answers 4 from Itdumpsfree.com. 4

6 NIST Special Publication , "Security and Privacy Controls for Federal Information Systems and Organizations," provides a catalog of security controls for all U.S. federal information systems except those related to national security. References: NO.14 Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!" From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact. No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed in his browser to reveal the following web page: After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack? A. SQL injection B. ARP spoofing C. Routing table injection D. DNS poisoning Answer: D NO.15 Which command line switch would be used in NMAP to perform operating system detection? A. -O B. -sp C. -OS D. -so NO.16 You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs? A. The zombie you are using is not truly idle. B. A stateful inspection firewall is resetting your queries. Get Latest & Valid v10 Exam's Question and Answers 5 from Itdumpsfree.com. 5

7 C. Hping2 cannot be used for idle scanning. D. These ports are actually open on the target system. NO.17 What kind of risk will remain even if all theoretically possible safety measures would be applied? A. Residual risk B. Impact risk C. Deferred risk D. Inherent risk NO.18 Which of the following is a protocol specifically designed for transporting event messages? A. SNMP B. SMS C. SYSLOG D. ICMP Answer: C syslog is a standard for message logging. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the software type generating the message, and assigned a severity label. References: NO.19 How does the Address Resolution Protocol (ARP) work? A. It sends a reply packet for a specific IP, asking for the MAC address. B. It sends a reply packet to all the network elements, asking for the MAC address from a specific IP. C. It sends a request packet to all the network elements, asking for the domain name from a specific IP. D. It sends a request packet to all the network elements, asking for the MAC address from a specific IP. Answer: D When an incoming packet destined for a host machine on a particular local area network arrives at a gateway, the gateway asks the ARP program to find a physical host or MAC address that matches the IP address. The ARP program looks in the ARP cache and, if it finds the address, provides it so that the packet can be converted to the right packet length and format and sent to the machine. If no entry is found for the IP address, ARP broadcasts a request packet in a special format to all the machines on the LAN to see if one machine knows that it has that IP address associated with it. A machine that recognizes the IP address as its own returns a reply so indicating. ARP updates the ARP cache for future reference and then sends the packet to the MAC address that replied. References: Get Latest & Valid v10 Exam's Question and Answers 6 from Itdumpsfree.com. 6

8 NO.20 Identify the correct terminology that defines the above statement. A. Designing Network Security B. Vulnerability Scanning C. Penetration Testing D. Security Policy Implementation Answer: C Get Latest & Valid v10 Exam's Question and Answers 7 from Itdumpsfree.com. 7