Introduction to Certified Ethical Hacker certification
|
|
- Beryl Patterson
- 6 years ago
- Views:
Transcription
1 Cleveland Institute of Electronics Bookstore Course Introduction to Certified Ethical Hacker certification Lessons 1141B through 1150B Enroll Online For Version 7.1
2 1 Table of Contents Chat with Your Instructor... 2 Chapter 1 Ethical Hacking... 3 Chapter 2 Footprinting and Reconnaissance... 4 Lesson 1141B Examination... 5 Chapter 3 Scanning... 7 Chapter 4 Enumeration... 8 Lesson 1142B Examination... 9 Chapter 5 System Hacking Lesson 1143B Examination Chapter 6 Trojans and Backdoors Chapter 7 Viruses and Worms Lesson 1144B Examination Chapter 8 Sniffers Lesson 1145B Examination Chapter 9 Social Engineering Chapter 10 Denial of Service Lesson 1146B Examination Chapter 11 Web Servers and Applications Lesson 1147B Examination Chapter 12 Hacking Wireless Networks Lesson 1148B Examination Chapter 13 IDS, Firewalls, and Honeypots Chapter 14 Buffer Overflows Lesson 1149B Examination Chapter 15 Cryptography Chapter 16 Penetration Testing Lesson 1150B Examination... 37
3 2 Chat with Your Instructor This Study Guide will offer some suggestions about how to cover the material in the class. One of the things you should know, regardless of the class you are taking, is that the instructor can t be the sole repository of information for the class and neither can the textbook. Technology simply moves too quickly for that to be a viable option. There is a whole Internet out there. Chances are, someone, somewhere has encountered whatever problem you are having and has solved it. And chances are, someone who has solved your problem has posted the solution on the web. It might not be the exact solution, but it will get you moving toward solving the problem. Having said that, the vaguer an assignment is, the more you will learn from it. The author of the text will walk you through some possible attacks, which will help you to, at the minimum, harden your systems and inform your users. The tutorial sections sprinkled throughout the chapters are very much like this. We do not want to inhibit you in any way if possible; we want you to think what needs to be improved. Of course, there are always students who need more direction and will need to be dealt with individually. Nevertheless, this is college. Students need to explore not be led by the nose step by step. This book assumes that you have knowledge of basic computer and network terminology. It also is not going to make you a hacker, nor is it enough knowledge for a guarantee that you can sit for the exam. The one thing we want to make perfectly clear is that this course is designed to introduce, not make proficient. It uses one of the resources prepared by EC-Council for the exam, but it is not directly associated with them. It is our attempt to round your knowledge and maybe cause you to want to learn more about the topics inside. If you have a technical problem, we recommend the following: First, check the textbook that accompanies the study guide. Research some of the information at the appropriate websites (a search using the key terms may also be helpful.) Feel free to call the instruction department during business hours (8:30 AM to 6 PM Eastern time), Monday through Friday, and Saturday during the weekend hours (8:30 AM to 5 PM Eastern time). Be prepared to describe which lesson you are working on and the problem you are having. Instructional Support Addresses and Phone Numbers Main Support Help Line: (800) or (216) address: faculty@cie-wc.edu Instructional Support is available business hours (Eastern time) Monday through Saturday. Mailing address: Cleveland Institute of Electronics 1776 East 17 th Street Cleveland, OH 44114
4 3 Chapter 1 Ethical Hacking Overview The first chapter of a broad ranging information security course is always about setting the tone, and establishing the fundamentals such as vocabulary, context, and most of all, why this information is important. It also discusses some of the basic legal issues and moral dilemmas that security researchers face as they practice in this profession. Objectives Understand the issues plaguing the information security world Gain knowledge on various hacking terminologies Learn the basic elements of information security To be successful in this lesson: Read Chapter 1 Read Study Guide for Lesson 1141B Study the Key Terms (italicized throughout the chapter) Complete and check Practice Exam Questions on pages 251 through 253 (Answers on pages 298 & 299) If you have the resources available to you please complete the Try It Out activities throughout the chapter for it will benefit your learning potential. Once you have completed the next chapter and the exam continue to the next lesson.
5 4 Overview Chapter 2 Footprinting and Reconnaissance The first step of any attack is reconnaissance and information gathering. This chapter goes beyond the obvious and provides a checklist of ways to learn as much as possible about a target. Using both passive and active techniques, this is the most important step of the attack process. Objectives Understand the term Footprinting Learn the areas and information that hackers seek Gain knowledge on information gathering tools and methodology To be successful in this lesson: Read Chapter 2 Read Study Guide for Lesson 1141B Study the Key Terms (italicized throughout the chapter) Complete and check Practice Exam Questions on pages 253 through 256 (Answers on pages 299 & 300) If you have the resources available to you please complete the Try It Out activities throughout the chapter for it will benefit your learning potential. Once you have completed the exam, continue to the next lesson.
6 5 Lesson 1141B Examination Please complete the following exam. You may use the electronic grading system for quicker response. Simply log on to and enter your credentials. Once the exam has been submitted, your results will be returned within 72 hours. You may also your answers to or fax them to us at If you have any questions, please contact the Instruction Department. 1. This vulnerability test is ordered when the client wants the most realistic type of test possible. (1) Red Hat test (3) Grey Hat test (2) Black Hat test (4) White Hat test 2. When considering the types of attack listed below, which would be considered the most dangerous? (1) Malicious code attacks (3) Social Engineering attacks (2) Application level attacks (4) Network-based attacks 3. The best attacks often exploit known bugs or flaws. (1) True (2) False 4. Which term best describes students enrolled in an Ethical Hacker class? (1) Black Hat (3) White Hat (2) Grey Hat (4) None of these 5. Which of these choices would NOT be considered an attack? (1) Violating the terms of a warning banner (2) Intentionally gaining unauthorized access (3) Compromising a weak password to gain access (4) All of these are attacks 6. Which of these choices is the least important during the footprinting stage? (1) Creative Internet searches (2) Basic Internet searches (3) Determine what discoveries are important (4) Learn as much about the target as possible 7. This field increments by one each time the zone is updated. (1) Refresh Rate (3) Serial Number (2) Retry Timer (4) Expiry Timer 8. This is how long the secondary server will wait until before considering a zone to be dead. (1) Refresh Rate (3) Serial Number (2) Retry Timer (4) Expiry Timer
7 6 9. This Google hacking technique looks for potential numerical patterns within a query in order to guess at files in locations that are not indexed. (1) Find directory listings (3) Directory services (2) Incremental substitution (4) Extension renaming 10. TOE is the acronym for. (1) Trail of Evidence (3) Terms of Exchange (2) Target of Ease (4) Target of Evaluation END OF EXAMINATION
8 7 Chapter 3 Scanning Overview Once the attacker knows the outside addresses and, if possible, the inside topology, the network must be footprinted and all operating systems and services identified and verified. This is a difficult step, as defenses such as traffic filters and intrusion response systems will affect the attacker s view of the network and opportunities for attack. Technical knowledge of scanning techniques, the protocols involved and why the network looks different to an attacker than it does to an designer, engineer, or administrator are covered in this chapter. Objectives Understand the term port scanning, network scanning and vulnerability scanning Understand the objectives of scanning Understand banner grabbing using OS fingerprinting, Active Stack Fingerprinting, Passive Fingerprinting and other techniques and tools To be successful in this lesson: Read Chapter 3 Read Study Guide for Lesson 1142B Study the Key Terms (italicized throughout the chapter) Complete and check Practice Exam Questions on pages 256 through 259 (Answers on pages 300 & 301) If you have the resources available to you please complete the Try It Out activities throughout the chapter for it will benefit your learning potential. Once you have completed the next chapter and the exam continue to the next lesson.
9 8 Chapter 4 Enumeration Overview Once the attacker knows the outside addresses and, if possible, the inside topology, the network must be The attacker is getting eager to start doing some damage, but the disciplined ones know there is still some work to be done. The live hosts, access points, and roles each host has needs to be understood better. The enumeration chapter is about user accounts and logical topologies. In order to develop a real strategy, the attacker must know what is happening above Layer 4. Objectives Learn the system hacking cycle Understand Enumeration and its techniques Understand null sessions and its countermeasures To be successful in this lesson: Read Chapter 4 Read Study Guide for Lesson 1142B Study the Key Terms (italicized throughout the chapter) Complete and check Practice Exam Questions on pages 259 through 262 (Answers on pages 301 & 302) If you have the resources available to you please complete the Try It Out activities throughout the chapter for it will benefit your learning potential. Once you have completed the exam, continue to the next lesson.
10 9 Lesson 1142B Examination Please complete the following exam. You may use the electronic grading system for quicker response. Simply log on to and enter your credentials. Once the exam has been submitted, your results will be returned within 72 hours. You may also your answers to or fax them to us at If you have any questions, please contact the Instruction Department. 1. A TCP session is established when two hosts complete a handshake, but two other fields are also included in in keeping the session organized. Those two fields are and. (1) Target port number (5) Both 1 and 2 (2) Acknowledgement number (6) Both 1 and 3 (3) Synchronization number (7) Both 2 and 4 (4) Sequence number (8) Both 2 and 3 2. Using inverse scanning methods, Microsoft Windows hosts will respond with this flag when confusing traffic is received on an open port. (1) SYN (4) URG (2) ACK (5) PSH (3) FIN (6) RST 3. This message type is sent out on the internal local network segment to discover responders. (1) Maintenance (3) Sequenced (2) Broadcast (4) Ping 4. Echo requests are sent out during an ICMP scan; at the same time echo replies are anticipated. Which type and code represents an Echo reply? (1) Type 0 code 8 (3) Type 8 code 0 (2) Type 0 code 0 (4) Type 8 code 8 5. The protocol responsible for translating the logical network address into the physical address is. (1) ARP (3) MAC (2) RFC (4) ICMP 6. Using LDAP, this identifies a user object uniquely. (1) UIN (3) DUN (2) OID (4) DN 7. Which value is the most restrictive when considering the three possible values for the RestrictAnonymous key? (1) 1 (3) 3 (2) 2 (4) 0
11 10 8. Which port will be used when running SMB over TCP/IP on a PC running a Microsoft OS when NetBT is disabled? (1) 445 (3) 139 (2) 389 (4) In an attack using SNMP for enumeration, the highest level objective would be to access the. (1) NMS (3) OID (2) MIB (4) All are correct 10. Which of these could be used to administer LDAP? (1) MMC (3) Ldap.exe (2) Jxplorer (4) All could be used END OF EXAMINATION
12 11 Chapter 5 System Hacking Overview Finally, the target is well enough understood to begin the gaining access and mainlining access phases. Perhaps a privileged user account can be compromised. Maybe economic espionage is possible. The attacker may have noticed unpatched systems exist that can be attacked from commonly available exploit tools. This chapter explores these vectors in detail. Objectives Understand the different types of passwords Identify the different types of password attacks Identify password cracking techniques as well as countermeasures To be successful in this lesson: Read Chapter 3 Read Study Guide for Lesson 1143B Study the Key Terms (italicized throughout the chapter) Complete and check Practice Exam Questions on pages 262 through 265 (Answers on pages 302 & 303) If you have the resources available to you please complete the Try It Out activities throughout the chapter for it will benefit your learning potential. Once you have completed the exam, continue to the next lesson.
13 12 Lesson 1143B Examination Please complete the following exam. You may use the electronic grading system for quicker response. Simply log on to and enter your credentials. Once the exam has been submitted, your results will be returned within 72 hours. You may also your answers to or fax them to us at If you have any questions, please contact the Instruction Department. 1. Which of these identifies the practice of hiding information inside other information in a manner usually undetected by eye? (1) $Data stream (3) Encryption (2) Steganography (4) ADS 2. Rootkits provide root privileges automatically. (1) True (2) False 3. Which of these is considered a passive type of attack? (1) Password sniffing (4) Session Hijacking (2) Password guessing (5) Document shredding (3) Replay 4. An attack that substitutes predetermined characters such as S with alternates such as $ using regular expressions is known as a(n) attack. (1) Syllable (3) Rule-based (2) Brute force (4) Hybrid 5. The most effective way of exploiting the primary weakness of the hashing algorithm in passwords stored as hashes is. (1) Hash reversal (3) Collision (2) Substitution (4) None of these is effective 6. This data protection type is considered the easiest way to implement and manage. (1) Smart Cards (3) Keys (2) Passwords (4) USB keys 7. Which of these is not one of the three different types of privilege escalation? (1) Horizontal (3) De-escalation (2) Vertical (4) SIUD 8. Which of these is considered the most efficient and effective active online attack? (1) Replay (3) Password sniffing (2) Password guessing (4) Man-in-the-Middle 9. Which of these implementations uses the MD5 hashing algorithm? (1) Kerberos (3) LM (2) NTLMv2 (4) All of them use it
14 Which location would not store passwords on a Windows host? (1) Shadow file (3) Repair file (2) SAM file (4) The registry END OF EXAMINATION
15 14 Chapter 6 Trojans and Backdoors Overview If it is hard to attack the target directly, maybe the target will come to the attacker. This chapter builds on the system hacking chapter and shows how techniques can be combined together to gain and maintain access to systems. The chapter explores one of the oldest yet still very much relevant daily security concerns. Objectives Define a Trojan Identify overt and covert channels Learn windows start up monitoring tools To be successful in this lesson: Read Chapter 6 Read Study Guide for Lesson 1144B Study the Key Terms (italicized throughout the chapter) Complete and check Practice Exam Questions on pages 265 through 268 (Answers on pages 304 & 305) If you have the resources available to you please complete the Try It Out activities throughout the chapter for it will benefit your learning potential. Once you have completed the next chapter and the exam continue to the next lesson.
16 15 Chapter 7 Viruses and Worms Overview If hosts that are of value to the attacker cannot be precisely targeted, the strategy may turn to attacking as many as possible, in the shortest amount of time, to the greatest effect. If one piece of code can be written that will then do all the work for the attacker, all the better. Knowing there are others in the world that will capture your code, create a variant, and sent it back out may amplify the results. This chapter explores a category of automated, self-powered attacks. Objectives Understand the computer virus and its history Understand how does a computer get infected by viruses Understand the difference between a virus and a worm To be successful in this lesson: Read Chapter 7 Read Study Guide for Lesson 1144B Study the Key Terms (italicized throughout the chapter) Complete and check Practice Exam Questions on pages 268 through 271 (Answers on pages 305 & 306) If you have the resources available to you please complete the Try It Out activities throughout the chapter for it will benefit your learning potential. Once you have completed the exam, continue to the next lesson.
17 16 Lesson 1144B Examination Please complete the following exam. You may use the electronic grading system for quicker response. Simply log on to and enter your credentials. Once the exam has been submitted, your results will be returned within 72 hours. You may also your answers to or fax them to us at If you have any questions, please contact the Instruction Department. 1. Programs that perform operations like opening the CD tray, changing the desktop image or the screen resolution are considered this type of tool. (1) Lamer (3) Bot (2) Desktop control (4) Reverse shell 2. Which of these is not a CEH recognized category of malicious programs? (1) Viruses (3) Malware (2) Worms (4) Trojans and rootkits 3. This freeware tool is included in Windows to control and manage startup. (1) Winpatrol (3) Msconfig (2) Hijack This (4) Autoruns 4. A program that appears to perform desirable and necessary functions but performs other functions that are not known or needed are known as. (1) Rootkit (3) Backdoor (2) Malicious software (4) Trojan 5. Installs an illicit server on the victim and then accesses from a client. (1) Remote Access Trojan (3) Data Sending Trojan (2) Denial of Service Trojan (4) FTP Trojan 6. A type of social engineering attack that is designed to waste the time of victims and consume network bandwidth when these users news of the threat is called a. (1) Network virus (3) Hoax (2) Stealth virus (4) MBR virus 7. This statement represents a worm more than a virus. (1) Difficult to remove without damaging the system (2) Executes itself and can include its own spreader (3) Requires a user initiated event to spread and needs a carrier (4) Typically effects executable files; can hide in media files 8. This was the first working virus found in the wild. (1) Elk Clone (3) Creeper (2) Reaper (4) Wabbit
18 17 9. The hides from the antivirus software and copies itself to a temporary location, leaving infected files to be clean when scanned. (1) Network virus (3) Hoax (2) Stealth virus (4) MBR virus 10. The overwrites the instructions at the disk location Cylinder 0, Head 0, Sector 1 and then copies itself into RAM and onto other disks. (1) Network virus (3) Hoax (2) Stealth virus (4) MBR virus END OF EXAMINATION
19 18 Chapter 8 Sniffers Overview Observing traffic is a piece of the puzzle between all of the techniques explored so far. It can be used for information gathering, compromising sensitive data, or as a step in a sophisticated control technique. On the defensive side, sniffing is a powerful troubleshooting, analysis, and testing technique. This chapter shows how to make the rest of the information in this course observable to the most detailed level. It shows how the importance of understanding the higher-level concepts such as protocols and the expected events of a technique can lead the way to both more efficient attacks and more efficient countermeasures. Objectives Understand sniffing and protocols vulnerable to it Understand Address Resolution Protocol (ARP) Understand what is Session Hijacking Spoofing vs. Hijacking To be successful in this lesson: Read Chapter 8 Read Study Guide for Lesson 1145B Study the Key Terms (italicized throughout the chapter) Complete and check Practice Exam Questions on pages 271 through 273 (Answers on pages 306 & 307) If you have the resources available to you please complete the Try It Out activities throughout the chapter for it will benefit your learning potential. Once you have completed the exam, continue to the next lesson.
20 19 Lesson 1145B Examination Please complete the following exam. You may use the electronic grading system for quicker response. Simply log on to and enter your credentials. Once the exam has been submitted, your results will be returned within 72 hours. You may also your answers to or fax them to us at If you have any questions, please contact the Instruction Department. 1. A promiscuous mode driver tells the NIC to ignore this much of the first bits of the Layer 2 frame header. (1) 12 (3) 48 (2) 24 (4) Which of these is considered a passive sniffing technique? (1) Mac duplicating (3) Arp poisoning (2) MAC flooding (4) None of these 3. Protocol tracers are also called. (1) Sniffers (3) Sharks (2) Tracers (4) Filters 4. The technique that uses gratuitous ARP to distribute spoofed information is. (1) Mac duplicating (3) Arp poisoning (2) MAC flooding (4) None of these 5. Using the information a switch stores regarding network connectivity, it is possible to send sufficient traffic to force the switch into fail safe or hub mode. The name of this process is. (1) Mac duplicating (3) Arp poisoning (2) MAC flooding (4) None of these 6. This is a security method that tests the ability of the human eye to interpret an image of a deliberately distorted word. (1) Captchas (3) Gotchas (2) Backatchas (4) Fuzzies 7. Which of these is not one of the three server supported authentication methods? (1) Application (3) Disk (2) Basic (4) Volume 8. This protocol implementation supports state. (1) HTTP1.0 (3) HTTP2.0 (2) HTTP1.1 (4) All support state
21 20 9. Protection imposed by an application can be circumvented by modifying either the source code or the URL for the page and then reloading or resubmitting it. (1) True (2) False 10. The attack called was originally known as CSS. (1) CSX (3) CXS (2) CMS (4) XSS END OF EXAMINATION
22 21 Chapter 9 Social Engineering Overview The greatest weakness of any network will be the human element and the most cost effective countermeasure is training. This chapter shows how humans can be deceived, misinformed or led to bad judgment. They can also simply be taken advantage of even if they are not doing anything wrong. Without proper and continuous training, awareness fades quickly and attackers can sense this over time and be attracted to these vulnerable targets. Objectives Understand Social Engineering Identify the different types of social engineering Gain insights on Social Engineering threats and defense To be successful in this lesson: Read Chapter 9 Read Study Guide for Lesson 1146B Study the Key Terms (italicized throughout the chapter) Complete and check Practice Exam Questions on pages 273 through 276 (Answers on pages 307 & 308) If you have the resources available to you please complete the Try It Out activities throughout the chapter for it will benefit your learning potential. Once you have completed the next chapter and the exam continue to the next lesson.
23 22 Chapter 10 Denial of Service Overview Sometimes the objective of an attack is to embarrass the target. Reputation is perhaps the most valuable asset to any organization. Since non- techies don t understand the concept of DoS or DDoS attacks, it is easy to create a sense that a network is not trustworthy simply by making its services inaccessible. There are other reasons for these attacks as well; it might be as simple as an attacker or virus author testing out or proving a theory. This chapter looks at how Denial of Service attacks are set up and how botnets that were possibly setup by worm droppings or socially engineered installations of malware can coordinate in a large scale event. Objectives Understand a Denial of Service Attack Gain insights on Distributed Denial of Service Attacks Assess DoS/DDoS Attack Tools To be successful in this lesson: Read Chapter 10 Read Study Guide for Lesson 1146B Study the Key Terms (italicized throughout the chapter) Complete and check Practice Exam Questions on pages 276 through 279 (Answers on pages 308 & 309) If you have the resources available to you please complete the Try It Out activities throughout the chapter for it will benefit your learning potential. Once you have completed the exam, continue to the next lesson.
24 23 Lesson 1146B Examination Please complete the following exam. You may use the electronic grading system for quicker response. Simply log on to and enter your credentials. Once the exam has been submitted, your results will be returned within 72 hours. You may also your answers to or fax them to us at If you have any questions, please contact the Instruction Department. 1. This type of attack accounts for close to 70% of the socially engineered attack, according to some surveys. (1) Social proof (3) Inside jobs (2) Reverse social engineering (4) None of these 2. This is considered to be the most difficult attack type to execute. (1) Social proof (3) Inside jobs (2) Reverse social engineering (4) None of these 3. The act of gaining sensitive information on a particular company by sifting through the trash is called. (1) Dumpster diving (3) Rectangular research (2) Trash tossing (4) All of these are used 4. This is widely considered the weakest link in network security. (1) WAPs (3) Honeypots (2) Media files (4) Users 5. Which of these would be considered social engineering of physical controls? (1) Piggybacking (3) Tailgating (2) Shoulder surfing (4) All of them 6. A DDoS attack is limited to three levels of hierarchical control. (1) True (2) False 7. Which of these would be considered an IP fragmentation DoS attack tool for use with Windows 2000 and earlier hosts? (1) Land (3) Joltz (2) Targa (4) Bubonic.c 8. This DoS tool sends SYN traffic to the host, spoofing the target itself as the source. (1) Land (3) Joltz (2) Targa (4) Bubonic.c
25 24 9. What is the result if the computer does not have specific instructions on how to deal with a specific input? (1) Kernel panic (2) Buffer overflow (3) All of the above 10. This worm infected 90% of its targets following the first ten minutes of its launch. (1) Slammer (3) Stacheldraht (2) MyDoom (4) Melissa END OF EXAMINATION
26 25 Overview Chapter 11 Web Servers and Applications Web applications are a distinctly difference risk because their owner wants them to be as accessible as possible, unlike internal systems which can be more tightly controlled. This chapter discusses the different levels of exposure: from n-tiered models to platform architecture, as well as the principles behind the most common attacks that take place every day against these systems. Objectives Understand why Web Servers are compromised Understand Web Application Hacking Methodology Examine SQL Injection Attacks To be successful in this lesson: Read Chapter 11 Read Study Guide for Lesson 1147B Study the Key Terms (italicized throughout the chapter) Complete and check Practice Exam Questions on pages 279 through 283 (Answers on pages 309 & 310) If you have the resources available to you please complete the Try It Out activities throughout the chapter for it will benefit your learning potential. Once you have completed the exam, continue to the next lesson.
27 26 Lesson 1147B Examination Please complete the following exam. You may use the electronic grading system for quicker response. Simply log on to and enter your credentials. Once the exam has been submitted, your results will be returned within 72 hours. You may also your answers to or fax them to us at If you have any questions, please contact the Instruction Department. 1. The attack of SSLMiTM is initiated by. (1) Banner grabbing (3) Drive by (2) Social engineering (4) Worm 2. A directory transversal attack is only effective on Windows servers. (1) True (2) False 3. The weakness in the Windows service is what the Sasser worm exploits. (1) LSA (3) ISAPI (2) SSA (4) All are correct 4. Which of these can be used to scan an entire website after downloading it? (1) Black widow (3) Wayback machine (2) Wget (4) All of them 5. Used for the purpose of determining the web server and operating system versions, the is initiated in the discovery phase of an attack. (1) Password guessing (3) Cookie stealing (2) Banner grabbing (4) Abusing the robot.txt file 6. Allowing HTTP requests to be sent and the response to be passed directly to the scripting object on the client s page through the use of the XMLHTTPRequest API is done by the suite of protocols. (1) SQL (3) AJAX (2) XML (4) HTTP 7. At which layer does the code get processed in the visitor s browser when describing the layers at which web applications work? (1) Presentation (3) Logic (2) Application (4) Database 8. This is a server-side language. (1) CSS (3) HTML (2) JavaScript (4) PERL
28 27 9. Which statements will be processed first when a web server is presented with a SQL script containing statements in nested quotes? (1) Outermost (3) First occurrence (2) Innermost (4) Last occurrence 10. The most recognized server-side technology is HTML. (1) True (2) False END OF EXAMINATION
29 28 Chapter 12 Hacking Wireless Networks Overview Wireless networks are cheap and easy to install. They are also a return to the days of hubs, only worse because the signal can t be completely controlled like bounded media can. Wireless represents an opportunity for the attacker to access the network itself, from there all other attacks discussed in CEH are possible and essentially the same. Objectives Understand Wireless Networks Identify types of Wireless Encryption Discuss Wireless Threats To be successful in this lesson: Read Chapter 12 Read Study Guide for Lesson 1148B Study the Key Terms (italicized throughout the chapter) Complete and check Practice Exam Questions on pages 283 through 286 (Answers on pages 310 & 311) If you have the resources available to you please complete the activities at the end of the chapter for it will benefit your learning potential. Once you have completed the exam continue to the next lesson.
30 29 Lesson 1148B Examination Please complete the following exam. You may use the electronic grading system for quicker response. Simply log on to and enter your credentials. Once the exam has been submitted, your results will be returned within 72 hours. You may also your answers to or fax them to us at If you have any questions, please contact the Instruction Department. 1. This wireless technology is the slowest of the listed types. (1) a (3) g (2) b (4) n 2. Conversely, this wireless technology is the fastest of the listed types. (1) a (3) g (2) b (4) n 3. This wireless network operates in the 5GHz band, (1) a (3) g (2) b (4) n 4. Wireless NICs can be set into promiscuous mode using universal drivers that are widely available on the Internet. (1) True (2) False 5. A wireless network s architecture is most closely related to the architecture. (1) Star-wired (3) Ring (2) Baseband (4) None of these are correct 6. The network is considered when a wireless network s beacon frame does not broadcast the beacon frame periodically. (1) Closed (3) Shared (2) Open (4) On demand 7. This type of antenna uses an array of dipole elements to more precisely control the direction of the signal. (1) Yeti (3) Yagi (2) Yoda (4) Yogi 8. Microwaves can be disruptive to WiFi signals. (1) True (2) False 9. The term for a condition when a WAP has been configured to allow administrative access from the wireless interface is. (1) Warwalking (3) Warchalking (2) Warkitting (4) Wardriving
31 Cordless telephones cannot be used to jam or disrupt WiFi signals. (1) True (2) False END OF EXAMINATION
32 31 Chapter 13 IDS, Firewalls, and Honeypots Overview This chapter seems to be about defense and countermeasures at first, but since this is an attack class the idea it really to understand them well enough to detect them, avoid them, and a confuse them. Snort and IPTables are looked at because they are always present in Hacker s favorite operating systems; the ones that are free. Objectives Understand IDS, Firewall and Honeypot System Learn Ways to Detect an Intrusion Understand Evading Firewall To be successful in this lesson: Read Chapter 13 Read Study Guide for Lesson 1149B Study the Key Terms (italicized throughout the chapter) Complete and check Practice Exam Questions on pages 286 through 289 (Answers on pages 311 through 313) If you have the resources available to you please complete the Try It Out activities throughout the chapter for it will benefit your learning potential. Once you have completed the next chapter and the exam continue to the next lesson.
33 32 Chapter 14 Buffer Overflows Overview This chapter takes a step back to look at the principles behind one of the most dangerous and consistently occurring vulnerabilities in software. It is one of the reasons much of the attacks explored in previous chapters are successful. The explanation approaches the topic not with an assumption the reader has a programming background, but from a perspective that anyone with some experience in IT can get the hang of. This area of attack is a specialty on its own that takes years of concentrated effort to master, but everyone needs to at least grasp the basics. Objectives Understand Buffer Overflows (BoF) Understand Stack Operations Learn how to identify Buffer Overflows To be successful in this lesson: Read Chapter 14 Read Study Guide for Lesson 1149B Study the Key Terms (italicized throughout the chapter) Complete and check Practice Exam Questions on pages 289 through 292 (Answers on pages 313 & 314) If you have the resources available to you please complete the Try It Out activities throughout the chapter for it will benefit your learning potential. Once you have completed the exam, continue to the next lesson.
34 33 Lesson 1149B Examination Please complete the following exam. You may use the electronic grading system for quicker response. Simply log on to and enter your credentials. Once the exam has been submitted, your results will be returned within 72 hours. You may also your answers to or fax them to us at If you have any questions, please contact the Instruction Department. 1. This identifies a technique for configuring an IDS that looks for events that are unusual based upon its knowledge of normal traffic. (1) Signature recognition (3) Anomaly detection (2) Statistical detection (4) File integrity check 2. A firewall fingerprinting technique that uses Telnet to attempt access on any discovered port. (1) Traceroute (3) Port scanning (2) Firewalking (4) Banner grabbing 3. This choice identifies the task of configuring an IDS to look for a recognizable series of bytes or characters in a packet. (1) Signature recognition (3) Port scanning (2) Statistical detection (4) Banner grabbing 4. A Linux command line tool that allows the attacker to fragment packets to a predetermined size, which generates excessive traffic for an IDS to check in the hopes it will overlook something. (1) Packetizer (3) Packet shaper (2) Fragrouter (4) Fragroute 5. A type of firewall that checks each packet one at a time, a system that is both cost effective and very efficient. (1) Packet filters (3) Application level firewall (2) Circuit level gateways (4) Stateful inspection firewall 6. This would indicate system identification of clean input. (1) Input does not exceed memory allocation (2) Input meets expected criteria (3) Special characters are ignored (4) All are will indicate clean input 7. This indicates the last four bytes in a variable space used by programmers to detect buffer overflow attempts. (1) 0x90 exploit (3) NOP sled (2) IDS signature (4) Canary bytes
35 34 8. This is the Linux command line tool for disassembling code. (1) cgc (3) gbd (2) gcc (4) gdb 9. This is the classic tool for compiling in Linux. (1) cgc (3) gbd (2) gcc (4) gdb 10. This uses Boolean logic to return differences and ignore sameness. (1) AND (3) NOT (2) OR (4) XOR END OF EXAMINATION
36 35 Chapter 15 Cryptography Overview This chapter lays out the fundamentals of cryptography that every security professional should know. It ties in with many other topics in this course, on both attack and defensive fronts. Objectives Understand Cryptography Understand Ciphers Identify Cryptography Tools To be successful in this lesson: Read Chapter 15 Read Study Guide for Lesson 1150B Study the Key Terms (italicized throughout the chapter) Complete and check Practice Exam Questions on pages 292 through 294 (Answers on pages 314 & 315) If you have the resources available to you please complete the Try It Out activities throughout the chapter for it will benefit your learning potential. Once you have completed the next chapter and the exam continue to the next lesson.
37 36 Chapter 16 Penetration Testing Overview Applying your CEH skills in a defensive manner will likely involve performing a penetration test. There many types that can be ordered by the client depending upon need and objective. The next class in the track, ECSA/ LPT, addresses this topic in detail. This chapter provides a preview of that course and for those that stop at CEH this is the minimum that you should know before introducing your hacking skills into a professional situation. Objectives Understand Penetration Testing (PT) Identify Security Assessments Identify various Penetration testing tools To be successful in this lesson: Read Chapter 16 Read Study Guide for Lesson 1150B Study the Key Terms (italicized throughout the chapter) Complete and check Practice Exam Questions on pages 294 through 297 (Answers on pages 315 & 316) If you have the resources available to you please complete the Try It Out activities throughout the chapter for it will benefit your learning potential. Once you have completed the exam, you might want to fill out the form for your certificate and send it in.
38 37 Lesson 1150B Examination Please complete the following exam. You may use the electronic grading system for quicker response. Simply log on to and enter your credentials. Once the exam has been submitted, your results will be returned within 72 hours. You may also your answers to or fax them to us at If you have any questions, please contact the Instruction Department. 1. This algorithm is used when the keys are related but do not reveal each other. (1) Asymmetric (3) Hashing (2) Symmetric (4) All are used 2. This does not use the PAIN model, which is considered by many to be one of the easiest ways to summarize the most important concepts of cryptography. (1) Privacy (3) Authenticity (2) Accuracy (4) Integrity 3. This is considered to be the most powerful attack type of the ones listed. (1) Known plain text (3) Cipher text only (2) Chosen cipher text (4) Chosen plain text 4. This type means it is has a shared key and a secret key. (1) Symmetric (2) Asymmetric (3) Hashing 5. This type means it is a public key. (1) Symmetric (2) Asymmetric (3) Hashing 6. This type means it is a one-way key. (1) Symmetric (2) Asymmetric (3) Hashing 7. This would define the immediate action, outlined in the initial documentation surrounding a penetration test that would be taken when a risk is discovered which cannot wait until the end of the test. (1) Get out of jail free card (3) Project scope (2) Rules of engagement (4) None of these
39 38 8. When designing the test from a high level view, this would provide the start and end dates of the test along with the people involved in the initial documentation surrounding a penetration test. (1) Get out of jail free card (3) Project scope (2) Rules of engagement (4) None of these 9. This is a valid reason to perform penetration testing. (1) Compliance (3) Test incident responses plans (2) Verification of false positive (4) All of these are reasons 10. This would be outlined in the initial documentation surrounding a penetration test as to what would occur when a tester is caught. (1) Get out of jail free card (3) Project scope (2) Rules of engagement (4) None of these END OF EXAMINATION
ETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationCertified Ethical Hacker (CEH)
Certified Ethical Hacker (CEH) COURSE OVERVIEW: The most effective cybersecurity professionals are able to predict attacks before they happen. Training in Ethical Hacking provides professionals with the
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationCEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 12 May 2018
Course Outline CEH v8 - Certified Ethical Hacker 12 May 2018 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led Training
More informationV8 - CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 03 Feb 2018
Course Outline CEH v8 - Certified Ethical Hacker 03 Feb 2018 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led Training
More informationSINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker
NH9000 Certified Ethical Hacker 104 Total Hours COURSE TITLE: Certified Ethical Hacker COURSE OVERVIEW: This class will immerse the student into an interactive environment where they will be shown how
More informationCEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 15 Jan
Course Outline CEH v8 - Certified Ethical Hacker 15 Jan 2019 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led Training
More informationScanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE
UNIT III STUDY GUIDE Course Learning Outcomes for Unit III Upon completion of this unit, students should be able to: 1. Recall the terms port scanning, network scanning, and vulnerability scanning. 2.
More informationCEH: CERTIFIED ETHICAL HACKER v9
CEH: CERTIFIED ETHICAL HACKER v9 SUMMARY The Certified Ethical Hacker (CEH) program is the core of the most desired information security training system any information security professional will ever
More informationCourse 831 Certified Ethical Hacker v9
Course 831 Certified Ethical Hacker v9 Duration: 5 days What You Get: CEH v9 Certification exam voucher 5 days of high quality classroom training 18 comprehensive modules 40% of class hours dedicated to
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationCourse 831 EC-Council Certified Ethical Hacker v10 (CEH)
Course 831 EC-Council Certified Ethical Hacker v10 (CEH) Duration: 5 days What You Get: CEH v10 Certification exam voucher 5 days of high quality classroom training 18 comprehensive modules 40% of class
More informationCertified Ethical Hacker
Certified Ethical Hacker Certified Ethical Hacker Course Objective Describe how perimeter defenses function by ethically scanning and attacking networks Conduct information systems security audits by understanding
More informationCPTE: Certified Penetration Testing Engineer
www.peaklearningllc.com CPTE: Certified Penetration Testing Engineer (5 Days) *Includes exam voucher, course video, an exam preparation guide About this course Certified Penetration Testing Engineer certification
More informationThis ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process.
EC Council Certified Ethical Hacker V9 This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process. Here, you will be exposed to an entirely different
More informationAdvanced Diploma on Information Security
Course Name: Course Duration: Prerequisites: Course Fee: Advanced Diploma on Information Security 300 Hours; 12 Months (10 Months Training + 2 Months Project Work) Candidate should be HSC Pass & Basic
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationCyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX
Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:
More informationEC-Council C EH. Certified Ethical Hacker. Program Brochure
EC-Council TM H Program Brochure Course Description The (CEH) program is the core of the most desired information security training system any information security professional will ever want to be in.
More informationGCIH. GIAC Certified Incident Handler.
GIAC GCIH GIAC Certified Incident Handler TYPE: DEMO http://www.examskey.com/gcih.html Examskey GIAC GCIH exam demo product is here for you to test the quality of the product. This GIAC GCIH demo also
More informationEC-Council C EH. Certified Ethical Hacker. Program Brochure
EC-Council TM C EH Program Brochure Target Audience This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the
More informationAdvanced Ethical Hacking & Penetration Testing. Ethical Hacking
Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This
More informationMobile MOUSe HACKING REVEALED ONLINE COURSE OUTLINE
Mobile MOUSe HACKING REVEALED ONLINE COURSE OUTLINE COURSE TITLE HACKING REVEALED COURSE DURATION 20 Hour(s) of Self-Paced Interactive Training COURSE OVERVIEW The Hacking Revealed course teaches individuals
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationPearson: Certified Ethical Hacker Version 9. Course Outline. Pearson: Certified Ethical Hacker Version 9.
Course Outline Pearson: Certified Ethical Hacker Version 9 27 Jun 2018 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led
More informationExam Questions CEH-001
Exam Questions CEH-001 Certified Ethical Hacker (CEH) https://www.2passeasy.com/dumps/ceh-001/ 1. A company is legally liable for the content of email that is sent from its systems, regardless of whether
More informationCTS2134 Introduction to Networking. Module 08: Network Security
CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting
More informationScanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.
I Introduction to Hacking Important Terminology Ethical Hacking vs. Hacking Effects of Hacking on Business Why Ethical Hacking Is Necessary Skills of an Ethical Hacker What Is Penetration Testing? Networking
More informationPearson: Certified Ethical Hacker Version 9. Course Outline. Pearson: Certified Ethical Hacker Version 9.
Course Outline Pearson: Certified Ethical Hacker Version 9 29 Sep 2018 Contents 1. Course Objective 2. Expert Instructor-Led Training 3. ADA Compliant & JAWS Compatible Platform 4. State of the Art Educator
More information01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
More informationFundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring
Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy.
More informationSANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.
SANS SEC504 Hacker Tools, Techniques, Exploits and Incident Handling http://killexams.com/exam-detail/sec504 QUESTION: 315 Which of the following techniques can be used to map 'open' or 'pass through'
More informationDrone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created
Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:
More informationITSY 2330 Intrusion Detection Course Syllabus
ITSY 2330 Intrusion Detection Course Syllabus Instructor Course Reference Number (CRN) Course Description: Course Prerequisite(s) Course Semester Credit Hours (SCH) (Lecture, Lab) Name: Hung Le Tel: Office:
More informationStrategic Infrastructure Security
Strategic Infrastructure Security Course Number: SCPSIS Length: Certification Exam There are no exams currently associated with this course. Course Overview This course picks up right where Tactical Perimeter
More informatione-commerce Study Guide Test 2. Security Chapter 10
e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the
More informationEC-Council. Program Brochure. EC-Council. Page 1
Program Brochure Page 1 Certified Ethical Hacker Version 7 Revolutionary Product releases the most advanced ethical hacking program in the world. This much anticipated version was designed by hackers and
More informationFRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months
FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES
More informationMatt Walker s All in One Course for the CEH Exam. Course Outline. Matt Walker s All in One Course for the CEH Exam.
Course Outline Matt Walker s All in One Course for the CEH Exam 03 May 2018 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationINF5290 Ethical Hacking. Lecture 3: Network reconnaissance, port scanning. Universitetet i Oslo Laszlo Erdödi
INF5290 Ethical Hacking Lecture 3: Network reconnaissance, port scanning Universitetet i Oslo Laszlo Erdödi Lecture Overview Identifying hosts in a network Identifying services on a host What are the typical
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationECCouncil Certified Ethical Hacker. Download Full Version :
ECCouncil 312-50 Certified Ethical Hacker Download Full Version : http://killexams.com/pass4sure/exam-detail/312-50 A. Cookie Poisoning B. Session Hijacking C. Cross Site Scripting* D. Web server hacking
More informationCYBER ATTACKS EXPLAINED: PACKET SPOOFING
CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service
More informationWhat action do you want to perform by issuing the above command?
1 GIAC - GPEN GIACCertified Penetration Tester QUESTION: 1 You execute the following netcat command: c:\target\nc -1 -p 53 -d -e cmd.exe What action do you want to perform by issuing the above command?
More informationBasics of executing a penetration test
Basics of executing a penetration test 25.04.2013, WrUT BAITSE guest lecture Bernhards Blumbergs, CERT.LV Outline Reconnaissance and footprinting Scanning and enumeration System exploitation Outline Reconnaisance
More informationModule 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services
Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationCompTIA Security+ (Exam SY0-401)
CompTIA Security+ (Exam SY0-401) Course Overview This course will prepare students to pass the current CompTIA Security+ SY0-401 certification exam. After taking this course, students will understand the
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationEthical Hacker Foundation and Security Analysts Course Semester 2
Brochure Software Education Ethical Hacker Foundation and Security Analysts Course Semester 2 The Security Management Course is a graduate-level foundation course in the Information Security space. Brochure
More informationNETWORK SECURITY. Ch. 3: Network Attacks
NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationPrinciples of ICT Systems and Data Security
Principles of ICT Systems and Data Security Ethical Hacking Ethical Hacking What is ethical hacking? Ethical Hacking It is a process where a computer security expert, who specialises in penetration testing
More informationSyllabus: The syllabus is broadly structured as follows:
Syllabus: The syllabus is broadly structured as follows: SR. NO. TOPICS SUBTOPICS 1 Foundations of Network Security Principles of Network Security Network Security Terminologies Network Security and Data
More informationCISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks
CISNTWK-440 Intro to Network Security Chapter 4 Network Vulnerabilities and Attacks Objectives Explain the types of network vulnerabilities List categories of network attacks Define different methods of
More informationITdumpsFree. Get free valid exam dumps and pass your exam test with confidence
ITdumpsFree http://www.itdumpsfree.com Get free valid exam dumps and pass your exam test with confidence Exam : 312-50v10 Title : Certified Ethical Hacker Exam (CEH v10) Vendor : EC-COUNCIL Version : DEMO
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationChapter 4. Network Security. Part I
Chapter 4 Network Security Part I CCNA4-1 Chapter 4-1 Introducing Network Security Introduction to Network Security CCNA4-2 Chapter 4-1 Introducing Network Security Why is Network Security important? Rapid
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationChapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.
Name Date Chapter 10: Security After completion of this chapter, students should be able to: Explain why security is important and describe security threats. Explain social engineering, data wiping, hard
More informationExam4Tests. Latest exam questions & answers help you to pass IT exam test easily
Exam4Tests http://www.exam4tests.com Latest exam questions & answers help you to pass IT exam test easily Exam : CEH-001 Title : Certified Ethical Hacker (CEH) Vendor : GAQM Version : DEMO 1 / 9 Get Latest
More informationCertified Ethical Hacker Version 9. Course Outline. Certified Ethical Hacker Version Nov
Course Outline Certified Ethical Hacker Version 9 05 Nov 2018 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led Training
More informationInternet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.
Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:
More informationn Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic
Chapter Objectives n Understand how to use appropriate software tools to assess the security posture of an organization Chapter #7: Technologies and Tools n Given a scenario, analyze and interpret output
More informationUnderstanding Cisco Cybersecurity Fundamentals
210-250 Understanding Cisco Cybersecurity Fundamentals NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 210-250 Exam on Understanding Cisco
More informationCyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems
Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Section 1: Command Line Tools Skill 1: Employ commands using command line interface 1.1 Use command line commands to gain situational
More informationPractice Labs Ethical Hacker
Practice Labs Ethical Hacker Lab Outline The Ethical Hacker Practice Lab will provide you with the necessary platform to gain hands on skills in security. By completing the lab tasks you will improve your
More informationSecurity and Authentication
Security and Authentication Authentication and Security A major problem with computer communication Trust Who is sending you those bits What they allow to do in your system 2 Authentication In distributed
More informationIntroduction to Penetration Testing: Part One. Eugene Davis UAH Information Security Club February 21, 2013
Introduction to Penetration Testing: Part One Eugene Davis UAH Information Security Club February 21, 2013 Ethical Considerations: Pen Testing Ethics of penetration testing center on integrity (ISC)² Code
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationNetwork Forensics Prefix Hijacking Theory Prefix Hijacking Forensics Concluding Remarks. Network Forensics:
Network Forensics: Network OS Fingerprinting Prefix Hijacking Analysis Scott Hand September 30 th, 2011 Outline 1 Network Forensics Introduction OS Fingerprinting 2 Prefix Hijacking Theory BGP Background
More informationCSC 574 Computer and Network Security. TCP/IP Security
CSC 574 Computer and Network Security TCP/IP Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) Network Stack, yet again Application Transport Network
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationFundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code
Fundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code Learning Objective Explain the importance of network principles and architecture
More informationsottotitolo System Security Introduction Milano, XX mese 20XX A.A. 2016/17 Federico Reghenzani
Titolo presentazione Piattaforme Software per la Rete sottotitolo System Security Introduction Milano, XX mese 20XX A.A. 2016/17 Outline 1) Introduction to System Security 2) Basic Exploits 3) Network
More informationAN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM
1 AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM 2 Introduction (1/2) TCP provides a full duplex reliable stream connection between two end points A connection is uniquely defined by the quadruple
More informationYou will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.
IDPS Effectiveness and Primary Takeaways You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent. IDPS Effectiveness and Primary
More informationPRACTICAL NETWORK DEFENSE VERSION 1
PRACTICAL NETWORK DEFENSE VERSION 1 The world s premiere online practical network defense course elearnsecurity has been chosen by students in over 140 countries in the world and by leading organizations
More informationCS System Security 2nd-Half Semester Review
CS 356 - System Security 2nd-Half Semester Review Fall 2013 Final Exam Wednesday, 2 PM to 4 PM you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This
More informationIntroduction. Competencies. This course provides guidance to help you demonstrate the following 6 competencies:
This course supports the objective assessments for the Outside vendor certification for EC-Council Certified Ethical Hacker. The course covers 6 competencies and represents 3 competency units. Introduction
More informationPND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access
The World s Premier Online Practical Network Defense course PND at a glance: Self-paced, online, flexible access 1500+ interactive slides (PDF, HTML5 and Flash) 5+ hours of video material 10 virtual labs
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : ECSS Title : EC-Council Certified Security Specialist Practice Test Vendors
More informationELEC5616 COMPUTER & NETWORK SECURITY
ELEC5616 COMPUTER & NETWORK SECURITY Lecture 17: Network Protocols I IP The Internet Protocol (IP) is a stateless protocol that is used to send packets from one machine to another using 32- bit addresses
More informationGAQM Exam CEH-001 Certified Ethical Hacker (CEH) Version: 6.0 [ Total Questions: 878 ]
s@lm@n GAQM Exam CEH-001 Certified Ethical Hacker (CEH) Version: 6.0 [ Total Questions: 878 ] Topic 1, Volume A GAQM CEH-001 : Practice Test Question No : 1 - (Topic 1) Which of the following countermeasure
More informationCertified Vulnerability Assessor
Certified Vulnerability Assessor COURSE BENEFITS Course Title:Certified Vulnerability Assessor Duration: 3Day Language: English Class Format Options: Instructor-led classroom Live Online Training Prerequisites:
More informationSoftware Development & Education Center Security+ Certification
Software Development & Education Center Security+ Certification CompTIA Security+ Certification CompTIA Security+ certification designates knowledgeable professionals in the field of security, one of the
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationLast time. Trusted Operating System Design. Security in Networks. Security Features Trusted Computing Base Least Privilege in Popular OSs Assurance
Last time Trusted Operating System Design Security Features Trusted Computing Base Least Privilege in Popular OSs Assurance Security in Networks Network Concepts Threats in Networks 11-1 This time Security
More informationC and C++ Secure Coding 4-day course. Syllabus
C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course
More informationCompTIA Security+ SY Course Outline. CompTIA Security+ SY May 2018
Course Outline 09 May 2018 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led Training 5. ADA Compliant & JAWS Compatible
More informationAccess Controls. CISSP Guide to Security Essentials Chapter 2
Access Controls CISSP Guide to Security Essentials Chapter 2 Objectives Identification and Authentication Centralized Access Control Decentralized Access Control Access Control Attacks Testing Access Controls
More informationOverview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter
Computer Network Lab 2017 Fachgebiet Technische Informatik, Joachim Zumbrägel Overview Security Type of attacks Firewalls Protocols Packet filter 1 Security Security means, protect information (during
More informationHome Computer and Internet User Security
Home Computer and Internet User Security Lawrence R. Rogers Version 1.0.4 CERT Training and Education Networked Systems Survivability Software Engineering Institute Carnegie Mellon University Pittsburgh,
More information