Sample Exam Ethical Hacking Foundation

Similar documents
Ethical Hacking Foundation Exam Syllabus

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

Sample Exam Privacy & Data Protection Foundation

Sample Exam IT-Security Foundation

Hacking Encrypted Wireless Network

Penetration Testing with Kali Linux

Gaining Access to encrypted networks

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

ETHICAL HACKING OF WIRELESS NETWORKS IN KALI LINUX ENVIRONMENT

ECCouncil Certified Ethical Hacker. Download Full Version :

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

BraindumpsIT. BraindumpsIT - IT Certification Company provides Braindumps pdf!

ECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]

Missouri University of Science and Technology ACM SIG-Security 2014 Wi-Fi Workshop Exploitation Handbook

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

CTF Workshop. Crim Synopsys, Inc. 1

Hackveda Training - Ethical Hacking, Networking & Security

Section 4 Cracking Encryption and Authentication

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

Ethical Hacking and Prevention

Pearson: Certified Ethical Hacker Version 9. Course Outline. Pearson: Certified Ethical Hacker Version 9.

Certified Secure Web Application Engineer

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

CSWAE Certified Secure Web Application Engineer

Post Connection Attacks

Solutions Business Manager Web Application Security Assessment

Web Application Security. Philippe Bogaerts

CPTE: Certified Penetration Testing Engineer

Curso: Ethical Hacking and Countermeasures

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

Worldwide Release. Your world, Secured ND-IM005. Wi-Fi Interception System

Wireless Attacks and Countermeasures

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

Introduction to Ethical Hacking. General Introduction to Ethical Hacking Practitioner

Is Your Wireless Network Being Hacked?

Web Application Penetration Testing

SETTING UP THE LAB 1 UNDERSTANDING BASICS OF WI-FI NETWORKS 26

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center

Why bother? Causes of data breaches OWASP. Top ten attacks. Now what? Do it yourself Questions?

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Principles of ICT Systems and Data Security

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Penetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

FinIntrusion Kit / Release Notes. FINFISHER: FinIntrusion Kit 4.0 Release Notes

5 Steps Wifi Hacking Cracking WPA2 Password

Application Security through a Hacker s Eyes James Walden Northern Kentucky University

Your Turn to Hack the OWASP Top 10!

Online Intensive Ethical Hacking Training

Hacking Wireless Networks by data

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Lecture 7: Web hacking 3, SQL injection, Xpath injection, Server side template injection, File inclusion

Strategic Infrastructure Security

CyberP3i Hands-on Lab Series

Lecture Overview. IN5290 Ethical Hacking

Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Chapter 2. Switch Concepts and Configuration. Part II

Introduction to Ethical Hacking

Project 3: Network Security

Ethical Hacking Foundation Certification Training - Brochure

CNIT 121: Computer Forensics. 9 Network Evidence

Wireless Network Security

Lecture Overview. IN5290 Ethical Hacking. Lecture 4: Web hacking 1, Client side bypass, Tampering data, Brute-forcing

CEH Tools. Sniffers. - Wireshark: The most popular packet sniffer with cross platform support.

Ethical Hacker Foundation and Security Analysts Course Semester 2

DIS10.1 Ethical Hacking and Countermeasures

WIRELESS EVIL TWIN ATTACK

CHCSS. Certified Hands-on Cyber Security Specialist (510)

Advanced Diploma on Information Security

McAfee Certified Assessment Specialist Network

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Vendor: Microsoft. Exam Code: Exam Name: MTA Security Fundamentals Practice Test. Version: Demo

Certified Vulnerability Assessor

ISDP 2018 Industry Skill Development Program In association with

CISSP - Certified Information Systems Security Professional


EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Wireless Network Security Spring 2015

Wireless Network Security

Contents in Detail. Foreword by Peter Van Eeckhoutte

Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam

DIS10.1:Ethical Hacking and Countermeasures

Network Security. Thierry Sans

e-commerce Study Guide Test 2. Security Chapter 10

Scanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.

Web insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

An analysis of security in a web application development process

What is Eavedropping?

SPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

GCIH. GIAC Certified Incident Handler.

Chapter 11: Networks

Configuring BIG-IP ASM v12.1 Application Security Manager

Once in BT3, click the tiny black box in the lower left corner to load up a "Konsole" window. Now we must prep your wireless card.

Lab 5: Web Attacks using Burp Suite

Attacks Against Websites. Tom Chothia Computer Security, Lecture 11

Transcription:

Sample Exam

Sample Exam Ethical Hacking Foundation SECO-Institute issues the official Ethical Hacking courseware to accredited training centres where students are trained by accredited instructors. Students can take their exams at an accredited exam centre or directly at the SECO-Institute. Attending an official certification course is not a prerequisite for taking an exam. Upon successful completion of a foundation exam (with a passing score of 60%), students can claim their digital badge at the SECO-Institute. This document provides a sample exam for you to familiarise yourself with the structure and topic areas of the current Ethical Hacking Foundation examination. We strongly recommend you to test your knowledge before taking the actual assessment. The results of this test do not count towards your certification assessment. Examination type Computer-based 40 Multiple choice: 2,5 points per question Time allotted for examination 60 minutes Examination details Pass mark: 60% (out of 100) Open book/notes: no Electronic equipment permitted: no The Rules and Regulations for SECO-Institute examinations apply to this exam 1

Questions Question 1 You have found a live system on ip-address 192.168.11.54. Which nmap command lets you determine the operating system of the target? A. nmap -os 192.168.11.54 B. nmap -sn 192.168.11.54 C. nmap -O 192.168.11.54 D. nmap -sl 192.168.11.54 Question 2 Using Wireshark you encounter the following text in a packet Authorization: Basic ahr0chdhdgnoomy=. What are you looking at? A. A form of authentication using a digest B. A Http protocol packet with basic authentication C. A TCP/IP packet to login to a SSH server D. Autorization packet to login to a WEP-encrypted Wifi network Question 3 You find a live webserver. For what purpose would you use Dirb? A. To scan the webserver for folders and filenames that are not at glance obviously present on the webserver B. To test the website of application for known vulnerabilities C. To check for the presence of injection vulnerabilities on the login page D. To act as a MitM proxy and alter packets Question 4 What does the CONCAT function within SQL do? A. Concatenates two string values B. Splits the value of a string in two values C. Changes the table and put two columns in one column D. Returns the values of two fields as one field 2

Question 5 If you click the login button on a webpage, what kind of request does the browser send to the server? A. A Http POST request B. A Http GET request C. A Http PUT request D. A Http OPTIONS request Question 6 An ethical hacker gets no details on the target that must be tested. What kind of test is this? A. Blackbox testing B. White box testing C. Greybox testing D. Crystalbox testing Question 7 What do you need if you want to find known vulnerabilities, for example using ExploitDB, in a standard product? A. The operating system the product is running on B. Full access to the server C. Specific productname and version D. Access to the source code Question 8 Using javascript (for example in case you are testing a XSS vulnerability), how would you get to the session cookie? A. session.cookie B. window.cookies C. browser.cookies D. document.cookie Question 9 The SSID is used as? A. Unique identifier of a service B. Identification of a Wifi network C. The service identifier of the wifi network adapter D. The identification of a laptops network card 3

Question 10 In which step of the hacking process is Nikto most likely to be used? A. Attack preparation B. Information gathering C. Reporting D. Attack Question 11 What is the purpose of the Burp suite? A. Act as a Mitm proxy B. Scan network hosts C. Let s you take over a browser D. Scan websites for vulnerabilities Question 12 Why would a developer use sanitation on the output in a web application? A. To speed up the web page by creating cleaner content B. To be sure validations can be done properly an correctly C. To make sure the output can never be interpreted as code by the browser D. To check all input sent from a client/browser Question 13 What are examples of webshell scripts? A. R57, Bash B. R57, C99 C. Bash, Zsh D. Zsh, C99 Question 14 While testing you find that the website uses a url parameter called id. How would you test if it is vulnerable to SQL injection? A. Use id=-1 B. Use id=< C. Use id= D. Use id=; 4

Question 15 You use the SQLmap option -os-shell. What are you trying to find? A. See if a shell on the database can be started B. Get the OS password from the user the database is using C. Dump interesting database tables D. A writable directory to upload a shell Question 16 Which network type is the most secure? A. WPA2 network with client certificate B. WPA network with 'spoofing disabled' = yes C. WEP network with password 'dfyfgc1@3%9)h7trdtyu&lp3s' D. Hidden WPA2 network with Pre-Shared Key (PSK) Question 17 Which prerequisites are best for an Ethical Hacker? A. A hardened system with a flexible network adapter i.e. it supports spoofing B. A laptop with a hidden MAC-address to avoid premature discovery C. A standard Kali linux system with the Aircrack-NG tool D. A high-end desktop PC with a wireless network adapter Question 18 To investigate wireless networks, which mode must be set for your network device? A. Mode = Managed B. mode = Monitor C. Mode = Master D. Mode = Special Question 19 Which aireplay-ng option is essential to crack a wireless WEP network password? A. option 'wlan' allows capture of 1500+ bytes of the WLAN traffic to extract the IV (initialization vector) of the encryption key B. option '5' allows us to to generate a valid key-stream based on previously captured WLAN traffic C. option 'c' allows capture of necessary bytes to completely extract of the password D. option 'MAC-from-AP' cracks the PRGA (Pseudo Random Generation Algorithm) of the selected wireless network 5

Question 20 Which parameters does 'packetforge-ng' needs to succesfully inject an ARP packet in a WLAN? A. -0 <MAC-from-AP> <MAC-from-PC> <destination-mask> <source-mask> <packet-file> B. -0 <WLAN-id> <full-broadcast> <destination-mac> <source-mac> <packet-file> C. -w <WLAN-id> <full-broadcast> <destination-ipaddress> <source-ipaddress> <packet-file> D. -w <MAC-from-AP> <MAC-from-PC> <destination-ipaddress> <source-ipaddress> <packet-file> Question 21 The aircrack-ng tool reports 'insufficient amount of packets'. What is your best option to solve this problem? A. Use aircrack-ng with the filter option -b for the MAC address from the access point B. Set the option for aircrack-ng to start calculating right after 40.000 packets are availabe C. Use airmon-ng options to block ARP-traffic from other WLAN networks D. Generate traffic, capture new packets and write them to dump*.cap files with airodump-ng Question 22 Which command decrypts previously captured wireless traffic data? A. airdecap -a <MAC-from-AP> -p <Password> -r capture.cap B. airdecap -m <MAC-from-AP> -e <BSSID> -s <Password> capture.cap C. airdecap -b <BSSID> -e <ESSID> -w <Password> capture.cap D. airdecap -b <BSSID> -e <ESSID> -d <Password> -r capture.cap Question 23 Which command sends a fake authentication request to a WEP access point? A. $ packetforge-ng -0 -a <MAC-from-AP> -y capture.cap -i wlan0mon B. aireplay-ng -1 3600 q 10 -a <MAC-from-AP> wlan0mon C. aireplay-ng -5 -b <MAC-from-AP> wlan0mon D. $ packetforge-ng -0 -a <MAC-from-AP> -y capture.cap -w arp-request Question 24 Why is Base64 encoding generally used? A. Encoding binary data with a XOR operation and a 64 bit key B. To prevent automatic decoding of binary data C. Translating binary data to text that can be transmitted in e-mails and HTML data D. It is not used anymore, since it is has been replaced by Base128 (ASCII) character encoding 6

Question 25 Which of the following tools is best suited to map accessible hosts in a network? A. nmap B. network-discover C. wireshark D. ip-show Question 26 What is the best explanation for the cause of vulnerability for SQL injection? A. If a website links to a database which stores login information of user accounts B. The database is not properly isolated from the website (e.g. in a DMZ) C. A webpage directly transfers a search request of the user to the database D. The database administrator did not properly restrict access to the database Question 27 What is the best description of false positives? A. Scanning tools sometimes raise warnings which prove to be incorrect B. Scanning tools sometimes produce errors when processing the input C. Scanning tools do not raise exceptions based on processing suspicious input D. Scanning tools produce errors which cannot be verified Question 28 Why is the MD5 hashing algorithm considered as weak? A. An MD5 hash apparently can be decrypted to retrieve the original password B. The MD5 algorithm is broken as a one-way cryptographic function C. An attacker can easily generate a text with a hash equal to the given MD5 hash D. The md5sum tool can efficiently produce the hash of any password Question 29 What action is effective when the 'John the Ripper' tool refuses to crack a password? A. Specify one or more different password list in lm-format B. Switch from the password list to the brute-force method C. John can only find weak passwords, so use http://pentestmonkey.net instead D. move to directory ~/.john and rename the file john.pot to john.pot.bak 7

Question 30 Which tools support brute-force attacks? A. L0pthCrack B. zap C. r57 D. Nikto Question 31 What is the best reason not use brute force to find a working SSH user-id and password? A. This will require much more time than other methods B. This can cause us to be blocked from the system C. Automated brute-force attacks can lead to false positives D. SSH sessions on port 22 cannot be accessed by brute force Question 32 Which tool does best fit this description: "discovers vulnerabilities in web applications"? A. Dirb B. Vega C. THC Hydra D. inj3ctor Question 33 Structured Query Language (SQL) is used in ANSI relational database management systems and consists of the following special purpose languages: A. Data query language, Data definition language, Database control language B. *Data definition language, Data control language, Data manipulation language C. Object structuring language, Data definition language, Stored procedure language D. Data specification language, Structured relation language, Database management language Question 34 Which sqlmap option provides you the information that the database is vulnerable to SQL injection? A. sqlmap -h http://webapplication-url B. sqlmap -u http://webapplication-url passwords C. sqlmap -u http://webapplication-url D. sqlmap -p http://webapplication-url --time-test 8

Question 35 If you turn off the safe mode in the R57 shell, which option becomes available? A. You can execute commands directly on the server B. You can edit, create and delete files on the server C. You can launch a brute-force attack against the FTP server D. You can send files from the server to your email (this leaves traces!) Question 36 If a server is vulnerable to Local File Inclusion (LFI), how can it be exploited? A. Request the server to display his local files B. Include new content on websites C. Session cookies can be altered and sent to the server D. Put malicious scripts inside unvalidated parameters and then passed through Question 37 What is the most common risk of downloading and using shell code for File Inclusion? A. The shell code must be unescaped first to verify the code B. The shell can trigger a Denial of Service attack by crashing the system C. The shell code can be encrypted, to avoid code inspection D. The shell can notify its creator that it is available on the system Question 38 Why do developers allow File Inclusions on a web server? A. Developers shouldn't use it, because it provides an extensive attack vector B. Because (Web)applications receive and use input in many different forms C. File inclusions are handy for developers, for example for reusing code D. Developers can easily get shell access to repair production systems Question 39 Which Linux command should be used to configurate wireless devices? A. Ifconfig B. iw C. iwconfig D. ipconfig 9

Question 40 Dirb finds a directory 'Phpmyadmin'. What is this directory most likely used for? A. Phpmyadmin is a php-based interface for managing MySQL databases B. Phpmyadmin is a tool to create webpages using the PHP script language C. Phpmyadmin is the directory for the admin of the web server D. Phpmyadmin is the directory to store restricted files on the web servertype text here... 10

Answers Question Answer Explanation 1 C The correct nmap option is -O. The other options change the output (-o), perform a ping to the target(-n) or list all hosts present (-L). 2 B The correct answer is HTTP with basic authentication. 3 A Scanning for folders and files on a webserver is the function of Dirb. For the others you should use other testing tools, like Nikto. 4 D CONCAT represents the values of two database fields as one field. 5 A With normal forms in html, the browser will send a Http POST request to hide the user-id & password. 6 A With no details on the target, this is blackbox testing. 7 C You need the product name and version to find known vulnerabilities specific to that version of the product 8 D The correct javascript DOM property is document.cookie 9 B The answer is Wifi network identification 10 A Nikto is mostly used in attack preparation. Nikto is too visible for information gathering and will give information on vulnerabilities that can be tested or used in the attack/verification phase. 11 A Burp is a proxy and can be used for Mitm attacks 12 C Sanitation is used to make sure that output won t be interpreted as code 13 B Examples are R57 and C99. The others are Linux shells 14 C The correct test is by using the 15 D The correct answer is testing for writable directories to upload a webshell to. 16 A When legitimate clients have a certificate which matches the server certificate, this is the most secure option 17 C A standard Kali Linux system has extensive tooling to support Ethical Hacking (e.g. Metasploit) 18 B With Monitor mode your wireless network card can capture all traffic. With this mode, you can identify networks, devices, encryption (WEP, WPA, WPA2,...) and the radio channels used. 19 B Cracking the password requires sufficient packets from the router to discover the Initialisation Vector (IV). With aireplay-ng -5, we capture approximately 1500 bytes of network traffic to generate a valid key-stream 20 A Options needed: -0: create ARP packet; -a : AP MAC address; -h: PC MAC address; -k: target IP mask (= broadcast); -l: source IP mask (= broadcast); - y:.xor file previously created; -w; write output to file 21 D If a sufficient amount of packets has not yet been reached, aircrack-ng will try again on the next expected threshold (5000 in this example) 11

22 C The correct airdecap switches are: -b <MAC- address AP> -e <ESSID> -w <Password> capture.cap 23 B aireplay-ng -1 3600 q 10 -a <MAC-from-AP> wlan0mon 24 C Base64 encoding is used to transfer binary data as human readable text 25 A Nmap is the correct answer. Wireshark only intercepts random traffic and the other tools do not exist 26 C An SQL injection is caused by unsanitized input of the user, which enables the user to run SQL queries on the database. 27 A A false positive is a warning that later proves to be incorrect 28 C The MD5 algorithm produces only 16 byte hashes, thus generating a 'collision' using brute-force is feasable with current computing power. 29 D John stores previous attempts in the john.pot file. Due to a bug, John sometimes cannot proceed with the file stored. 30 A Only L0pthCrack is a tool that can brute-force passwords 31 B Brute-force is very noisy and may cause our further attempts to be blocked 32 B Vega is a vulnerability scanner that automatically tests all web-pages provided by the web server 33 B SQL = Data definition language, Data control language, Data manipulation language 34 C The command: sqlmap -u http://webapplication-url identifies the given 35 A URL for SQL Injection vulnerabilities With safe mode turned off, you can execute commands directly on the server 36 A With LFI, attackers can view server files, e.g. /etc/passwd 37 D The creator can have a malicious intent to provide the shell code 38 C By using file inclusions, developers can reuse (code) files on the server 39 B iw, the rest is deprecated; ipconfig is a Windows command 40 A Phpmyadmin is a commonly used php-based interface for managing MySQL databases 12

How to book your exam? All our exams are delivered through an online examination system called ProctorU. To enrol for an exam, go to: https://www.seco-institute.org/certification-exams/how-to-book-exam/ Make sure you are fully prepared. Use the ProctorU Preparation checklist to assess whether you are ready to take the exam. Review the examination rules at https://www.seco-institute.org/html/filesystem/storefolder/10/rules-and-regulations-for-seco- Institute-Examinations-2017-11.pdf Digital badges SECO-Institute and digital badge provider Acclaim have partnered to provide certification holders with a digital badge of their SECO- Institute certification. Digital badges can be used in email signatures as well as on personal websites, social media sites such as LinkedIn and Twitter, and electronic copies of resumes. Digital badges help certification holders convey employers, potential employers and interested parties the skills they have acquired to earn and maintain a specialised certification. SECO-Institute doesn t issue certification titles for Foundation courses. However, upon successful completion of your Foundation exam, you can claim your digital badge free of charge at the SECO-Institute. https://www.seco-institute.org/claim-your-foundation-badge 13

l EHF-Sample Exam-v1.0 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback