click below
click below
Normal Size Small Size show me how
CEH Exam v9
Certified Ethical Hacker v9 exam
Question | Answer |
---|---|
how to launch the executable bad.exe within NoProblems.txt | start noproblems.txt:bad.exe |
OSI-approved open source for daily system scans | Python |
Blackjacking tool | BBProxy |
Fraggle uses this protocol | UDP |
SMURF uses this protocol | ICMP |
nc -L 56 -t -e cmd.exe | spans command shell on port 8080 using NETCAT |
NIST 800-53 | US Gov security and privacy controls |
Wrapping attacks involve messing with | SOAP messages and replays them |
Used to analyze and examine links between personnel or hardware using graphs and link analysis | Maltego |
Provides visibility and security controls for servers in a cloud | CloudPassage Halo |
Wireless symmetric encryption | WEP |
interactive and process controls | OSSTMM |
OSSTMM | Open Source Security Testing Methodology Manual |
./snort -b -A fast -c snort.conf | SNORT in IDS mode |
Send specially created environment variables and trailing commands - what attack? | SHELLSHOCK |
a Perl module supporting IDS evasion | libwhisker |
provides specific services to untrusted networks or hosts | Bastion host |
unsolicited messages to the target using Bluetooth | bluejacking |
IETF specs for securing DNS records | DNSSEC |
which layer is STP spanning tree protocol | layer 2 |
phishing mitigation | netcraft and phishtank toolbar |
obfuscate source of network connection | proxy firewall |
protects against MITM attacks in WPA | MIC (Message integrity Check) |
CCMP | WPA2 |
what is vulnerable to Chosen cipher-text attack | RSA |
protect internal intranet from enumeration for public-facing web server. | remove A records for internal hosts |
tool for firewall evasion | tcp-over-dns |
ping -l | sets size of packet |
separate data ownership from data custodian duties | cloud computing |
ICMP type 3 code 13 | Administratively prohibited |
SOAP uses | XML |
encrypts the entire packet | ESP in tunnel mode |
Linux cmd someproc & | run as background task, will stop when user logs off (needs nohup) |
HttpOnly flag | XSS mitigation |
; used in what type of attack | CSPP (connection string parameter pollution) |
uses AES for encryption algorithm | WPA2 |
DNS zone transfer port and protocol | 53 TCP |
DNS lookup port and protocol | 53 UDP |
TCP flag, buffer full, force transmission | PSH |
Integrity for WPA2 | CCMP - Counter Mode with Cipher Block Chaining Message Authentication Code Protocol |
VoIP packet decoding tool | Cain and Abel |
Copies websites for download | Black widow |
chmod 744 | user, group, other (rwx,r--,r--) |
RID of 500 | Administrator account |
IPSec VPN scanning tool | IKE-scan |
Linux password directory | /etc |
can be used to encrypt hard drives | PGP (not S/MIME) |
Windows wireless tool | Netstumbler |
XMAS scan you get RST/ACK, what does it mean | Port is closed |
migrate actual OS to virtual machine | Hypervisor-level rootkit |
superoneclick | Android root tool |
Common Criteria rating | EAL - evaluation assurance level |
type of product being tested | Protection profile (PP) |
Target for CC | Target of Evaluation (TOE) |
describes the TOE and any requirements | ST (Security Target) |
Bluetooth 2.0 with EDR | PSK modulation two types |
A block cipher that uses a 56-bit key (with 8 bits reserved for parity). Because of the small key size, this encryption standard became quickly outdated and is not considered a very secure encryption algorithm. | DES |
A block cipher that uses a 168-bit key. 3DES (called triple DES) can use up to three keys in a multiple-encryption method. It’s much more effective than DES but is much slower. | 3DES |
A block cipher that uses a key length of 128, 192, or 256 bits, and effectively replaces DES. It’s much faster than DES or 3DES. | AES |
A block cipher that uses a 128-bit key and was also designed to replace DES. Originally used in Pretty Good Privacy (PGP) 2.0, IDEA was patented and used mainly in Europe. | IDEA |
A block cipher that uses a key size up to 256 bits. | twofish |
A fast block cipher, largely replaced by AES, using a 64-bit block size and a key from 32 to 448 bits. Blowfish is considered public domain. | Blowfish |
Encompasses several versions from RC2 through RC6. A block cipher that uses a variable key length up to 2040 bits. RC6, the latest version, uses 128-bit blocks and 4-bit working registers, whereas RC5 uses variab | RC (Rivest Cipher) |
4 phases of successful social engineering | 1. Research (dumpster dive, visit websites, tour the company, and so on). 2. Select the victim (identify frustrated employee or other promising targets). 3. Develop a relationship. 4. Exploit the relationship (collect sensitive information). |
voice phishing | vishing |
People Search Tools | Intelius www.intelius.com • Zaba Search www.zabasearch.com • PeekYou www.peekyou.com • ZoomInfo AnyWho www.anywho.com • 411 www.411.com • People Search Now www.peoplesearchnow.com • Veromi www.veromi.net |
Competitive Intelligence | MarketWatch www.marketwatch.com • SEC Info www.secinfo.com • Euromonitor www.euromonitor.com • Wall Street Transcript www.twst.com • Lipper www.lippermarketplace.com • Experian www.experian.com • The Search Monitor www.thesearchmonitor.com |
Tracking Online Reputation | BrandsEye www.brandseye.com • Alexa www.alexa.com • Social Mention www.socialmention.com • ReputationDefender www.reputation.com • Rankur |
RSA is vulnerable to | Chosen-cipher-Text attack |
Circuit level firewall operates at which level of OSI | 5 |
Blooover is designed to | do a bluebugging attack, access phone commands without user knowledge. |
IDLE scan IPID is incrementing randomly | target is not an IDLE zombie |
how to prevent privilege escalation vulnerabilities | ensure services run with least privilege |
enables unicode chracters to be displayed in ASCII lenght of 1 to 4 bytes | UTF-8 |
command-line sniffer and packet analyzer | tcpdump (similar to wireshark) |
bluetooth DOS attack | Bluesmacking |
unsolicited phone messages | bluejacking |
malware for android phones affecting two-factor auth. | Zitmo |
U P F Seq flags | XMAS scan indicator |
access to both plain text and cipher text | known-plain-text attack |
sniffs wifi for usernames and passwords | Airsnarf |
takes advantage of fragmenting bug in older windows devices | Teardrop |
aborts connection immediately in TCP | RST |
OSSTMM process controls | nonrepudiation, confidentiality, Privacy |
Automated pen testing | Core Impact, CANVAS |
an API that allows different components to communicate | SOA (service Orient Arch) |
makes use of broadcast pings | SMURF attack |
SNORT default rules | Pass, Drop, Alert, Log |
what layer for Circuit level firewall | 5 |
types of social engineering attacks | Human, computer, mobile |
sniffers operate at what layers | 2 and 3 |
where is SAM stored on a Windows machine | c:\windows\system32\config |
where to find well-known services defined by IANA | C:\Windows\System32\drivers \etc\services |
who maintains webgoat | OWASP |
theft of information from a wireless device through a Bluetooth connection. | Bluesnarfing |
is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones | Bluejacking |
Collecting profile information with bluetooth | Blueprinting |
DOS attack for bluetooth devices | Bluesmacking |
bluetooth wardriving | Bluesniffing |