Certified Ethical Hacker study material

Quiz yourself by thinking what should be in each of the black spaces below before clicking on it to display the answer.

Help!

Question

Answer

ICMP is Protocol?

Protocol 1

🗑

TCP is Protocol?

Protocol 6

🗑

UDP is Protocol?

Protocol 17

🗑

GRE is Protocol?

Protocol 47

🗑

AH is Protocol?

Protocol 50

🗑

ESP is Protocol?

Protocol 51

🗑

FTP is Port?

Port 20 - 21

🗑

SSH is Port?

Port 22

🗑

Telnet is Port?

Port 23

🗑

SMTP is Port?

Port 25

🗑

WINS is Port?

Port 42

🗑

DNS is Port?

Port 53

🗑

HTTP is Port?

Port 80 - 81 -8080

🗑

Kerberos is Port?

Port 88

🗑

POP3 is Port?

Port 110

🗑

Portmapper (Linux)is Port?

Port 111

🗑

NNTP is Port?

Port 119

🗑

RPC-DCOM is Port?

Port 135

🗑

SMB is Port?

Port 137 - 138 - 139

🗑

IMAP is Port?

Port 143

🗑

SNMP is Port?

Port 161 - 162

🗑

LDAP is Port?

Port 389

🗑

CIFS is Port?

Port 445

🗑

SOCKS5 is Port?

Port 1080

🗑

RDP is Port?

Port 3389

🗑

IRC is Port?

Port 6667

🗑

Palm Pilot Remote Sync is Port?

Port 14237

🗑

Trojan Horses Port 7777

Tini

🗑

Trojan Horses Port 12345

NetBus

🗑

Trojan Horses Port 27374

Back Orifice

🗑

Trojan Horses Port 31337

Sub7

🗑

Password Cracking by GUESSING is...

Is the most efficient, assuming information gathering before hand

🗑

Password Cracking by DICTIONARY is...

Based on the predetermined list of words

🗑

Password Cracking by BRUTE FORCE is...

Trying every possible combination of characters

🗑

Password Cracking by HYBRID is...

A combination of all other attacks

🗑

What is the name of the software tool used to crack a single account on Netware Servers using a dictionary attack?

NWPCrack

🗑

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

The right most portion of the has is always the same

🗑

Several of your coworkers are having a discussion over the etc/passwd file. They are at odds over what types of encryption are used to secure Linux passwords. Linux passwords can be encrypted with ____, ____ and ____.

MD5, DES and Blowfish

🗑

What are the two basic types of attacks?

Passive and Active

🗑

True or False. Sniffing is considered a passive attack?

False

🗑

When discussing passwords, what is considered a brute force attack?

Attempting every single possibility until you exhaust all possible combinations or discover the password

🗑

What are two well known password cracsheets programs?

L0phtcrack and John the Ripper

🗑

True or False. Password cracsheets programs reverse the hashing process to recover passwords?

False

🗑

Name four regional Internet registries

ARIN - American Registry of Internet Numbers RIPE NCC - Europe, the Middle East and part of Central Asia LACNIC - Latin American and Caribbean Internet Addresses Registry APNIC - Asia Pacific Network Information Centre

🗑

What is a tool for performing footprinting undetected?

Whois will not trigger an IDS alert or otherwise be detected by an organization

🗑

What three tools are used for footprinting?

Whois, Sam Spade, and NSlookup are all used to passively gather information about a target. NMAP and SuperScan are host and network scanning tools.

🗑

What is the next immediate step to be performed after footprinting?

According to CEH methodology, scanning occurs after footprinting. Enumeration and system hacking are performed after footprinting. Bypassing an IDS would occur later in the hacking cycle.

🗑

What are good sources of information about a company or its employees?

Newsgroups, job postings, company websites and press releases are all good sources for information gathering.

🗑

How does traceroute work?

Traceroute uses the TTL values to determine how many hops the router is from the sender. Each router decrements the TTL by one under normal conditions.

🗑

What is footprinting?

Footprinting is gathering information about a target organization. Footprinting is not scanning a target network or mapping the physical layout of a target network.

🗑

NSlookup can be used to gather information regarding what?

NSlookup queries a DNS server for DNS records such as hostnames and IP addresses.

🗑

What is a type of social engineering?

Shoulder surfing is considered a type of social engineering.

🗑

What is an example of social engineering?

Calling helpdesk and convincing them to reset a password for a user account is an example of social engineering. Holding open a door and installing a keylogger are examples of physical access intrusions.

🗑

What is the best way to prevent a social engineering attack?

Employee Training and Education is the best way to prevent a social engineering attack.

🗑

Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.

To hide a column, click on the column name.

To hide the entire table, click on the "Hide All" button.

You may also shuffle the rows of the table by clicking on the "Shuffle" button.

Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

Normal Size Small Size show me how

Created by: KarenSealock

Popular Computers sets

Definitions for Word Processing and the main parts of the MS Word 2010 window

WP Page Formatting

WP Paragraph Formatting terms

Review business letter parts

Review the three paragraph formats (block, indented, hanging indent)

WP font formatting features in Word 2010

Arkansas CBA unit 1 Hardware