Exam 5: ECCouncil Computer Hacking Forensic Investigator

A) transfers information over, within a computer system, or network that is outside of the security policy.
B) transfers information over, within a computer system, or network that is within the security policy.
C) transfers information via a communication path within a computer system, or network for transfer of data.
D) transfers information over, within a computer system, or network that is encrypted.

A) Perform a vulnerability scan of the system.
B) Determine the impact of enabling the audit feature.
C) Perform a cost/benefit analysis of the audit feature.
D) Allocate funds for staffing of audit log review.

A) Preventative
B) Detective
C) Offensive
D) Defensive

A) Information reporting
B) Vulnerability assessment
C) Active information gathering
D) Passive information gathering

A) Continue to apply controls until there is zero risk.
B) Ignore any remaining risk.
C) If the residual risk is low enough, it can be accepted.
D) Remove current controls since they are not completely effective.

A) Smart card authentication
B) Security policy
C) Audit trail
D) Continuity of operations plan

A) Cross-site scripting
B) SQL injection
C) Missing patches
D) CRLF injection

A) Unauthenticated access
B) Weak SSL version
C) Cleartext login
D) Web portal data leak

A) Management buy-in
B) Threat statement
C) Security architecture
D) Impact analysis

A) Usernames
B) File permissions
C) Firewall rulesets
D) Passwords

A) Mandatory
B) Discretionary
C) Rule-based
D) Role-based

A) Security tokens
B) Heating and air conditioning
C) Smoke and fire alarms
D) Corporate security policy

A) Sc query type= running
B) Sc query \\servername
C) Sc query
D) Sc config

A) Permit  217.77.88.0/24  11.12.13.0/24   RDP 3389
B) Permit  217.77.88.12    11.12.13.50     RDP 3389
C) Permit  217.77.88.12    11.12.13.0/24   RDP 3389
D) Permit  217.77.88.0/24  11.12.13.50     RDP 3389

A) limited to those functions required to do the job.
B) given root or administrative privileges.
C) trusted to keep all data and access to that data under their sole control.
D) given privileges equal to everyone else in the department.

A) Layer 5 - Application
B) Layer 4 - TCP
C) Layer 3 - Internet protocol
D) Layer 2 - Data link

A) Reject the risk.
B) Deny the risk.
C) Mitigate the risk.
D) Initiate the risk.

A) Results matching all words in the query
B) Results matching "accounting" in domain target.com but not on the site Marketing.target.com
C) Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting
D) Results for matches on target.com and Marketing.target.com that include the word "accounting"

A) Packet filtering firewall
B) Application-level firewall
C) Circuit-level gateway firewall
D) Stateful multilayer inspection firewall

A) Man-in-the-middle attack
B) Brute-force attack
C) Dictionary attack
D) Session hijacking

A) Validate web content input for query strings.
B) Validate web content input with scanning tools.
C) Validate web content input for type, length, and range.
D) Validate web content input for extraneous queries.

A) Vulnerability assessment
B) Penetration testing
C) Risk assessment
D) Security auditing

A) Firewall-management policy
B) Acceptable-use policy
C) Remote-access policy
D) Permissive policy

A) Heat
B) Corrosion
C) Static electricity
D) Airborne contamination

A) DSA
B) PKI
C) RSA
D) 3DES

A) Metasploit scripting engine
B) Nessus scripting engine
C) NMAP scripting engine
D) SAINT scripting engine

A) Microsoft Security Baseline Analyzer
B) Retina
C) Core Impact
D) Microsoft Baseline Security Analyzer

A) False positive
B) False negative
C) True positve
D) True negative

A) telnet webserverAddress 80 HEAD / HTTP/1.0
B) PUT / HTTP/1.0
C) HEAD / HTTP/2.0
D) PUT / HTTP/2.0

A) The digital representation of the biometric might not be unique, even if the physical characteristic is unique.
B) Authentication using a stored biometric compares a copy to a copy instead of the original to a copy.
C) A stored biometric is no longer "something you are" and instead becomes "something you have".
D) A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.

A) Collision resistance
B) Bit length
C) Key strength
D) Entropy

A) Man trap
B) Tailgating
C) Shoulder surfing
D) Social engineering

A) A bottom-up approach
B) A top-down approach
C) A senior creation approach
D) An IT assurance approach

A) Blue Book
B) ISO 26029
C) Common Criteria
D) The Wassenaar Agreement

A) The consultant will ask for money on the bid because of great work.
B) The consultant may expose vulnerabilities of other companies.
C) The company accepting bids will want the same type of format of testing.
D) The company accepting bids will hire the consultant because of the great work performed.

A) Forensic attack
B) ARP spoofing attack
C) Social engineering attack
D) Scanning attack

A) Facial recognition scan
B) Retinal scan
C) Iris scan
D) Signature kinetics scan

A) The tester must capture the WPA2 authentication handshake and then crack it.
B) The tester must use the tool inSSIDer to crack it using the ESSID of the network.
C) The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard.
D) The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key.

A) Omnidirectional
B) Parabolic
C) Uni-directional
D) Bi-directional

A) True negatives
B) False negatives
C) True positives
D) False positives

A) The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host.
B) The lack of response from ports 21 and 22 indicate that those services are not running on the destination server.
C) The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall.
D) The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error.

A) SHA1
B) PGP
C) 3DES
D) MD5

A) Locate type=ns
B) Request type=ns
C) Set type=ns
D) Transfer type=ns

A) Gate
B) Fence
C) Bollard
D) Reinforced rebar

A) Host
B) Stateful
C) Stateless
D) Application

A) Netsh firewall show config
B) WMIC firewall show config
C) Net firewall show config
D) Ipconfig firewall show config

A) Packet filter
B) Stateful inspection
C) Circuit-level gateway
D) Application-level gateway

A) Port scanning
B) Banner grabbing
C) Injecting arbitrary data
D) Analyzing service response

A) Set a BIOS password.
B) Encrypt the data on the hard drive.
C) Use a strong logon password to the operating system.
D) Back up everything on the laptop and store the backup in a safe place.

A) Using the Metasploit psexec module setting the SA / Admin credential
B) Invoking the stored procedure xp_shell to spawn a Windows command shell
C) Invoking the stored procedure cmd_shell to spawn a Windows command shell
D) Invoking the stored procedure xp_cmdshell to spawn a Windows command shell

A) -OS
B) -sO
C) -sP
D) -O

A) Physical
B) Procedural
C) Technical
D) Compliance

A) The victim user must open the malicious link with an Internet Explorer prior to version 8.
B) The session cookies generated by the application do not have the HttpOnly flag set.
C) The victim user must open the malicious link with a Firefox prior to version 3.
D) The web application should not use random tokens.

A) Ciphertext-only attack
B) Chosen key attack
C) Rubber hose attack
D) Rainbow table attack

A) a bypass regulator.
B) steganography.
C) a covert channel.
D) asymmetric routing.

A) The request to the web server is not visible to the administrator of the vulnerable application.
B) The attack is called "Blind" because, although the application properly filters user input, it is still vulnerable to code injection.
C) The successful attack does not show an error message to the administrator of the affected application.
D) The vulnerable application does not display errors with information about the injection results to the attacker.

A) Design
B) Requirements
C) Verification
D) Implementation

A) Segregation of duties
B) Undue influence
C) Lack of experience
D) Inadequate disaster recovery plan

A) 00101000 11101110
B) 11010111 00010001
C) 00001101 10100100
D) 11110010 01011011

A) NetStumbler
B) John the Ripper
C) Nessus
D) Netcat

A) UDP 123
B) UDP 541
C) UDP 514
D) UDP 415

A) nessus +
B) nessus *s
C) nessus &
D) nessus -d

A) Patch systems regularly and upgrade interactive login privileges at the system administrator level.
B) Run administrator and applications on least privileges and use a content registry for tracking.
C) Run services with least privileged accounts and implement multi-factor authentication and authorization.
D) Review user roles and administrator privileges for maximum utilization of automation services.

A) Semicolon
B) Single quote
C) Exclamation mark
D) Double quote

A) Perl
B) C++
C) Python
D) Java

A) DataThief
B) NetCat
C) Cain and Abel
D) SQLInjector

A) Extensible Authentication Protocol (EAP)
B) Point to Point Protocol (PPP)
C) Point to Point Tunneling Protocol (PPTP)
D) Layer 2 Tunneling Protocol (L2TP)

A) tcp.src == 25 and ip.host == 192.168.0.125
B) host 192.168.0.125:25
C) port 25 and host 192.168.0.125
D) tcp.port == 25 and ip.host == 192.168.0.125

A) Network tap
B) Layer 3 switch
C) Network bridge
D) Application firewall

A) Tracking version changes of source code
B) Checking creation dates on all webpages on a server
C) Resetting the administrator password on multiple systems
D) Troubleshooting communication resets between two systems

A) Defeating the scanner from detecting any code change at the kernel
B) Replacing patch system calls with its own version that hides the rootkit (attacker's) actions
C) Performing common services for the application process and replacing real applications with fake ones
D) Attaching itself to the master boot record in a hard drive and changing the machine's boot sequence/options

A) NMAP
B) Metasploit
C) Nessus
D) BeEF

A) MD5
B) PGP
C) DES
D) ROT13

A) Boot Sector
B) Deleted Files
C) Windows Process List
D) Password Protected Files

A) tcp-over-dns
B) kismet
C) nikto
D) hping

A) Sniffer, Packet Logger, and Network Intrusion Detection System
B) Sniffer, Network Intrusion Detection System, and Host Intrusion Detection System
C) Sniffer, Host Intrusion Prevention System, and Network Intrusion Prevention System
D) Sniffer, Packet Logger, and Host Intrusion Prevention System

A) Netcat will listen on the 10.1.0.43 interface for 1234 seconds on port 2222.
B) Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234.
C) Netcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port 2222.
D) Netcat will listen on port 2222 and then output anything received to local interface 10.1.0.43.

A) Issue the pivot exploit and set the meterpreter.
B) Reconfigure the network settings in the meterpreter.
C) Set the payload to propagate through the meterpreter.
D) Create a route statement in the meterpreter.

A) Cupp
B) Nessus
C) Cain and Abel
D) John The Ripper Pro