312-50 Sample Questions Answers

Injecting parameters into a connection string using semicolons as a separator

Inserting malicious Javascript code into input parameters

Setting a user's session identifier (SID) to an explicit known value

Adding multiple parameters with the same name in HTTP requests

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

Modifies directory table entries so that directory entries point to the virus code instead of the actual program

Overwrites the original MBR and only executes the new virus code

Polymorphic virus

Multipart virus

Macro virus

Stealth virus

guidelines and practices for security controls.

financial soundness and business viability metrics.

standard best practice for configuration management.

contract agreement writing standards.

Sarbanes-Oxley Act (SOX)

Gramm-Leach-Bliley Act (GLBA)

Fair and Accurate Credit Transactions Act (FACTA)

Federal Information Security Management Act (FISMA)

Truecrypt

Sub7

Nessus

Clamwin

Penetration testing

Social engineering

Vulnerability scanning

Access control list reviews

Control Objectives for Information and Related Technology (COBIT)

Sarbanes-Oxley Act (SOX)

Health Insurance Portability and Accountability Act (HIPAA)

Payment Card Industry Data Security Standards (PCI DSS)

By implementing written security procedures, enabling employee security training, and promoting the benefits of security

By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees

By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line

By decreasing an employee's vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths

Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.

Employers use informal verbal communication channels to explain employee monitoring activities to employees.

Employers use network surveillance to monitor employee email traffic, network access, and to record employee keystrokes.

Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.

Process

Procedure

Policy

Paradigm

Regulatory compliance

Peer review

Change management

Penetration testing

At least once a year and after any significant upgrade or modification

At least once every three years or after any significant upgrade or modification

At least twice a year or after any significant upgrade or modification

At least once every two years and after any significant upgrade or modification

Man trap

Tailgating

Shoulder surfing

Social engineering

Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security

Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure

Registration of critical penetration testing for the Department of Homeland Security and public and private sectors

Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors

Mandatory

Discretionary

Rule-based

Role-based

coworkers.

executive management.

the security officer.

a supervisor.

Forensic attack

ARP spoofing attack

Social engineering attack

Scanning attack

The consultant will ask for money on the bid because of great work.

The consultant may expose vulnerabilities of other companies.

The company accepting bids will want the same type of format of testing.

The company accepting bids will hire the consultant because of the great work performed.

True negatives

False negatives

True positives

False positives

SHA1

PGP

3DES

MD5

A bottom-up approach

A top-down approach

A senior creation approach

An IT assurance approach

Certificate authority

Validation authority

Registration authority

Verification authority

Legal, performance, audit

Audit, standards based, regulatory

Contractual, regulatory, industry

Legislative, contractual, standards based

Application layers can be separated, allowing each layer to be upgraded independently from other layers.

It is compatible with various databases including Access, Oracle, and SQL.

Data security is tied into each layer and must be updated for all layers when any upgrade is performed.

Application layers can be written in C, ASP.NET, or Delphi without any performance loss.

Timing options to slow the speed that the port scan is conducted

Fingerprinting to identify which operating systems are running on the network

ICMP ping sweep to determine which hosts on the network are not available

Traceroute to control the path of the packets sent during the scan

They provide a repeatable framework.

Anyone can run the command line scripts.

They are available at low cost.

They are subject to government regulation.

Data integrity

Key discovery

Bulk data encryption

Key recovery

Birthday attack

Plaintext attack

Meet in the middle attack

Chosen ciphertext attack

Key registry

Recovery agent

Directory

Key escrow

RC4

RC5

MD4

MD5

SHA-1

MD5

HAVAL

MD4

Poly key exchange

Cross certification

Poly key reference

Cross-site exchange

NMAP -sV

NMAP -oS

NMAP -sR

NMAP -O

if ICMP ping traverses a firewall.

the route that the ICMP ping took.

the location of the switchport in relation to the ICMP ping.

the number of hops an ICMP ping takes to reach a destination.

Extensible Authentication Protocol (EAP)

Point to Point Protocol (PPP)

Point to Point Tunneling Protocol (PPTP)

Layer 2 Tunneling Protocol (L2TP)

Defeating the scanner from detecting any code change at the kernel

Replacing patch system calls with its own version that hides the rootkit (attacker's) actions

Performing common services for the application process and replacing real applications with fake ones

Attaching itself to the master boot record in a hard drive and changing the machine's boot sequence/options

Perl

C++

Python

Java

Cain

John the Ripper

Nikto

Hping

Drops the packet and moves on to the next one

Continues to evaluate the packet until all rules are checked

Stops checking rules, sends an alert, and lets the packet continue

Blocks the connection with the source IP address in the packet

SSL

Mutual authentication

IPSec

Static IP addresses

Netcat will listen on the 10.1.0.43 interface for 1234 seconds on port 2222.

Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234.

Netcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port 2222.

Netcat will listen on port 2222 and then output anything received to local interface 10.1.0.43.

Issue the pivot exploit and set the meterpreter.

Reconfigure the network settings in the meterpreter.

Set the payload to propagate through the meterpreter.

Create a route statement in the meterpreter.

Network tap

Layer 3 switch

Network bridge

Application firewall

USB Grabber

USB Dumper

USB Sniffer

USB Snoopy

Configure the Web Server to deny requests involving "hex encoded" characters

Create rules in IDS to alert on strange Unicode requests

Use SSL authentication on Web Servers

Enable Active Scripts Detection at the firewall and routers

It sends a request packet to all the network elements, asking for the MAC address from a specific IP.

It sends a reply packet to all the network elements, asking for the MAC address from a specific IP.

It sends a reply packet for a specific IP, asking for the MAC address.

It sends a request packet to all the network elements, asking for the domain name from a specific IP.

>host -t a hackeddomain.com

>host -t soa hackeddomain.com

>host -t ns hackeddomain.com

>host -t AXFR hackeddomain.com

This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

This is back orifice activity as the scan comes from port 31337.

The attacker wants to avoid creating a sub-carries connection that is not normally valid.

These packets were crafted by a tool, they were not created by a standard IP stack.

I, II, and III

I

II

I and II

A channel that transfers information within a computer system or network in a way that violates the security policy

A legitimate communication path within a computer system or network for transfer of data

It is a kernel operation that hides boot processes and services to mask detection

It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections

Interview all employees in the company to rule out possible insider threats.

Establish attribution to suspected attackers.

Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.

Start the Wireshark application to start sniffing network traffic.

110

135

139

161

445

1024

Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

Manipulate format strings in text fields

SSH

SYN Flood

Algorithm is not the secret, key is the secret.

Symmetric-key algorithms are a class of algorithms for cryptography that use the different cryptographic keys for both encryption of plaintext and decryption of ciphertext.

Secure Sockets Layer (SSL) use the asymmetric encryption both (public/private key pair) to deliver the shared session key and to achieve a communication way.

Public-key cryptography, also known as asymmetric cryptography, public key is for decrypt, private key is for encrypt.

Birthday

Brute force

Man-in-the-middle

Smurf

Injection

Cross Site Scripting

Cross Site Request Forgery

Path disclosure

Threaten to publish the penetration test results if not paid.

Follow proper legal procedures against the company to request payment.

Tell other customers of the financial problems with payments from this company.

Exploit some of the vulnerabilities found on the company webserver to deface it.

Say nothing and continue with the security testing.

Stop work immediately and contact the authorities.

Delete the pornography, say nothing, and continue security testing.

Bring the discovery to the financial organization's human resource department.

Start by foot printing the network and mapping out a plan of attack.

Ask the employer for authorization to perform the work outside the company.

Begin the reconnaissance phase with passive information gathering and then move into active information gathering.

Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack.

Say no; the friend is not the owner of the account.

Say yes; the friend needs help to gather evidence.

Say yes; do the job for free.

Say no; make sure that the friend knows the risk she’s asking the CEH to take.

Begin security testing.

Turn over deliverables.

Sign a formal contract with non-disclosure.

Assess what the organization is trying to protect.

Ignore the problem completely and let someone else deal with it.

Create a document that will crash the computer when opened and send it to friends.

Find an underground bulletin board and attempt to sell the bug to the highest bidder.

Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

Social engineering

Network traffic sniffing

Man in the middle attacks

Publicly accessible sources

Continue to apply controls until there is zero risk.

Ignore any remaining risk.

If the residual risk is low enough, it can be accepted.

Remove current controls since they are not completely effective.

white box

grey box

red box

black box

Preventative

Detective

Offensive

Defensive

Perform a vulnerability scan of the system.

Determine the impact of enabling the audit feature.

Perform a cost/benefit analysis of the audit feature.

Allocate funds for staffing of audit log review.

Cross-site scripting

Banner grabbing

SQL injection

Whois database query