Certified Ethical Hacker Quiz 4 Welcome to your Certified Ethical Hacker Quiz 4 A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine. Which of the following advanced operators would allow the pen tester to restrict the search to the organization’s web domain?[allinurl:][location:][site:][link:] Bob, an attacker, has managed to access a target IoT device. He employed an online tool to gather information related to the model of the IoT device and the certifications granted to it. Which of the following tools did Bob employ to gather the above information?FCC ID searchGoogle image searchsearch.comEarthExplorer Wilson, a professional hacker, targets an organization for financial benefit and plans to compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the emails of the target and extracts information such as sender identities, mail servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API. Which of the following tools is used by Wilson in the above scenario?FactivaZoomInfoNetcraftInfoga Which of the following commands checks for valid users on an SMTP server?RCPTCHKVRFYEXPN Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations. Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA. In this context, what can you say?Bob can be right since DMZ does not make sense when combined with stateless firewallsBob is partially right. He does not need to separate networks if he can create rules by destination IPs, one by oneBob is totally wrong. DMZ is always relevant when the company has internet servers and workstationsBob is partially right. DMZ does not make sense when a stateless firewall is available CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this: From: jim_miller@companyxyz.com To: michelle_saunders@companyxyz.com Subject: Test message Date: 4/3/2017 14:37 The employee of CompanyXYZ receives your email message. This proves that CompanyXYZ’s email gateway doesn’t prevent what?Email MasqueradingEmail HarvestingEmail PhishingEmail Spoofing Which of the following is a component of a risk assessment?Administrative safeguardsPhysical securityDMZLogical interface Why should the security analyst disable/remove unnecessary ISAPI filters?To defend against social engineering attacksTo defend against webserver attacksTo defend against jailbreakingTo defend against wireless attacks The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520. What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?PublicPrivateSharedRoot An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network’s external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?Protocol analyzerNetwork snifferIntrusion Prevention System (IPS)Vulnerability scanner To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program. What term is commonly used when referring to this type of testing?RandomizingBoundingMutatingFuzzing Which of the following program infects the system boot sector and the executable files at the same time?Polymorphic virusStealth virusMultipartite VirusMacro virus You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ““FTP on the network!””;)A firewall IPTableFTP Server ruleA Router IPTableAn Intrusion Detection System A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?tcp.port = = 21tcp.port = 23tcp.port = = 21 | | tcp.port = =22tcp.port ! = 21 Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students. He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem?Disable unused ports in the switchesSeparate students in a different VLANUse the 802.1x protocolAsk students to use the wireless network DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks?Spanning treeDynamic ARP Inspection (DAI)Port securityLayer 2 Attack Prevention Protocol (LAPP) Which of the following is a command line packet analyzer similar to GUI-based Wireshark?nessustcpdumpetherealjack the ripper Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?Use the built-in Windows Update toolUse a scan tool like NessusCheck MITRE.org for the latest list of CVE findingsCreate a disk image of a clean Windows installation Which of the following describes the characteristics of a Boot Sector Virus?Modifies directory table entries so that directory entries point to the virus code instead of the actual program.Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.Overwrites the original MBR and only executes the new virus code. Which of the following tools can be used for passive OS fingerprinting?nmaptcpdumptracertping What is a “Collision attack” in cryptography?Collision attacks try to get the public keyCollision attacks try to break the hash into three parts to get the plaintext valueCollision attacks try to break the hash into two parts, with the same bytes in each part to get the private keyCollision attacks try to find two inputs producing the same hash Which regulation defines security and privacy controls for Federal information systems and organizations?HIPAAEU Safe HarborPCI-DSSNIST-800-53 Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?LinuxUnixOS XWindows Which of the following Linux commands will resolve a domain name into IP address?>host-t a hackeddomain.com>host-t ns hackeddomain.com>host -t soa hackeddomain.com>host -t AXFR hackeddomain.com What is the purpose of a demilitarized zone on a network?To scan all traffic coming through the DMZ to the internal networkTo only provide direct access to the nodes within the DMZ and protect the network behind itTo provide a place to put the honeypotTo contain the network devices you wish to protect The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. Which of the following options can be useful to ensure the integrity of the data?The CFO can use a hash algorithm in the document once he approved the financial statementsThe CFO can use an excel file with a passwordThe financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same documentThe document can be sent to the accountant using an exclusive USB for that document Which type of security feature stops vehicles from crashing through the doors of a building?BollardsReceptionistMantrapTurnstile The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?ACKSYNRSTSYN-ACK While using your bank’s online servicing you notice the following string in the URL bar: “http://www.MyPersonalBank.com/account?id=368940911028389&Damount=10980&Camount=21” You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes. Which type of vulnerability is present on this site?Cookie TamperingSQL InjectionWeb Parameter TamperingXSS Reflection Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking. What should you do?Confront the client in a respectful manner and ask her about the data.Copy the data to removable media and keep it in case you need it.Ignore the data and continue the assessment until completed as agreed.Immediately stop work and contact the proper legal authorities. Time is Up!