New EC-Council CEH 312-50v13 Dumps (V8.02) – Prepare for the Certified Ethical Hacker (CEH) v13 Exam with the Latest and Updated 312-50v13 Exam Questions

1. User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email.

At what layer of the OSI layer does the encryption and decryption of the message take place?

2. A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client.

What is a possible source of this problem?

3. You are tasked to perform a penetration test. While you are performing information gathering, you

find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network.

What testing method did you use?

4. If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP.

Which other option could the tester use to get a response from a host using TCP?

5. Which is the first step followed by Vulnerability Scanners for scanning a network?

6. Which of the following programs is usually targeted at Microsoft Office products?

7. A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24.

Which of the following has occurred?

8. Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

9. Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

10. An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.

What is the most likely cause?

11. During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded.

What type of firewall is inspecting outbound traffic?

12. By using a smart card and pin, you are using a two-factor authentication that satisfies

13. “........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on

the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hot-spot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.”

Fill in the blank with appropriate choice.

14. What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

15. Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures.

Which tool can be used to perform session splicing attacks?

16. You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.

What is the best Nmap command you will use?

17. Which of the following is the BEST way to defend against network sniffing?

18. Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?

19. You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL.

What may be the problem?

20. Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

21. Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' URL but actually he/she clicks to the content or URL that exists in the transparent 'iframe' which is setup by the attacker.

What is the name of the attack which is mentioned in the scenario?

22. A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The “ps” command shows that the “nc” file is running as process, and the netstat command shows the “nc” process is listening on a network port.

What kind of vulnerability must be present to make this remote attack possible?

23. Which method of password cracking takes the most time and effort?

24. What does the CoX flag do in an Nmap scan?

25. A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system.

What is the first step that the bank should take before enabling the audit feature?

26. Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments?

27. The collection of potentially actionable, overt, and publicly available information is known as

28. What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

29. The change of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1(100%).

What is the closest approximate cost of this replacement and recovery operation per year?

30. What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?

31. Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

A camera captures people walking and identifies the individuals using Steve’s approach.

After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:

32. What is not a PCI compliance recommendation?

33. What is the minimum number of network connections in a multihomed firewall?

34. Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has taken some measures and implemented the necessary controls. After that, another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%.

Which of the following risk decisions will be the best for the project in terms of its successful continuation with the most business profit?

35. You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet.

What is the recommended architecture in terms of server placement?

36. An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.

When users accessed any page, the applet ran and exploited many machines.

Which one of the following tools the hacker probably used to inject HTML code?

37. Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

38. Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers.

The time a hacker spends performing research to locate this information about a company is known as?

39. Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

40. The “Gray-box testing” methodology enforces what kind of restriction?

41. When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration.

What type of an alert is this?

42. A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing C Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str... corporate network.

What tool should the analyst use to perform a Blackjacking attack?

43. When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP script engine.

What Nmap script will help you with this task?

44. Todd has been asked by the security officer to purchase a counter-based authentication system.

Which of the following best describes this type of system?

45. Which of the following is a low-tech way of gaining unauthorized access to systems?

46. Which system consists of a publicly available set of databases that contain domain name registration contact information?

47. Why is a penetration test considered to be more thorough than vulnerability scan?

48. Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]”.

Which statement below is true?

49. env x=’(){ :;};echo exploit’ bash Cc ‘cat/etc/passwd’

What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

50. Which of the following is assured by the use of a hash?

51. Which results will be returned with the following Google search query? site:target.com C site:Marketing.target.com accounting

52. Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted.

What is the name of the command used by SMTP to transmit email over TLS?

53. In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

54. You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine.

What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

55. What two conditions must a digital signature meet?

56. A company’s security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating.

What sort of security breach is this policy attempting to mitigate?

57. What is correct about digital signatures?

58. An attacker with access to the inside network of a small company launches a successful STP manipulation attack.

What will he do next?

59. You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD.

Which Linux-based tool can change any user’s password or activate disabled Windows accounts?

60. What does a firewall check to prevent particular ports and applications from getting packets into an organization?

61. An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", the user is directed to a phishing site.

Which file does the attacker need to modify?

62. is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.

63. Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization?

64. The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive.

Which of the following is being described?

65. A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems.

What is the best security policy concerning this setup?

66. PGP, SSL, and IKE are all examples of which type of cryptography?

67. Peter is surfing the internet looking for information about DX Company.

Which hacking process is Peter doing?