Introduction to Certified Ethical Hacker certification - · PDF fileCertified Ethical Hacker certification ... Chapter 1— Ethical Hacking ... Complete and check Practice Exam Questions

Cleveland Institute of Electronics Bookstore Course

Introduction to Certified Ethical Hacker certification Lessons 1141B through 1150B Enroll Online

For Version 7.1

http://www.ciebookstore.com/products/499-certified-ethical-hacker-ceh.aspx

1

Table of Contents Chat with Your Instructor ................................................................................................... 2

Chapter 1— Ethical Hacking .............................................................................................. 3 Chapter 2— Footprinting and Reconnaissance................................................................... 4

Lesson 1141B Examination ............................................................................................ 5 Chapter 3— Scanning ......................................................................................................... 7 Chapter 4— Enumeration ................................................................................................... 8

Lesson 1142B Examination ............................................................................................ 9 Chapter 5— System Hacking............................................................................................ 11

Lesson 1143B Examination .......................................................................................... 12 Chapter 6— Trojans and Backdoors ................................................................................. 14

Chapter 7— Viruses and Worms ...................................................................................... 15 Lesson 1144B Examination .......................................................................................... 16

Chapter 8— Sniffers ......................................................................................................... 18 Lesson 1145B Examination .......................................................................................... 19

Chapter 9— Social Engineering ....................................................................................... 21 Chapter 10— Denial of Service ........................................................................................ 22

Lesson 1146B Examination .......................................................................................... 23

Chapter 11— Web Servers and Applications ................................................................... 25 Lesson 1147B Examination .......................................................................................... 26

Chapter 12— Hacking Wireless Networks ....................................................................... 28 Lesson 1148B Examination .......................................................................................... 29

Chapter 13— IDS, Firewalls, and Honeypots .................................................................. 31

Chapter 14— Buffer Overflows........................................................................................ 32


Chapter 15— Cryptography .............................................................................................. 35 Chapter 16— Penetration Testing ..................................................................................... 36


2

Chat with Your Instructor

This Study Guide will offer some suggestions about how to cover the material in the

class. One of the things you should know, regardless of the class you are taking, is that

the instructor can’t be the sole repository of information for the class – and neither can

the textbook. Technology simply moves too quickly for that to be a viable option. There

is a whole Internet out there. Chances are, someone, somewhere has encountered

whatever problem you are having and has solved it. And chances are, someone who has

solved your problem has posted the solution on the web. It might not be the exact

solution, but it will get you moving toward solving the problem.

Having said that, the vaguer an assignment is, the more you will learn from it. The author

of the text will walk you through some possible attacks, which will help you to, at the

minimum, harden your systems and inform your users. The tutorial sections sprinkled

throughout the chapters are very much like this. We do not want to inhibit you in any way

if possible; we want you to think what needs to be improved. Of course, there are always

students who need more direction and will need to be dealt with individually.

Nevertheless, this is college. Students need to explore – not be led by the nose step by

step.

This book assumes that you have knowledge of basic computer and network terminology.

It also is not going to make you a hacker, nor is it enough knowledge for a guarantee that

you can sit for the exam. The one thing we want to make perfectly clear is that this course

is designed to introduce, not make proficient. It uses one of the resources prepared by

EC-Council for the exam, but it is not directly associated with them. It is our attempt to

round your knowledge and maybe cause you to want to learn more about the topics

inside.

If you have a technical problem, we recommend the following:

First, check the textbook that accompanies the study guide.

Research some of the information at the appropriate websites (a search using the

key terms may also be helpful.)

Feel free to call the instruction department during business hours (8:30 AM to 6

PM Eastern time), Monday through Friday, and Saturday during the weekend

hours (8:30 AM to 5 PM Eastern time). Be prepared to describe which lesson you

are working on and the problem you are having.

Instructional Support Addresses and Phone Numbers

Main Support Help Line: (800) 243-6446 or (216) 781-9400

E-mail address: [email protected]

Instructional Support is available business hours (Eastern time) Monday through

Saturday.

Mailing address: Cleveland Institute of Electronics

1776 East 17th

Street

Cleveland, OH 44114

mailto:[email protected]

3

Chapter 1— Ethical Hacking

Overview

The first chapter of a broad ranging information security course is always about setting the tone, and

establishing the fundamentals such as vocabulary, context, and most of all, why this information is

important. It also discusses some of the basic legal issues and moral dilemmas that security researchers face

as they practice in this profession.

Objectives

Understand the issues plaguing the information security world

Gain knowledge on various hacking terminologies

Learn the basic elements of information security

To be successful in this lesson:

Read Chapter 1

Read Study Guide for Lesson 1141B

Study the Key Terms (italicized throughout the chapter)

Complete and check Practice Exam Questions on pages 251 through 253

(Answers on pages 298 & 299)

If you have the resources available to you please complete the “Try It Out” activities

throughout the chapter for it will benefit your learning potential. Once you have

completed the next chapter and the exam continue to the next lesson.

4

Chapter 2— Footprinting and Reconnaissance

Overview

The first step of any attack is reconnaissance and information gathering. This chapter goes beyond the

obvious and provides a checklist of ways to learn as much as possible about a target. Using both passive

and active techniques, this is the most important step of the attack process.

Objectives

Understand the term Footprinting

Learn the areas and information that hackers seek

Gain knowledge on information gathering tools and methodology


Read Chapter 2







completed the exam, continue to the next lesson.

5

Lesson 1141B Examination

Please complete the following exam. You may use the electronic grading system for quicker

response. Simply log on to www.study-electronics.com and enter your credentials. Once the exam

has been submitted, your results will be returned within 72 hours. You may also e-mail your

answers to [email protected], or fax them to us at 1-216-781-0331. If you have any questions,

please contact the Instruction Department.

1. This vulnerability test is ordered when the client wants the most realistic type of test possible.

(1) Red Hat test (3) Grey Hat test

(2) Black Hat test (4) White Hat test

2. When considering the types of attack listed below, which would be considered the most

dangerous?

(1) Malicious code attacks (3) Social Engineering attacks

(2) Application level attacks (4) Network-based attacks

3. The best attacks often exploit known bugs or flaws.

(1) True (2) False

4. Which term best describes students enrolled in an Ethical Hacker class?

(1) Black Hat (3) White Hat

(2) Grey Hat (4) None of these

5. Which of these choices would NOT be considered an attack?

(1) Violating the terms of a warning banner

(2) Intentionally gaining unauthorized access

(3) Compromising a weak password to gain access

(4) All of these are attacks

6. Which of these choices is the least important during the footprinting stage?

(1) Creative Internet searches

(2) Basic Internet searches

(3) Determine what discoveries are important

(4) Learn as much about the target as possible

7. This field increments by one each time the zone is updated.

(1) Refresh Rate (3) Serial Number

(2) Retry Timer (4) Expiry Timer

8. This is how long the secondary server will wait until before considering a zone to be dead.

(1) Refresh Rate (3) Serial Number

(2) Retry Timer (4) Expiry Timer

6

9. This Google hacking technique looks for potential numerical patterns within a query in order

to guess at files in locations that are not indexed.

(1) Find directory listings (3) Directory services

(2) Incremental substitution (4) Extension renaming

10. TOE is the acronym for ____.

(1) Trail of Evidence (3) Terms of Exchange

(2) Target of Ease (4) Target of Evaluation

END OF EXAMINATION

7

Chapter 3— Scanning

Overview

Once the attacker knows the outside addresses and, if possible, the inside topology, the network must be

footprinted and all operating systems and services identified and verified. This is a difficult step, as

defenses such as traffic filters and intrusion response systems will affect the attacker’s view of the network

and opportunities for attack.

Technical knowledge of scanning techniques, the protocols involved and why the network looks different

to an attacker than it does to an designer, engineer, or administrator are covered in this chapter.

Objectives

Understand the term port scanning, network scanning and vulnerability scanning

Understand the objectives of scanning

Understand banner grabbing using OS fingerprinting, Active Stack Fingerprinting, Passive

Fingerprinting and other techniques and tools


Read Chapter 3








8

Chapter 4— Enumeration

Overview

Once the attacker knows the outside addresses and, if possible, the inside topology, the network must be

The attacker is getting eager to start doing some damage, but the disciplined ones know there is still some

work to be done. The live hosts, access points, and roles each host has needs to be understood better. The

enumeration chapter is about user accounts and logical topologies. In order to develop a real strategy, the

attacker must know what is happening above Layer 4.

Objectives

Learn the system hacking cycle

Understand Enumeration and its techniques

Understand null sessions and its countermeasures


Read Chapter 4








9


Please complete the following exam. You may use the electronic grading system for quicker

response. Simply log on to www.study-electronics.com and enter your credentials. Once the exam

has been submitted, your results will be returned within 72 hours. You may also e-mail your

answers to [email protected], or fax them to us at 1-216-781-0331. If you have any questions,

please contact the Instruction Department.

1. A TCP session is established when two hosts complete a handshake, but two other fields are

also included in in keeping the session organized. Those two fields are ____ and ____.

(1) Target port number (5) Both 1 and 2

(2) Acknowledgement number (6) Both 1 and 3

(3) Synchronization number (7) Both 2 and 4

(4) Sequence number (8) Both 2 and 3

2. Using inverse scanning methods, Microsoft Windows hosts will respond with this flag when

confusing traffic is received on an open port.

(1) SYN (4) URG

(2) ACK (5) PSH

(3) FIN (6) RST

3. This message type is sent out on the internal local network segment to discover responders.

(1) Maintenance (3) Sequenced

(2) Broadcast (4) Ping

4. Echo requests are sent out during an ICMP scan; at the same time echo replies are

anticipated. Which type and code represents an Echo reply?

(1) Type 0 code 8 (3) Type 8 code 0

(2) Type 0 code 0 (4) Type 8 code 8

5. The protocol responsible for translating the logical network address into the physical address

is ____.

(1) ARP (3) MAC

(2) RFC (4) ICMP

6. Using LDAP, this identifies a user object uniquely.

(1) UIN (3) DUN

(2) OID (4) DN

7. Which value is the most restrictive when considering the three possible values for the

RestrictAnonymous key?

(1) 1 (3) 3

(2) 2 (4) 0

10

8. Which port will be used when running SMB over TCP/IP on a PC running a Microsoft OS

when NetBT is disabled?

(1) 445 (3) 139

(2) 389 (4) 111

9. In an attack using SNMP for enumeration, the highest level objective would be to access the

____.

(1) NMS (3) OID

(2) MIB (4) All are correct

10. Which of these could be used to administer LDAP?

(1) MMC (3) Ldap.exe

(2) Jxplorer (4) All could be used

END OF EXAMINATION

11

Chapter 5— System Hacking

Overview

Finally, the target is well enough understood to begin the gaining access and mainlining access phases.

Perhaps a privileged user account can be compromised. Maybe economic espionage is possible. The

attacker may have noticed unpatched systems exist that can be attacked from commonly available exploit

tools. This chapter explores these vectors in detail.

Objectives

Understand the different types of passwords

Identify the different types of password attacks

Identify password cracking techniques as well as countermeasures


Read Chapter 3








12


Please complete the following exam. You may use the electronic grading system for

quicker response. Simply log on to www.study-electronics.com and enter your

credentials. Once the exam has been submitted, your results will be returned within 72

hours. You may also e-mail your answers to [email protected], or fax them to us at 1-

216-781-0331. If you have any questions, please contact the Instruction Department.

1. Which of these identifies the practice of hiding information inside other information in a

manner usually undetected by eye?

(1) $Data stream (3) Encryption

(2) Steganography (4) ADS

2. Rootkits provide root privileges automatically.

(1) True (2) False

3. Which of these is considered a passive type of attack?

(1) Password sniffing (4) Session Hijacking

(2) Password guessing (5) Document shredding

(3) Replay

4. An attack that substitutes predetermined characters such as S with alternates such as $ using

regular expressions is known as a(n) ____ attack.

(1) Syllable (3) Rule-based

(2) Brute force (4) Hybrid

5. The most effective way of exploiting the primary weakness of the hashing algorithm in

passwords stored as hashes is ____.

(1) Hash reversal (3) Collision

(2) Substitution (4) None of these is effective

6. This data protection type is considered the easiest way to implement and manage.

(1) Smart Cards (3) Keys

(2) Passwords (4) USB keys

7. Which of these is not one of the three different types of privilege escalation?

(1) Horizontal (3) De-escalation

(2) Vertical (4) SIUD

8. Which of these is considered the most efficient and effective active online attack?

(1) Replay (3) Password sniffing

(2) Password guessing (4) Man-in-the-Middle

9. Which of these implementations uses the MD5 hashing algorithm?

(1) Kerberos (3) LM

(2) NTLMv2 (4) All of them use it

13

10. Which location would not store passwords on a Windows host?

(1) Shadow file (3) Repair file

(2) SAM file (4) The registry

END OF EXAMINATION

14

Chapter 6— Trojans and Backdoors

Overview

If it is hard to attack the target directly, maybe the target will come to the attacker. This chapter builds on

the system hacking chapter and shows how techniques can be combined together to gain and maintain

access to systems. The chapter explores one of the oldest yet still very much relevant daily security

concerns.

Objectives

Define a Trojan

Identify overt and covert channels

Learn windows start up monitoring tools


Read Chapter 6








15

Chapter 7— Viruses and Worms

Overview

If hosts that are of value to the attacker cannot be precisely targeted, the strategy may turn to attacking as

many as possible, in the shortest amount of time, to the greatest effect. If one piece of code can be written

that will then do all the work for the attacker, all the better. Knowing there are others in the world that will

capture your code, create a variant, and sent it back out may amplify the results. This chapter explores a

category of automated, self-powered attacks.

Objectives

Understand the computer virus and its history

Understand how does a computer get infected by viruses

Understand the difference between a virus and a worm


Read Chapter 7








16







1. Programs that perform operations like opening the CD tray, changing the desktop image or

the screen resolution are considered this type of tool.

(1) Lamer (3) Bot

(2) Desktop control (4) Reverse shell

2. Which of these is not a CEH recognized category of malicious programs?

(1) Viruses (3) Malware

(2) Worms (4) Trojans and rootkits

3. This freeware tool is included in Windows to control and manage startup.

(1) Winpatrol (3) Msconfig

(2) Hijack This (4) Autoruns

4. A program that appears to perform desirable and necessary functions but performs other

functions that are not known or needed are known as ____.

(1) Rootkit (3) Backdoor

(2) Malicious software (4) Trojan

5. Installs an illicit server on the victim and then accesses from a client.

(1) Remote Access Trojan (3) Data Sending Trojan

(2) Denial of Service Trojan (4) FTP Trojan

6. A type of social engineering attack that is designed to waste the time of victims and consume

network bandwidth when these users e-mail news of the threat is called a ____.

(1) Network virus (3) Hoax

(2) Stealth virus (4) MBR virus

7. This statement represents a worm more than a virus.

(1) Difficult to remove without damaging the system

(2) Executes itself and can include its own spreader

(3) Requires a user initiated event to spread and needs a carrier

(4) Typically effects executable files; can hide in media files

8. This was the first working virus found in the wild.

(1) Elk Clone (3) Creeper

(2) Reaper (4) Wabbit

17

9. The ____ hides from the antivirus software and copies itself to a temporary location, leaving

infected files to be clean when scanned.



10. The ____ overwrites the instructions at the disk location Cylinder 0, Head 0, Sector 1 and

then copies itself into RAM and onto other disks.



END OF EXAMINATION

18

Chapter 8— Sniffers

Overview

Observing traffic is a piece of the puzzle between all of the techniques explored so far. It can be used for

information gathering, compromising sensitive data, or as a step in a sophisticated control technique. On

the defensive side, sniffing is a powerful troubleshooting, analysis, and testing technique. This chapter

shows how to make the rest of the information in this course observable to the most detailed level. It shows

how the importance of understanding the higher-level concepts such as protocols and the expected events

of a technique can lead the way to both more efficient attacks and more efficient countermeasures.

Objectives

Understand sniffing and protocols vulnerable to it

Understand Address Resolution Protocol (ARP)

Understand what is Session Hijacking

Spoofing vs. Hijacking


Read Chapter 8








19







1. A promiscuous mode driver tells the NIC to ignore this much of the first bits of the Layer 2

frame header.

(1) 12 (3) 48

(2) 24 (4) 56

2. Which of these is considered a passive sniffing technique?

(1) Mac duplicating (3) Arp poisoning

(2) MAC flooding (4) None of these

3. Protocol tracers are also called ____.

(1) Sniffers (3) Sharks

(2) Tracers (4) Filters

4. The technique that uses gratuitous ARP to distribute spoofed information is ____.



5. Using the information a switch stores regarding network connectivity, it is possible to send

sufficient traffic to force the switch into fail safe or hub mode. The name of this process is

____.



6. This is a security method that tests the ability of the human eye to interpret an image of a

deliberately distorted word.

(1) Captchas (3) Gotchas

(2) Backatchas (4) Fuzzies

7. Which of these is not one of the three server supported authentication methods?

(1) Application (3) Disk

(2) Basic (4) Volume

8. This protocol implementation supports “state.”

(1) HTTP1.0 (3) HTTP2.0

(2) HTTP1.1 (4) All support “state”

20

9. Protection imposed by an application can be circumvented by modifying either the source

code or the URL for the page and then reloading or resubmitting it.

(1) True (2) False

10. The attack called ____ was originally known as CSS.

(1) CSX (3) CXS

(2) CMS (4) XSS

END OF EXAMINATION

21

Chapter 9— Social Engineering

Overview

The greatest weakness of any network will be the human element and the most cost effective

countermeasure is training. This chapter shows how humans can be deceived, misinformed or led to bad

judgment. They can also simply be taken advantage of even if they are not doing anything wrong. Without

proper and continuous training, awareness fades quickly and attackers can sense this over time and be

attracted to these vulnerable targets.

Objectives

Understand Social Engineering

Identify the different types of social engineering

Gain insights on Social Engineering threats and defense


Read Chapter 9








22

Chapter 10— Denial of Service

Overview

Sometimes the objective of an attack is to embarrass the target. Reputation is perhaps the most valuable

asset to any organization. Since “non- techies” don’t understand the concept of DoS or DDoS attacks, it is

easy to create a sense that a network is not trustworthy simply by making its services inaccessible. There

are other reasons for these attacks as well; it might be as simple as an attacker or virus author testing out or

proving a theory. This chapter looks at how Denial of Service attacks are set up and how botnets that were

possibly setup by worm droppings or socially engineered installations of malware can coordinate in a large

scale event.

Objectives

Understand a Denial of Service Attack

Gain insights on Distributed Denial of Service Attacks

Assess DoS/DDoS Attack Tools


Read Chapter 10








23







1. This type of attack accounts for close to 70% of the socially engineered attack, according to

some surveys.

(1) Social proof (3) Inside jobs

(2) Reverse social engineering (4) None of these

2. This is considered to be the most difficult attack type to execute.

(1) Social proof (3) Inside jobs

(2) Reverse social engineering (4) None of these

3. The act of gaining sensitive information on a particular company by sifting through the trash

is called ____.

(1) Dumpster diving (3) Rectangular research

(2) Trash tossing (4) All of these are used

4. This is widely considered the weakest link in network security.

(1) WAPs (3) Honeypots

(2) Media files (4) Users

5. Which of these would be considered social engineering of physical controls?

(1) Piggybacking (3) Tailgating

(2) Shoulder surfing (4) All of them

6. A DDoS attack is limited to three levels of hierarchical control.

(1) True (2) False

7. Which of these would be considered an IP fragmentation DoS attack tool for use with

Windows 2000 and earlier hosts?

(1) Land (3) Joltz

(2) Targa (4) Bubonic.c

8. This DoS tool sends SYN traffic to the host, spoofing the target itself as the source.

(1) Land (3) Joltz

(2) Targa (4) Bubonic.c

24

9. What is the result if the computer does not have specific instructions on how to deal with a

specific input?

(1) Kernel panic

(2) Buffer overflow

(3) All of the above

10. This worm infected 90% of its targets following the first ten minutes of its launch.

(1) Slammer (3) Stacheldraht

(2) MyDoom (4) Melissa

END OF EXAMINATION

25

Chapter 11— Web Servers and Applications

Overview

Web applications are a distinctly difference risk because their owner wants them to be as accessible as

possible, unlike internal systems which can be more tightly controlled. This chapter discusses the different

levels of exposure: from n-tiered models to platform architecture, as well as the principles behind the most

common attacks that take place every day against these systems.

Objectives

Understand why Web Servers are compromised

Understand Web Application Hacking Methodology

Examine SQL Injection Attacks


Read Chapter 11








26







1. The attack of SSLMiTM is initiated by ____.

(1) Banner grabbing (3) Drive by

(2) Social engineering (4) Worm

2. A directory transversal attack is only effective on Windows servers.

(1) True (2) False

3. The weakness in the ____ Windows service is what the Sasser worm exploits.

(1) LSA (3) ISAPI

(2) SSA (4) All are correct

4. Which of these can be used to scan an entire website after downloading it?

(1) Black widow (3) Wayback machine

(2) Wget (4) All of them

5. Used for the purpose of determining the web server and operating system versions, the ____

is initiated in the discovery phase of an attack.

(1) Password guessing (3) Cookie stealing

(2) Banner grabbing (4) Abusing the robot.txt file

6. Allowing HTTP requests to be sent and the response to be passed directly to the scripting

object on the client’s page through the use of the XMLHTTPRequest API is done by the ____

suite of protocols.

(1) SQL (3) AJAX

(2) XML (4) HTTP

7. At which layer does the code get processed in the visitor’s browser when describing the

layers at which web applications work?

(1) Presentation (3) Logic

(2) Application (4) Database

8. This is a server-side language.

(1) CSS (3) HTML

(2) JavaScript (4) PERL

27

9. Which statements will be processed first when a web server is presented with a SQL script

containing statements in nested quotes?

(1) Outermost (3) First occurrence

(2) Innermost (4) Last occurrence

10. The most recognized server-side technology is HTML.

(1) True (2) False

END OF EXAMINATION

28

Chapter 12— Hacking Wireless Networks

Overview

Wireless networks are cheap and easy to install. They are also a return to the days of hubs, only worse

because the signal can’t be completely controlled like bounded media can. Wireless represents an

opportunity for the attacker to access the network itself, from there all other attacks discussed in CEH are

possible and essentially the same.

Objectives

Understand Wireless Networks

Identify types of Wireless Encryption

Discuss Wireless Threats


Read Chapter 12





If you have the resources available to you please complete the activities at the end of the

chapter for it will benefit your learning potential. Once you have completed the exam

continue to the next lesson.

29







1. This wireless technology is the slowest of the listed types.

(1) 802.11a (3) 802.11g

(2) 802.11b (4) 802.11n

2. Conversely, this wireless technology is the fastest of the listed types.

(1) 802.11a (3) 802.11g

(2) 802.11b (4) 802.11n

3. This wireless network operates in the 5GHz band,

(1) 802.11a (3) 802.11g

(2) 802.11b (4) 802.11n

4. Wireless NICs can be set into promiscuous mode using universal drivers that are widely

available on the Internet.

(1) True (2) False

5. A wireless network’s architecture is most closely related to the ____ architecture.

(1) Star-wired (3) Ring

(2) Baseband (4) None of these are correct

6. The network is considered ____ when a wireless network’s beacon frame does not broadcast

the beacon frame periodically.

(1) Closed (3) Shared

(2) Open (4) On demand

7. This type of antenna uses an array of dipole elements to more precisely control the direction

of the signal.

(1) Yeti (3) Yagi

(2) Yoda (4) Yogi

8. Microwaves can be disruptive to WiFi signals.

(1) True (2) False

9. The term for a condition when a WAP has been configured to allow administrative access

from the wireless interface is ____.

(1) Warwalking (3) Warchalking

(2) Warkitting (4) Wardriving

30

10. Cordless telephones cannot be used to jam or disrupt WiFi signals.

(1) True (2) False

END OF EXAMINATION

31

Chapter 13— IDS, Firewalls, and Honeypots

Overview

This chapter seems to be about defense and countermeasures at first, but since this is an attack class the

idea it really to understand them well enough to detect them, avoid them, and a confuse them. Snort and

IPTables are looked at because they are always present in Hacker’s favorite operating systems; the ones

that are free.

Objectives

Understand IDS, Firewall and Honeypot System

Learn Ways to Detect an Intrusion

Understand Evading Firewall


Read Chapter 13




(Answers on pages 311 through 313)




32

Chapter 14— Buffer Overflows

Overview

This chapter takes a step back to look at the principles behind one of the most dangerous and consistently

occurring vulnerabilities in software. It is one of the reasons much of the attacks explored in previous

chapters are successful. The explanation approaches the topic not with an assumption the reader has a

programming background, but from a perspective that anyone with some experience in IT can get the hang

of. This area of attack is a specialty on its own that takes years of concentrated effort to master, but

everyone needs to at least grasp the basics.

Objectives

Understand Buffer Overflows (BoF)

Understand Stack Operations

Learn how to identify Buffer Overflows


Read Chapter 14








33







1. This identifies a technique for configuring an IDS that looks for events that are unusual based

upon its knowledge of normal traffic.

(1) Signature recognition (3) Anomaly detection

(2) Statistical detection (4) File integrity check

2. A firewall fingerprinting technique that uses Telnet to attempt access on any discovered port.

(1) Traceroute (3) Port scanning

(2) Firewalking (4) Banner grabbing

3. This choice identifies the task of configuring an IDS to look for a recognizable series of bytes

or characters in a packet.

(1) Signature recognition (3) Port scanning

(2) Statistical detection (4) Banner grabbing

4. A Linux command line tool that allows the attacker to fragment packets to a predetermined

size, which generates excessive traffic for an IDS to check in the hopes it will overlook

something.

(1) Packetizer (3) Packet shaper

(2) Fragrouter (4) Fragroute

5. A type of firewall that checks each packet one at a time, a system that is both cost effective

and very efficient.

(1) Packet filters (3) Application level firewall

(2) Circuit level gateways (4) Stateful inspection firewall

6. This would indicate system identification of “clean input.”

(1) Input does not exceed memory allocation

(2) Input meets expected criteria

(3) Special characters are ignored

(4) All are will indicate “clean input”

7. This indicates the last four bytes in a variable space used by programmers to detect buffer

overflow attempts.

(1) 0x90 exploit (3) NOP sled

(2) IDS signature (4) Canary bytes

34

8. This is the Linux command line tool for disassembling code.

(1) cgc (3) gbd

(2) gcc (4) gdb

9. This is the classic tool for compiling in Linux.

(1) cgc (3) gbd

(2) gcc (4) gdb

10. This uses Boolean logic to return differences and ignore sameness.

(1) AND (3) NOT

(2) OR (4) XOR

END OF EXAMINATION

35

Chapter 15— Cryptography

Overview

This chapter lays out the fundamentals of cryptography that every security professional should know. It ties

in with many other topics in this course, on both attack and defensive fronts.

Objectives

Understand Cryptography

Understand Ciphers

Identify Cryptography Tools


Read Chapter 15








36

Chapter 16— Penetration Testing

Overview

Applying your CEH skills in a defensive manner will likely involve performing a penetration test. There

many types that can be ordered by the client depending upon need and objective. The next class in the

track, ECSA/ LPT, addresses this topic in detail. This chapter provides a preview of that course and for

those that stop at CEH this is the minimum that you should know before introducing your hacking skills

into a professional situation.

Objectives

Understand Penetration Testing (PT)

Identify Security Assessments

Identify various Penetration testing tools


Read Chapter 16







completed the exam, you might want to fill out the form for your certificate and send it

in.

37







1. This algorithm is used when the keys are related but do not reveal each other.

(1) Asymmetric (3) Hashing

(2) Symmetric (4) All are used

2. This does not use the PAIN model, which is considered by many to be one of the easiest ways

to summarize the most important concepts of cryptography.

(1) Privacy (3) Authenticity

(2) Accuracy (4) Integrity

3. This is considered to be the most powerful attack type of the ones listed.

(1) Known plain text (3) Cipher text only

(2) Chosen cipher text (4) Chosen plain text

4. This type means it is has a shared key and a secret key.

(1) Symmetric

(2) Asymmetric

(3) Hashing

5. This type means it is a public key.

(1) Symmetric

(2) Asymmetric

(3) Hashing

6. This type means it is a one-way key.

(1) Symmetric

(2) Asymmetric

(3) Hashing

7. This would define the immediate action, outlined in the initial documentation surrounding a

penetration test that would be taken when a risk is discovered which cannot wait until the end

of the test.

(1) Get out of jail free card (3) Project scope

(2) Rules of engagement (4) None of these

38

8. When designing the test from a high level view, this would provide the start and end dates of

the test along with the people involved in the initial documentation surrounding a penetration

test.



9. This is a valid reason to perform penetration testing.

(1) Compliance (3) Test incident responses plans

(2) Verification of false positive (4) All of these are reasons

10. This would be outlined in the initial documentation surrounding a penetration test as to what

would occur when a tester is caught.



END OF EXAMINATION

Documents

Introduction to Certified Ethical Hacker certification - · PDF fileCertified Ethical Hacker certification ... Chapter 1— Ethical Hacking ... Complete and check Practice Exam Questions