Ethical Hacking - C701 Kaplan Practice
Test 2/2
You are performing an internal scan of a private subnet with the following command:
hping3 -1 192.168.1.127
All hosts are configured with the subnet mask 255.255.255.192
. Which IP address or range of addresses will be scanned as a result of running this
command? Correct answer- 192.168.1.65-126
The IP address range scanned will be 192.168.1.65-126 because the hping3 command
specifies the broadcast address 192.168.1.127. The network specifies a custom subnet
mask, where the last six bits define the hosts, subnetwork, and subnetwork broadcast.
This subnet mask would take the Class C address of 254 hosts (if using the default
subnet mask of 255.255.255.0) and divide it into 4 subnets as follows:
The IP address range 192.168.1-254 will not be scanned because this range includes
all hosts in all four subnets. If the network were not divided into subnetworks using a
custom subnet mask, the broadcast address 192.168.1.255 would target this host
range.
In a hybrid PKI model, which function is performed by the symmetric algorithm? Correct
answer- Encrypting the data exchanged
In a hybrid PKI model, both symmetric and asymmetric algorithms are used. The
asymmetric algorithm is used to encrypt the keys that will be exchanged and symmetric
encryption is used on the data being exchanged. The sole purpose of the symmetric
algorithm is to encrypt the data.
You are presenting a proposal to the company CEO on engaging Foundstone for IT
security services. Which of the following solution(s) does Foundstone provide? (Choose
all that apply.) Correct answer- Foundstone provides a number of IT security-related
solutions, including
security assessment,
incident response,
and security training.
,Foundstone is a vendor-neutral IT security provider focusing on vulnerability
management and protection, working within McAfee and Intel Corporation.
Which of the following technical assessment tools is used to test passwords for
weakness? Correct answer- John the Ripper
John the Ripper is a tool used to crack weak passwords. It is currently available for
many flavors of Unix/Linux, Windows, DOS, BeOS, and OpenVMS.
Nmap is a port scanning tool and does not check for weak passwords.
A programmer from your company contacts you regarding a possible security breach.
During the discussion, he asks you to identify and investigate unauthorized
transactions. What should you use to provide him with this information? Correct answer-
Data-mining techniques
You should use data-mining techniques to identify and investigate unauthorized
transactions. Data-mining techniques are used any time you need to analyze data for
specific occurrences.
Footprinting provides a blueprint of the security profile of an organization. It helps to
determine methods of attack based on the devices and controls implemented.
What is the block and output size of SHA1? Correct answer- 512-bit blocks with an
output of 160 bits
The SHA1 (Secure Hash Algorithm) 1 hashing algorithm operates on one 512-bit block
at a time and outputs a 160-bit hash function, usually represented as a 40 hexadecimal
digits. This value can be used to validate the integrity of the data. It creates a message
digest, which can be used to determine whether a file has been changed since the
message digest was created. An unchanged message should create the same
message digest on multiple passes through a hashing algorithm.
You detect an attempted ICMP echo scan using the broadcast address 126.123.95.255.
You need to determine which network devices were potential targets.
Which subnet was likely targeted by the scan? Correct answer- 126.123.64.0/19
The most likely target subnet was 126.123.64.0/19. This includes all devices with the IP
addresses of 126.123.64.1 - 126.123.95.254. In CIDR (classless inter-domain routing)
notation, the number following the forward-slash is the number of network bits in the IP
address. The value 19 (255.255.224.0 as subnet mask) indicates the first two octets
and three bits of the third octet would need to be the same value (126.123.64 as
network portion) on hosts in the same IP network. This leaves the remaining 5 bits (64 +
31 of the third and fourth octet available for the host (64.1 - 95.254), minus the
broadcast address.
, Your company wants to use symmetric key cryptography in an application it is
developing. Which of the following algorithms could be used? Correct answer- 3DES
Triple Data Encryption Standard (3DES) could be used. 3DES is the only symmetric key
algorithm of the options listed. Other symmetric algorithms include Twofish, Advanced
Encryption Standard (AES), Blowfish, Rivest Cipher 4 (RC4), Skipjack, and International
Data Encryption Algorithm (IDEA).
During which phase of security testing is a non-disclosure agreement (NDA) executed?
Correct answer- Pre-Attack
A non-disclosure agreement is executed during the Pre-Attack phase. The NDA is
usually included as a section of the penetration testing contract.
A security test consists of three phases: Pre-Attack, Attack, and Post Attack.
Which of the following organizations provides incident response services in partnership
with the Department of Homeland Security? Correct answer- CSIRT
The U.S. Computer Security Incident Response Team (CSIRT) provides incident
response services to any user, company, government agency, or organization in
partnership with the Department of Homeland Security.
You have decided to implement IPSec for certain types of traffic. Which of the following
is the best description of why you would implement this protocol? Correct answer-
Deploy a secure remote access solution for employees to connect to the company's
internal network
You most likely would implement IPSec to deploy a secure remote access solution that
will allow employees to connect to the company's internal network. Implementing IPSec
would minimize the opportunity for the man-in-the-middle (MITM) attack to occur. IPSec
sets up a secure channel that uses a strong encryption and authentication method
between two network devices, such as routers, virtual private network (VPN)
concentrators, and firewalls.
What does the command netsh firewall show config do? Correct answer- Displays
current firewall settings at a high level
The netsh firewall show config command displays the Windows Firewall settings at a
high level in Windows Server 2008, Vista, and previous versions. In later versions of
Windows, the command is deprecated and replaced with similar command options
under the netsh advfirewall context.
Management has increasingly become concerned about sniffing attacks. Which type of
sniffing involves launching an ARP spoofing or traffic-flooding attack? Correct answer-
Active
Test 2/2
You are performing an internal scan of a private subnet with the following command:
hping3 -1 192.168.1.127
All hosts are configured with the subnet mask 255.255.255.192
. Which IP address or range of addresses will be scanned as a result of running this
command? Correct answer- 192.168.1.65-126
The IP address range scanned will be 192.168.1.65-126 because the hping3 command
specifies the broadcast address 192.168.1.127. The network specifies a custom subnet
mask, where the last six bits define the hosts, subnetwork, and subnetwork broadcast.
This subnet mask would take the Class C address of 254 hosts (if using the default
subnet mask of 255.255.255.0) and divide it into 4 subnets as follows:
The IP address range 192.168.1-254 will not be scanned because this range includes
all hosts in all four subnets. If the network were not divided into subnetworks using a
custom subnet mask, the broadcast address 192.168.1.255 would target this host
range.
In a hybrid PKI model, which function is performed by the symmetric algorithm? Correct
answer- Encrypting the data exchanged
In a hybrid PKI model, both symmetric and asymmetric algorithms are used. The
asymmetric algorithm is used to encrypt the keys that will be exchanged and symmetric
encryption is used on the data being exchanged. The sole purpose of the symmetric
algorithm is to encrypt the data.
You are presenting a proposal to the company CEO on engaging Foundstone for IT
security services. Which of the following solution(s) does Foundstone provide? (Choose
all that apply.) Correct answer- Foundstone provides a number of IT security-related
solutions, including
security assessment,
incident response,
and security training.
,Foundstone is a vendor-neutral IT security provider focusing on vulnerability
management and protection, working within McAfee and Intel Corporation.
Which of the following technical assessment tools is used to test passwords for
weakness? Correct answer- John the Ripper
John the Ripper is a tool used to crack weak passwords. It is currently available for
many flavors of Unix/Linux, Windows, DOS, BeOS, and OpenVMS.
Nmap is a port scanning tool and does not check for weak passwords.
A programmer from your company contacts you regarding a possible security breach.
During the discussion, he asks you to identify and investigate unauthorized
transactions. What should you use to provide him with this information? Correct answer-
Data-mining techniques
You should use data-mining techniques to identify and investigate unauthorized
transactions. Data-mining techniques are used any time you need to analyze data for
specific occurrences.
Footprinting provides a blueprint of the security profile of an organization. It helps to
determine methods of attack based on the devices and controls implemented.
What is the block and output size of SHA1? Correct answer- 512-bit blocks with an
output of 160 bits
The SHA1 (Secure Hash Algorithm) 1 hashing algorithm operates on one 512-bit block
at a time and outputs a 160-bit hash function, usually represented as a 40 hexadecimal
digits. This value can be used to validate the integrity of the data. It creates a message
digest, which can be used to determine whether a file has been changed since the
message digest was created. An unchanged message should create the same
message digest on multiple passes through a hashing algorithm.
You detect an attempted ICMP echo scan using the broadcast address 126.123.95.255.
You need to determine which network devices were potential targets.
Which subnet was likely targeted by the scan? Correct answer- 126.123.64.0/19
The most likely target subnet was 126.123.64.0/19. This includes all devices with the IP
addresses of 126.123.64.1 - 126.123.95.254. In CIDR (classless inter-domain routing)
notation, the number following the forward-slash is the number of network bits in the IP
address. The value 19 (255.255.224.0 as subnet mask) indicates the first two octets
and three bits of the third octet would need to be the same value (126.123.64 as
network portion) on hosts in the same IP network. This leaves the remaining 5 bits (64 +
31 of the third and fourth octet available for the host (64.1 - 95.254), minus the
broadcast address.
, Your company wants to use symmetric key cryptography in an application it is
developing. Which of the following algorithms could be used? Correct answer- 3DES
Triple Data Encryption Standard (3DES) could be used. 3DES is the only symmetric key
algorithm of the options listed. Other symmetric algorithms include Twofish, Advanced
Encryption Standard (AES), Blowfish, Rivest Cipher 4 (RC4), Skipjack, and International
Data Encryption Algorithm (IDEA).
During which phase of security testing is a non-disclosure agreement (NDA) executed?
Correct answer- Pre-Attack
A non-disclosure agreement is executed during the Pre-Attack phase. The NDA is
usually included as a section of the penetration testing contract.
A security test consists of three phases: Pre-Attack, Attack, and Post Attack.
Which of the following organizations provides incident response services in partnership
with the Department of Homeland Security? Correct answer- CSIRT
The U.S. Computer Security Incident Response Team (CSIRT) provides incident
response services to any user, company, government agency, or organization in
partnership with the Department of Homeland Security.
You have decided to implement IPSec for certain types of traffic. Which of the following
is the best description of why you would implement this protocol? Correct answer-
Deploy a secure remote access solution for employees to connect to the company's
internal network
You most likely would implement IPSec to deploy a secure remote access solution that
will allow employees to connect to the company's internal network. Implementing IPSec
would minimize the opportunity for the man-in-the-middle (MITM) attack to occur. IPSec
sets up a secure channel that uses a strong encryption and authentication method
between two network devices, such as routers, virtual private network (VPN)
concentrators, and firewalls.
What does the command netsh firewall show config do? Correct answer- Displays
current firewall settings at a high level
The netsh firewall show config command displays the Windows Firewall settings at a
high level in Windows Server 2008, Vista, and previous versions. In later versions of
Windows, the command is deprecated and replaced with similar command options
under the netsh advfirewall context.
Management has increasingly become concerned about sniffing attacks. Which type of
sniffing involves launching an ARP spoofing or traffic-flooding attack? Correct answer-
Active
