Certified Ethical Hacker 312-50v11 EXAM
STUDY
While performing online banking using a Web browser, a user receives an email that contains a
link to an interesting Web site. When the user clicks on the link, another Web browser session
starts and displays a video of cats playing the piano. The next business day, the user receives
what looks like an email from his bank, indicating that his bank account has been accessed from
a foreign country. The email asks the user to call his bank and verify the authorization of a funds
transfer that took place.
What Web browser-based security vulnerability was exploited to compromise the user?
A. Clickjacking
B. Cross-Site Scripting
C. Cross-Site Request Forgery
D. Web form input validation Correct answer- C
Which service in a PKI will vouch for the identity of an individual or company?
A. KDC
B. CR
C. CBC
D. CA Correct answer- D
Identify the web application attack where the attackers exploit vulnerabilities in
dynamically generated web pages to inject client-side script into web pages viewed by
other users.
A. LDAP Injection attack
B. Cross-Site Scripting (XSS)
C. SQL injection attack
D. Cross-Site Request Forgery (CSRF) Correct answer- B
User A is writing a sensitive email message to user B outside the local network. User A
has chosen to use PKI to secure his message and ensure only user B can read the
sensitive email.
At what layer of the OSI layer does the encryption and decryption of the message take
place?
A. Application
B. Transport
,C. Session
D. Presentation Correct answer- D
A new wireless client is configured to join a 802.11 network. This client uses the same
hardware and software as many of the other clients on the network. The client can see
the network, but cannot connect. A wireless packet sniffer shows that the Wireless
Access Point (WAP) is not responding to the association requests being sent by the
wireless client.
What is a possible source of this problem?
A. The WAP does not recognize the client's MAC address
B. The client cannot see the SSID of the wireless network
C. Client is configured for the wrong channel
D. The wireless client is not configured to use DHCP Correct answer- A
If you want to only scan fewer ports than the default scan using Nmap tool, which option
would you use?
A. -r
B. -F
C. -P
D. -sP Correct answer- B
Which of the following is the structure designed to verify and authenticate the identity of
individuals within the enterprise taking part in a data exchange?
A. SOA
B. biometrics
C. single sign on
D. PKI Correct answer- D
You are tasked to perform a penetration test. While you are performing information
gathering, you find an employee list in Google. You find the receptionist's email, and
you send her an email changing the source email to her boss's email (boss@company).
In this email, you ask for a pdf with the information. She reads your email and sends
back a pdf with links. You exchange the pdf links with your malicious links (these links
contain malware) and send back the modified pdf, saying that the links don't work. She
reads your email, opens the links, and her machine gets infected. You now have access
to the company network.
What testing method did you use?
A. Social engineering
B. Piggybacking
C. Tailgating
,D. Eavesdropping Correct answer- A
If a tester is attempting to ping a target that exists but receives no response or a
response that states the destination is unreachable, ICMP may be disabled and the
network may be using TCP.
Which other option could the tester use to get a response from a host using TCP?
A. Traceroute
B. Hping
C. TCP ping
D. Broadcast ping Correct answer- B
Which is the first step followed by Vulnerability Scanners for scanning a network?
A. OS Detection
B. Firewall detection
C. TCP/UDP Port scanning
D. Checking if the remote host is alive Correct answer- D
Which of the following programs is usually targeted at Microsoft Office products?
A. Polymorphic virus
B. Multipart virus
C. Macro virus
D. Stealth virus Correct answer- C
In an internal security audit, the white hat hacker gains control over a user account and
attempts to acquire access to another account's confidential files and information. How
can he achieve this?
A. Privilege Escalation
B. Shoulder-Surfing
C. Hacking Active Directory
D. Port Scanning Correct answer- A
A technician is resolving an issue where a computer is unable to connect to the Internet
using a wireless access point. The computer is able to transfer files locally to other
machines, but cannot successfully reach the Internet. When the technician examines
the IP address and default gateway they are both on the192.168.1.0/24.
Which of the following has occurred?
A. The computer is not using a private IP address.
B. The gateway is not routing to a public IP address.
C. The gateway and the computer are not on the same network.
, D. The computer is using an invalid IP address. Correct answer- B
Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of
communication?
A. 113
B. 69
C. 123
D. 161 Correct answer- C
Due to a slowdown of normal network operations, the IT department decided to monitor
internet traffic for all of the employees.
From a legal standpoint, what would be troublesome to take this kind of measure?
A. All of the employees would stop normal work activities
B. IT department would be telling employees who the boss is
C. Not informing the employees that they are going to be monitored could be an
invasion of privacy.
D. The network could still experience traffic slow down. Correct answer- C
Which of the following tools performs comprehensive tests against web servers,
including dangerous files and CGIs?
A. Nikto
B. John the Ripper
C. Dsniff
D. Snort Correct answer- A
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy
servers, and Intrusion Detection Systems (IDS) on the network of an organization that
has experienced a possible breach of security. When the investigator attempts to
correlate the information in all of the logs, the sequence of many of the logged events
do not match up.
What is the most likely cause?
A. The network devices are not all synchronized.
B. Proper chain of custody was not observed while collecting the logs.
C. The attacker altered or erased events from the logs.
D. The security breach was a false positive. Correct answer- A
DNS cache snooping is a process of determining if the specified resource address is
present in the DNS cache records. It may be useful during the examination of the
network to determine what software update resources are used, thus discovering what
software is installed.
STUDY
While performing online banking using a Web browser, a user receives an email that contains a
link to an interesting Web site. When the user clicks on the link, another Web browser session
starts and displays a video of cats playing the piano. The next business day, the user receives
what looks like an email from his bank, indicating that his bank account has been accessed from
a foreign country. The email asks the user to call his bank and verify the authorization of a funds
transfer that took place.
What Web browser-based security vulnerability was exploited to compromise the user?
A. Clickjacking
B. Cross-Site Scripting
C. Cross-Site Request Forgery
D. Web form input validation Correct answer- C
Which service in a PKI will vouch for the identity of an individual or company?
A. KDC
B. CR
C. CBC
D. CA Correct answer- D
Identify the web application attack where the attackers exploit vulnerabilities in
dynamically generated web pages to inject client-side script into web pages viewed by
other users.
A. LDAP Injection attack
B. Cross-Site Scripting (XSS)
C. SQL injection attack
D. Cross-Site Request Forgery (CSRF) Correct answer- B
User A is writing a sensitive email message to user B outside the local network. User A
has chosen to use PKI to secure his message and ensure only user B can read the
sensitive email.
At what layer of the OSI layer does the encryption and decryption of the message take
place?
A. Application
B. Transport
,C. Session
D. Presentation Correct answer- D
A new wireless client is configured to join a 802.11 network. This client uses the same
hardware and software as many of the other clients on the network. The client can see
the network, but cannot connect. A wireless packet sniffer shows that the Wireless
Access Point (WAP) is not responding to the association requests being sent by the
wireless client.
What is a possible source of this problem?
A. The WAP does not recognize the client's MAC address
B. The client cannot see the SSID of the wireless network
C. Client is configured for the wrong channel
D. The wireless client is not configured to use DHCP Correct answer- A
If you want to only scan fewer ports than the default scan using Nmap tool, which option
would you use?
A. -r
B. -F
C. -P
D. -sP Correct answer- B
Which of the following is the structure designed to verify and authenticate the identity of
individuals within the enterprise taking part in a data exchange?
A. SOA
B. biometrics
C. single sign on
D. PKI Correct answer- D
You are tasked to perform a penetration test. While you are performing information
gathering, you find an employee list in Google. You find the receptionist's email, and
you send her an email changing the source email to her boss's email (boss@company).
In this email, you ask for a pdf with the information. She reads your email and sends
back a pdf with links. You exchange the pdf links with your malicious links (these links
contain malware) and send back the modified pdf, saying that the links don't work. She
reads your email, opens the links, and her machine gets infected. You now have access
to the company network.
What testing method did you use?
A. Social engineering
B. Piggybacking
C. Tailgating
,D. Eavesdropping Correct answer- A
If a tester is attempting to ping a target that exists but receives no response or a
response that states the destination is unreachable, ICMP may be disabled and the
network may be using TCP.
Which other option could the tester use to get a response from a host using TCP?
A. Traceroute
B. Hping
C. TCP ping
D. Broadcast ping Correct answer- B
Which is the first step followed by Vulnerability Scanners for scanning a network?
A. OS Detection
B. Firewall detection
C. TCP/UDP Port scanning
D. Checking if the remote host is alive Correct answer- D
Which of the following programs is usually targeted at Microsoft Office products?
A. Polymorphic virus
B. Multipart virus
C. Macro virus
D. Stealth virus Correct answer- C
In an internal security audit, the white hat hacker gains control over a user account and
attempts to acquire access to another account's confidential files and information. How
can he achieve this?
A. Privilege Escalation
B. Shoulder-Surfing
C. Hacking Active Directory
D. Port Scanning Correct answer- A
A technician is resolving an issue where a computer is unable to connect to the Internet
using a wireless access point. The computer is able to transfer files locally to other
machines, but cannot successfully reach the Internet. When the technician examines
the IP address and default gateway they are both on the192.168.1.0/24.
Which of the following has occurred?
A. The computer is not using a private IP address.
B. The gateway is not routing to a public IP address.
C. The gateway and the computer are not on the same network.
, D. The computer is using an invalid IP address. Correct answer- B
Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of
communication?
A. 113
B. 69
C. 123
D. 161 Correct answer- C
Due to a slowdown of normal network operations, the IT department decided to monitor
internet traffic for all of the employees.
From a legal standpoint, what would be troublesome to take this kind of measure?
A. All of the employees would stop normal work activities
B. IT department would be telling employees who the boss is
C. Not informing the employees that they are going to be monitored could be an
invasion of privacy.
D. The network could still experience traffic slow down. Correct answer- C
Which of the following tools performs comprehensive tests against web servers,
including dangerous files and CGIs?
A. Nikto
B. John the Ripper
C. Dsniff
D. Snort Correct answer- A
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy
servers, and Intrusion Detection Systems (IDS) on the network of an organization that
has experienced a possible breach of security. When the investigator attempts to
correlate the information in all of the logs, the sequence of many of the logged events
do not match up.
What is the most likely cause?
A. The network devices are not all synchronized.
B. Proper chain of custody was not observed while collecting the logs.
C. The attacker altered or erased events from the logs.
D. The security breach was a false positive. Correct answer- A
DNS cache snooping is a process of determining if the specified resource address is
present in the DNS cache records. It may be useful during the examination of the
network to determine what software update resources are used, thus discovering what
software is installed.
