CEH Master 2022 EXAM
ISO 27001 Correct Answer: Considered the Governance standard, based on BS 7799. Defines a standard
for creating an IS Management System.
Focuses on Security Governance.
ISO 27002 Correct Answer: Considered the security controls standard, based on BS 7799. Recommends
security controls based on industry best practices
Focuses on Security Objectives
Cain & Able can do....? Correct Answer: record and extract VOIP conversations
Capture/decrypt RDP traffic
Collect and prepare server certs for MITM attacks
Perform ARP poisoning
start/stop/pause/continue remote windows services
detect 802.11 WLANs
reveal passwords in text boxes
enumerate netwoks and extract SIDs
Retinal Scan Correct Answer: Most likely to reveal private health info about a user and considered to be
invasive
Windows XP and 7 respond to pings sent to network or broadcast addresses by default? Correct Answer:
NO.
Windows "NET" command can do...? Correct Answer: manage services
manage user accounts
connect to a remote resource
manage a printer que
manage a shared resource
Metamorphic virus Correct Answer: Rewrites itself every time they infect a new file
Microsoft Secure Development Lifecycle Correct Answer: 1. Training
2. Requirements
3. Design
4. Implementation
5. Verification
6. Release
7. Response
HTTP PUT method should be considered a RISK Correct Answer: Allows clients to update files on a
webserver
,Worms and BOTs can propagate without human interaction Correct Answer:
What tool do you use to perform Blackjacking? Correct Answer: BBProxy
Known plaintext attack Correct Answer: Attack has both plaintext and cipher text
COBIT (Control Objects for Information Related Technology) Correct Answer: Four domains:
-Planning and Organization
-Acquisition and implementation
-Delivery and support
-Monitoring and Evaluation
ITIL Correct Answer: Developed by CCTA for UK Gov
ITIL Standardizes IT management procedures
Five main categories
-Service strategy
-Service design
-Service transition
-Service operation
-Continual service improvement
Windows NT 4.0 SP4 uses _____ for hashing Correct Answer: MD5
Kismet Correct Answer: Runs on Linux and OS X
Supports monitor mode and 802.11n
Can be used as an IDS
NetSumbler Correct Answer: Can only be installed on windows
Does not detect 802.11n
detects 802.11a,b,g
does not support monitor mode
ARP spoofing takes advantage of _________ relationship Correct Answer: TRUST
SC Query only shows ________ services on a windows machine Correct Answer: ACTIVE
802.1X uses ____________ to establish port-based network access control Correct Answer: EAP
(Extensible Authentication Protocol)
Directive security control Correct Answer: AKA procedural controls
used to define appropriate use & behavoir
Deterrent security control Correct Answer: Used to dissuade or deter attacks
Preventative security control Correct Answer: Used to stop attacks by preventing users from performing
specific actions
,Compensating security control Correct Answer: Used to supplement directive controls
Detective security control Correct Answer: Used to monitor and/or send alerts about activity
Corrective Correct Answer: Used to repair damage caused by malicious events
Recovery Correct Answer: Used to restore system to a normal state after attack
Application firewalls (what layer?) Correct Answer: Operate at layer 7
Circuit firewalls (what layer?) Correct Answer: Operate at layer 5
Packet filter firewall (what layer?) Correct Answer: Operate at layer 3
Stateful multilayer firewall Correct Answer: Combine quality of all other firewalls
Operate at multiple layers
Hinfo shows what? (DNS record) Correct Answer: CPU type
OS Type
OSSTMM defines three types of compliance.... Correct Answer: Legislative (SOX, HIPPA)
Contractual (PCI)
Standards-based (ITIL, ISO, OSSTM)
WPA uses _________ to ensure integrity & protect against MITM attacks? Correct Answer: MIC
(Message Integrity Checks)
Metagoofil switches Correct Answer: -f writes all links to a date-time stamped file
-t recognizes all which will search all 17576 three letter file extensions
-e allows you to specify time delay between searches
-r specifies the number of threads to use when downloading files
PCI DSS Requirement 11 requires an organization does? Correct Answer: "Regularly test systems and
processes" aka perform vulnerability assessments
WPA2 uses _______ cipher instead of ________ cipher. Correct Answer: Uses block cipher instead of
stream cipher
What is libwhisker? Correct Answer: Pearl module that supports IDS evasion
Nikto uses libwhisker
OWASP 2013 Top 6 Correct Answer: 1. Injections
2. Broken Auth
3. XSS
4. Insecure Direct Object References
5. Security misconfig
6. Sensitive Data Exposure
, ESP is used with what? Correct Answer: IPSec uses ESP during tunneling mode; it encrypts the entire
packet; aka TUNNEL MODE
IPSec Transport mode is used for host-to-host (typically within the same LAN), only IP payload is
encrypted with this IPSec implementation
What methods does NMAP scrip "http-methods" consider to be risky? Correct Answer: CONNECT (may
allow attacker to use server as a proxy)
DELETE (allows attacker to delete files from server)
PUT (allows attacker to upload to the server)
TRACE (could allow XSS)
Only OPTIONS is not considered risky.
NMAP range scanning Correct Answer: you can use "-" to denote ranges to scan:
Example: nmap 10.-2.9.-
This will scan 10.0.9.0/24, 10.1.9.0/24 & 10.2.9.0/24
Human-based Social Engineering attacks Correct Answer: Shoulder Surfing
Tailgaiting
Dumpster diving
Pcap Correct Answer: Used by Nmap Snort and TCPDump
Libpcap is a version of pcap, written in c/c++
What layer do stateful firewalls operate at? Correct Answer: The transport layer
What layer do packet filtering firewall operate at? Correct Answer: The network layer
GLBA does what? Correct Answer: Protects the confidentiality and integrity of personal info that is
collected by financial institutions.
TCSEC does what? Correct Answer: Provides guidance on evaluating the effectiveness of computer
security controls.
TNIEG (Turst Network Interpretation Environments Guideline) Correct Answer: Provides guidance on
minimum security protection required in different network environments
TCSEC (Trusted Computer System Evaluation Criteria) Correct Answer: Provide guidance on computer
system security
AKA the orange book, created by the DoD in the 80s
AAA Protocols Correct Answer: TACACS (the oldest)
Diameter (the newest)
RADIUS (IETF standard, less flexible than diameter)
TACACS+ (replaced TACACS)
ISO 27001 Correct Answer: Considered the Governance standard, based on BS 7799. Defines a standard
for creating an IS Management System.
Focuses on Security Governance.
ISO 27002 Correct Answer: Considered the security controls standard, based on BS 7799. Recommends
security controls based on industry best practices
Focuses on Security Objectives
Cain & Able can do....? Correct Answer: record and extract VOIP conversations
Capture/decrypt RDP traffic
Collect and prepare server certs for MITM attacks
Perform ARP poisoning
start/stop/pause/continue remote windows services
detect 802.11 WLANs
reveal passwords in text boxes
enumerate netwoks and extract SIDs
Retinal Scan Correct Answer: Most likely to reveal private health info about a user and considered to be
invasive
Windows XP and 7 respond to pings sent to network or broadcast addresses by default? Correct Answer:
NO.
Windows "NET" command can do...? Correct Answer: manage services
manage user accounts
connect to a remote resource
manage a printer que
manage a shared resource
Metamorphic virus Correct Answer: Rewrites itself every time they infect a new file
Microsoft Secure Development Lifecycle Correct Answer: 1. Training
2. Requirements
3. Design
4. Implementation
5. Verification
6. Release
7. Response
HTTP PUT method should be considered a RISK Correct Answer: Allows clients to update files on a
webserver
,Worms and BOTs can propagate without human interaction Correct Answer:
What tool do you use to perform Blackjacking? Correct Answer: BBProxy
Known plaintext attack Correct Answer: Attack has both plaintext and cipher text
COBIT (Control Objects for Information Related Technology) Correct Answer: Four domains:
-Planning and Organization
-Acquisition and implementation
-Delivery and support
-Monitoring and Evaluation
ITIL Correct Answer: Developed by CCTA for UK Gov
ITIL Standardizes IT management procedures
Five main categories
-Service strategy
-Service design
-Service transition
-Service operation
-Continual service improvement
Windows NT 4.0 SP4 uses _____ for hashing Correct Answer: MD5
Kismet Correct Answer: Runs on Linux and OS X
Supports monitor mode and 802.11n
Can be used as an IDS
NetSumbler Correct Answer: Can only be installed on windows
Does not detect 802.11n
detects 802.11a,b,g
does not support monitor mode
ARP spoofing takes advantage of _________ relationship Correct Answer: TRUST
SC Query only shows ________ services on a windows machine Correct Answer: ACTIVE
802.1X uses ____________ to establish port-based network access control Correct Answer: EAP
(Extensible Authentication Protocol)
Directive security control Correct Answer: AKA procedural controls
used to define appropriate use & behavoir
Deterrent security control Correct Answer: Used to dissuade or deter attacks
Preventative security control Correct Answer: Used to stop attacks by preventing users from performing
specific actions
,Compensating security control Correct Answer: Used to supplement directive controls
Detective security control Correct Answer: Used to monitor and/or send alerts about activity
Corrective Correct Answer: Used to repair damage caused by malicious events
Recovery Correct Answer: Used to restore system to a normal state after attack
Application firewalls (what layer?) Correct Answer: Operate at layer 7
Circuit firewalls (what layer?) Correct Answer: Operate at layer 5
Packet filter firewall (what layer?) Correct Answer: Operate at layer 3
Stateful multilayer firewall Correct Answer: Combine quality of all other firewalls
Operate at multiple layers
Hinfo shows what? (DNS record) Correct Answer: CPU type
OS Type
OSSTMM defines three types of compliance.... Correct Answer: Legislative (SOX, HIPPA)
Contractual (PCI)
Standards-based (ITIL, ISO, OSSTM)
WPA uses _________ to ensure integrity & protect against MITM attacks? Correct Answer: MIC
(Message Integrity Checks)
Metagoofil switches Correct Answer: -f writes all links to a date-time stamped file
-t recognizes all which will search all 17576 three letter file extensions
-e allows you to specify time delay between searches
-r specifies the number of threads to use when downloading files
PCI DSS Requirement 11 requires an organization does? Correct Answer: "Regularly test systems and
processes" aka perform vulnerability assessments
WPA2 uses _______ cipher instead of ________ cipher. Correct Answer: Uses block cipher instead of
stream cipher
What is libwhisker? Correct Answer: Pearl module that supports IDS evasion
Nikto uses libwhisker
OWASP 2013 Top 6 Correct Answer: 1. Injections
2. Broken Auth
3. XSS
4. Insecure Direct Object References
5. Security misconfig
6. Sensitive Data Exposure
, ESP is used with what? Correct Answer: IPSec uses ESP during tunneling mode; it encrypts the entire
packet; aka TUNNEL MODE
IPSec Transport mode is used for host-to-host (typically within the same LAN), only IP payload is
encrypted with this IPSec implementation
What methods does NMAP scrip "http-methods" consider to be risky? Correct Answer: CONNECT (may
allow attacker to use server as a proxy)
DELETE (allows attacker to delete files from server)
PUT (allows attacker to upload to the server)
TRACE (could allow XSS)
Only OPTIONS is not considered risky.
NMAP range scanning Correct Answer: you can use "-" to denote ranges to scan:
Example: nmap 10.-2.9.-
This will scan 10.0.9.0/24, 10.1.9.0/24 & 10.2.9.0/24
Human-based Social Engineering attacks Correct Answer: Shoulder Surfing
Tailgaiting
Dumpster diving
Pcap Correct Answer: Used by Nmap Snort and TCPDump
Libpcap is a version of pcap, written in c/c++
What layer do stateful firewalls operate at? Correct Answer: The transport layer
What layer do packet filtering firewall operate at? Correct Answer: The network layer
GLBA does what? Correct Answer: Protects the confidentiality and integrity of personal info that is
collected by financial institutions.
TCSEC does what? Correct Answer: Provides guidance on evaluating the effectiveness of computer
security controls.
TNIEG (Turst Network Interpretation Environments Guideline) Correct Answer: Provides guidance on
minimum security protection required in different network environments
TCSEC (Trusted Computer System Evaluation Criteria) Correct Answer: Provide guidance on computer
system security
AKA the orange book, created by the DoD in the 80s
AAA Protocols Correct Answer: TACACS (the oldest)
Diameter (the newest)
RADIUS (IETF standard, less flexible than diameter)
TACACS+ (replaced TACACS)
