Certified Ethical Hacking (CEH) v.8 Study Guide part 2
(101-200)
1. You have successfully gained access to a victim's computer using Windows 2003 Server SMB Vulnerability. Which
command will you run to disable audit- ing from the cmd?
A. stoplog stoplog ?
B. EnterPol /nolog
C. EventViewer o service
D. auditpol.exe /disable: D. auditpol.exe /disable
2. In which location are SAM hash passwords are stored in Windows 7?
A. c:\windows\system32\config\SAM
B. c:\winnt\system32\machine\SAM
C. c:\windows\etc\drivers\SAM
D. c:\windows\config\etc\SAM: A. c:\windows\system32\config\SAM
3. File extensions provide information regarding the underlying server tech- nology. Attackers can use this information to
search vulnerabilities and launch attacks. How would you disable file extensions in Apache servers?
A. Use disable-eXchange
B. Use mod_negotiation
C. Use Stop_Files
D. Use Lib_exchanges: B. Use mod_negotiation
4. Bob has a good understanding of cryptography, having worked with it for many years.
Cryptography is used to secure data from specific threats, but it does not secure the application from coding errors. It can
provide data privacy; integrity and enable strong authentication but it cannot mitigate programming errors. What is a good
example of a programming error that Bob can use to explain to the management how encryption will not address all their
security concerns?
A. Bob can explain that using a weak key management technique is a form of programming error
B. Bob can explain that using passwords to derive cryptographic keys is a form of a programming error
, Certified Ethical Hacking (CEH) v.8 Study Guide part 2
(101-200)
C. Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated
with poor programming technique
D. Bob can explain that a random number generator can be used to derive cryptographic keys but it uses a weak
seed value and this is a form of
a programming error: A. Bob can explain that using a weak key management technique is a form of programming err
5. One of the most common and the best way of cracking RSA encryption is to begin to derive the two prime numbers,
which are used in the RSA PKI mathematical process. If the two numbers p and q are discovered through a
process, then the private key can be derived.
A. Factorization
B. Prime Detection
C. Hashing
D. Brute-forcing: A. Factorization
6. Data is sent over the network as clear text (unencrypted) when Basic Au- thentication is configured on Web Servers.
A. true
B. false: A. true
7. NetBIOS over TCP/IP allows files and/or printers to be shared over the network. You are trying to intercept the traffic
from a victim machine to a corporate network printer. You are attempting to hijack the printer network connection from
your laptop by sniffing the wire. Which port does SMB over TCP/IP use?
A. 443
B. 139
C. 179
D. 445: D. 445
8. Charlie is the network administrator for his company. Charlie just received a new Cisco router and wants to test its
capabilities out and to see if it might be susceptible to a DoS attack resulting in its locking up. The IP address of the Cisco
switch is 172.16.0.45. What command can Charlie use to attempt this task?
, Certified Ethical Hacking (CEH) v.8 Study Guide part 2
(101-200)
A. Charlie can use the commanD. ping -l 56550 172.16.0.45 -t.
B. Charlie can try using the commanD. ping 56550 172.16.0.45.
C. By using the command ping 172.16.0.45 Charlie would be able to lockup the router
D. He could use the commanD. ping -4 56550 172.16.0.45.: A. Charlie can use the commanD. ping -l 56550
172.16.0.45 -t.
9. What type of encryption does WPA2 use?
A. DES 64 bit
B. AES-CCMP 128 bit
C. MD5 48 bit
D. SHA 160 bit: B. AES-CCMP 128 bit
10.Attackers send an ACK probe packet with random sequence number, no response means port is filtered (Stateful
firewall is present) and RST response means the port is not filtered. What type of
Port Scanning is this?
A. RST flag scanning
B. FIN flag scanning
C. SYN flag scanning
D. ACK flag scanning: D. ACK flag scanning
11.What is the command used to create a binary log file using tcpdump?
A. tcpdump -w ./log
B. tcpdump -r log
C. tcpdump -vde logtcpdump -vde ? log
D. tcpdump -l /var/log/: A. tcpdump -w ./log
12.What is the IV key size used in WPA2?
A. 32
B. 24
C. 16
(101-200)
1. You have successfully gained access to a victim's computer using Windows 2003 Server SMB Vulnerability. Which
command will you run to disable audit- ing from the cmd?
A. stoplog stoplog ?
B. EnterPol /nolog
C. EventViewer o service
D. auditpol.exe /disable: D. auditpol.exe /disable
2. In which location are SAM hash passwords are stored in Windows 7?
A. c:\windows\system32\config\SAM
B. c:\winnt\system32\machine\SAM
C. c:\windows\etc\drivers\SAM
D. c:\windows\config\etc\SAM: A. c:\windows\system32\config\SAM
3. File extensions provide information regarding the underlying server tech- nology. Attackers can use this information to
search vulnerabilities and launch attacks. How would you disable file extensions in Apache servers?
A. Use disable-eXchange
B. Use mod_negotiation
C. Use Stop_Files
D. Use Lib_exchanges: B. Use mod_negotiation
4. Bob has a good understanding of cryptography, having worked with it for many years.
Cryptography is used to secure data from specific threats, but it does not secure the application from coding errors. It can
provide data privacy; integrity and enable strong authentication but it cannot mitigate programming errors. What is a good
example of a programming error that Bob can use to explain to the management how encryption will not address all their
security concerns?
A. Bob can explain that using a weak key management technique is a form of programming error
B. Bob can explain that using passwords to derive cryptographic keys is a form of a programming error
, Certified Ethical Hacking (CEH) v.8 Study Guide part 2
(101-200)
C. Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated
with poor programming technique
D. Bob can explain that a random number generator can be used to derive cryptographic keys but it uses a weak
seed value and this is a form of
a programming error: A. Bob can explain that using a weak key management technique is a form of programming err
5. One of the most common and the best way of cracking RSA encryption is to begin to derive the two prime numbers,
which are used in the RSA PKI mathematical process. If the two numbers p and q are discovered through a
process, then the private key can be derived.
A. Factorization
B. Prime Detection
C. Hashing
D. Brute-forcing: A. Factorization
6. Data is sent over the network as clear text (unencrypted) when Basic Au- thentication is configured on Web Servers.
A. true
B. false: A. true
7. NetBIOS over TCP/IP allows files and/or printers to be shared over the network. You are trying to intercept the traffic
from a victim machine to a corporate network printer. You are attempting to hijack the printer network connection from
your laptop by sniffing the wire. Which port does SMB over TCP/IP use?
A. 443
B. 139
C. 179
D. 445: D. 445
8. Charlie is the network administrator for his company. Charlie just received a new Cisco router and wants to test its
capabilities out and to see if it might be susceptible to a DoS attack resulting in its locking up. The IP address of the Cisco
switch is 172.16.0.45. What command can Charlie use to attempt this task?
, Certified Ethical Hacking (CEH) v.8 Study Guide part 2
(101-200)
A. Charlie can use the commanD. ping -l 56550 172.16.0.45 -t.
B. Charlie can try using the commanD. ping 56550 172.16.0.45.
C. By using the command ping 172.16.0.45 Charlie would be able to lockup the router
D. He could use the commanD. ping -4 56550 172.16.0.45.: A. Charlie can use the commanD. ping -l 56550
172.16.0.45 -t.
9. What type of encryption does WPA2 use?
A. DES 64 bit
B. AES-CCMP 128 bit
C. MD5 48 bit
D. SHA 160 bit: B. AES-CCMP 128 bit
10.Attackers send an ACK probe packet with random sequence number, no response means port is filtered (Stateful
firewall is present) and RST response means the port is not filtered. What type of
Port Scanning is this?
A. RST flag scanning
B. FIN flag scanning
C. SYN flag scanning
D. ACK flag scanning: D. ACK flag scanning
11.What is the command used to create a binary log file using tcpdump?
A. tcpdump -w ./log
B. tcpdump -r log
C. tcpdump -vde logtcpdump -vde ? log
D. tcpdump -l /var/log/: A. tcpdump -w ./log
12.What is the IV key size used in WPA2?
A. 32
B. 24
C. 16
