Ethical Hacking Exam Questions with Answers
Where in Internet Explorer can ActiveX controls be disabled? - Answer-Tools>>Internet Options >>Security>>Custom level
You have gained access to a client computer that has e-mail software installed, and would like to prove that th...
Where in Internet Explorer can ActiveX controls be disabled? - Answer-Tools>>Internet
Options >>Security>>Custom level
You have gained access to a client computer that has e-mail software installed, and
would like to prove that the e-mail software built in protections do not adequately protect
saved passwords. What tool(s) can you use to recover the e-mail account passwords? -
Answer-Mail PassView
Advanced MailBox Password Recovery
What happens when a packet with a flag of RST is sent to a host? - Answer-The
receiving host closes the connection and enters the CLOSED state, and releases all
resources from the connection
After gaining access to a Windows Active Directory domain controller, you are now
hoping to crack passwords for accounts across the domain. What utility can you use to
attempt to gain authentication details on this server? - Answer-L0phtCrack
After scanning a targeted server, you discover that UDP port 1434 is open and appears
to be active. What does this tell you about the target server? - Answer-It is possible that
arbitrary code can be executed utilizing a specially crafted request to the UDP port
The server is using the SQL Server Resolution Service (SSRS) and may be vulnerable
to buffer overflow attacks
In securing IIS, what steps should be taken to implement sufficient auditing and
logging? - Answer-IIS log files should be relocated and protected by IISLockdown
Failed logon attempts should be enabled in logging
What is the primary source for web server vulnerabilities? - Answer-server side scripting
exploits
As part of an audit, you are performing reconnaissance of a client's network. You are
attempting to target SQL servers, which you then plan to attempt to gain access to.
What program can you use to perform SQL server fingerprinting, as well as brute force
attacks, and create a custom xp_cmdshell? - Answer-Sqlninja
What HTTP authentication mechanism can utilize the Windows credentials of the
logged in user to attempt to authenticate to a Web page? - Answer-NTLM based
authentication
, How can a web serve application be secured against SQL injection attacks? - Answer-
User input should be validated and sanitized, as well as checked for expected data
types, and should not be allowed as part of a query if these checks fail
Upon finding an IIS server in your client's network, you discover that a virtual directory
named MSADC is accessible on the web page's root structure. How could you take
advantage of this? - Answer-You could use the showcase.asp script along with a single
file on the server to view the source code of the file, and you can view other file contents
via directory traversal
What regular expressions can be used to check for single quotes or double dashes, for
input validation purposes? - Answer-/(\%27)|(\')|(\-\-)|(\%23)|(#)/ix
//(\%3D)|(=)[^\n]*((\%27)|(\')|(\-\-)|(\%3B)|(;))/i
What countermeasure can be deployed to reduce the likelihood of log tampering? -
Answer-Ensure all logs are digitally signed and time stamped
What does the Address-bar protection setting do in Internet Explorer? - Answer-It
prevents pop-ups or standard windows from hiding the address bar, ensuring a user can
always see the current URL of a web page
What are valid countermeasures against password crackers that help ensure password
security is maintained? - Answer-Provide training on how to select secure passwords
An account should be locked if an incorrect password is entered several times in a row
What is the role of the BITS server extension in IIS? - Answer-It is used by applications
such as Windows Updates and Automatic Updates for background file transfers
What extension of NTLM authentications provides Kerberos based authentication over
HTTP? - Answer-negotiate authentication
Your client has come to you requesting that you assist with the implementation of
session hijacking countermeasures. What approaches are valid for this request? -
Answer-Minimize remote access, and require strong authentication and encryption use
for all VPNs
Allow limited incoming connections and only from known trusted IP addresses
What Internet Explorer setting can be enabled to prevent scripts on web pages from
interacting with content from other domains or windows? - Answer-Cross-domain
barriers
What utility allows its user to monitor an entire network and assists in taking over
sessions, while also saving an exact copy of the user's session? - Answer-IP Watcher
You are securing a web application and have been tasked with securing user cookies
from misuse. What steps can you take to ensure stolen cookies and changed values in
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Perfectscorer. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £10.16. You're not tied to anything after your purchase.
