CEH v10 Chapters 1-6 Questions with Answers
What type of scan is harder to perform because of the lack of response from open services and because packets could be lost due to congestion or from firewall blocked ports?
a. Stealth scanning
b. ACK scanning
c. UDP scanning
d. FIN scan - Answer-...
CEH v10 Chapters 1-6 Questions
with Answers
What type of scan is harder to perform because of the lack of response from open
services and because packets could be lost due to congestion or from firewall blocked
ports?
a. Stealth scanning
b. ACK scanning
c. UDP scanning
d. FIN scan - Answer-C. UDP scanning is harder to perform because of the lack of
response from open services and because packets could be lost due to congestion or a
firewall blocking ports.
You would like to perform a scan that runs a script against SSH and attempts to extract
the SSH host key. Which of the following is the correct syntax?
a. nmap -sC -p21, 111, 139 -T3 www.knowthetrade.com
b. nmap -sC -p22, 111, 139 -T4 www.knowthetrade.com
c. nmap -sL -p21, 111, 139 -T3 www.knowthetrade.com
d. nmap -sI -p22, 111, 139 -T4 www.knowthetrade.com - Answer-B. The -sC option runs
a script, and the correct port would be 22 because that is the default port that SSH runs
on.
You have just performed an ACK scan and have been monitoring a sniffer while the
scan was performed. The sniffer captured the result of the scan as an ICMP type 3 code
13. What does this result mean?
a. The firewall is only a router with an ACL.
b. The port is open.
c. Port knocking is used.
d. The port is closed. - Answer-A. An ICMP type 3 code 13 is administratively filtered.
This type of response is returned from a router when the protocol has been filtered by
an ACL.
One of the members of your security assessment team is trying to find out more
information about a client's website. The Brazilian-based site has a .com extension. She
has decided to use some online Whois tools and look in one of the Regional Internet
Registries. Which of the following represents the logical starting point?
a. AfriNIC
b. ARIN
c. APNIC
,d. RIPE - Answer-B. Regional Internet Registries (RIR) maintain records from the areas
from which they govern. ARIN is responsible for domains served within North and South
America, and therefore, is the logical starting point for that .com domain.
What is the purpose of the following Nmap scan? Nmap -sn 192.168.123.1-254
a. Ping only on the targets, no port scan
b. A NULL TCP scan
c. A TCP port scan
d. Port scan all targets - Answer-A. The -sn option tells Nmap not to do a port scan after
host discovery and only print out the available hosts that responded to the host
discovery probes. This is often known as a "ping scan," but you can also request that
traceroute and NSE host scripts be run.
You're starting a port scan of a new network. Which of the following can be used to scan
all ports on the 192.168.123.1 network?
a. nmap -p 1,65536 192.168.123.1
b. nmap -p- 192.168.123.1
c. nmap 192.168.123.1 -ports { {#}} 8220; all { {#}} 8221;
d. nmap -p 0-65536 192.168.123.1 - Answer-B. Running -p- scans all 65,535 ports on
the targeted systems.
Which of following port-scanning techniques can be used to map out the firewall rules
on a router?
a. NULL scan
b. ACK scan
c. Inverse flag scan
d. Firewalk - Answer-B. Running an ACK scan attempts to determine access control list
(ACL) rule sets or identify whether firewall inspection or simply stateless inspection is
being used. A stateful firewall should return no response. If an ICMP destination is
unreachable or a communication administratively prohibited message is returned, the
port is considered to be filtered. If an RST is returned, no firewall is present.
What are the two ICMP codes used when performing a ping?
a. Type 0 and 8
b. Type 0 and 3
c. Type 3 and 5
d. Type 5 and 11 - Answer-A. Type 0 is a ping reply and type 8 is a ping request. Make
sure you know the range of ICMP types for the exam.
What are the three main tenets of security?
a. Confidentiality, integrity, and availability
b. Authorization, authentication, and accountability
c. Deter, delay, and detect
d. Acquire, authenticate, and analyze - Answer-a. Confidentiality, integrity, and
availability
, Which of the following laws pertains to accountability for public companies relating to
financial information?
a. FISMA
b. SOX
c. 18 U.S.C. 1029
d. 18 U.S.C. 1030 3 - Answer-b. SOX
Which type of testing occurs when individuals know the entire layout of the network?
a. Black box
b. Gray box
c. White box
d. Blind testing - Answer-c. White box
Which type of testing occurs when you have no knowledge of the network?
a. Black box
b. Gray box
c. White box
d. Blind testing - Answer-a. Black box
Which form of testing occurs when insiders are not informed of the pending test?
a. Black box
b. Gray box
c. White box
d. Blind testing - Answer-d. Blind testing
How is ethical hacking different from hacking?
a. Ethical hackers never launch exploits.
b. Ethical hackers have signed written permission.
c. Ethical hackers act with malice.
d. Ethical hackers have verbal permission. - Answer-b. Ethical hackers have signed
written permission.
Which type of hacker is considered a good guy?
a. White hat
b. Gray hat
c. Black hat
d. Suicide hacker - Answer-a. White hat
Which type of hacker is considered unethical?
a. White hat
b. Gray hat
c. Black hat
d. Brown hat - Answer-c. Black hat
Which type of hacker will carry out an attack even if the result could be a very long
prison term?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
