Ethical Hacking Exam Questions with Answers
Where in Internet Explorer can ActiveX controls be disabled? - Answer-Tools>>Internet Options >>Security>>Custom level
You have gained access to a client computer that has e-mail software installed, and would like to prove that th...
Where in Internet Explorer can ActiveX controls be disabled? - Answer-Tools>>Internet
Options >>Security>>Custom level
You have gained access to a client computer that has e-mail software installed, and
would like to prove that the e-mail software built in protections do not adequately protect
saved passwords. What tool(s) can you use to recover the e-mail account passwords? -
Answer-Mail PassView
Advanced MailBox Password Recovery
What happens when a packet with a flag of RST is sent to a host? - Answer-The
receiving host closes the connection and enters the CLOSED state, and releases all
resources from the connection
After gaining access to a Windows Active Directory domain controller, you are now
hoping to crack passwords for accounts across the domain. What utility can you use to
attempt to gain authentication details on this server? - Answer-L0phtCrack
After scanning a targeted server, you discover that UDP port 1434 is open and appears
to be active. What does this tell you about the target server? - Answer-It is possible that
arbitrary code can be executed utilizing a specially crafted request to the UDP port
The server is using the SQL Server Resolution Service (SSRS) and may be vulnerable
to buffer overflow attacks
In securing IIS, what steps should be taken to implement sufficient auditing and
logging? - Answer-IIS log files should be relocated and protected by IISLockdown
Failed logon attempts should be enabled in logging
What is the primary source for web server vulnerabilities? - Answer-server side scripting
exploits
As part of an audit, you are performing reconnaissance of a client's network. You are
attempting to target SQL servers, which you then plan to attempt to gain access to.
What program can you use to perform SQL server fingerprinting, as well as brute force
attacks, and create a custom xp_cmdshell? - Answer-Sqlninja
What HTTP authentication mechanism can utilize the Windows credentials of the
logged in user to attempt to authenticate to a Web page? - Answer-NTLM based
authentication
, How can a web serve application be secured against SQL injection attacks? - Answer-
User input should be validated and sanitized, as well as checked for expected data
types, and should not be allowed as part of a query if these checks fail
Upon finding an IIS server in your client's network, you discover that a virtual directory
named MSADC is accessible on the web page's root structure. How could you take
advantage of this? - Answer-You could use the showcase.asp script along with a single
file on the server to view the source code of the file, and you can view other file contents
via directory traversal
What regular expressions can be used to check for single quotes or double dashes, for
input validation purposes? - Answer-/(\%27)|(\')|(\-\-)|(\%23)|(#)/ix
//(\%3D)|(=)[^\n]*((\%27)|(\')|(\-\-)|(\%3B)|(;))/i
What countermeasure can be deployed to reduce the likelihood of log tampering? -
Answer-Ensure all logs are digitally signed and time stamped
What does the Address-bar protection setting do in Internet Explorer? - Answer-It
prevents pop-ups or standard windows from hiding the address bar, ensuring a user can
always see the current URL of a web page
What are valid countermeasures against password crackers that help ensure password
security is maintained? - Answer-Provide training on how to select secure passwords
An account should be locked if an incorrect password is entered several times in a row
What is the role of the BITS server extension in IIS? - Answer-It is used by applications
such as Windows Updates and Automatic Updates for background file transfers
What extension of NTLM authentications provides Kerberos based authentication over
HTTP? - Answer-negotiate authentication
Your client has come to you requesting that you assist with the implementation of
session hijacking countermeasures. What approaches are valid for this request? -
Answer-Minimize remote access, and require strong authentication and encryption use
for all VPNs
Allow limited incoming connections and only from known trusted IP addresses
What Internet Explorer setting can be enabled to prevent scripts on web pages from
interacting with content from other domains or windows? - Answer-Cross-domain
barriers
What utility allows its user to monitor an entire network and assists in taking over
sessions, while also saving an exact copy of the user's session? - Answer-IP Watcher
You are securing a web application and have been tasked with securing user cookies
from misuse. What steps can you take to ensure stolen cookies and changed values in
Les avantages d'acheter des résumés chez Stuvia:
Qualité garantie par les avis des clients
Les clients de Stuvia ont évalués plus de 700 000 résumés. C'est comme ça que vous savez que vous achetez les meilleurs documents.
L’achat facile et rapide
Vous pouvez payer rapidement avec iDeal, carte de crédit ou Stuvia-crédit pour les résumés. Il n'y a pas d'adhésion nécessaire.
Focus sur l’essentiel
Vos camarades écrivent eux-mêmes les notes d’étude, c’est pourquoi les documents sont toujours fiables et à jour. Cela garantit que vous arrivez rapidement au coeur du matériel.
Foire aux questions
Qu'est-ce que j'obtiens en achetant ce document ?
Vous obtenez un PDF, disponible immédiatement après votre achat. Le document acheté est accessible à tout moment, n'importe où et indéfiniment via votre profil.
Garantie de remboursement : comment ça marche ?
Notre garantie de satisfaction garantit que vous trouverez toujours un document d'étude qui vous convient. Vous remplissez un formulaire et notre équipe du service client s'occupe du reste.
Auprès de qui est-ce que j'achète ce résumé ?
Stuvia est une place de marché. Alors, vous n'achetez donc pas ce document chez nous, mais auprès du vendeur Perfectscorer. Stuvia facilite les paiements au vendeur.
Est-ce que j'aurai un abonnement?
Non, vous n'achetez ce résumé que pour €11,81. Vous n'êtes lié à rien après votre achat.
