Call
whatsapp
9447387064 | 9847003556
0471-2335855 | 8089080088 | 0471-2334855
9447387064 | 9847003556
0471-2335855 | 8089080088 | 0471-2334855
Cisco Training in Trivandrum, Trinity Technologies

No.1 Training Institute in Kerala

CEH QUESTIONS : PART 14

You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's bank account password and login information for the administrator's bitcoin account. What should you do?

Report immediately to the administrator

Do not report it and continue the penetration test. 

Transfer money from the administrator's account to another account.

Do not transfer the money but steal the bitcoins. 

SHOW ANSWER

A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wire shark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?

tcp.port != 21 

 tcp.port = 23 

 tcp.port ==21

tcp.port ==21 || tcp.port ==22

SHOW ANSWER

Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning. What should Bob recommend to deal with such a threat?

The use of security agents in clients' computers 

The use of DNSSEC 

The use of double-factor authentication 

Client awareness

SHOW ANSWER

During a security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?

 Identify and evaluate existing practices 

 Create a procedures document 

Conduct compliance testing

Terminate the audit 

SHOW ANSWER

A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application. What kind of Web application vulnerability likely exists in their software?

Cross-site scripting vulnerability 

Cross-site Request Forgery vulnerability

SQL injection vulnerability 

Web site defacement vulnerability

SHOW ANSWER

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

The root CA is the recovery agent used to encrypt data when a user's certificate is lost. 

The root CA stores the user's hash value for safekeeping. 

The CA is the trusted root that issues certificates. 

The root CA is used to encrypt email messages to prevent unintended disclosure of data.

SHOW ANSWER

Which service in a PKI will vouch for the identity of an individual or company?

KDC

CA 

CR 

CBC

SHOW ANSWER

It is a vulnerability in GNU's bash shell, discovered in September of 2014, that gives attackers access to run remote commands on a vulnerable system. The malicious software can take control of an infected machine, launch denial-of-service attacks to disrupt websites, and scan for other vulnerable devices (including routers). Which of the following vulnerabilities is being described?

Shellshock

Rootshock 

Rootshell

Shellbash

SHOW ANSWER

What is the term coined for logging, recording and resolving events in a company?

Internal Procedure 

Security Policy

Incident Management Process 

Metrics

SHOW ANSWER

Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?

 Cross-site scripting

SQL injection 

Missing patches 

CRLF injection

SHOW ANSWER

Password cracking programs reverse the hashing process to recover passwords.

True

False

SHOW ANSWER

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

Transport layer port numbers and application layer headers 

Presentation layer headers and the session layer port numbers 

Network layer headers and the session layer port numbers 

Application layer port numbers and the transport layer headers

SHOW ANSWER

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

Trojan 

RootKit 

 DoS tool 

 Scanner 

Backdoor

SHOW ANSWER
BACK | NEXT
TRINITY SOFTWARE SOLUTIONS,IInd floor, Radheyam Towers, Gandhari Amman Kovil Road, Pulimood, Trivandrum - 1
0471-2334855 | 2335855 | 9447387064 | 9847003556 info@trinitytechnology.in