Call
whatsapp
9447387064 | 9847003556
0471-2335855 | 8089080088 | 0471-2334855
9447387064 | 9847003556
0471-2335855 | 8089080088 | 0471-2334855
Cisco Training in Trivandrum, Trinity Technologies

No.1 Training Institute in Kerala

CEH QUESTIONS : PART 16

You are looking for SQL injection vulnerability by sending a special character to web applications. Which of the following is the most useful for quick validation?

Double quotation 

Backslash 

Semicolon 

Single quotation

SHOW ANSWER

Why should the security analyst disable/remove unnecessary ISAPI filters?

To defend against social engineering attacks 

To defend against webserver attacks 

To defend against jailbreaking 

To defend against wireless attacks 

SHOW ANSWER

When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

Data items and vulnerability scanning 

Interviewing employees and network engineers 

 Reviewing the firewalls configuration 

Source code review 

SHOW ANSWER

It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure. Which of the following regulations best matches the description?

 HIPAA 

ISO/IEC 27002 

 COBIT 

FISMA 

SHOW ANSWER

Cross-site request forgery involves:

A request sent by a malicious user from a browser to a server

Modification of a request by a proxy between client and server 

A browser making a request to a server without the user's knowledge 

A server making a request to another server without the user's knowledge

SHOW ANSWER

Which regulation defines security and privacy controls for Federal information systems and organizations?

NIST-800-53 

PCI-DSS 

 EU Safe Harbor 

HIPAA

SHOW ANSWER

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job?

 Start by foot printing the network and mapping out a plan of attack

 Ask the employer for authorization to perform the work outside the company

Begin the reconnaissance phase with passive information gathering and then move into active information gathering

Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack

SHOW ANSWER

DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. It may be useful during the examination of the network to determine what software update resources are used, thus discovering what software is installed. What command is used to determine if the entry is present in DNS cache?

nslookup -fullrecursive update.antivirus.com 

dnsnooping -rt update.antivirus.com 

slookup -norecursive update.antivirus.com 

dns --snoop update.antivirus.com

SHOW ANSWER

It has been reported to you that someone has caused an information spillage on their computer. You go to the computer, disconnect it from the network, remove the keyboard and mouse, and power it down. What step in incident handling did you just complete?

Containment 

Eradication 

Recovery 

Discovery

SHOW ANSWER

Which of the following tools is used by pen testers and analysts specifically to analyze links between data using link analysis and graphs?

Metasploit 

Wireshark 

Maltego 

Cain & Abel

SHOW ANSWER

You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user's password or activate disabled Windows accounts?

John the Ripper

SET

CHNTPW 

Cain & Abel

SHOW ANSWER

Bob, your senior colleague, has sent you a mail regarding aa deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days, Bob denies that he had ever sent a mail. What do you want to "know" to prove yourself that it was Bob who had send a mail?

 Confidentiality 

Integrity 

Non-Repudiation

Authentication

SHOW ANSWER

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

At least twice a year or after any significant upgrade or modification 

At least once a year and after any significant upgrade or modification 

At least once every two years and after any significant upgrade or modification 

At least once every three years or after any significant upgrade or modification

SHOW ANSWER

You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly. What is the best nmap command you will use?

nmap -T4 -q 10.10.0.0/24 

nmap -T4 -F 10.10.0.0/24 

nmap -T4 -r 10.10.1.0/24 

nmap -T4 -O 10.10.0.0/24

SHOW ANSWER
BACK | NEXT
TRINITY SOFTWARE SOLUTIONS,IInd floor, Radheyam Towers, Gandhari Amman Kovil Road, Pulimood, Trivandrum - 1
0471-2334855 | 2335855 | 9447387064 | 9847003556 info@trinitytechnology.in