Call
whatsapp
9447387064 | 9847003556
0471-2335855 | 8089080088 | 0471-2334855
9447387064 | 9847003556
0471-2335855 | 8089080088 | 0471-2334855
Cisco Training in Trivandrum, Trinity Technologies

No.1 Training Institute in Kerala

CEH QUESTIONS : PART 69

Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results?
TCP port 21 – no response
TCP port 22 – no response
TCP port 23 – Time-to-live exceeded

 

The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host.

The lack of response from ports 21 and 22 indicate that those services are not running on the destination server

 The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall.

The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error.

SHOW ANSWER

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm’s public facing web servers. The engineer decides to start by using netcat to port 80. The engineer receives this output: HTTP/1.1 200 OK
Server: Microsoft-IIS/6
Expires: Tue, 17 Jan 2011 01:41:33 GMT
Date: Mon, 16 Jan 2011 01:41:33 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Wed, 28 Dec 2010 15:32:21 GMT
ETag: “b0aac0542e25c31:89d”
Content-Length: 7369
Which of the following is an example of what the engineer performed?

 

Banner grabbing

Cross-site scripting

SQL injection

Whois database query

SHOW ANSWER

Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening ports on the targeted system. While doing a technical assessment to determine network vulnerabilities, you used the TCP XMAS scan. What would be the response of all open ports?

The port will send an ACK

The port will send a SYN

The port will ignore the packets

The port will send an RST

SHOW ANSWER

Which of the following will perform an Xmas scan using NMAP?

  nmap -sA 192.168.1.254

 nmap -sP 192.168.1.254


nmap -sX 192.168.1.254

nmap -sV 192.168.1.254

SHOW ANSWER

Which of the following Nmap commands will produce the following output?
Output: Starting Nmap 6.47 (http://nmap.org ) at 2015-05-26 12:50 EDT
Nmap scan report for 192.168.1.1
Host is up (0.00042s latency).
Not shown: 65530 open|filtered ports, 65529 filtered ports
PORT STATE SERVICE
111/tcp open rpcbind
999/tcp open garcon
1017/tcp open unknown
1021/tcp open exp1
1023/tcp open netvenuechat
2049/tcp open nfs
17501/tcp open unknown
111/udp open rpcbind
123/udp open ntp
137/udp open netbios-ns
2049/udp open nfs
5353/udp open zeroconf
17501/udp open|filtered unknown
51857/udp open|filtered unknown
54358/udp open|filtered unknown
56228/udp open|filtered unknown
57598/udp open|filtered unknown
59488/udp open|filtered unknown
60027/udp open|filtered unknown

 

 nmap -sN -Ps -T4 192.168.1.1

 nmap -sT -sX -Pn -p 1-65535 192.168.1.1

 nmap -sS -Pn 192.168.1.1

nmap -sS -sU -Pn -p 1-65535 192.168.1.1

SHOW ANSWER

Emil uses nmap to scan two hosts using this command.
nmap -sS -T4 -O 192.168.99.1 192.168.99.7
He receives this output:Nmap scan report for 192.168.99.1
Host is up (0.00082s latency).
Not shown: 994 filtered ports
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
53/tcp open domain
80/tcp open http
161/tcp closed snmp
MAC Address: B0:75:D5:33:57:74 (ZTE)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.9 – 2.6.33
Network Distance: 1 hop
Nmap scan report for 192.168.99.7
Host is up (0.000047s latency).
All 1000 scanned ports on 192.168.99.7 are closed
Too many fingerprints match this host to give specific OS details
Network Distance: 0 hops
What is his conclusion?

 

Host 192.168.99.7 is an iPad.

He performed a SYN scan and OS scan on hosts 192.168.99.1 and 192.168.99.7.

Host 192.168.99.1 is the host that he launched the scan from.

Host 192.168.99.7 is down.

SHOW ANSWER

You want to analyze packets on your wireless network. Which program would you use?

Wireshark with Airpcap

Airsnort with Airpcap

Wireshark with Winpcap

Ethereal with Winpcap

SHOW ANSWER

As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find and verify just SMTP traffic. What command in Wireshark will help you to find this kind of traffic?

  request smtp 25

tcp.port eq 25

smtp port

 tcp.contains port 25

SHOW ANSWER

Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and unpatched security flaws in a computer system?

Maltego

Metasploit

Nessus

Wireshark

SHOW ANSWER

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

msfpayload

msfcli

 msfencode

 msfd

SHOW ANSWER

The establishment of a TCP connection involves a negotiation called 3 way handshake. What type of message sends the client to the server in order to begin this negotiation?

 RST

ACK

SYN-ACK

SYN

SHOW ANSWER

What is the correct process for the TCP three-way handshake connection establishment and connection termination?

 

 Connection Establishment: FIN, ACK-FIN, ACK
Connection Termination: SYN, SYN-ACK, ACK

Connection Establishment: SYN, SYN-ACK, ACK
Connection Termination: ACK, ACK-SYN, SYN

Connection Establishment: ACK, ACK-SYN, SYN
Connection Termination: FIN, ACK-FIN, ACK

Connection Establishment: SYN, SYN-ACK, ACK
Connection Termination: FIN, ACK-FIN, ACK

SHOW ANSWER

An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses. In which order should he perform these steps?

 The sequence does not matter. Both steps have to be performed against all hosts.

First the port scan to identify interesting services and then the ping sweep to find hosts responding to icmp echo requests.

First the ping sweep to identify live hosts and then the port scan on the live hosts. This way he saves time.

The port scan alone is adequate. This way he saves time.

SHOW ANSWER

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

 TCP ping


Traceroute


Broadcast ping


Hping

SHOW ANSWER
BACK | NEXT
TRINITY SOFTWARE SOLUTIONS,IInd floor, Radheyam Towers, Gandhari Amman Kovil Road, Pulimood, Trivandrum - 1
0471-2334855 | 2335855 | 9447387064 | 9847003556 info@trinitytechnology.in