312-50 Free Practice Test

- (Topic 23)
Bob was frustrated with his competitor, Brownies Inc., and decided to launch an attack that would result in serious financial losses. He planned the attack carefully and carried out the attack at the appropriate moment. Meanwhile, Trent, an administrator at Brownies Inc., realized that their main financial transaction server had been attacked. As a result of the attack, the server crashed and Trent needed to reboot the system, as no one was able to access the resources of the company. This process involves human interaction to fix it. What kind of Denial of Service attack was best illustrated in the scenario above?

1. A. DOS attacks which involves flooding a network or system
2. B. DOS attacks which involves crashing a network or system
3. C. DOS attacks which is done accidentally or deliberately
4. D. Simple DDOS attack

Correct Answer: B
This is not a DDOS, there is only one person involved as attacker

- (Topic 3)
Which of the following Nmap commands would be used to perform a UDP scan of the lower 1024 ports?

1. A. Nmap -h -U
2. B. Nmap -hU
3. C. Nmap -sU -p 1-1024
4. D. Nmap -u -v -w2 1-1024
5. E. Nmap -sS -O target/1024

Correct Answer: C
Nmap -sU -p 1-1024 <hosts.> is the proper syntax. Learning Nmap and its switches are critical for successful completion of the CEH exam.

- (Topic 23)
How do you defend against Privilege Escalation?

1. A. Use encryption to protect sensitive data
2. B. Restrict the interactive logon privileges
3. C. Run services as unprivileged accounts
4. D. Allow security settings of IE to zero or Low
5. E. Run users and applications on the least privileges

Correct Answer: ABCE

- (Topic 23)
WWW wanderers or spiders are programs that traverse many pages in the World Wide Web by recursively retrieving linked pages. Search engines like Google, frequently spider web pages for indexing.
How will you stop web spiders from crawling certain directories on your website?

1. A. Place robots.txt file in the root of your website with listing of directories that you don't want to be crawled
2. B. Place authentication on root directories that will prevent crawling from these spiders
3. C. Place "HTTP:NO CRAWL" on the html pages that you don't want the crawlers to index
4. D. Enable SSL on the restricted directories which will block these spiders from crawling

Correct Answer: A
WWW Robots (also called wanderers or spiders) are programs that traverse many pages in the World Wide Web by recursively retrieving linked pages.
The method used to exclude robots from a server is to create a file on the server which specifies an access policy for robots.
This file must be accessible via HTTP on the local URL "/robots.txt". http://www.robotstxt.org/orig.html#format

- (Topic 11)
You have successfully run a buffer overflow attack against a default IIS installation running on a Windows 2000 Server. The server allows you to spawn a shell. In order to perform the actions you intend to do, you need elevated permission. You need to know what your current privileges are within the shell. Which of the following options would be your current privileges?

1. A. Administrator
2. B. IUSR_COMPUTERNAME
3. C. LOCAL_SYSTEM
4. D. Whatever account IIS was installed with

Correct Answer: C
If you manage to get the system to start a shell for you, that shell will be running as LOCAL_SYSTEM.