CEH-001 Free Practice Test

- (Topic 3)
A majority of attacks come from insiders, people who have direct access to a company's computer system as part of their job function or a business relationship. Who is considered an insider?

1. A. A competitor to the company because they can directly benefit from the publicity generated by making such an attack
2. B. Disgruntled employee, customers, suppliers, vendors, business partners, contractors, temps, and consultants
3. C. The CEO of the company because he has access to all of the computer systems
4. D. A government agency since they know the company\'s computer system strengths and weaknesses

Correct Answer: B

- (Topic 6)
SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. This protocol has long been used by hackers to gather great amount of information about remote hosts.
Which of the following features makes this possible? (Choose two)

1. A. It used TCP as the underlying protocol.
2. B. It uses community string that is transmitted in clear text.
3. C. It is susceptible to sniffing.
4. D. It is used by all network devices on the market.

Correct Answer: BD
Simple Network Management Protocol (SNMP) is a protocol which can be used by administrators to remotely manage a computer or network device. There are typically 2 modes of remote SNMP monitoring. These modes are roughly \'READ\' and \'WRITE\' (or PUBLIC and PRIVATE). If an attacker is able to guess a PUBLIC community string, they would be able to read SNMP data (depending on which MIBs are installed) from the remote device. This information might include system time, IP addresses, interfaces, processes running, etc. Version 1 of SNMP has been criticized for its poor security. Authentication of clients is performed only by a "community string", in effect a type of password, which is transmitted in cleartext.

- (Topic 4)
Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products?

1. A. Microsoft Security Baseline Analyzer
2. B. Retina
3. C. Core Impact
4. D. Microsoft Baseline Security Analyzer

Correct Answer: D

- (Topic 5)
The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

1. A. An extensible security framework named COBIT
2. B. A list of flaws and how to fix them
3. C. Web application patches
4. D. A security certification for hardened web applications

Correct Answer: B

- (Topic 3)
The traditional traceroute sends out ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets take to reach the destination.
The problem is that with the widespread use of firewalls on the Internet today, many of the packets that traceroute sends out end up being filtered, making it impossible to completely trace the path to the destination.
<>

1. A. Firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connection
2. B. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
3. C. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connection
4. D. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
5. E. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connection
6. F. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
7. G. Do not use traceroute command to determine the path packets take to reach the destination instead use the custom hacking tool JOHNTHETRACER and run with the command
8. H. \\> JOHNTHETRACER www.eccouncil.org -F -evade

Correct Answer: A