CEH-001 Free Practice Test

- (Topic 6)
What port scanning method is the most reliable but also the most detectable?

1. A. Null Scanning
2. B. Connect Scanning
3. C. ICMP Scanning
4. D. Idlescan Scanning
5. E. Half Scanning
6. F. Verbose Scanning

Correct Answer: B
A TCP Connect scan, named after the Unix connect() system call is the most accurate scanning method. If a port is open the operating system completes the TCP three- way handshake, and the port scanner immediately closes the connection.

- (Topic 7)
A POP3 client contacts the POP3 server:

1. A. To send mail
2. B. To receive mail
3. C. to send and receive mail
4. D. to get the address to send mail to
5. E. initiate a UDP SMTP connection to read mail

Correct Answer: B
POP is used to receive e-mail. SMTP is used to send e-mail.

- (Topic 6)
You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs?

1. A. The zombie you are using is not truly idle.
2. B. A stateful inspection firewall is resetting your queries.
3. C. Hping2 cannot be used for idle scanning.
4. D. These ports are actually open on the target system.

Correct Answer: A
If the IPID is incremented by more than the normal increment for this type of system it means that the system is interacting with some other system beside yours and has sent packets to an unknown host between the packets destined for you.

- (Topic 5)
A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?

1. A. -sO
2. B. -sP
3. C. -sS
4. D. -sU

Correct Answer: A

- (Topic 8)
Exhibit:
<>

1. A. A new port was opened
2. B. A new user id was created
3. C. The exploit was successful
4. D. The exploit was not successful

Correct Answer: D
The attacker submits a PASS to the honeypot and receives a login incorrect before disconnecting.