PrepAway - Latest Free Exam Questions & Answers

Category: 312-50 (CEH v6)

Exam 312-50: Ethical Hacking and Countermeasures (CEH v6)

Why do you think Dan might not be able to get an interactive session?

One comment

Dan is conducting a penetration testing and has found a vulnerability in a Web Application which gave him the sessionID token via a cross site scripting vulnerability. Dan wants to replay this token. However, the session ID manager (on the server) checks the originating IP address as well. Dan decides to spoof his IP address in order to replay the sessionID. Why do you think Dan might not be able to get an interactive session?

How would you describe a simple yet very effective mechanism for sending and receiving unauthorized informatio

One comment

How would you describe a simple yet very effective mechanism for sending and receiving unauthorized information or data between machines without alerting any firewalls and IDS’s on a network?

Why did the capturing of traffic take much less time on the wireless network?

One comment

Steven is a senior security analyst for a state agency in Tulsa, Oklahoma. His agency is currently undergoing a mandated security audit by an outside consulting firm. The consulting firm is halfway through the audit and is preparing to perform the actual penetration testing against the agency’s network. The firm first sets up a sniffer on the agency’s wired network to capture a reasonable amount of traffic to analyze later. This takes approximately 2 hours to obtain 10 GB of data. The consulting firm then sets up a sniffer on the agency’s wireless network to capture the same amount of traffic.This capture only takes about 30 minutes to get 10 GB of data.
Why did the capturing of traffic take much less time on the wireless network?

What operating system is the target host running based on the open ports shown above?

2 comments

You have initiated an active operating system fingerprinting attempt with nmap against a target system:root@ceh NG]# /usr/local/bin/nmap -sT -O 10.0.0.1
Starting nmap 3.28 ( www.insecure.org/nmap/) at 2003-06-18 19:14 IDT nteresting ports on 10.0.0.1:
The 1628 ports scanned but not shown below are in state: closed) Port State Service
21/tcp filtered ftp
2/tcp filtered ssh
5/tcp open smtp
0/tcp open http
35/tcp open loc-srv
39/tcp open netbios-ssn
89/tcp open LDAP
43/tcp open https
65/tcp open smtps
029/tcp open ms-lsa
433/tcp open ms-sql-s
301/tcp open compaqdiag
555/tcp open freeciv
800/tcp open vnc-http
900/tcp open vnc
000/tcp filtered X11
Remote operating system guess: Windows XP, Windows 2000, NT4 or 95/98/98SE map run completed — 1 IP address (1 host up) scanned in 3.334 seconds
Using its fingerprinting tests nmap is unable to distinguish between different groups of Microsoft based operating systems – Windows XP, Windows 2000, NT4 or 95/98/98SE. What operating system is the target host running based on the open ports shown above?

What method of attack is best suited to crack these passwords in the shortest amount of time?

Leave a comment

Frederickson Security Consultants is currently conducting a security audit on the networks of Hawthorn Enterprises, a contractor for the Department of Defense. Since Hawthorn Enterprises conducts business daily with the federal government, they must abide by very stringent security policies. Frederickson is testing all of Hawthorn’s physical and logical security measures including biometrics, passwords, and permissions.
The federal government requires that all users must utilize random, non-dictionary passwords that must take at least 30 days to crack. Frederickson has confirmed that all Hawthorn employees use a random password generator for their network passwords. The Frederickson consultants have saved off numerous SAM files from Hawthorn’s servers using Pwdump6 and are going to try and crack the network passwords.
What method of attack is best suited to crack these passwords in the shortest amount of time?

What does the following command in netcat do?

One comment

What does the following command in netcat do?
nc 55555 < /etc/passwd

What does this most likely indicate?

Leave a comment

You perform the following traceroute and notice that hops 19 and 20 both show the same IP address. What does this most likely indicate?
1 172.16.1.254 (172.16.1.254) 0.724 ms 3.285 ms 0.613 ms
2 ip68-98-176-1.nv.nv.cox.net (68.98.176.1) 12.169 ms 14.958 ms 13.416 ms
3 ip68-98-176-1.nv.nv.cox.net (68.98.176.1) 13.948 ms ip68-100-0-1.nv.nv.cox.net (68.100.0.1) 16.743 ms 16.207 ms
4 ip68-100-0-137.nv.nv.cox.net (68.100.0.137) 17.324 ms 13.933 ms 20.938 ms
5 68.1.1.4 (68.1.1.4) 12.439 ms 220.166 ms 204.170 ms
6 so-6-0-0.gar2.wdc1.Level3.net (67.29.170.1) 16.177 ms 25.943 ms 14.104 ms
7 unknown.Level3.net (209.247.9.173) 14.227 ms 17.553 ms 15.415 ms 96
8 so-0-1-0.bbr1.NewYork1.level3.net (64.159.1.41) 17.063 ms 20.960 ms 19.512 ms
9 so-7-0-0.gar1.NewYork1.Level3.net (64.159.1.182) 20.334 ms 19.440 ms 17.938 ms
10 so-4-0-0.edge1.NewYork1.Level3.net (209.244.17.74) 27.526 ms 18.317 ms 21.202 ms
11 uunet-level3-oc48.NewYork1.Level3.net (209.244.160.12) 21.411 ms 19.133 ms 18.830 ms
12 0.so-6-0-0.XL1.NYC4.ALTER.NET (152.63.21.78) 21.203 ms 22.670 ms 20.111 ms
13 0.so-2-0-0.TL1.NYC8.ALTER.NET (152.63.0.153) 30.929 ms 24.858 ms 23.108 ms
14 0.so-4-1-0.TL1.ATL5.ALTER.NET (152.63.10.129) 37.894 ms 33.244 ms 33.910 ms
15 0.so-7-0-0.XL1.MIA4.ALTER.NET (152.63.86.189) 51.165 ms 49.935 ms 49.466 ms
16 0.so-3-0-0.XR1.MIA4.ALTER.NET (152.63.101.41) 50.937 ms 49.005 ms 51.055 ms
17 117.ATM6-0.GW5.MIA1.ALTER.NET (152.63.82.73) 51.897 ms 50.280 ms 53.647 ms
18 example-gw1.customer.alter.net (65.195.239.14) 51.921 ms 51.571 ms 56.855 ms
19 www.example.com (65.195.239.22) 52.191 ms 52.571 ms 56.855 ms
20 www.example.com (65.195.239.22) 53.561 ms 54.121 ms 58.333 ms


Page 45 of 125« First...102030...4344454647...506070...Last »