What kind of results did Jim receive from his vulnerability analysis?
Jim performed a vulnerability analysis on his network and found no potential problems. He runs
another utility that executes exploits against his system to verify the results of the vulnerability test.
The second utility executes five known exploits against his network in which the vulnerability
analysis said were not exploitable. What kind of results did Jim receive from his vulnerability
analysis?
Why would you want to initiate a DoS attack on a system you are testing?
You work as a penetration tester for Hammond Security Consultants. You are currently working on
a contract for the state government of California. Your next step is to initiate a DoS attack on their
network. Why would you want to initiate a DoS attack on a system you are testing?
To test your website for vulnerabilities, you type in a quotation mark (?
To test your website for vulnerabilities, you type in a quotation mark (? for the username field.
After you click Ok, you receive the following error message window:
What can you infer from this error window?
Exhibit: 
What tool should you use?
You work as an IT security auditor hired by a law firm in Boston to test whether you can gain
access to sensitive information about the company clients. You have rummaged through their
trash and found very little information. You do not want to set off any alarms on their network, so
you plan on performing passive footprinting against their Web servers. What tool should you use?
Why is that?
After passing her CEH exam, Carol wants to ensure that her network is completely secure. She
implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security
measures were taken, none of the hosts on her network can reach the Internet. Why is that?
What will this search produce?
Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance
agreement he signed with the client, Harold is performing research online and seeing how much
exposure the site has received so far. Harold navigates to google.com and types in the following
search.
link:www.ghttech.net
What will this search produce?
what privilege should the daemon service be run under?
On Linux/Unix based Web servers, what privilege should the daemon service be run under?
Why will this not be viable?
Jason has set up a honeypot environment by creating a DMZ that has no physical or logical
access to his production network. In this honeypot, he has placed a server running Windows
Active Directory. He has also placed a Web server in the DMZ that services a number of web
pages that offer visitors a chance to download sensitive information by clicking on a button. A
week later, Jason finds in his network logs how an intruder accessed the honeypot and
downloaded sensitive information. Jason uses the logs to try and prosecute the intruder for
stealing sensitive corporate information. Why will this not be viable?
What type of scan is Jessica going to perform?
Jessica works as systems administrator for a large electronics firm. She wants to scan her network
quickly to detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to
perform?
Which firewall would be most appropriate for Harold? needs?
Harold wants to set up a firewall on his network but is not sure which one would be the most
appropriate. He knows he needs to allow FTP traffic to one of the servers on his network, but he
wants to only allow FTP-PUT. Which firewall would be most appropriate for Harold? needs?