Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
41Activity
0 of .
Results for:
No results containing your search query
P. 1
Cehv6 Study Guide

Cehv6 Study Guide

Ratings: (0)|Views: 5,063 |Likes:
Published by lugia101

More info:

Published by: lugia101 on Jul 18, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as TXT, PDF, TXT or read online from Scribd
See more
See less

11/15/2012

pdf

text

original

 
CEH V6 Study Guide------------------1. Jason is the network security administrator for Gunderson International, a global shipping company based out of New York City. Jason’s company utilizes manylayers of security throughout its network such as network firewalls, application firewalls, vlans, operating system hardening, and so on. One thing in particular the company is concerned with is the trustworthiness of data and resources in terms of preventing improper and unauthorized changes. Since the company is global, information is sent constantly back and forth to all its employees all over the world. What in particular is Jason’s company concerned about?A. Jason’s company is particularly concerned about data integrity. *B. Authenticity is what the company is most concerned about.C. The confidentiality of the company’s data is the most important concern for Gunderson International.D. The availability of the data is paramount to any other concern of the company.2. Yancey is a network security administrator for a large electric company. This company provides power for over 100,000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down thecompany once he has left. Yancey does not care if his actions land him in jailfor 30 or more years, he just wants the company to pay for what they are doing to him. What would Yancey be considered?A. Yancey would be considered a Suicide Hacker. *B. Since he does not care about going to jail, he would be considered a Black Hat.C. Because Yancey works for the company currently; he would be a White Hat.D. Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing.3. Heather is a hacktivist working for Green Peace International. She has broken into numerous oil and energy companies and exposed their confidential data tothe public. Normally, Heather uses a combination of social engineering and DoStechniques to gain access to the companies’ networks. Heather has made over 50fake ID cards and access badges to gain unauthorized access to companies to gaininformation as well. If Heather is caught by the federal government, what US law could she be prosecuted under?A. She could be prosecuted under US law 18 U.S.C § 1029 if caught. *B. Heather would be charged under 18 U.S.C § 2510, which entails the use of morethan 15 counterfeit items.C. 18 U.S.C § 9914 is the US law that Heather would be prosecuted under since she used false pretenses to gain unauthorized access.D. Heather would serve prison time for her actions if prosecuted under US law 18U.S.C § 2929.4. Stephanie is the senior security analyst for her company, a manufacturing company in Detroit. Stephanie is in charge of maintaining network security throughout the entire company. A colleague of hers recently told her in confidence that he was able to see confidential corporate information on Stephanie’s externalwebsite. He was typing in URLs randomly on the company website and he found information that should not be public. Her friend said this happened about a monthago. Stephanie goes to the addresses he said the pages were at, but she finds
 
nothing. She is very concerned about this, since someone should be held accountable if there really was sensitive information posted on the website. Where canStephanie go to see past versions and pages of a website?A. Stephanie can go to Archive.org to see past versions of the company website.*B. She should go to the web page Samspade.org to see web pages that might no longer be on the website.C. If Stephanie navigates to Search.com; she will see old versions of the company website.D. AddressPast.com would have any web pages that are no longer hosted on the company’s website.5. You are the chief information officer for your company, a shipping company based out of Oklahoma City. You are responsible for network security throughout the home office and all branch offices. You have implemented numerous layers ofsecurity from logical to physical. As part of your procedures, you perform a yearly network assessment which includes vulnerability analysis, internal networkscanning, and external penetration tests. Your main concern currently is the server in the DMZ which hosts a number of company websites. To see how the serverappears to external users, you log onto a laptop at a Wi-Fi hotspot. Since youalready know the IP address of the web server, you create a telnet session to that server and type in the command:HEAD /HTTP/1.0After typing in this command, you are presented with the following screen:What are you trying to do here?A. You are trying to grab the banner of the web server. *B. You are attempting to send an html file over port 25 to the web server.C. You are trying to open a remote shell to the web server.D. By typing in the HEAD command, you are attempting to create a buffer overflowon the web server.6. Kyle is a security consultant currently working under contract for a large financial firm based in San Francisco. Kyle has been asked by the company to perform any and all tests necessary to ensure that every point of the network is secure. Kyle first performs some passive footprinting. He finds the company’s website which he checks out thoroughly for information. Kyle sets up an account with the company and logs on to their website with his information.Kyle changes the URL to:This address produces a Page Cannot be Displayed error. Kyle then types in another URL:What is Kyle attempting here?A. Kyle is trying incremental substitution to navigate to other pages not normally available. *
 
B. Kyle is using extension walking to gain access to other web pages.C. He is using error walking to see what software is being used to host the financial institution’s website.D. By changing the address manually, Kyle is attempting ASP poisoning.7. George is the senior security analyst for Tyler Manufacturing, a motorcycle manufacturing company in Seattle. George has been tasked by the president of thecompany to perform a complete network security audit. The president is most concerned about crackers breaking in through the company’s web server. This web server is vital to the company’s business since over one million dollars of product is sold online every year. The company’s web address is at: www.customchoppers.com. George decides to hire an external security auditor to try and break into the network through the web server. This external auditor types in the following Google search attempting to glean information from the web server:What is the auditor trying to accomplish here?A. He is trying to search for all web pages on the customchoppers site without extensions of html and htm. *B. The auditor is having Google retrieve all web pages on the Tyler Manufacturing website that either have the extension of html or htm.C. He is attempting to retrieve all web pages the might have a login page to thecompany’s backend database.D. The auditor that George has hired is trying to find pages with the extensionof html or htm that link directly to customchoppers.com.8. Jonathan is an IT security consultant working for Innovative Security, an ITauditing company in Houston. Jonathan has just been hired on to audit the network of a large law firm in downtown Houston. Jonathan starts his work by performing some initial passive scans and social engineering. He then uses Angry IP toscan for live hosts on the firm’s network. After finding some live IP addresses, he attempts some firewalking techniques to bypass the firewall using ICMP butthe firewall blocks this traffic. Jonathan decides to use HPING2 to hopefullybypass the firewall this time. He types in the following command:What is Jonathan trying to accomplish by using HPING2?A. Jonathan is attempting to send spoofed SYN packets to the target via a trusted third party to port 81. *B. He is using HPING2 to send FIN packets to 10.0.1.24 over port 81.C. By using this command for HPING2, Jonathan is attempting to connect to the host at 10.0.1.24 through an SSH shell.D. This HPING2 command that Jonathan is using will attempt to connect to the 10.0.1.24 host over HTTP by tunneling through port 81.9. Hayden is the network security administrator for her company, a large markingfirm based in Miami. Hayden just got back from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. Hayden is worried about the current security state ofher company’s network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established she sends RST packets to those hosts tostop the session. She has done this to see how her intrusion detection system will log the traffic. What type of scan is Hayden attempting here?A. Hayden is using a half-open scan to find live hosts on her network. *

Activity (41)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Kawesa Kevin liked this
Amine Asri liked this
roedea72 liked this
Ilu Choudhary liked this
piokarol liked this
Hammy Moh liked this
gilmoudir liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->