http://www.gocertify.

com/quizzes/ceh/

http://www.gocertify.com/quizzes/ceh/certified-ethical-hacker-practic
e-quiz-312-50-quiz-1.html
Question 1 of 10

Which of the following is used to disable antivirus programs?

Subroot
CyberSpy
LetMeRule
Firekiller
Question 2 of 10
Which of the following tools can be used to extract SAM hash from
Windows? (Choose two)
SamDump
pwdump2
L0phtCrack
SMBRelay
Question 3 of 10
Ron performed an internal penetration test on his office network and
found ports 31337 and 31338 had been opened. Which program might be
using these ports?
GirlFriend
BlackOrifice
DeepThroat
Netbus
Question 4 of 10
Which of the following is a file system integrity-checking program?
Tripwire
Stegdetect
elsave
PsExec
Question 5 of 10
Which of the following TCP flags denotes resetting of the connection?
RST
ACK
URG
PSH
Question 6 of 10
Which of the following is an intrusion detection tool?
Snort
Iris
WireShark
EtherPeek
Question 7 of 10
Which of the following tools can be used against a denial of service
attack?
A LAND
targa
Bubonic
All of these
Question 8 of 10
Which of the following can be used for password cracking and ARP
poisoning?
SMAC
Packet Crafter
Hydra
Cain & Abel
Question 9 of 10
Which of the following viruses use encryption to hide its presence?
Cavity virus
Camouflage virus
Polymorphic virus
Armored virus
Question 10 of 10
Tini Trojan listens on which port?
23476
7777
21544
2140
http://www.gocertify.com/quizzes/ceh/certified-ethical-hacker-practic
e-quiz-312-50-quiz-2.html

Question 1 of 10

Which of the following NMAP scanning types is also known as half-open

scanning?
TCP Connect
XMAS Tree scan
ACK Scan
SYN stealth scan
Question 2 of 10
Which of the following is a DNS Enumeration tool?
NMAP
Nessus
Nikto
NSLookup
Question 3 of 10
Which of the following commands will display the following output:

whois –v gocertify.in
Nmap gocertify.in
nikto –h gocertify.in
Nsllokup gocertify.in
Question 4 of 10
Which of the following tools can be used to crack SAM files in Windows?
Hyena
Legion
NTInforScan
L0phtCrack
Question 5 of 10
The following is output from the "tracert" command to find the path to
gocertify.in? Which protocol does tracert use to find the network path
shown below?

ICMP
HTTP
STP
NTP
Question 6 of 10
Which of the following services uses registered port numbers?
CIFS
Syslog
Oracle Listener
FTP
Question 7 of 10
Which of the following would you use to save up Internet Addresses (IP)?
NTP
NAT
NAS
DHCP
Question 8 of 10
Which of the following tools enumerates NetBIOS shares?
Cain and Abel
Hydra
Telnet
Hyena
Question 9 of 10
Which of the following tools can be used for War Dialing? (Check all that
apply)
Phonesweep
THC-Scan
Nmap
Telesweep
Question 10 of 10
Which of the following automates the process of password guessing in
NetBIOS sessions?
Legion
Hyena
NTInforScan
L0phtCrack

http://www.gocertify.com/ethical-hacker/certified-ethical-hacker-prac
tice-quiz-312-50-quiz-4

Which of the following commands will show all the connections that are
currently opened in a Windows host machine?
Nmap–sP T4 target IP
nslookup–ao
netstat–an
nbtstat–an
Question 2 of 10
Which of the following tools can be used to footprint web servers in
Windows?
Burp suite
Nikto
OpenVas
Wikto
Question 3 of 10
Which of the following tools can NOT be used to enumerate Windows SID
user accounts?
DumpSec
UserInfo
Enum
SMBBF
Question 4 of 10
Which of the following tools can be used for tunneling traffic through
HTTP?
TeleSweep
BackStealth
THC-Scan
PhoneSweep
Question 5 of 10
Which of the following is NOT a recommended setting to help secure
your home wireless network?
Increase your WLAN transmitter power.
Change the default SSID.
Change default administrator passwords and usernames.
Do not auto-connect to open Wi-Fi networks.
Question 6 of 10
Which commands will do Nmap TCP and ICMP Ping?
Nmap –PB
Nmap –s0
Nmap –sA
Nmap –sI
Question 7 of 10
A security administrator is monitoring packets in the network with
Wireshark. He is finding a lot of ICMP Echo packets directed towards the
255.2555.255.255 address of his network? What type of attack is he
looking at?
Broadcast flooding
Smurf attack
SYN flood attack
ICMP flood attack
Question 8 of 10
After performing Nmap TCP port scanning on the company network, Port
137 is found opened. Which of the following services of this port might
be used by an attacker?
NETBIOS
POP3
NTP
SFTP
Question 9 of 10
The password for which of the following protocols can be sniffed out of
an Unencrypted Wireless Network?
POP3
HTTPS
SSH
SSL
Question 10 of 10
Which of the following can be used to identify which methods are allowed
in the remote web server?
Acunetix
NMAP
Cain and Abel
Hammer

http://www.gocertify.com/ethical-hacker/certified-ethical-hacker-prac
tice-quiz-312-50-quiz-5

During vulnerability assessment, you rank the public-facing website as

an integral asset to the company's continued reputation and revenue. But
there are several potential threats to the Apache HTTP Server that hosts
the website. The static webpages in particular could be vulnerable to
defacement.

Which security control should you implement?

Assign write-only permission to all HTML files and folders for the www-data group.
Assign read-only permission to all HTML files and folders for the www-data group.
Assign write permissions to the web root for only the www-data group.
Assign read and write permissions to the web root for only the www-data group.

Question 2 of 10
You are reviewing source code for any buffer overflow vulnerabilities.
The following C++ source code handles data extracted from a
compressed file:
if (extractedDataLength < 65536) {
//Break down data into multiple chunks
}
else {
//Handle data in one large chunk
}
The data should be broken down into multiple chunks only when the
buffer of 65,536 characters is reached. How should you modify the
condition in the first line of the code?
Change to extractedDataLength > 65536
Change to extractedDataLength == 65536
Change to extractedDataLength <= 65536
Change to extractedDataLength >= 65536
Question 3 of 10
You run the following command:
nmap -p21,80,443 -sV -O 45.33.32.156
What is the most likely partial output?
Host is up (0.029s latency).
Not shown: 992 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
80/tcp open http
135/tcp filtered msrpc
443/tcp filtered https
Host is up (0.029s latency).
PORT STATE SERVICE VERSION
21/tcp closed ftp
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
443/tcp filtered https
Device type: general purpose|firewall|router|broadband router|WAP|terminal
Running: Linux 3.X|2.6.X|2.4.X
Network Distance: 12 hops
Host is up (0.029s latency).
PORT STATE SERVICE VERSION
21/tcp closed ftp
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
443/tcp filtered https
Host is up (0.029s latency).
PORT STATE SERVICE
21/tcp closed ftp
80/tcp open http
443/tcp filtered https
Question 4 of 10
You are using a sniffer and you see a frame with a destination address of
0xFFFFFFFFFFFF. What type of frame is this?
Layer 2 broadcast frame
Layer 3 network ID
Layer 2 network ID
Layer 3 broadcast address
Question 5 of 10
You need to ensure that malicious packets are prevented from entering
your private network. Packets should be evaluated based on the
following criteria:
Source IP addresses
Protocol and port number
Which type of security tool will use only these criteria to deny access?
NIPS
NIDS
NTFS permissions
Router ACL
Question 6 of 10
To attack a wireless network, an attacker sets up a wireless access point
that is configured to look exactly like a company's valid wireless access
point by using the same SSID. What kind of attack is this?
WEP attack
War chalking
Evil twin
Rogue access point
Question 7 of 10
Which ISO 27000 standard describes audits and certifications?
27005
27001
27006
27002
Question 8 of 10
A hacker was recently caught trying to deface the web site of a company
with which he had serious disagreement concerning their use of certain
chemicals in their products. What is this type of hacker called?
White hat
Cracker
Ethical hacker
Hacktivist
Question 9 of 10
Which two of the following are goals of key escrow agreements? (Choose
two)
Enhance the security of public keys
Provide third party access to data
Facilitate recovery operations
Enhance the security of private keys
Question 10 of 10
You capture the following TCP frames using Wireshark:

343 61.586595 208.44.193.36 192.168.1.3 TCP (TCP segment of a

reassembled PDU]
344 61.590149 192.168.1.3 208.44.193.36 TCP 3202 > http [FIN, ACK]
Seq=986 Ack=25462 Win=17520 Len=0
345 61.590208 208.44.193.36 192.168.1.3 HTTP HTTP/1.1 404 Not Found
(text/html)
346 61.590264 192.168.1.3 208.44.193.36 TCP 3203 > http [RST, ACK]
Seq=987 Ack=25797 Win=0 Len=0
347 66.229719 192.168.1.3 208.44.193.36 TCP 3206 > http [SYN] Seq=0
Len=0 MSS=1460
348 66.369449 208.44.193.36 192.168.1.3 TCP http > 3206 [SYN, ACK]
Seq=O Ack=1 Win=l460 Len=0 MSS=l460
349 66.369526 192.168.1.3 208.44.193.36 TCP 3206 > http [ACK] Seq=1
Ack=1 Win=17520 Len=0
350 66.369745 192.168.1.3 208.44.193.36 HTTP GET
/images/product-images/practicetest/Image:cert-312-50.png HTTP/1.1
351 66.736536 208.44.193.36 192.168.1.3 TCP http > 3206 [ACK] Seq=1
Ack=625 Win=63616 Len=0
352 66.913117 208.44.193.36 192.168.1.3 TCP [TCP segment of a
reassembled PDU]
353 66.927650 208.44.193.36 192.168.1.3 TCP [TCP segment of a
reassembled PDU]
354 66.927706 192.168.1.3 208.44.193.36 TCP 3206 > http [ACK] Seq=625
Ack=2025 Win=17520 Len=0
355 66.948746 192.168.1.3 208.44.193.36 TCP 3207 > http [SYN] Seq=0
Len=0 MSS=1460
356 67.145268 208.44.193.36 192.168.1.3 TCP [TCP Previous segment lost]
[TCP Segment of a reassembled PDU]
What is the purpose of frame 354?
Second step in the TCP handshake
Final acknowledgement in a TCP handshake
First step in the TCP handshake
Acknowledgement of a data packet

http://www.gocertify.com/ethical-hacker/certified-ethical-hacker-prac
tice-quiz-312-50-quiz-6

Question 1 of 10

In a Linux/Unix system, the etc/password file can be encrypted with

which of the following encryptions?
BLOWFISH
DES
MD5
SHA
Question 2 of 10
Which tool can be used to attack a netware server?
Websleuth
Pandora
Nmap
Sam Spade
Question 3 of 10
Which of the following tools can be used for footprinting?
Tracert
Neotrace
Wireshark
John the Ripper
Question 4 of 10
Bob wants to perform a Dictionary attack on a netware server in his
account. Which tool should he consider using?
Nwcrack
Getcrack
Nmap
NWPCrack
Question 5 of 10
The command: SID: S-1-5-21domain-501, suggests which type of
account?
Administrator
Normal Guest account
Power Users
Domain admin
Question 6 of 10
What is the TTL value for the following SOA record:
fairfex.edu.SOA NS1.fairfex.edu ipad.college.edu (200302028 3600 3600
604800 2400)
200302028
3600
2400
604800
Question 7 of 10
Hunt-tool is used for which task?
ARP poisoning
Sniffing traffic
Password cracking
MTM attacks

Question 8 of 10
The below command does which of the following:
Address: 10.10.12.15
> set type=any
> ls -d wayne.net > dns.wayne.net
Zone transfer
Looks at the server name
DNS poisoning
ARP Spoofing
Question 9 of 10
NetStumbler cannot detect which wireless standard?
802.11 b
802.11g
802.11a
802.11
Question 10 of 10
Sniffing a password from a wireless network is what type of attack?
Passive attack
Brute-force attack
Active attack
Dictionary attack

http://www.gocertify.com/ethical-hacker/certified-ethical-hacker-prac
tice-quiz-312-50-quiz-7

Question 1 of 10

Which of the following attacks is hardest to identify?

Password brute force attack
DNS spoofing attack
DDOS attack
Insider attack
Question 2 of 10
What type of attack is it when a hacker tries to impersonate an authority
figure in order to trick users into giving up sensitive information?
Reverse Social Engineering Attack
Social Engineering Attack
Shoulder Surfing
Insider Attack
Question 3 of 10
Sam Spade is a tool that enables a hacker to perform which of the
following tasks?
Enumeration
Escalating privileges
Vulnerability testing
Foot-printing

Question 4 of 10
A Black Hat hacker, wants to get more information on a publicly traded
company. Which tool will help him find useful information on the
company?
Netcraft
Edgar
NSlookup
Whois
Question 5 of 10
A firewall deployed as “stateful” will inspect which part of a packet
passing through the network?
Tail of the packet
Header of the packet
Both header and data
Data packet
Question 6 of 10
An incident reported via the helpdesk disclosed that a fraudulent caller
disguised himself as an employee and asked the phone operator to tell
him his network password. What is the best way to prevent such attacks?
Providing training to all phone operators
Call logging
Setting up a VOIP solution
Call blocking
Question 7 of 10
Which of the following NMAP scans will have a greater chance of being
detected?
XMAS tree scan
Null scan
ACK scan
TCP connect scan
Question 8 of 10
Which of the following can be a great resource for hackers to find
information concerning the hardware or software used in a targeted
company?
LinkedIn
Newspapers
Job Postings
Journals
Question 9 of 10
Which Nmap switch will prevent pinging of a target machine?
–PM
–PN
–sR
–Po
Question 10 of 10
An SNMP device uses two passwords in order to configure and view its
configuration. Which of the following passwords is used to view its
configuration?
Community string
MIB
SNMPUtil
SNMPEnum

http://www.gocertify.com/ethical-hacker/certified-ethical-hacker-prac
tice-quiz-312-50-quiz-8

Question 1 of 10

Which of the following tools can be used to exploit a local procedure call
(LPC) flaw in windows?
PsExec
HK.exe
None of the above
Eblaster
Question 2 of 10
Which of the following is NetBIOS DDOS tool?
NBName
NBTcracker
Netsh
NBTdeputy

Question 3 of 10
A hacker is trying to discover the password for the windows
administration account using the tool “john the ripper.” He is trying to
brute force his way to the password of an admin SAM file he enumerated
earlier from the target Windows machine. What type of attack he is
carrying out?
Active online attack
None of above
Offline attack
Passive online attack
Question 4 of 10
John wants to send a tracking tool inside of a valid program to his
colleague so that he can track his activities in his computer. Which of the
following techniques can John exploit to make his tracking tool
effective?
MITM
Hashing
Alternate file stream
Cryptography
Question 5 of 10
Which tool will increase the L0phtCrack’s dumping sessions on the
system?
SMBDie
SMBGrind
NBTdeputy
C2MYAZZ
Question 6 of 10
A Replay attack is an example of which type of attack?
None of above
Offline attack
Active online attack
Passive online attack
Question 7 of 10
Eblaster is able to perform which of the following actions? (Choose all
that apply)
Log chat messages
Monitor e-mail
Keystroke logging
Monitor websites visited
Question 8 of 10
Which of the following is an example of a steganography attack tool?
Camerashy
Snow
Binder
Mp3Stego
Question 9 of 10
Which of the following tools can perform a "man in the middle" attack
(MITM)?
SMBRelay
SMBReplay
C2MYAZZ
pwdump2
Question 10 of 10
A Rainbow table attack on a password is which type of attack?
Active online attack
None of above
Offline attack
Passive online attack

http://www.gocertify.com/ethical-hacker/certified-ethical-hacker-prac
tice-quiz-312-50-quiz-9
Question 1 of 10

In wireless security, what is the main difference between WPA and

WPA2?
WPA uses AES as the stream cipher and includes all the features of TKIP, while WPA2
changes the IV with each frame and includes key mixing.
WPA uses RC4 for the stream cipher but supports longer keys than WEP, while WPA2
uses AES as the stream cipher and includes all the features of TKIP.
WPA uses AES for the stream cipher with a 24 bit IV, while WPA2 uses AES as the stream
cipher and includes all the features of TKIP.
WPA uses RC4 for the stream cipher with a 24 bit IV, while WPA2 uses AES as the stream
cipher and includes all the features of TKIP.
Question 2 of 10
Which of the following attacks will compromise a cloud server by placing
a malicious virtual machine in close proximity, taking advantage of
shared physical resources to steal data? (Choose two)
DNS poisoning attack
Cross-guest VM breach
Wrapping attack
Side channel attack
Question 3 of 10
Which of the following is NOT a countermeasure for port scanning?
Filter all ICMP messages at the firewalls and router.
Ensure that anti-scanning and anti-spoofing rules are configured.
Configure firewall and IDS rules to detect and block probes.
Restrict permissions within the desktop environment.
Question 4 of 10
A new payment card company is seeking to comply with the PCI-DSS
standard. How often should it conduct internal and external penetration
tests?
At least thrice a year and after any significant upgrade or modification
At least every two years and after any significant upgrade or modification
At least twice a year and after any significant upgrade or modification
At least once a year and after any significant upgrade or modification
Question 5 of 10
What Trojan is used to attack popular banking websites and steal login
credentials?
Neverquest
Ghost Eye
Darlloz
M4sT3r
Question 6 of 10
Which cryptographic algorithm uses modular arithmetic and elementary
number theories to perform computations using two large prime
numbers?
RC6
SHA3
RSA
3DES
Question 7 of 10
What is the first procedure a white-hat hacker should perform after being
introduced to IT management?
Sign a formal contract including non-disclosure.
Undertake dumpster diving.
Run a Nessus scan on the internal LAN.
Perform reconnaissance on the company.
Question 8 of 10
Which of the following is NOT a technique for defending against botnets?
Smurf
Black Hole
RFC 3704
Cisco IPS
Question 9 of 10
Which is the correct sequence of the stages of a virus’ life?
Design, Incorporation, Replication, Launch, Detection, Elimination
Design, Detection, Launch, Replication, Incorporation, Elimination
Design, Incorporation, Launch, Replication, Detection, Elimination
Design, Replication, Launch, Detection, Incorporation, Elimination
Question 10 of 10
After successfully compromising a company server having the IP
10.15.0.8, a script kiddie wants to enumerate all the devices on the
company’s network as fast as possible. Which nmap command would be
best for this purpose?
Nmap –T4 –A 10.15.0.0/24
Nmap –T4 –V 10.15.0.0/24
Nmap –T4 –O 10.15.0.0/24
Nmap –T4 –F 10.15.0.0/24
http://www.gocertify.com/ethical-hacker/ethical-hacking-general-knowl
edge-quiz

Question 1 of 10

Precomputed hashes that are intended to contain every possible

combination of characters for the purpose of comparing them against a
captured password are known as which of the following?
Salt mines
Dictionaries
Rainbow tables
Water Lillies
Question 2 of 10
As you read entries in a log file, you notice something suspicious. One
user is attempting to access a resource, and failing, by an IP address
then a URL, then an e-mail address. He seems to be systematically failing
to connect to the resource.
In the vernacular of IT security, this is known as which of the following?
groping
probing
fumbling
fingering
Question 3 of 10
The default Time-To-Live (TTL) value for IP packets differs based on
operating system. What is the default TTL value in Windows?
128
64
255
32
Question 4 of 10
You suspect a miscreant has hidden a dangerous program within a
harmless executable and posted it where several employees of your
organization downloaded it.
Such merging/hiding a dangerous program with another to effectively
create a Trojan is known as using which of the following?
binders
strings
wrappers
tape
Question 5 of 10
Which command line tool, included with Wireshark, reads a capture and
returns statistics on that file?
text2cap
tshark
dumpcap
capinfos
Question 6 of 10
Which of the following refers to a location in memory where data is
cyclically dumped?
filter discard
rolling buffer
fifo dump
L2 cache
None of these
Question 7 of 10
Within Windows, which log class stores events from remote hosts?
System log
Security log
Forwardedevents log
Config log
Methods log
Question 8 of 10
Which of the following is the default port for MySQL?
5432
3306
1521
1433
Question 9 of 10
Which of the following tools can scan a network and give you information
about open ports, the version of the server software on those ports, and
identify potential risks?
 ScrappyDoo
$access
Nmap
Get_em
Question 10 of 10
Within HTTP, which header includes the URL of the web page containing
the link that initiated the current request?
Referer
Send
Host
Post
User-Agent

http://www.gocertify.com/quizzes/ceh/ceh1.html

CEH Practice Quiz 1

Enjoy the following 15 questions from McGraw-Hill. At the conclusion of the
quiz you will get a score with explanations for any missed questions.
1. Scanning is performed in which phase of a pen test?
Hint: Pen-test steps are different from the five hacking steps.
 Pre-attack
 Post-attack
 Attack
 Reconnaissance
2. What will an open port return from an ACK scan?
Hint: Scan types return different things for open and closed ports.
 FIN
 Nothing
 SYN/ACK
 RST
3. Your target system is behind a firewall. Using hping2, you craft SYN
packets to send with a hop count capable of reaching the host. You then
send these packets out with port numbers from 1 to 1024. What action
are you performing?
Hint: Be familiar with the definitions of these terms.
 Firewalling
 XMAS scan
 Passive footprinting
 Firewalking
4. What is the preferred communications method used with systems on a
bot-net?
Hint: What would be a good way to instantaneously contact a whole bunch of
clients at once?
 IRC
 TFTP
 ICMP
 E-mail
5. Which of the following best describes a distributed denial-of-service
attack?
Hint: This term is closely associated with bot-nets.
 A DoS carried out by multiple systems
 A DoS against an entire subnet, affecting multiple systems
 A DoS against similar systems in different target networks
 A DoS against multiple systems across an enterprise network
6. What does the program EliteWrap do?
Hint: Knowledge of tools in every facet of pen testing is vital
 Ports code easily between different operating systems
 Binds Trojans to legitimate files for exploitation later
 Provides secure, encrypted tunneling between hosts
 Provides proxy services to obfuscate source IPs
7. What is the attack called “evil twin”?
Hint: Wireless attacks are pretty simple.
 Rogue access point
 MAC spoofing
 ARP poisoning
 Session hijacking
8. Which of the following is a passive wireless discovery tool?
Hint: Again, knowing the tools is key for this exam.
 Kismet
 Aircrack
 NetStumbler
 Netsniff
9. What is TKIP and how does it make WPA-2 a better security choice for
your wireless network?
Hint: The name should give it away.
 Temporal Key Integrity Protocol. It forces a key change every 10,000
packets or so.
 Temporary Key Integration Protocol. It forces a key change every
10,000 packets or so.
 Temporal Key Integrity Protocol. It forces a key change every time a bit
is sent.
 Temporary Key Integration Protocol. It forces a key change every time a
bit is sent.
 10. Which of the following is true regarding WEP cracking?
Hint: Considering the efforts needed to crack something, only one of these
answers makes sense.
 Initialization vectors are small, get reused frequently, but are encrypted
during transmission.
 Initialization vectors are small, get reused frequently, and are sent in
cleartext.
 Initialization vectors are large, get reused frequently, and are sent in
cleartext.
 Initialization vectors are large, get reused frequently, but are encrypted
during transmission.
11. What is another term for turning off the SSID broadcast?
Hint: Another wireless definition term to memorize
 SSID Sec
 SSID stealth
 SSID unicast
 SSID cloaking
12. What is the maximum length of an SSID?
Hint: SSID basic knowledge
 Sixty-four characters
 Sixteen characters
 Thirty-two characters
 Eight characters
13. Which wireless mode connects machines directly to one another,
without the use of an access point?
Hint: The wording here gives the answer away
 Ad hoc
 ESS
 Infrastructure
 Point to point
 BSS
14. Which wireless standard can operate at speeds of 100+ Mbps and
uses the 2.4GHz to 5GHz range?
Hint: The 802.11 standards are relatively easy to remember.
 802.11a
 802.11n
 802.11b
 802.11g
15. You are assigned to begin testing on a particular subnet. On
examination of the segment, you notice the network is fully switched.
Which of the following would allow you to begin sniffing traffic to or from
devices on the subnet?
Hint: The key to this question lies with the ‘fully switched’ designator.
 Use snort to view all packets.
 Use etherflood to create a MAC flood.
 None of the above.
 Use nmap to begin a port scan

http://www.gocertify.com/ethical-hacker/certified-ethical-hacker-prac
tice-quiz-312-50-quiz-3

Question 1 of 10

Which of the following tools can perform a "Man in the middle" attack
(MITM)?
SMBReplay
C2MYAZZ
pwdump2
SMBRelay
Question 2 of 10
A Replay attack is an example of which type of attack?
None of above
Passive online attack
Active online attack
Offline attack
Question 3 of 10
Which of the following is an example of a steganography attack tool?
Mp3Stego
Camerashy
Snow
All of these options
Question 4 of 10
John wants to send a tracking tool inside of a valid program to his
colleague so that he can track his activities in his computer. Which of the
following techniques can John exploit to make his tracking tool
effective?
Cryptography
Alternate file stream
MITM
Hashing
Question 5 of 10
Which of the following is NetBIOS DDOS tool?
NBName
NBTcracker
Netsh
NBTdeputy
Question 6 of 10
A Rainbow table attack on a password is which type of attack?
Passive online attack
Offline attack
Active online attack
None of the above
Question 7 of 10
Eblaster is able to perform which of the following actions?
Monitor website visited
Monitor e-mail
Keystroke logging
All of the above
Log Chat message
Question 8 of 10
A hacker is trying to discover the password for the Windows
administration account using the tool "john the ripper." He is trying to
brute force his way to the password of an admin SAM file he enumerated
earlier from the target windows machine. What type of attack he is
carrying out?
Offline attack
Passive online attack
None of above
Active online attack
Question 9 of 10
Which following tools can be used to exploit a local procedure call (LPC)
flaw in windows?
HK.exe
Eblaster
None of the above
PsExec
Question 10 of 10
Which tool will increase the L0phtCrack's dumping sessions on the
system?
SMBDie
SMBGrind
C2MYAZZ
NBTdeputy

https://www.greycampus.com/opencampus/itil-foundation/introduction-ab
out-service-design