A Complete Guide to ceh 312 50

The article at Testaimer.com going over http://www.testaimer.com/312-50-test is very comprehensive.

Q441. You receive an email with the following message: 

Hello Steve, 

We are having technical difficulty in restoring user database record after the recent blackout. Your account data is corrupted. Please logon to the SuperEmailServices.com and change your password. http://www.supermailservices.com@0xde.0xad.0xbe.0xef/support/logon.htm If you do not reset your password within 7 days, your account will be permanently disabled locking you out from our e-mail services. Sincerely, Technical Support SuperEmailServices 

From this e-mail you suspect that this message was sent by some hacker since you have been using their e-mail services for the last 2 years and they have never sent out an e-mail such as this. You also observe the URL in the message and confirm your suspicion about 0xde.0xad.0xbde.0xef which looks like hexadecimal numbers. You immediately enter the following at Windows 2000 command prompt: 

Ping 0xde.0xad.0xbe.0xef 

You get a response with a valid IP address. 

What is the obstructed IP address in the e-mail URL? 





Answer: A

Explanation: 0x stands for hexadecimal and DE=222, AD=173, BE=190 and EF=239 

Q442. When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK. How would an attacker exploit this design by launching TCP SYN attack? 

A. Attacker generates TCP SYN packets with random destination addresses towards a victim host 

B. Attacker floods TCP SYN packets with random source addresses towards a victim host 

C. Attacker generates TCP ACK packets with random source addresses towards a victim host 

D. Attacker generates TCP RST packets with random source addresses towards a victim host 

Answer: B

Q443. James is an IT security consultant as well as a certified ethical hacker. James has been asked to audit the network security of Yerta Manufacturing, a tool manufacturing company in Phoenix. James performs some initial external tests and then begins testing the security from inside the company's network. 

James finds some big problems right away; a number of users that are working on Windows XP computers have saved their usernames and passwords used to connect to servers on the network. This way, those users do not have to type in their credentials every time they want access to a server. James tells the IT manager of Yerta Manufacturing about this, and the manager does not believe this is possible on Windows XP. To prove his point, James has a user logon to a computer and then James types in a command that brings up a window that says "Stored User Names and Passwords". 

What command did James type in to get this window to come up? 

A. To bring up this stored user names and passwords window, James typed in "rundll32.exe storedpwd.dll, ShowWindow" 

B. James had to type in "rundll32.exe keymgr.dll, KRShowKeyMgr" to get the window to pop up 

C. James typed in the command "rundll32.exe storedpwd.dll" to get the Stored User Names and Passwords window to come up 

D. The command to bring up this window is "KRShowKeyMgr" 

Answer: B

Explanation: The Stored User Names and Passwords applet lets you assign user names and passwords to use when needing to authenticate yourself to services in domains other than the one you are currently logged into. The normal way of running this applet can be difficult to find quickly, so here is a way to launch it using a desktop shortcut using the rundll32.exe program: 

Click on START - RUN and type the following (follwed by ENTER): rundll32.exe 



Q444. Pandora is used to attack __________ network operating systems. 

A. Windows 


C. Linux 

D. Netware 


Answer: D

Explanation: While there are not lots of tools available to attack Netware, Pandora is one that can be used. 

Q445. Which of the following keyloggers can’t be detected by anti-virus or anti-spyware products? 

A. Hardware keylogger 

B. Software Keylogger 

C. Stealth Keylogger 

D. Convert Keylogger 

Answer: A

Explanation: A hardware keylogger will never interact with the operating system and therefore it will never be detected by any security programs running in the operating system. 

Q446. Jim is having no luck performing a penetration test in company’s network. He is running the tests from home and has downloaded every security scanner that he could lay his hands on. Despite knowing the IP range of all the systems, and the exact network configuration, Jim is unable to get any useful results. 

Why is Jim having these problems? 

A. Security scanners are not designed to do testing through a firewall. 

B. Security scanners cannot perform vulnerability linkage. 

C. Security scanners are only as smart as their database and cannot find unpublished vulnerabilities. 

D. All of the above. 

Answer: D

Explanation: The Security scanners available online are often to “outdated” to perform a live pentest against a victim. 

Q447. Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing? (Select the Best Answer.) 

A. Install DNS logger and track vulnerable packets 

B. Disable DNS timeouts 

C. Install DNS Anti-spoofing 

D. Disable DNS Zone Transfer 

Answer: C

Explanation: Explantion: Implement DNS Anit-Spoofing measures to prevent DNS Cache Pollution to occur. 

Q448. Which of the following Netcat commands would be used to perform a UDP scan of the lower 1024 ports? 

A. Netcat -h -U 

B. Netcat -hU <host(s.> 

C. Netcat -sU -p 1-1024 <host(s.> 

D. Netcat -u -v -w2 <host> 1-1024 

E. Netcat -sS -O target/1024 


Explanation: The proper syntax for a UDP scan using Netcat is "Netcat -u -v -w2 <host> 1-1024". 

Netcat is considered the Swiss-army knife of hacking tools because it is so versatile. 

Q449. A file integrity program such as Tripwire protects against Trojan horse attacks by: 

A. Automatically deleting Trojan horse programs 

B. Rejecting packets generated by Trojan horse programs 

C. Using programming hooks to inform the kernel of Trojan horse behavior 

D. Helping you catch unexpected changes to a system utility file that might indicate it had been replaced by a Trojan horse 

Answer: D

Explanation: Tripwire generates a database of the most common files and directories on your system. Once it is generated, you can then check the current state of your system against the original database and get a report of all the files that have been modified, deleted or added. This comes in handy if you allow other people access to your machine and even if you don't, if someone else does get access, you'll know if they tried to modify files such as /bin/login etc.