Paul Anstall
Quiz von , erstellt am more than 1 year ago

CEH Security

130
0
0
Paul Anstall
Erstellt von Paul Anstall vor fast 8 Jahre
Schließen

CEHv9 Chapter 9

Frage 1 von 13

1

Which of the following doesn’t define a method of transmitting data that violates a security policy?

Wähle eine der folgenden:

  • Backdoor channel

  • Session hijacking

  • Covert channel

  • Overt channel

Erklärung

Frage 2 von 13

1

Which virus type is only executed when a specific condition is met?

Wähle eine der folgenden:

  • Sparse infector

  • Multipartite

  • Metamorphic

  • Cavity

Erklärung

Frage 3 von 13

1

Which of the following propagates without human interaction?

Wähle eine der folgenden:

  • Trojan

  • Worm

  • Virus

  • MITM

Erklärung

Frage 4 von 13

1

Which of the following don’t use ICMP in the attack? (Choose two.)

Wähle eine oder mehr der folgenden:

  • SYN flood

  • Ping of Death

  • Smurf

  • Peer to peer

Erklärung

Frage 5 von 13

1

Which of the following is not a recommended step in recovering from a malware infection?

Wähle eine der folgenden:

  • Delete system restore points.

  • Back up the hard drive.

  • Remove the system from the network.

  • Reinstall from original media.

Erklärung

Frage 6 von 13

1

Which of the following is a recommendation to protect against session hijacking? (Choose two.)

Wähle eine oder mehr der folgenden:

  • Use only nonroutable protocols.

  • Use unpredictable sequence numbers.

  • Use a file verification application, such as Tripwire.

  • Use a good password policy.

  • Implement ICMP throughout the environment.

Erklärung

Frage 7 von 13

1

Which of the following attacks an already-authenticated connection?

Wähle eine der folgenden:

  • Smurf

  • Denial of service

  • Session hijacking

  • Phishing

Erklärung

Frage 8 von 13

1

How does Tripwire (and programs like it) help against Trojan attacks?

Wähle eine der folgenden:

  • Tripwire is an AV application that quarantines and removes malware immediately.

  • Tripwire is an AV application that quarantines and removes malware after a scan.

  • Tripwire is a file-integrity-checking application that rejects malware packets intended for the kernel.

  • Tripwire is a file-integrity-checking application that notifies you when a system file has been altered, potentially indicating malware.

Erklärung

Frage 9 von 13

1

Which of the following DoS categories consume all available bandwidth for the system or service?

Wähle eine der folgenden:

  • Fragmentation attacks

  • Volumetric attacks

  • Application attacks

  • TCP state-exhaustion attacks

Erklärung

Frage 10 von 13

1

During a TCP data exchange, the client has offered a sequence number of 100, and the server has offered 500. During acknowledgments, the packet shows 101 and 501, respectively, as the agreed-upon sequence numbers. With a window size of 5, which sequence numbers would the server willingly accept as part of this session?

Wähle eine der folgenden:

  • 102 through 104

  • 102 through 501

  • 102 through 502

  • Anything above 501

Erklärung

Frage 11 von 13

1

Which of the following is the proper syntax on Windows systems for spawning a command shell on port 56 using Netcat?

Wähle eine der folgenden:

  • nc -r 56 -c cmd.exe

  • nc -p 56 -o cmd.exe

  • nc -L 56 -t -e cmd.exe

  • nc -port 56 -s -o cmd.exe

Erklärung

Frage 12 von 13

1

Which of the following best describes a DRDoS?

Wähle eine der folgenden:

  • Multiple intermediary machines send the attack at the behest of the attacker.

  • The attacker sends thousands upon thousands of SYN packets to the machine with a false source IP address.

  • The attacker sends thousands of SYN packets to the target but never responds to any of the return SYN/ACK packets.

  • The attack involves sending a large number of garbled IP fragments with overlapping, oversized payloads to the target machine.

Erklärung

Frage 13 von 13

1

Which of the following best describes a teardrop attack?

Wähle eine der folgenden:

  • The attacker sends a packet with the same source and destination address.

  • The attacker sends several overlapping, extremely large IP fragments.

  • The attacker sends UDP Echo packets with a spoofed address.

  • The attacker uses ICMP broadcast to DoS targets.

Erklärung