GAQM GAQM Certifications CEH-001 Questions & Answers

• Question 291:

  Why would an attacker want to perform a scan on port 137?

  A. To discover proxy servers on a network

  B. To disrupt the NetBIOS SMB service on the target host

  C. To check for file and print sharing on Windows systems

  D. To discover information about a target host using NBTSTAT

  Correct Answer: D

• Question 292:

  Which Type of scan sends a packets with no flags set? Select the Answer

  A. Open Scan

  B. Null Scan

  C. Xmas Scan

  D. Half-Open Scan

  Correct Answer: B

• Question 293:

  Which of the following commands runs snort in packet logger mode?

  A. ./snort -dev -h ./log

  B. ./snort -dev -l ./log

  C. ./snort -dev -o ./log

  D. ./snort -dev -p ./log

  Correct Answer: B

• Question 294:

  Which of the following command line switch would you use for OS detection in Nmap?

  A. -D

  B. -O

  C. -P

  D. -X

  Correct Answer: B

• Question 295:

  You have initiated an active operating system fingerprinting attempt with nmap against a target system:

  

  What operating system is the target host running based on the open ports shown above?

  A. Windows XP

  B. Windows 98 SE

  C. Windows NT4 Server

  D. Windows 2000 Server

  Correct Answer: D

• Question 296:

  An nmap command that includes the host specification of 202.176.56-57.* will scan _______ number of hosts.

  A. 2

  B. 256

  C. 512

  D. Over 10, 000

  Correct Answer: C

• Question 297:

  A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?

  A. The packets were sent by a worm spoofing the IP addresses of 47 infected sites

  B. ICMP ID and Seq numbers were most likely set by a tool and not by the operating system

  C. All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number

  D. 13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and Seq 0

  Correct Answer: B

• Question 298:

  While performing ping scans into a target network you get a frantic call from the organization's security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization's IDS monitor. How can you modify your scan to prevent triggering this event in the IDS?

  A. Scan more slowly.

  B. Do not scan the broadcast IP.

  C. Spoof the source IP address.

  D. Only scan the Windows systems.

  Correct Answer: B

• Question 299:

  Neil notices that a single address is generating traffic from its port 500 to port 500 of several other machines on the network. This scan is eating up most of the network bandwidth and Neil is concerned. As a security professional, what would you infer from this scan?

  A. It is a network fault and the originating machine is in a network loop

  B. It is a worm that is malfunctioning or hardcoded to scan on port 500

  C. The attacker is trying to detect machines on the network which have SSL enabled

  D. The attacker is trying to determine the type of VPN implementation and checking for IPSec

  Correct Answer: D

• Question 300:

  A distributed port scan operates by:

  A. Blocking access to the scanning clients by the targeted host

  B. Using denial-of-service software against a range of TCP ports

  C. Blocking access to the targeted host by each of the distributed scanning clients

  D. Having multiple computers each scan a small number of ports, then correlating the results

  Correct Answer: D