As a security professional, The Certified Ethical Hacker (CEH) and Security+ certifications are great feathers to have in your cap. If you are preparing for either one, here’s a list of 10 questions that should help you test your progress (Answers at bottom):
- Which of the following are some of the methods to perform footprinting?
a) Social engineering
b) Competitive intelligence
c) Zero-day attack
d) Both a) and b)
- What does the WHOIS database contain?
a) Information regarding users of domains or IP addresses.
b) Information regarding known hacking groups and the techniques they use.
c) Information regarding best security practices.
d) Both a) and b)
- What does the TCP URG flag indicate?
a) Received data should be discarded.
b) Data in the packet should be processed immediately.
c) Sequence numbers of previous TCP messages were tampered with.
d) The TCP connection should be reset immediately.
- Which of the following can be possible consequence(s) of an XSS (Cross-side scripting) attack?
a) Malicious code can be injected into a web page.
b) Visitor information can be compromised.
c) Both a) and b)
d) None of the above.
- What is a feature of the permissive security policy?
a) Only allow the most important traffic.
b) Don’t allow any traffic.
c) Allow all traffic, and only block the most dangerous potential attacks.
d) Create access-control-lists to allow traffic.
- How is the Single Loss Expectancy calculated?
a) Multiply the asset value by the exposure factor.
b) Divide the asset value by the exposure factor.
c) Calculate the annual rate of occurrence and multiply it by the exposure factor.
d) Calculate the annual loss expectancy and divide it by 12.
- What is the phrase used to refer to events that should have been flagged as potentially harmful, but weren’t?
a) Non-issues.
b) False negatives.
c) False positives.
d) Red flags.
- Which of the following is a way to check if a host is live?
a) Ping sweep.
b) ICMP scanning.
c) Source routing.
d) Both a) and b)
- Sometimes hackers send specifically designed packets to hosts and try to match the responses within a database to identify the running operating system. What is this technique called?
a) IDLE scanning.
b) Active Banner Grabbing.
c) TCP Handshakes.
d) Host discovery.
- What is the default TCP port for LDAP (Lightweight Directory Access Protocol)?
a) 392.
b) 389.
c) 1002.
d) 8081.
Answers:
- Which of the following are some of the methods to perform footprinting?
a) Social engineering
b) Competitive intelligence
c) Zero-day attack
d) Both a) and b)
The correct answer is d) Both a) and b).
Footprinting is the process of obtaining as much information as possible about a target network/host. Social engineering is one of the ways to achieve this. Hackers with high levels of manipulative intellect exploit people to gain sensitive information like passwords, access cards, or IP addresses etc. They may also lure unsuspecting people into injecting or spreading malware within a network.
Competitive intelligence involves gathering information about a company’s competitors using any available resources, both online and offline. Data like company history, average traffic, reviews, and press releases can all sometimes reveal usable insights.
A zero-day attack takes place when someone exploits an unknown vulnerability in a service/system/network. It has nothing to do with footprinting.
- What does the WHOIS database contain?
a) Information regarding users of domains or IP addresses.
b) Information regarding known hacking groups and the techniques they use.
c) Information regarding best security practices.
d) Both a) and b)
The correct answer is a) Information regarding users of domains or IP addresses.
WHOIS footprinting is a way to obtain information about the ownership of domains and IP addresses. The following information can typically be found in a WHOIS database:
- Basic domain name details.
- Contact details of the owner (email, phone numbers etc.).
- Domain name servers.
- Registration and expiry dates of a domain name.
- What does the TCP URG flag indicate?
a) Received data should be discarded.
b) Data in the packet should be processed immediately.
c) Sequence numbers of previous TCP messages were tampered with.
d) The TCP connection should be reset immediately.
The correct answer is b) Data in the packet should be processed immediately.
A list of TCP communication flags and their purposes is as follows:
- PSH(push): Used to send all buffered data immediately.
- ACK(Acknowledgement): Used to acknowledge the reception of a packet.
- FIN(Finish): Used to indicate the end of a communication. No more packets will be sent.
- SYN(Synchronization): Used to initiate a connection between two hosts.
- RST(Reset): Used to reset a TCP connection.
- URG(urgent): Process the data within the packet immediately.
- Which of the following can be possible consequence(s) of an XSS (Cross-side scripting) attack?
a) Malicious code can be injected into a web page.
b) Visitor information can be compromised.
c) Both a) and b)
d) None of the above.
The correct answer is c) Both a) and b)
A cross-side scripting attack exploits a vulnerability in a webpage that allows someone to inject malicious code to it. This malicious code then executes within a victims’ browsers whenever they load that specific page, eventually leading to sensitive information (like passwords and credit card numbers) being compromised.
- What is a feature of the permissive security policy?
a) Only allow the most important traffic.
b) Don’t allow any traffic.
c) Allow all traffic, and only block the most dangerous potential attacks.
d) Create access-control-lists to allow traffic.
The correct answer is c) Allow all traffic, and only block the most dangerous potential attacks.
Permissive security policy is one that allows all traffic to flow, blocking only the most dangerous and frequently occurring attacks. A majority of security experts disapprove of this policy altogether because it fails to protect against any new attacks or unknown vulnerabilities.
- How is the Single Loss Expectancy calculated?
a) Multiply the asset value by the exposure factor.
b) Divide the asset value by the exposure factor.
c) Calculate the annual rate of occurrence and multiply it by the exposure factor.
d) Calculate the annual loss expectancy and divide it by 12.
The correct answer is a) Multiply the asset value by the exposure factor.
Single Loss Expectancy or SLE is the monetary damage resulting every time an asset is expected to be at risk (compromised). It can be calculated by multiplying the asset value by the exposure factor. The exposure factor is merely the percentage of the asset that would get lost during a potential incident. For example, if you think 20% of your data storage can get compromised in case a flood occurs in your remote data center, the exposure factor will be 0.2.
- What is the phrase used to refer to events that should have been flagged as potentially harmful, but weren’t?
a) Non-issues.
b) False negatives.
c) False positives.
d) Red flags.
The correct answer is b) False negatives.
A non-issue is a matter that doesn’t warrant attention. A false positive is the opposite of a false negative; it refers to events that weren’t harmful, but were flagged anyway. A red flag can be any problem that requires attention.
- Which of the following is a way to check if a host is live?
a) Ping sweep.
b) ICMP scanning.
c) Source routing.
d) Both a) and b)
The correct answer is d) Both a) and b).
Ping sweep goes through a range of IP addresses to determine which ones are associated with live hosts. ICMP scanning involves sending ICMP ECHO requests to hosts; in case they respond, they can be identified as being live.
Source routing is just a firewall evasion technique, which allows the sender to alter the route of a packet such that it goes around a firewall.
- Sometimes hackers send specifically designed packets to hosts and try to match the responses within a database to identify operating systems. What is this technique called?
a) IDLE scanning.
b) Active Banner Grabbing.
c) TCP Handshakes.
d) Host discovery.
The correct answer is b) Active Banner Grabbing.
IDLE scanning is a way to identify which services the target host is offering by sending spoofed packets. TCP handshakes are performed prior to establishing a TCP connection, in order to align the sequence numbers to be used in subsequent transmissions. Host discovery involves the process of discovering live hosts, usually behind a firewall.
- What is the default TCP port for LDAP (Lightweight Directory Access Protocol)?
a) 392.
b) 389.
c) 1002.
d) 8081.
The correct answer is b) 389.
Leave a Reply