EC COUNCIL-Ethical Hacking and Countermeasures (CEHv7) Exam Set 11

1.

What statement is true regarding LM hashes?

LM hashes consist in 48 hexadecimal characters. LM hashes are based on AES128 cryptographic standard. Uppercase characters in the password are converted to lowercase. LM hashes are not generated when the password length exceeds 15 characters.

2.

What is a successful method for protecting a router from potential smurf attacks?

Placing the router in broadcast mode Enabling port forwarding on the router Installing the router outside of the network's firewall Disabling the router from accepting broadcast ping messages

3.

Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?

NMAP Metasploit Nessus BeEF

4.

The use of technologies like IPSec can help guarantee the followinG. authenticity, integrity, confidentiality and

non-repudiation. operability. security. usability.

5.

A security administrator notices that the log file of the company`s webserver contains suspicious entries: Based on source code analysis, the analyst concludes that the login.php script is vulnerable to

command injection. SQL injection. directory traversal. LDAP injection.

6.

Which of the following is a detective control?

Smart card authentication Security policy Audit trail Continuity of operations plan

7.

A penetration tester is attempting to scan an internal corporate network from the internet without alerting the border sensor. Which is the most efficient technique should the tester consider using?

Spoofing an IP address Tunneling scan over SSH Tunneling over high port numbers Scanning using fragmented IP packets

8.

A circuit level gateway works at which of the following layers of the OSI Model?

Layer 5 - Session Layer 4 - TCP Layer 3 - Internet protocol Layer 2 - Data link

9.

Which of the following lists are valid data-gathering activities associated with a risk assessment?

Threat identification, vulnerability identification, control analysis Threat identification, response identification, mitigation identification Attack profile, defense profile, loss profile System profile, vulnerability identification, security determination

10.

A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the best remediation against this type of attack?

Implementing server-side PKI certificates for all connections Mandating only client-side PKI certificates for all connections Requiring client and server PKI certificates for all connections Requiring strong authentication for all DNS queries

EC COUNCIL-Ethical Hacking and Countermeasures (CEHv7) Exam Set 11

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

COMPANY

Products

OTHERS

Partner

EC COUNCIL-Ethical Hacking and Countermeasures (CEHv7) Exam Set 11

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

Detail Form

COMPANY

Products

OTHERS

Partner