EC COUNCIL-Ethical Hacking and Countermeasures (CEHv7) Exam Set 20

One of your junior administrator is concerned with Windows LM hashes and password cracking. In your discussion with them, which of the following are true statements that you would point out? Select the best answers.

Assuring two systems that are using IPSec to protect traffic over the internet, what type of general attack could compromise the data?

You want to use netcat to generate huge amount of useless network data continuously for various performance testing between 2 hosts. Which of the following commands accomplish this?

After an attacker has successfully compromised a remote computer, what would be one of the last steps that would be taken to ensure that the compromise is not traced back to the source of the problem?

You have hidden a Trojan file virus.exe inside another file readme.txt using NTFS streaming. Which command would you execute to extract the Trojan to a standalone file?

You suspect that your Windows machine has been compromised with a Trojan virus. When you run anti- virus software it does not pick of the Trojan. Next you run netstat command to look for open ports and you notice a strange port 6666 open. What is the next step you would do?

John wishes to install a new application onto his Windows 2000 server. He wants to ensure that any application he uses has not been Trojaned. What can he do to help ensure this?

Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standard "hexdump" representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet?

Which of the following Netcat commands would be used to perform a UDP scan of the lower 1024 ports?

Sniffing is considered an active attack.