Paul Anstall
Test por , creado hace más de 1 año

CEH Security

129
0
0
Paul Anstall
Creado por Paul Anstall hace más de 7 años
Cerrar

CEHv9 Chapter 9

Pregunta 1 de 13

1

Which of the following doesn’t define a method of transmitting data that violates a security policy?

Selecciona una de las siguientes respuestas posibles:

  • Backdoor channel

  • Session hijacking

  • Covert channel

  • Overt channel

Explicación

Pregunta 2 de 13

1

Which virus type is only executed when a specific condition is met?

Selecciona una de las siguientes respuestas posibles:

  • Sparse infector

  • Multipartite

  • Metamorphic

  • Cavity

Explicación

Pregunta 3 de 13

1

Which of the following propagates without human interaction?

Selecciona una de las siguientes respuestas posibles:

  • Trojan

  • Worm

  • Virus

  • MITM

Explicación

Pregunta 4 de 13

1

Which of the following don’t use ICMP in the attack? (Choose two.)

Selecciona una o más de las siguientes respuestas posibles:

  • SYN flood

  • Ping of Death

  • Smurf

  • Peer to peer

Explicación

Pregunta 5 de 13

1

Which of the following is not a recommended step in recovering from a malware infection?

Selecciona una de las siguientes respuestas posibles:

  • Delete system restore points.

  • Back up the hard drive.

  • Remove the system from the network.

  • Reinstall from original media.

Explicación

Pregunta 6 de 13

1

Which of the following is a recommendation to protect against session hijacking? (Choose two.)

Selecciona una o más de las siguientes respuestas posibles:

  • Use only nonroutable protocols.

  • Use unpredictable sequence numbers.

  • Use a file verification application, such as Tripwire.

  • Use a good password policy.

  • Implement ICMP throughout the environment.

Explicación

Pregunta 7 de 13

1

Which of the following attacks an already-authenticated connection?

Selecciona una de las siguientes respuestas posibles:

  • Smurf

  • Denial of service

  • Session hijacking

  • Phishing

Explicación

Pregunta 8 de 13

1

How does Tripwire (and programs like it) help against Trojan attacks?

Selecciona una de las siguientes respuestas posibles:

  • Tripwire is an AV application that quarantines and removes malware immediately.

  • Tripwire is an AV application that quarantines and removes malware after a scan.

  • Tripwire is a file-integrity-checking application that rejects malware packets intended for the kernel.

  • Tripwire is a file-integrity-checking application that notifies you when a system file has been altered, potentially indicating malware.

Explicación

Pregunta 9 de 13

1

Which of the following DoS categories consume all available bandwidth for the system or service?

Selecciona una de las siguientes respuestas posibles:

  • Fragmentation attacks

  • Volumetric attacks

  • Application attacks

  • TCP state-exhaustion attacks

Explicación

Pregunta 10 de 13

1

During a TCP data exchange, the client has offered a sequence number of 100, and the server has offered 500. During acknowledgments, the packet shows 101 and 501, respectively, as the agreed-upon sequence numbers. With a window size of 5, which sequence numbers would the server willingly accept as part of this session?

Selecciona una de las siguientes respuestas posibles:

  • 102 through 104

  • 102 through 501

  • 102 through 502

  • Anything above 501

Explicación

Pregunta 11 de 13

1

Which of the following is the proper syntax on Windows systems for spawning a command shell on port 56 using Netcat?

Selecciona una de las siguientes respuestas posibles:

  • nc -r 56 -c cmd.exe

  • nc -p 56 -o cmd.exe

  • nc -L 56 -t -e cmd.exe

  • nc -port 56 -s -o cmd.exe

Explicación

Pregunta 12 de 13

1

Which of the following best describes a DRDoS?

Selecciona una de las siguientes respuestas posibles:

  • Multiple intermediary machines send the attack at the behest of the attacker.

  • The attacker sends thousands upon thousands of SYN packets to the machine with a false source IP address.

  • The attacker sends thousands of SYN packets to the target but never responds to any of the return SYN/ACK packets.

  • The attack involves sending a large number of garbled IP fragments with overlapping, oversized payloads to the target machine.

Explicación

Pregunta 13 de 13

1

Which of the following best describes a teardrop attack?

Selecciona una de las siguientes respuestas posibles:

  • The attacker sends a packet with the same source and destination address.

  • The attacker sends several overlapping, extremely large IP fragments.

  • The attacker sends UDP Echo packets with a spoofed address.

  • The attacker uses ICMP broadcast to DoS targets.

Explicación

Anterior
Siguiente