• Choose a category
• All
• Classic-Fiction

2. A. Whois is the only tool listed that won't trigger an IDS alert or otherwise be detected by an organization.

3. A, B, E. Whois, Sam Spade, and nslookup are all used to passively gather information about a target. NMAP and SuperScan are host and network scanning tools.

4. A. According to CEH methodology, scanning occurs after footprinting.

5. A, B, C, D. Newsgroups, job postings, company websites, and press releases are all good sources for information gathering.

6. D. Traceroute uses the TTL values to determine how many hops the router is from the sender. Each router decrements the TTL by one under normal conditions.

7. B. Footprinting is gathering information about a target organization.

8. A. Nslookup queries a DNS server for DNS records such as host names and IP addresses.

9. A. Of the choices listed here, shoulder surfing is considered a type of social engineering.

10. B. Calling a help desk and convincing them to reset a password for a user account is an example of social engineering.

11. D. Employee training and education is the best way to prevent a social-engineering attack.

12. A. When a hacker pretends to be a person of authority in order to get a user to ask them for information, it's an example of reverse social engineering.

13. B. Pop-up windows are a method of getting information from a user utilizing a computer.

14. A. Impersonation involves a hacker pretending to be a valid user on the system.

15. C. Security policies remove the employee's responsibility to make judgments regarding a potential social-engineering attack.

16. B. Website faking is a form of computer-based social engineering attack.

17. A. Dumpster diving is a human-based social engineering attack.

Scanning and

Enumeration

CEH EXAM OBJECTIVES COVERED IN THIS CHAPTER:

✓ Scanning

Define the Terms Port Scanning, Network Scanning, and Vulnerability Scanning

■ Understand the CEH Scanning Methodology

■ Understand Ping Sweep Techniques

Understand Nmap Command Switches

Understand SYN, Stealth, XMAS, NULL, IDLE, and FIN Scans

• List TCP Communication Flag Types

■ Understand War Dialing Techniques

Understand Banner Grabbing and OS Fingerprinting Techniques

• Understand How Proxy Servers Are Used in Launching an Attack

How Do Anonymizers Work?

Understand HTTP Tunneling Techniques

Understand IP Spoofing Techniques

✓ Enumeration

What Is Enumeration?

What Is Meant by Null Sessions?

What Is SNMP Enumeration?

What Are the Steps Involved in Performing Enumeration?

Scanning and enumeration are the first phases of hacking and involve the hacker locating target systems or networks. Enumeration is the follow-on step once scanning is complete and is used to identify computer names, usernames, and shares. Scanning and enumeration are discussed together because many hacking tools perform both.

Scanning

During scanning, the hacker continues to gather information regarding the network and its individual host systems. Data such as IP addresses, operating system, services, and installed applications can help the hacker decide which type of exploit to use in hacking a system. Scanning is the process of locating systems that are alive and responding on the network. Ethical hackers use it to identify target systems' IP addresses.

Define the Terms Port Scanning, Network Scanning,

and Vulnerability Scanning

After the active and passive reconnaissance stages of system hacking have been completed, scanning is performed. Scanning is used to determine whether a system is on the network and available. Scanning tools are used to gather information about a system such as IP addresses, the operating system, and services running on the target computer.

Table 3.1 lists the three types of scanning.

Port scanning Port scanning is the process of identifying open and available TCP/IP ports on a system. Port-scanning tools enable a hacker to learn about the services available on a given system. Each service or application on a machine is associated with a well-known port number. For example, a port-scanning tool that identifies