CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [34]
C. XMAS
D. TCP connect
10. What is the proper command to perform and NMAP SYN scan every 5 minutes?
A. nmap -ss - paranoid
B. nmap -Ss -paranoid
C. nmap -Ss -fast
D. namp -Ss -sneaky
11. In order to prevent a hacker from using SMB session hijacking, which TCP and UDP ports would you block at the firewall?
A. 167 and 137
B. 80 and 23
C. 139 and 445
D. 1277 and 1270
12. Why would an attacker want to perform a scan on port 137?
A. To locate the FTP service on the target host
B. To check for file and print sharing on Windows systems
C. To discover proxy servers on a network
D. To discover a target system with the NetBIOS null session vulnerability
13. SNMP is a protocol used to manage network infrastructure devices. What is the SNMP read/write community name used for?
A. Viewing the configuration information
B. Changing the configuration information
C. Monitoring the device for errors
D. Controlling the SNMP management station
14. Why would the network security team be concerned about ports 135-139 being open on a system?
A. SMB is enabled, and the system is susceptible to null sessions.
B. SMB is not enabled, and the system is susceptible to null sessions.
C. Windows RPC is enabled, and the system is susceptible to Windows DCOM remote sessions.
D. Windows RPC is not enabled, and the system is susceptible to Windows DCOM remote sessions.
15. Which step comes after enumerating users in the CEH hacking cycle?
A. Crack password
B. Escalate privileges
C. Scanning
D. Covering tracks
16. What is enumeration?
A. Identifying active systems on the network
B. Cracking passwords
C. Identifying users and machine names
D. Identifying routers and firewalls
17. What is a command-line tool used to look up a username from a SID?
A. UsertoSlD
B. Userenum
C. SID2User
D. Getacct
18. Which tool can be used to perform a DNS zone transfer on Windows?
A. nslookup
B. DNSlookup
C. whois
D. ipconfig
19. What is a null session?
A. Connecting to a system with the administrator username and password
B. Connecting to a system with the admin username and password
C. Connecting to a system with a random username and password
D. Connecting to a system with no username and password
20. What is a countermeasure for SNMP enumeration?
A. Remove the SNMP agent from the device.
B. Shut down ports 135 and 139 at the firewall.
C. Shut down ports 80 and 443 at the firewall.
D. Enable SNMP read-only security on the agent device.
Answers to Review Questions
1. A. FTP uses TCP port 21. This is a well-known port number and can be found in the Windows services file.
2. A. HTTPS uses TCP port 443. This is a well-known port number and can be found in the Windows services file.
3. B. War dialing involves placing calls to a series of numbers in hopes that a modem will answer the call. It can be used to test the security of a remote-access system.
4. A. Banner grabbing is not detectible; therefore it is considered passive OS fingerprinting.
5. A. Port, network, and vulnerability are the three types of scanning.
6. C. Systems may not respond to ICMP because they have firewall software installed that blocks the responses.
7. D. The TCP RST command resets the TCP connection.
8. A. A SYN packet is followed by a SYN-ACK packet. Then, an ACK finishes a successful TCP connection.
9. C. An XMAS scan has all flags set.
10. B. The command nmap -Ss - paranoid performs a SYN scan every 300 seconds or 5 minutes.
11. C. Block the ports used by NetBIOS null sessions. These are 139 and 445.
12. D. Port 137 is used for NetBIOS null sessions.
13. B. The SNMP read/write community name is the password used to make changes to the device configuration.
14. A. Ports in the 135 to 139 range indicate the system has SMB services running and is susceptible to null sessions.
15. A. Password cracking is the next step in the CEH hacking cycle after enumerating users.
16. C. Enumeration is the process of finding usernames, machine names, network shares, and services on the network.
17. C. SID2User is a command-line tool