Question 1

Alisa is a Network Security Manager at Aidos Cyber Security. During a regular network audit, she sent specially crafted ICMP packet fragments with different offset values into the network, causing a system crash. Which attack Alisa is trying to perform?

Accepted Answer

The Ping-of-death attack involves sending malformed or oversized packets, such as fragmented ICMP packets, to crash or destabilize a system.

Question 2

This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the "landscape" looks like. What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?

Accepted Answer

Footprinting is the initial phase of ethical hacking where information about the target is gathered. It sets the foundation for the entire penetration test by providing a comprehensive view of the target's landscape, which is crucial for planning subsequent phases.

Question 3

An organization has deployed a web application that uses encoding technique before transmitting the data over the Internet. This encoding technique helps the organization to hide the confidential data such as user credentials, email attachments, etc. when in transit. This encoding technique takes 3 bytes of binary data and divides it into four chunks of 6 bits. Each chunk is further encoded into respective printable character. Identify the encoding technique employed by the organization?

Accepted Answer

Base64 encoding is the technique that takes 3 bytes of binary data and divides it into four chunks of 6 bits, each of which is then encoded into a printable character.

Question 4

Jason is working on a pen testing assignment. He is sending customized ICMP packets to a host in the target network. However, the ping requests to the target failed with "ICMP Time Exceeded Type = 11" error messages. What can Jason do to overcome this error?

Accepted Answer

The "ICMP Time Exceeded Type = 11" error indicates that the Time-To-Live (TTL) value of the packet has reached zero before reaching the destination. Increasing the TTL value allows the packet to travel through more hops before being discarded.

Question 5

While scanning a server, you found rpc, nfs and mountd services running on it. During the investigation, you were told that NFS Shares were mentioned in the /etc/exports list of the NFS server. Based on this information, which among the following commands would you issue to view the NFS Shares running on the server?

Accepted Answer

The `showmount` command is used to display the list of all clients that have mounted file systems from the NFS server, which includes viewing NFS shares.

Question 6

A team of cyber criminals in Germany has sent malware-based emails to workers of a fast-food center which is having multiple outlets spread geographically. When any of the employees click on the malicious email, it will give backdoor access to the point of sale (POS) systems located at various outlets. After gaining access to the POS systems, the criminals will be able to obtain credit card details of the fast-food center's customers. In the above scenario, identify the type of attack being performed on the fast-food center?

Accepted Answer

The attack described is a phishing attack, where cyber criminals send malicious emails to trick employees into clicking on them, thereby gaining unauthorized access to systems.

Question 7

Peter, a disgruntled ex-employee of Zapmaky Solutions Ltd., is trying to jeopardize the company's website http://zapmaky.com. He conducted the port scan of the website by using the Nmap tool to extract the information about open ports and their corresponding services. While performing the scan, he recognized that some of his requests are being blocked by the firewall deployed by the IT personnel of Zapmaky and he wants to bypass the same. For evading the firewall, he wanted to employ the stealth scanning technique which is an incomplete TCP three-way handshake method that can effectively bypass the firewall rules and logging mechanisms. Which if the following Nmap commands should Peter execute to perform stealth scanning?

Accepted Answer

The answer of Peter, a disgruntled ex-employee of Zapmaky Solutions...

Question 8

An organization deployed Microsoft Azure cloud services for running their business activities. They appointed Jamie, a security analyst for performing cloud penetration testing. Microsoft prohibits certain tests to be carried out on their platform. Which of the following penetration testing activities Jamie cannot perform on the Microsoft Azure cloud service?

Accepted Answer

Microsoft prohibits Denial-of-Service (DoS) testing on their Azure cloud services as it can disrupt service availability and affect other customers.

Question 9

The penetration testing team of MirTech Inc. identified the presence of various vulnerabilities in the web application coding. They prepared a detailed report addressing to the web developers regarding the findings. In the report, the penetration testing team advised the web developers to avoid the use of dangerous standard library functions. They also informed the web developers that the web application copies the data without checking whether it fits into the target destination memory and is susceptible in supplying the application with large amount of data. According to the findings by the penetration testing team, which type of attack was possible on the web application?

Accepted Answer

The description of copying data without checking if it fits into the target memory is indicative of a buffer overflow vulnerability, where excess data can overwrite adjacent memory, potentially leading to arbitrary code execution or crashes.

Question 10

Michael, a Licensed Penetration Tester, wants to create an exact replica of an original website, so he can browse and spend more time analyzing it. Which of the following tools will Michael use to perform this task?

Accepted Answer

BlackWidow is a web cloning tool that allows users to create an exact replica of a website for analysis and testing purposes.

Question 11

Sam was asked to conduct penetration tests on one of the client's internal networks. As part of the testing process, Sam performed enumeration to gain information about computers belonging to a domain, list of shares on the individual hosts in the network, policies and passwords. Identify the enumeration technique.

Accepted Answer

NetBIOS Enumeration is used to gather information about computers in a network, including domain details, shared resources, and policies, which aligns with the activities Sam performed.

Question 12

A hacker initiates so many invalid requests to a cloud network host that the host uses all its resources responding to invalid requests and ignores the legitimate requests. Identify the type of attack

Accepted Answer

This scenario describes a Denial of Service (DoS) attack, where the attacker overwhelms the host with invalid requests, causing it to be unable to process legitimate requests.

Question 13

Joseph, a penetration tester, was hired by Xsecurity Services. Joseph was asked to perform a pen test on a client's network. He was not provided with any information about the client organization except the company name. Identify the type of testing Joseph is going to perform for the client organization?

Accepted Answer

Joseph is performing a Black-box Penetration Testing because he was not provided with any information about the client organization except the company name, which means he has no prior knowledge of the internal workings of the network.

Question 14

Thomas is an attacker and he skimmed through the HTML source code of an online shopping website for the presence of any vulnerabilities that he can exploit. He already knows that when a user makes any selection of items in the online shopping webpage, the selection is typically stored as form field values and sent to the application as an HTTP request (GET or POST) after clicking the Submit button. He also knows that some fields related to the selected items are modifiable by the user (like quantity, color, etc.) and some are not (like price). While skimming through the HTML code, he identified that the price field values of the items are present in the HTML code. He modified the price field values of certain items from $200 to $2 in the HTML code and submitted the request successfully to the application. Identify the type of attack performed by Thomas on the online shopping website?

Accepted Answer

The answer of Thomas is an attacker and he skimmed...

Question 15

How does OS Fingerprinting help you as a pen tester?

Accepted Answer

OS Fingerprinting helps a pen tester identify the operating system running on a target system, which allows them to research and identify specific vulnerabilities associated with that OS for potential exploitation.

Question 16

Irin is a newly joined penetration tester for XYZ Ltd. While joining, as a part of her training, she was instructed about various legal policies and information securities acts by her trainer. During the training, she was informed about a specific information security act related to the conducts and activities like it is illegal to perform DoS attacks on any websites or applications, it is illegal to supply and own hacking tools, it is illegal to access unauthorized computer material, etc. To which type of information security act does the above conducts and activities best suit?

Accepted Answer

The Police and Justice Act 2006 includes provisions related to computer misuse, such as making it illegal to perform DoS attacks, supply hacking tools, and access unauthorized computer material.

Question 17

The purpose of a __________ is to deny network access to local area networks and other information assets by unauthorized wireless devices.

Accepted Answer

A Wireless Intrusion Prevention System (WIPS) is designed to monitor and prevent unauthorized access to a wireless network by detecting and blocking rogue devices.

Question 18

Which of the following roles of Microsoft Windows Active Directory refers to the ability of an active directory to transfer roles to any domain controller (DC) in the enterprise?

Accepted Answer

Flexible Single Master Operation (FSMO) roles can be transferred to any domain controller in the enterprise, allowing for flexibility and redundancy in managing Active Directory operations.

Question 19

Peter works as a lead penetration tester in a security service firm named Xsecurity. Recently, Peter was assigned a white-box pen test assignment testing the security of an IDS system deployed by a client. During the preliminary information gathering, Peter discovered the TTL to reach the IDS system from his end is 30. Peter created a Trojan and fragmented it in to 1-character packets using the Colasoft packet builder tool. He then used a packet flooding utility to bombard the IDS with these fragmented packets with the destination address of a target host behind the IDS whose TTL is 35. What is Peter trying to achieve?

Accepted Answer

Peter is trying to bypass the IDS system using inconsistent packets. The TTL value of the fragmented packets is set to 30, which is less than the TTL value of the target host (35). This will cause the IDS to drop the packets, as they appear to be coming from a source that is closer to the target than the IDS itself.

Question 20

Adam is an IT administrator for Syncan Ltd. He is designated to perform various IT tasks like setting up new user accounts, managing backup/restores, security authentications and passwords, etc. Whilst performing his tasks, he was asked to employ the latest and most secure authentication protocol to encrypt the passwords of users that are stored in the Microsoft Windows OS-based systems. Which of the following authentication protocols should Adam employ in order to achieve the objective?

Accepted Answer

The answer of Adam is an IT administrator for Syncan...

Exam 5: ECCouncil Computer Hacking Forensic Investigator