Certified Ethical Hacker Examination-Questions & Answers- #14

All these Questions are in this Section were asked in Certified Ethical Hacker Examinations of EC-Council .This is the 14^th part

1- . Low humidity in a data center can cause which of the following problems?
A. Heat
B. Corrosion
C. Static electricity
D. Airborne contamination

2- Which of the following examples best represents a logical or technical control?
A. Security tokens
B. Heating and air conditioning
C. Smoke and fire alarms
D. Corporate security policy

Related Link=> Previous post of Ethical Hacker Examination Que & Ans.
Part-13
Part-7 , Part-8 , Part-9 , Part-10 , Part-11 , Part-12
Part-6 , Part-5 , Part-4 , Part-3 , Part-2 , Part-1

3- What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?
A. Proper testing
B. Secure coding principles
C. Systems security and architecture review
D. Analysis of interrupts within the software

4- What would you type on the Windows command line in order to launch the Computer Management Console provided that you are logged in as an admin?
A. c:\\compmgmt.msc
B. c:\\gpedit
C. c:\\ncpa.cpl
D. c:\\services.msc

5- If you are to determine the attack surface of an organization, which of the following security operations is the BEST thing to do?
A. Running a network scan to detect network services in the corporate DMZ
B. Reviewing the need for a security clearance for each employee
C. Using configuration management to determine when and where to apply security patches
D. Training employees on the security policy regarding social engineering

6- . Your next door neighbor, that you do not get along with, is having issues with their network, so he yells to his spouse the network’s SSID and password and you hear them both clearly. What do you do with this information?
A. Nothing, but suggest to him to change the network’s SSID and password.
B. Sell his SSID and password to friends that come to your house, so it doesn’t slow down your network.
C. Log onto to his network, after all it’s his fault that you can get in.
D. Only use his network when you have large downloads so you don’t tax your own network.

Related Link=> Previous post of Ethical Hacker Examination Que & Ans.
Part-13
Part-7 , Part-8 , Part-9 , Part-10 , Part-11 , Part-12
Part-6 , Part-5 , Part-4 , Part-3 , Part-2 , Part-1

7- What network security concept requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities?

A. Security through obscurity
B. Host-Based Intrusion Detection System
C. Defense in depth
D. Network-Based Intrusion Detection System

8- . A big company, who wanted to test their security infrastructure, wants to hire elite pen testers like you. During the interview, they asked you to show sample reports from previous penetration tests. What should you do?
A. Share reports, after NDA is signed
B. Share full reports, not redacted
C. Decline but, provide references
D. Share full reports with redactions

9- You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator’s bank account password and login information for the administrator’s bitcoin account. What should you do?
A. Transfer money from the administrator’s account to another account.
B. Do not report it and continue the penetration test.
C. Do not transfer the money but steal the bitcoins.
D. Report immediately to the administrator.

10- 40. Scenario: 1. Victim opens the attacker’s web site.
2. Attacker sets up a web site which contains interesting and attractive content like ‘Do you want to make $1000 in a day?’.
3. Victim clicks to the interesting and attractive content url.
4. Attacker creates a transparent ‘iframe’ in front of the url which victim attempt to click, so victim
thinks that he/she clicks to the ‘Do you want to make $1000 in a day?’ url but actually he/she clicks to the content or url that exists in the transparent ‘iframe’ which is setup by the attacker.
What is the name of the attack which is mentioned in the scenario?

A. HTTP Parameter Pollution (Manipulating query parameters on URL)
B. HTML Injection (Control input point to inject arbitrary HTML code into vulnerable page)
C. Session Fixation (Hijack valid user session, allows one person to fixate another person session ID)
D. ClickJacking Attack (UI redress attack when user is tricked to click on something)