Certified Ethical Hacker Examination-Questions & Answers- #18

All these Questions are in this Section were asked in Certified Ethical Hacker Examinations of EC-Council .This is the 18^th part

1- The following is part of a log ﬁle taken from the machine on the network with the IP address of 192.168.1.106:  Time:Aug 18 17:30:15 Port:20 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Aug 18 17:30:17 Port:21 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Aug 18 17:30:19 Port:22 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Aug 18 17:30:21 Port:23 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Aug 18 17:30:22 Port:25 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Aug 18 17:30:23 Port:80 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Aug 18 17:30:30 Port:443 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
What type of activity has been logged?
A. Port scan targeting 192.168.1.106
B. Teardrop attack targeting 192.168.1.106
C. Denial of service attack targeting 192.168.1.103
D. Port scan targeting 192.168.1.103

Answer: D. Port scan targeting 192.168.1.103

2- Suppose you’ve gained access to your client’s hybrid network. On which port should you listen to in order to know which Microsoft Windows workstations has its ﬁle sharing enabled?
A. 1433
B. 161
C. 445
D. 3389

Answer: C. 445

3- You perform a scan of your company’s network and discover that TCP port 123 is open. What services by default run on TCP port 123
A. DNS
B. POP3
C. Network Time Protocol
D. Telnet

Answer: C. Network Time Protocol

4-. You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and ﬁnd them to be reachable. Then you type the IP address and then try on the browser, and ﬁnd it to be accessible. But they are not accessible when you try using the URL. What may be the problem?

Answer: Trafﬁc is Blocked on UDP Port 53 (Port 53 is for DNS)

5- Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a ﬁrewall?
A. UDP 123
B. UDP 541
C. UDP 514
D. UDP 415

Answer: C. UDP 51

6- Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?
A. 113
B. 123
C. 161
D. 69

Answer: B. 123

Related Link=> Previous post of Ethical Hacker Examination Que & Ans.
Part-13 , Part-14 , Part-15 , Part-16 , Part-17
Part-7 , Part-8 , Part-9 , Part-10 , Part-11 , Part-12
Part-6 , Part-5 , Part-4 , Part-3 , Part-2 , Part-1
7- An NMAP scan of a server shows port 25 is open. What risk could this pose?
A. Open printer sharing
B. Web portal data leak
C. Clear text authentication
D. Active mail relay

Answer: D. Active mail relay

8-. An NMAP scan of a server shows port 69 is open. What risk could this pose?
A. Unauthenticated access
B. Weak SSL version
C. Cleartext login
D. Web portal data leak

Answer: A. Unauthenticated access

9- A penetration tester is conducting a port scan on a speciﬁc host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?
NMAP scan report for 172.16.40.65
Host is up (1.00s latency).
Not shown: 993 closed ports
PORT STATE SERVICE 21/tcp open
ftp 23/tcp open
telnet 80/tcp open
http 139/tcp open
netbios-ssn 515/tcp open
631/tcp open
ipp 9100/tcp open
MAC Address: 00:00:48:0D:EE:8

A. The host is likely a printer
B. The host is likely a Windows machine.
C. The host is likely a Linux machine.
D. The host is likely a router.

Answer: A. The host is likely a printer.

10- From the two screenshots below, which of the following is occurring?

First one:
1 [10.0.0.253]# nmap -sP 10.0.0.0/24
2
3 Starting Nmap
4 Host 10.0.0.1 appears to be up.
5 MAC Address: 00:09:5B:29:FD:96 (Netgear)
6 Host 10.0.0.2 appears to be up.
7 MAC Address: 00:0F:B5:96:38:5D (Netgear)
8 Host 10.0.0.4 appears to be up.
9 Host 10.0.0.5 appears to be up.
10 MAC Address: 00:14:2A:B1:1E:2E (Elitegroup Computer System Co.)
11 Nmap ﬁnished: 256 IP addresses (4 hosts up) scanned in 5.399 seconds

Second one:
1. [10.0.0.252]# nmap -sO 10.0.0.2
2.
3. Starting Nmap 4.01 at 2006-07-14 12:56 BST
4. Interesting protocols on 10.0.0.2:
5 .(The 251 protocols scanned but not shown below are
6. in state: closed)
7. PROTOCOL STATE SERVICE
8.. 1 open icmp
9. 2 open|ﬁltered igmp
10. 6 open tcp
11. 17 open udp
12. 255 open|ﬁltered unknown
13.
14. Nmap ﬁnished: 1 IP address (1 host up) scanned in
15l 1.259 seconds

A. 10.0.0.253 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.
B. 10.0.0.253 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.
C. 10.0.0.2 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.
D. 10.0.0.252 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.

Answer: A. 10.0.0.253 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.

————

Click here to Read Part-19

All these Questions are in this Section were asked in Certified Ethical Hacker Examinations of EC-Council .This is the 18th part

Please Share this:-

Related Posts

All these Questions are in this Section were asked in Certified Ethical Hacker Examinations of EC-Council .This is the 18^th part