Certified Ethical Hacker v8 (312-50v8) Free Practice Test

Question 1

While performing a ping sweep of a subnet you receive an ICMP reply of Code 3/Type 13 for all the pings sent out.
What is the most likely cause behind this response?

A. An in-line IDS is dropping the packets.

B. The firewall is dropping the packets.

C. A router is blocking ICMP.

D. The host does not respond to ICMP packets.

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

One of your team members has asked you to analyze the following SOA record. What is the version?
Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600
3600 604800 2400.

A. 2400

B. 4800

C. 3600

D. 60

E. 604800

F. 200303028

Correct Answer: F

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

Which of the following statements about a zone transfer correct?(Choose three.

A. A zone transfer can be prevented by blocking all inbound TCP port 53 connections

B. Zone transfers cannot occur on the Internet

C. A zone transfer passes all zone information that a DNS server maintains

D. A zone transfer passes all zone information that a nslookup server maintains

E. A zone transfer is accomplished with the nslookup service

F. A zone transfer is accomplished with the DNS

Correct Answer: A,C,F

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Which of the following items of a computer system will an anti-virus program scan for viruses?

A. Deleted Files

B. Windows Process List

C. Password Protected Files

D. Boot Sector

Correct Answer: D

Question 5

You want to hide a secret.txt document inside c:\windows\system32\tcpip.dll kernel library using ADS streams. How will you accomplish this?

A. copy secret.txt c:\windows\system32\tcpip.dll:secret.txt

B. copy secret.txt c:\windows\system32\tcpip.dll |secret.txt

C. copy secret.txt >< c:\windows\system32\tcpip.dll kernel secret.txt

D. copy secret.txt c:\windows\system32\tcpip.dll kernel>secret.txt

Correct Answer: A

Question 6

Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the Internet and is able to open web sites by using an IP address in place of the URL. The administrator runs the nslookup command for www.eccouncil.org and receives an error message stating there is no response from the server. What should the administrator do next?

A. Configure the firewall to allow traffic on TCP ports 53 and UDP port 53.

B. Configure the firewall to allow traffic on TCP port 53.

C. Configure the firewall to allow traffic on TCP ports 80 and UDP port 443.

D. Configure the firewall to allow traffic on TCP port 8080.

Correct Answer: A

Question 7

WinDump is a popular sniffer which results from the porting to Windows of TcpDump for Linux. What library does it use?

A. None of the above

B. WinPcap

C. Wincap

D. LibPcap

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 8

Global deployment of RFC 2827 would help mitigate what classification of attack?

A. Sniffing attack

B. Denial of service attack

C. Reconnaissance attack

D. Prot Scan attack

E. Spoofing attack

Correct Answer: E

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 9

Which one of the following attacks will pass through a network layer intrusion detection system undetected?

A. A DNS spoofing attack

B. A test.cgi attack

C. A teardrop attack

D. A SYN flood attack

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 10

You have hidden a Trojan file virus.exe inside another file readme.txt using NTFS streaming.
Which command would you execute to extract the Trojan to a standalone file?

A. c:\> cat readme.txt:virus.exe > virus.exe

B. c:\> type readme.txt:virus.exe > virus.exe

C. c:\> list redme.txt$virus.exe > virus.exe

D. c:\> more readme.txt | virus.exe > virus.exe

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 11

802.11b is considered a ____________ protocol.

A. Token ring based

B. Unreliable

C. Connectionless

D. Unsecure

E. Secure

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 12

A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?

A. 13 packets were from an external network and probably behind a NAT,as they had an ICMP ID 0 and Seq 0

B. All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number

C. The packets were sent by a worm spoofing the IP addresses of 47 infected sites

D. ICMP ID and Seq numbers were most likely set by a tool and not by the operating system

Correct Answer: D

Question 13

In keeping with the best practices of layered security, where are the best places to place intrusion detection/intrusion prevention systems? (Choose two.)

A. HID/HIP (Host-based Intrusion Detection/Host-based Intrusion Prevention)

B. NID/NIP (Node-based Intrusion Detection/Node-based Intrusion Prevention)

C. CID/CIP (Computer-based Intrusion Detection/Computer-based Intrusion Prevention)

D. NID/NIP (Network-based Intrusion Detection/Network-based Intrusion Prevention)

Correct Answer: A,D

Question 14

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches' ARP cache is successfully flooded, what will be the result?

A. If the ARP cache is flooded,the switches will drop into pix mode making it less susceptible to attacks.

B. Depending on the switch manufacturer,the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.

C. The switches will route all traffic to the broadcast address created collisions.

D. The switches will drop into hub mode if the ARP cache is successfully flooded.

Correct Answer: D

Welcome to TestSimulate

EC-COUNCIL Certified Ethical Hacker v8 (312-50v8) Free Practice Test