Sure Pass Exam CPEH-001 PDF

Page: 6 / 27

Question 24

You’ve just discovered a server that is currently active within the same network with the machine you recently compromised. You ping it but it did not respond. What could be the case?

Options:

TCP/IP doesn’t support ICMP

ARP is disabled on the target server

ICMP could be disabled on the target server

You need to run the ping command with root privileges

Question 25

(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.). Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?

What is odd about this attack? Choose the best answer.

Options:

This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

This is back orifice activity as the scan comes from port 31337.

The attacker wants to avoid creating a sub-carries connection that is not normally valid.

These packets were crafted by a tool, they were not created by a standard IP stack.

Question 26

Which specific element of security testing is being assured by using hash?

Options:

Authentication

Integrity

Confidentiality

Availability

Question 27

Matthew received an email with an attachment named “YouWon$10Grand.zip.” The zip file contains a file named “HowToClaimYourPrize.docx.exe.” Out of excitement and curiosity, Matthew opened the said file. Without his knowledge, the file copies itself to Matthew’s APPDATA\IocaI directory and begins to beacon to a Command-and-control server to download additional malicious binaries. What type of malware has Matthew encountered?