Studydroid is shutting down on January 1st, 2019

Bookmark and Share

Front Back
QUESTION 1 Your employer has asked you to perform an audit of the passwords for the user accounts for a particular server. What type of test have you been assigned? A. White Box test B. Grey Box test C. Black Box test D. Grey Hat test
Answer: B Explanation/Reference: Section: Ethical Hacking A Grey Box test is specific but not all of the information needed has necessarily been provided. It is a limited test.
QUESTION 2 Which of the following phrases is a derogatory term and would only invite retaliation? A. Script Kiddie B. Hacker C. Attacker D. Consultant
Answer: A Explanation/Reference: Section: Ethical Hacking There is a famous story behind this question. Start by reading this wiki article at:
QUESTION 3 Webhosting services often offer free scripts for customers that pay for minimum level services. Occasionally there are security flaws in these scripts that are never fixed even though thousands of customers might be using them. This is an example of what type of threat category? A. PHP B. SQL Injection C. Cross Site Scripting D. Shrink Wrap Code
Answer: D Explanation/Reference: Section: Ethical Hacking This is an example of reusing code and spreading a security risk.
QUESTION 4 Neil is conducting security research on a popular software application and discovers a buffer overflow. He considers reporting his finding to the vendor but realizes the EULA (End User License Agreement) forbids this kind of research. What should Neil do? A. Neil should sell his exploit on eBay. There is nothing wrong with making an honest dollar this way since the software itself should have been free in the first place. B. The laws that protect the right to Full Disclosure are in higher standing than the EULA. It is a constitutional issue regarding speech and expression. Neil can reveal his findings without worry. C. Report the finding to a neutral party such as a CERT coordination center D. Anonymously report the finding to the buqtraq or full disclosure mailing lists
Answer: C Explanation/Reference: Section: Ethical Hacking Neutral third parties exist that will protect the anonymity of the person or organization that submits an incident or vulnerability. From there, the proper vendor can be notified. There is philosophical debate within the security community regarding whether or not to leak the information out after the vendor has been given fair time to respond but chosen not to. Most agree however that immediate full disclosure is a grey area at least.
QUESTION 5 Which of the following represents the greatest danger to enterprise networks? A. Disgruntled Employee B. Black hat hacker C. Negligent management D. The burdens of government regulations
Answer: A Explanation/Reference: Section: Ethical Hacking While a Black hat hacker may have the skills to pull off an attack, he may not have the right position in the network. A disgruntled employee will have been an insider and likely has many contacts that are willing to collude with them. The most common form of disgruntled employee attack it to report the former employee to the BSA (Business Software Alliance) and claim they are using unlicensed software.
QUESTION 6 When finished footprinting the network the next step the attacker would take is: A. Launch a vulnerability scanner B. Enumerate as much as possible about the policies of each system C. Attack! D. Take the information they have gathered and start searching Google
Answer: B Explanation/Reference: Section: Ethical Hacking A vulnerability scanner is too noisy to use at in most cases, even though common tools such as Nessus will do most of the footprinting work for the attacker. It is safer to pick the interesting machines one by one and try to find out as much as possible about them as I might be possible to choose an attack strategy without a vulnerability scan at all.
QUESTION 7 Which of the following types of hosts are completely exposed to risk? A. A Windows 2000 server B. Honeypot C. Bastion host D. An open source operating system
Answer: C Explanation/Reference: Section: Ethical Hacking Bastion hosts are fully hardened machines designed to withstand any kind of abuse because they will have no help. It is usually a matter of access, for instance a web server in the DMZ (De-Militarized Zone) might need to be fully exposed on port 80 to the entire world, so it least where that port is concerned it needs to hold up to attack.
QUESTION 8 Which of the following types of hosts are placed on a network to attract the attention of a malicious attacker and allow the administrators to observe their actions? A. Honeypot B. Bastion host C. Intrusion Detection System D. A Windows 98 machine
Answer: A Explanation/Reference: Section: Ethical Hacking Honeypots are host with no production value that server to attract the attention of an attacker. When designed properly, they blend in with the other hosts on the network, including not having exaggerated levels of weaknesses. While a honeypot is accessible, it is not necessarily completely exposed to all risks.
QUESTION 9 Hosts can often be attacked in layers. If the target service is not vulnerable then what else should the attacker try? (choose all that apply) A. Annoy the administrator of that host with a Denial of Service attack B. If the target service is secure there is nothing else that can be done C. Convince a user to accept a malicious file into one of the clients on the host D. Attack a service on one of the other open ports
Answer: CD Explanation/Reference: Section: Ethical Hacking It is often best to begin attacking from the lowest layer of the OSI model that can be accessed. Is possible, a physical attack is always best. Remote attacks against enabled services might allow access to the OS. Then attack the application either as a remote client or from within using social engineering. There are many ways to get in.
QUESTION 10 Another way to describe risk is: A. A positive or negative event that can impact a resource or process B. A negative event that can cause damage to a resource or process C. Bungee jumping D. A management technique that measures certainty
Answer: A Explanation/Reference: Section: Ethical Hacking Risk is sometimes called a \"measurement of uncertainty\". It is neither positive nor negative until the impact is determined. Opportunities can sometimes be identified and if the plan is right in the end, risk management improves an organization overall.
QUESTION 11 Which of the following is considered to be the most dangerous vector of security threats? A. Unpatched operating systems B. Natural Disasters C. (DD0S)Distributed Denial of Service D. Social engineering
Answer: D Explanation/Reference: Section: Ethical Hacking All of the answers present dangerous possibilities social engineering is always considered the most exposed and hardest to completely countermeasure. Training is considered to be the most cost effective solution. (Running security awareness seminars counts for your continuing education units!)
QUESTION 12 When an attacker has gained and then maintained access to a system it is said they have installed a. (Choose the best answer) A. Backdoor B. Rootkit C. Maintenance hook D. Trojan
Answer: A Explanation/Reference: Section: Ethical Hacking The maintaining access step is about installing backdoors so access can be gained at anytime. A backdoor can be a privileged user account (noisy), or an illicit server (installed via a Trojan) or a variety of processes that were hidden by a rootkit.
QUESTION 13 An attacker wants to makes changes to a log file to clear their tracks. Instead of erasing the logs, he just makes changes to some of the entries. What is he trying to do? A. Throw of the timeline to confuse the investigator B. Create the appearance of decoy traffic C. Make an extremely unusual event so it wouldn\'t be looked at D. Taunt the administrators
Answer: A Explanation/Reference: Section: Ethical Hacking Be careful on the wording here: If false entries looked like decoy traffic it would only show someone is in there messing around. Unusual events are often false positives but should be confirmed. The timeline is the most valuable thing an investigator can determine when tracking down events. Part of the clearing tracks phase of an attack is to take the investigator off the scent, ideally without them realizing they are even playing the game at all.
QUESTION 14 If a whitehat researcher discovers a vulnerability in a software product, what she he do with the information? (Choose the best answer) A. Create a tutorial complete with screenshots and submit your finding to and B. Call the vendor and offer to keep quite if they pay you a finder\'s fee C. Prove the exploit works, then sell a script on eBay D. Report the vulnerability to a regional emergency response organization
Answer: D Explanation/Reference: Section: Ethical Hacking Reporting vulnerabilities can be tricky. There is a fear of retribution for doing the research in the first place, there is the desire to be given recognition and credit, there might be financial incentives for using the exploit, and there is always leverage; trying to force the vendor to respond under threat of full disclosure. The QUESTION specified \"Whitehat\" and CERTs often provide a way to report vulnerabilities in a way that reduces risks to all parties as much as possible.
QUESTION 15 Someone downloads a tool from the internet and uses it to experiment with an idea they got from a YouTube video. Another exam you recently passed considers this unethical and inappropriate. A friend of yours just considers this person to be a \"script kiddie\". You have your own opinions, but what is the most defensive way to respond to this scenario? A. Lecture the person about ethics and appropriate behavior. Make certain they realize the trouble they are causing the industry as a whole B. Avoid insulting the person, enforce policy in a professional yet objective manner, and consider the idea that this person can be an asset if properly mentored C. Explain \"Script kiddies are l00s3rs.\" And agree with your friend that if this l@m3r can\'t write his own buffer overflow shellcode then he isn\'t worth a slice of pizza D. Shrug your shoulders in indifference and get on with your day knowing your network is so secure neither this person posses no possible threat.
Answer: B Explanation/Reference: Section: Ethical Hacking Hopefully no further explanation is required here. Exam B
QUESTION 1 What is the threshold for the amount of damage an organization must sustain before federal law enforcement will get involved? A. $1,000 B. $5,000 C. $10,000 D. There is no lower limit
Answer: B Explanation/Reference: Section: Hacking Laws $5,000 is considered the threshold. Be aware of \"Salami Attacks\" which are those kept intentionally under the damage limit. It would be necessary to forensically prove a connection between the separate attacks through log files and other monitoring mechanisms.
QUESTION 2 Which of the following statutes says that attempts to circumvent copy protection are illegal, regardless of how weak that protection might be? A. Copyright and Patent Protection Act B. Freedom of information act C. Digital Millennium Copyright Act D. It is not illegal; if a protection can be broken it is a right to break it
Answer: C Explanation/Reference: Section: Hacking Laws Demonstrating the intent to protect copyright is enough, and however weak that protection might be is no excuse for cracking it in the eyes of the courts.
QUESTION 3 Which of the following statements are most true? (Choose all that apply) A. The law recognizes a difference between a computer being used in a crime and when a computer is the target of a crime B. The \"freedom of Information\" act guarantees the fair use and exchange of all information materials C. The law has definitive distinctions between what is \"important\" versus \"unimportant\" information D. Penalties increase dramatically if human life has been put in danger
Answer: AD Explanation/Reference: Section: Hacking Laws These are two important statements when interpreting legal matters when it comes to ethical hacking. Computers contain data which is often a valuable target. They can also be used as tools to disrupt other systems. In both cases when human life or rescue services are affected the penalties increase dramatically.
QUESTION 4 If a person experimenting with the latest botnet tool decided to seize control of some federal computers for the purposes of committing a fraud utilizing symbolic data such as credit card information they would be in violation of: A. Computer Fraud and Abuse Act Section 1030 B. Federal Computer Breech Act of 1985 C. The Bush Cheney act of 2006 D. Symbolic Data Protection Act of 2001
Answer: A Explanation/Reference: Section: Hacking Laws Section 1030 (a) (1) states in part: \"having knowingly accessed a computer without authorization or exceeding authorized access\" Section 1030 (a) (2) (A) states in part: \"information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602(n) of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);\"
QUESTION 5 You want to determine the web server and host operating system of a target. For legal reasons, you worry about getting caught. A passive recon technique that cannot be detected might be a good idea. Which of the following choices holds the least risk of detection? A. Use the netcraft web site to look up the target\'s host B. Use telnet to perform a banner grab C. Use a common scanner in \"paranoid mode\" D. Call them and ask.
Answer: A Explanation/Reference: Section: Hacking Laws keeps track of the uptime and version information of internet accessible website. They send a periodic request to the server that will produce an error. The banner grab that results is collated into a searchable database.
QUESTION 6 You are researching an adversary and are certain that you saw some incriminating information of their website about 6 months ago, but it isn\'t there now. What resource below might be the quickest way to check for this data? A. Look through the websites that target has partner relationships with B. Use Google to look through their cache database C. Learn to program in PERL and create a webcrawler of your own D. \"The wayback machine\"
Answer: D Explanation/Reference: Section: Hacking Laws The site at has a feature called \"The Wayback Machine\" that archives old version of websites.
QUESTION 7 Which of the following statements is the most correct about the DMCA? A. Circumventing copyright protections is permissible if they can be defeated. The responsibility lies on the rights holder to enforce protection adequately. B. The \"Librarian of Congress\" can issue exceptions to the circumventing of copyright protections that the DMCA addresses. C. The DMCA stands for the \"Digital Mandates for Circumvention of Assets\" act. It implements treatise established by WIPO (World Intellectual Property Organization). D. The DMCA protects the attacker by defining reverse engineering as \"The legitimate act of research\" and \"an inherent right of each user\".
Answer: B Explanation/Reference: Section: Hacking Laws The \"Digital Millennium Copyright Act\" does allow exemptions when an access of the properly purchased technology affects access during a non-infringing act.
QUESTION 8 Hayley decides to circumvent the copy protection laws by taking an entire movie she recorded on her cell phone in the theatre and appending it with an insightful review and claims this is journalism and free speech. She still gets sued and loses. Why? A. She didn\'t have enough money to hire a good attorney. B. This was an injustice. She should have won the case. C. She used too much. A clip or two with proper attribution would have been better. D. It was a flip of the coin; the case could have gone either way.
Answer: C Explanation/Reference: Section: Hacking Laws The \"Fair Use doctrine\" has been challenged on many occasions and without getting \"into the weeds\" the best bet for low risk is to understand that while it is OK to cite sources and then comment on them, the less used is better.
QUESTION 9 Which of the following protects the rights of individuals in regards to the disclosing of information? (Choose the two best answers) A. The Human Rights act of 1998 (UK). B. The Google Act of 2003 C. Privacy Act of 1974 D. There are no such rights.
Answer: AC Explanation/Reference: Section: Hacking Laws The Privacy Act of 1974 prevents the disclosure of personal records for without written consent for census data. The Human Rights Act of 1998 discusses the privacy rights of an individual, such as the driver of a car to not have to reveal their identity in a photograph.
QUESTION 10 \"Port scanning\" is considered what form of attack? A. Illegal and highly prosecuted B. Information gathering C. Rude and impolite D. Denial of Service
Answer: B Explanation/Reference: Section: Hacking Laws Port scanning might be considered an attack by internal policy standards but in general it is only an information gathering attack.
QUESTION 11 In the United States, attacks on financial institutions are handled by: A. The GLBA (Graham Leach Bliley Act) B. The FBI C. The Secret Service D. A free market society has no such crime. It is a moral imperative that to the winner \"goes the spoils\". If you can work the system than it works for you.
Answer: C Explanation/Reference: Section: Hacking Laws The secret service does more than most people think, but it this is a secret. (Shhhh).
QUESTION 12 \"Periodic assessments of the risk and magnitude of the harm that could result from unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the agency;\" Which act mandates a security program be implemented in a Federal agency that meets the above criteria? A. Directive 8570 B. FISMA C. FISO D. The Homeland Security Act
Answer: B Explanation/Reference: Section: Hacking Laws FISMA (Federal Information Security Management Act) drives a lot of United States federal requirements. Directive 8570 drives proper training and certification requirements for individuals as a part of FISMA.
QUESTION 13 Which of the following statements describes a provision of FERPA? A. Organization that provide educational services and receives funding from the department of education must have certain controls over student records, including disclosure to third parties. B. Organizations that provide financial services must have certain controls over client records, including disclosure to third parties. C. Individuals that receive TARP funds must protect the identities of the financial officers that brokered their benefits D. FISMA and FIDO must not collude to compromise, sell or distribute information that reveals financial details about a citizen of the United States.
Answer: A Explanation/Reference: Section: Hacking Laws FERPA is the \"Family Educational Rights and Privacy Act\"
QUESTION 14 Which of the following acts of the UK parlimant, makes it illegal to modify the contents of a computer with the intent to impair its operation. A. Computer Operation and Protection Act of 1989 B. Computer Hacking and Modification Act of 1990 C. Computer Fraud and Abuse Act Section 1029 D. Computer Misuse Act of 1990
Answer: D Explanation/Reference: Section: Hacking Laws The Computer Fraud and Abuse act of 1990 also criminalizes unauthorized access with the intent to use the computer to commit a crime.
QUESTION 15 Which of the following (choose two) acts were meant to protect the illegal use of computers by unauthorized parties, but many argue in fact had the opposite effect. The laws could enable unsolicited email and usage monitoring. A. CAN-SPAM ACT B. SPY Act C. Intellectual Properties and Protection Act D. Free Speech in Advertising Act
Answer: AB Explanation/Reference: Section: Hacking Laws Critics argue The CAN-SPAM act does not require an advertiser to get permission before sending the UCE, and that it provides a legal definition for what is not SPAM exactly, thus enabling the sending of UCE if the advertiser goes about it the right way. The SPY Act tries to prevent computers from being used as spam spreaders, but gives specific protection to vendors that install software that monitors usage for license enforcement. With not much creativity, it can be imagines how Trojans can be created that are now legally protected, as long as they go about things in just a certain way. Exam C
QUESTION 1 Which of the following tools can an attacker use for almost all footprinting needs, including whois, http banner grabbing and traceroutes? A. Google Earth B. My IP Suite C. Neotrace D. Sam Spade
Answer: D Explanation/Reference: Section: Footprinting Sam spade has been a reliable and popular tool for years. It is mandatory to have this one on your tigerbox.
QUESTION 2 Which of the following tools runs under Windows, has a GUI and can be used for footprinting web servers? A. Nitko B. Wikto C. Dogpile D. Web Ferret
Answer: B Explanation/Reference: Section: Footprinting Nikto is website scanner that runs under Linux and does not have a GUI. When you download Wikto, also grab the HTTrack (for website mirroring) and the HTTPrint (for webserver fingerprinting) plugins to use all of the available features.
QUESTION 3 Which of the following commands would be used to request a zone transfer? (Choose the closest answer) A. nslookup; server ns1.example.dom; ls -d example.dom B. dig @ns1.example.dom - -zone-transfer C. host -t ZONE example.dom ns1.example.dom D. dig @ns1.example.dom example.dom IXFR
Answer: A Explanation/Reference: Section: Footprinting The semi-colon in the statement is meant to show there are multiple commands involved. First, an nslookup shell is invoked and then the other two commands are issued. IXFR is an incremental transfer and the other answers are not valid.
Answer: D Explanation/Reference: Section: Footprinting There are no registrars named LAPNIC or AFLAC.
QUESTION 5 When attending a hacker meeting for the first time, John was asking about purchasing domain names. He was told in order to avoid identify theft or other forms of harassment; it is a good idea not to put correct information in the Whois record when buying a Domain name? (Select the best statement) A. He was given bad advice. Incorrect information is a violation of the IEEE and IETF terms of service. B. He was given bad advice. Incorrect information is a violation of the ICANN terms of service. C. He was given good advice. Domain poachers use the contact information to steal domains all the time D. He was given good advice. You never want to put a personal address in the whois and proxy services that will hide the information are outrageously expensive.
Answer: B Explanation/Reference: Section: Footprinting If a regional CERT needed to get in touch with the owner of a domain they would use the POC (Point of Contact) information. Therefore it is necessary the information is correct and a domain can be immediately forfeited if a false record is discovered. Proxy services will keep the real POC anonymous for only a few dollars a year.
QUESTION 6 Which of the following tools will help the attacker learn how long a webserver has been up for and what type of server its running? (indicating perhaps it has not been updated in awhile) A. This cannot be determined remotely B. BidiBlah Suite C. D.
Answer: C Explanation/Reference: Section: Footprinting Be sure to visit this link, and while you are there also try out the Netcraft Phishing Toolbar (another possible test item)
QUESTION 7 When looking at some log files, Casey noticed some strange entries that involved a request to TCP port 53 and the string \"AXFR\". What was the attacker attempting? A. It was a common virus scan B. Directory traversal C. Verify the accounts on a mail server D. Zone transfer
Answer: D Explanation/Reference: Section: Footprinting For the CEH exam, be sure you can recognize certain items within log file or packet dumps. \"AXFR\" always means \"All Zone Transfer\". Veritying accounts on an email server would be \"VRFY\".
QUESTION 8 How long will the secondary server wait before asking for a zone update, if the regular update hasn\'t yet been answered? lab.dom. IN SOA ns.lab.dom. (200030432 7200 3600 1209600 1800) A. 2 Hours B. 60 Minutes C. 14 Days D. 1 Week
Answer: B Explanation/Reference: Section: Footprinting The fields on an SOA record are: Serial, Retry, Refresh, Expiry, TTL and the values are given in seconds. There is a calculator provided on the CEH exam. It is not scientific.
QUESTION 9 What is the name of the tool that will show old versions of websites that might reveal email addresses or other information that could be harvested? A. Web the Ripper B. Black Widow C. The Wayback Machine D. HTTrack website copier
Answer: C Explanation/Reference: Section: Footprinting The \"Wayback Machine\" is located at The other answers are all website copiers that allow offline browsing of the current version of the site, or whichever one was copied.
QUESTION 10 Which of the following are ways to footprint email addresses or systems? A. Send an email to a domain that will bounce back and analyze the headers B. Telnet into port 25 and issue the VRFY command on names collected from the company directory C. Embed a \"web bug\" in the HTML email and spam it out to everyone D. All of the above
Answer: D Explanation/Reference: Section: Footprinting All of the answers mentioned are important techniques for footprinting email.
QUESTION 11 Dave used the engine at to footprint his competitor\'s domain. What was Dave trying to accomplish? A. Pinpoint targets for a denial of service attack B. Assemble competitive intelligence C. Find press releases or negative stories D. Find the names of company officers
Answer: B Explanation/Reference: Section: Footprinting Kartoo is a search engine with a graphical interface that can help determine links and partners. It can be helpful in competitive intelligence gathering to understand the immediate network of resources a business is using. Determine who is driving traffic or business their way, what external partners they support, and who their large customers are. Look for the names of organizations in marketing materials such as testimonials and Kartoo search them as well.
QUESTION 12 While researching a public company, Tony wanted to figure out the names of important company officials and what they paid for the business. Which resource is best used for this research? A. The Edgar database B. C. D.
Answer: A Explanation/Reference: Section: Footprinting The EDGAR database provided by the SEC (Security Exchange Commission) is the best resource. While there might be other financial website that provide research on a company as well but these are the actual legal filings.
QUESTION 13 When performing a traceroute, Gregory notices that the last two entries are the same IP address. What does this mean? A. There is a cluster or load balancer on that segment B. Traceroute is a buggy and defective tool C. One of the two hosts is a honeypot D. Gregory needs to try a Layer 4 traceroute since this result is impossible.
Answer: A Explanation/Reference: Section: Footprinting Load balancers and switches that are performing layer 2 routing can cause traceroute to show hops that live on the same segment. P2P networks often cause a mismatch between logical and physical topologies as well. A good explanation of this is located here:
QUESTION 14 Which of the following is the best statement in terms of footprinting a network? A. Map the network, discover live hosts, discovery open ports, discover services B. Discover live hosts, discover open ports, discover services, map the network C. Find the network block, traceroute to the webserver, scan all hops looking for segments D. Call the front desk and ask to talk to the network administrator. Tell him that network topologies must be a matter of public record for investors and you want a copy mailed right away.
Answer: B Explanation/Reference: Section: Footprinting On the CEH exam, the longest answer is not the most correct. Forget those multiple choice tricks.
QUESTION 15 If the standard traceroute tool is not working, the attacker can then try which of the following? A. Call the front desk and ask them to ping you, since traffic coming from them will be successful. B. Telnet to various ports and run a packet sniffer to watch the backscatter C. \"lft\" is an advanced traceroute tool that can incorporate various layer 4 techniques and it might work instead D. Post a message on the nmap hackers mailing list and ask someone else to try it from their address
Answer: C Explanation/Reference: Section: Footprinting LFT (Layer 4 Traceroute) may not be installed by default in your Linux system. It is however in the debian and yum repositories, source is also available. Read about it here: Exam D
QUESTION 1 Based on the following command, which of the following statements are true? (Choose all that apply) lynx -dump > ceh_search.txt A. Lynx is a command line browser. We are passing in a URL that contains a search and dumping the results to a text file for further review. B. Lynx is a command line browser and is extremely useful to the attacker that only has a remote shell on a system, (no GUI). C. Lynx is a little known tool in the Google API. It provides access to undocumented functions and can access even Darknet data. D. Lynx is an internal Linux command that tunnels an HTTP connection across a firewall and permits access to data anonymously. Since we do not want to be caught searching for a hacking class, this is the best tool to use.
Answer: AB Explanation/Reference: Section: Google Hacking Lynx is an important tool to get to know. It is ported to Windows and is usually available by default in most Linux distributions. Being a command line browser, it can be used to test a website for Section 508 compliance as any well designed website should be usable without graphics, tables, or multimedia.
QUESTION 2 What is the difference between the inurl: and the allinurl: operators? A. Using inurl: is like a logical OR and using allinurl: is like a logical AND B. There is no difference, the allinurl is not listed on the help page because it has been discontinued C. With inurl: only the first keyword must be in the URL and additional keywords can be anywhere on the page. The allinurl: operator means all of the keywords must be in the URL. D. With inurl: only the first keyword must be in the URL and additional keywords can be anywhere on the page. The allinurl: operator means any of the keywords must be in the URL.
Answer: D Explanation/Reference: Section: Google Hacking The difference between two of the answers is only one word. \"Any\" or \"All\". Be careful about this sort of QUESTION on the CEH exam. There are also \"allintitle\" and \"allinchache\" operators.
QUESTION 3 What is the difference between the filetype: and ext: operators? A. Filetype: looks for executables where ext: looks for data files B. They are synomyms of each other, but the ext: is intended more for negation. C. There is no such thing as a filetype: operator. D. There is no such thing as an. ext: operator
Answer: B Explanation/Reference: Section: Google Hacking Usually the ext: operator involves a - (dash) character before it to negate the string from the results. Otherwise there really isn\'t must difference and Google describes them as synomyms.
QUESTION 4 What would a search for the string \"#include \" produce? A. Nothing as the # (hash0 character comments out the remaining string B. Library files from Visual Studio C. Source code for scripts written in \"C\" D. A well known vulnerability in the IIS ISAPI for IPP (Internet Printing Protocol)
Answer: C Explanation/Reference: Section: Google Hacking To pass the CEH exam it is not necessary to be a programmer but it is necessary to be able to recognize languages and certain specific strings as they might relate to an attack. The string in this QUESTION is standard for scripts written in \"C\" and does not indicate any kind of risk on its own.
QUESTION 5 What is the following search trying to accomplish? A. intitle:\"This page cannot be found\" and \"Please try the following\" B. Broken links produce these errors and indicate a malfunctioning server that is exposing weaknesses. C. Server errors that provide valuable information about what went wrong with the script D. 404 errors produce pages that include these phrases as a common matter, the search doesn\'t really tell the attacker anything. E. The first phrase produced too many results. The second phrase was added to refine the search
Answer: D Explanation/Reference: Section: Google Hacking Be creative about combining the Google syntax to refine searches. Start broad then narrow it down. One of the results from this search resulted in the following, a very interesting error page to say the least:
x of y cards Next > >> >|