Ethical Hacking and Countermeasures
Question No: 181 – (Topic 5)
How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?
There is no way to tell because a hash cannot be reversed
The right most portion of the hash is always the same
The hash always starts with AB923D
The left most portion of the hash is always the same
A portion of the hash will be all 0#39;s
Explanation: When looking at an extracted LM hash, you will sometimes observe that the right most portion is always the same. This is padding that has been added to a password that is less than 8 characters long.
Question No: 182 – (Topic 5)
Travis works primarily from home as a medical transcriptions.
He just bought a brand new Dual Core Pentium Computer with over 3 GB of RAM. He uses voice recognition software is processor intensive, which is why he bought the new computer. Travis frequently has to get on the Internet to do research on what he is working on. After about two months of working on his new computer, he notices that it is not running nearly as fast as it used to.
Travis uses antivirus software, anti-spyware software and always keeps the computer up-to-date with Microsoft patches.
After another month of working on the computer, Travis computer is even more noticeable slow. Every once in awhile, Travis also notices a window or two pop-up on his screen, but they quickly disappear. He has seen these windows show up, even when he has not been on the Internet. Travis is really worried about his computer because he spent a lot of money on it and he depends on it to work. Travis scans his through Windows Explorer and check out the file system, folder by folder to see if there is anything he can find. He spends over four hours pouring over the files and folders and can’t find anything but before he gives up, he notices that his computer only has about 10 GB of free space available. Since has drive is a 200 GB hard drive, Travis thinks this is very odd.
Travis downloads Space Monger and adds up the sizes for all the folders and files on his computer. According to his calculations, he should have around 150 GB of free space. What is mostly likely the cause of Travi’s problems?
Travis’s Computer is infected with stealth kernel level rootkit
Travi’s Computer is infected with Stealth Torjan Virus
Travis’s Computer is infected with Self-Replication Worm that fills the hard disk space
Logic Bomb’s triggered at random times creating hidden data consuming junk files
Explanation: A rootkit can take full control of a system. A rootkit#39;s only purpose is to hide files, network connections, memory addresses, or registry entries from other programs used by system administrators to detect intended or unintended special privilege accesses to the computer resources.
Question No: 183 – (Topic 5)
This kind of password cracking method uses word lists in combination with numbers and special characters:
Explanation: A Hybrid (or Hybrid Dictionary) Attack uses a word list that it modifies slightly to find passwords that are almost from a dictionary (like St0pid)
Question No: 184 – (Topic 5)
One of your junior administrator is concerned with Windows LM hashes and password cracking. In your discussion with them, which of the following are true statements that you would point out?
Select the best answers.
John the Ripper can be used to crack a variety of passwords, but one limitation is that the output doesn#39;t show if the password is upper or lower case.
BY using NTLMV1, you have implemented an effective countermeasure to password cracking.
SYSKEY is an effective countermeasure.
If a Windows LM password is 7 characters or less, the hash will be passed with the following characters, in HEX- 00112233445566778899.
Enforcing Windows complex passwords is an effective countermeasure.
Answer: A,C,E Explanation: Explanations:
John the Ripper can be used to crack a variety of passwords, but one limitation is that the output doesn#39;t show if the password is upper or lower case. John the Ripper is a very
effective password cracker. It can crack passwords for many different types of operating systems. However, one limitation is that the output doesn#39;t show if the password is upper or lower case. BY using NTLMV1, you have implemented an effective countermeasure to password cracking. NTLM Version 2 (NTLMV2) is a good countermeasure to LM password cracking (and therefore a correct answer). To do this, set Windows 9x and NT systems to quot;send NTLMv2 responses onlyquot;. SYSKEY is an effective countermeasure. It uses 128 bit encryption on the local copy of the Windows SAM. If a Windows LM password is 7 characters or less, the has will be passed with the following characters: 0xAAD3B435B51404EE
Enforcing Windows complex passwords is an effective countermeasure to password cracking. Complex passwords are- greater than 6 characters and have any 3 of the following 4 items: upper case, lower case, special characters, and numbers.
Question No: 185 – (Topic 5)
is the process of converting something from one representation to the simplest form. It deals with the way in which systems convert data from one form to another.
UCS transformation formats
Explanation: Canonicalization (abbreviated c14n) is the process of converting data that has more than one possible representation into a quot;standardquot; canonical representation. This can be done to compare different representations for equivalence, to count the number of distinct data structures (e.g., in combinatorics), to improve the efficiency of various algorithms by eliminating repeated calculations, or to make it possible to impose a meaningful sorting order.
Question No: 186 – (Topic 5)
In the context of Windows Security, what is a #39;null#39; user?
A user that has no skills
An account that has been suspended by the admin
A pseudo account that has no username and password
A pseudo account that was created for security administration purpose
Explanation: NULL sessions take advantage of “features” in the SMB (Server Message Block) protocol that exist primarily for trust relationships. You can establish a NULL session with a Windows host by logging on with a NULL user name and password. Using these NULL connections allows you to gather the following information from the host:* List of users and groups * List of machines * List of shares * Users and host SID#39; (Security Identifiers)
NULL sessions exist in windows networking to allow: * Trusted domains to enumerate resources * Computers outside the domain to authenticate and enumerate users * The SYSTEM account to authenticate and enumerate resources
NetBIOS NULL sessions are enabled by default in Windows NT and 2000. Windows XP and 2003 will allow anonymous enumeration of shares, but not SAM accounts.
Question No: 187 – (Topic 5)
You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption.
What encryption algorithm will you be decrypting?
Explanation: The LM hash is computed as follows.1. The user’s password as an OEM string is converted to uppercase. 2. This password is either null-padded or truncated to 14 bytes. 3. The “fixed-length” password is split into two 7-byte halves. 4. These values are used to create two DES keys, one from each 7-byte half. 5. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values. 6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.
Question No: 188 – (Topic 5)
You have successfully brute forced basic authentication configured on a Web Server using Brutus hacking tool. The username/password is “Admin” and “Bettlemani@”. You logon to the system using the brute forced password and plant backdoors and rootkits.
After downloading various sensitive documents from the compromised machine, you proceed to clear the log files to hide your trace..
Which event log located at C:\Windows\system32\config contains the trace of your brute force attempts?
Explanation: The Security Event log (SecEvent.Evt) will contain all the failed logins against the system.
Question No: 189 – (Topic 5)
You are the Security Administrator of Xtrinity, Inc. You write security policies and conduct assesments to protect the company#39;s network. During one of your periodic checks to see how well policy is being observed by the employees, you discover an employee has attached a modem to his telephone line and workstation. He has used this modem to dial in to his workstation, thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project.
How would you resolve this situation?
Reconfigure the firewall
Conduct a needs analysis
Install a network-based IDS
Enforce the corporate security policy
Explanation: The security policy is meant to always be followed until changed. If a need rises to perform actions that might violate the security policy you’ll have to find another way to accomplish the task or wait until the policy has been changed.
Question No: 190 – (Topic 5)
What does the following command in netcat do? nc -l -u -p 55555 lt; /etc/passwd
logs the incoming connections to /etc/passwd file
loads the /etc/passwd file to the UDP port 55555
grabs the /etc/passwd file when connected to UDP port 55555
deletes the /etc/passwd file when connected to the UDP port 55555
Answer: C Explanation:
-l forces netcat to listen for incoming connections.
-u tells netcat to use UDP instead of TCP
-p 5555 tells netcat to use port 5555
lt; /etc/passwd tells netcat to grab the /etc/passwd file when connected to.
100% Free Download!
–Download Free Demo:312-50 Demo PDF
100% Pass Guaranteed!
–Download 2017 EnsurePass 312-50 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|