Ethical Hacking and Countermeasures
Question No: 41 – (Topic 3)
You are having problems while retrieving results after performing port scanning during internal testing. You verify that there are no security devices between you and the target system. When both stealth and connect scanning do not work, you decide to perform a NULL scan with NMAP. The first few systems scanned shows all ports open.
Which one of the following statements is probably true?
The systems have all ports open.
The systems are running a host based IDS.
The systems are web servers.
The systems are running Windows.
Explanation: The null scan turns off all flags, creating a lack of TCP flags that should never occur in the real world. If the port is closed, a RST frame should be returned and a null scan to an open port results in no response. Unfortunately Microsoft (like usual) decided to completely ignore the standard and do things their own way. Thus this scan type will not work against systems running Windows as they choose not to response at all. This is a good way to distinguish that the system being scanned is running Microsoft Windows.
Question No: 42 – (Topic 3)
What type of port scan is shown below?
SYN Stealth Scan
Explanation: An Xmas port scan is variant of TCP port scan. This type of scan tries to obtain information about the state of a target port by sending a packet which has multiple TCP flags set to 1 – quot;lit as an Xmas treequot;. The flags set for Xmas scan are FIN, URG and PSH. The purpose is to confuse and bypass simple firewalls. Some stateless firewalls only check against security policy those packets which have the SYN flag set (that is, packets that initiate connection according to the standards). Since Xmas scan packets are different, they can pass through these simple systems and reach the target host.
Question No: 43 – (Topic 3)
Bob has been hired to perform a penetration test on ABC.com. He begins by looking at IP address ranges owned by the company and details of domain name registration. He then goes to News Groups and financial web sites to see if they are leaking any sensitive information of have any technical details online.
Within the context of penetration testing methodology, what phase is Bob involved with?
Passive information gathering
Active information gathering
Explanation: He is gathering information and as long as he doesn’t make contact with any of the targets systems he is considered gathering this information in a passive mode.
Question No: 44 – (Topic 3)
What port scanning method involves sending spoofed packets to a target system and then looking for adjustments to the IPID on a zombie system?
Blind Port Scanning
Answer: B Explanation:
from NMAP:-sI lt;zombie host[:probeport]gt; Idlescan: This advanced scan method allows fora truly blind TCP port scan of the target (meaning no packets are sent tothe tar- get from your real IP address). Instead, a unique side-channelattack exploits predictable quot;IP fragmentation IDquot; sequence generation onthe zombie host to glean information about the open ports on the target.
Question No: 45 – (Topic 3)
Study the log below and identify the scan type. tcpdump -w host 192.168.1.10
A. nmap R 192.168.1.10
B. nmap S 192.168.1.10
C. nmap V 192.168.1.10
D. nmap -sO -T 192.168.1.10
Explanation: -sO: IP protocol scans: This method is used to determine which IP protocols are supported on a host. The technique is to send raw IP packets without any further protocol header to each specified protocol on the target machine.
Question No: 46 – (Topic 3)
What does a type 3 code 13 represent?(Choose two.
Explanation: Type 3 code 13 is destination unreachable administratively prohibited. This type of message is typically returned from a device blocking a port.
Question No: 47 – (Topic 3)
An Nmap scan shows the following open ports, and nmap also reports that the OS guessing results to match too many signatures hence it cannot reliably be identified:
What does this suggest ?
This is a Windows Domain Controller
The host is not firewalled
The host is not a Linux or Solaris system
The host is not properly patched
Explanation: Explanation: If the answer was A nmap would guess it, it holds the MS signature database, the host not being firewalled makes no difference. The host is not linux or solaris, well it very well could be. The host is not properly patched? That is the closest; nmaps OS detection architecture is based solely off the TCP ISN issued by the operating systems TCP/IP stack, if the stack is modified to show output from randomized ISN#39;s or if your using a program to change the ISN then OS detection will fail. If the TCP/IP IP ID#39;s are modified then os detection could also fail, because the machine would most likely come back as being down.
Question No: 48 – (Topic 3)
Which of the following ICMP message types are used for destinations unreachables?
Explanation: Type 3 messages are used for unreachable messages. 0 is Echo Reply, 8 is Echo request, 11 is time exceeded, 13 is timestamp and 17 is subnet mask request.
Learning these would be advisable for the test.
Question No: 49 – (Topic 3)
While reviewing the results of a scan run against a target network you come across the following:
What was used to obtain this output?
An SNMP Walk
A Bo2K System query
Nmap protocol/port scan
Explanation: The snmpwalk command is designed to perform a sequence of chained GETNEXT requests automatically, rather than having to issue the necessary snmpgetnext requests by hand. The command takes a single OID, and will display a list of all the results which lie within the subtree rooted on this OID.
Question No: 50 – (Topic 3)
Samantha has been actively scanning the client network for which she is doing a vulnerability assessment test. While doing a port scan she notices ports open in the 135 to 139 range. What protocol is most likely to be listening on those ports?
Explanation: Port 135 is for RPC and 136-139 is for NetBIOS traffic. SMB is an upper layer service that runs on top of the Session Service and the Datagram service of NetBIOS.
100% Free Download!
–Download Free Demo:312-50 Demo PDF
100% Pass Guaranteed!
–Download 2017 EnsurePass 312-50 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|