412-79 Online Practice Questions and Answers

What operating system would respond to the following command?

A. Mac OS X

B. Windows XP

C. Windows 95

D. FreeBSD

How many bits is Source Port Number in TCP Header packet?

A. 48

B. 32

C. 64

D. 16

Jason has set up a honeypot environment by creating a DMZ that has no physical or logical access to his production network. In this honeypot, he has placed a server running Windows Active Directory. He has also placed a Web server in the DMZ that services a number of web pages that offer visitors a chance to download sensitive information by clicking on a button. A week later, Jason finds in his network logs how an intruder accessed the honeypot and downloaded

sensitive information. Jason uses the logs to try and prosecute the intruder for stealing sensitive corporate information. Why will this not be viable?

A. Intruding into a honeypot is not illegal

B. Entrapment

C. Intruding into a DMZ is not illegal

D. Enticement

Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set. What is Terri trying to accomplish by sending this IP packet?

A. Poison the switch's MAC address table by flooding it with ACK bits

B. Enable tunneling feature on the switch

C. Trick the switch into thinking it already has a session with Terri's computer

D. Crash the switch with a DoS attack since switches cannot send ACK bits

You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some Cisco routers used by the company. You type in the following URL that includes the IP address of one of the routers:

http://172.168.4.131/level/99/exec/show/config

After typing in this URL, you are presented with the entire configuration file for that router. What have you discovered?

A. URL Obfuscation Arbitrary Administrative Access Vulnerability

B. Cisco IOS Arbitrary Administrative Access Online Vulnerability

C. HTTP Configuration Arbitrary Administrative Access Vulnerability

D. HTML Configuration Arbitrary Administrative Access Vulnerability

You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports should you open for SNMP to work through Firewalls (Select 2)

A. 162

B. 160

C. 161

D. 163

Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but questionable in the logs. He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

A. RIPE

B. CVE

C. IANA

D. APIPA

Bill is the accounting manager for Grummon and Sons LLC in Chicago. On a regular basis, he needs to send PDF documents containing sensitive information through E-mail to his customers. Bill protects the PDF documents with a password and sends them to their intended recipients. Why PDF passwords do not offer maximum protection?

A. PDF passwords can easily be cracked by software brute force tools

B. PDF passwords are not considered safe by Sarbanes-Oxley

C. PDF passwords are converted to clear text when sent through E-mail

D. When sent through E-mail, PDF passwords are stripped from the document completely

You are the network administrator for a small bank in Dallas, Texas. To ensure network security, you enact a security policy that requires all users to have 14 character passwords. After giving your users 2 weeks notice, you change the Group Policy to force 14 character passwords. A week later you dump the SAM database from the standalone server and run a password-cracking tool against it. Over 99% of the passwords are broken within an hour. Why were these passwords cracked so quickly?

A. Networks using Active Directory never use SAM databases so the SAM database pulled was empty

B. Passwords of 14 characters or less are broken up into two 7-character hashes

C. The passwords that were cracked are local accounts on the Domain Controller

D. A password Group Policy change takes at least 3 weeks to completely replicate throughout a network

After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet. Why is that?

A. Statefull firewalls do not work with packet filtering firewalls

B. NAT does not work with statefull firewalls

C. NAT does not work with IPSEC

D. IPSEC does not work with packet filtering firewalls

You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports should you open for SNMP to work through Firewalls (Select 2)

A. 162

B. 160

C. 163

D. 161

During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore you report this evidence. This type of evidence is known as:

A. Inculpatory evidence

B. mandatory evidence

C. exculpatory evidence

D. Terrible evidence

As a CHFI professional, which of the following is the most important to your professional reputation?

A. Your Certifications

B. The correct, successful management of each and every case

C. The free that you charge

D. The friendship of local law enforcement officers

____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.

A. Network Forensics

B. Computer Forensics

C. Incident Response

D. Event Reaction

Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?

A. Sector

B. Metadata

C. MFT

D. Slack Space