100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Ethical Hacking Exam Questions with Answers $12.79   Add to cart

Exam (elaborations)

Ethical Hacking Exam Questions with Answers

 11 views  0 purchase
  • Course
  • Ethical Hacking
  • Institution
  • Ethical Hacking

Ethical Hacking Exam Questions with Answers Where in Internet Explorer can ActiveX controls be disabled? - Answer-Tools>>Internet Options >>Security>>Custom level You have gained access to a client computer that has e-mail software installed, and would like to prove that th...

[Show more]

Preview 2 out of 13  pages

  • August 21, 2024
  • 13
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • Ethical Hacking
  • Ethical Hacking
avatar-seller
Perfectscorer
Ethical Hacking Exam Questions with
Answers

Where in Internet Explorer can ActiveX controls be disabled? - Answer-Tools>>Internet
Options >>Security>>Custom level

You have gained access to a client computer that has e-mail software installed, and
would like to prove that the e-mail software built in protections do not adequately protect
saved passwords. What tool(s) can you use to recover the e-mail account passwords? -
Answer-Mail PassView
Advanced MailBox Password Recovery

What happens when a packet with a flag of RST is sent to a host? - Answer-The
receiving host closes the connection and enters the CLOSED state, and releases all
resources from the connection

After gaining access to a Windows Active Directory domain controller, you are now
hoping to crack passwords for accounts across the domain. What utility can you use to
attempt to gain authentication details on this server? - Answer-L0phtCrack

After scanning a targeted server, you discover that UDP port 1434 is open and appears
to be active. What does this tell you about the target server? - Answer-It is possible that
arbitrary code can be executed utilizing a specially crafted request to the UDP port
The server is using the SQL Server Resolution Service (SSRS) and may be vulnerable
to buffer overflow attacks

In securing IIS, what steps should be taken to implement sufficient auditing and
logging? - Answer-IIS log files should be relocated and protected by IISLockdown
Failed logon attempts should be enabled in logging

What is the primary source for web server vulnerabilities? - Answer-server side scripting
exploits

As part of an audit, you are performing reconnaissance of a client's network. You are
attempting to target SQL servers, which you then plan to attempt to gain access to.
What program can you use to perform SQL server fingerprinting, as well as brute force
attacks, and create a custom xp_cmdshell? - Answer-Sqlninja

What HTTP authentication mechanism can utilize the Windows credentials of the
logged in user to attempt to authenticate to a Web page? - Answer-NTLM based
authentication

, How can a web serve application be secured against SQL injection attacks? - Answer-
User input should be validated and sanitized, as well as checked for expected data
types, and should not be allowed as part of a query if these checks fail

Upon finding an IIS server in your client's network, you discover that a virtual directory
named MSADC is accessible on the web page's root structure. How could you take
advantage of this? - Answer-You could use the showcase.asp script along with a single
file on the server to view the source code of the file, and you can view other file contents
via directory traversal

What regular expressions can be used to check for single quotes or double dashes, for
input validation purposes? - Answer-/(\%27)|(\')|(\-\-)|(\%23)|(#)/ix
//(\%3D)|(=)[^\n]*((\%27)|(\')|(\-\-)|(\%3B)|(;))/i

What countermeasure can be deployed to reduce the likelihood of log tampering? -
Answer-Ensure all logs are digitally signed and time stamped

What does the Address-bar protection setting do in Internet Explorer? - Answer-It
prevents pop-ups or standard windows from hiding the address bar, ensuring a user can
always see the current URL of a web page

What are valid countermeasures against password crackers that help ensure password
security is maintained? - Answer-Provide training on how to select secure passwords
An account should be locked if an incorrect password is entered several times in a row

What is the role of the BITS server extension in IIS? - Answer-It is used by applications
such as Windows Updates and Automatic Updates for background file transfers

What extension of NTLM authentications provides Kerberos based authentication over
HTTP? - Answer-negotiate authentication

Your client has come to you requesting that you assist with the implementation of
session hijacking countermeasures. What approaches are valid for this request? -
Answer-Minimize remote access, and require strong authentication and encryption use
for all VPNs
Allow limited incoming connections and only from known trusted IP addresses

What Internet Explorer setting can be enabled to prevent scripts on web pages from
interacting with content from other domains or windows? - Answer-Cross-domain
barriers

What utility allows its user to monitor an entire network and assists in taking over
sessions, while also saving an exact copy of the user's session? - Answer-IP Watcher

You are securing a web application and have been tasked with securing user cookies
from misuse. What steps can you take to ensure stolen cookies and changed values in

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Perfectscorer. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $12.79. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

67096 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$12.79
  • (0)
  Add to cart