Question 1

George, a freelance Security Auditor and Penetration Tester, was working on a pen testing assignment for Xsecurity. George is an ESCA certified professional and was following the LPT methodology in performing a comprehensive security assessment of the company. After the initial reconnaissance, scanning and enumeration phases, he successfully recovered a user password and was able to log on to a Linux machine located on the network. He was also able to access the /etc/passwd file; however, the passwords were stored as a single "x" character. What will George do to recover the actual encrypted passwords?

Accepted Answer

The /etc/passwd file on Linux systems does not store actual passwords; instead, it stores an "x" indicating that the hashed passwords are stored in the /etc/shadow file, which requires root privileges to access.

Question 2

Robert is a network admin in XYZ Inc. He deployed a Linux server in his enterprise network and wanted to share some critical and sensitive files that are present in the Linux server with his subordinates. He wants to set the file access permissions using chmod command in such a way that his subordinates can only read/view the files but cannot edit or delete the files. Which of the following chmod commands can Robert use in order to achieve his objective?

Accepted Answer

The chmod 644 command sets the file permissions so that the owner can read and write, while others can only read the file. This allows subordinates to view the files without editing or deleting them.

Question 3

AB Cloud services provide virtual platform services for the users in addition to storage. The company offers users with APIs, core connectivity and delivery, abstraction and hardware as part of the service. What is the name of the service AB Cloud services offer?

Accepted Answer

The answer of AB Cloud services provide virtual platform services...

Question 4

Todd is working on an assignment involving auditing of a web service. The scanning phase reveals the web service is using an Oracle database server at the backend. He wants to check the TNS Listener configuration file for configuration errors. Which of the following directories contains the TNS Listener configuration file, by default:

Accepted Answer

The TNS Listener configuration file, typically named "listener.ora," is located in the $ORACLE_HOME/network/admin directory by default.

Question 5

Cedric, who is a software support executive working for Panacx Tech. Inc., was asked to install Ubuntu operating system in the computers present in the organization. After installing the OS, he came to know that there are many unnecessary services and packages in the OS that were automatically installed without his knowledge. Since these services or packages can be potentially harmful and can create various security threats to the host machine, he was asked to disable all the unwanted services. In order to stop or disable these unnecessary services or packages from the Ubuntu distributions, which of the following commands should Cedric employ?

Accepted Answer

The answer of Cedric, who is a software support executive...

Question 6

In delivering penetration testing report, which of the following steps should NOT be followed?

Accepted Answer

Sending the report by email or CD-ROM is not secure and could lead to unauthorized access. It's important to deliver sensitive reports securely, often in person or through secure channels.

Question 7

You have just completed a database security audit and writing the draft pen testing report. Which of the following will you include in the recommendation section to enhance the security of the database server?

Accepted Answer

Installing a certificate to enable SSL connections ensures that data transmitted between the client and the server is encrypted, enhancing the security of the database server.

Question 8

Frank is a senior security analyst at Roger Data Systems Inc. The company asked him to perform a database penetration test on its client network to determine whether the database is vulnerable to attacks or not. The client did not reveal any information about the database they are using. As a pen tester Frank knows that each database runs on its own default port. So he started database port scanning using the Nmap tool and tried different commands using default port numbers and succeeded with the following command. nmap -sU -p 1521 <client ip-address> Identify the database used by the company?

Accepted Answer

Port 1521 is the default port for Oracle databases, indicating that the client is using Oracle.

Question 9

What is the purpose of the Traceroute command?

Accepted Answer

Traceroute is used to map the path data takes from one computer to another, revealing network topology, including routers and firewalls along the way.

Question 10

JUA Networking Solutions is a group of certified ethical hacking professionals with a large client base. Stanley works as a penetrating tester at this firm. Future group approached JUA for an internal pen test. Stanley performs various penetration testing test sequences and gains information about the network resources and shares, routing tables, audit and service settings, SNMP and DNS details, machine names, users and groups, applications and banners. Identify the technique that gave Stanley this information.

Accepted Answer

Enumeration is the technique used to gather detailed information about network resources, users, groups, and services, which matches the description of the information Stanley obtained.

Question 11

Which port does DHCP use for client connections?

Accepted Answer

DHCP uses UDP port 68 for client connections, while UDP port 67 is used for server responses.

Question 12

Arnold is trying to gain access to a database by inserting exploited query statements with a WHERE clause. He wants to retrieve all the entries from a particular table (e. g. StudName) using the WHERE clause. What query does Arnold need to write to retrieve the information?

Accepted Answer

The correct query is: SELECT * FROM StudName WHERE roll_number = " or '1' = '1'This query uses SQL injection to bypass the WHERE clause and retrieve all the entries from the StudName table. The " or '1' = '1'" part of the query is a SQL injection payload that evaluates to true, regardless of the value of the roll_number column. This allows Arnold to retrieve all the entries from the table, even if he does not know the roll number of any specific student.

Question 13

Christen is a renowned SQL penetration testing specialist in the US. A multinational ecommerce company hired him to check for vulnerabilities in the SQL database. Christen wanted to perform SQL penetration testing on the database by entering a massive amount of data to crash the web application of the company and discover coding errors that may lead to a SQL injection attack. Which of the following testing techniques is Christen using?

Accepted Answer

Fuzz Testing involves inputting large amounts of random data to a system to find vulnerabilities and errors, which aligns with Christen's approach.

Question 14

Edward is a penetration tester hired by the OBC Group. He was asked to gather information on the client's network. As part of the work assigned, Edward needs to find the range of IP addresses and the subnet mask used by the target organization. What does Edward need to do to get the required information?

Accepted Answer

Edward should search for an appropriate Regional Internet Registry (RIR) to find the range of IP addresses and the subnet mask used by the target organization. RIRs manage the allocation and registration of Internet number resources, including IP addresses.

Question 15

The penetration testers are required to follow predefined standard frameworks in making penetration testing reporting formats. Which of the following standards does NOT follow the commonly used methodologies in penetration testing?

Accepted Answer

ASTM is primarily focused on developing and publishing technical standards for a wide range of materials, products, systems, and services, not specifically on penetration testing methodologies.

Question 16

Stuart has successfully cracked the WPA-PSK password during his wireless pen testing assignment. However, he is unable to connect to the access point using this password. What could be the probable reason?

Accepted Answer

The access point may have MAC filtering enabled, which restricts access to only devices with specific MAC addresses, preventing Stuart from connecting even with the correct password.

Question 17

The Rhythm Networks Pvt Ltd firm is a group of ethical hackers. Rhythm Networks was asked by their client Zombie to identify how the attacker penetrated their firewall. Rhythm discovered the attacker modified the addressing information of the IP packet header and the source address bits field to bypass the firewall. What type of firewall bypassing technique was used by the attacker?

Accepted Answer

The answer of The Rhythm Networks Pvt Ltd firm is...

Question 18

Fred, who owns a company called Skyfeit Ltd., wants to test the enterprise network for presence of any vulnerabilities and loopholes. He employed a third-party penetration testing team and asked them to perform the penetration testing over his organizational infrastructure. Fred briefed the team about his network infrastructure and provided them with a set of IP addresses on which they can perform tests. He gave them strict instruction not to perform DDoS attacks or access the domain servers in the company. He also instructed them that they can carry out the penetration tests even when the regular employees are on duty since they lack the clue about the happenings. However, he asked the team to take care that no interruption in business continuity should be caused. He also informed the penetration testing team that they get only 1 month to carry out the test and submit the report. What kind of penetration test did Fred ask the third-party penetration testing team to perform?

Accepted Answer

The answer of Fred, who owns a company called Skyfeit...

Question 19

An attacker targeted to attack network switches of an organization to steal confidential information such as network subscriber information, passwords, etc. He started transmitting data through one switch to another by creating and sending two 802.1Q tags, one for the attacking switch and the other for victim switch. By sending these frames. The attacker is fooling the victim switch into thinking that the frame is intended for it. The target switch then forwards the frame to the victim port. Identify the type of attack being performed by the attacker?

Accepted Answer

The attack described is VLAN hopping, where the attacker uses double tagging to send frames with two VLAN tags, tricking the switch into forwarding the frame to a different VLAN.

Question 20

Jack, a network engineer, is working on an IPv6 implementation for one of his clients. He deployed IPv6 on IPv4 networks using a mechanism where a node can choose from IPv6 or IPv4 based on the DNS value. This makes the network resources work simpler. What kind of technique did Jack use?

Accepted Answer

Jack used the Dual stacks technique, which allows nodes to choose between IPv6 and IPv4 based on DNS values, simplifying network resource management.

Exam 5: ECCouncil Computer Hacking Forensic Investigator