Hi Dareth
Q1
Doug is conducting a port scan of a target network. He knows that his client target network
has a web server and that there is a mail server which is up and running. Dough has been sweeping the network but has not been able to elicit any response from the remote target.
Which of the following could be the most likely cause behind this lack of response? Select 4
a. UDP is filtered by a gateway
b. The packet TTL value is too low and cannot reach the target
c. The host might be down
d. The destination network might be down
e. The TCP windows size does not match
f. ICMP is filterd by a gateway
ans: A,B,C,D
i thought the answer is A,C,D,F
Although b. is a unlikely situation I would go for b. rather than f. Why ? There are manyways u can do a port scan, its not necessarily ICMP ping. (Ex see NMAP help for different ways of scaning a network or a box). So filtering ICMP probably is not a cause for negative results.
Q2
You have the SOA presented below in you Zone. Your secondary servers have not been able to contact your primary server to synchronise information. How long will the secondary servers attempt to conact the primary server before it considers that zone is dead and stops responding to queries?
college.edu (200302028 3600 3600 6+4800 3600)
a. 1 day
b. 1 hour
c. 1 week
d. 1 month
Answer: C
i thought the answer is 1 hour??
60sec x 60 = 3600seconds
To my knowladge 1 hr seems to correct. But again I am not a DNS expert. It seems that the definition of the TTL has changed at some time ( see hxxp://www.zytrax.com/books/dns/ch8/soa.html ). Sorry I dont have time to read and give a full explanation.
Q3
Joe worried that network adminstrator miht detect the wiretap program by querying
the interfaces to see of they are running in promiscuous mode.
a. Block output to the console whenever the user runs ifconfig command by running screen
capture utility
b. Run the wiretap program in stealth mode from being detected by the ifconfig command
c. Repalce original ifconfig utility with the rootkit version of ifconfig hiding
Promiscuous information being displayed on the console
d. You cannor disable Promiscuous mode detection on Linux Systems.
Answer given is D, and I thought answer should be C.
Actual test is definitely wrong here. The answer is C
Q 4
A following attack on web server using obstructed URL:
http://www.example.com/scri[t.ext?template%2e%2e%2e%2e%2e%2f%65%74%63%2f%7
how to protect information systems from these attacks
A. Configure web server to deny alerts from these attacks
B. Create rules in IDS to alert on strange Unicode requests
C. Use SSL authentication on Web Servers
D. Enable Active scri[ts detection at the firewall and routers.
Answer given is B
The only reason i thought of its IDS deployed infront of the web server (DMZ segment)
what about A? can we configure the webserver to deny unicode request?
Ar you sure u reproduced this question correctly ?
"Configure web server to deny alerts from these attacks" doest make much sense. If the option is "Configure web server to deny unicode request", then u have a point. This is one of the ambigous questions which I too found in CEH. Both A and B can be correct based on defferent scenarios.
5.
Bubba has just accessed he preferred ecommerce web site and has spotted an item that he would like to buy. Bubba considers the price a bit too steep. He looks at the source code of the webpage and decides to
save the page locally, so that he can modify the page variables. In the context of web application security,
what do you think Bubba has changes?
A. A hidden form field value.
B. A hidden price value.
C. An integer variable.
D. A page cannot be changed locally, as it is served by a web server.
Answer given is A.
I was thinking whether the answer could be D.
Even the entire page is downloaded into our PC, we changed the value locally, but it doesnt reflect in the server such via POST method...
Answer A is correct. U can save a page locally and change a form field value and resubmit. Most popular ecommerce sites have protection against this. But I can give you u live ecommerce site in the internet where u can do this. U can actully add a $30 item to ur shopping cart with a price tag of $10. But..... it is unethical to disclose the site and it will be even worse it somebody try purchase stuff that way. ..... And "YES" I did go upto the purchase point and "NO" I did not buy anything this way.
Regards
Show Posts
. Thats why I stuck around after getting through. 
OSCP - Offensive Security Certified Professional : Failed my first attempt at the OSCP exam
