I have been going through and vetting all the test questions and have come across several that are either wrong, or I do not understand. Can anyone please help me with the ones I do not understand?
Q1. You are reviewing log files and results form a day of pen testing. The following command appears in one of the logs:
nc -l -u -p 55555 < /etc/passwd
What was the ethical hacker attempting to do?
They say the answer is Take a copy of the /etc/passwd file when connected to 55555. - I guess I am not understanding the work flow here. Can someone explain this to me? It is missing an IP and I guess that is what is throwing me off.
Q2. You are running a FIN scan. What response would you expect from a closed port?
They say nothing, but in my tests I always get a RST packet, regardless of OS. (Windows 2003, Linux Metasploitable)
Q3. You are running a FIN scan. What would you expect from an open port?
They say RST, I say you cant tell without knowing the OS. Windows gives a RST, but Metasplotable returned nothing.
Q4. What port does Tini use?
They say 777, but Symantec and other sites say 7777. I am guessing it is a type O on their part?
Q5. How is a session key created in SSL?
They say The client creates it after verifying the server's identity.
Several sites say they both do. It is based on the random string of the server and the premaster secret from the client. Who is right?
Q6. Your network administrator wants to prevent NetBIOS traffic into a segment. Which ports should be clocked on the firewall. (Choose all that apply)
They say 135, 139 and 445.
445? I thought that used to be NetBIOS over TCP, but that is no longer true. What is the best answer for the CEH exam?
Q7. You are asked to compile a program in Linux. WHich commands will you need? (Choose all that apply)
They say ./configure, make, make install
I say ./configure and make.
My understanding is that make install installs the compiled code. Who is correct?
Q8. How does traceroute work?
They say It manipulates the TTl (hop count) within packets TO ELICIT AN ERROR MESSAGE AT EACH HOP.
I say take out the error part and you are good to go. Right?
Q9. An attacker hopes to capture data from a target Bluetooth device. Which Bluetooth attack will be performed.
They say BlueSniffing
I say Bluescarfing.
My understanding is Bluescarfing is the actual theft of data, where Bluesniffing is like using wireshark. While you could steal data that way, it would seem that Bluescarfing is a better answer. What do you all say?
Q10. At what layer does SSL operate?
They say Layer 4 (Transport)
I find answers that say layer 7 and layer 5 and have been told that encryption happens at layer 6 (What I was taught in Net+)
What is the correct answer for the CEH test?
Q11. You run a null scan against a target, which returns all ports open. Which of the following statements is true?
* all ports are open
* system is most likely a web server
* The system is a Windows machine <-- their answer
* The system is behind a firewall.
I have done this many times, and always Windows shows all ports are closed. I do not have access to Windows 2000 or NT.
Can someone please give me the correct answer and also explain this to me?
Q12. Your team has a pretty good idea of likely usernames and passwords (based on policy and previous testing). WHich of the following tests would be the best choice for the quickest results.
* brute force
* Hybrid <-- their answer
I say Dictionary. No mention of complex passwords... just the fastest attack. Am I not right?
Out of 300 questions, to only not understand these... I do not feel I am doing to bad. But I would like to understand them all! So any help would be most appreciated!