Afceh

10/21/2010 www.hpsupport.in/afceh.
htm
KRUNAL BARUWALA
AFCEH EXAM KIT
How can you perform DNS poisoning?
DNS Zone transfer
Why do you think the Trace route tool was originally developed
To pinpoint the the exact position in the network where there was a problem
What does a data packet with the RST flag turned ON represent?
Want to reset connection
IF you create a data packet with an infinite TTL value and send it to your friend’s
computer. What will happen to the packet?
The data packet will reach the target computer
Imagine the scenario where you send a Fin data packet to a particular port on the
target system. If the target system sends back an error message, what does it
mean?
Cant say without know th Operating System Information
Which error message does the ICMP data packet with type = 3 and code = 8
represent?
Source host isolated
If you ping a particular IP address on thr internet multiple times, will the TTL
values displayed in the output always remain the same
No
http://www.hpsupport.in/afceh.htm 1/22
10/21/2010 www.hpsupport.in/afceh.htm
Which Social engineering technique is mostly likely to work against a young,

female call center employee working in a bank
Intimidation
What kind of Honeypot would you recommend a bank should use

Low involved honeypot
Perform a whois quer on the DBS bank of Singapore website (www.dbs.com.sg)

6, shenton way, Singapore
How o you bypass the bios password on a laptop (not desktop)

Default password
On google search you type the search string “Failure”. Ten you press the button
“I’m feeling lucky” you land on the page of the “Biography of president George W.
bush” what does it mean?
The search string has placed the page on the top of the search list
Are switching network vulnerable to sniffers?

Yes
You have Norton antivirus installed on your system. You scanned a trojan file and
after altering the signature found that it is not being detected by Norton Now you
send it to the victim where where it was caught by the antivirus what could be the
possible explaination
The victim is using the some other antivirus
In which country is the website www.abc.kh located?

Cant say
How many ports are open on the website www.hacking mobiles.com between port
1 and 200?
3-5 ports
Usually when you port scan your home computer, oyu will find that some part are
open ? why?
The application running on your system are using there open ports
While trying to change the signature of a Trojan you ended increasing few bytes in
the hex file. What will be the result?
The Trojan file will crash altogether
If you create a data packet with a TTL value of 1 and send it to your friend’s
computer what will happen to the data packet
There will be an error message and the data packet will be discarded
What Is the advantage of using ping sweeping as compared to the regular ping
utility?
Ping sweeping is faster and can be used to a large number of systems
What class does the IP Address 198.54.11.0 belong to?

Class c
In what step or command of email forging do you need to include any file
attachments?
DATA
What is the octal version of the IP address 198.54.11.15?

0306.066.013.017
Which of the following is a strong password password yet to remember ?

A.n.k.i.t25
If you traceroute a particular IP address on the Internet multiple times, do you

always see the same results?
No
What is the exact street address (physical address) of the system 203.94.11.12? you
should use web based tools to answer this question
Cant say
Using Information Gathering techniques determine the wed hosting company of the
DBS Bank of Singapore website(www.dbs.com.sg)
Pacific Net
What are phishing attacks?

The art of sending a fake login screen to the victim
Why do you think array bound checking on input is an important aspect of secure
programming?
Protects against integer overflows
If the intial sequence number of a system is 1000, what will it become after 10 FIN
Packets, 10 SYN Packets, 10 SYN/ACK Packets, 10FIN/ACK Packets, 10 Second
and 1234 ack Packets?
129040
What do you need to do to ensure that an Antivirus tool does not detectect the
presence of a trojan on the victim’s computer
Modify the signature of the Trojan to avoid detection
Imagine that all Instant messenger traffic has been blocked on your office or
college network. How can you access your Instant messanger and chat with your
colleagues?
www.meebos.com
which operating system has a TTL value of 128, DF set to YES, TOS = 0 and a
window size of 7000?
Windows NT
Which social enginnering thecique is most likely to work against a senior male
executive working in a bank?
Smooth talking
What kind of honeypot would you recommended a university should use?

High involved honeypot
Data is alwys broken down into smaller fragments at the sender’s end. What will
happen if you send the first fragment and third fragment o the some data target
system without sending the second fragment
ICMP fragment reassembly time exxeced error message
The tcp connect port scan is often reffered to as the most reliable technique of port
scanning why?
It cannot be blocked without affecting normal traffic
What makes the Stacheldraht attack tools so difficult to counter ?

It uses single key encryption
It communicate using ICMP
It’s default port number can be changed
It uses a very large number of simultaneous attackers
What are the steps followed by a system A when it wants to establish a new
connection with a remote computer B?
A sends SYS packet to B. B sends back SYN/ACK. A replies with ack
How can you detect SQL Injuction Loopheles on the internet?

Manual trial and error
SQL Injuction Scanner
Google hacking
GIF lan quard
Which vulnerability I sthe following programming code vulnerable against?

(printf(“&d”, input_decimal);)
Format string overflow
Can you name a major vulnerability that exist on the website http://www.iscr.org?
SQL injection
What is the difference between active and passive fingerprinting?

Active is not anonymous, passive is anonymous
Determine the web server running on the website www.hacking mobilephones.com

(you may use the daemon banner grabbing technique)
Apache
What would recommend to somebody who want to protect their identity on the
internet ?
User a proxy server
Try to use a Russian proxy server
Try to perform proxy bouncing
Try to keep changing the proxy server oyou using
What is HTtp tunneling ?

Working with any protocol transmiting it through HTTP
If oyu port scan oyour own computer and detect port 456 as open, what does it
mean?
Any modified Trojan could be installed on oyur computer
Why are dial up net connection usually consider to be more secure then broad
nband net connection
Most dial up connection provide a dynamic ip address
What is good countermeasure against land attack

Patch your operating system
I am going to writ a tool which allows user to search for ankit certified ethical hackers in ind. This tool will
allows user to enter eny rank of their choice (1‐400) & the respective cource participants name will shows up
on the screen. For exp. If the user input the number 2, then the name of the cource participate who stood 2nd
in the exam will be display on the output. Mention any one posiblities loopholes in the bellow application
working outline:
1‐all afceh cource participant info. Is stored in array AFCEH[400].
2‐USERis asked to input a rank
3‐the name of the cource participant who hold the input rank is display as output
4‐program exits.
=out of bond intager buffer overflows
what makes google hacking possible?

=google has bougt right to scan any sys on the internate
are TCP SYN port scans stelth?
=yes
what do you need to do to carry out sympathy based social engineeiring?
=pretend to be in trouble
how does the FTP bounce port scan techique work?
=port 21
which os has a TTL value of 128, DF set to yes, tos=0 and a windows size of 20000?
=win NT
the initial sequence no. of a sys is 12345689. what will it become after 127 secound 1000 connection
and 1 reboot?
=12345689
why are distributed dos attack so very powerfull and efficient?
=1‐it is a new attack technique and does not have any countermasure.
2‐it use a very large nu of attacker and generat a hifh amount of traffic.
3‐ it is verry difficult to trace the attacker.

4‐one of the above.
5‐all of the above.
When you try to use a web based proxy server like www.anonymizer.com to log into your hotmail email accont
then how come you are able to log in?
=since hotmail cannot set coockis on your system.
What llopholes does the following code exploit?
http://www.victim.com/login.asp?no=40 UNION SELECT TOP 1 TABLE_NAME FROME

INFORMATION_SCHEMA.TABLES‐
=SQL injection
in the os fingerprinting technique of using ping and tracerout, what is the mathametical calculation that
one needs to perform?
=final TTL Value + number of hops‐1
what loopholes does the following code exploit?

<html><body><a href=c:\con\con> hello </a></body><html>
=window cant handle the con reference
what is the MD5 hash fingerprint value of the text Ankit?
=b85991f378b78df6b 1eoff82da56f572
what defoult service usuallu runs on port 79?
=finger
what is the differnce between a shadowed password meance file and an unshadowed password file?
=shadowed meance replaced with a token unshadowed meance unencrypted.
Assume that sys X sends a NACK data packet to system Y.what does the packet meanc?
=it meance that X wants to end the connection with Y.
what defoult service usually runs on port 69?
=TFTP
what is the bese 64 encoded value of the text HELLO ankit?
=SGVsbG8gQW5raXQ
imagine u want t connect to port 25 of the target computer. However,there is a firwall which blockes u
connection request port 25 & allow u to connect to only port80,port21. what will u do? How can u acces
port 25 of the target computer?
=firwall tunneling& port redirecton
convrert the following text V2VsbCBEb25IliBFdGhpY2FsIEhhY2tlci4=into its plaintext?
=welldone .ethical hacker.
1. Assume that there are three systems Attacker,target and spoof imagine that the Attacker is performing ip
spoofing on the system target by spoofing his ip address to spoof. What would happen if the system spoof
is not Dos attacked?
 spoof will send back a NACK or error message and prevent the successful execution o ip spoofing.
2. how does smashguard counter buffer overflows?

`
*it allow the application to store the return address of the program contoler flow.
3. you discover that your system has a modife version of the prosiak Trojan installed on it. Which is the first
countermesure you will take?
 block acess to port 22222 with a firwall

 block acess to port 222222 with a firwall
 install an antivirus tool.
 Port scan ur computer.
3.usually when u port scan ur home pc ,u will find that some port are open why?
 the application running on ur system r using this open ports
4.imagine u r a terrorist. U wish to secure and securely trancfer a file frome ur system in India to ur colleague
system in Indonesia. Describe sn innovative secure transmission technique that u will use. U may combine
more than one single technique as well.
 steganography
5.which vulnerability does the phishing technique rely on ?
 the user
6. which operating system has a ttl value of 128, df set to yes, tos = 0 and a window size of 7000?
 windows NT
7. how can you detect whether an image any hidden data?
 steganografy.
8. tf the dimain name of a system is www.domain.hu then what do you know about its location ? where is it
located?
 cant say
9.if you want creat avirus that spreads by infecting user that visit your website, which programming language
should you use.
 scripting languages.
10. describe the best technic to bypass the windows screensaver password BFFORF the screensaver has been
loded displayed on the screen.
 Editing the screensaver file in an editor.
1. What does the search expression “‐vulnerability windows” search for?
Returns results with vulnerability and also windows.
2. Which of the following algorithms is not a hash algorithm?
DES
3. Which of the following attacks will pass through a network layer intrusion detection system
undetected?
A test‐cgi‐attack
4. Buffer overflows is an examples of_________?
Implementation
5. What is the art of using mathematics or logical algorithms to carry out encryption and decryption of data
called?
Cryptography
6. What is the advantage of using CODEEN instead of www.samair.ru/proxy?
CODEEN tells you the status of the various proxy servers.
7. What are the two classifications of Symmetric cryptography?
Stream and Block ciphers
8. if you want to track changes to files on Linux based file server, which one of the following should be
used?
System integrity Verifier(SIV)
9. The external gateway interface of an IDS system is receiving a large number of ICMP Echo Reply packets
which are not responses from the internal host’s requests. What could be the most likely cause?
The IDSIP address was spoofed while doing a Smurf attack.
10. which of these operates can be used to locate files of a specifies type using Google?
A and C
11. which is the fastest and easiest technique to bring down a network?
dDOS attacks
12. Hash functions are also popularly known as:
Message digests
13. Which is the best countermeasure against keyloggers ?
Key Scamblers
14. Where does the shadowed group password information get stored on Linux system?
/etc/gshadow file
15. What will be the decrypted password if the encrypted screen saver password is 09 2f 35 22 53?
AFCEH
16. How many keys are used in secret key cryptography(SKC)?
One
17. What is the base 64 Encoded version of the text cryptorzz?
Y3J5cHRvenp5==
18. Which technique allows you to decipher encrypted data without knowing the keys?
Cryptanalaysis
19. Name a tool that is commonly used to implement the AES algorithm.
BT AES File Encrypt
20. Which of these algorithms are prone to timing attack?
SHA‐1
21. Rule‐ based detection is also known as:
option 1,2and 3
What is the key length in DES and 3DES?

56bit
Name a tool that automatically encrypts or decrypts data (without any user intervetion)
True crypt
In which of the following ways, can google be used to provide anonymity while surfing?
a)using google’s cached pages
c)using google language tools
what does the ‘inanchor:’ operator search for when used in a google search?
Search for text in link anchors
What is the primary advantage a hacker gains by using encryption?

IDS system are unable to decrypt it
What happens when one experienene a ping of death?

This when an ip datagram is received with the “protocol field in the IP header set to 1(ICMP), the last fragment bit
is set and (ip offset * 8)+(ip data length) > 65535
Which query would allow you to search for files of types PDF that have gov in the URL
Filetype:pdf Inurl:gov
Select the best query for the following requeirements
a)the page title should have the word admin or login
b)the url should have the word cgi or php or asp
c)should search only with in xyz.com
d)should have username as text present in the page.

Intitle:admin|login inurl:cgi|php|asp site:xyz.com username
Which of the following can be consider appropriate action session hijacking

Configure the appropriate spoof rules on gateways(inert and external)
With the help of google carry out of the following calculation and select the correct answer(or the one
closest in value in cae of doubts)
“Twenty fifth root of log104856 multiplied by the speed of light”

315852435 m/s
1 If port 110 of the target computer is open, what do you know about the type of daemon running on it.
it is SMTP daemon.
2. Decrypt the following text:Jgji ppdpgddmt
kill president
3. which is the first technique that you would try when you wish to find out the victim’s email accoount
password?
Password Guessing
4.if port 79 of the target computer is open, does it always mean that it has a Fingar daemon Running?
NO
5.what is Name an example of?
port Scanner
6. What is the Squid an example of?
proxy server
7.What does a reverse dns lookup do?
coverts an ip Address into dns.
8. why is all communication carried out using MSN Messengar not Safe?
they do not use encryption of data.
9. which tool you use to determine the os the target computer?
Namp
10. decrypt the following text. Cpnc qbsmjbnfou
Bomb parliament
11. why is wingate so popular?
it protects your identity.

12. which is a better password? Rendezvous or door123?
door123
13.why Should you carefully destroy your Monthly mobile phone bill or telephone bill?
identity Theft
14. which out the following is most likely to be vulnerable to SQL Injection Attacks?
A shopping Cart.
15. which tool would you use to trace the sender of an email?
visual route.
16.if port 25 of the target computer is open, What do you know about the type of daemon running on it?
can’t say.
17.if port 79 of the target computer is open, What do you know about the type of daemon running on it?
cant’s say.
18. why is all communication carried out using skype safe?
they use Encryption of data.
19. which of the following places are likely to have any avidence against the attacker?
all of the above.
20.tf port 8o the target computer is open, what do you know about the type of daemon running on it?
cant’s say
21. decrypt the following text: Gdjim wmpjd
Hello World
22. which tool would you use to diagnose a network error?
ping
23. encrypt the following: dhoom
3446666666
24. what would permanently solve the problem of distribute Dos attacks?
infinite Bandwidth to all.
25. what does a DNS Lookup do?
Converts a DNS into IP address.
26. what does the “fake login screen” rely on ?
lack of awareness of user
27. The TCPDUMP tool is a great of a tool that allows you to do what ?
Sniffing of data
28. Why is it advisable to never use a public to bank or shop online?
Sniffing
29. The NEOTRACE tool is a great example of a tool that allows you to do what?
Trace an IP address geographically.
30. The SUB7 tool is great example of a tool that allows you to do what?
Trojan Attacks.
31. Decrypt the following:344666666
Dhoom
32. Why does Microsoft windows crash whenever you try to create a “con” file?
Cant handle such a filename
33. Which tool would you use to port scan the target computer?
Nmap
34. What is black ICE an example of ?
Firewall
35. which port would you connect to in order to download your emails manually?
port110
36. What is preventing you from being able to successfully send forged emails from smtp-roam.stanford.edu?
Mail Daemon has disabled mail relaying
37. Why should your password be a combination of alphabets, numbers and special characters?
To prevent Brute Force
38. Which of the following places are NOT likely to have any evidence against the attacker?
Solitaire
39. Why should you not give your bank account password eveeive a phone call from a bank employee?
Social Engineering
40. What is the correct sequence of commands when you are sending a forged email?
EHLO, MAIL, RCPT, DATA
41. Can the port number used by a particular daemon be changed?
yes
42. Which is a better password? Door123 or DoOR123?
DoOR123
43. The SNOW tool is a great example of a tool that allows you to do what?
Embedding
44. What kind of data hiding or encryption or embedding technique has been used in the following text:
Text steganography
45. Why do most banks ask customers to not reveal their bank account passwords to even employees from the
bank?
To prevent phishing attacks
46. While performing computer forensics, what would happen if you took a backup of a hard disk instead of
making an image copy?
Evidence may be overlooked.
47. What would you do first? ICMP Scanning or Port Scanning?
Doesn’t Matter
48. If Port 21 of the target computer is open, does it always mean that it has a FTP daemon running?
NO.
49.What are sockets?
Sockets are needed to establish a proper channel of communication.

Afceh

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Afceh

Uploaded by

Copyright:

Available Formats

10/21/2010 www.hpsupport.in/afceh.

Cant say without know th Operating System Information

Which Social engineering technique is mostly likely to work against a young,

What kind of Honeypot would you recommend a bank should use

Perform a whois quer on the DBS bank of Singapore website (www.dbs.com.sg)

How o you bypass the bios password on a laptop (not desktop)

Are switching network vulnerable to sniffers?

In which country is the website www.abc.kh located?

What class does the IP Address 198.54.11.0 belong to?

What is the octal version of the IP address 198.54.11.15?

Which of the following is a strong password password yet to remember ?

If you traceroute a particular IP address on the Internet multiple times, do you

What are phishing attacks?

What kind of honeypot would you recommended a university should use?

What makes the Stacheldraht attack tools so difficult to counter ?

How can you detect SQL Injuction Loopheles on the internet?

Which vulnerability I sthe following programming code vulnerable against?

What is the difference between active and passive fingerprinting?

Determine the web server running on the website www.hacking mobilephones.com

What is HTtp tunneling ?

What is good countermeasure against land attack

2‐USERis asked to input a rank

=out of bond intager buffer overflows

what makes google hacking possible?

are TCP SYN port scans stelth?

what do you need to do to carry out sympathy based social engineeiring?

how does the FTP bounce port scan techique work?

why are distributed dos attack so very powerfull and efficient?

3‐ it is verry difficult to trace the attacker.

5‐all of the above.

=since hotmail cannot set coockis on your system.

What llopholes does the following code exploit?

http://www.victim.com/login.asp?no=40 UNION SELECT TOP 1 TABLE_NAME FROME

=final TTL Value + number of hops‐1

what loopholes does the following code exploit?

=window cant handle the con reference

what is the MD5 hash fingerprint value of the text Ankit?

what defoult service usuallu runs on port 79?

=shadowed meance replaced with a token unshadowed meance unencrypted.

=it meance that X wants to end the connection with Y.

what defoult service usually runs on port 69?

what is the bese 64 encoded value of the text HELLO ankit?

=firwall tunneling& port redirecton

convrert the following text V2VsbCBEb25IliBFdGhpY2FsIEhhY2tlci4=into its plaintext?

=welldone .ethical hacker.

2. how does smashguard counter buffer overflows?

 block acess to port 22222 with a firwall

 the application running on ur system r using this open ports

5.which vulnerability does the phishing technique rely on ?

7. how can you detect whether an image any hidden data?

 Editing the screensaver file in an editor.

1. What does the search expression “‐vulnerability windows” search for?

Returns results with vulnerability and also windows.

2. Which of the following algorithms is not a hash algorithm?

4. Buffer overflows is an examples of_________?

6. What is the advantage of using CODEEN instead of www.samair.ru/proxy?

CODEEN tells you the status of the various proxy servers.

7. What are the two classifications of Symmetric cryptography?

Stream and Block ciphers

System integrity Verifier(SIV)

The IDSIP address was spoofed while doing a Smurf attack.

12. Hash functions are also popularly known as: