Question 1: Which of the following is one of the primary ways that people can get past controlled doors?

A. Shoulder surfing

B. Piggybacking

C. Spoofing

D. Lock picking

Answer 1: B. Piggybacking is the primary way that someone would try to bypass a mantrap. To prevent and detect this, guards and CCTV can be used. Answer A is incorrect because shoulder surfing is done to steal passwords. Answer C is incorrect because spoofing is pretending to be someone else, and answer D is incorrect because lock picking is not the most common way to bypass access.

Question 2: You are preparing to perform a subnet scan. Which of the following Nmap switches would be useful for performing a UDP scan of the lower 1024 UDP ports?

A. Nmap -hU <host(s)>

B. Nmap -sU -p 1-1024 <host(s)>

C. Nmap -u -v -w2 <host> 1-1024

D. Nmap -sS -O target/1024

Answer 2: B. Nmap -sU -p 1-1024 <host(s)> is the proper syntax for performing a Nmap UDP scan. Learning Nmap and its uses are critical for successful completion of the CEH exam. Answers A, C, and D are incorrect because they are not the correct switches. -hU and -u are invalid, and -sS is used for stealth scanning.

Question 3: You are concerned that the target network is running PortSentry to block Nmap scanning. Which of the following should you attempt to bypass their defense?

A. Nmap -O <hosts>

B. Nmap -sT -p 1-1024 <hosts>

C. Nmap -s0 -PT -O -T1 <hosts>

D. Nmap -sA -T1 <hosts>

Answer 3: D. PortSentry may not be able to pick up an ACK scan as the program is looking for a startup connection sequence. Answer A is incorrect as a fingerprint “-O” scan relies on one open and one closed port. When PostSentry detects such a scan it will block access from the requesting IP address. Answer B is incorrect as PortSentry will detect and log a notice saying this IP has been blocked and will subsequently ignor this activity. Answer C is incorrect as a sO is an IP protocol scan and looks for IP header values.

Question 4: What is the real reason that WEP is vulnerable?

A. RC4 is not a real encryption standard.

B. The 24-bit IV field is too small.

C. 40-bit encryption was shown to be weak when cracked in the 1980s.

D. Tools, such as WEPCrack, can brute force WEP by trying all potential keys in just a few minutes.

Answer 4: B. The 24-bit IV field is too small because of this, and key reusage, WEP is vulnerable. Answer A is incorrect because RC4 is not too small. Answer C is incorrect because while 40 bits is not overly strong, it was not cracked in the 1980s. Answer D is incorrect because tools such as WEPCrack must capture millions of packets before it can crack the WEP key.

Question 5: What encryption standard was chosen as the replacement for 3DES?

A. RC5

B. ECC

C. Knapsack

D. Rijndael

Answer 5: D. In 2002, NIST decided on the replacement for DES. Rijndael was the chosen replacement. Rijndael is an iterated block cipher that supports variable key and block lengths of 128, 192, or 256 bits. Answer A is incorrect because it is a symmetric encryption standard but is not the replacement for DES. Answer B is incorrect because it is an asymmetric encryption standard. Answer incorrect because it is also a asymmetric encryption standard and, as such, is not the replacement for DES.