- Home
- EC-COUNCIL
- Certified Ethical Hacker Exam (CEH v10)
- EC-COUNCIL.312-50v10.v2018-12-24.q175
- Question 14
Valid 312-50v10 Dumps shared by ExamDiscuss.com for Helping Passing 312-50v10 Exam! ExamDiscuss.com now offer the newest 312-50v10 exam dumps, the ExamDiscuss.com 312-50v10 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 312-50v10 dumps with Test Engine here:
Access 312-50v10 Dumps Premium Version
(745 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 14/175
In cryptanalysis and computer security, 'pass the hash' is a hacking technique that allows an attacker to authenticate to a remote server/service by using the underlying NTLM and/or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case.
Metasploit Framework has a module for this technique: psexec. The psexec module is often used by penetration testers to obtain access to a given system whose credentials are known. It was written by sysinternals and has been integrated within the framework. The penetration testers successfully gain access to a system through some exploit, use meterpreter to grab the passwords or other methods like fgdump, pwdump, or cachedump and then utilize rainbowtables to crack those hash values.
Which of the following is true hash type and sort order that is used in the psexec module's 'smbpass' option?
Metasploit Framework has a module for this technique: psexec. The psexec module is often used by penetration testers to obtain access to a given system whose credentials are known. It was written by sysinternals and has been integrated within the framework. The penetration testers successfully gain access to a system through some exploit, use meterpreter to grab the passwords or other methods like fgdump, pwdump, or cachedump and then utilize rainbowtables to crack those hash values.
Which of the following is true hash type and sort order that is used in the psexec module's 'smbpass' option?
Correct Answer: A
- Question List (175q)
- 1 commentQuestion 1: Which of the following describes the characteristics of a Bo...
- Question 2: Which of the following will perform an Xmas scan using NMAP?...
- Question 3: The "white box testing" methodology enforces what kind of re...
- Question 4: Seth is starting a penetration test from inside the network....
- Question 5: Security Policy is a definition of what it means to be secur...
- Question 6: Which of the following attacks exploits web age vulnerabilit...
- Question 7: To maintain compliance with regulatory requirements, a secur...
- Question 8: Which of the following cryptography attack is an understatem...
- Question 9: In which of the following cryptography attack methods, the a...
- Question 10: What is the most secure way to mitigate the theft of corpora...
- Question 11: A technician is resolving an issue where a computer is unabl...
- Question 12: You want to do an ICMP scan on a remote computer using hping...
- Question 13: Shellshock allowed an unauthorized user to gain access to a ...
- Question 14: In cryptanalysis and computer security, 'pass the hash' is a...
- Question 15: This phase will increase the odds of success in later phases...
- Question 16: How can rainbow tables be defeated?...
- Question 17: OpenSSL on Linux servers includes a command line tool for te...
- Question 18: Which of the following antennas is commonly used in communic...
- Question 19: Which regulation defines security and privacy controls for F...
- Question 20: Log monitoring tools performing behavioral analysis have ale...
- Question 21: In Risk Management, how is the term "likelihood" related to ...
- Question 22: Why should the security analyst disable/remove unnecessary I...
- Question 23: What network security concept requires multiple layers of se...
- Question 24: There are several ways to gain insight on how a cryptosystem...
- Question 25: In both pharming and phishing attacks an attacker can create...
- Question 26: Which component of IPsec performs protocol-level functions t...
- Question 27: To determine if a software program properly handles a wide r...
- Question 28: It is a regulation that has a set of guidelines, which shoul...
- Question 29: What type of OS fingerprinting technique sends specially cra...
- Question 30: Matthew, a black hat, has managed to open a meterpreter sess...
- Question 31: Which of the following provides a security professional with...
- Question 32: John is an incident handler at a financial institution. His ...
- Question 33: What is the way to decide how a packet will move from an unt...
- Question 34: On performing a risk assessment, you need to determine the p...
- Question 35: Firewalls are the software or hardware systems that are able...
- Question 36: ........is an attack type for a rogue Wi-Fi access point tha...
- Question 37: The following is part of a log file taken from the machine o...
- Question 38: An attacker with access to the inside network of a small com...
- Question 39: In IPv6 what is the major difference concerning application ...
- Question 40: What type of analysis is performed when an attacker has part...
- Question 41: You are working as a Security Analyst in a company XYZ that ...
- Question 42: Assume a business-crucial web-site of some company that is u...
- Question 43: What is the correct process for the TCP three-way handshake ...
- Question 44: During a recent security assessment, you discover the organi...
- Question 45: When you return to your desk after a lunch break, you notice...
- Question 46: Todd has been asked by the security officer to purchase a co...
- Question 47: An attacker changes the profile information of a particular ...
- Question 48: When you are collecting information to perform a data analys...
- Question 49: What is the role of test automation in security testing?...
- Question 50: What is the most common method to exploit the "Bash Bug" or ...
- Question 51: The "black box testing" methodology enforces what kind of re...
- Question 52: You have several plain-text firewall logs that you must revi...
- Question 53: An attacker attaches a rogue router in a network. He wants t...
- Question 54: You need a tool that can do network intrusion prevention and...
- Question 55: Firewalk has just completed the second phase (the scanning p...
- Question 56: (Exhibit) What does the option * indicate?...
- Question 57: The "gray box testing" methodology enforces what kind of res...
- Question 58: Sam is working as s pen-tester in an organization in Houston...
- Question 59: A medium-sized healthcare IT business decides to implement a...
- Question 60: Emil uses nmap to scan two hosts using this command: nmap -s...
- Question 61: A company's security policy states that all Web browsers mus...
- Question 62: A hacker named Jack is trying to compromise a bank's compute...
- Question 63: If you want only to scan fewer ports than the default scan u...
- Question 64: Cross-site request forgery involves:...
- Question 65: When analyzing the IDS logs, the system administrator notice...
- Question 66: Which of the following statements is TRUE?...
- Question 67: In an internal security audit, the white hat hacker gains co...
- Question 68: In order to have an anonymous Internet surf, which of the fo...
- Question 69: Bob, a network administrator at BigUniversity, realized that...
- Question 70: What two conditions must a digital signature meet?...
- Question 71: It has been reported to you that someone has caused an infor...
- Question 72: You have successfully logged on a Linux system. You want to ...
- Question 73: Gavin owns a white-hat firm and is performing a website secu...
- Question 74: What term describes the amount of risk that remains after th...
- Question 75: An attacker scans a host with the below command. Which three...
- Question 76: Elliot is in the process of exploiting a web application tha...
- Question 77: A penetration test was done at a company. After the test, a ...
- Question 78: While using your bank's online servicing you notice the foll...
- Question 79: Which mode of IPSec should you use to assure security and co...
- Question 80: What type of analysis is performed when an attacker has part...
- Question 81: Which Nmap option would you use if you were not concerned ab...
- Question 82: Which system consists of a publicly available set of databas...
- Question 83: You are a Penetration Tester and are assigned to scan a serv...
- Question 84: Which of the following is assured by the use of a hash?...
- Question 85: How does the Address Resolution Protocol (ARP) work?...
- Question 86: What is the purpose of DNS AAAA record?...
- Question 87: Which of the following viruses tries to hide from anti-virus...
- Question 88: A hacker has successfully infected an internet-facing server...
- Question 89: Your team has won a contract to infiltrate an organization. ...
- Question 90: Based on the below log, which of the following sentences are...
- Question 91: The collection of potentially actionable, overt, and publicl...
- Question 92: A hacker has managed to gain access to a Linux host and stol...
- Question 93: Which of the following can the administrator do to verify th...
- Question 94: You are performing information gathering for an important pe...
- Question 95: What is attempting an injection attack on a web server based...
- Question 96: If there is an Intrusion Detection System (IDS) in intranet,...
- Question 97: Bob finished a C programming course and created a small C ap...
- 2 commentQuestion 98: >NMAP -sn 192.168.11.200-215 The NMAP command above perfo...
- Question 99: Which of the following security policies defines the use of ...
- Question 100: Which regulation defines security and privacy controls for F...
- Question 101: A penetration tester is conducting a port scan on a specific...
- Question 102: Which of the following is a passive wireless packet analyzer...
- Question 103: Which one of the following Google advanced search operators ...
- Question 104: A virus that attempts to install itself inside the file it i...
- Question 105: Rebecca commonly sees an error on her Windows system that st...
- Question 106: Ricardo wants to send secret messages to a competitor compan...
- Question 107: You are performing a penetration test for a client and have ...
- Question 108: DNS cache snooping is a process of determining if the specif...
- Question 109: Which of the following is an adaptive SQL Injection testing ...
- Question 110: If executives are found liable for not properly protecting t...
- Question 111: An IT employee got a call from one of our best customers. Th...
- Question 112: Some clients of TPNQM SA were redirected to a malicious site...
- Question 113: A company's Web development team has become aware of a certa...
- Question 114: You are looking for SQL injection vulnerability by sending a...
- Question 115: Bob, your senior colleague, has sent you a mail regarding aa...
- Question 116: Alice encrypts her data using her public key PK and stores t...
- Question 117: This tool is an 802.11 WEP and WPA-PSK keys cracking program...
- Question 118: Identify the web application attack where the attackers expl...
- Question 119: Which of the following statements is FALSE with respect to I...
- Question 120: A well-intentioned researcher discovers a vulnerability on t...
- Question 121: You are a security officer of a company. You had an alert fr...
- Question 122: An LDAP directory can be used to store information similar t...
- Question 123: Bob received this text message on his mobile phone: "Hello, ...
- Question 124: Which method of password cracking takes the most time and ef...
- Question 125: Identify the UDP port that Network Time Protocol (NTP) uses ...
- Question 126: Which results will be returned with the following Google sea...
- Question 127: Which of the following is one of the most effective ways to ...
- Question 128: (Exhibit) What is the code written for?...
- Question 129: This asymmetry cipher is based on factoring the product of t...
- Question 130: Which is the first step followed by Vulnerability Scanners f...
- Question 131: In many states sending spam is illegal. Thus, the spammers h...
- Question 132: You are tasked to perform a penetration test. While you are ...
- Question 133: Jesse receives an email with an attachment labeled "Court_No...
- Question 134: It is a short-range wireless communication technology intend...
- Question 135: env x='(){ :;};echo exploit' bash -c 'cat/etc/passwd' What i...
- Question 136: The network in ABC company is using the network address 192....
- Question 137: An attacker, using a rogue wireless AP, performed an MITM at...
- Question 138: Code injection is a form of attack in which a malicious user...
- Question 139: Which Metasploit Framework tool can help penetration tester ...
- Question 140: Due to a slowdown of normal network operations, the IT depar...
- Question 141: Your company performs penetration tests and security assessm...
- Question 142: What mechanism in Windows prevents a user from accidentally ...
- Question 143: Which service in a PKI will vouch for the identity of an ind...
- Question 144: The establishment of a TCP connection involves a negotiation...
- Question 145: In which phase of the ethical hacking process can Google hac...
- Question 146: An Internet Service Provider (ISP) has a need to authenticat...
- Question 147: When purchasing a biometric system, one of the consideration...
- Question 148: Trinity needs to scan all hosts on a /16 network for TCP por...
- Question 149: You are monitoring the network of your organizations. You no...
- Question 150: You have successfully comprised a server having an IP addres...
- Question 151: The company ABC recently contracted a new accountant. The ac...
- Question 152: Which of the following Bluetooth hacking techniques does an ...
- Question 153: You perform a scan of your company's network and discover th...
- Question 154: You are attempting to run an Nmap port scan on a web server....
- Question 155: In which of the following password protection technique, ran...
- Question 156: Which of the following is a low-tech way of gaining unauthor...
- Question 157: The Heartbleed bug was discovered in 2014 and is widely refe...
- Question 158: Eve stole a file named secret.txt, transferred it to her com...
- Question 159: You are performing a penetration test. You achieved access v...
- Question 160: Internet Protocol Security IPSec is actually a suite of prot...
- Question 161: Bob, a system administrator at TPNQM SA, concluded one day t...
- Question 162: During the process of encryption and decryption, what keys a...
- Question 163: You are the Network Admin, and you get a compliant that some...
- Question 164: Which access control mechanism allows for multiple systems t...
- Question 165: Chandler works as a pen-tester in an IT-firm in New York. As...
- Question 166: As a Certified Ethical Hacker, you were contracted by a priv...
- Question 167: Which of the following program infects the system boot secto...
- Question 168: Which command can be used to show the current TCP/IP connect...
- Question 169: You have successfully gained access to your client's interna...
- Question 170: Port scanning can be used as part of a technical assessment ...
- Question 171: A computer science student needs to fill some information in...
- Question 172: It is an entity or event with the potential to adversely imp...
- Question 173: Which of the following is the least-likely physical characte...
- Question 174: What is the least important information when you analyze a p...
- Question 175: When tuning security alerts, what is the best approach?...
[×]
Download PDF File
Enter your email address to download EC-COUNCIL.312-50v10.v2018-12-24.q175.pdf