Certified Ethical Hacker (CEH) Exam Free Practice Questions Quiz 60

The reconnaissance and footprinting phase involves determining the size and scope of your test. Reconnaissance is where you gather information about your target, while footprinting is the method of trying to identify network blocks, hosts, locations, and people. The information gathered here will be used later as you progress through additional stages.

In a ring topology, all the nodes appear to be connected to a contiguous network segment. Typically, all messages travel through a ring in the same direction, and a failure in any cable or device breaks the loop and will take down the entire segment.

The window header is a 16-bit field that tells the recipient how many bytes the sender is willing to accept. This allows for speeding up and slowing down the communication. A smaller window size means more acknowledgments are necessary, while a larger window size means the channel is reliable, so there isn’t as much need to keep checking in.

Virtual Local Area Network (VLAN) allows a network of computers and users to communicate in a simulated environment as if they exist in a single LAN and are sharing a single broadcast and multicast domain. VLANs are implemented to achieve scalability, security, and ease of network management and can quickly adapt to changes in network requirements and relocation of workstations and server nodes.

A threat vector is a pathway by which a threat agent gains access through one or more of six main routes into a computer system by exploiting a route vulnerability.

Security standards are the direction about how policies should be implemented. There are sets of standards that provide guidance for organizations and are managed by standard bodies. First, the National Institute of Standards and Technology (NIST) has a set of standards, documented in several special publications. Second, the International Organization for Standardization (ISO) maintains ISO 27001 and ISO 27002. Other standard documents may be relevant to you, depending on where you are in the world.

The security information and event management (SIEM) software is used to correlate and analyze security alerts. The advantage of using SIEM is being able to pull a lot of data together so you can get a broader picture of what is happening across the network. This will help you to see trends and larger attacks.

Using the program auditctl, audit policies can be managed on a Linux system. The auditing subsystem in the Linux kernel can be used to watch files and directories for activity. It can also be used to monitor application execution and to monitor system calls. Any system call used by any program on the system can be monitored and logged.

TheHarvester tool is a script that will search through the different sources to locate contact information based on a domain name provided to the program. It is designed to understand the customer footprint on the internet. It is also useful for anyone that wants to know what an attacker can see about their organization.

Shodan (www.shodan.io) is an excellent resource when it comes to identifying devices that are considered part of the IoT. Using searches of the Shodan database, you can identify devices that may exist on the target network. For example, the search term port:20000 source address can identify distributed network protocol (DNP) 3 devices.