- (Topic 7)
Under what conditions does a secondary name server request a zone transfer from a primary name server?

1. A. When a primary SOA is higher that a secondary SOA
2. B. When a secondary SOA is higher that a primary SOA
3. C. When a primary name server has had its service restarted
4. D. When a secondary name server has had its service restarted
5. E. When the TTL falls to zero

Correct Answer: A
Understanding DNS is critical to meeting the requirements of the CEH. When the serial number that is within the SOA record of the primary server is higher than the Serial number within the SOA record of the secondary DNS server, a zone transfer will take place.

- (Topic 8)
John is using tokens for the purpose of strong authentication. He is not confident that his security is considerably strong.
In the context of Session hijacking why would you consider this as a false sense of security?

1. A. The token based security cannot be easily defeated.
2. B. The connection can be taken over after authentication.
3. C. A token is not considered strong authentication.
4. D. Token security is not widely used in the industry.

Correct Answer: B
A token will give you a more secure authentication, but the tokens will not help against attacks that are directed against you after you have been authenticated.

- (Topic 2)
You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place. Your peer, Peter Smith who works at the same department disagrees with you. He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain. What is Peter Smith talking about?

1. A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain
2. B. "zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks
3. C. "Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks
4. D. Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway

Correct Answer: A

- (Topic 1)
Which type of scan does NOT open a full TCP connection?

1. A. Stealth Scan
2. B. XMAS Scan
3. C. Null Scan
4. D. FIN Scan

Correct Answer: A

- (Topic 8)
You find the following entries in your web log. Each shows attempted access to either root.exe or cmd.exe.
What caused this?

1. A. The Morris worm
2. B. The PIF virus
3. C. Trinoo
4. D. Nimda
5. E. Code Red
6. F. Ping of Death

Correct Answer: D
The Nimda worm modifies all web content files it finds. As a result, any user browsing web content on the system, whether via the file system or via a web server, may download a copy of the worm. Some browsers may automatically execute the downloaded copy, thereby, infecting the browsing system. The high scanning rate of the Nimda worm may also cause bandwidth denial-of-service conditions on networks with infected machines and allow intruders the ability to execute arbitrary commands within the Local System security context on machines running the unpatched versions of IIS.