issuhub.com

CEH

(Jeff_L) #1

Chapter 2: System Fundamentals 417



  1. A. TOE stands for target of evaluation and represents the target being tested.

  2. C. A vulnerability is a weakness. Worms, viruses, and rootkits are forms of malware.


Chapter 2: System Fundamentals



  1. D. Proxies operate at layer 7, the application layer of the OSI model. Proxies are capable
    of filtering network traffic based on content such as keywords and phrases. Because of this,
    a proxy digs down further than a packet’s header and reviews the data within the packet
    as well.

  2. B. A network device that uses MAC addresses for directing traffic resides on layer 2 of the
    OSI model. Devices that direct traffic via IP addresses, such as routers, work at layer 3.

  3. A. Windows remains king for sheer volume and presence on desktop and servers.

  4. A. Port 443 is used for HTTPS traffic, which is secured by SSL.

  5. D. Each port on a switch represents a collision domain.

  6. D. Token ring networks use a token-based access methodology. Each node connected to the
    network must wait for possession of the token before it can send traffic via the ring.

  7. A. Hubs operate at layer 1, the physical layer of the OSI model. Hubs simply forward the
    data they receive. There is no filtering or directing of traffic; thus they are categorized at
    layer 1.

  8. B. Remember this three-way handshake sequence; you will see it quite a bit in packet cap-
    tures when sniffing the network. Being able to identify the handshake process allows you to
    quickly find the beginning of a data transfer.

  9. D. Transmission Control Protocol (TCP) is a connection-oriented protocol that uses the
    three-way-handshake to confirm a connection is established. FTP and POP3 use connec-
    tions, but they are not connection-oriented protocols.

  10. A. Port 23 is used for telnet traffic.

  11. D. Ports 49152 to 65535 are known as the dynamic ports and are used by applications that
    are neither well known nor registered. The dynamic range is essentially reserved for those
    applications that are not what we would consider mainstream. Although obscure in terms
    of port usage, repeated showings of the same obscure port during pen testing or assessment
    may be indicative of something strange going on.

  12. C. Packet filtering firewalls inspect solely the packet header information.

  13. C. Intrusion detection systems (IDSs) react to irregular network activity by notifying sup-
    port staff of the incident; however, unlike IPSs, they do not proactively take steps to prevent
    further activity from occurring.


bapp01.indd 417 22-07-2014 10:56:35

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.