CEH

420 Appendix A ■ Answers to Review Questions

4. A. System hacking is concerned with several items, including exploiting services on
   a system.


5. B. EDGAR can be used to verify the financial filings of a company.


6. B. Operators such as filetype are used to manipulate search results for some search
   engines such as Google.


7. A. Job boards are useful in getting an idea of the technology within an organization. By
   looking at job requirements, you can get a good idea of the technology present. While the
   other options here may provide technical data, job boards tend to have the best chance of
   providing it.


8. C. Street-level views using technology such as Google Street View can give you a picture of
   what types of security and access points may be present in a location.


9. A. Social engineering can reveal how a company works.


10. C. The Wayback Machine is used to view archived versions of websites if available (not all
    websites are archived via the Wayback Machine).


11. A. Port 53 TCP is used for zone transfers concerning DNS.


12. B. Netcraft can be used to view many details about a web server, including IP address, net-
    block, last views, OS information, and web server version.


13. C. Alerts can be set up with Google as well as other search engines to monitor changes on a
    given website or URL. When a change is detected, the alert is sent to the requestor.


14. C. Scanning comes after the footprinting phase. Footprinting is used to get a better idea of
    the target.


15. D. Competitive analysis can prove very effective when you’re trying to gain more detailed
    information about a target. Competitive analysis relies on looking at a target’s competitors
    in an effort to find out more about the target.


16. D. While a computer, e-mail, or phone may be used, social engineering ultimately uses
    other items as tools to gain information from a human being.


17. A. Social networking has proven especially effective for social engineering purposes. Due to
    the amount of information people tend to reveal on these sites, they make prime targets for
    information gathering.


18. D. Footprinting is not very effective at gaining information about number of personnel.


19. B. Footprinting is typically broken into active and passive phases, which are characterized
    by how aggressive the process actually is. Active phases are much more aggressive than
    their passive counterparts.


20. B. Tracert is a tool used to trace the path of a packet from source to ultimate destination.

bapp01.indd 420 22-07-2014 10:56:35