CEH

426 Appendix A ■ Answers to Review Questions

13. A. Wireshark filters use the basic syntax of putting the protocol first followed by the field
    of interest, the operator to be used, and finally the value to look for (tcp.port == 23).


14. B. Tiffany looks for NetBIOS traffic on port 139. She can use the filter string tcp.port eq 139.


15. C. This question may seem unfair, but the exam will expect you to take what looks like unre-
    lated data and extrapolate those parts that make sense. Remember, catching only the first
    octet of an IPv4 address is enough to give you a firm indication of what the question is asking.


16. A. The option –r is used to read the capture file, or the capture can be opened in a GUI-
    based sniffer such as Wireshark.


17. B. To sniff all traffic on a network segment promiscuous mode is required which allows all
    network traffic to be captured.


18. B. A switch can limit sniffing to a single collision domain unlike a lesser device such as a hub.


19. A. A hub cannot limit the flow of traffic in any way meaning that all traffic flowing
    through the switch can be viewed and analyzed.


20. B. TCPdump is a command line equivalent of windump which allows the sniffing of net-
    work traffic.

Chapter 10: Social Engineering

1. B. Phishing is performed using e-mail to entice the target to provide information of a sensi-
   tive nature.


2. A, B. Training and education is specifically used to prevent the practice of tailgating or pig-
   gybacking. Attacks such as Session Hijacking are not able to be prevented through training
   and education of end users.


3. A, B, C. Technology alone cannot stop the impact of social engineering and must be accom-
   panied by other mechanisms as well such as education. The strongest defense against social
   engineering tends to be proper training and education.


4. A,B, C, D. The targets of social engineering are people and the weaknesses present in
   human beings.


5. D. Social engineering takes advantage of many mechanisms, including Trojan horses, but it
   does not use viruses. However instant messaging, mobile phones, and Trojan horses are all
   effective tools for social engineering.


6. A. Social engineering is designed to exploit human nature with the intention of gaining infor-
   mation.


7. A, B. Education and spam filtering are tremendously helpful at lessening the impact phish-
   ing. Pure antivirus and antimalware do not include this functionality typically unless they
   are part of a larger suite.

bapp01.indd 426 22-07-2014 10:56:36