header bg

Download PASSEMALL Prep app now

Scan QR code or get instant email to install app

Question:

Which of the following is capable of converting the machine's genuine operating system into the virtual machine?

A a Hypervisor-level rootkit
explanation

ECC describes a hypervisor-level rootkit as one that essentially replaces your actual operating system with a virtual one.

Explore more Cehv10 questions
Take more free practice tests for other PASSEMALL topics with our ceh training now!

Comments

Leave a Reply

Your email address will not be published.

*

Related Questions

Which of the following is an example of a passive online password attack?

Sniffing subnet traffic to intercept a password

In the hopes of pulling off a reply or man-in-the-middle attack, passive online attacks entail merely capturing credentials sent in clear text or copying the full password exchange.

Which of the following is the most likely explanation in the situation
When performing standard maintenance on a database server, you notice one hour of time missing from the log file during what would normally be regular operation hours. Further investigation reveals that there have been no user complaints about accessibility.

The server was compromised by an attacker.

During regular business hours, it's a database server, and there's nothing in the log? Forget about the fact that a reboot would have occurred somewhere—no one complained about it being down at all. No, we believe this one will need some forensics work. Contact the IR team.

LM employs which encryption standard?

DES

LAN Manager (LM), an ancient and outmoded authentication system, employed DES, an outmoded method of hashing data (in this case, passwords).

Is this person using safe password procedures?
While pen-testing a client, you learn that LM hashing with no salting is still used on most systems for backward compatibility. The hash of one stolen password is 9FAF6B755DC38E12AAD3B435B51404EE.

No, the hash reveals a seven-character-or-less password has been used.

LM hashes a password by padding it with blank spaces to make it 14 characters long, then splits it into two 7-character portions and hashes each independently. Because the LM hash of seven blank characters is always AAD3B435B51404EE, the hash indicates that the user used a password with seven or fewer characters. Because CEH recommends that a password include at least eight characters and be difficult, and expire after 30 days, the user is not following a good policy.

On a Windows 7 system, where is the SAM file stored?

C:\Windows\System32\Config\

On most Windows PCs, the SAM file is located in the following folder: WindowsSystem32Config is located in C:\Windows\System32\Config\.

The best defines a hybrid attack is which of the following?

The attack uses a dictionary list, substituting letters, numbers, and characters in the words until the password is cracked.

The hybrid assault takes any ordinary dictionary list and amplifies it somewhat. In an attempt to break passwords, it will replace numbers for letters, insert a character or two, and generate different hybrid versions of your word list.

The best definition of steganography is which of the following?

Steganography is used to hide information within existing files.

Steganography is a technique for concealing data in files until it is needed. Although picture and video files are generally connected with steganography, information may be buried in virtually any file.

Which authentication measure best describes in the situation that a user on Joe’s network does not need to remember a long password and users on Joe’s network log in using a token and a four-digit PIN?

Two-factor authentication

Because Joe's customers request both something they have (the token) and something they know (the PIN), this is known as two-factor authentication.

Which password theft method is almost always successful, requires little technical knowledge, and is nearly impossible to detect?

Installing a hardware keylogger

Questions on hardware keyloggers will almost always reference the fact that they’re nearly impossible to detect. Unless the user notices them or you have dedicated security staff watching for them, these are foolproof, easy to install, and great tools to use. They are usually small devices connected between the keyboard cable and the computer that simply capture all keystrokes going by. Install one day and just wait— when you pick it up, it will be filled with all the access information you need. Just remember that the hardest part of using a hardware keylogger is the physical access required to install it: They’re not remote access, introvert-friendly, work-in-the-shadows tools, so you’ll have to actually get next to a system to put it into action.

Which of the following is the correct command to execute the file in the situation that an attacker has hidden badfile.exe in the readme.txt file?

start readme.txt:badfile.exe

“Start the executable badfile.exe that is hidden in the readme.txt file,” states the command start readme.txt:badfile.exe. In other versions of this question, the bad person might build a link and execute it by merely inputting the link's name (for example, mklink innocent.exe readme.txt:badfile.exe would create a link and the bad file could be executed simply by typing innocent).

What order, from bottom to top, does the TCP/IP architecture use?

Network interface, Internet, Transport, Application

TCPIP stack: Network interface, Internet, Transport, Application