The practice exams - possible errors in the answers

obs1obs1 Member Posts: 1 ■□□□□□□□□□
in CHFI
Dear all -

I tried out the practice exams and I don't agree with the following answers for the following questions.

Question:
18. You almost have your Linux machine up and running, but you need to install one last program before finishing. You run 'tar -xzvf', which creates a directory called 'New Program'. In this directory, you perform the list command and among the files, you notice that the directory contains a file called 'configure'. Which of the following commands would you use to correctly compile the program? (Choose all that apply.)

a. make
b. ./configure
c. make install
d. compile

Answer(s): a. make
b. ./configure
c. make install

My argument:
The answer is incorrect because "make install" doesn't compile the code but rather just installs the binaries and shared files to their correct location.

Question:
12. You are the administrator for a network. An employee comes to you and says that they were checking their email and something strange happened. They were navigating their Inbox when they came to an email that opened in the preview pane. When this happened, they saw a brief popup and their hard drive light began flashing. Based on this information, which type of attack has most likely taken place?

a. XSS
b. Buffer Overflow
c. Hidden field manipulation
d. Preview Pane exploit

Answer(s): a. XSS

My argument:
The question gives me the impression that the employee is making use of an email client because of the preview pane. I understand that OWA has a preview pane as well and that's all web based. However, is usually the case that XSS affects web services rather than mail. Anyway .. other than that there's the brief popup which rarely happens when an XSS occurs, and then there's the flashing hard drive. XSS doesn't usually lead to client compromise - i.e. no arbitrary code is executed on the client side (except for javascript which is run with limited privilages) - therefore no flashing hard drives.

I chose buffer overflow because it sounded much more plausible.

What do you guys think?
· Share on FacebookShare on Twitter

Comments

  • milliampmilliamp Member Posts: 135
    I see your point on the first question. It asked what is required to /correctly compile/, which would require ./configure and make, at which point you have completed the compile process and "make install" is not necessarily required.

    If the questions said chose three I'd say you are wrong, but since it didn't give a number, selecting just ./configure and make is technically a correct answer.

    I would even say more correct because the question didn't say "correctly compile and install".

    It is nitpicking perhaps, but I have missed questions on lesser technicalities than that.

    For the other one, it could be using a cross site scripting vuln to execute an ActiveX control in your trusted zone for instance. XSS is probably the best (or at least most obvious) answer to that question.
    · Share on FacebookShare on Twitter
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    I agree with you on the first Q too. The only thing to consider is that it started out as saying " but you need to install one last program before finishing". Granted, that wasn't what was asked at the end, but it's probably what they meant.
    All things are possible, only believe.
    · Share on FacebookShare on Twitter
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Yes, I'm sure the author (/usr in this case) meant correctly compile 'and' install as the task at hand is afterall installing the app. But since it's indeed not entirely accurate because of that way the questions is phrased I'll update it... done.

    As for the second one, I bet the reference to the official CEH guide would clear it up and explain why it is the most obvious answer. And you do have the official CEH stuff right? icon_wink.gif

    Thanks for the feedback!
    LinkedIn - FaceBook
    · Share on FacebookShare on Twitter
  • JDMurrayJDMurray Admin Posts: 13,091 Admin
    The second question is probably referring to email clients that render email using a Web browser interface. The most common example of this is how Outlook Express renders email using Internet Explorer. Because the viewing and preview panes in OE are actually IE browser windows, anything HTML that can run in IE on that computer can also run in HTML email in OE. With IE, this may include ActiveX controls and scripts.
    Forum Admin at www.techexams.net
    --
    Credly
    LinkedIn
    Twitter
    · Share on FacebookShare on Twitter
  • supertechCETmasupertechCETma Member Posts: 377
    Microsoft patched the Outlook Express preview pane exploit years ago. People who don't patch their systems aren't protected.

    Outlook doesn't allow people to run executables from within Outlook unless the people themselves allow Outlook to do so. Same goes for scripts. icon_cool.gif
    Electronic Technicians Association-International www.eta-i.org
    The Fiber Optic Association www.thefoa.org
    Home Acoustics Alliance® http://www.homeacoustics.net/
    Imaging Science Foundation http://www.imagingscience.com/
    · Share on FacebookShare on Twitter
  • JDMurrayJDMurray Admin Posts: 13,091 Admin
    supertechCETma wrote:
    Outlook doesn't allow people to run executables from within Outlook unless the people themselves allow Outlook to do so. Same goes for scripts. icon_cool.gif
    The key is the security settings for IE. Whatever you allow to run in IE can also run in OE.
    Forum Admin at www.techexams.net
    --
    Credly
    LinkedIn
    Twitter
    · Share on FacebookShare on Twitter
Sign In or Register to comment.