Practice Exams Other than Boson

IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
Any CEH v8 practice exams that people recommend other than the Boson exam?

I tried the Boson demo and I was not impressed with how many of the demo questions where not related to CEH material.
Questions about stopping cars going through store windows, about the OSSTMM, about port 514 and about Windows Server 2012 sc query syntax.

port 514 and Windows Server 2012 syntax I have not seen mentioned in the CEH v8 material i have read.

I have completed the CEH v8 5 day training.
Read the CEH v7 Matt Walker book twice.
Skimmed through the CEH v8 Matt Walker Book
Did the VTC CEH v8 training videos and practice exam (which i scored 89%).
Watched the first 15 CBT CEH v8 nuggets.


Looking to take a couple practice exams. The Boson demo exam has done nothing but make me nervous about taking the test and has be researching bollards.

Comments

  • thehayn1thehayn1 Member Posts: 46 ■■□□□□□□□□
    I'll tell you right now:

    cbt Nuggets=Garbage
    Hit up the disc that came with All in One book (vicon_cool.gif
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    I've ordered the CEH Certified Ethical Hacker Practice Exams, Second Edition
    I didn't buy the bundle with this included.

    I think these practice test should prepare me well for the exam.
    A little nervous about the test mostly due to the cost. At this point i feel like I know the material and am even able to pick out incorrect/bad questions/answers.

    Like:
    29. Which switch causes the netcat Trojan to listen on a specific inbound port?
    A. e
    B. l
    C. p
    D. d
    Answer: B

    I actually answered c (-p) and then was like no i've seen -p used to open a port.
    -l Used to specify that nc should listen for an incoming connection
    rather than initiate a connection to a remote host. It is an
    error to use this option in conjunction with the -p, -s, or -z
    options. Additionally, any timeouts specified with the -w option
    are ignored.
    -p source_port
    Specifies the source port nc should use, subject to privilege
    restrictions and availability. It is an error to use this option
    in conjunction with the -l option.

    30. A __________Trojan uses a victim’s host machine to act as an attacker
    A. Proxy
    B. Botnet
    C. Zombie
    D. Remote access
    Answer: A

    I guessed B i felt this was a bad question. A botnet is a group of infected machines used to attack. A Zombie is what you call machine in a botnet. RATs could be used in attacks but are generally used to access the infected machine.
    Proxy is wront as per my research: This type of trojan allows unauthorized parties to use the infected computer as a proxy server to access the Internet anonymously.
    A type of Trojan horse designed to use the victim's computer as a proxy server. This gives the attacker the opportunity to do everything from your computer, including the possibility of conducting credit card fraud and other illegal activities, or even to use your system to launch malicious attacks against other networks.


    35. All of the following are characteristics of worms, EXCEPT:
    A. Corrupts executable programs
    B. Self-replicating
    C. Does not modify programs
    D. Easily removed
    Answer: A

    I guessed D. Answers like this seem subjective. I've experienced the removal of worms on networked machine only to be reinfected by other infected machines on the network.
    A is not correct but i made the note for the exam "Usually it doesn’t alter files, but it
    resides in active memory and duplicates itself, eating up resources and wreaking havoc along the way."

    50. All of the following are defenses against DoS attacks EXCEPT:
    A. Packet filtering
    B. Dropping HTTP packets at the firewall
    C. TCP/IP stack hardening
    D. In-line IDS
    Answer: B

    I guessed D. Detection is not a defence.

    98. What is the most critical element in the planning phase of a penetration test?
    A. Scope and schedule
    B. Permission to test from the system owner
    C. Personnel assignments
    D. Equipment list
    Answer: C

    I was a little stumped on this one. I don't recall seeing much about the planning phase of a pen test.
    I guessed B. Looking back in the Matt walker book I still don't see any reference to the planning phase.

    These questions are from a practice exam.
    On only got 14 of 125 wrong. I feel like i am over studying at this point, know too much and am looking more into the questions then i should.
  • thehayn1thehayn1 Member Posts: 46 ■■□□□□□□□□
    Yeah the tough part about the test is that, only like 10 questions are verbatim. Like you won't be able to find a definitive, verbatim answer in any of the reding. when are you testing?
  • thehayn1thehayn1 Member Posts: 46 ■■□□□□□□□□
    Shoot me a private message I have some materials that will help that I can email you
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    I am taking the test next Friday the 20th.

    I got the Matt Walker Practice book today.
    Just finished the pre assessment test.
    I got 46 out of 55 in 40 minutes (pre assessment test said to take up to 1 hour 45 minutes)

    The book says:
    1-25 buy the all in one book 2nd edition and study alot
    26-37 buy the all in one book 2nd edition and study in the areas
    38-58 do the practice test to mentally prepare for the exam.

    I'm feeling pretty good now about how prepared i am.

    out of the 9 that I got wrong there was a bad/wrong question
    Question was which is a standard symmetric crypto standard
    A. AES B. PKI C. RSA D. 3DES

    Now I knew AES and 3DES are symmetric. And I also knew that AES is the American government standard so I picked A. AES
    The book answer said D. 3DES is symmetric the others are all asymmetric in nature.
    So then i go WTF am i miss understanding something and start researching
    "AES has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES),[8] which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data."


    I hope the real test answers are vetted better. Really it does't matter all I care about is passing. From reading around here sounds like doing too good might be bad, Audit haha.
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    I am taking the test next Friday the 20th.


    I got the Matt Walker Practice book today.
    Just finished the pre assessment test.
    I got 46 out of 55 in 40 minutes (pre assessment test said to take up to 1 hour 45 minutes)


    The book says:
    1-25 buy the all in one book 2nd edition and study alot
    26-37 buy the all in one book 2nd edition and study in the areas
    38-58 do the practice test to mentally prepare for the exam.


    I'm feeling pretty good now about how prepared i am.


    out of the 9 that I got wrong there was a bad/wrong question
    Question was which is a standard symmetric crypto standard
    A. AES B. PKI C. RSA D. 3DES


    Now I knew AES and 3DES are symmetric. And I also knew that AES is the American government standard so I picked A. AES
    The book answer said D. 3DES is symmetric the others are all asymmetric in nature.
    So then i go WTF am i miss understanding something and start researching
    "AES has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES),[8] which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data."




    I hope the real test answers are vetted better. Really it does't matter all I care about is passing. From reading around here sounds like doing too good might be bad, Audit haha.
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    thehayn1 wrote: »
    Shoot me a private message I have some materials that will help that I can email you

    PM are not working for me yet.
  • emerald_octaneemerald_octane Member Posts: 613
    As a CEH who can't break NDA, the boson material is worth the price of admission.

    Keep in mind that EC-Council uses the Boson test engine for their iClass participants, so the questions belong to EC-Council.
    For my personal study I rate materials as such:

    1) Official iClass 5Day
    2) Boson Test
    3) Walker Book
    4) Walker Practice
    5) Gregg Book (stay far away from this one)

    Before anyone gets upset, I realize that the Walker book is the gold standard study material and it's an excellent resource, no doubt. However if you can parse through the depth of the iClass material then it should be able to serve as a sole resource with the Walker book serving as reinforcement (likewise, the book can serve as the primary and using another source as supplement). However the Boson material was the difference between pass/fail for me, because the questions and their included explanations .
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    However the Boson material was the difference between pass/fail for me, because the questions and their included explanations .

    I just did the demo, so maybe the real thing is better ***you would think they would tailor the demo though for ppl like me looking to purchase a sample exam.
    The boson demo even says the questions where pulled from non CEH related books. Seems to me the boson system has a library of questions/answers and those Q/A have meta data in them saying for example they are part of physical security or well know port numbers. Then you do an exam like CEH that has physical security questions and well know port numbers as part of its meta data. Next thing you know you are getting questions on stopping cars with bollards and ports not so well known (at least in regards to the CEH objectives).

    Seems like Boson would therefore cover way more then you would need (nothing wrong with that i guess).

    Surprised to hear you saying that Boson was the difference for you from failing and passing the test.

    At this point i think i'm over studying. I feel i have a very good understanding of the logic in why things work they way the work. I just got a question/answer in the Walker practice book telling me in an XMAS scan no response means the port is closed. Ack is the only scan that gets no response from a closed port so that sent me back looking at the book and google.
  • Arnie335Arnie335 Member Posts: 63 ■■□□□□□□□□
    How did the exam go, IronMan?
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    Arnie335 wrote: »
    How did the exam go, IronMan?

    I passed. I thought it was pretty tough. I didn't use the Boson practice tests.

    I posted my thoughts here:
    http://www.techexams.net/forums/ec-council-ceh-chfi/109333-ceh-passed-my-thought-where-do-i-go-here.html
  • Arnie335Arnie335 Member Posts: 63 ■■□□□□□□□□
    IronmanX wrote: »
    I passed. I thought it was pretty tough. I didn't use the Boson practice tests.

    I posted my thoughts here:
    http://www.techexams.net/forums/ec-council-ceh-chfi/109333-ceh-passed-my-thought-where-do-i-go-here.html

    Congrats on the pass!

    I myself am a little nervous about this exam (have around 2 years of full time InfoSec experience, mostly patch and vuln management). Luckily, some of the material is review from the SSCP stuff I studied last year but nonetheless there is a LOT to know and memorize [My brain doesn't retain stuff easily, unfortunately]. I'm reviewing the Matt Walker AIO for a second time and also practicing the AIO/Boson questions. Hoping these training methods with some Googling, YouTube and Cybrary videos should be enough to pass my exam which is scheduled for July 27...
Sign In or Register to comment.