CEH Certified Ethical Hacker Practice

Exams, 5th Edition Matt Walker - eBook

PDF
Go to download the full and correct content document:
https://ebooksecure.com/download/ceh-certified-ethical-hacker-practice-exams-5th-e
dition-ebook-pdf/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

CEH Certified Ethical Hacker All-in-One Exam Guide 4th

Edition (eBook PDF)

http://ebooksecure.com/product/ceh-certified-ethical-hacker-all-
in-one-exam-guide-4th-edition-ebook-pdf/

(eBook PDF) Physics 5th Edition by James S. Walker

http://ebooksecure.com/product/ebook-pdf-physics-5th-edition-by-
james-s-walker/

CISSP Practice Exams, Fourth Edition Shon Harris -

eBook PDF

https://ebooksecure.com/download/cissp-practice-exams-fourth-
edition-ebook-pdf/

(eBook PDF) Housekeeping Management 2nd Edition by Matt

A. Casado

http://ebooksecure.com/product/ebook-pdf-housekeeping-
management-2nd-edition-by-matt-a-casado/
(eBook PDF) Legal and Ethical Issues for Health
Professionals 5th Edition

http://ebooksecure.com/product/ebook-pdf-legal-and-ethical-
issues-for-health-professionals-5th-edition/

(eBook PDF) Legal and Ethical Aspects of Health

Information Management 5th Edition

http://ebooksecure.com/product/ebook-pdf-legal-and-ethical-
aspects-of-health-information-management-5th-edition/

(eBook PDF) Rules for Writers 9th Edition by Diana

Hacker

http://ebooksecure.com/product/ebook-pdf-rules-for-writers-9th-
edition-by-diana-hacker/

(eBook PDF) The Bedford Handbook 10th Edition by Diana

Hacker

http://ebooksecure.com/product/ebook-pdf-the-bedford-
handbook-10th-edition-by-diana-hacker/

(eBook PDF) Hacker Techniques, Tools, and Incident

Handling 3rd Edition

http://ebooksecure.com/product/ebook-pdf-hacker-techniques-tools-
and-incident-handling-3rd-edition/
 CEH
™

Certified Ethical Hacker

Practice Exams
Fifth Edition
 ABOUT THE AUTHOR

Matt Walker is currently working multiple contracts in cyber security and network management.
An IT security and education professional for more than 20 years, he has served as the director of
the Network Training Center and a curriculum lead/senior instructor for Cisco Networking Acad-
emy on Ramstein AB, Germany, and as a network engineer for NASA’s Secure Network Systems
(NSS), designing and maintaining secured data, voice, and video networking for the agency. Matt
also worked as an instructor supervisor and senior instructor at Dynetics, Inc., in Huntsville, Ala-
bama, providing on-site certification-awarding classes for (ISC)2, Cisco, and CompTIA, and after
two years came right back to NASA as an IT security manager for UNITeS, SAIC, at Marshall
Space Flight Center. He has written and contributed to numerous technical training books for
NASA, Air Education and Training Command, and the U.S. Air Force, as well as commercially,
and he continues to train and write certification and college-level IT and IA security courses.

About the Technical Editor

Brad Horton currently works as an intelligence specialist with the U.S. Department of Defense.
Brad has worked as a security engineer, commercial security consultant, penetration tester, and
information systems researcher in both the private and public sectors. This has included work with
several defense contractors, including General Dynamics C4S, SAIC, and Dynetics, Inc. Brad
currently holds the Certified Information Systems Security Professional (CISSP), the CISSP–
Information Systems Security Management Professional (CISSP-ISSMP), the Certified Ethical
Hacker (CEH), and the Certified Information Systems Auditor (CISA) trade certifications. Brad
holds a bachelor’s degree in commerce and business administration from the University of Ala-
bama, a master’s degree in management of information systems from the University of Alabama
in Huntsville (UAH), and a graduate certificate in information assurance from UAH. When not
hacking, Brad can be found at home with his family or on a local golf course.
 CEH
™

Certified Ethical Hacker

Practice Exams
Fifth Edition

Matt Walker

New York Chicago San Francisco

Athens London Madrid Mexico City
Milan New Delhi Singapore Sydney Toronto

McGraw Hill is an independent entity from the International Council of E-Commerce Consultants® (EC-Council) and is not
affiliated with EC-Council in any manner. This study/training guide and/or material is not sponsored by, endorsed by, or affili-
ated with EC-Council in any manner. This publication and accompanying media may be used in assisting students to prepare
for the Certified Ethical Hacker (CEH™) exam. Neither EC-Council nor McGraw Hill warrants that use of this publication and
accompanying media will ensure passing any exam. CEH is a trademark or registered trademark of EC-Council in the United
States and certain other countries. All other trademarks are trademarks of their respective owners.
Copyright © 2022 by McGraw Hill. All rights reserved. Except as permitted under the United States Copyright Act of 1976, no
part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system,
without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and
executed in a computer system, but they may not be reproduced for publication.

ISBN: 978-1-26-426997-6
MHID: 1-26-426997-8

The material in this eBook also appears in the print version of this title: ISBN: 978-1-26-426996-9,
MHID: 1-26-426996-X.

eBook conversion by codeMantra

Version 1.0

All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trade-
marked name, we use names in an editorial fashion only, and to the benet of the trademark owner, with no intention of infringe-
ment of the trademark. Where such designations appear in this book, they have been printed with initial caps.

McGraw-Hill Education eBooks are available at special quantity discounts to use as premiums and sales promotions or for use in
corporate training programs. To contact a representative, please visit the Contact Us page at www.mhprofessional.com.

TERMS OF USE

This is a copyrighted work and McGraw-Hill Education and its licensors reserve all rights in and to the work. Use of this work
is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the
work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit,
distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill Education’s prior consent. You
may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to
use the work may be terminated if you fail to comply with these terms.

THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION AND ITS LICENSORS MAKE NO GUARANTEES
OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED
FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA
HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUD-
ING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE. McGraw-Hill Education and its licensors do not warrant or guarantee that the functions contained in the work will
meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill Education nor its licensors
shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages
resulting therefrom. McGraw-Hill Education has no responsibility for the content of any information accessed through the work.
Under no circumstances shall McGraw-Hill Education and/or its licensors be liable for any indirect, incidental, special, punitive,
consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of
the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or
cause arises in contract, tort or otherwise.
 I dedicate this book to my father, Ronald Walker (1947–2008).
He was the best man I’ve ever met, and second place isn’t even close.
I miss you, Dad.

—Matthew Walker
This page intentionally left blank
 CONTENTS AT A GLANCE

Chapter 1 Getting Started: Essential Knowledge ........................... 1

Chapter 2 Reconnaissance: Inormation

Gathering or the Ethical Hacker ............................. 29

Chapter 3 Scanning and Enumeration ..................................... 57

Chapter 4 Snifng and Evasion ........................................... 85

Chapter 5 Attacking a System ............................................ 111

Chapter 6 Web-Based Hacking: Servers and Applications .................. 137

Chapter 7 Wireless Network Hacking .................................... 165

Chapter 8 Mobile Communications and the IoT ........................... 187

Chapter 9 Security in Cloud Computing .................................. 207

Chapter 10 Trojans and Other Attacks ..................................... 227

Chapter 11 Cryptography 101 ............................................ 253

Chapter 12 Low Tech: Social Engineering and Physical Security .............. 279

Chapter 13 The Pen Test: Putting It All Together ........................... 305

Appendix About the Online Content ..................................... 331

vii
This page intentionally left blank
 CONTENTS

Acknowledgments ................................................... xi
Introduction ........................................................ xiii

Chapter 1 Getting Started: Essential Knowledge ........................... 1

Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Quick Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Chapter 2 Reconnaissance: Inormation

Gathering or the Ethical Hacker ............................. 29
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Quick Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Chapter 3 Scanning and Enumeration ..................................... 57

Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Quick Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Chapter 4 Snifng and Evasion ........................................... 85

Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Quick Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Chapter 5 Attacking a System ............................................ 111

Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Quick Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Chapter 6 Web-Based Hacking: Servers and Applications .................. 137

Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Quick Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Chapter 7 Wireless Network Hacking .................................... 165

Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Quick Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

ix
 Chapter 8 Mobile Communications and the IoT ........................... 187
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Quick Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Chapter 9 Security in Cloud Computing .................................. 207

Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Quick Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Chapter 10 Trojans and Other Attacks ..................................... 227

Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Quick Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Chapter 11 Cryptography 101 ............................................ 253

Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Quick Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Chapter 12 Low Tech: Social Engineering and Physical Security .............. 279
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Quick Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Chapter 13 The Pen Test: Putting It All Together ........................... 305

Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Quick Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

Appendix About the Online Content ..................................... 331

System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Your Total Seminars Training Hub Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Single User License Terms and Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
TotalTester Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

Contents
x
 ACKNOWLEDGMENTS

I, like most of you, used to hardly ever read the acknowledgments portion of a book. When I
bought a book, I just wanted to get to the meat of the thing and see what I could drag out of
it—either intellectually or entertainment-wise—and couldn’t give a care about what the author
thought about those who helped put it all together. Then, of all things, I wrote a book.
Now, I read the acknowledgments section of every book I purchase. Why? Because having gone
through the trials and tribulations of writing, editing, arguing, planning, researching, rewriting,
screaming at a monitor, and restarting the whole thing all over again, I understand why it’s so
important. I know what it means when the writer says they “couldn’t have done it without fill-
in-the-blank.” Trust me, if it’s written there, then the author truly means they couldn’t have done
it without them. My fill-in-the-blanks deserve more than just a mention in an acknowledgments
section, though, because they really did make it all possible, and I most assuredly couldn’t have
done it without them.
My undying gratitude and heartfelt thanks go out to the entire team at McGraw Hill. Tim
Green originally roped me into this several years back, and without him I would have never even
thought of it. Caitlin Cromley-Linn and Lisa McClain provided the firm guidance that every
author needs to finish a product like this (okay, maybe not every author, but I sure needed it),
displayed the patience of Job, and had a great sense of humor during the whole ordeal. They
both deserve a vacation somewhere warm and beachy—I’ll get the first round of cold adult
beverages. Once again, thanks to everyone at McGraw Hill for providing me with the chance to
do something I dearly love, and for your patience with me in putting this all together.
Lastly, I can’t thank the technical editor, Brad Horton, enough. Brad makes a difficult
process—technically scrubbing everything to make sure it’s all in good order—not only bearable
but downright fun. His edits were spot on and were always designed to make this project the
absolute best it could be. He not only pointed out corrections when I messed something up but
added immeasurably to the real-world aspects of this book. I simply could not, would not, have
done this without him. It’s an honor to work with him and a great blessing in my life to call him
a friend.

xi
This page intentionally left blank
 INTRODUCTION

Hello and welcome to the practice exams for Certified Ethical Hacker (CEH), now in
version 11. If you’re the proud owner of previous editions of this book or its companion book,
CEH™ Certified Ethical Hacker All-in-One Exam Guide, Fifth Edition, welcome back! If not and
you’re just picking this book up for the first time to see whether it’s for you, settle in for a moment
and let’s cover a few really important items.
Some of you may be curious about what a “hacking” study guide looks like, or you may be
thinking about attempting a new certification or career choice. Some of you may have already
taken that decisive leap and started down the path, and are now looking for the next resource to
help you along the journey. And some of you reading this may even be simply looking for some
credentials for your career—most in this group are true professionals who already know how to do
this job and are just finally ready to get the certification knocked out, while a small few are simply
looking for a résumé bullet (one more certification you can put on your e-mail signature line to
impress others).
Regardless of where you stand in your career or your desire for this certification, there are a
couple of things I need to clear the air about before you commit to purchasing and reading this
book. First (before I get to the bad stuff ), I firmly believe this book will assist you in attaining your
CEH certification. The entire team involved in this effort has spent a lot of time, energy, thought,
research, and bourbon on producing what we think is the best companion resource guide on the
market. I’m proud of it and proud to have been associated with the professionals who helped put
it together.
That said, if you’re looking for a silver bullet—a virtual copy of the exam so you can simply
memorize, go take the test, and forget about it—please stop reading now and go take your chances
elsewhere. Part of the ethics of attaining, and maintaining, a CEH credential is the nondisclosure
agreement all candidates sign before attempting the exam. I, and everyone else involved in this
project, have taken great pains to provide you with examples of questions designed to test your
knowledge of the subject at hand, not to provide you with questions to memorize. Those who
are looking for that, and use that method to attain the certification, belittle and cheapen the hard
work the community puts into this, and I would be sickened to know of anyone using this work
for that purpose.
If you want to pass this exam and have the respect and benefits that come along with holding
the certification, you better know how to do the job. The memorization/test-taking junkies out
there may get an interview or two with this certification on their résumé, but trust me, they’ll
be discovered as frauds before they ever get to round 2. This community knows the difference
between a contender and a pretender, so don’t try to take shortcuts. Learn the material. Become
an expert in it. Then go take the exam. If you’re not willing to put in the effort, maybe you should
pick up another line of work—like professional dodge ball player or pharmaceutical test subject.
To quote a really bad but totally awesome 1980s movie, “There’s always barber college.”

xiii
 With all that out of the way—and now that I’m talking to the real candidates for this
certification—once again I firmly believe this book will help you in your attempt to attain the
certification. As always, however, I must provide a word of caution: relying on a single book—any
single book—to pass this exam is a recipe for disaster. Yes, this is a great resource, and you should
definitely buy it (right now—don’t wait!). However, you simply will not pass this exam without the
time and benefit that can come only from experience. As a matter of fact, EC-Council requires
candidates sitting for the exam to have at least two years of IT security–related experience. Bolster
your study in this book with practice, practice, and more practice. You’ll thank me for it later.
Lastly, keep in mind this certification isn’t a walk in the park. CEH didn’t gain the reputation
and value it has by being easy to attain. Its worth has elevated it as one of the top certifications
a technician can attain and is now part of DoD 8570’s call for certification on DoD networks.
In short, this certification actually means something to employers because they know the effort it
takes to attain it.
The exam itself is a four-hour, 125-question grueling marathon that will leave you exhausted
when you click the Finish button. EC-Council offers a handbook (as of this writing, located at
https://cert.eccouncil.org/images/doc/CEH-Handbook-v5.pdf ) that provides all you’ll need to
know about qualifications, content, and other information about the exam and certification. I’ve
included some highlights in the following sections, detailing the exam and what you’ll need.

Training and Preparation

There are two ways for a candidate to attain CEH certification: with training and using only self-
study. Per the EC-Council site (https://iclass.eccouncil.org/learning-options/), training options
include the following:

• MasterClass Live Online This is a “live, online, instructor-led training course, which
means you can attend a course with a live instructor from anywhere with an internet
connection.” Also, per the site: “Our Virtual Classroom training combines our live,
virtual cyber range, real-world instructors, content, exercises and peer collaboration to
give you the best chance at certification and the biggest return on your investment.”
• MasterClass In Person This is exactly what it sounds like: a class provided by an
affiliate in cities throughout North America. The site describes this training option
as follows: “Instructor-led training in your own town is offered to provide you world
class instruction conveniently located in your backyard, and since the course is live,
you will collaborate with your peers and gain real-world skills while receiving in-person
instruction and interaction.”
• Self-Paced Directly from the site, this solution is “an asynchronous, self-study
environment which delivers EC-Council’s sought after IT Security training courses,
such as CEH, in a streaming video format. All lectures are delivered by a professional
practitioner to assure a real-world perspective on the course concepts…and provides
the benefits of classroom training at your own pace.” This also comes with the official
courseware via Aspen as well as six months of access to iLabs (EC-Council’s virtual lab
platform).

Introduction
xiv
 • Certification Club For one U.S. dollar short of $3,000, you can join the iClass
Club, where you’ll “receive one full certification course as well as unlimited EC-Council
certification courses for only $499 during the subscription year and you decide whether
to train in either live online or self-paced online format, or even mix and match.”
In short, you’ll have access to a wide range of videos and training materials from
EC-Council, and can mix and match whatever training methods over however long
a timeframe you wish.
• Textbook Learning (self-study) If you want to study on your own and don’t care
about the class at all (that is, you’ve been doing this for a while and don’t see the value
of going to a class to have someone teach you what you already know), you can simply
buy the courseware (for $877 as of this writing) and study on your own. There are all the
necessary hoops and hurdles to step through to qualify for the exam, but EC-Council is
certainly happy to sell you their official curriculum and let you take your own chances.

The Examination
For this version, EC-Council retains the exam scoring methods and mechanisms (https://www
.eccouncil.org/programs/certified-ethical-hacker-ceh/) from the last version. The content itself
hasn’t changed much, other than new content we’ve covered in this book; however, the method to
tabulate whether or not you pass the exam definitely has.
The exam is a four-hour, computer-based proctored test (in other words, it’s taken in person
at an authorized testing facility) that allows you to skip and mark questions to revisit at the end
of each section. FAQs regarding the exam itself are updated continually and are located at https://
cert.eccouncil.org/faq.html. Your exam score is tabulated immediately after completion, so be
sure to review everything before clicking Finish. Unlike previous versions, however, there is no
cut-and-dry number of questions you need to get right and no score you need to attain. Whereas
in versions previous you needed to answer 70 percent of the questions correctly, you now need to
attain the appropriate “cut score” for your particular test bank. I know, I know—you’re wondering
what that means. I did, too, so I read up on it for you (you’re welcome).
CEH is provided to candidates as a series of multiple-test blocks of questions—in other words,
a candidate sitting on the left side of the room might get questions from block 1, while someone
on the right side might get questions from block 2 (or block 3, block 4, and so on). EC-Council
refers to these question banks as “forms” and has calculated a passing score based on the difficulty
rating of each block. Should you sit down and randomly get assigned an easy form, you’ll have
to score upward of 85 percent to pass; a hard one, and you’ll only need 60 percent. See? Isn’t that
fun and easy?
Lastly, I found this little nugget of information very enlightening and wanted to include it here
both to inform you and to validate something I’ve been saying for years now (in previous versions
of these books, as well as in this one): EC-Council openly admits their exam content and creation
are performed separately from course and curriculum content creation. This means the people
creating the test questions don’t necessarily use the official course curriculum. In other words, you
can and will see questions on your exam that aren’t even mentioned in the courseware or in your
classroom—or, dare I say, in the study material you’re looking at here.

Introduction
xv
 To some of us, myself included, this seems odd. I mean, if you require folks to purchase
your courseware and/or sit for your specific training classes, you’d assume those would be the
key study materials for success on the exam—designed supposedly to validate your knowledge
and skills from aforementioned curriculum and training. EC-Council states it this way, however:
“All learning materials related to exams including EC-Council official courseware and trainings
are developed independently of exam content. This is because the exams are created to assess
competence when using the skills and knowledge, not the effectiveness of a specific courseware
or training.”
I include this here not to scare you off or to give you the impression that the courseware,
classrooms, or study guides aren’t valid, but to remind you, as I’ve said seemingly a billion times
now, not to rely on one source for your study. Build a lab. Practice. Get together with like-minded
folks and talk out issues you find in practicing with tools or taking practice exams. Trust me, you’ll
be better off for it.
Best of luck to you, dear reader. I sincerely hope your exam goes well for you and that your
career is filled with great experiences. Be honest, do a good job, and make every day and action
work toward a better world.

In This Book
I’ve organized this book so that each chapter consists of a battery of practice exam questions rep-
resenting part of the knowledge and skills you need to know to pass the Certified Ethical Hacker
exam. This book was designed to mirror the organization of CEH Certified Ethical Hacker All-in-
One Exam Guide, Fifth Edition, and it serves as an excellent companion.

Online Practice Exams

In addition to the practice questions included in this book, 250 practice questions are provided in
an electronic test engine. You can create custom exams by chapter, or you can take multiple timed,
full-length practice exams. For more information, please see the appendix.

Introduction
xvi
Tools, Sites, and References Disclaimer
All URLs listed in this book were current and live at the time of writing. McGraw Hill makes
no warranty as to the availability of these World Wide Web or Internet pages. McGraw Hill
has not reviewed or approved the accuracy of the contents of these pages and specifically
disclaims any warranties of merchantability or fitness for a particular purpose.

Introduction
xvii
This page intentionally left blank
 Getting Started:
Essential Knowledge
CHAPTER

1
This chapter includes questions from the following topics:
• Identify components of TCP/IP computer networking
• Understand basic elements of information security
• Understand incident management steps
• Identify fundamentals of security policies
• Identify essential terminology associated with ethical hacking
• Define ethical hacker and classifications of hackers
• Describe the five stages of ethical hacking
• Define the types of system attacks
• Identify laws, acts, and standards affecting IT security
• Identify Cyber Kill Chain methodology terms

In one of my earliest memories, I’m sitting at the table on Thanksgiving, staring lovingly at a hot
apple pie being sliced into pieces and doled out onto plates. I remember watching an ice cream
bowl chase the pie slices around the table, and each person scooping out delicious vanilla goodness
for the top of their pie. And I remember looking at that flaky crust and the sugary, syrupy insides
and thinking how great it was going to be when I got mine. But then I remember my mom look-
ing right at me and saying, “Looks good, doesn’t it? All you’ve got to do is finish your vegetables
and you can have some.”

I dearly love apple pie à la mode. It’s my favorite dessert on the planet—my ambrosia, if you
will. I love it so much that aggressively displacing toddlers out of my way to get to dessert nirvana
isn’t out of the question (okay, maybe just sternly threatening them, but you get the idea). But I
absolutely despised most of the veggies I was forced to eat as a kid. Greens, peas, carrots, asparagus?
Might as well have been kryptonite for Superman. Mom, why not just ask me to stab my eyes out
with a fork—or, worse yet, ask me to wear Auburn colors?
But when push came to shove, I ate the vegetables. Not because I liked them or because I
wanted to, but because I had to in order to get what I really wanted.

1
 Welcome to your veggie plate, dear reader. No, it’s not the exciting dessert you’re drooling
over—all those delicious hacking questions come later—but this is stuff you just have to get out
of the way first. The good news with this part of your exam is that this is the easy stuff. It’s almost
pure memorization and definitions—with no wacky formulas or script nuances to figure out. And
don’t worry, it’s not nearly as bad as you think it’s going to be. At least I’m not making you put
on blue and orange.

STUDY TIPS When it comes to studying this chapter, where mostly definitions
and rote memorization are all that is required for the exam, repetition is the
key. Tables with words on one side and corresponding definitions on the
other can be pretty effective—and don’t discount old-school flash cards
either. When studying, try to find some key words in each definition you can associate
with the term. That way, when you’re looking at a weird test question on the exam, a key
word will pop out and help provide the answer for you. And for goodness sake, please try
not to confuse the real world with the exam—trust what you get out of this book and your
other study material, and don’t read too much into the questions.
Some of the most confusing questions for you in this section will probably come from
security policies, laws and standards, and security control mechanisms. All these questions
can get really weird, and I’d love to offer help with them, but I can’t—you just have to
memorize the data. Especially when it comes to laws and standards questions, they will
sometimes be maddening. My best advice is to concentrate on key words and remember
that the process of elimination can sometimes be more helpful in narrowing the options
down to the correct answer than trying to memorize everything in the first place.
Also, and at the risk of generating derision from the “Thank you, Captain Obvious”
crowd, here’s another piece of advice I have for you: spend your time on the things you
don’t already know (trust me, I’m on to something here). Many exam prospects and
students spend way too much valuable time repeating portions they already know
instead of concentrating on the things they don’t. If you understand the definitions
regarding white hat and black hat, don’t bother reviewing them. Instead, spend your
time concentrating on areas that aren’t so “common sense” to you.
And, finally, keep in mind that this certification is provided by an international organization.
Therefore, you will sometimes see some fairly atrocious grammar on test questions here
and there, especially in this section of the exam. Don’t worry about it—just keep focused
on the main point of the question and look for your key words.

CEH Certified Ethical Hacker Practice Exams

2
 QUESTIONS

1. A security team is implementing various security controls across the organization. After
considering several configurations and applications, a final agreed-on set of security
controls is put into place; however, not all risks are mitigated by the controls. Of the
following, which is the next best step?
Q
A. Continue applying controls until all risk is eliminated.
B. Ignore any remaining risk as “best effort controlled.”
C. Ensure that any remaining risk is residual or low and accept the risk.
D. Remove all controls.
2. A Certified Ethical Hacker (CEH) follows a specific methodology for testing a system.
Which step comes after footprinting in the CEH methodology?
A. Scanning
B. Enumeration
C. Reconnaissance
D. Application attack
3. Your organization is planning for the future and is identifying the systems and processes
critical for their continued operation. Which of the following best describes this effort?
A. BCP
B. BIA
C. DRP
D. ALE
4. Which incident response (IR) phase is responsible for setting rules, identifying the
workforce and roles, and creating backup and test plans for the organization?
A. Preparation
B. Identification
C. Containment
D. Recovery
5. You’ve been hired as part of a pen test team. During the brief, you learn the client wants
the pen test attack to simulate a normal user who finds ways to elevate privileges and
create attacks. Which test type does the client want?
A. White box
B. Gray box
C. Black box
D. Hybrid

Chapter 1: Getting Started: Essential Knowledge

3
 6. Which of the following is defined as ensuring the enforcement of organizational security
policy does not rely on voluntary user compliance by assigning sensitivity labels on
information and comparing this to the level of security a user is operating at?
A. Mandatory access control
B. Authorized access control
C. Role-based access control
D. Discretionary access control
7. Which of the following statements is true regarding the TCP three-way handshake?
A. The recipient sets the initial sequence number in the second step.
B. The sender sets the initial sequence number in the third step.
C. When accepting the communications request, the recipient responds with an
acknowledgement and a randomly generated sequence number in the second step.
D. When accepting the communications request, the recipient responds with an
acknowledgement and a randomly generated sequence number in the third step.
8. Your network contains certain servers that typically fail once every five years. The total cost
of one of these servers is $1000. Server technicians are paid $40 per hour, and a typical
replacement requires two hours. Ten employees, earning an average of $20 per hour, rely
on these servers, and even one of them going down puts the whole group in a wait state
until it’s brought back up. Which of the following represents the ARO for a server?
A. $296
B. $1480
C. $1000
D. 0.20
9. An ethical hacker is given no prior knowledge of the network and has a specific framework
in which to work. The agreement specifies boundaries, nondisclosure agreements, and a
completion date definition. Which of the following statements is true?
A. A white hat is attempting a black-box test.
B. A white hat is attempting a white-box test.
C. A black hat is attempting a black-box test.
D. A black hat is attempting a gray-box test.
10. Which of the following is a detective control?
A. Audit trail
B. CONOPS
C. Procedure
D. Smartcard authentication
E. Process

CEH Certified Ethical Hacker Practice Exams

4
11. As part of a pen test on a U.S. government system, you discover files containing Social
Security numbers and other sensitive personally identifiable information (PII). You
are asked about controls placed on the dissemination of this information. Which of the
following acts should you check?
A. FISMA
B. Privacy Act
C. PATRIOT Act
D. Freedom of Information Act
12. In which step of the Cyber Kill Chain methodology would an adversary create a deliverable
malicious payload?
A. Command and Control (C2)
B. Weaponization
C. Installation
D. Exploitation
13. An organization’s leadership is concerned about social engineering and hires a company to
provide training for all employees. How is the organization handling the risk associated
with social engineering?
A. They are accepting the risk.
B. They are avoiding the risk.
C. They are mitigating the risk.
D. They are transferring the risk.
14. In which phase of the ethical hacking methodology would a hacker be expected to discover
available targets on a network?
A. Reconnaissance
B. Scanning and enumeration
C. Gaining access
D. Maintaining access
E. Covering tracks
15. Which of the following was created to protect shareholders and the general public from
corporate accounting errors and fraudulent practices as well as to improve the accuracy of
corporate disclosures?
A. GLBA
B. HIPAA
C. SOX
D. FITARA

Chapter 1: Getting Started: Essential Knowledge

5
 16. Which of the following best defines a logical or technical control?
A. Air conditioning
B. Security tokens
C. Fire alarms
D. Security policy
17. Which of the following was created to protect credit card data at rest and in transit in an
effort to reduce fraud?
A. TCSEC
B. Common Criteria
C. ISO 27002
D. PCI DSS
18. As part of the preparation phase for a pen test you are participating in, the client relays
their intent to discover security flaws and possible remediation. They seem particularly
concerned about internal threats from the user base. Which of the following best describes
the test type the client is looking for?
A. Gray box
B. Black box
C. White hat
D. Black hat
19. In which phase of the attack would a hacker set up and configure “zombie” machines?
A. Reconnaissance
B. Covering tracks
C. Gaining access
D. Maintaining access
20. Which of the following should not be included in a security policy?
A. Policy exceptions
B. Details on noncompliance disciplinary actions
C. Technical details and procedures
D. Supporting document references
21. Which of the following is best defined as a set of processes used to identify, analyze,
prioritize, and resolve security incidents?
A. Incident management
B. Vulnerability management
C. Change management
D. Patch management

CEH Certified Ethical Hacker Practice Exams

6
22. During an assessment, your pen test team discovers child porn on a system. Which of the
following is the appropriate response?
A. Continue testing and report findings at the out-brief.
B. Continue testing but report findings to the business owners.
C. Cease testing immediately and refuse to continue work for the client.
D. Cease testing immediately and contact authorities.
23. Which of the following best describes an intranet zone?
A. A zone with few heavy security restrictions
B. A highly secured zone, usually employing VLANs and encrypted communication
channels
C. A controlled buffer network between public and private networks
D. A very restricted zone with no users
24. A machine in your environment uses an open X-server to allow remote access. The
X-server access control is disabled, allowing connections from almost anywhere and with
little to no authentication measures. Which of the following are true statements regarding
this situation? (Choose all that apply.)
A. An external vulnerability can take advantage of the misconfigured X-server threat.
B. An external threat can take advantage of the misconfigured X-server vulnerability.
C. An internal vulnerability can take advantage of the misconfigured X-server threat.
D. An internal threat can take advantage of the misconfigured X-server vulnerability.
25. Which of the following best describes forensic evidence indicating a potential intrusion
or malicious activity?
A. TTP
B. IOC
C. APT
D. ABI

Chapter 1: Getting Started: Essential Knowledge

7
 QUICK ANSWER KEY

1. C 10. A 19. D
2. A 11. B 20. C
3. B 12. B 21. A
4. A 13. C 22. D
5. B 14. B 23. A
6. A 15. C 24. B, D
7. C 16. B 25. B
8. D 17. D
9. A 18. A

CEH Certified Ethical Hacker Practice Exams

8
 ANSWERS

1. A security team is implementing various security controls across the organization. After
considering several configurations and applications, a final agreed-on set of security
controls is put into place; however, not all risks are mitigated by the controls. Of the
following, which is the next best step?
A
A. Continue applying controls until all risk is eliminated.
B. Ignore any remaining risk as “best effort controlled.”
C. Ensure that any remaining risk is residual or low and accept the risk.
D. Remove all controls.
☑ C. Remember at the beginning of this chapter when I said the process of elimination
may be your best bet in some cases? Well, even if you aren’t well-versed in risk
management and security control efforts, you could narrow this down to the correct
answer. It is impossible to remove all risk from any system and still have it usable. I’m
certain there are exceptions to this rule (maybe super-secret machines in underground
vaults buried deep within the earth, running on geothermal-powered batteries,
without any network access at all and controlled by a single operator who hasn’t seen
daylight in many years), but in general the goal of security teams has always been to
reduce risk to an acceptable level.
☐
✗ A is incorrect because, as I just mentioned, it’s impossible to reduce risk to absolute
zero and still have a functional system. CEH Certified Ethical Hacker All-in-One Exam
Guide, Fifth Edition, discusses the Security, Functionality, and Usability triangle,
where as you move toward more security, you move further away from functionality
and usability.
☐
✗ B is incorrect because it’s just silly. If you’re a security professional and your
response to a risk—any risk—is to ignore it, I can promise you won’t be employed
for long. Sure, you can point out that it’s low or residual and that the chance for
actual exploitation is next to nonexistent, but you can’t ignore it. Best effort is for
kindergarten trophies and IP packet delivery.
☐
✗ D is incorrect because removing all controls is worse than ignoring the risk. If you
remove everything, then all risks remain. Remember, the objective is to balance your
security controls to cover as much risk as possible while leaving the system as usable
and functional as possible.
2. A Certified Ethical Hacker (CEH) follows a specific methodology for testing a system.
Which step comes after footprinting in the CEH methodology?
A. Scanning
B. Enumeration
C. Reconnaissance
D. Application attack

Chapter 1: Getting Started: Essential Knowledge

9
 ☑ A. CEH methodology is laid out this way: reconnaissance (footprinting), scanning
and enumeration, gaining access, escalating privileges, maintaining access, and
covering tracks. While you may be groaning about scanning and enumeration
both appearing as answers, they’re placed here in this way on purpose. This exam
is not only testing your rote memorization of the methodology but also how the
methodology actually works. Remember, after scoping out the recon on your target,
your next step is to scan it. After all, you have to know what targets are there first
before enumerating information about them.
☐
✗ B is incorrect because, although it is mentioned as part of step 2, it’s actually
secondary to scanning. Enumerating is used to gather more in-depth information
about a target you already discovered by scanning. Things you might discover in
scanning are IPs that respond to a ping. In enumerating each “live” IP, you might
find open shares, user account information, and other goodies.
☐
✗ C is incorrect because reconnaissance and footprinting are interchangeable in CEH
parlance. An argument can be made that footprinting is a specific portion of an
overall recon effort; however, in all CEH documentation, these terms are used
interchangeably.
☐
✗ D is incorrect because it references an attack. As usual, there’s almost always one
answer you can throw out right away, and this is a prime example. We’re talking
about step 2 in the methodology, where we’re still figuring out what targets are there
and what vulnerabilities they may have. Attacking, at this point, is folly.
3. Your organization is planning for the future and is identifying the systems and processes
critical for their continued operation. Which of the following best describes this effort?
A. BCP
B. BIA
C. DRP
D. ALE
☑ B. A business impact analysis (BIA) best matches this description. In a BIA, the
organization looks at all the systems and processes in use and determines which ones
are absolutely critical to continued operation. Additionally, the assessor (the person or
company conducting the analysis) will look at all the existing security architecture and
make an evaluation on the likelihood of any system or resource being compromised.
Part of this is assigning values to systems and services, determining the maximum
tolerable downtime (MTD) for any, and identifying any overlooked vulnerabilities.
☐
✗ A is incorrect because a business continuity plan (BCP) contains all the procedures
that should be followed in the event of an organizational outage—such as a natural
disaster or a cyberattack. BCPs include the order in which steps should be taken
and which system should be returned to service first. BCPs include DRPs (disaster
recovery plans).

CEH Certified Ethical Hacker Practice Exams

10
 ☐
✗ C is incorrect because a disaster recovery plan (DRP) contains steps and procedures
for restoring a specific resource (service, system, and so on) after an outage. Usually
DRPs are part of a larger BCP.
☐
✗ D is incorrect because the annualized loss expectancy (ALE) is a mathematical
measurement of the cost of replacing or repairing a specific resource. ALE is calculated
by multiplying the single loss expectancy (SLE) by the annualized rate of occurrence
(ARO). For example, if the total cost of a single loss of a resource is calculated at
$1000 and you calculate there is a 10 percent chance it will fail in any given year,
your ALE would be $100.
4. Which incident response (IR) phase is responsible for setting rules, identifying the workforce
and roles, and creating backup and test plans for the organization?
A. Preparation
B. Identification
C. Containment
D. Recovery
☑ A. So even if you weren’t aware of incident response phases, this one should’ve been
a rather easy guess. In the preparation phase, your IR (incident response) team should
be preparing for an incident. Preparation includes lots of things—some of which are
mentioned here. But virtually anything you can think of that does not involve actions
taken during the incident belongs here. Training, exercises, and policies are all examples.
As an aside, IR phases can be different depending on whom you ask and what
the moon phase is, but generally IR is broken down into six phases: preparation,
identification, containment, eradication, recovery, and lessons learned. Preparation
we already covered. Identification refers to the steps taken to verify it’s actually an
incident, and all the information surrounding that—source, destination(s), exploit
used, malware used, and so on. Containment is the step used to cordon off the
infected system(s) and prevent any further spread of infection or attack. Eradication
refers to steps taken to remove the malware (or other attack-related residuals, such
as backdoors). Recovery involves the steps taken to rebuild and restore the system(s)
and network to pre-attack status (with better security, I might add). Finally, lessons
learned is exactly what it sounds like, and it should feed right back into your
organization’s preparation phase.
☐
✗ B is incorrect because the identification phase refers to the steps taken to verify the
legitimacy of an active incident and gather information on the details of the attack.
☐
✗ C is incorrect because the containment phase deals with the steps taken to reduce or
prevent the spread of the infection or attack inside the network.
☐
✗ D is incorrect because the recovery phase deals with the steps taken to restore and
replace any resources damaged or affected by the attack footprint.

Chapter 1: Getting Started: Essential Knowledge

11
Another random document with
no related content on Scribd:
—— (06) The Araucarieae, recent and extinct. Phil. Trans. R. Soc.
vol. cxcviii. p. 305.
Seward, A. C. and J. Gowan. (00) The Maidenhair Tree. (Ginkgo
biloba, L.) Ann. Bot. vol. xiv. p. 109.
Seward, A. C. and A. W. Hill. (00) On the structure and affinities of a
Lepidodendroid stem from the Calciferous Sandstone of
Dalmeny, Scotland. Trans. R. Soc. Edinb. vol. xxxix. pt. iv. p.
907.
Seward, A. C. and T. N. Leslie. (08) Permo-Carboniferous plants
from Vereeniging. Quart. Journ. Geol. Soc. vol. lxiv. p. 109.
Seward, A. C. and A. Smith Woodward. (05) Permo-Carboniferous
Plants and Vertebrates from Kashmir. Mem. Geol. Surv. India,
vol. v. Mem. 2.
Shattock, S. G. (88) On the scars occurring on the stem of
Dammara robusta, Moore. Journ. Linn. Soc. vol. xxix. p. 441.
Shove, Rosamund. (00) On the structure of the stem of Angiopteris
erecta. Annals Bot. vol. xiv.
Smith, G. O. and D. White. (05) The geology of the Perry basin in
South Eastern Maine. U. S. Geol. Surv. No. 35.
Sollas, Igerna B. J. (01) Fossils in the Oxford Museum. On the
structure and affinities of the Rhaetic plant Naiadita. Quart.
Journ. Geol. Soc. vol. lvii. p. 307.
Solms-Laubach, H. Graf zu. (83) Zur Geschichte der Scolecopteris,
Zenker. Nachr. K. Ges. Wise. Univ. Göttingen, p. 26.
—— (92) Ueber die in den Kalksteinen des Kulm von Glätzisch-
Falkenberg in Schlesien erhaltenen Structurbietenden
Pflanzenreste. Bot. Zeit. p. 49.
—— (94) Ueber Stigmariopsis, Grand’Eury. Palaeont. Abh. (Dames
and Kayser) [N. F.] Bd. ii. Jena.
—— (96) Ueber die seinerzeit von Unger beschriebenen
Strukturbietenden Pflanzenreste des Unterculm von Saalfeld in
Thüringen. Abh. K. Preuss. Geol. Landes. Heft xxiii.
—— (99) Ueber das Genus Pleuromeia. Bot. Zeit. p. 227.
—— (992) Beiträge zur Geologie und Palaeontologie von
Südamerika. Neues Jahrb. Min., Beilageband xii. p. 593.
—— (02) Isoetes lacustris, seine Verzweigung und sein Vorkommen
in den Seen des Schwarzwaldes und der Vogesen. Bot. Zeit. p.
179.
—— (04) Ueber die Schicksale der als Psaronius brasiliensis
beschriebenen Fossilreste unserer Museen. Festsch. P.
Ascherson’s Siebzigstem Geburtstage. Berlin.
—— (06) Die Bedeutung der Palaeophytologie für die systematische
Botanik. Mitt. Philo-math. Ges. Elsass-Loth. Bd. iii. p. 353.
Spieker, T. (53) Zur Sigillaria Sternbergi Münster, des bunten
Sandsteins zu Bernburg. Zeits. Gesammt. Naturw. Bd. ii. Halle.
Sprengel, A. (28) Commentatio de Psarolithis. Halle.
Spruce, R. (08) Notes of a botanist on the Amazon and Andes
(Edited by A. R. Wallace). London.
Staub, M. (87) Die Aquitanische Flora des Zsilthales im comitate
Hunyad. Mitt. Jahrb. K. Ungar. Geol. Anst. Bd. vii. Heft vi.
Stenzel, C. G. (54) Ueber die Staarsteine. Nova Acta Leop. Carol.
Bd. xxiv.
—— (86) Rhizodendron Oppoliense, Göpp. Jahresber. Schles. Ges.
Vaterl. Cultur. Ergänzungsheft lxiii.
—— (89) Die Gattung Tubicaulis. Bibl. Bot. Heft xii.
—— (97) Verkieselte Farne von Kamenz in Sachsen. Mitt. K.
Mineralog. Geol. und prähistorisch. Mus. Dresden. Heft xiii.
—— (06) Die Psaronien, Beobachtungen und Betrachtungen. Beit.
Paläont. Geol. Öst.-Ung. Bd. xix.
Sterzel, J. T. (78) Ueber Palaeojulus dyadicus Geinitz und
Scolecopteris elegans Zenker. Zeitsch. Deutsch. Geol. Ges. p.
417.
—— (80) Ueber Scolecopteris elegans Zenker und andere fossile
Reste. Zeitschr. Deutsch. Geol. Ges.
—— (86) Die Flora des Rothliegenden im Plauenschen Grunde.
Abh. K. Sächs. Ges. Wiss. Bd. xix.
—— (862) Neue Beitrag zur Kenntniss von Dicksonites Pluckeneti
Brongn. sp. Zeitschr. Deutsch. Geol. Ges. p. 773.
—— (96) Gruppe verkieselten Araucariten Stämme. Ber. Naturwiss.
Ges. Chemnitz, 1896–99.
—— (962) See Weber, O. and J. T. Sterzel.
Stiehler, A. W. (58) Beiträge zur Kenntniss der vorweltlichen Flora
des Kreidegebirges im Harze. Palaeont. Bd. v.
—— (59) Zu Pleuromeia. Zeit. Gesammt. Nat. Halle, Bd. iii. p. 190.
Stokey, A. G. (07) The roots of Lycopodium pithyoides. Bot. Gaz.
vol. xliv. p. 57.
—— (09) The anatomy of Isoetes. Bot. Gaz. vol. xlvii. p. 311.
Stopes, Marie C. (06) A new fern from the Coal-Measures:
Tubicaulis Sutcliffii, spec. nov. Mem. Proc. Manch. Lit. Phil. Soc.
vol. l.
Strasburger, E. (73) Einige Bemerkungen über Lycopodiaceen. Bot.
Zeit. p. 81.
—— (74) Ueber Scolecopteris elegans, Zenk. Jen. Zeitsch.
Naturwiss. vol. viii. p. 88.
Strzelecki, Count. (45) Physical description of New South Wales
&c. London.
Stur, D. (81) Die Silur-Flora der Étage H-h in Böhmen. Sitzb. Akad.
Wiss. Wien, 1 Abth. Bd. lxxxiv. p. 330.
—— (84) Zur Morphologie und Systematik der Culm- und
Carbonfarne. Sitzb. Akad. Wiss. Wien, Bd. lxxxviii.
—— (85) Die Carbon-Flora der Schatzlarer Schichten. Abh. K. K.
Geol. Reichs. Bd. xi. Abth. i.
Sykes, M. Gladys. (08) The anatomy and morphology of
Tmesipteris. Annals Bot. vol. xxii. p. 63.
—— (082) Note on an abnormality found in Psilotum triquetrum. Ibid.
vol. xxii. p. 525.
—— (083) Notes on the morphology of the Sporangium-bearing
organs of the Lycopodiaceae. New Phyt. vol. vii. p. 41.
—— (09) Note on the Sporophyll of Lycopodium inundatum. Ibid. vol.
viii. p. 143.
Szajnocha, L. (88) Ueber fossile Pflanzenreste aus Cacheuta in der
Argentinischen Republik. Sitzb. K. Akad. Wiss. Wien, Bd. xcvii.
Abth. i. p. 219.
—— (91) Ueber einige Carbone Pflanzenreste aus der
Argentinischen Republik. Sitzb. K. Akad. Wiss. Wien, Bd. c.
Abth. i. p. 203.
Tansley, A. G. (08) Lectures on the evolution of the filicinean
vascular system. (Reprinted from the New Phytologist.)
Cambridge.
—— and Edith Chick. (01) Notes on the conducting tissue-system
in Bryophyta. Annals Bot. vol. xv. p. 1.
—— and F. E. Fritsch. (05) The flora of the Ceylon littoral. New
Phyt. vol. iv. p. 1.
—— and R. B. J. Lulham. (05) A study of the vascular system of
Matonia pectinata. Annals Bot. vol. xix. p. 475.
Thiselton-Dyer, Sir W. T. (05) Cycas Micholitzii, Dyer. Gard. Chron.
Aug. 19, p. 142.
Thoday, D. (06) On a suggestion of heterospory in Sphenophyllum
Dawsoni. New Phyt. vol. v. p. 91.
Thomas, A. P. W. (02) The affinity of Tmesipteris with the
Sphenophyllales. Proc. R. Soc. vol. lxix. p. 343.
Thomas, Ethel N. (05) Some points in the anatomy of Acrostichum
aureum. New Phyt. vol. iv. p. 175.
Thomas, H. H. (08) See Arber, E. A. N. and H. H. Thomas.
Thompson, D’Arcy W. (80) Notes on Ulodendron and Halonia.
Edinb. Geol. Soc.
Trautschold, H. (60) See Auerbach, J. and H. Trautschold.
Treub, M. (84–90) Études sur les Lycopodiacées. Ann. Jard. Bot.
Buitenzorg, vol. iv. v. vii. viii.
Underwood, L. E. (00) See Lloyd, E. and L. M. Underwood.
—— (07) A preliminary review of the North American
Gleicheniaceae. Bull. Torrey Bot. Club, vol. xxxiv. p. 243.
Unger, F. and R. Richter. (56) Beitrag zur Paläontologie des
Thüringer Waldes. Denksch. Wien. Akad. Bd. xi.
Velenovský, J. (85) Die Gymnospermen der böhmischen
Kreideformation. Prag.
—— (88) Die Farne der böhmischen Kreideformation. Prag.
Vines, S. (88) On the systematic position of Isoetes, L. Annals Bot.
vol. ii. pp. 117, 223.
Wanklyn, A. (69) Description of some new species of fossil ferns
from the Bournemouth leaf-beds. Ann. Mag. Nat. Hist. vol. iii. p.
10.
Ward, L. F. (99) The Cretaceous Formation of the Black Hills as
indicated by the fossil plants. U. S. Geol. Surv., 19th Ann. Rep.
pl. ii.
—— (00) Status of the Mesozoic Floras of the United States, i. U. S.
Geol. Surv., 20th, Ann. Rep.
—— (04) Palaeozoic seed-plants. Science, Aug. 26, p. 279.
—— (05) Status of the Mesozoic Floras of the United States, ii. U. S.
Geol. Surv. Monographs, vol. xlviii.
Watson, D. M. S. (06) On a “fern” synangium from the Lower Coal-
Measures of Shore, Lancashire. Journ. R. Micr. Soc. p. 1.
—— (07) On a confusion of two species (Lepidodendron Harcourtii,
Witham, and L. Hickii, sp. nov.) under Lepidodendron Harcourtii,
With. in Williamson’s XIX. Memoir, with a description of L. Hickii
sp. nov. Mem. Proc. Manch. Lit. Phil. Soc. vol. li.
—— (08) On the Ulodendron Scar. Ibid. vol. lii.
—— (082) The cone of Bothrodendron mundum. Ibid. vol. lii.
—— (09) On Mesostrobus, a new genus of Lycopodiaceous cones
from the Lower Coal-Measures &c. Annals Bot. vol. xxiii. p. 379.
Weber, O. and J. T. Sterzel. (96) Beiträge zur Kenntniss der
Medulloseae. Ber. Naturwiss. Ges. Chemnitz, 1893–96.
Weiss, C. E. (69) Fossile Flora der jüngsten Steinkohlenformation
und des Rothliegenden im Saar-Rhein-Gebiete. Bonn, 1869–72.
—— (70) Studien über Odontopteriden. Zeitsch. Deutsch. Geol. Ges.
—— (79) Bemerkungen zur Fructification von Nöggerathia. Zeitsch.
Deutsch. Geol. Ges.
—— (84) Zur Flora der ältesten Schichten des Harzes. Jahrb. K.
Preuss. Geol. Landes. Berlin.
—— (86) Ueber eine Buntsandstein Sigillaria und deren nächste
Verwandte. Ibid. 1885.
—— (88) Ueber neue Funde von Sigillarien in der Wettiner
Steinkohlengrube. Zeitsch. Deutsch. Geol. Ges.
—— (89) Beobachtungen an Sigillarien von Wettin und Umgegend.
Neues Jahrb. Bd. xli. p. 376.
—— and J. Sterzel. (93) Die Sigillarien der Preussischen
Steinkohlen und Rothliegenden Gebiete. K. Preuss. Geol.
Landes. [N.F.], Heft 2.
Weiss, F. E. (02) On Xenophyton radiculosum (Hick), and on a
Stigmarian rootlet probably related to Lepidophloios fuliginosus
(Will.). Mem. Proc. Manch. Lit. Phil. Soc. vol. xlvi. pt. 3.
—— (03) A biseriate Halonial branch of Lepidophloios fuliginosus.
Trans. Linn. Soc. vol. vii. pt. 4.
—— (04) A probable parasite of Stigmarian rootlets. New Phyt. vol.
iii. p. 63.
—— (06) On the tyloses of Rachiopteris corrugata. New Phyt. vol. v.
p. 82.
—— (07) The Parichnos in Lepidodendraceae. Mem. Proc. Manch.
Lit. Phil. Soc. vol. li. pt. ii.
—— (08) A Stigmaria with centripetal wood. Annals Bot. vol. xxii. p.
221.
Weiss, F. E. and J. Lomax. (05) The stem and branches of
Lepidodendron selaginoides. Mem. Proc. Manch. Lit. Phil. Soc.
vol. xlix.
White, D. (93) A new Taeniopteroid Fern and its allies. Bull. Geol.
Soc. America, vol. iv. p. 119.
—— (95) The Pottsville series along New River, West Virginia. Bull.
Geol. Soc. America, vol. vi. p. 305.
—— (98) Omphalophloios, a new Lepidodendroid type. Ibid. vol. ix.
p. 329.
—— (99) Fossil flora of the Lower Coal-Measures of Missouri. U. S.
Geol. Surv. Mon. xxxvii.
—— (02) Description of a fossil alga from the Chemung of New York.
Rep. New York State Palaeontologist, 1901.
—— (04) The seeds of Aneimites. Smithsonian Miscell. Coll. vol.
xlvii. pt. iii. p. 322.
—— (05) See Smith, G. O. and D. White.
—— (052) Fossil plants of the group Cycadofilices. Smiths. Misc.
Coll. vol. xlviii. pt. iii.
—— (07) Permo-Carboniferous changes in South America. Journ.
Geol. vol. xv. p. 615.
—— (072) A remarkable fossil tree trunk from the Middle Devonic of
New York. New York State Mus. Bull. 107. Albany.
—— (08) Fossil flora of the Coal-Measures of Brazil. Rio de Janeiro.
White, I. C. (80) See Fontaine, W. M. and I. C. White.
Wickes, W. H. (00) A new Rhaetic section at Bristol. Proc. Geol.
Assoc. vol. xvi. p. 421.
Wigglesworth, Grace. (02) Notes on the rhizome of Matonia
pectinata. New Phyt. vol. i. p. 157.
Wild, G. and J. Lomax. (00) A new Cardiocarpon-bearing strobilus.
Annals Bot. vol. xiv. p. 160.
Williamson, W. C. (72) On the organization of the fossil plants of the
Coal-Measures. III. Lycopodiaceae. Phil. Trans. R. Soc. vol.
clxii. p. 283.
—— (76) Ibid. pt. vii. Phil. Trans. R. Soc. vol. clxvi. p. 1.
—— (77) Ibid. pt. viii. Phil. Trans. R. Soc. vol. clxvii. p. 213.
—— (83) Presidential address. Brit. Assoc.
—— (87) Note on Lepidodendron Harcourtii and L. fuliginosum.
Proc. R. Soc. vol. xlii. p. 6.
—— (92) Sigillaria and Stigmaria. Nat. Science, p. 214.
—— (93) On the organization &c. pt. xix. Phil. Trans. R. Soc. vol.
clxxxiv. p. 1.
—— (932) General morphological and histological index to the
author’s collective memoirs on the fossil plants of the Coal-
Measures, pt. ii. Mem. Proc. Manch. Lit. Phil. Soc. [7] vol. vii.
—— (95) On the light thrown upon the question of growth and
development of the Carboniferous arborescent Lepidodendra by
a study of the details of their organisation. Ibid. vol. ix. p. 31.
—— (96) Reminiscences of a Yorkshire Naturalist. (Edited by Mrs
Crawford Williamson.) London.
Woodward, A. Smith. (05) See Seward, A. C. and A. Smith
Woodward.
Worsdell, W. C. (95) On transfusion-tissue; its origin and function in
the leaves of Gymnospermous plants. Trans. Linn. Soc. vol. v. p.
301.
Wünsch, E. A. (67) Discovery of erect stems of fossil trees in
trappean ash in Arran. Trans. Geol. Soc. Glasgow, vol. ii. p. 97.
Yabe, H. (05) Mesozoic plants from Korea. Journ. Colt. Sci. Imp.
Univ. Japan, vol. xx.
Yapp, R. H. (02) Two Malayan ‘Myrmecophilous’ ferns, Polypodium
(Lecanopteris) carnosum (Blume), and P. sinuosum. Annals Bot.
vol. xvi. p. 185.
—— (08) Sketches of vegetation at home and abroad. IV. Wicken
Fen. New Phyt. vol. vii. p. 61.
Yokoyama, M. (89) Jurassic plants from Kaga, Hida, and Echizen.
Journ. Coll. Sci. Imp. Univ. Japan, vol. iii.
—— (06) Mesozoic plants from China. Ibid. vol. xxi.
Zalessky, M. (04) Végétaux fossiles du Terrain Carbonifère du
Bassin du Donetz. Mém. Com. Géol. St Pétersbourg. Livr. xiii.
—— (07) Sur la présence de Mixoneura neuropteroides, Göpp. avec
Neuropteris Scheuchzeri, Hoffmann, et N. rarinervis, Bunbury
&c. Bull. Com. Géol. St Pétersbourg, tome xxvi.
—— (08) Végétaux fossiles du Terrain Carbonifère du bassin du
Donetz. II. Étude sur la structure anatomique d’un
Lepidostrobus. Mém. Com. Géol., Livr. xlvi.
Zeiller, R. (79) Note sur quelques fossiles du terrain permien de la
Corrèze. Bull. Soc. Géol. France, tome viii. p. 196.
—— (792) Note sur le genre Mariopteris. Bull. Soc. Géol. France [3],
tome vii. p. 92.
—— (83) Fructifications de Fougères houillères. Ann. Sci. nat. [6],
vol. xvi.
—— (84) Cônes de fructification des Sigillaires. Ibid. vol. xix. p. 256.
—— (85) Sur les affinités du genre Laccopteris. Bull. Soc. Bot.
France, tome xxxii. p. 21.
—— (86) Présentation d’une brochure de M. Kidston sur les
Ulodendron et observations sur les genus Ulodendron et
 Bothrodendron. Bull. Soc. Géol. France [3], tome xiv. p. 168.
—— (89) Sur les variations de formes du Sigillaria Brardi, Brongn.
Ibid. [3], tome xvii. p. 603.
—— (90) Bassin Houiller et Permien d’Autun et d’Épinac. Études
des Gîtes Min. France.
—— (94) Notes sur la flore des Couches Permiennes de Trienbach
(Alsace). Bull. Soc. Geol. France [3], tome xxii. p. 163.
—— (95) Note sur la flore fossile des Gisements houillers de Rio
Grande do Sul. Bull. Soc. Géol. France [3], tome xxiii. p. 601.
—— (97) Observations sur quelques fougères des Dépôts houillers
d’Asie Mineure. Bull. Soc. Bot. France [3], tome xliv. p. 195.
—— (972) The reference of the genus Vertebraria. (Translation from
the Compt. Rend, tome cxxii. p. 744.) Rec. Geol. Surv. India,
vol. xxx. pt. i.
—— (973) Les Provinces botaniques de la fin des temps primaires.
Rev. Gén. Sci. (Jan. 15).
—— (974) Revue des travaux de paléontologie végétale. Rev. Gén.
Bot. tome ix.
—— (98) Sur un Lepidodendron silicifié du Brésil. Compt. Rend.
(July 25).
—— (982) Sur la découverte, par M. Amalitzky, de Glossopteris dans
le Permien supérieur de Russie. Bull. Soc. Bot. France, tome
xlv. p. 392.
—— (983) Contribution à l’étude de la flore ptéridologique des
schistes permiens de Lodève. Bull. Mus. de Marseille, tome i.
Fasc. ii. p. 9.
—— (99) Étude sur la flore fossile du Bassin houiller d’Héraclée.
Mém. Soc. Géol. France (Paléont.), Mém. 21.
—— (00) Sur une Sélaginellée du terrain houiller de Blanzy. Compt.
Rend. vol. cxxv. p. 1077.
—— (002) Éléments de Paléobotanique. Paris.
—— (02) Observations sur quelques plantes fossiles des Lower
Gondwanas. Mem. Geol. Surv. India [New Series], vol. ii.
—— (03) Flore fossile des Gîtes de Charbon du Tonkin. Études des
Gîtes Min. France. Paris.
—— (032) Revue des travaux de Paléontologie végétale. Rev. Gén.
Bot. vol. xv.
—— (05) Une nouvelle classe de Gymnospermes: les
Ptéridospermées. Rev. Gén. Sci. p. 718.
—— (06) Bassin houiller et Permien de Blanzy et du Creusot (Fasc.
ii). Études Gîtes Min. France.
—— (09) Observations sur le Lepidostrobus Brownii. Compt. Rend.
vol. cxlviii. p. 890.
—— (092) Revue des travaux de Paléontologie végétale (1901–06).
Rev. Gén. Bot., vols. xxi, xxii.
Zenker, J. C. (37) Scolecopteris elegans Zenk. Ein neues fossiles
Farrngewächs mit Fructificationen. Linnaea, vol. xi. p. 509.
 INDEX
The Index includes the names of Authors and plants mentioned in
this volume. No references are, however, given to the following
Authors, whose names occur too frequently to render special
reference of use to the reader: A. Brongniart, R. Kidston, A. G.
Nathorst, H. Potonié, B. Renault, D. H. Scott, H. Graf zu Solms-
Laubach, D. Stur, W. C. Williamson, K. Zeiller.

Abies pectinata, 217

Acrostichites Goeppertianus, 340, 341
A. linnaeaefolius, 340
A. rhombifolius, 340
A. tenuifolius, 332
A. Williamsonis, 339
Acrostichum, 499, 500
A. aureum, 309, 379
A. (Lomariopsis) sorbifolium, 301
Adiantites, 376, 560
A. antiquus, 376, 377
A. lindsayoides, 376, 377
A. Sewardi, 377
Adiantum pedatum, 300
A. apalophyllum, 380
Agathis, 131, 195
A. australis, 95
Alethopteris, 485, 516, 557, 572–576
A. Grandini, 574
A. lonchitica, 399, 553, 574, 575
A. Roesserti, 346
A. Serlii, 575, 576
Alloiopteris, 470, 579
A. Essinghii, 535
Alsophila, 295
A. excelsa, 294
A. tahitiensis, 309
Alsophilina, 372
Amalitzky, W., 498, 513
Anachoropteris Decaisnii, 462
Anachoropteroides, 455
Andrae, K. J., 390
Androstrobus, 88
Aneimia, 287, 288, 346, 350
A. flexuosa, 289
A. phyllitidis, 289
A. rotundifolia, 288, 307
Aneimites, 346
Angiopteridium, 485
A. californicum, 409
Angiopteris, 172, 317, 417, 425, 455, 527
A. evecta, 283, 317–319
A. Richthofeni, 409
Ankyropteris, 365, 450–462, 465
A. bibractensis, 453–456, 471
A. corrugata, 436, 453, 455–462, 471
A. scandens, 450–452, 456, 461, 462, 471
Anomopteris Mougeotii, 329
A. Schlectendalii, 329
Anomozamites, 489
Antrophyum, 499
Aphlebia 525–529, 533–536, 555
A. crispa, 526, 528
A. Germari, 526
Aphyllum cristatum, 127
Araucaria, 25
A. Balansae, 36
A. excelsa, 36
A. imbricata, 93, 211
Araucarieae, 44, 275
Araucarites Cordai, 187
A. gracilis, 84
Arber, E. A. N., 178, 395, 420, 433, 497, 500, 507, 508, 512,
513
Arber, E. A. N. and H. H. Thomas, 214, 222
Arberia, 516
A. minasica, 516
Arberia sp., 517
Archaeopterideae, 565
Archaeopteris, 15, 526, 560–565
A. archetypus, 563–565
A. Dawsoni, 564
A. fimbriata, 563–565
A. fissilis, 563, 564
A. gaspiensis, 563
A. hibernica, 561–565
A. Jacksoni, 563
A. Roemeriana, 563
A. Tschermaki, 564
Archaeosigillaria, 78, 267, 268
A. primaeva, 201, 268
Archangiopteris, 318, 319
Arctopodium insigne, 456
Artis, F. T., 127, 196, 229, 231, 422
Aspidiaria, 124, 127, 128
Aspidites caudatus, 404
Asplenites, 580
A. macrocarpus, 346
A. ottonis, 346
Asplenium Johnstrupi, 369
A. multilineatum, 301
A. nebbense, 344
A. nidus, 485
A. resectum, 300
A. whitbiense, 344
Asterochlaena duplex, 448
A. laxa, 462, 471, 472
A. ramosa, 471
Asterotheca, 398, 409, 426, 576
A. Sternbergii, 398, 400
Aulacopteris, 567
Azolla, 192, 274, 475

Baiera, 307, 390

Baily, W. H., 469, 537, 560, 562
Baker, J. G., 33, 307
Balfour, J. H., 191
Barrois, C., 103
Bartholin, C. T., 392
Bates, H. W., 309
Bennettitales, 396
Bennie, J., 7
Bennie, J. and R. Kidston, 85
Benson, Margaret, 277, 532
Bensonites fusiformis, 469
Bergeria, 124, 126, 127, 174, 181
Bernouillia, 409, 410, 541
Berridge, E. M., 194
Berry, E. W., 543
Bertrand, C. E., 163, 213, 214, 222, 275, 277
Bertrand, C. E. and F. Cornaille, 316
Bertrand, P., 432, 434, 435, 443, 447, 449–452, 462, 467, 468
Binney, E. W., 103, 110, 137, 153, 164, 171, 188, 232, 238, 462,
465
Bischof, — 69
Blanckenhorn, M., 72, 522, 523
Blechnoxylon talbragarense, 509–511
Bommer, C., 40, 353, 361
Boodle, L. A., 20, 21, 24, 304, 311, 468
Bothrodendreae, 248–266
Bothrodendron, 75, 128, 130–133, 137, 188, 209, 234, 240,
248–268, 276
B. kiltorkense, 252, 255, 257–259
B. Leslei, 258
B. minutifolium, 251–256, 262
B. mundum, 256, 262, 263
B. punctatum, 135, 248, 250, 252, 254, 260
B. tenerrimum, 264
Bothrostrobus, 192, 262–264, 278
Botrychioxylon, 459
Botrychium, 169, 427, 438, 459, 510
B. Lunaria, 322
B. virginianum, 322
Botryoptereae, 434–443
Botryopterideae, 325, 365, 375, 427, 432–472
Botryopteris, 436–443
Botryopteris antiqua, 436, 442, 443, 470, 471
B. cylindrica, 436, 438
B. forensis, 437, 438, 442–445, 463, 470
B. hirsuta, 436, 438
B. ramosa, 436, 438, 440, 441, 470
Boulay, N., 251
Bowenia, 549
B. spectabilis, 438
Bower, F. O., 13, 14, 17, 44, 46, 53, 78, 191, 264, 268, 282, 284,
296, 298, 300, 307, 325
Bowman, J. E., 232
Brabenec, — 476
Brainea, 299
Brittsia, 464
B. problematica, 464
Brodie, P. B., 82
Brongniart, A. See note, page 609
Brown, Richard, 232, 233, 237, 239
Brown, Robert, 160, 190
Browne, Lady Isabel, 267, 269
Bruchmann, H., 64
Bunbury, Sir Charles, 348, 352, 481, 570, 572
Butterworth, J., 171, 413

Calamites, 6, 11, 73, 207, 208

C. radiatus, 11, 265, 256
Calamodendron, 73
Calamostachys, 9
Callipteridium, 560
C. gigas, 557
C. pteridium, 560
Callipteris, 556–560
C. Bergeroni, 558
C. conferta, 558–560
C. conferta var. polymorpha, 559
C. flabellifera, 568
C. lyratifolia, 557, 558
Calymmatotheca, 407, 531, 532
C. affinis, 532
C. Stangeri, 531
Campbell, D. H., 68, 192, 308
Camptopteridinae, 385
Camptopteris, 389, 390
C. exilis, 381
C. lunzensis, 385
C. Phillipsii, 383
C. spiralis, 382, 389, 390
Cancellatae, 203
Canna, 517
Cannophyllites, 517
Cardiocarpon, 271
C. anomalum, 271
Cardiopteris, 519, 523–525
C. frondosa, 523–526
C. Hochstetterii var. franconica, 524