CEH v9 Midterm ch. 1-8

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which of the following best describes vulnerability?

A weakness

What is missing from a half-open scan?

ACK

Footprinting has two phases. What are they?

Active and passive

What can be configured in most search engines to monitor and alert you to changes to content?

Alerts

When scanning a network via a hardline connection to a wired-switch NIC in promiscuous mode, what would be the extent of network traffic you would expect to see?

All nodes attached to the same port

At which layer of the OSI model does a proxy operate?

Application

Choosing a protective network appliance, you want a device that will inspect packets at the most granular level possible while providing improved traffic efficiency. What appliance would satisfy these requirements?

Application Firewall

What is EDGAR used to do?

Check financial filings

What kind of domain resides on a single switchport?

Collision domain

If you can't gain enough information directly from a target, what is another option?

Competitive analysis

A white-box test means the tester has which of the following?

Complete knowledge

Footprinting can determine all of the following except _____?

Distribution and number of personnel

Which of the following is not a flag on a packet?

END

___________ is a method for expanding an email list.

EXPN

A vulnerability scan is a good way to do what?

Find open ports, Find weaknesses

What is the purpose of social engineering?

Gain information from a human being through face-face or electronic means

What should a pentester do prior to initiating a new penetration test?

Get permission

Which type of hacker may use their skills for both benign and malicious goals at different times?

Gray hat

Which of the following best describes what a hacktivist does?

Hacks for political reasons

Which of the following best describes what a suicide hacker does?

Hacks without stealth

Which of the following describes an attacker who goes after a target to draw attention to a cause?

Hacktivist

The group anonymous is an example of what?

Hacktivists

An administrator has just been notified of irregular network activity; what appliance functions in this manner?

IDS

What network appliance senses irregularities and plays an active role in stopping that irregular activity from continuing?

IPS

A banner can do what?

Identify a service

What is an SID used to do?

Identify a user.

Which of the following best describes footprinting?

Investigation of a target

Which of the following can an attacker use to determine the technology and structure within an organization?

Job boards

Hubs operate at which layer of the OSI model?

Layer 1

If a device is using a MAC address to funnel traffic, what layer of the OSI model is this device working in?

Layer 2

Companies may require a penetration tester for which of the following reasons?

Legal reasons, Regulatory reasons, to perform an audit

What level of knowledge about hacking does a script kiddie have?

Low

Which record will reveal information about a mail server for a domain?

MX

Which topology has built-in redundancy because of its many client connections?

Mesh

SNMP is used to do which of the following?

Monitor network devices

Which technology allows the use of a single public address to support many internal clients while also preventing exposure of internal IP addresses to the outside world?

NAT

_______ is used to synchronize clocks on a network

NTP

Which of the following types of attack has no flags set?

NULL

A __________ is used to connect to a remote system using NetBIOS.

NULL session

An attacker can use ________ to enumerate users on a system.

NetBIOS

Which of the following is used for identifying a web server OS?

Netcraft

Which tool can be used to view web server information?

Netcraft

Which of the following can be used to tweak or fine-tune search results?

Operators

Which category of firewall filters is based on packet header data only?

Packet

Vulnerability research deals with which of the following?

Passively uncovering vulnerabilities

Which of the following does an ethical hacker require to start evaluating a system?

Permission

Which of the following is not typically used during footprinting?

Port Scanning

Nmap is required to perform what type of scan?

Port scan

Enumeration does not uncover which of the following pieces of information?

Ports

What device acts as an intermediary between an internal client and a web resource?

Proxy

LDAP is used to perform which function?

Query a database.

During a FIN scan, what indicates that a port is closed?

RST

During a Xmas tree scan what indicates a port is closed?

RST

Which network topology uses a token-based access system?

Ring

You have selected the option in your IDS to notify you via email if it senses any network irregularities. Checking the logs, you notice a few incidents but you didn't receive any email alerts. What protocol needs to be configured on the IDS?

SMTP

SNScan is used to access information for which protocol?

SNMP

What is the proper sequence of the TCP three-way handshake?

SYN, SYN-ACK, ACK

What is the sequence of the three-way handshake?

SYN, SYN-ACK, ACK

What phase comes after footprinting?

Scanning

SMTP is used to perform which function?

Send email messages

Which of the following can help you determine business processes of your target through human interaction?

Social engineering

Which of the following would be a very effective source of information as it related to social engineering?

Social networking

Which of the following can be used to assess physical security?

Street views

Which of the following describes a hacker who attacks without regard for being caught or punished?

Suicide Hacker

A DNS zone transfer is used to do which of the following?

Synchronize server information

A SYN attack uses which protocol?

TCP

Which of these protocols is a connection oriented protocol?

TCP

A scan of a network client shows that port 23 is open; what protocol is this aligned with?

Telnet

Which of the following is used for banner grabbing?

Telnet

What is the three-way handshake?

The opening sequence of a TCP connection

What does TOE stand for?

Time of evaluation

Why would you need to use a proxy to perform scanning?

To enhance anonymity

Why use Google hacking?

To fine-tune search results

What is Tor used for?

To hide the process of scanning

Which tool can trace the path of a packet?

Tracert

SNMP is used to perform which function in relation to hardware?

Trap messages

Enumeration is useful to system hacking because it provides which of the following?

Usernames

The Wayback Machines is used to do which of the following?

View archived versions of a website

If you have been contracted to perform an attack against a target system, you are what type of hacker?

White hat

Which of the following would most likely engage in the pursuit of vulnerability research?

White hat

Which OS holds 90 percent of the desktop market and is one of our largest attack surfaces?

Windows

How is black-box testing performed?

With no knowledge

________ involves grabbing a copy of a zone file.

Zone transfer

What separates a suicide hacker from other hackers?

a lack of fear of being caught

What is an ICMP echo scan?

a ping sweep

A contract is important because it does what?

gives proof

Which command can be used to view NetBIOS information?

nbstat

Which of the following is used to perform customized network scans?

nmap

What is the role of social engineering?

to gain info from human beings

What is the purpose of a proxy?

to keep a scan hidden

VRFY is used to do which of the following?

validate an email address

Which of the following would confirm a user named chell in SMTP

vrfy chell

Which ports does SNMP use to function?

161 and 162

Port number ____________ is used for SMTP.

25

Which port uses SSL to secure web traffic?

443

What port range is an obscure third-part application most likely to use?

49152-65535

Port number ___________ is used by DNS for zone transfers.

53 TCP

What is a code of ethics?

A description of expected behavior

A full-open scan means that the three-way handshake has been completed. What is the difference between this and a half-open scan?

A half-open does not include the final ACK

Which best describes a vulnerability scan?

A way to automate the discovery of vulnerabilities


Conjuntos de estudio relacionados

psych tech board missed questions

View Set

Chapter 8: From sediment to sedimentary rock

View Set