Ch 2-15 ETHICAH HACKING PRO
Information gathering techniques
Which of the following elements of penetration testing includes the use of web surfing, social engineering, dumpster diving, and social networking?
Which of the following best describes a supply chain? A company sells their products on Amazon and has Amazon ship the product A company provides materials to another company to manufacture a product A company stocks their product at a store A company stores their product at a distribution center
A company provides materials to another company to manufacture a product
Which of the following best describes a script kiddie?
A hacker who uses scripts written by much more talented individuals.
Heather is working for a cybersecurity firm based in Florida. She will be conducting a remote penetration test for her client, who is based in Utah. Which state's laws and regulations will she need to adhere to? Hether will adhere to Florida's laws, and the client will adhere to Utah's laws Both companies will need to adhere to Utah's laws A lawyer should be consulted on which laws to adhere to and both parties agree Both companies will need to adhere to Florida's laws
A lawyer should be consulted on which laws to adhere to and both parties agree
Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique?
Elictitation
Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term? Ethical hacking Blue teaming Red teaming Network scanning
Ethical hacking
Miguel is performing a penetration test on a web server. Miguel was given only the server's IP address and name. Which of the following best describes the type of penetration test Miguel is performing? Internal Black box White box External
External
Which of the following best describes a goal-based penetration test? Focuses on the overall security of the organization and its data security Te hacker has been given full information about the target Ensures the organization follows federal laws and regulations Focuses on the end results. The hacker determines the methods
Focuses on the end results. The hacker determines the methods
United States Code Title 18, Chapter 47, Section 1029 deals with which of the following? Fraud and related activity involving electronic mail Fraud and related activity involving computers Fraud and related activity involving access devices Fraud and related activity regarding identity theft
Fraud and related activity involving access devices
Which of the following is the third step in the ethical hacking methodology? Clear your tracks Reconnaissance Scanning and enumeration Gain access
Gain access
Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and instructed him how to secure the system. What type of hacker is Miguel in this scenario? White hat State-sponsored Script kiddie Gray hat
Gray hat
Michael is performing a penetration test for a hospital. Which federal regulation does Michael need to ensure he follows? HIPAA FISMA DMCA PCI DSS
HIPAA
Shred the discs.
You have a set of DVD-RW discs that were used to archive files from your latest project. You need to prevent the sensitive information on the discs from being compromised. Which of the following methods should you use to destroy the data?
nmap -sn 172.125.68. 1-255
You have found the IP address of a host to be 172.125.68.30. You want to see what other hosts are available on the network. Which of the following nmap commands would you enter to do a ping sweep?
Use incremental backups and store them in a locked fireproof safe.
You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once per week. For security reasons, your company has decided not to store a redundant copy of the backup media at an off-site location. Which of the following would be the best backup and storage option?
You get a call from one of your best customers. The customer is asking about your company's employees, teams, and managers. What should you do?
You should not provide any information and forward the call to the help desk.
Whois
Iggy, a penetration tester, is conducting a black box penetration test. He wants to do reconnaissance by gathering information about ownership, IP addresses, domain name, locations, and server types. Which of the following tools would be most helpful?
During an authorized penetration test, Michael discovered his client's financial records. Which of the following should he do? Sell the records to a competitor Make a backup of the records for the client Continue digging an look for illegal activity Ignore the records and move on
Ignore the records and move on
Split DNS
Julie configures two DNS servers, one internal and one external, with authoritative zones for the corpnet.xyz domain. One DNS server directs external clients to an external server. The other DNS server directs internal clients to an internal server. Which of the following DNS countermeasures is she implementing?
Which of the following documents details exactly what can be tested during a penetration test? Master Service Agreement Scope of Work Rules of Engagement Non-Disclosure Agreement
Scope of Work
Which of the following best describes an inside attacker?
An unintentional threat actor; the most common threat.
During a risk assessment, the organization determines that the risk of collecting personal data from its customers is not acceptable and stops. What method of dealing with risk is the organization using? Avoidance Transference Mitigation Acceptance
Avoidance
Yesenia was recently terminated from her position, where she was using her personal cell phone for business purposes. Upon termination, her phone was remotely wiped. Which of the following corporate policies allows this action? Corporate policy BYOD policy Update policy Password policy
BYOD policy
You are executing an attack in order to simulate an outside attack. Which type of penetration test are you performing? White hat Black box Black hat White box
Black box
Heather is in the middle of performing a penetration test when her client asks her to also check the security of an additional server. Which of the following documents does she need to submit before performing the additional task? Scope of work Rules of engagement Permission to test Change order
Change order
A dome camera
Closed-circuit television can be used as both a preventative tool (to monitor live events) or as an investigative tool (to record events for later playback). Which camera is more vandal-resistant that other cameras?
What are the rules and regulations defined and put in place by an organization called? Scope of work Corporate policies Rules of engagement Master service agreement
Corporate policies
Charles found a song he wrote being used without his permission in a video on YouTube. Which law will help him protect his work? HIPAA DMCA PCI DSS FISMA
DMCA
Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack?
DNS cache poisoning
Install patches against known vulnerabilities and clean up out-of-date zones, files, users, and groups.
Dan wants to implement reconnaissance countermeasures to help protect his DNS service. Which of the following actions should he take?
Preventing interruptions of computer services caused by problems such as fire.
Important aspects of physical security include which of the following?
Configure the screen saver to require a password.
Joe, a bookkeeper, works in a cubicle environment and is often called away from his desk. Joe doesn't want to sign out of his computer each time he leaves. Which of the following is the best solutions for securing Joe's workstation?
An internet policy
John, a security specialist, conducted a review of the company's website. He discovered that sensitive company information was publicly available. Which of the following information sharing policies did he discover were being violated?
Gray hat
Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and instructed him how to secure the system. What type of hacker is Miguel in this scenario?
Social engineering
MinJu, a penetration tester, is testing a client's security. She notices that every Wednesday, a few employees go to a nearby bar for happy hour. She goes to the bar and starts befriending one of the employees with the intention of learning the employee's personal information. Which information gathering technique is MinJu using?
Social engineers are master manipulators. Which of the following are tactics they might use?
Moral obligation, ignorance, and threatening
Miguel is performing a penetration test on his client's web-based application. Which penetration test frameworks should Miguel utilize? OSSTMM OWASP NIST SP 800-115 ISO/IEC 27001
OWASP
Man-made threat
On her way to work, Angela accidentally left her backpack with a company laptop at the coffee shop. What type of threat has she caused the company?
Which of the following defines the security standards for any organization that handles cardholder information for any type of payment card? HIPAA PCI DSS DMCS FISMA
PCI DSS
Which of the following is a common corporate policy that would be reviewed during a penetration test? Purchasing policy Meeting policy Parking policy Password policy
Password policy
Randy was just hired as a penetration tester for the red team. Which of the following best describes the red team? Is a team of specialists that focus on the organization's defensive security. Is responsible for establishing and implementing policies Performs offensive security tasks to test the network's security Acts as a pipeline between teams and can work on any side
Performs offensive security tasks to test the network's security
Using a fictitious scenario to persuade someone to perform an action or give information they aren't authorized to share is called:
Pretexting
During a penetration test, Heidi runs into an ethical situation she's never faced before and is unsure how to proceed. Which of the following should she do? Reach out to an attorney for legal advice Ignore the situation and just move on Talk with her friend and do what they suggest Trust her instincts and do what she feels is right
Reach out to an attorney for legal advice
The penetration testing life cycle is a common methodology used when performing a penetration test. This methodology is almost identical to the ethical hacking methodology. which of the following is the key difference between these methodologies? Reporting Gain access Maintain access Reconnaissance
Reporting
What does an organization do to identify areas of vulnerability within their network and security systems? Scanning External test Risk assessment Internal test
Risk assessment
Heather is performing a penetration test. She has gathered a lot of valuable information about her target already. Heather has used some hacking tools to determine that, on her target network, a computer named Production Workstation has port 445 open. Which step in the ethical hacking methodology is Heather performing? Reconnaissance Gain access Scanning and enumeration Maintain access
Scanning and enumeration
Which document explains the details of an objective-based test? Permission to test Change order Scope of work Rules of engagement
Scope of work
Which of the following is a deviation from standard operating security protocols? Whitelisting Security exception MAC filtering Blacklisting
Security exception
Which of the following policies would cover what you should do in case of a data breach? Corporate data policy Password policy Sensitive data handling policy Update frequency policy
Sensitive data handling policy
Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to?
Shoulder surfing
Any attack involving human interaction of some kind is referred to as:
Social engineering
A goal-based penetration test needs to have specific goals. Using SMART goals is extremely useful for this. What does SMART stand for? Specific/Maintainable/Attainable/Relevant/Timely Steps/Maintainable/Affordable/Results/Tuned Specific/Measurable/Attainable/Relevant/Timely Steps/Measurable/Affordable/Results/Tuned
Specific/Measurable/Attainable/Relevant/Timely
You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this?
Spim
APT
The Stuxnet worm was discovered in 2010 and was used to gain sensitive information on Iran's industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet?
NIST
The U.S. Department of Commerce has an agency with the goal of protecting organizational operations, assets, and individuals from threats such as malicious cyber-attacks, natural disasters, structural failures, and human errors. Which of the following agencies was created for this purpose?
Threat modeling
The process of analyzing an organization's security and determining its security holes is known as:
The process of analyzing an organization's security and determining its security holes is known as: Ethical hacking Enumeration Penetration testing Threat modeling
Threat modeling
An attack that targets senior executives and high-profile victims is referred to as:
Whaling
Prevention, detection, and recovery
What are the three factors to keep in mind with physical security?
Shows results in pages that contain all of the listed keywords.
What does the Google Search operator allinurl:keywords do?
Maltego
What's the name of the open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses, and other information?
Reconnaissance
When a penetration tester starts gathering details about employees, vendors, business processes, and physical security, which phase of testing are they in?
A thin, stiff piece of metal
Which of the following best describes a lock shim?
Large flowerpots
Which of the following best describes a physical barrier used to deter an aggressive intruder?
An ethical hacker has permission to hack a system, and a criminal hacker doesn't have permission.
Which of the following is the difference between an ethical hacker and a criminal hacker?
DNS
Which of the following services is most targeted during the reconnaissance phase of a hacking attack?
This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught.
Which statement best describes a suicide hacker?
Physical attack
Which type of attack involves changing the boot order on a PC so that the hacker can gain access to the computer by bypassing the install operating system?
White hat
Which type of threat actor only uses skills and knowledge for defensive purposes?
What type of threat actor only uses skills and knowledge for defensive purposes? Gray hat Script kiddie White hat Hacktivist
White hat
Security sequence
A person in a dark grey hoodie has jumped the fence at your research center. A security guard has detained this person, denying him physical access. Which of the following areas of physical security is the security guard currently in?
The Stuxnet worm was discovered in 2010 and was used to gain sensitive information on Iran's industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet? Virus Trojan horse APT Logic bomb
APT
The following formula defines which method of dealing with risk? Cost of Risk > Damage = Risk ______ Acceptance Mitigation Transference Avoidance
Acceptance
Hannah is working on the scope of work with her client. During the planning, she discovers that some of the servers are cloud-based servers. Which of the following should she do? Not worry about this fact and test the servers Add the cloud host to the scope of work Tell the client she can't perform the test Get a non-disclosure agreement
Add the cloud host to the scope of work
Contact names, Phone numbers, email addresses, fax numbers, and addresses
A penetration tester is trying to extract employee information during the reconnaissance phase. What kinds of data is the tester collecting about the employees?
Which of the following is a consideration when scheduling a penetration test? Who is aware of the test? What risks are acceptable? Which systems are being tested? Are there any security exceptions?
Who is aware of the test?
Network foot printing tools
Whois, Nslookup, and ARIN are all examples of:
Echosec
Xavier is doing reconnaissance. He is gathering information about a company and its employees by going through their social media postings that were made using location services. What is the name of this tool?
Heather has been hired to work in a firm's cybersecurity division. Her role will include performing both offensive and defensive tasks. Which of the following roles applies to Heather? A member of the red team A gray hat hacker A member of the purple team A black hat hacker
A member of the purple team
ABC company is in the process of merging with XYZ company. As part of the merger, a penetration test has been recommended. Testing the network systems, physical security, and data security have all been included in the scope of work. What else should be included in the scope of work? Company culture Email policies Employee IDs Password policies
Company culture
Which type of penetration test is required to ensure an organization is following federal laws and regulations? Goal-based Objective-based Compliance-based White box
Compliance-based
Which of the following best describes what FISMA does? Defines standards that ensure medical information is kept safe Implements accounting and disclosure requirements that increase transparency Defines the security standards for any organization that handles cardholder information Defines how federal government data, operations, and assets are handled
Defines how federal government data, operations, and assets are handled
Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in?
Development phase
Which of the following elements is generally considered the weakest link in an organization's security? Physical Servers Network Human
Human
During a penetration test, Mitch discovers child pornography on a client's computer. Which of the following actions should he take? Ignore the files and continue with the penetration test Delete the files and continue with the penetration test Immediately stop the test and report the finding to the authorities Stop the test, inform the client, and let them handle it
Immediately stop the test and report the finding to the authorities
Employee and visitor safety
Implementing emergency lighting that runs on protected power and automatically switches on when the main power goes off is part of which physical control?
Which of the following best describes what SOX does? Implements accounting and disclosure requirements that increase transparency Defines standards that ensure medical information is kept safe Defines how federal government data, operations, and assets are handled Defines the security standards for any organization that handles cardholder information
Implements accounting and disclosure requirements that increase transparency
Which of the following is considered a mission-critical application? Customer database Video player Support log Medical database
Medical database
A client asking for small deviations from the scope of work is called: Rules of engagement Change order Scope creep Security exception
Scope creep
Which of the following best describes social engineering? The art of deceiving and manipulating others into doing what you want The process of analyzing an organization's security and locating security holes Sending an email that appears to be from a bank to trick the target into entering their credentials on a malicious website A stealthy computer network attack in which a person or group gains unauthorized access for an extended period
The art of deceiving and manipulating others into doing what you want
Which of the following best describes a gray box penetration test? The ethical hacker is given strict guidelines about what can be targeted The ethical hacker has partial information about the target or network The ethical hacker is given full knowledge of the target or network The ethical hacker has no information regarding the target or network
The ethical hacker has partial information about the target or network
Which of the following is a limitation of relying on regulations? They rely heavily on password policies They allow interpretation They are regularly updated The industry standards take precedence
They rely heavily on password policies
Which statement best describes a suicide hacker? This hacker may cross the line of what is ethical, but usually has good intentions and isn't being malicious This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught This hacker is motivated by religious or political beliefs and wants to create severe disruption or widespread fear This hacker's main purpose is to protest an even and draw attention to their views and opinions
This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught
After performing a risk assessment, an organization must decide what areas of operation can be included in a penetration test and what areas cannot be included. Which of the following describes the process? Transference Avoidance Tolerance Mitigation
Tolerance
A printed materials policy
Which of the following information sharing policies addresses the sharing of critical information in press releases, annual reports, product catalogs, and marketing materials?
Mantraps
While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following would you most likely implement to keep this from happening in the future?
Miguel is performing a penetration test. His client needs to add Miguel's computer to the list of devices allowed to connect to the network. What type of security exception is this? Whitelisting White box Black box Blacklisting
Whitelisting
Train the receptionist to keep her iPad in a locked drawer.
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. What could you do to add an additional layer of security to this organization?
How to prevent piggybacking and tailgating.
You are in the process of implementing policies and procedures that require employee identification. You observe employees holding a secure door for others to pass through. Which of the following training sessions should you implement to help prevent this in the future?
nmap -sS xyzcompany.com
You are in the reconnaissance phase at the XYZ company. You want to use nmap to scan for open ports and use a parameter to scan the 1,000 most common ports. Which nmap command would you use?