Chapter 5

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which of the following can migrate the machine's actual operating system into a virtual machine? A. Hypervisor-level rootkit B. Kernel-level rootkit C. Virtual rootkit D. Library-level rootkit

A. Hypervisor-level rootkit

Which of the following best defines steganography? A. Steganography is used to hide information within existing files. B. Steganography is used to create hash values of data files. C.Steganography is used to encrypt data communications, allowing files to be passed unseen. D. Steganography is used to create multimedia communication files.

A. Steganography is used to hide information within existing files.

You see the following command in a Linux history file review: " someproc & " Which of the following best describe the command result? (Choose two.) A. The process "someproc" will stop when the user logs out. B. The process "someproc" will continue to run when the user logs out. C. The process "someproc" will run as a background task. D. The process "someproc" will prompt the user when logging off.

A. The process "someproc" will stop when the user logs out. C. The process "someproc" will run as a background task.

Which of the following would be considered a passive online password attack? A. Guessing passwords against an IPC$ share B. Sniffing subnet traffic to intercept a password C.Running John the Ripper on a stolen copy of the SAM D.Sending a specially crafted PDF to a user for that user to open

B. Sniffing subnet traffic to intercept a password

Examining a database server during routine maintenance, you discover an hour of time missing from the log file, during what would otherwise be normal operating hours. Further investigation reveals no user complaints on accessibility. Which of the following is the most likely explanation? A. The log file is simply corrupted. B. The server was compromised by an attacker. C. The server was rebooted. D. No activity occurred during the hour time frame.

B. The server was compromised by an attacker.

An attacker has hidden badfile.exe in the readme.txt file. Which of the following is the correct command to execute the file? A. start readme.txt>badfile.exe B. start readme.txt:badfile.exe C. start badfile.exe > readme.txt D. start badfile.exe | readme.txt

B. start readme.txt:badfile.exe

After gaining access to a Windows machine, you see the last command executed on the box looks like this: " net use F: \\MATTBOX\BankFiles /persistent:yes Assuming the user had appropriate credentials, which of the following are true? (Choose all that apply.) A.In Windows Explorer, a folder will appear under the root directory named BankFiles. B.In Windows Explorer, a drive will appear denoted as BankFiles (\\MATTBOX) (F:). C. The mapped drive will remain mapped after a reboot. D. The mapped drive will not remain mapped after a reboot.

B.In Windows Explorer, a drive will appear denoted as BankFiles (\\MATTBOX) (F:). C. The mapped drive will remain mapped after a reboot

Where is the SAM file stored on a Windows 7 system? A. /etc/ B. C:\Windows\System32\etc\ C. C:\Windows\System32\Config\ D. C:\Windows\System32\Drivers\Config

C. C:\Windows\System32\Config\

Which encryption standard is used by LM? A. MD5 B. SHA-1 C. DES D. SHA-2 E. 3DES

C. DES

While pen-testing a client, you discover that LM hashing, with no salting, is still engaged for backward compatibility on most systems. One stolen password hash reads 9FAF6B755DC38E12AAD3B435B51404EE. Is this user following good password procedures? A. Yes, the hash shows a 14-character, complex password. B. No, the hash shows a 14-character password; however, it is not complex. C. No, the hash reveals a 7-character-or-less password has been used. D. It is impossible to determine simply by looking at the hash.

C. No, the hash reveals a 7-character-or-less password has been used.

Which of the following best defines a hybrid attack? A. The attack uses a dictionary list, trying words from random locations in the file until the password is cracked. B. The attack tries random combinations of characters until the password is cracked. C. The attack uses a dictionary list, substituting letters, numbers, and characters in the words until the password is cracked. D. The attack use rainbow tables, randomly attempting hash values throughout the list until the password is cracked.

C. The attack uses a dictionary list, substituting letters, numbers, and characters in the words until the password is cracked.

A user on Joe's network does not need to remember a long password. Users on Joe's network log in using a token and a four-digit PIN. Which authentication measure best describes this? A. Multifactor authentication B. Three-factor authentication C. Two-factor authentication D. Token authentication

C. Two-factor authentication


Conjuntos de estudio relacionados

crash course: Venice and the Ottomans

View Set

APPLICATION, UNDERWRITING AND DELIVERING THE POLICY

View Set

Biology A: Preparing for Test Unit 2

View Set

The Glass Menagerie | Scenes 3-4 Quiz

View Set

OCA Java SE 8 Programmer 1 - Chapter 1

View Set

CSS overflow, float and clear, align

View Set

Week 2 Valvular Disorders and Pulmonary Embolism

View Set