CSIA 320 Ethical Hacking
Of the two protocols discussed which is more difficult to scan for?
UDP
Web applications are used to ______________.
allow dynamic content
_____________________ is the point at which an attacker starts to plan his or her attack.
analyzing the results
An attacker can use a ___________________ to return to a system.
backdoor
Which of the following best describes the role of IP?
best effort at delivery
A hacker with computing skills and expertise to launch harmful attacks on computer networks and uses those skills illegally is best described as a _______________________.
black-hat hacker
Sniffers can be used to:
capture information
______________ dictates the performance of a wireless network.
clients, interference, and access points
The sixth step in the hacking process is _____________________.
covering tracks
A ________________ is a file used to store passwords.
database
The third step in the hacking process is __________________.
enumeration
The fifth step in the hacking process is _______________________.
escalation of privilege
When hackers talk about standards of behavior and moral issues of right and wrong, what are they referring to?
ethics
The first step in the hacking process is _______________.
footprinting
What is the Network Layer of the OSI Reference Model responsible for?
formatting the data
____________________ is a popular though easily detectable scanning technique.
full connect
A __________ is used to store a password.
hash
Browsers do not display _________________.
hidden fields
___________________ is used to overwhelm a service.
hijacking
Which of the following is the best description of the INTITLE tag?
instructs Google to search for a term within the title of a document
What is the core of the Linux operating system?
kernel
Which of the following makes UDP harder to scan for?
lack of startup and shutdown
Which of the following best describes how ICMP is used?
logical errors and diagnostics
Which command is used to list the files and subdirectories in a given location?
ls
Which command is used to create new directories?
mkdir
What is a security vulnerability found in RIP?
no authentication
Which of the following is an example of a passive fingerprinting tool?
p0f
What is the best description of footprinting?
passive information gathering
What technique is used when traffic is captured on a network with hubs?
passive sniffing
A _______________________ is used to reveal passwords.
password cracker
Which of the following is not typically a web resource used to footprint a company?
phonebooks
The most common type of ICMP message is ___________________.
ping
The seventh and final step in the hacking process is _____________________.
planting backdoors
________________________ involves increasing access on a system.
privilege escalation
Which of the following challenges can be solved by firewalls?
protection against scanning
Which of the following is the best example of passive information gathering?
reviewing job listings posted by the targeted company
Which command can be used to remove a file or folder?
rm
A ______________________ replaces and alters system files changing the way a system behaves at a fundamental level.
rootkit
The second step of the hacking process is ___________________.
scanning
How is the practice of tricking employees into revealing sensitive data about their computer system or infrastructure best described?
social engineering
________________ is used to fake a MAC address.
spoofing
Which of the following is NOT an attribute of OSPF?
subject to route poisoning
What type of device can have its memory filled up when MAC flooding is used?
switch
The fourth step in the hacking process is ___________________.
system hacking
_____________________ is the process of exploiting services on a system.
system hacking
You need to determine the path to a specific IP address. Which of the following tools is the best to use?
traceroute
What can enumeration discover?
user accounts
A security exposure in an operating system or application software component is called a ______________________.
vulnerability
It is most important to obtain _______________________ before beginning a penetration test.
written authorization
Which of the following switches is used for an ACK scan?
-sA
Which of the following is the Nmap command line switch for a full connect port scan?
-sT
You have been asked to perform a port scan for POP3. Which port will you scan for?
110
______________ operates at 5GHz.
802.11a
_______________ runs completely from removable media.
A Live CD
In Linux, you issue commands from a command line using which of the following?
A terminal window
Which of the following statements is most correct? A. Active fingerprinting tools inject packets into the network B. Passive fingerprinting tools inject traffic into the network C. Nmap can be used for passive fingerprinting D. Passive fingerprinting tools do not require network traffic to fingerprint an operating system
A. Active fingerprinting tools inject packets into the network
If you need to find a domain that is located in Canada the best RIR to check first would be __________________.
ARIN
___________________ are scripting languages (select two)
ActiveX and CGI
What is another way used to describe Ethernet? A. Collision detection B. Sends traffic to all nodes on a hub C. CSMA/CD D. All of the above
All of the above
Several APs group together to form a _____________.
BSS
If a penetration test team does not have anything more than a list of IP addresses of the organization's network, what type of test are the penetration testers conducting?
Black Box
______________ is a short-range wireless technology.
Bluetooth
_______________ uses trusted devices.
Bluetooth
How are brute force attacks performed?
By trying all possible combinations of characters
Hackers may justify their actions based on which of the following: A. All information should be free B. Access to computers and their data should be unlimited C. Writing viruses, malware, or other code is not a crime D. Any of the above
D. Any of the above
If you were looking for information about a company's financial history, you would want to check the __________________ database.
EDGAR
A database can be a victim of source code exploits.
FALSE
An ad hoc network scales well in production environments.
FALSE
Botnets are used to bypass the functionality of a switch.
FALSE
Enumeration discovers which ports are open.
FALSE
Input validation is a result of SQL injections.
FALSE
Ping scanning does not identify open ports.
FALSE
SNMP uses encryption and is therefore a secure program.
FALSE
Session hijacking is used to capture traffic.
FALSE
TCP and UDP both use flags.
FALSE
The command mv is used to remove empty directories.
FALSE
The command used to display where you are in the file system is cd.
FALSE
The stability of a web server does not depend on the operating system.
FALSE
Wireless refers to all the technologies that make up 802.11.
FALSE
Which type of network requires an AP?
Infrastructure
Which of the following is a desktop interface for Linux?
KDE
_______________ blocks systems based on physical address.
MAC filtering
___________________ is used to flood a switch with bogus MAC addresses.
MAC flooding
__________________ is used to audit databases.
NGSSquirreL
Which of the following is not a network mapping tool?
Netstat
The process of determining the underlying version of the system program being used is best described as __________________________.
OS fingerprinting
Which of the following statements most closely expresses the difference in routing and routable protocols?
OSPF is a routing protocol whereas IP is a routable protocol.
Which of the following represents a valid ethical hacking test methodology?
OSSTMM (Open Source Security Testing Methodology Manual)
You have been asked to look up a domain that is located in Europe. Which RIR should you examine first?
RIPE
A ___________________ is an offline attack.
Rainbow attack
The individual responsible for releasing what is considered to be the first Internet worm was __________________.
Robert T. Morris, Jr.
_________________ can be caused by the exploitation of defects and code.
SQL injection
Which of the following is used to identify a wireless network?
SSID
An XMAS tree scan sets all of the following flags except __________________.
SYN
A DoS attack is meant to deny a service from legitimate usage.
TRUE
A NULL session is used to attack to Windows remotely.
TRUE
Active sniffing is used when switches are present.
TRUE
During the footprinting process social networking sites can be used to find out about employees and look for technology policies and practices.
TRUE
Session hijacking is used to take over an authenticated session.
TRUE
The command mv is designed to move files.
TRUE