eh 1, eh 2, eh 3, eh 4, eh 5, eh 6
Risk = Threats X _____
Vulnerabilities
Why is it important to find the IP address when running a Nikto web server scan?
You need the IP address as part of the Nikto command to run the scan.
What does the MITRE ATT&CK repository provide?
a deep dive into the tactics and techniques used to infiltrate malware
which tool would be best for Vscan nmap wireshark kali linux acunetix
acunetix
in the field of hacking, apt stands for
advance persistent threat
When would you write code as a new polymorphic version of malware?
after modifying existing code in memory
which kali tool is used to provide a list of suitable exploits
amitage
How is BlackEnergy2 delivered?
as an encrypted payload from which a rootkit is installed by a decrypting dropper
Organizations seek to develop and employ good security practices to protect _____, which are tangible and intangible items that can be assigned a value.
assets
tangible or intangible items that can be assigned a value are
assets
which part of the command ""nmap -O -v 100.10.10.10 refers to operating system
-O
The well-known ports are in the range _____.
1-1023
scanning is the ____ phase of ethical hacking
2nd
security policies should be reassessed about every _______ years
3 years
the dark web is estimated to be about ____ times larger than the public web
500
An HTTP tunnel it doesn't encapsulate within the HTTP protocol but sends contents over port _____.
80
a good way to prevent XSS in a web form is to prohibit the use of these symbols
<>
A list of _____ is an example of personally identifiable information.
A complete name and their corresponding social security number
In defending against spyware, disable _____, which has been known to be a security risk for quite a while.
Active X
NTFS __________ can be used to store data in hidden files that are linked to a regular visible file.
Alternate Data Streaming (ADS)
Google _____ will allow you to do your own analytics that will help you get a picture of your web traffic and to see what your customers see.
Analytics
____ is a very powerful scanner that seeks out vulnerabilities, and once found will provide a list of suitable exploits.
Armitage
Which can be applied to a switch on your network that will prevent spanning tree attacks?
BPDU Guard
The _____ group in the CVSS represents the basic qualities of a vulnerability that are constant over time and across user environments.
Base
Part of a vulnerability assessment is Fuzz Testing, which is a(n) _____ method that floods a system with input to discover errors and security gaps in systems and software.
Black Box
_____ attacks are denial of service attacks that shower the network with aggressive amounts of traffic to shut down a service.
Burst
Encryption applies to primarily which tenet of CIA triad
C
_____ changes the DNS cache on the local name server to point to a bogus server.
Cache Poisoning
Before leaving, the final phase of Ethical Hacking is to clean up any evidence or trace of any activity on that machine.
Covering Tracks
_____ is a set of security extensions for DNS that provides authentication mechanisms when dealing with DNS records.
DNSSec
_____ is used to test a DNS query and report the results.
Dig is native to Linux. If using Windows, you can use nslookup to test a DNS query.
With ICMP, a(n) _____ is used to test reachability
Echo request/echo reply
is one of the original methods to send malware, spam, and bogus links. It continues to improve in sophistication.
Enumeration occurs before scanning.
FALSE
MSRPC is a network protocol.
FALSE
Microsoft's RPC is a true implementation of DCE/RPC
FALSE
SNMP can only be used across a local area network
FALSE
Shodan is a real-time system check.
FALSE
One IP addresses spoofing detection technique is called the "TCP Flow Control Method", which sends a SYN packet to what you perceive to be the attacker. It the IP address is spoofed, you will not receive a SYN-ACK.
Flow Control
What is one way to minimize threats to operating system?
Hardening
which browser is more susceptible to malware
IE
How do indicators of compromise (IOCs) prevent malware attacks?
IOCs can be identified and shared among members of the computing community.
With a(n) _____ scan, the TCP header is split over several packets and makes it hard for packet filters and intrusion detection systems to detect a port scan.
IP Fragmentation
The _____ ensures the information is classified appropriately, and assigned the appropriate level of protection.
Information Owner
Why is most malware constructed from kits?
It lowers the cost of malware creation to basically nothing.
Juno is part of the security applications team at Wells Fargo, which tests Wells Fargo's web applications for vulnerabilities. Which operating system will Juno use to do his fuzz testing?
Kali Linux
When conducting Ethical Hacking, _____ provides you with nearly all tools for Penetration Testing.
Kali Linux
_____ is built into Active Directory and uses tickets to access services.
Kerberos
Because a _____ records ALL keystrokes, you can see a user name and password in plain text as someone types it into a form.
Keylogger
What protocol is used to authenticate a user in an organizational unit?
LDAP
SSH tunnels allows you to bypass a firewall that restricts certain Internet services. The most common type of SSH tunnel is _____ port forwarding
Local
Which of the following is an OSINT Google Alerts MXtoolbox Maltego Edgar
Maltego
The nbtscan tool uses what protocol?
NetBios
_____ tools is a graphical user interface utility for Windows that is used to help collect information on a network for assessing irregularities and vulnerabilities.
NetScan
What is used to query host to test for reachability?
Ping
_____ is software used to encrypt and hide text messages within images.
S-tools
You can find templates to create policies that are free to use and will step you through the process at _____, a respected source for information security training
Sans
In Microsoft, user's passwords are stored in the _____ database
Security Account Manager (SAM)
automates vulnerability management, to ensure compliance with PCI, FISMA, HIPAA, and SOX
Security Content Automation Protocol (SCAP)
To search on an individual by using Public Records, White Pages listings, and Social Networking sites to find information, you should use _____.
Spokeo
Installing _____ on a phone allows you to monitor all types of activity, including: Text messages, social media posts, passwords, location, conversations, photos and videos, emails, and websites visited.
Spyware
what is required to transmit data over a network between two computers
Syn Ack Syn-Ack
To make sure a DNS zone transfer is only with authorized servers, deny all inbound connection requests to _____.
TCP Port 53
A Trojan Horse is presented as a useful tool or utility through a free download, or bundled into a popular program. It can create a backdoor that allows your PC to be remotely controlled.
TRUE
Attacks can be active or passive against a network resource, with the hopes of exploiting a vulnerability to achieve some result such as denial of service, data interception, modification, or theft.
TRUE
Normal TCP traffic begins with a 3-way handshake. The first packet is a synchronization packet, which is used to synchronize sequence numbers.
TRUE
SMB and SAMBA are interoperable.
TRUE
Universal Plug and Play (UPnP) works by discovery and advertisements so that the network is aware of what services and devices are available.
TRUE
_____creates guidelines for US agencies to create and implement risk-based policies and procedures that provide security protection for data.
The Federal Information Security Management Act (FISMA), also requires periodic penetration testing on all systems and data.
Legislation that governs data privacy and security practices that safeguard all patient electronic protected health information (e-PHI) in U.S medical facilities.
The Health Insurance Portability and Accountability Act (HIPAA), is also called the Privacy Rule. Anyone who is in violation will face penalties.
Nolan is preparing a vulnerability assessment report for the IT team. Which type of vulnerability assessment report should he prepare?
The IT team should have an executive summary, along with technical details.
How do rootkits achieve persistence?
They insert code into the startup boot records.
_____ threat management devices provide firewall functions, intrusion prevention, antivirus, data loss prevention along with content filtering.
Unified
Which group of the CVSS relects characteristics of a vulnerability that are constant over time and across user environment
base
Nikto performs testing on web servers for a variety of vulnerabilities, such as outdated versions of servers, missing headers such as anti-_____ X-Frame-Options header, and dangerous files and CGIs.
clickjacking
the common vuln scoring system does not include cost of an asset attack vector impact user interaction
cost of an asset
The final phase in system hacking is to _____.
cover tracks .
The steps to take after an incident include: Identify, respond, consider possible causes, _____, and resolve and document.
develop a solution
A _____ attack is a subset of a brute force attack and this uses a list of common passwords.
dictionary
least preferred way to prevent keystroke logging free anti-malware use FW use admin acc for install use more secure browsers
download free anti-malware
which search engine does not remember your searches
duck duck go
which tool is best for investigating a company's financial performance
edgar
which of the following is not reconmended for mobile devices enable geotagging use biometric autherication use https update OS
enable geotagging
Cyber actors use _____ to conceal malicious behavior
encryption
Paasswords are usually stored with the aid of hash functions, not ____
encryption functions
The Ethical Hacker attempts to _____ in order to achieve access to resources normally restricted from an end user or application.
escalate privilege
In the command netstat -abop, what does the b option provide?
executable
When Google Hacking, if I want to find all PDFs with the keyword networking, I would enter _____ in the search.
ext:pdf networking
SHA-1 is a highly preferred hash algorithm
false
a hacker usually prefers to use plaintext in their scripting attacks.
false
a hacker will likely clear logs when entering a system
false
a hardware keylogger runs with the aid of the target's OS
false
an example of a security incident is a business transaction
false
an organization generally has the ability to reduce security threats
false
nessus is used to fix vuln on a target system
false
penetration testing is usually done more often than vscanning
false
A _____is a hardware or software-based mechanism that controls in-coming and out-going traffic based on a set of rules that either permit or deny traffic on a network or host, and provide access control and active filtering.
firewall
which term mostly applies to limiting ping request from a computer
firewall
which stage of system hacking comes first priveledge escal obtaining password gaining access covering tracks
gaining access
which group often breaks the law but does not intend to do any real harm
gray hat hackers
A _____ hacker may try to gain access to a system without permission, but in general, without malice. Often, they will notify an organization in some manner that their system was vulnerable.
grey
Using legal and illegal tools to attack computer systems, deface web sites, and protest to promote political ideology or other causes is called _____.
hacktivism
A _____ is a small device that records each keystroke and then saves it to its on-board memory. It must be physically attached to the system and is observable within the task manager.
hardware keylogger
_____ is a one-way cryptographic function.
hashing
Steganography is the process of hiding data in a carrier. A popular method of hiding data in files is to use a(n) _____ which creates subtle changes in the color of pixels.
image
A regulatory _____ is a set of conditions outlined by a governing body.
law
which phase of hacking installs a backdoor
maintaining access
The zmap tool is used to _____.
map the internet .
a cyber attack occurs about every
minute
Zenmap is a gui for
nmap
vulerabilities do not exist in software people network none
none
in windows, the _____ command will show only the ip address of the destination
nslookup
Bob works at the Veterans Administration (VA) as a Security Analyst. The VA is requiring vulnerability assessments for all 3,500 VA projects. The most efficient way he can accomplish this is by _____.
outsourcing the vulnerability assessment to qualified and approved vendors.
Ricky responded to an intrusion alert which indicated someone was running an unauthorized port scan on the network. Ricky immediately notified his supervisor as this was indicative of a(n) _____ attack.
passive
weakest form of authetication
password
When launching a(n) _____ attack, the attacker wants to make sure the victim believes the site they are clicking on is real.
phishing
In Windows, the ________command will send 4 data packets to the destination
ping
which type of scan determines listening services port ping OS fngprnt
port
Reduce the threat of tunnels by allowing only _____ software and is best if done only by the administrator or network specialist.
pre-approved
The _____ value of the Exploitability metric captures the level of access required for a successful exploit of the vulnerability.
privileges required
The ps command enumerates
processes .
A _____ is installed so the Ethical Hacker can access the system at a later date.
rootkit
When using Nmap, use _____ to do a ping scan
sP
_____ software can be installed without someone's knowledge, and all activity can be monitored.
screen monitoring
Automating the analysis of malware through hybrid analysis includes both _____.
static and dynamic analysis
_____ is hiding in plain sight.
steganography
An organization must incorporate safeguards into the security compliance plan to defend against attacks. Safeguards include administrative, physical, and _____controls.
technical
Who runs the command and control systems over legitimate systems that are compromised?
the botmaster
hackers would be known as a
threat
the probability of a negative event happening to an asset
threat
How can you recover the source key of a malware and decrypt it to reveal the code?
through reverse engineering
Why does a ransomware DLL first create a mutex?
to ensure only one copy of ransomware is active
In a government classification system, _____ data is where the unauthorized disclosure of data could cause exceptionally grave damage.
top secret
_____ is a command line tool that traces the route of a packet across the Internet and provides route path and transit times.
tracert
Kevin downloaded what he thought was a harmless app. Instead, his computer was infected with a virus. Which type of virus was Kevin's computer most likely infected with?
trojan
Using google hacking database is legal
true
When defending against privilege escalation, restrict interactive logon privileges. Instead of using only a password, require multifactor authentication.
true
nmap can show you which ports are open on a computer
true
Salting the password with a random string will protect against a rainbow table attack.
truetrTrueuetrue
nessus is software used for
v- assessment
A _____ is a weakness in the system that can include unpatched systems, human error, software flaws, or weak or missing passwords.
vulnerability
A _____ scan will find known weaknesses, but it may miss key components that should be tested as it lacks the ability to reduce the overall threat.
vulnerability
For network systems, _____ management is a proactive approach to prevent the exploitation of IT vulnerabilities that exist within an organization.
vulnerability
Step two of the cyber kill chain is _____, where the malicious actors are aware of the weak spots in the organization and they devise a plan to get inside the network.
weaponization
Use _____ download an entire website and study the contents to find emails, phone numbers, and other organizational information such as employee directories.
website mirroring
which of the followingn would not be affective against email attacks website mirroring spam filtering user education spf
website mirroring
Which type of malware propagates itself through a network, without requiring any user action to move from one target to the next?
worm
_____ is used in business to help a company learn about its competitors in order to make better business decisions.
Competitive intelligence
In Linux, to erase the command history and set it back to zero so there's no trace you were in the system use the command: export _____.
HISTSIZE=0
To create a basic webpage, we can use _____. It's a simple language that was developed in 1990 and is used to created web pages and link content.
HTML
What is the difference between a hardware firewall and a personal firewall?
Hardware firewalls are used as part of a router, while personal firewalls are usually software-based and are used on an endpoint.
Proxy chaining is done to conceal your real IP address. Servers use _____, which provides authentication, so only authorized users can access a server.
SOCKS5
which law is designed to proect investors
SOX
This Ethical Hacking phase maps the network, including the make and model of the devices, checking for listening services, learning the operating systems, and evidence of data being sent in clear text.
Scanning
_____ is a comprehensive data privacy law, that gives consumers control of their data and affects companies located in and outside the European Union.
Under the General Data Protection Regulation (GDPR), companies can face up to 4% of total global turnover if they breach the rules.
What command can be used to check for the presence of an email username?
VRFY
Carmen combined available existing source code for a malware with additional new code to produce a revised code base. What has Carmen created?
a hybrid malware
When dealing with risk an organization can transfer the risk by _____.
using insurance
An attack _____is way for a hacker to gain access into a system, and can include software, networks, and the user.
vector
Ethical hacking is an important element of a comprehensive security plan, as it provides a method to test a computer system or network with the purpose of identifying and addressing
vulnerabilities
Footprinting a target and reconaisse usually takes several
weeeks
When is malware reverse engineering typically done?
when the original source of the executable code is not available
_____is a set of IT principles, provides a best practice framework designed to safeguard the privacy and security of company specific data to ensure value for its stakeholders.
COBIT is Control Objectives for Information and Related Technology used in IT governance and management.
How can you reduce data exfiltration with mobile devices?
Ensure patches and software updates are applied regularly.
Hping can create and send DNS and FTP packets to remote hosts and determine firewall rules
FALSE
A company's annual report on Edgar is called _____ and offers a thorough picture of a company's business
Form 10-K
Cookies help making browsing easier, yet some can be dangerous. _____ is a free download that blocks and cleans Google cookies and helps you to stay anonymous while searching online.
G-Zapper
With the knowledge of the vulnerabilities, this Ethical Hacking phase will launch an exploit, such as a web server attack including buffer overflows, or cross-site scripting (XSS).
Gaining Access
What was the first attempt to distribute a shareware virus construction kit?
GenVir
_____ Alerts will monitor the web for interesting new content and send you a notification.
_____ uses advanced operators and keywords that may possibly yield pages that contain sensitive information such as protected login screens
Google Hacking
Question 3 of 5 Eduardo works as a security professional at TechCo. Part of his job requires him to run vulnerability scans on Cisco applications. How can Eduardo find out CVE scores based on the vulnerabilities?
He can go to the National Vulnerability Database to find scores on a particular vulnerability.
Where would you find the commonly used WMI classes documented?
MSDN
While data mining or gathering intelligence, a(n) _____ tool is used to gather artifacts, consolidated from publicly available sources.
OSINT
A free and open software security site that provides information on vulnerabilities along with guidelines on best practices to secure web infrastructures.
OWASP
This Ethical Hacking phase is about obtaining as much information about the target as possible.
Reconnaissance
_____ define how the assets are protected and a set of rules of conduct for anyone or anything that interacts with the assets.
Security policies
A(n) _____ record is an extension of the SMTP protocol and helps prevent spammers from forging the From fields in email messages.
Sender Policy Framework
There are many network mapping tools available for device and topology discovery. Some include GeoIP database from MaxMind to locate targets.
TRUE
A(n) _____ is when a malicious actor gains access to a network, and remains undetected for weeks, months and even years
advanced persistent threat
Which of the folliwing is not an attack vector web pages email automobiles
all are attack vectors
Juanita is in charge of scanning for vulnerabilities at her job. Her manager wants her to check for outdated patches and listening ports. Juanita should use a(n) ___ scan
authenticated
A(n) _____ is a snapshot of network traffic during a particular window of time and can include utilization, network protocols, and latency issues.
baseline
Steganography can be detected by spotting an unusually large payload, or by observing image irregularities called _____ with the naked eye.
blocky artifacts
A _____ attack uses software to try every possible combination of characters and generate a massive amount of consecutive guesses in order to get the password.
brute force
When someone looks into the trash outside or inside an organization for anything that might reveal sensitive information, this is called _____.
dumpster diving
RSA is a hash algorithm
false
Where is the configuration block for malware stored in encrypted form?
in the body of the deployed payload
Where is the best place for a rootkit to hide?
in the operating system kernel
A(n) _____ is an unplanned occurrence that disrupts operational or day to day activities.
incident
What does the command nmap -PS 10.0.2.13 list?
open TCP ports
Intrusion detection works _____ to identify, log, and report any malicious activity.
out of band
The term _____ stems from a military reference that deals with gathering information about the location of a target by scouting or by setting up covert observation posts.
reconnaissance
which element of the cyber kill chain occues earlier than others
reconnasisance
Why does a malware have the ability to change its binary file as it propagates?
so the malware can defeat traditional signature-based detection
Anti-malware will also most of the time pick up a _____ keylogger as they are a form of spyware.
software
What information does the psinfo -s command enumerate?
software
Within the evolution of malware, _____ has become the most concerning issue because it is extremely sophisticated and difficult to defeat.
state-sponsored malware
By the time we get to the _______________, we have completed the Reconnaissance and scanning phases of Ethical Hacking.
system hacking phase
In the command "hping3 - - traceroute -V -1 66.32.101.17 " the -1 option is to
use the ICMP protocol .
When are advanced persistent threats (APTs) usually found?
when network monitoring detects the installed malware attempting to connect to its command and control systems
The _____ hat hackers are Ethical Hackers who have the support of government and industry.
white
I am working with technology companies to fix a flaw with DNS, I did this because I am a _____ hacker
white hat
The _____ Routing or TOR is an open framework that encrypts and moves traffic within the network, and enables anonymous browsing
Onion
_____ is the set of widely accepted requirements to secure credit card transactions.
PCI DSS
_____ can monitor screen activity, capture keystrokes, gather web form data, track internet usage, and allow access to sensitive data, then phone home with the information.
spyware
In Linux, the user ID and password are kept in the _____ file.
/etc/shadow
How does a typical Sofacy attack start?
An exploit triggers a dropper to plant the malware onto a target.
This is used by routers, intermediary devices, or hosts to communicate updates or error information to other routers, intermediary devices, or hosts.
Internet Control Message Protocol is used along side of IPv4 or IPv6 to test for reachability.
In order to be totally in stealth mode, use the IDLE scan, which is an easy scan to use.
FALSE (hard to use)
In a company, _____ is the software side that ensures data availability and drives business processes and decision-making. IT or IS
Information Systems not INFORMATION TECHNOLOGY
Cutting a fiber optic backbone is an example of a _____ attack
Physical
The goal of _____ is to force an application into running with a higher security environment than intended by the designer
Privilege Escalation
In Windows, applications run in which Ring?
Ring 3
The _____ is where the plan is passed on to become the policies procedures, controls and guidelines for expected behavior.
Senior Agency Information Security Officer
Why does an anomaly detection system (ADS) typically result in a false positive detection?
Sometimes a stream of legitimate packets contains the same sequence of coding as the attack signature.
If the source IP is spoofed, a reply cannot be returned to the sender
TRUE
Keyloggers are hard to detect since their very goal is to steal data without being discovered, and because data theft is at stake, can do more damage than a virus.
TRUE
Before installing any software, you should make sure malware protection is used with _____ filtering to block communication with malicious websites.
egress
Where would you do sandboxing so it doesn't cause damage?
in a contained environment
