Ethical Hacker Ch. 6
Which of the following best describes IPsec enumeration?
Uses ESP, AH, and IKE to secure communication between VPN endpoints.
Which of the following ports are used by null sessions on your network?
139 and 445
In which phase of the ethical hacking process do you gather information from a system to learn more about its configurations, software, and services?
Enumeration
After the enumeration stage, you have are considering blocking port 389. Your colleague has advised you to use caution when blocking ports that could potentially impact your network. Which of the following necessary services could be blocked?
LDAP
Diana, a penetration tester, executed the following command. Which answer describes what you learn from the information displayed?
This is a DNS zone transfer.
The Simple Network Management Protocol (SNMP) is used to manage devices such as routers, hubs, and switches. SNMP works with an SNMP agent and an SNMP management station in which layer of the OSI model?
Application Layer
Robby, a security specialist, is taking countermeasures for SNMP. Which of the following utilities would he most likely use to detect SNMP devices on the network that are vulnerable to attacks?
SNscan
What port does a DNS zone transfer use?
TCP 53
Which of the following is the most basic way to counteract SMTP exploitations?
Ignore messages to unknown recipients instead of sending back error messages.
A hacker has managed to gain access to the /etc/passwd file on a Linux host. What can the hacker obtain from this file?
Usernames, but no passwords
Shawn, a malicious insider, has obtained physical access to his manager's computer and wants to listen for incoming connections. He has discovered the computer's IP address, 192.168.34.91, and he has downloaded netcat. Which of the following netcat commands would he enter on the two computers?
nc -l -p 2222 (manager's computer) and nc -nv 192.168.34.91 2222 (Shawn's machine)
Jorge, a hacker, has gained access to a Linux system. He has located the usernames and IDs. He wants the hashed passwords for the users that he found. Which file should he look in?
/etc/shadow
LDAP is an internet protocol for accessing distributed directory services. If this port is open, it indicates that Active Directory or Exchange may be in use. What port does LDAP use?
TCP/UDP 389
Hugh, a security consultant, recommended the use of an internal and external DNS to provide an extra layer of security. Which of the following DNS countermeasures is being used?
Split DNS
Which enumeration process tries different combinations of usernames and passwords until it finds something that works?
Brute force
Typically, you think of the username as being the unique identifier behind the scenes, but Windows actually relies on the security identifier (SID). Unlike the username, a SID cannot be used again. When viewing data in the Windows Security Account Manager (SAM), you have located an account ending in -501. Which of the following account types did you find?
The built-in guest
Which of the following enumeration tools provides information about users on a Linux machine?
finger