Ethical Hacking Final Part 4
Session hijacking can be thwarted with which of the following?
Authentication
What is a covert channel?
A backdoor
When an attacker computer tells a network the IP address of bigbank.com is an illigitimate address, that is a form of what attack?
IP Spoofing Attack
What phase of a virus is when it is replicating iteself?
Propogation Phase
XSS is typically targeted toward which of the following?
Web Browsers
What is NOT a benefit of hardware keyloggers?
Difficult to Install
A virus does NOT do which of the following?
Display pop-ups
Which protocols below can be sniffed and "read" without additional processing/analyzing?
HTTP, DNS, DHCP, FTP, anything not secure
An ethical hacker sends a packet with a deliberate and specific path to its destination. What technique is the hacker using?
IP Spoofing
Jennifer has been working with sniffing and session hijacking toolson her company network. Since she wants to stay white hat - that is ethical - she has gotten permission to undertake these activities. What would Jennifer's activites be categorized as?
Passive
What are worms typically known for?
Rapid Replication across a network
A man-in-the-browser attack is typically enabled by using which mechanism?
Trojans
A public use workstation contains the browsing history of multiple users who logged in during the lsat seven days. While digging through the history, a user runs across the following web address: www.snaz22enu.com/&w25/session=22525. What kind of embedding are you seeing?
URL Embedding
Malicious code triggered by user action is an example of what?
Virus, Trojan
Which is/are a characteristic of a virus?
Viruses are malware, can replicate on it's own or with user interaction, can run silently
A Trojan relies on ______ to be activated.
Vulnerabilities
Session fixation is a vulnerability in which of the following?
Web Apps
A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself is a?
Worm
Conficker is an example of which malware?
Worm
Session hijacking can be performed on all of the following protocols except which one?
IPSec
Which technology can provide protection against session hijacking?
IPSec
Which malware is named after ancient Greek history?
Trojans
A logic bomb has how many parts, typically?
Two
When Computer B tells Computer A, "I have that MAC. My IP address is [what it is]" is an example of what?
ARP Reply
Malware is code that has an adverse impact on which of the following?
Confidentiality, Integrity, Availability
A session hijack can be initiated from all of the following except which one?
Devices
A remote access Trojan would be used to do all of the following except _____
Sniff traffic
Network level hijacking focuses on the mechanics of a connection such as the manipulation of packet sequencing. What is the main focus of web app session hijacking?
Stealing Session IDs
Which of the following is NOT a trojan?
TCPTrojan
Which utility will tell you in real time which ports are listening or in another state?
TCPView
A logic bomb is activated by which of the following?
Time, Date, Actions, Events
When using Meterpreter, what command provides you with the Windows Password store?
hashdump
What command is used to listen to open ports with netstat?
nestat -an
Which of the following is capable of port redirection?
netcat
Jennifer is a junior system administrator for a small firm of 50 employees. For the lst week a few users have been complaining of losing connectivity intermittently with no suspect behavior on their part such as large downloads or intensive processes. Jennifer runs wireshark on Monday morning to investigate. She sees a large amout of ARP broadcasts being sent at a fairly constant rate. What is Jennifer most likely seeing?
ARP Poisoning
When Computer A asks the network, "Who has this IP address?" is an example of what?
ARP Request
A MITM attack depends on which of the following successful attacks to be completed first?
ARP or DNS Poisoning
What phase of a virus is when it performs its malicious action or payload?
Action Phase
What form of malware can track browsing or buying habits?
Adware
A covert channel or backdoor may be detected using all of the following except _________
An SDK
An overt channel is _______
An obvious, defined method of using a system
Which of the following is not a source of session IDs?
Anonymous Logon
What is the name of the Graphical Front End to Metasploit?
Armitage
Julie has sniffed an ample amount of traffic between the targeted victim and an authenticated resource. She has been able to correctly guess the packet sequence numbers and inject packets, but she is unable to receive any of the responses. What does this scenario define?
Blind Hijacking
A polymorphic virus _______
Evades detection by altering it's own code
Session hijacking can do all of the following except which one?
Take over an authenticated session
A Trojan can include which of the following?
Remote Access Trojan (RAT)
When a logical condition causes a virus to move from a dormant or propagation phase is which phase?
Triggering phase
A sparse infector virus _______
Infects files selectively
A man-in-the-middle attack is an attack where the attacking party does which of the following?
Inserts themselves in the middle of an active session
Which statement(s) defines malware most accurately?
Malware covers all malicious software
Which of the following is/are true of a worm?
Malware, can replicate on it's own or with user interaction across a network
In order to perform network sniffing, the network card needs to be put in which mode?
Monitor Mode
In order to perform network sniffing across "all" virtual networks on a switch, what type of port needs to be created on the switch?
Monitor Port, SPAN (Switched Port Analyzer) port
A session hijack can happen with which of the following?
Networks and Applications
Which kind of values is injected into a connection to the host machine in an effort to increment the sequence number in a predictable fashion?
Null
What malware modified an operating system to hide the existence of itself or other malware?
Rootkit
Which statement defines session hijacking most accurately?
Session hijacking is an attack that aims at stealing a legitimate session and posing as that user while communicating with the web resource or host machine.
What form of malware can track user data such as keystrokes or screen capture?
Spyware
A sender starts with an innocuous image but adjusts ever 100th pixel to correspond to a letter in the alphabet is an example of what?
Steganograph
