ethical hacking part 2
In the Perl programming language, comment lines begin with the which of the following character(s)?
#
Which of the following statements in the C programming language is used to load libraries that hold the commands and functions used in your program?
#include
In the Perl programming language, variables begin with which of the following characters?
$
Which of the following mathematical operators in the C programming language increments the unary value by 1?
++
The print command for Perl is almost identical to the print command used in which of the following programming languages?
C
What programming languages are vulnerable to buffer overflow attacks?
C and C++
Which of the following is a common Linux rootkit?
Linux Rootkit 5
A device that performs more than one function, such as printing and faxing is called which of the following?
MFD
An embedded OS certified to run multiple levels of classification on the same CPU without leakage between levels
MILS
What does the "NBT" part of "NBTscan" stand for?
NetBIOS over TCP/IP
Which of the following interfaces is a standard database access method, developed by SQL Access Group, that allows an application to access data stored in a database management system (DBMS)?
ODBC
Which of the following special characters is used with the printf() function in the C programming language to indicate a new line?
\n
SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following?
air gap
Ubuntu and Debian Linux use what command to update and manage their RPM packages?
apt-get
What is the specific act of checking a user's privileges to understand if they should or should not have access to a page, field, resource, or action in an application?
authorization
NetBios is not available in Windows Vista, Server 2008, and later versions of Windows. However, NetBios should be understood by a security professional because it is used for which of the following?
backward compatibility
In the C programming language, which of the following show where a block of code begins and ends?
braces
To check whether a CGI program works, you can test the URL in your Web browser. Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser?
cgi-bin
Which standardized remote file system protocol replaced SMB in Windows 2000 Server and later?
common internet file system
Program that converts a text-based program called source code, into executable or binary code
compiler
Tells the compiler how to convert the value in a function
conversion specifier
What type of Windows Server is the most likely server to be targeted by a computer hacker?
domain controller
Which of the following application tests analyzes a running application for vulnerabilities?
dynamic application security testing
A small program developed specifically for use with embedded systems
embedded operating systems
Any computer system that is not a general-purpose PC or server
embedded system
Process of extracting critical information from a network
enumeration
What process allows a security professional to extract valuable information, such as information about users and recent login times from a network?
enumeration
A NetBIOS name does not need to be unique on a network.
false
A user can view the source code of a PHP file by using their Web browser's tools.
false
JavaScript is a server-side scripting language that is embedded in an HTML Web page.
false
Windows 10, Windows 8, Windows Server 2016, and Windows Server 2012 have most services and features enabled by default.
false
You must always add "//" at the end of comment text when using C language.
false
What critical component of any OS, that can be can be vulnerable to attacks, is used to store and manage information?
file system
Which of the following is a useful enumeration tool that enables you to find out who is logged into a *nix system with one simple command?
finger utility
Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device?
firmware
Software residing on a chip
firmware
To determine what resources or shares are on a network, security testers must use port scanning and what other procedure first to determine what OS is being used?
foot printing
In the C programming language, which statement tells the compiler to keep doing what is in the brackets over and over and over?
for(;;)
In HTML, each tag has a matching closing tag that is written with which of the following characters?
forward slash
Which of the following is a mini-program within a main program that carries out a task?
function
Which JavaScript function is a "method" or sequence of statements that perform a routine or task?
getElementById()
What boot loader will allow your computer or laptop to start in both Windows and Linux?
grub
Which of the following is a markup language rather than a programming language?
html
What is the specific act of filtering, rejecting, or sanitizing a user's untrusted input before the application processes it?
input validation
Visual Basic Script (VBScript) is a scripting language developed by which of the following companies?
microsoft
Devices on an organization's network performing more than one function, such as printers, scanners, and copiers
multifunction devices
Which of the following commands is a powerful enumeration tool included with Windows?
nbtstat
Which of the following commands gives you a quick way to see if there are any shared resources on a computer or server?
net view
If you want to know what the Perl print command does, you can use which of the following commands?
perldoc -f print
Which of the following programming languages was originally used primarily on UNIX systems, but is used more widely now on many platforms, such as Macintosh and Windows?
php
An English-like language you can use to help create the structure of your program
pseudocode
In 2007 became Windows new standard to deploy and manage servers alongside updated patch-management functionality
system center configuration manager
NBTscan is a utility that can be used for enumerating Windows OSs.
true
A way of having your program repeat an action a certain number of times
while loop
The first Microsoft GUI product that didn't rely on DOS
windows 95
Which of the following source code is now available to the public and was considered a trimmed down version of the Windows desktop OS?
windows ce
Introduced Authentication Silos to prevent pass-the-hash attacks
windows server 2012
UNIX was first written in assembly language. However, it was soon rewritten in what programming language?
C
Which of the following is the interface that determines how a Web server passes data to a Web browser?
CGI
For a Windows computer to be able to access a *nix resource, which of the following must be enabled on both systems?
CIFS
Which of the following is a Window's client/server technology designed to manage patching and updating systems software from the network?
WSUS
An error that causes unpredictable results
bug
Carelessly reviewing your program's code might result in having which of the following in your program code?
bug
An object-oriented programming structure that holds pieces of data and functions
class
You can use the syntax /* and */ to accomplish what function when working with large portions of text?
comment
A standardized protocol that replaced SMB in Windows 2000 Server and later
common internet file system
Performs an action first and then tests to see whether the action should continue to occur
do loop
In a Perl program, to go from one function to another, you simply call the function by entering which of the following in your source code?
name
What is the current file system that Windows utilizes that has strong security features?
ntfs
Microsoft Baseline Security Analyzer has its origins in which of the following command line scanners?
HFNetChk
An open-source embedded OS used in space systems because it supports processors designed specifically to operate in space
RTEMS
An OS microkernel extension developed for Linux
RTLinux
A specialized embedded OS used in devices such as programmable thermostats, appliance controls, and even spacecraft
RTOS
Systems used for equipment monitoring in large industries, such as public works and utilities, power generators and dams
SCADA
Which of the following is an alternative term used when referring to Application Security?
appsec
Writing programs in this language is easier than in machine language
assembly language
Amount of code a computer system exposes to unauthenticated outsiders
attack surface
Takes you from one area of a program (a function) to another area
branching
Which of the following takes you from one area of a program (a function) to another area?
branching
What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?
developer tools
Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input?
injection
Which of the following is the act of performing a task over and over?
looping
An OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users
mandatory access control
Which of the following is an SELinux OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users?
mandatory access control
A fast and efficient protocol that requires little configuration and allows transmitting NetBIOS packets over TCP/IP
netBEUI
Early Windows OSs used which of the following programs loaded into memory to interact with a network resource or device?
netbios
The computer names you assign to Windows systems are called which of the following?
netbios
Which one of the following, if compromised might allow attackers the ability to gain complete access to network resources?
router
An open-source implementation of CIFS
samba
If you do not have access to Nessus, what NMap procedure can be used to help you to gain information about remote *nix hosts?
script scanning
Builds on the security advances made in Vista with the introduction of AppLocker
windows 7
A well documented Window's OS vulnerability was null sessions. What Windows operating system was the first to disable null sessions by default?
windows server 2003
Introduces Windows Containers to allow for application isolation to protect applications from one another
windows server 2016
Which of the following is considered to be the most critical SQL vulnerability?
null SA password
Unauthenticated connection to a Windows computer that uses no logon and password values.
null session
What type of unauthenticated connection is considered to be a significant vulnerability of NetBIOS systems?
null session
The open-source descendant of Nessus is called which of the following?
openVAS
Which of the following cross-site scripting vulnerabilities types relies on social engineering to trick a user into visiting a maliciously crafted link or URL?
reflected
An interprocess communication mechanism that allows a program running on one host to run code on a remote host
remote procedure call
Which of the following results from poorly configured technologies that a Web application runs on top of?
security misconfiguration
Used to share files and usually runs on top of NetBIOS, NetBEUI, or TCP/IP
server message block
Which of the following application tests analyzes an application's source code for vulnerabilities, and is therefore only possible when the source code of an application is available?
static application security testing
Microsoft's standard for managing Windows security patches on multiple computers in a network between 1994 and 2005
systems management server
CGI programs can be written in many different programming and scripting languages, such as C/C++, Perl, UNIX shells, Visual Basic, and FORTRAN.
true
Embedded OSs are usually designed to be small and efficient so they do not have some of the functions that general-purpose OSs have.
true
OLE DB relies on connection strings that enable the application to access the data stored on an external device.
true
The MSBA tool can quickly identify missing patches and misconfigurations.
true
Web applications written in CFML can also contain other client-side technologies, such as HTML and JavaScript.
true
A cryptographic firmware boot-check processor installed on many new computer systems
trust platform module
Represents a numeric or string value
variable
Designed for use on tablets and traditional PCs and only allows trusted applications by default through Device Guard
windows 10
A Windows client/server technology introduced in 2005 used to manage patching and updating system software from the network
windows software update services
First Windows version to introduce User Account Control and BitLocker
windows vista
Red Hat and Fedora Linux use what command to update and manage their RPM packages?
yum
An older network management service which enables remote administration and run on both Windows and *nix systems
snmp
Bugs are worse than syntax errors because a program can run successfully with a bug, but the output might be incorrect or inconsistent.
true
Rootkits containing Trojan binary programs that are ready to install are more dangerous than typical Trojan programs.
true
The latest version of Nessus Server and Client can run on Windows, Mac OS X, FreeBSD, and most Linux distributions.
true
When using the Common Internet File System (CIFS), which security model will require network users to have a user name and password to access a specific resource?
user level security
Windows programming interface that allows computers to communicate across a local area network
netbios
What is the most serious shortcoming of Microsoft's original File Allocation Table (FAT) file system?
no ACL support
