Ethical Hacking Practice Midterm
Which Nmap switch utilizes the slowest scan?
-T0
Which switch in Nmap allows for a full TCP connect scan?
-sT
Tiffany is analyzing a capture from a client's network. She is particularly interested in NetBIOS traffic. What port does Tiffany filter for?
. 139
Which Wireshark filter displays only traffic from 10.10.10.10?
. ip.addr == 10.10.10.10
Where is the event log located in Linux OS?
/var/log
In the following screen shot, what sequence number completes the three-way handshake with 23.253.184.229? Seq=1 Ack=1
1
As shown in the following screen shot, at what hop did the user potentially encounter a firewall? 15 * * *
15
What is the size of each of the fields in a UDP header?
16 bits
Which port uses SSL to secure web traffic?
443
In the TCP three-way handshake, which is next after the initial SYN packet is sent?
A SYN/ACK is sent.
What type of protocol is primarily being used in this diagram? ARP, ARP, ARP, DNS, DNS, TCP, TCP
ARP request
At which layer of the OSI model does a proxy operate?
Application
What DNS system is being queried by the client in the following screenshot? www.google.com
What network appliance senses irregularities and plays an active role in stopping that irregular activity from continuing?
IPS
Which file or application has the permission set with 644? usr: drwxr-xr-x net: dr-xr-xr-x Volumes: drwxrwxrwt Installer.failurerequests: -rw-r--r---
Installer.failurerequests
What does a SYN scan accomplish?
It establishes only a "half open" connection.
An attacker was able to install a device at an unattended workstation and was able to recover passwords, account information, and other information the next day. What did the attacker install?
Keylogger
At which layer of the OSI model does a packet-filtering firewall work?
Layer 3
Which record will reveal information about a mail server for a domain?
MX
Which technology allows the use of a single public address to support many internal clients while also preventing exposure of internal IP addresses to the outside world?
NAT
Which of the following types of attack has no flags set?
NULL
Which of the following has no flags set and does not respond if a port is open?
NULL scan
What port number or numbers is/are associated with the IP protocol?
No ports
When trying to identify all the workstations on a subnet, what method might you choose?
Ping sweep
Which of the following is part of the overall portion of the SID?
RID
During an FIN scan, what indicates that a port is closed?
RST
Which flag forces both sender and receiver on the network to terminate their connection with one another?
RST
What is the sequence of the three-way handshake?
SYN, SYN-ACK, ACK
Based on the packet capture shown in the graphic, what is contained in this section of the packet? Source: 192.168.1.2 (192.168.1.2)
Source IP addresses
What prevents IP packets from circulating throughout the Internet forever?
TTL
Which of the following best describes DNS poisoning?
The adversary replaces the legitimate IP address that is mapped to the domain name with the malicious IP address.
What command is used to listen to open ports with netstat?
$ netstat -an
What program can be used to discover firewalls?
Traceroute
Enumeration is useful to system hacking because it provides which of the following?
Usernames
The Wayback Machine is used to do which of the following?
View archived versions of websites
Which of the following provides free information about a website that includes phone numbers, administrator's email, and even the domain registration authority?
Whois.net
Jason invokes the following Nmap command at a Linux command line. What Nmap scan is performed? # nmap -n 10.10.10.10-60
a syn stealth scan
Jason is using Scapy to conduct a port scan on a target host. Below is the screenshot for his Scapy output. Based on this information, what is the status for port 23? (dport=ftp flags=RA)
closed
What command displays the network configuration in Linux OS?
ifconfig
Which command would retrieve banner information from a website at port 80?
nc 192.168.10.27 80
Jason is responsible to scan the target environment. Below is a screenshot of tcpdump showing some captured packets from his scanning activity. Which scanning activity most likely Jason is conducting? # tcpdump -nnv udp and host 192.168.1.65 not arp
network tracing
What item should not be included in the Rules of Engagement?
permission to test
What is the generic syntax of a Wireshark filter?
protocol.field operator value
In Linux, which of the following accounts denotes the administrator?
root
To make Tcpdump to sniff on network interface eth0, do not resolve host and service names, for tcp packets to and from host 10.10.10.10. Which of the following command should be invoked?
tcpdump -nn -i eth0 tcp and host 10.10.10.10
Jennifer is using tcpdump to capture traffic on her network. She would like to review a capture log gathered previously. What command can Jennifer use?
tcpdump -r capture.log
Which tool can trace the path of a packet?
tracert
Which of the following is a major security problem with FTP?
user IDs and passwords are unencrypted
Jason is running his virtual test machine using NAT network setting in his first penetration test. He selected the exploit and payload in Metasploit and fire the exploit against the Windows target where a vulnerable service was running. Metasploit reported that the payload failed. Assuming the exploit is correct, which of the following payload most likely did Jason choose?
windows/meterpreter/reverse_tcp
A crystal-box test means the tester has which of the following?
Complete knowledge
