ethical hacking

¡Supera tus tareas y exámenes ahora con Quizwiz!

Windows OSs are vulnerable to the Conficker worm because of which of the following? a. Arbitrary code b. SQL buffer overflow c. Blank password d. RPC vulnerability

d. RPC vulnerability

For a Windows computer to be able to access a *nix resource, CIFS must be enabled on at least one of the systems. True or False?

False

Enumeration of Windows systems can be more difficult if port _______ is filtered. a. 110/UDP b. 443/UDP c. 80/TCP d. 139/TCP

d. 139/TCP

Which of the following is a commonly used UNIX enumeration tool? a. Netcat b. Nbtstat c. Netstat d. Finger

d. Finger

Port scanning provides the state for all but which of the following ports? a. Closed b. Open c. Filtered d. Buffered

d. Buffered

A NetBIOS name can contain a maximum of _________ characters. a. 10 b. 11 c. 15 d. 16

c. 15

Which organization offers free benchmark tools for Windows and Linux? a. PacketStorm Security b. CVE c. Center for Internet Security d. Trusted Security Solutions

c. Center for Internet Security

Which of the following is a tool for creating a custom TCP/IP packet and sending it to a host computer? a. Tracert b. Traceroute c. Hping d. Nmapping

c. Hping

SCADA systems are used for which of the following? a. Monitoring embedded OSs b. Monitoring ATM access codes c. Monitoring equipment in large-scale industries d. Protecting embedded OSs from remote attacks

c. Monitoring equipment in large-scale industries

What is the most widely used port-scanning tool? a. Netcat b. Netstat c. Nmap d. Nslookup

c. Nmap

Most NetBIOS enumeration tools connect to the target system by using which of the following? a. ICMP packets b. Default logons and blank passwords c. Null sessions d. Admin accounts

c. Null sessions

Which of the following is a major challenge of securing embedded OSs? a. Training users b. Configuration c. Patching d. Backup and recovery

c. Patching

A NULL scan requires setting the FIN, ACK, and URG flags. True or False?

False

Employees should be able to install programs on their company computers as long as the programs aren't copyrighted. True or False?

False

Which of the following is a well-known SMB hacking tool? (Choose all that apply.) a. SMBRelay b. SMBsnag c. L0phtcrack's SMB Packet Capture utility d. NTPass

a. SMBRelay c. L0phtcrack's SMB Packet Capture utility

Which of the following testing processes is the most intrusive? a. Port scanning b. Enumeration c. Null scanning d. Numeration

b. Enumeration

Which of the following is the vulnerability scanner from which OpenVAS was developed? a. OpenVAS Pro b. Nessus c. ISS Scanner d. SuperScan

b. Nessus

To bypass some ICMP-filtering devices on a network, an attacker might send which type of packets to scan the network for vulnerable services? (Choose all that apply.) a. PING packets b. SYN packets c. ACK packets d. Echo Request packets

b. SYN packets c. ACK packets

A null session is enabled by default in all the following Windows versions except: a. Windows 95 b. Windows Server 2008 c. Windows 98 d. Windows 2000

b. Windows Server 2008

Which port numbers are most vulnerable to NetBIOS attacks? a. 135 to 137 b. 389 to 1023 c. 135 to 139 d. 110 and 115

c. 135 to 139

Security testers and hackers use which of the following to determine the services running on a host and the vulnerabilities associated with these services? a. Zone transfers b. Zone scanning c. Encryption algorithms d. Port scanning

d. Port scanning

A closed port responds to a SYN packet with which of the following packets? a. FIN b. SYN-ACK c. SYN d. RST

d. RST

An embedded OS must be developed specifically for use with embedded systems. True or False?

False

Multifunction devices (MFDs) are rarely: a. Targets of network attacks b. Installed on Windows networks c. Installed on large networks d. Scanned for vulnerabilities

d. Scanned for vulnerabilities

To find extensive Nmap information and examples of the correct syntax to use in Linux, which of the following commands should you type? a. nmap -h b. nmap -help c. nmap ? d. man nmap

d. man nmap

Security testers can use Hping to bypass filtering devices. True or False?

True

Why are rootkits that infect a device's firmware considered the biggest threat to any OS (embedded or general-purpose)?

They tend to be extremely small, are loaded in low-level nonvolatile storage that anti-rootkit tools can't access readily, and can persist even after the hard drive has beenreformatted

If the time and money required to compromise an embedded system exceeds the value of the system's information, a security tester might recommend not fixing the vulnerability. True or False?

True

In Windows Server 2008, the administrator must enable IIS manually to use it. True or False?

True

Which of the following describes an RTOS? a. An embedded OS capable of multitasking and responding predictably b. An embedded OS intended for real-time data manipulation c. An embedded OS intended for packet analysis d. An embedded OS intended for devices that run multiple OSs

a. An embedded OS capable of multitasking and responding predictably

A good password policy should include which of the following? (Choose all that apply.) a. Specifies a minimum password length b. Mandates password complexity c. States that passwords never expire d. Recommends writing down passwords to prevent forgetting them

a. Specifies a minimum password length b. Mandates password complexity

To see a brief summary of Nmap commands in a Linux shell, which of the following should you do? a. Type nmap -h. b. Type nmap -summary. c. Type help nmap. d. Press the F1 key.

a. Type nmap -h.

Cell phone vulnerabilities make it possible for attackers to do which of the following? (Choose all that apply.) a. Use your phone as a microphone to eavesdrop on meetings or private conversations. b. Install a BIOS-based rootkit. c. Clone your phone to make illegal long-distance phone calls. d. Listen to your phone conversations.

a. Use your phone as a microphone to eavesdrop on meetings or private conversations. c. Clone your phone to make illegal long-distance phone calls. d. Listen to your phone conversations.

Which program can detect rootkits on *nix systems? a. chkrootkit b. rktdetect c. SELinux d. Ionx

a. chkrootkit

To identify the NetBIOS names of systems on the 193.145.85.0 network, which of the following commands do you use? a. nbtscan 193.145.85.0/24 b. nbtscan 193.145.85.0-255 c. nbtstat 193.145.85.0/24 d. netstat 193.145.85.0/24

a. nbtscan 193.145.85.0/24

Which of the following Nmap commands sends a SYN packet to a computer with the IP address 193.145.85.210? (Choose all that apply.) a. nmap -sS 193.145.85.210 b. nmap -v 193.145.85.210 c. nmap -sA 193.145.85.210 d. nmap -sF 193.145.85.210

a. nmap -sS 193.145.85.210 b. nmap -v 193.145.85.210

Which Nmap command verifies whether the SSH port is open on any computers in the 192.168.1.0 network? (Choose all that apply.) a. nmap -v 192.168.1.0-254 -p 22 b. nmap -v 192.168.1.0-254 -p 23 c. nmap -v 192.168.1.0-254 -s 22 d. nmap -v 192.168.1.0/24 -p 22

a. nmap -v 192.168.1.0-254 -p 22 d. nmap -v 192.168.1.0/24 -p 22

Which of the following commands should you use to determine whether there are any shared resources on a Windows computer with the IP address 193.145.85.202? a. netstat -c 193.145.85.202 b. nbtscan -a 193.145.85.202 c. nbtstat -a 193.145.85.202 d. nbtstat -a \\193.145.85.202

c. nbtstat -a 193.145.85.202

Which of the following is the most efficient way to determine which OS a company is using? a. Run Nmap or other port-scanning programs. b. Use the Whois database. c. Install a sniffer on the company's network segment. d. Call the company and ask.

d. Call the company and ask.

In basic network scanning, ICMP Echo Requests (type 8) are sent to host computers from the attacker, who waits for which type of packet to confirm that the host computer is live? a. ICMP SYN-ACK packet b. ICMP SYN packet c. ICMP Echo Reply (type 8) d. ICMP Echo Reply (type 0)

d. ICMP Echo Reply (type 0)

Which of the following is an advantage of Windows CE over other Windows embedded OSs? a. It's designed for more advanced devices with complex hardware requirements. b. It has many of the same security features as Windows XP. c. It provides the full Windows API. d. Its source code is available to the public.

d. Its source code is available to the public.

Because of cost and size concerns, embedded OSs usually have: a. More RAM and secondary storage than desktop computers b. More flash memory than desktop computers c. Less ROM and primary storage than desktop computers d. Less RAM and secondary storage than desktop computers

d. Less RAM and secondary storage than desktop computers

Which of the following programs includes several buffer overflow exploit plug-ins? a. Buffercrack b. MBSA c. Nmap d. Metasploit

d. Metasploit

To view eDirectory information on a NetWare 5.1 server, which of the following tools should you use? a. Nmap b. Mmap c. Nbtstat d. Novell Client

d. Novell Client

List three measures for protecting systems on any network.

Any three of the following: having user awareness training programs, running antivirus tools, disabling unneededservices, filtering out unnecessary ports, installing security updates and patches, securing configurations, andreviewing logs

Fping doesn't allow pinging multiple IP addresses simultaneously. True or False?

False

Linux antivirus software can't detect backdoor Trojans. True or False?

False

Most printers now have only TCP/IP enabled and don't allow default administrator passwords, so they're inherently more secure. True or False?

False

The Nbtstat command is used to enumerate *nix systems. True or False?

False

The Windows Net use command is a quick way to discover any shared resources on a computer or server. True or False?

False

The Net view command can be used to see whether there are any shared resources on a server. True or False?

True

The lack of a familiar interface, such as CD/DVD-ROM drives, contributes to the difficulty of updating embedded OSs. True or False?

True

Which type of scan is usually used to bypass a firewall or packet-filtering device? a. ACK scan b. SYN scan c. XMAS scan d. FIN scan

a. ACK scan

Why does the fping -f 193.145.85.201 193.145.85.220 command cause an error? a. An incorrect parameter is used. b. The IP range should be indicated as 193.145.85.201-220. c. There's no such command. d. IP ranges aren't allowed with this command.

a. An incorrect parameter is used.

Embedded OS on routers are susceptible to which of the following? (Choose all that apply.) a. Authentication bypass attacks b. Buffer overflow attacks c. Password-guessing attacks d. RTOS clock corruption

a. Authentication bypass attacks b. Buffer overflow attacks c. Password-guessing attacks

Applications written in which programming language are especially vulnerable to buffer overflow attacks? (Choose all that apply.) a. C b. Perl c. C++ d. Java

a. C c. C++

Which flags are set on a packet sent with the nmap -sX 193.145.85.202 command? (Choose all that apply.) a. FIN b. PSH c. SYN d. URG

a. FIN b. PSH d. URG

What is the best method of preventing NetBIOS attacks? a. Filtering certain ports at the firewall b. Telling users to create difficult-to-guess passwords c. Pausing the Workstation service d. Stopping the Workstation service

a. Filtering certain ports at the firewall

Security testers conduct enumeration for which of the following reasons? (Choose all that apply.) a. Gaining access to shares and network resources b. Obtaining user logon names and group memberships c. Discovering services running on computers and servers d. Discovering open ports on computers and servers

a. Gaining access to shares and network resources b. Obtaining user logon names and group memberships

What is a potential mistake when performing a ping sweep on a network? a. Including a broadcast address in the ping sweep range b. Including a subnet IP address in the ping sweep range c. Including the subnet mask in the ping sweep range d. Including the intrusion detection system's IP address in the ping sweep range

a. Including a broadcast address in the ping sweep range

Why are embedded OSs more likely to have unpatched security vulnerabilities than general-purpose OSs do? (Choose all that apply.) a. Many security checks are omitted during development to reduce the code size. b. Devices with embedded OSs connect to the Internet more frequently. c. Manufacturers prefer that you upgrade the system rather than the embedded OS. d. Devices with embedded OSs typically can't have any downtime for installing patches.

a. Many security checks are omitted during development to reduce the code size. c. Manufacturers prefer that you upgrade the system rather than the embedded OS. d. Devices with embedded OSs typically can't have any downtime for installing patches.

A(n) scan sends a packet with all flags set to NULL. a. NULL b. VOID c. SYN d. XMAS

a. NULL

Which of the following tools can be used to enumerate Windows systems? (Choose all that apply.) a. OpenVAS b. DumpSec c. DumpIt d. Hyena

a. OpenVAS b. DumpSec d. Hyena

MBSA performs which of the following security checks? (Choose all that apply.) a. Security update checks b. IIS checks c. System time checks d. Computer logon checks

a. Security update checks b. IIS checks

VxWorks is which of the following? a. A Windows embedded OS b. A proprietary embedded OS c. A Linux embedded OS d. A Windows security validation tool

b. A proprietary embedded OS

Which of the following doesn't use an embedded OS? a. An ATM b. A workstation running Windows Vista Business c. An NAS device running Windows Server 2008 R2 d. A slot machine

b. A workstation running Windows Vista Business

Which of the following is an OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users? a. MBSA b. Mandatory Access Control c. Server Message Block d. Systems Management Server

b. Mandatory Access Control

Which of the following commands connects to a computer containing shared files and folders? a. Net view b. Net use c. Netstat d. Nbtstat

b. Net use

Which ports should be filtered out to protect a network from SMB attacks? a. 134 to 138 and 445 b. 135, 139, and 443 c. 137 to 139 and 445 d. 53 TCP/UDP and 445 UDP

c. 137 to 139 and 445

Which of the following is a Windows command-line utility for seeing NetBIOS shares on a network? a. Net use b. Net user c. Net view d. Nbtuser

c. Net view

A FIN packet sent to a closed port responds with which of the following packets? a. FIN b. SYN-ACK c. RST d. SYN

c. RST

One way to secure IIS is to do which of the following? (Choose all that apply.) a. Disable IIS logging. b. Install IIS on a domain controller. c. Run the IIS Lockdown Wizard. d. Upgrade to the most recent IIS version.

c. Run the IIS Lockdown Wizard. d. Upgrade to the most recent IIS version.


Conjuntos de estudio relacionados

physics chapter 6 test: work and energy

View Set

Price Ceilings and Floors Quick Check

View Set

Scripting and Automation Chapter 14

View Set

Visualization And Categorization

View Set

International Relations Chapter 2

View Set

Chapter 33- Lewis Coronary Artery Disease and Acute Coronary Syndrome

View Set

Chapter 3: Drug Regulation, Development, Names, and Information Study Guide

View Set