Hands-On Ethical Hacking and Networking Defense
Which HTTP method is used with a proxy that can dynamically switch to a tunnel connection, such as Secure Socket Layer (SSL)?
CONNECT
Which of the following is a text file generated by a Web Server and store on a user's browser?
Cookie
What area of a network is a major area of potential vulnerability because of the use of URLs?
DNS
Which utility can extract meta-data and documents on a Website to reveal the document creator's network login, e-mail _____________?
FOCA
Namedroppers is a tool that can be used to capture Web server information and vulnerabilities in a Web site's pages that could allow exploits such as SQL injection and buffer overflows. (T/F)
False
The HTTP CONNECT method starts a remote application-layer loopback of the request message. (T/F)
False
Walking is an automated way to discover pages of a Web site by following links (T/F)
False
What is the passive process of finding information on a company's network called?
Footprinting
What is the HTTP method that retrieves data by URI?
GET
What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security?
Piggybacking
Entering a company's restricted area by following closely behind an authorized person is referred to as which of the following? a. Shoulder surfing b. Piggybacking c. False entering d. Social engineering
b. piggybacking
Many social engineers begin gathering the information they need by using which of the following? a. The Internet b. The telephone c. A company intranet d. E-mail
b. the telephone
Which of the following enables you to view all host computers on a network? a. SOA b. ipconfig c. Zone transfers d. HTTP HEAD method
c. Zone transfers
What's the first method a security tester should attempt to find a password for a computer on the network? a. Use a scanning tool. b. Install a sniffer on the network. c. Ask the user. d. Install a password-cracking program.
c. ask the user
Before conducting a security test by social-engineering tactics, what should you do?
c. get written permission from the person who hired you to conduct the security test
If you're trying to find newsgroup postings by IT employees of a certain company, which of the following Web sites should you visit?
http://groups.google.com
To see additional parameters that can be used with the Netcat command, what should you type at the command prompt?
nc -h
What tool can be used to read and write data to ports over a network?
netcat
Which type of social engineering attack attempts to discover personal information through the use of email?
phishing
HTTP 409 Conflict
request couldn't be completed because of an inconsistency
HTTP 500 Internal Server Error
request couldn't be fulfilled by the server
HTTP 405 Method Not Allowed
request not allowed for the resource
HTTP 408 Request Timeout
request not made by client in allotted time
HTTP 400 Bad Request
request not understood by server
When conducting competitive intelligence, which of the following is a good way to determine the size of a company's IT support staff?
review job postings on Web sites such as www.monster.com or www.dice.com
HTTP 504 Gateway Timeout
server didn't receive a timely response
HTTP 503 Service Unavailable
server is unavailable because of maintenance or overload
HTTP 502 Bad Gateway
server received invalid response from the upstream server
HTTP 403 Forbidden
server understands the request but refuses to comply
Which technique can be used to read PINs entered at ATMs or at other areas when a pin code is entered?
shoulder surfing
Which process utilizes the knowledge of human nature to get information from people to use for executing an attack on a computer network?
social engineering
When an attacker chooses to combine social engineering with exploiting vulnerabilities carried out by e-mail, what type of attack is being performed?
spear phishing
HTTP 404 Not Found
unable to match request
Which of the following tools can assist you in finding general information about an organization and its employees? (choose all that apply)
www.google.com http://groups.google.com
Which process enables you to see all the host computers on a network and basically give you a diagram of an organization's network?
zone transfer
Which HTTP error informs you the server understands the request but refuses to comply?
403 Forbidden
What HTTP method is the same as the GET method, but retrieves only the header information of an HTML document, not the document body?
HEAD
What type of general commands allows a security tester to pull information from a Web server using a web browser?
HTTP
Which tool can be used to gather competitive intelligence from Websites?
Metis
Which HTTP method requests that the entity is stored under the Request-URI?
PUT
Which HTTP method starts a remote Application-layer loopback of the request message?
TRACE
A cookie can store information about a Web site's visitors. (T/F)
True
Network attacks can often begin by gathering information from a company's Web site. (T/F)
True
Wget is a *nix system command that can be used to retrieve HTTP, HTTPS, and FTP files over the Internet. (T/F)
True
What 1-pixel x 1-pixel image file is referenced in a tag, and usually works with a cookie to collect information?
Web Bug
Which utility is used to gather IP and domain information?
Whois utility
What utility can be used to intercept detailed information from a company's Website?
Zed Attach Proxy
Which of the following contains host records for a domain? a. DNS b. WINS c. Linux server d. UNIX Web clients
a. DNS
To find information about the key IT personnel responsible for a company's domain, you might use which of the following tools? (choose all that apply) a. Whois b. Whatis c. Domain Dossier d. Nbtstat
a. Whois
Shoulder surfers can use their skills to find which of the following pieces of information? (Choose all that apply.) a. Passwords b. ATM PINs c. Long-distance access codes d. Open port numbers
a. passwords b. ATM PINs c. Long-distance access code
Which of the following is one method of gathering information about the operating systems a company is using? a. search the web for e-mail addresses of IT employees. b. connect via Telnet to the company's Web server c. Ping the URL and analyze ICMP messages d. use the ipconfig/ os command
a. search the Web for e-mail addresses of IT employees
What social-engineering technique involves telling an employee that you're calling from the CEO's office and need certain information ASAP? (Choose all that apply.) a. Urgency b. Status quo c. Position of authority d. Quid pro quo
a. urgency c. position of authority
What's one way to gather information about a domain? a. view the header of an e-mail you send to an e-mail account that doesn't exit. b. Use the ipconfig command c. Use the ifconfig command d. Connect via Telnet to TCP port 53
a. view the header of an e-mail you send to an e-mail account that doesn't exist.
Which of the following is a fast and easy way to gather information about a company? (choose all that apply) a. conduct port scanning b. perform a zone transfer of the company's DNS server c. View the company's Web site d. Look for company ads in phone directories
c. view the company's Web site d. Look for company ads in phone directories
When an individual attempts to discover as much information legally possible about their competition, what information gathering technique are they performing?
competitive intelligence
__________________ is one of the components most vulnerable to network attacks. a. TCP/IP b. WINS c. DHCP d. DNS
d. DNS
To determine a company's primary DNS server, you can look for a DNS server containing which of the following? a. Cname record b. Host record c. PTR record d. SOA record
d. SOA record
Discovering a user's password by observing the keys he or she presses is called which of the following? a. Password hashing b. Password crunching c. Piggybacking d. Shoulder surfing
d. shoulder surfing
What social engineering tactic can be utilized to acquire old notes that may contain written passwords or other items that document important information?
dumpster diving
Which of the following is a good Web site for gathering information on a domain? a. www.google.com b. www.namedroppers.com c. http://centralops.net/col/ d. www.arin.net e. all of the above
e. all of the above
