HOD401

¡Supera tus tareas y exámenes ahora con Quizwiz!

6. Which of the following is a good defense against tailgating and piggybacking?

Mantraps

4. __________ is the process of exploiting services on a system.

System hacking

1. Physical security can prevent which of the following?

Tailgating

8. What technique funnels all traffic back to a single client, allowing sniffing from all connected hosts?

ARP poisoning

2. Jailbreaking a phone refers to what?

Acquiring root access on a device

7. An attacker can use a(n) __________ to return to a system.

Backdoor

1. Input validation is used to prevent which of the following?

Bad input

6. __________ can be used to identify a web server.

Banner grab

4. A ____________ is used to prevent cars from ramming a building.

Bollard

9. Which intrusion prevention system can be used in conjunction with fences?

Bollards

5. How is a brute-force attack performed?

By trying all possible combinations of characters

9. Monitor mode is used by wireless cards to do what?

Capture information about wireless networks.

1. Which of the following best describes a web application?

Code designed to be run on the server

2. Which pointer in a program stack gets shifted or overwritten during a successful overflow attack?

EIP

3. SOAP is used to perform what function?

Enable communication between applications

6. What is a client-to-client wireless connection called?

Ad hoc

2. Which of the following is a detective control when not used in real time?

Alarms

1. On a switch, each switchport represents a ____________.

Collision domain

9. What is not a benefit of hardware keyloggers?

Difficult to install

8. Which of the following is not a Trojan?

TCPTROJAN

6. Which of the following is a scripting language?

CGI

4. Which of the following is used to access content outside the root of a website?

Directory traversal

3. A virus does not do which of the following?

Display pop-ups

9. Jennifer has captured the following URL: www.snaz22enu.com/&w25/session=22525. She realizes that she can perform a session hijack. Which utility would she use?

DroidSheep

4. Which of the following can be used to evade an IDS?

Encryption

7. An ethical hacker sends a packet with a deliberate and specific path to its destination. What technique is the hacker using?

Source routing

8. Network-level hijacking focuses on the mechanics of a connection such as the manipulation of packet sequencing. What is the main focus of web app session hijacking?

Stealing session IDs

7. Which utility will tell you in real time which ports are listening or in another state?

TCPView

1. Which statement(s) defines malware most accurately?

Trojans are malware and Malware covers all malicious software.

1. What is the hexadecimal value of a NOP instruction in an Intel system?

0x90

3. For a fence to deter a determined intruder, it should be at least how many feet tall?

8

2. Which of the following operates at 5 GHz?

802.11a

3. Which of the following specifies security standards for wireless?

802.11i

6. MAC spoofing applies a legitimate MAC address to an unauthenticated host, which allows the attacker to pose as a valid user. Based on your understanding of ARP, what would indicate a bogus client?

A reverse ARP request maps to two hosts.

2. Which is/are a characteristic of a virus?

A virus is malware and A virus replicates with user interaction.

4. Which of the following is/are true of a worm?

A worm is malware and A worm replicates on its own.

8. Which of the following is used to set permissions on content in a website?

ACL

6. Firewalking is done to accomplish which of the following?

Analyze a firewall.

5. Which of the following is not a source of session IDs?

Anonymous login

4. Databases can be a victim of code exploits depending on which of the following?

Configuration

5. Altering a checksum of a packet can be used to do what?

Evade an NIDS

5. Altering a checksum of a packet can be used to do what?

Evade an NIDS.

7. Which of the following is a wall that is less than full height?

False wall

3. Groups and individuals who hack systems based on principle or personal beliefs are

Hacktivists

8. A __________ is used to represent a password.

Hash

9. What is the name for the dynamic memory space that, unlike the stack, doesn't rely on sequential ordering or organization?

Heap

8. Browsers do not display __________.

Hidden fields

5. In addition to relational databases, there is also what kind of database?

Hierarchical

1. An HIDS is used to monitor activity on which of the following?

Host

2. Wireless access points function as a ____________.

Hub

4. Which of the following prevents ARP poisoning?

IP DHCP Snooping

7. When a wireless client is attached to an access point, it is known as which of the following?

Infrastructure

5. Which of the following can prevent bad input from being presented to an application through a form?

Input validation

7. A method for overwhelming an IDS using packets with incorrect TTL values or flags is known as what?

Insertion

8. In a DDoS attack, what communications channel is commonly used to orchestrate the attack?

Internet Relay Chat (IRC)

2. __________ is a client-side scripting language.

JavaScript

7. A cloud environment can be in which of the following configurations except?

LaaS

5. Which DoS attack sends traffic to the target with a spoofed IP of the target itself?

Land

5. While guards and dogs are both good for physical security, which of the following is a concern with dogs?

Liability

4. Android is based on which operating system?

Linux

9. What could be used to monitor application errors and violations on a web server or application?

Logs

7. Bob is attempting to sniff a wired network in his first pen test contract. He sees only traffic from the segment he is connected to. What can Bob do to gather all switch traffic?

MAC flooding

3. Based on the diagram, what attack is occurring?

MITM

4. Which attack alters data in transit within the cloud?

MitM

6. Which kind of values is injected into a connection to the host machine in an effort to increment the sequence number in a predictable fashion?

Null

5. iOS is based on which operating system?

OS X

9. Proper input validation can prevent what from occurring?

Operating system exploits

3. Which of the following is an example of a server-side scripting language?

PHP

3. An NIDS is based on technology similar to which of the following?

Packet sniffing

1. Enumeration is useful to system hacking because it provides __________.

Passwords and Usernames

8. Bluesnarfing is used to perform what type of attack?

Read information from a device.

2. Which of the following can be used to identify a firewall?

Port scanning

2. What does the enumeration phase not discover?

Ports

3. What mode must be configured to allow an NIC to capture all traffic on the wire?

Promiscuous mode

3. Which of the following challenges can be solved by firewalls?

Protection against scanning

1. What is the benefit of encryption on mobile devices?

Protection of data on lost or stolen devices

2. Web applications are used to __________.

Provide dynamic content

3. What does rooting a device do?

Provides root-level access to a user on a system

8. What utility could be used to avoid sniffing of traffic?

Psiphon

6. Adding to and removing from a program stack are known as what?

Push and pop

6. A __________ is a type of offline attack.

Rainbow attack

5. What are worms typically known for?

Rapid replication

9. A __________ is a file used to store passwords.

SAM

7. __________ is used to audit databases.

SQLPing

5. Jennifer is a system administrator who is researching a technology that will secure network traffic from potential sniffing by unauthorized machines. Jennifer is not concerned with the future impact on legitimate troubleshooting. What technology can Jennifer implement?

SSH

8. What type of cloud service would provide email hosting and associated security

SaaS

1. Which statement defines session hijacking most accurately?

Session hijacking is an attack that aims at stealing a legitimate session and posing as that user while communicating with the web resource or host machine.

5. Which of the following is designed to locate wireless access points?

Site survey

1. SaaS is a cloud hosting environment that offers what?

Software hosting

7. In the field of IT security, the concept of defense in depth is layering more than one control on another. Why would this be helpful in the defense of a system of sessionhijacking?

To provide better protection

4. Which of the following options shows the protocols in order from strongest to weakest?

WPA2, WPA, WEP, Open

7. A utility for auditing WordPress from Android is __________.

WPScan

1. WEP is designed to offer security comparable to which of the following?

Wired networks

3. How would you use Netcat to set up a server on a system?

nc -l -p 192.168.1.1

6. What command is used to listen to open ports with netstat?

netstat -an

8. In the field of IT security, the concept of defense in depth is the layering of more than one control on another. Why is this?

To provide better protection

2. Which of the following can be used to protect data stored in the cloud?

Drive encryption


Conjuntos de estudio relacionados

Chapter 13 Anotomy of the Nervous System

View Set

C. Information Management from a US Perspective

View Set

Entrepreneurship Misconceptions, Salient Features and Theories

View Set

International Business Warm up questions

View Set