ITN 261 Midterm
IDS
Ad administrator has just been notified of irregular network activity; what appliance functions in this manner?
TCP
An SYN attack uses which protocol?
netBIOS
An attacker can use ____ to enumerate users on a system?
Application
At which layer of the OSI Model does a proxy operate?
RST
During a Xmas tree scan what indicates a port is closed?
Active and passive
Footprinting has two phases. What are they ?
With no knowledge
How is a black-box testing performed?
Layer 1
Hubs operate at what layer of the OSI model?
Competitive analysis
If you cant gain enough information directly from a target. what is another option?
Query a database
LDAP is used to perform which function
all user password hashes
On Linux machines, the '/etc/shadow' file contains:
Internet Control Message Protocol (ICMP)
Ping utilizes this underlying protocol
53 TCP
Port number _____ is used by DNS for zone transfers.
255
Routers, such as Cisco, often have TTL values of:
Send email messages
SMTP is used to perform which function?
Monitor network devices
SNMP is used to do which of the following?
Trap messages
SNMP is used to perform which function in relation to hardware?
Layer 2
Switches operate at what layer of the OSI model?
\windows\system32\config\
The Security Accounts Manager (SAM) is located at:
Administrator
The Security Identifier ending in 500(also known as its RID) belongs to which account?
View archived versions of websites
The Wayback Machine is used to do which of the following?
Hacktivists
The group Anonymous is an example of what?
Gray hat
These hackers cross into both offensive and defensive actions at different times.
SID
This is a number assigned by the OS to uniquely identify a specific object such as a user, group, or even a computer
Netcraft
This is an online tool designed to gather information about servers and web servers
Insider Attack
This type of attack is intended to imitate the behaviours that are an internal party who already has authorized access to a system may perform
Passive fingerprinting
This type of fingerprinting works by analyzing responses and looking for details of the OS?
nslookup
This utility is used to query DNS servers and gain information about various parts of the DNS namespace or individual hosts
Validate an email address
VRFY is used to do which of the following?
Passively uncovering vulnerabilities
Vulnerability research deals with which of the following?
Alerts
What can be configured in most search engines to monitor and alert you of changes to content?
Proxy
What device acts as an intermediary between an internal client and a web resource?
Target of Evaluation (TOE)
What does TOE stand for?
Identify if telnet is enabled on the destination IP address
What does the following command do ? # telnet <ip address>:<port> HEAD /HTTP/1.1
Request all DNS records using a zone transfer
What does the following command do ? 'dig <domain.com> axfr
Check financial filings
What is EDGAR used to do ?
to hide the process of scanning
What is Tor used for?
A description of expected behaviour
What is a code of ethics
a ping sweep
What is an ICMP echo scan?
Identify a user
What is an SID used to do ?
ACK
What is missing from a half-open scan?
1010 1111
What is the binary value for the following hexadecimal AF?
tracert
What is the command to run a traceroute using the Windows command line?
SYN, SYN-ACK, ACK
What is the proper sequence of the TCP three-way-handshake?
To keep a scan hidden
What is the purpose of a proxy?
Gain information from a human being through face-to-face or electronic means
What is the purpose of social engineering?
Passive os fingerprinting
What is the purpose of the following command: #sudo p0f -i eth0
To gain information from human beings
What is the role of social engineering?
Support
What is the subdomain of http://support.oriyano.com
the opening sequence of a TCP connection
What is the three-way handshake?
Collision domain
What kind of domain resides on a single switchport?
Low
What level of knowledge about hacking does a script kiddie have?
IPS
What network appliance senses irregularities and plays an active role in stopping that irregular activity from continuing?
49152 through 65535
What port range is an obsecure third party application most likely to use?
a lack of fear of being caught
What separates a suicide hacker from other attackers?
Get permission
What should a pentester do prior to initiation a new penetration test?
ipconfig/all
What windows command will provide the computer's MAC address?
To monitor network performance
What would not be a reason for a company to require a penetration test?
All nodes attached to the same port
When scanning a network via a hardline connection to a wired-switch NIC in promiscuous mode, what would be the extent of network traffic you would expect to see?
a way to automate the discovery of vulnerabilities
Which best describes a vulnerability scan?
Packet
Which category of firewall filters is based on packet header data only?
nbstat
Which command can be used to view NetBIOS information?
Ring
Which network topology uses a token-based access metholody?
a weakness
Which of the following best describes a vulnerability?
Investigation of a target
Which of the following best describes footprinting?
Hacks without stealth
Which of the following best describes what a suicide hacker does?
Job boards
Which of the following can an attacker use to determine the technology and structure within an organization?
Street views
Which of the following can be used to assess physical security?
Operators
Which of the following can be used to tweak or fine-tune search results?
Social engineering
Which of the following can help you deermine business processes of your target through human interaction?
Suicide hacker
Which of the following describes a hacker who attacks without regard of being caught or punished?
Hacktivist
Which of the following describes an attacker who goes after a target to draw attention to a cause
Permission
Which of the following does an ethical hacker require to start evaluating a system?
END
Which of the following is not a flag on a packet?
Port Scanning
Which of the following is not typically used during footprinting?
Telnet
Which of the following is used for banner grabbing?
Netcraft
Which of the following is used for identifying web server OS?
nmap
Which of the following is used to perform customized network scans?
NULL
Which of the following types of attack has no flags set?
social networking
Which of the following would be a very effective source of information as it relates to social engineering?
vrfy chell
Which of the following would confirm a user named chell in SMTP?
White hat
Which of the following would most likely engage in the pursuit of vulnerability research?
TCP
Which of these protocols is a connection-oriented protocol?
80
Which port is used to send unsecured web traffic?
161 and 162
Which ports does SNMP use to function?
MX
Which record will reveal information about a mail server for a domain ?
NAT
Which technology allows the use of a single public address to support many internal clients while also preventing exposure of internal IP addresses to the outside world?
Netcraft
Which tool can be used to view web server information ?
Mesh
Which topology has built-in redundancy because of its many client connections?
Gray Hat
Which type of hacker may use their skills for both benign and malicious goals at different times?
winrtgen
You can generate rainbow tables with this tool:
SMTP
You have selected the option in your IDS to notify you via email if it senses any network irregularities. Check the logs, you notice a few incidents but you didn't receive any alerts, what protocol needs to be configured on the IDS?
EXPN
______is a method for expanding an email list.
NTP
______is used to synchronize clocks on a network
zone transfer
involves grabbing a copy of a zone file?
port scan
nmap is required to perform what type of scan ?
NULL session
A ______ is used to connect to a remote system using NetBIOS
Gives Proof
A contract is important because it does what?
a half-open does not include the final ACK
A full-open scan means that the three-way handshake has been completed. What is the difference between this and a half-open scan?
DNS
A scan of a network client shows that port 53 is open; what protocol is this aligned with?
