ETH HACK FINAL PRACT
A man-in-the-middle attack is an attack where the attacking party does which of the following?
Insert themselves into an active session
An attack that can be performed using FaceNiff is __________.
Inserting oneself into an active session
Android is based on which operating system?
Linux
Janet receives an e-mail enticing her to click a link and provide her account information and Social Security number. What type of attack is this?
Phishing
Web applications are used to __________.
Provide dynamic content
What type of database uses multiple tables linked together incomplex relationships?
Relational
DMZ is created with which of the following?
A multi-homed firewall
At which layer of the OSI model does a packet filtering firewall work?
3
For a fence to deter a determined intruder, it should be at least how many feet tall?
6
HTTP is typically open on which port in a firewall?
80
MAC spoofing applies a legitimate MAC address to an unauthenticated host, which allows the attacker to pose as a valid user. Based on your understanding of ARP, what would indicate a bogus client?
A reverse ARP request maps to two hosts.
Which of the following is used to set permissions on content in a website?
ACL
Jason is a junior system administrator for a small firm of 50 employees. For the last week a few users have been complaining of losing connectivity intermittently with no suspect behavior on their part such as large downloads or intensive processes. Jason runs Wireshark on Monday morning to investigate. He sees a large amount of ARP broadcasts being sent at a fairly constant rate. What is Jason most likely seeing?
ARP poisoning
What can an error message tell an attacker?
All of the above
Social engineering preys on many weaknesses, including.
All the above
Firewalking is done to accomplish which of the following?
Analyze a firewall
Which of the following is not a source of session IDs?
Anonymous login
A man-in-the-browser attack delivered by a piece of malware can be prevented by which of the following?
Anti-virus
An attacker can use to find information about a firewall.
Backdoors
A is used to prevent cars from ramming a building.
Bollard
Which of the following best describes a web application?
Code designed to be run on the server
Phishing takes place using.
Altering a checksum of a packet can be used to do what?
Evade an NIDS
Human beings tend to follow set patterns and behaviors known as .
Habits
Groups and individuals who hack systems based on principle or personal beliefs are known as .
Hacktivists
Jason receives notices that he has unauthorized charges on his credit card account. What type of attack is Jason a victim of?
Identity theft
Jason receives notices that he is receiving mail, phone calls, and other requests for information. Additionally he has also noticed some problems with his credit checks such as bad debts and loans he did not participate in. What type of attack did Jason become a victim of?
Identity theft
Jason is the local network administrator who has been tasked with securing the network from possible DoS attacks. Within the last few weeks, some traffic logs appear to have internal clients making requests from outside the internal LAN. Based on the traffic Jason has been seeing, what action should he take?
Implement ingress filtering.
________ is a client-side scripting language.
JavaScript
A denial of service application for Android is __________.
LOIC
A cloud environment can be in which of the following configurations except?
LaaS
What could be used to monitor application errors and violations on a web server or application?
Logs
Bob is attempting to sniff a wired network in his first pen test contract. He sees only traffic from the segment he is connected to. What can Bob do to gather all switch traffic?
MAC flooding
Social engineering is designed to .
Manipulate human behavior
An attacker can use which technique to influence a victim?
Name-dropping
A cloud-based firewall is used to separate which of the following?
Networks
A firewall is used to separate which of the following?
Networks
Which kind of values are injected into a connection to the host machine in an effort to increment the sequence number in a predictable fashion?
Null
Which is an example of a server-side scripting language?
PHP
Julie has been sniffing the Wi-Fi traffic at a local coffee shop in an effort to learn more about sniffing tools and reading packet captures. She is careful not to inject packets, or to perform malicious activities; she just received her CEH credential, so she wants to stay white hat. What would Julie's activities be categorized as?
Passive
Jennifer receives an e-mail claiming that her bank account information has been lost and that she needs to click a link to update the bank's database. However, she doesn't recognize the bank, because it is not one she does business with. What type of attack is she being presented with?
Phishing
Adding and removing to and from a program stack are known as what?
Push and pop
Which of the following is another name for a record in a database?
Row
___________________________ is used to audit databases.
SQLping
Jason is a system administrator who is researching a technology that will secure network traffic from potential sniffing by unauthorized machines. Jason is not concerned with the future impact on legitimate troubleshooting. What technology can Jason implement?
SSH
Which attack can be used to take over a previous session?
Session hijacking
Which statement defines session hijacking most accurately?
Session hijacking is an attack that aims at stealing a legitimate session and posing as that user while communicating with the web resource or host machine.
A ___________ is used to attack an IDS.
Shellcode
Based on the packet capture shown in the graphic, what is contained in the highlighted section of the packet?
Source and destination IP addresses
An ethical hacker sends a packet with a deliberate and specific path to its destination. What technique is the hacker using?
Source routing
Network-level hijacking focuses on the mechanics of a connection such as the manipulation of packet sequencing. What is the main focus of web app session hijacking?
Stealing session IDs
Which tool can be used to view web server information?
TCP View
A security camera picks up someone who doesn't work at the company following closely behind an employee while they enter the building. What type of attack is taking place?
Tailgating
During an assessment you discovered that the target company was using a fax machine. Which of the following is the least important?
The phone number is publicly available.
In the field of IT security, the concept of defense in depth is layering more than one control on another. Why is this?
To provide better protection
Which of the following can prevent bad input from being presented to an application?
Validation
A utility for auditing WordPress from Android is __________.
WPScan
A session hijack can be used against a mobile device using all of the following except?
Worms
Which command is NOT used to query data in SQL Server?
cmdshell
Which command can be used to access the command prompt in SQL Server?
xp_cmdshell
Social engineering can use all the following except.
Viruses
In a DDoS attack, what communications channel is commonly used to orchestrate the attack?
Internet Relay Chat (IRC)
Jason is using TCPdump to capture traffic on his network. He would like to save the capture for later review. What command can Jason use?
tcpdump - l capture.log
Jason is using TCPdump to capture traffic on his network. He would like to review a capture log gathered previously. What command can Jason use?
tcpdump -r capture.log
can be used to identify a web server.
Banner grabs
A common attack against web servers and web applications is
Buffer overflow
On a switch, each switchport represents a ____________.
Collision domain
Social engineering can be thwarted using all of the following kinds of controls EXCEPT?
Common sense
Databases can be a victim of code exploits depending on:
Configuration
SQL injection attacks are aimed at which of the following?
Databases
An anomaly-based NIDS is designed to look for what?
Deviations from known traffic patterns
Which of the following is used to access content outside the root of a website?
Directory traversal
Frequency of type 2 errors is also known as what?
False rejection rate
TOR is intended to .
Hide the process of scanning
An HIDS is used to monitor activity on which of the following?
Host
A proxy is used to ________________.
Keep a scan hidden
An application would be developed on what type of cloud service?
PaaS
An NIDS is based on technology similar to which of the following:
Packet sniffing
_______________ can be used to attack databases.
SQL injection