Ethical Hacker Chap 8 Practice

Who would most likely erase only parts of log files?

Black hat hacker

What best describes the unsecure file and folder method?

Can lead to DLL hacking and malicious file installations on a non-admin targeted user

What includes all possible character values for plaintext?

Charset

A hacker has gained physical access to a system and changed the admin's password. What did the hacker use to accomplish this?

Ultimate Boot CD

What is the name of the attribute that stores passwords in a Group Policy preference item in Windows?

cPasswords

Roger, a security analyst wants to tighten up privileges to make sure each user has only the privileges they need to do their work. What countermeasure could he take to protect privileges?

Implement multi-factor authentication/authorization

Mark is moving files from a device formatted in NTFS to a device formatted in FAT. What is he trying to get rid of?

Malicious alternate data streams

A hacker finds a poorly designed and unpatched system. He wants to create a backdoor. What tool could be used?

Metasploit

What tool cracks Windows login passwords using rainbow tables?

Ophcrack

Sam used malware to access Sally's computer on the network. He found info that will allow him to use the underlying NTLM to escalate privileges without needing the plaintext password. What type of attack did he use?

Pass the hash

What system exploitation method happens by adding a malicious file to a file path that is missing quotation marks and has spaces in it?

Path interception

Jack is tasked with testing password strength and has limited time and storage space. What is the best password attack for him to use?

Rainbow attack

What best describes the heuristic or behavior based detection method?

Searches for execution path hooking, allowing a function value in an accessible environment to be changed.

Cam wants to send secret messages to his buddy Brandon, who works with the competition. To secure it, he hides it in a video. What technique is he using?

Steganography

The method of embedding data into legit files like graphics to hide it and then extract it once it reaches its destination is called...?

Steganography

You believe you've been hacked. What do you check first?

System log files

You just used the John the Ripper Command zip2john secure.zip > secure.txt . What was this used for?

To extract the password hashes and save them in the secure.txt file.

James has hacked into a Unix system and wants to change timestamps on files to hide his tracks. What tool would he most likely use?

Touch

You have created/sorted an md5 rainbow crack table. You want to crack the password. What command would you use to crack a single hash?

rcrack . -h [insert hash value]

You are cleaning your desk at work, and you toss stacks of paper in the trash including a stick note with your passwords written on it. What type of non-technical password attack have you enabled?

Dumpster diving

Jerry runs a tool to scan a clean system to create a database. The tool scans the system again and compares the second scan to the clean database. What decision-method is being used?

Integrity-based

What technique involves adding random bits of data to passwords before being stored as a hash?

Password salting

What is also known as ZeroAccess and has virus, Trojan Horse, and rootkit components?

Sirefef

What best describes shoulder surfing?

Someone nearby watches you enter your password on your computer and records it.

What is malware that works by stealth to capture information and sends it to a hacker to gain remote access?

Spyware

Phil, has found a way into a secure system and is looking for a Windows utility to retrieve, set, back up, and restore logging policies. What utility should he consider?

auditpol

Which protocol allows authentication over a non-secure network by using tickets or service principal names (SPNs)?

Kerberoasting (Kerberos)

Carl received a phone call from a woman who states she is calling from his bank. She tells him that someone has tried to access his checking account and she needs him to confirm his account number and password to discuss further details. He gives her his information. What type of non-technical password attack has occured?

Social engineering

What best describes CCleaner?

Tool that can remove files and clear internet browsing history. It clears temporary files, history, and cookies from each of the six major search engines.

An ethical hacker installed a malicious file in the application directory, and when victims start installing the application, Windows searches the directory and selects the malicious file instead of the correct one, giving the attacker remote access. What best describes this scenario?

DLL Hacking

What best describes Security Account Manager (SAM)?

Database that stores user passwords in Windows as LM or NTLM hash

What could a hacker use Alternate Data Streams for?

Hiding evidence

Things like !%& .-/01234 :;=<>@ ABCDEFG[\] ^_ 'abcdefg{|} are possible values of what hash type?

Ascii-32-95

What is installed to allow hackers to have continued admittance, gather sensitive information, or establish access to resources and operations in the system

Backdoors

You are using a password attack that tests every possible keystroke for each single key in a password until finding the correct one. What technique are you using?

Brute force

What is used to remove files and clear internet browsing history?

CCleaner

What best describes a rootkit?

Can modify operating system and utilities of target systems.

What escalation privilege risk happens when a program is being installed without constant supervision of an IT employee and fails to clean up after?

Unattended Installation