Ethical Hacking 102 T/F

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

A brute-force attack tries passwords that are pulled from a predefined list of words.

False

A denial of service (DoS) attack is considered a critical problem because it is very difficult to defeat.

False

A distributed denial of service (DDoS) attack is mostly an annoyance however a denial of service (DoS) attack is much more of a problem.

False

A drawback to public key infrastructure (PKI) is that the two parties must have prior knowledge of one another in order to establish a relationship.

False

A poison null byte attack uploads masses of files to a server with the goal of filling up the hard drive on the server in an attempt to cause the application to crash.

False

A session, the connection that a client has with the server application, should use the same identifier, encryption, and other parameters every time a new connection between client and server is created, rather than create new information for each connection and then discard it each time.

False

A site administrator can block the Internet Archive from making snapshots of the site.

False

Accumulating as many connections as possible on social media (seeking quantity over quality) makes it less likely that you will link or "friend" a scam artist or an identity thief.

False

Active fingerprinting takes longer than passive fingerprinting.

False

Adware is a type of malware designed to trick victims into purchasing and downloading useless and potentially dangerous software.

False

An advantage to brute-force password attacks is that they typically do not take much time to perform.

False

An effective method for uncovering database problems is to consider the security problem simply from an insider's perspective, rather than an outsider's perspective.

False

Antivirus software cannot detect suspicious behavior of applications on a system.

False

Because wardialing involves the use of modems, it is out of date and should no longer be used.

False

Covert channels are not capable of transferring information using a mechanism that was not designed for the purpose. Select one:

False

Databases are rarely a target for attackers because many of them are "unhackable."

False

Delivering malicious software via instant messaging (IM) is relatively difficult because IM software has had strong security controls from the beginning.

False

Fail-open state results in closed and completely restricted access or communication.

False

Firewalls provide very little protection to a database server.

False

Future generations of cryptography technology will most likely represent an evolution of past technologies and techniques.

False

In symmetric encryption, one key is used for encryption and a separate key is used for decryption.

False

It is much harder to detect active OS fingerprinting than passive OS fingerprinting.

False

Logic bombs are relatively easy to detect.

False

Many attackers gain access to their target system through something known as a window.

False

Modern antivirus software is not equipped to deal with the problems polymorphic viruses pose.

False

Most encryption cannot be broken.

False

Most users of social networking sites are diligent about protecting their personal information through privacy settings and similar configuration options available on these sites.

False

Obtaining financial information on companies operating in the United States is difficult because financial records on publicly traded companies are not available to the public.

False

Over the past several years, social networking sites have become less and less of a target for cybercriminals.

False

Over time, corporations have been moving fewer and fewer services to the cloud.

False

Placing a backdoor on a system prevents an attacker from coming back later in an attempt to take control of the system. Select one:

False

Private information on Facebook is truly private.

False

Safe browsing practices have little to do with whether individuals become victims online.

False

Sanitizing a Web posting refers to a company deleting information that others may find insensitive or offensive.

False

Scareware is software specifically designed to display advertisements on a system in the form of pop-ups or nag screens.

False

Social networking means tricking or coercing people into revealing information or violating normal security practices.

False

Structured Query Language (SQL) injections require very little skill or knowledge to execute.

False

Symmetric encryption is also called public key cryptography

False

The Security Account Manager (SAM) is a file that resides on the network, not on the hard drive, and is not actively accessed while Windows is running.

False

The ever-increasing amount of personal information that people put online themselves has made gathering information on human beings more difficult.

False

The first viruses debuted in the "wild" in the 1990s as ways to destroy exam records at universities.

False

The goals of confidentiality and integrity are basically the same.

False

The manual method of obtaining network range information is quick, but it is largely ineffective. Select one:

False

The mere existence of an open port means vulnerability exists.

False

The popularity of services such as Facebook, LinkedIn, and Twitter has made the loss of information or loss of control of that information through social media less of a concern.

False

User Datagram Protocol (UDP) acknowledges each connection attempt; Transmission Control Protocol (TCP) does not, so it tends to produce less reliable results.

False

Whenever possible, security practitioners work to encourage people to use their social network for both their professional activities and their personal activities.

False

Worms require user intervention for their infection to take place; viruses do not.

False

A buffer overflow can result in data being corrupted or overwritten.

True

A code is a mechanism that relies on the usage of complete words or phrases, whereas ciphers utilize single letters to perform encryption.

True

A countermeasure for protecting domain information is to employ commonly available proxy services to block the access of sensitive domain data.

True

A good way to prevent Structured Query Language (SQL) injection attacks is to use input validation, which ensures that only approved characters are accepted.

True

A one-way hash function is also known as a fingerprint.

True

A persuasion/coercion attack is considered psychological.

True

A ping is actually an Internet Control Message Protocol (ICMP) message.

True

A rootkit can provide a way to hide spyware such as a keystroke logger so that it is undetectable even to those looking for it. Select one:

True

An attacker can use enumeration methods to determine whether or how a target can respond to system hacking activities.

True

An organization's Web server is often the public face of the organization that customers and clients see first

True

Brutus is a password cracker that is designed to decode different password types present in Web applications.

True

Databases can be easily missed because they may be installed as part of another application or just not reported by the application owner.

True

Defacing a Web site is one of the most common acts of vandalism against Web sites.

True

Digital signatures are a combination of public key cryptography and hashing. Select one:

True

Education is the first line of defense for stopping both worms and viruses.

True

Enumeration represents the point at which the attack crosses the legal line to being an illegal activity in some areas.

True

Error messages should be considered a potential Web server vulnerability because they can provide vital information to an attacker.

True

For both symmetric and asymmetric cryptography, data is encrypted by applying the key to an encryption algorithm.

True

For many businesses, a social media presence is a key part of the corporate communications strategy.

True

Hardware-based keystroke loggers can be plugged into a universal serial bus (USB) or PS2 port on a system and monitor the passing signals for keystrokes.

True

Hoax viruses are those designed to make the user take action even though no infection or threat exists.

True

If any part of a multipartite virus is not eradicated from the infected system, it can re-infect the system.

True

In some cases, spyware creators have stated their intentions outright by presenting End-User License Agreements (EULAs) to the victim.

True

In symmetric encryption, the length of the key and the quality of the algorithm will determine how secure the encryption system is.

True

In the Windows OS, the NetBIOS service is commonly targeted by attackers because diverse information can be obtained, including usernames, share names, and service information.

True

Input validation refers to restricting the type of input or data the Web site will accept so that mistakes will not be entered into the system.

True

It is worthwhile to conduct an Internet search on yourself in order to see what personal information is available about you online.

True

Malware can be used to turn a system into a server hosting any type of content, such as illegal music or movies, pirated software, pornography, and financial data.

True

Malware in the current day has been adopted by criminals for a wide array of purposes to capture information about the victim or commit other acts.

True

Nmap is valuable in OS fingerprinting as well as port scanning.

True

Of the tools for detecting Trojans, one of the easiest to access would be the command line tool known as netstat.

True

Offline attacks are a form of password attack that relies on weaknesses in how passwords are stored on a system.

True

Once escalated privileges have been obtained, the PsTools suite makes it possible for an attacker to run an application on a remote system rather easily.

True

One of the common problems that make password attacks effective is that many people use ordinary words as their password.

True

One of the main characteristics of worms is that they do not need a host program to function.

True

Process isolation provides extra protection against catastrophic failure of a system by ensuring that one process crashing will not take others with it.

True

Public key infrastructure (PKI) addresses storing, managing, distributing, and maintaining keys and digital certificates securely.

True

Rainbow tables compute every possible combination of characters prior to capturing a password so that the attacker can then capture the password hash from the network and compare it with the hashes that have already been generated

True

SolarWinds has the ability to generate network maps that can be viewed in products such as Microsoft's diagramming product Visio.

True

Substitution, transposition, stream, and block are common forms of ciphers.

True

Symmetric encryption is inherently faster than asymmetric encryption due to the nature of the computations performed.

True

The Whois tool has been used by law enforcement to gain information useful in prosecuting criminal activity.

True

The purpose of OS fingerprinting is to determine the operating system that is in use on a specific target.

True

The strength of asymmetric encryption is that it addresses the key distribution problem inherent with symmetric encryption.

True

The terms algorithm and cipher describe the formula or process used to perform encryption.

True

There are currently five primary Regional Internet Registries (RIRs) across the globe

True

U.S. laws regulate the exportation of cryptographic systems.

True

When working on securing Web applications, the safety of information must be considered both when it is being stored and when it is being transmitted, because both stages are potential areas for attack.

True

With passive fingerprinting, the victim has less chance of detecting and reacting to the impending attack.

True

Wrappers can be used to merge an attacker's intended payload with a harmless executable to create a single executable from the two.

True

ohnny Long's Google Hacking Database (GHDB) is a database of queries that can be used to conduct a Google Web search to identify sensitive data and content.

True

A number of different methods can be used to deface a Web site.

True


Kaugnay na mga set ng pag-aaral

Brachial Plexus/ Axillary Region/Forearm

View Set

Series 66: Investment Vehicles (Insurance-Based Products)

View Set

Texas Principles of Real Estate 1

View Set

4.04: Applications of Coordinates

View Set

الحسبة والمحتسب في الاسلام مرحلة 1

View Set