Ethical Hacking and Network Defense
Which type of scan is usually used to bypass a firewall or packet-filtering device? a. ACK scan b. SYN scan c. XMAS scan d. FIN scan
a. ACK scan
Embedded OS on routers are susceptible to which of the following? (Choose all that apply.) a. Authentication bypass attacks b. Buffer overflow attacks c. Password-guessing attacks d. RTOS clock corruption
a. Authentication bypass attacks b. Buffer overflow attacks c. Password-guessing attacks
A NetBIOS name can contain a maximum of _________ characters. a. 10 b. 11 c. 15 d. 16
c. 15
What is the most widely used port-scanning tool? a. Netcat b. Netstat c. Nmap d. Nslookup
c. Nmap
Port scanning provides the state for all but which of the following ports? a. Closed b. Open c. Filtered d. Buffered
d. Buffered
In basic network scanning, ICMP Echo Requests (type 8) are sent to host computers from the attacker, who waits for which type of packet to confirm that the host computer is live? a. ICMP SYN-ACK packet b. ICMP SYN packet c. ICMP Echo Reply (type 8) d. ICMP Echo Reply (type 0)
d. ICMP Echo Reply (type 0)
Enumeration of Windows systems can be more difficult if port _______ is filtered. a. 110/UDP b. 443/UDP c. 80/TCP d. 139/TCP
d. 139/TCP
________ is one of the components most vulnerable to network attacks. a. TCP/IP b. WINS c. DHCP d. DNS
d. DNS
Which of the following is a commonly used UNIX enumeration tool? a. Netcat b. Nbtstat c. Netstat d. Finger
d. Finger
A NULL scan requires setting the FIN, ACK, and URG flags. True or False?
False
An embedded OS must be developed specifically for use with embedded systems. True or False?
False
Which of the following doesn't use an embedded OS? a. An ATM b. A workstation running Windows Vista Business c. An NAS device running Windows Server 2008 R2 d. A slot machine
b. A workstation running Windows Vista Business
Which of the following is a Windows command-line utility for seeing NetBIOS shares on a network? a. Net use b. Net user c. Net view d. Nbtuser
c. Net view
A FIN packet sent to a closed port responds with which of the following packets? a. FIN b. SYN-ACK c. RST d. SYN
c. RST
Employees should be able to install programs on their company computers as long as the programs aren't copyrighted. True or False?
False
MBSA performs which of the following security checks? (Choose all that apply.) a. Security update checks b. IIS checks c. System time checks d. Computer logon checks
a. Security update checks b. IIS checks
A good password policy should include which of the following? (Choose all that apply.) a. Specifies a minimum password length b. Mandates password complexity c. States that passwords never expire d. Recommends writing down passwords to prevent forgetting them
a. Specifies a minimum password length b. Mandates password complexity
List three measures for protecting systems on any network.
Any three of the following: having user awareness training programs, running antivirus tools, disabling unneededservices, filtering out unnecessary ports, installing security updates and patches, securing configurations, andreviewing logs
For a Windows computer to be able to access a *nix resource, CIFS must be enabled on at least one of the systems. True or False?
False
Fping doesn't allow pinging multiple IP addresses simultaneously. True or False?
False
Linux antivirus software can't detect backdoor Trojans. True or False?
False
Most printers now have only TCP/IP enabled and don't allow default administrator passwords, so they're inherently more secure. True or False?
False
The Nbtstat command is used to enumerate *nix systems. True or False?
False
The Windows Net use command is a quick way to discover any shared resources on a computer or server. True or False?
False
Which of the following is a well-known SMB hacking tool? (Choose all that apply.) a. SMBRelay b. SMBsnag c. L0phtcrack's SMB Packet Capture utility d. NTPass
a. SMBRelay c. L0phtcrack's SMB Packet Capture utility
To identify the NetBIOS names of systems on the 193.145.85.0 network, which of the following commands do you use? a. nbtscan 193.145.85.0/24 b. nbtscan 193.145.85.0-255 c. nbtstat 193.145.85.0/24 d. netstat 193.145.85.0/24
a. nbtscan 193.145.85.0/24
Which of the following Nmap commands sends a SYN packet to a computer with the IP address 193.145.85.210? (Choose all that apply.) a. nmap -sS 193.145.85.210 b. nmap -v 193.145.85.210 c. nmap -sA 193.145.85.210 d. nmap -sF 193.145.85.210
a. nmap -sS 193.145.85.210 b. nmap -v 193.145.85.210
To bypass some ICMP-filtering devices on a network, an attacker might send which type of packets to scan the network for vulnerable services? (Choose all that apply.) a. PING packets b. SYN packets c. ACK packets d. Echo Request packets
b. SYN packets c. ACK packets
A null session is enabled by default in all the following Windows versions except: a. Windows 95 b. Windows Server 2008 c. Windows 98 d. Windows 2000
b. Windows Server 2008
Which port numbers are most vulnerable to NetBIOS attacks? a. 135 to 137 b. 389 to 1023 c. 135 to 139 d. 110 and 115
c. 135 to 139
Which ports should be filtered out to protect a network from SMB attacks? a. 134 to 138 and 445 b. 135, 139, and 443 c. 137 to 139 and 445 d. 53 TCP/UDP and 445 UDP
c. 137 to 139 and 445
Which organization offers free benchmark tools for Windows and Linux? a. PacketStorm Security b. CVE c. Center for Internet Security d. Trusted Security Solutions
c. Center for Internet Security
Which of the following enables you to view all host computers on a network? a. SOA b. Ipconfig c. Zone transfers d. HTTP HEAD method
c. Zone transfers
Which of the following commands should you use to determine whether there are any shared resources on a Windows computer with the IP address 193.145.85.202? a. netstat -c 193.145.85.202 b. nbtscan -a 193.145.85.202 c. nbtstat -a 193.145.85.202 d. nbtstat -a \\193.145.85.202
c. nbtstat -a 193.145.85.202
To view eDirectory information on a NetWare 5.1 server, which of the following tools should you use? a. Nmap b. Mmap c. Nbtstat d. Novell Client
d. Novell Client
Security testers and hackers use which of the following to determine the services running on a host and the vulnerabilities associated with these services? a. Zone transfers b. Zone scanning c. Encryption algorithms d. Port scanning
d. Port scanning
Windows OSs are vulnerable to the Conficker worm because of which of the following? a. Arbitrary code b. SQL buffer overflow c. Blank password d. RPC vulnerability
d. RPC vulnerability
A closed port responds to a SYN packet with which of the following packets? a. FIN b. SYN-ACK c. SYN d. RST
d. RST
The Net view command can be used to see whether there are any shared resources on a server. True or False?
True
The lack of a familiar interface, such as CD/DVD-ROM drives, contributes to the difficulty of updating embedded OSs. True or False?
True
Security testers can use Hping to bypass filtering devices. True or False?
True
A cookie can store information about a Web site's visitors. True or False?
True
Which program can detect rootkits on *nix systems? a. chkrootkit b. rktdetect c. SELinux d. Ionx
a. chkrootkit
Which of the following commands connects to a computer containing shared files and folders? a. Net view b. Net use c. Netstat d. Nbtstat
b. Net use
Why are rootkits that infect a device's firmware considered the biggest threat to any OS (embedded or general-purpose)?
They tend to be extremely small, are loaded in low-level nonvolatile storage that anti-rootkit tools can't access readily, and can persist even after the hard drive has beenreformatted
If the time and money required to compromise an embedded system exceeds the value of the system's information, a security tester might recommend not fixing the vulnerability. True or False?
True
In Windows Server 2008, the administrator must enable IIS manually to use it. True or False?
True
Which of the following describes an RTOS? a. An embedded OS capable of multitasking and responding predictably b. An embedded OS intended for real-time data manipulation c. An embedded OS intended for packet analysis d. An embedded OS intended for devices that run multiple OSs
a. An embedded OS capable of multitasking and responding predictably
Why does the fping -f 193.145.85.201 193.145.85.220 command cause an error? a. An incorrect parameter is used. b. The IP range should be indicated as 193.145.85.201-220. c. There's no such command. d. IP ranges aren't allowed with this command.
a. An incorrect parameter is used.
Applications written in which programming language are especially vulnerable to buffer overflow attacks? (Choose all that apply.) a. C b. Perl c. C++ d. Java
a. C c. C++
Which of the following contains host records for a domain? a. DNS b. WINS c. Linux server d. UNIX Web clients
a. DNS
Which flags are set on a packet sent with the nmap -sX 193.145.85.202 command? (Choose all that apply.) a. FIN b. PSH c. SYN d. URG
a. FIN b. PSH d. URG
What is the best method of preventing NetBIOS attacks? a. Filtering certain ports at the firewall b. Telling users to create difficult-to-guess passwords c. Pausing the Workstation service d. Stopping the Workstation service
a. Filtering certain ports at the firewall
Security testers conduct enumeration for which of the following reasons? (Choose all that apply.) a. Gaining access to shares and network resources b. Obtaining user logon names and group memberships c. Discovering services running on computers and servers d. Discovering open ports on computers and servers
a. Gaining access to shares and network resources b. Obtaining user logon names and group memberships
What is a potential mistake when performing a ping sweep on a network? a. Including a broadcast address in the ping sweep range b. Including a subnet IP address in the ping sweep range c. Including the subnet mask in the ping sweep range d. Including the intrusion detection system's IP address in the ping sweep range
a. Including a broadcast address in the ping sweep range
Why are embedded OSs more likely to have unpatched security vulnerabilities than general-purpose OSs do? (Choose all that apply.) a. Many security checks are omitted during development to reduce the code size. b. Devices with embedded OSs connect to the Internet more frequently. c. Manufacturers prefer that you upgrade the system rather than the embedded OS. d. Devices with embedded OSs typically can't have any downtime for installing patches.
a. Many security checks are omitted during development to reduce the code size. c. Manufacturers prefer that you upgrade the system rather than the embedded OS. d. Devices with embedded OSs typically can't have any downtime for installing patches.
A(n) scan sends a packet with all flags set to NULL. a. NULL b. VOID c. SYN d. XMAS
a. NULL
Which of the following tools can be used to enumerate Windows systems? (Choose all that apply.) a. OpenVAS b. DumpSec c. DumpIt d. Hyena
a. OpenVAS b. DumpSec d. Hyena
To see a brief summary of Nmap commands in a Linux shell, which of the following should you do? a. Type nmap -h. b. Type nmap -summary. c. Type help nmap. d. Press the F1 key.
a. Type nmap -h.
Cell phone vulnerabilities make it possible for attackers to do which of the following? (Choose all that apply.) a. Use your phone as a microphone to eavesdrop on meetings or private conversations. b. Install a BIOS-based rootkit. c. Clone your phone to make illegal long-distance phone calls. d. Listen to your phone conversations.
a. Use your phone as a microphone to eavesdrop on meetings or private conversations. c. Clone your phone to make illegal long-distance phone calls. d. Listen to your phone conversations.
What's one way to gather information about a domain? a. View the header of an e-mail you send to an e-mail account that doesn't exist. b. Use the Ipconfig command. c. Use the Ifconfig command. d. Connect via Telnet to TCP port 53.
a. View the header of an e-mail you send to an e-mail account that doesn't exist.
To find information about the key IT personnel responsible for a company's domain, you might use which of the following tools? (Choose all that apply.) a. Whois b. Whatis c. SamSpade d. Nbtstat
a. Whois c. SamSpade
Which Nmap command verifies whether the SSH port is open on any computers in the 192.168.1.0 network? (Choose all that apply.) a. nmap -v 192.168.1.0-254 -p 22 b. nmap -v 192.168.1.0-254 -p 23 c. nmap -v 192.168.1.0-254 -s 22 d. nmap -v 192.168.1.0/24 -p 22
a. nmap -v 192.168.1.0-254 -p 22 d. nmap -v 192.168.1.0/24 -p 22
VxWorks is which of the following? a. A Windows embedded OS b. A proprietary embedded OS c. A Linux embedded OS d. A Windows security validation tool
b. A proprietary embedded OS
Which of the following testing processes is the most intrusive? a. Port scanning b. Enumeration c. Null scanning d. Numeration
b. Enumeration
Which of the following is an OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users? a. MBSA b. Mandatory Access Control c. Server Message Block d. Systems Management Server
b. Mandatory Access Control
Which of the following is the vulnerability scanner from which OpenVAS was developed? a. OpenVAS Pro b. Nessus c. ISS Scanner d. SuperScan
b. Nessus
Which of the following is a tool for creating a custom TCP/IP packet and sending it to a host computer? a. Tracert b. Traceroute c. Hping d. Nmapping
c. Hping
SCADA systems are used for which of the following? a. Monitoring embedded OSs b. Monitoring ATM access codes c. Monitoring equipment in large-scale industries d. Protecting embedded OSs from remote attacks
c. Monitoring equipment in large-scale industries
Most NetBIOS enumeration tools connect to the target system by using which of the following? a. ICMP packets b. Default logons and blank passwords c. Null sessions d. Admin accounts
c. Null sessions
Which of the following is a major challenge of securing embedded OSs? a. Training users b. Configuration c. Patching d. Backup and recovery
c. Patching
One way to secure IIS is to do which of the following? (Choose all that apply.) a. Disable IIS logging. b. Install IIS on a domain controller. c. Run the IIS Lockdown Wizard. d. Upgrade to the most recent IIS version.
c. Run the IIS Lockdown Wizard. d. Upgrade to the most recent IIS version.
Which of the following is a fast and easy way to gather information about a company? (Choose all that apply.) a. Conduct port scanning. b. Perform a zone transfer of the company's DNS server. c. View the company's Web site. d. Look for company ads in phone directories.
c. View the company's Web site. d. Look for company ads in phone directories.
Which of the following is the most efficient way to determine which OS a company is using? a. Run Nmap or other port-scanning programs. b. Use the Whois database. c. Install a sniffer on the company's network segment. d. Call the company and ask.
d. Call the company and ask.
Which of the following is an advantage of Windows CE over other Windows embedded OSs? a. It's designed for more advanced devices with complex hardware requirements. b. It has many of the same security features as Windows XP. c. It provides the full Windows API. d. Its source code is available to the public.
d. Its source code is available to the public.
Because of cost and size concerns, embedded OSs usually have: a. More RAM and secondary storage than desktop computers b. More flash memory than desktop computers c. Less ROM and primary storage than desktop computers d. Less RAM and secondary storage than desktop computers
d. Less RAM and secondary storage than desktop computers
Which of the following programs includes several buffer overflow exploit plug-ins? a. Buffercrack b. MBSA c. Nmap d. Metasploit
d. Metasploit
Multifunction devices (MFDs) are rarely: a. Targets of network attacks b. Installed on Windows networks c. Installed on large networks d. Scanned for vulnerabilities
d. Scanned for vulnerabilities
To find extensive Nmap information and examples of the correct syntax to use in Linux, which of the following commands should you type? a. nmap -h b. nmap -help c. nmap ? d. man nmap
d. man nmap
Which of the following is a good Web site for gathering information on a domain? a. www.google.com b. www.namedroppers.com c. www.samspade.org d. www.arin.net e. All of the above
e. All of the above
