ITN 261 Mid-Term
Which of the following is not a type of social engineering attack?
Privilege Escalation
What device acts as an intermediary between an internal client and a web resource? Router PBX VTC Proxy
Proxy A proxy acts as an intermediary between internal host computers and the outside world.
Asymmetric encryption is also referred to as which of the following? Shared key Public key Hashing Block
Public key Asymmetric encryption uses two separate keys and is referred to as public key cryptography. Symmetric algorithms use only one key that is used by both the sender and receiver.
During an FIN scan, what indicates that a port is closed? No return response RST ACK SYN
RST
During a Xmas tree scan what indicates a port is closed? No return response RST ACK SYN
RST An RST indicates the port is closed in many of the TCP scan types. The RST is sent in response to a connection request and the RST indicates that the port is not available.
Port number __________ is used by DNS for zone transfers. 53 TCP 53 UDP 25 TCP 25 UDP
53 TCP
Switches deliver data based on hardware or physical address. Which of the following is an invalid physical address on a network card?
?
Which of the following encryption algorithms is sysmmetric?
AES
What utility may be used to stop auditing or logging of events? ADS LM NTFS Auditpol
Auditpol
An attacker can use a(n) __________ to return to a system. Backdoor Cracker Account Service
Backdoor
How is a brute-force attack performed? By trying all possible combinations of characters By trying dictionary words By capturing hashes By comparing hashes
By trying all possible combinations of characters
In IPsec, what does Encapsulating Security Payload (ESP) provide? Data security Header security Authentication services Integrity
Data security Data security services are provided by ESP.
At what point can SSL be used to protect data? On a hard drive On a flash drive On Bluetooth During transmission
During transmission Data can be protected using SSL during transmission. If data is being stored on a hard drive or flash drive, SSL is not effective at proving cryptographic services.
Which of the following is not a flag on a packet? URG PSH RST END
END
__________ is a method for expanding an email list. VRFY EXPN RCPT TO SMTP
EXPN
A polymorphic virus __________. Evades detection through backdoors Evades detection through heuristics Evades detection through rewriting itself Evades detection through luck
Evades detection through rewriting itself
In nmap, _______ occurs when a packet is sent with the FIN flag set.
FIN scan
The process of pen testing includes seven legally mandated steps and they must be followed by every pen tester.
False
Vulnerability Scanners are tools that are used to identify all known and unknown vulnerabilities in a target system.
False
A vulnerability scan is a good way to do what? Find open ports Find weaknesses Find operating systems Identify hardware
Find open ports and find weaknesses
What should a pentester do prior to initiating a new penetration test? Plan Study the environment Get permission Study the code of ethics
Get permission Permission is absolutely essential to be obtained prior to performing any sort of test against a system you don't own. Permission should also be in writing and never verbal.
A contract is important because it does what? Gives permission Gives test parameters Gives proof Gives a mission
Gives proof A contract gives proof that permission and parameters were established.
Which of the following best describes what a hacktivist does? Defaces websites Performs social engineering Hacks for political reasons Hacks with basic skills
Hacks for political reasons A hacktivist engages in mischief for political reasons.
Which of the following best describes what a suicide hacker does? Hacks with permission Hacks without stealth Hacks without permission Hacks with stealth
Hacks without stealth A suicide hacker does not worry about stealth or otherwise conceal their activities but is more concerned with forwarding an agenda.
What network appliance senses irregularities and plays an active role in stopping that irregular activity from continuing? System administrator Firewall IPS IDP
IPS (Intrusion prevention System) An intrusion prevention system (IPS) plays an active role in preventing further suspicious activity after it is detected.
A banner can do what? Identify an OS Help during scanning Identify weaknesses Identify a service
Identify a service
What does hashing preserve in relation to data? Integrity Confidentiality Availability Repudiation
Integrity Hashing is intended to verify and preserve the integrity of data, but it cannot preserve the confidentiality of that data.
Which system should be used instead of LM or NTLM? NTLMv2 SSL Kerberos LM
Kerberos
On newer Windows systems, what hashing mechanism is disabled? Kerberos LM NTLM NTLMv2
LM
An attacker can use __________ to enumerate users on a system. NetBIOS TCP/IP NetBEUI NNTP
NULL session
Which of the following is capable of port redirection? Netstat TCPView Netcat Loki
Netcat
Which of the following is used to perform customized network scans? Nessus Wireshark AirPcap nmap
Nmap
Which of the following can be used to tweak or fine-tune search results? Archiving Operators Hacking Refining
Operators Operators such as filetype are used to manipulate search results for some search engines such as Google.
Which category of firewall filters is based on packet header data only? Stateful Application Packet Proxy
Packet filtering Packet-filtering firewalls inspect solely the packet header information.
Enumeration is useful to system hacking because it provides which of the following? Passwords IP ranges Configurations Usernames
Usernames
VRFY is used to do which of the following? Validate an email address Expand a mailing list Validate an email server Test a connection
Validate an email address
The Wayback Machine is used to do which of the following? Get job postings View websites View archived versions of websites Back up copies of websites
View archived versions of websites The Wayback Machine is used to view archived versions of websites if available (not all websites are archived via the Wayback Machine).
If you have been contracted to perform an attack against a target system, you are what type of hacker? White hat Gray hat Black hat Red hat
White Hat A white-hat hacker always has permission to perform pen testing against a target system.
_____ is a utility designed to allow you to collect information about a domain name or web address.
Whois
__________ involves grabbing a copy of a zone file. Zone transfer nslookup transfers DNS transfer Zone update
Zone transfer
A __________ is a file used to store passwords. Network SAM Database NetBIOS
SAM
A Trojan relies on __________ to be activated. Vulnerabilities Trickery and deception Social engineering Port redirection
Social engineering
Why use Google hacking? To fine-tune search results To speed up searches To target a domain To look for information about Google
To fine-tune search results Google hacking is used to produce more targeted and useful search results than would be possible using normal searches.
What is Tor used for? To hide web browsing To hide the process of scanning To automate scanning To hide the banner on a system
To hide the process of scanning.
Which tool can trace the path of a packet? Ping Tracert Whois DNS
Tracert
Which statement(s) defines malware most accurately? Malware is a form of virus. Trojans are malware. Malware covers all malicious software. Malware only covers spyware.
Trojans are malware. & Malware covers all malicious software.
Which of the following is not a step in the pen testing process?
Vulnerability Analysis
Which of the following is not typically used during footprinting? Search engines Email Port scanning Google hacking
Port Scanning Port scanning is typically reserved for later stages of the attack process.
Which of the following can help you determine business processes of your target through human interaction? Social engineering Email Website Job boards
Social engineering Social engineering can reveal how a company works.
Which of the following is the most popular suit of networking protocols used to exchange information?
TCP/IP
What level of knowledge about hacking does a script kiddie have? Low Average High Advanced
Low Script kiddies have low or no knowledge of the hacking process but should still be treated as dangerous.
Which of the following protocol does the above diagram describe?
SSL
Which of the following describes a hacker who attacks without regard for being caught or punished? Hacktivist Terrorist Criminal Suicide hacker
Suicide Hacker Much like suicide bombers in the real world, suicide hackers do not worry about getting caught; they are only concerned with their mission.
What port range is an obscure third-party application most likely to use? 1 to 1024 1025 to 32767 32768 to 49151 49152 to 65535
49152 - 65535 Ports 49152 to 65535 are known as the dynamic ports and are used by applications that are neither well known nor registered. The dynamic range is essentially reserved for those applications that are not what we would consider mainstream. Although obscure in terms of port usage, repeated showings of the same obscure port during pen testing or assessment may be indicative of something strange going on.
What is the role of social engineering? To gain information about computers To gain information about social media To gain information from human beings To gain information about posts and cameras
To gain information from human beings Social engineering can gain information about computers and other items, but it does so by interacting with people to extract that information.
Which of the following segments is not involved in the 3-way handshake process?
URG
A white-box test means the tester has which of the following? No knowledge Some knowledge Complete knowledge Permission
Complete Knowledge White-box testers have complete knowledge of the environment they have been tasked with attacking.
Which type of hacker may use their skills for both benign and malicious goals at different times? White hat Gray hat Black hat Suicide hacker
Gray hat Gray-hat hackers are typically thought of as those that were formally black hats but have reformed. However, they have been known to use their skills for both benign and malicious purposes.
Which of the following describes an attacker who goes after a target to draw attention to a cause? Terrorist Criminal Hacktivist Script kiddie
Hacktivist A hacktivist is an individual or group that performs hacking and other disruptive activities with the intention of drawing attention to a particular cause or message.
A message digest is a product of which kind of algorithm? Symmetric Asymmetric Hashing Steganography
Hashing A message digest is a product of a hashing algorithm, which may also be called a message digest function.
Which of the following can an attacker use to determine the technology and structure within an organization? Job boards Archives Google hacking Social engineering
Job boards Job boards are useful in getting an idea of the technology within an organization. By looking at job requirements, you can get a good idea of the technology present. While the other options here may provide technical data, job boards tend to have the best chance of providing it.
Companies may require a penetration test for which of the following reasons? Legal reasons Regulatory reasons To perform an audit To monitor network performance
Legal reasons, Regulatory reasons, and to perform an audit Network performance is not the goal of security audits or penetration tests.
Which record will reveal information about a mail server for a domain? A Q MS MX
MX MX records are DNS records used to locate the mail server for a domain.
Which topology has built-in redundancy because of its many client connections? Token ring Bus Hybrid Mesh
Mesh A true mesh topology creates a natural amount of redundancy due to the number of connections used to establish connectivity.
Which technology allows the use of a single public address to support many internal clients while also preventing exposure of internal IP addresses to the outside world? VPN Tunneling NTP NAT
NAT (Network Address Translation) Network Address Translation (NAT) is a technology that funnels all internal traffic through a single public connection. NAT is implemented for both cost savings and network security.
Which tool can be used to view web server information? Netstat Netcraft Warcraft Packetcraft
Netcraft Netcraft can be used to view many details about a web server, including IP address, netblock, last views, OS information, and web server version.
Who first developed SSL? Netscape Microsoft Sun Oracle
Netscape Netscape originally developed SSL, but since its introduction the technology has spread to become a standard supported by many clients such as email, web browsers, VPNs, and other systems.
Symmetric key systems have key distribution problems due to __________. Number of keys Generation of key pairs Amount of data Type of data
Number of keys The number of keys increases dramatically with more and more parties using symmetric encryption; hence it does not scale well.
Which system does SSL use to function? AES DES 3DES PKI
PKI PKI is used in the process of making SSL function. While it is true that AES, DES, and 3DES can be used in SSL connections, PKI is the only one used consistently in all situations.
Which of the following does IPsec use? SSL AES DES PKI
PKI PKI is used with IPsec to allow it to function in environments of any size. IPsec is also capable of using Preshared Key if desired by the system owner.
A public key is stored on the local computer by its owner in a __________. Hash PKI system Smart card Private key
PKI system A public key is not necessarily stored on the local system, but a private key will always be present if the user is enrolled.
Vulnerability research deals with which of the following? Actively uncovering vulnerabilities Passively uncovering vulnerabilities Testing theories Applying security guidance
Passively uncovering vulnerabilities Vulnerability research is a way of passively uncovering weaknesses.
Which of the following does an ethical hacker require to start evaluating a system? Training Permission Planning Nothing
Permission An ethical hacker never performs their services against a target without explicit permission of the owner of that system.
Which port uses SSL to secure web traffic? 443 25 23 80
Port 443 Port 443 is used for HTTPS traffic, which is secured by SSL.
What is the proper sequence of the TCP three-way-handshake? SYN-ACK, ACK, ACK SYN, SYN-ACK, ACK SYN-SYN, SYN-ACK, SYN ACK, SYN-ACK, SYN
SYN, SYN-ACK, ACK Remember this three-way handshake sequence; you will see it quite a bit in packet captures when sniffing the network. Being able to identify the handshake process allows you to quickly find the beginning of a data transfer.
SSL is a mechanism for which of the following? Securing stored data Securing transmitted data Verifying data Authenticating data
Securing transmitted data SSL is used to secure data when it is being transmitted from client to server and back. The system is supported by most clients, including web browsers and email clients.
Which of the following can be used to assess physical security? Web cams Satellite photos Street views Interviews
Street views Street-level views using technology such as Google Street View can give you a picture of what types of security and access points may be present in a location.
Which of these protocols is a connection-oriented protocol? FTP UDP POP3 TCP
TCP (Transmission Control Protocol) Transmission Control Protocol (TCP) is a connection-oriented protocol that uses the three-way-handshake to confirm that a connection is established. FTP and POP3 use connections, but they are not connection-oriented protocols.
A scan of a network client shows that port 23 is open; what protocol is this aligned with? Telnet NetBIOS DNS SMTP
Telnet Port 23 is used for Telnet traffic.
What is a code of ethics? A law for expected behavior A description of expected behavior A corporate policy A standard for civil conduct
A description of expected behavior Code of ethics is a description of expected behavior. While not adhering to ethics typically does not result in legal action, it can result in expulsion from certain organizations such as EC-Council certification.
When scanning a network via a hardline connection to a wired-switch NIC in promiscuous mode, what would be the extent of network traffic you would expect to see? Entire network VLAN you are attached to All nodes attached to the same port None
All nodes attached to the same port Because each switchport is its own collision domain, only nodes that reside on the same switchport will be seen during a scan.
At which layer of the OSI model does a proxy operate? Physical Network Data Link Application
Application Layer Proxies operate at Layer 7, the Application layer of the OSI model. Proxies are capable of filtering network traffic based on content such as keywords and phrases. Because of this, a proxy digs down farther than a packet's header and reviews the data within the packet as well.
Choosing a protective network appliance, you want a device that will inspect packets at the most granular level possible while providing improved traffic efficiency. What appliance would satisfy these requirements? Layer 3 switch NAT-enabled router Proxy firewall Application firewall
Application firewall A packet-filtering firewall operates at Layer 7 (and all layers) of the OSI model and thus filters traffic at a highly granular level.
Pen testers work to find holes in the clients environment that would disrupt the CIA triad and the way it functions. Which of the following is not included int he anti-CIA triad?
Availability
Which of the following manages digital certificates? Hub Key Public key Certificate authority
certificate authority A certificate authority is responsible for issuing and managing digital certificates as well as keys.
If you can't gain enough information directly from a target, what is another option? EDGAR Social engineering Scanning Competitive analysis
competitive analysis Competitive analysis can prove very effective when you're trying to gain more detailed information about a target. Competitive analysis relies on looking at a target's competitors in an effort to find out more about the target.
Which of the following describes the TCP protocol?
connection-orientated
Which of the following can be useful in locating information that a company realized was a bad idea to publish and then removed?
google.com
The group Anonymous is an example of what?
hacktivists Anonymous is an example of hacktivists.
Which of the following best describes hashing? An algorithm A cipher Nonreversible A cryptosystem
nonreversible Hashing is referred to as a cipher or algorithm or even a cryptosystem, but it can be uniquely referred to as a nonreversible mechanism for verifying the integrity of data. Remember that hashing doesn't enforce confidentiality.
How is black-box testing performed? With no knowledge With full knowledge With partial knowledge By a black hat
with no knowledge Black-box testing is performed with no knowledge to simulate an actual view of what a hacker would have.
Which ports does SNMP use to function? 160 and 161 160 and 162 389 and 160 161 and 162
161 and 162
Port number __________ is used for SMTP. 25 110 389 52
25
What is a covert channel? An obvious method of using a system A defined process in a system A backdoor A Trojan on a system
A backdoor
A full-open scan means that the three-way handshake has been completed. What is the difference between this and a half-open scan? A half-open uses TCP. A half-open uses UDP. A half-open does not include the final ACK. A half-open includes the final ACK.
A halp-open does not include the final ACK.
What separates a suicide hacker from other attackers? A disregard for the law A desire to be helpful The intent to reform A lack of fear of being caught
A lack of fear of being caught A suicide hacker's main difference from other hackers is their complete and utter lack of concern in regard to being caught.
What is an ICMP echo scan? A ping sweep A SYN scan A Xmas tree scan Part of a UDP scan
A ping sweep
Which is/are a characteristic of a virus? A virus is malware. A virus replicates on its own. A virus replicates with user interaction. A virus is an item that runs silently.
A virus is a malware. & A virus replicates with user interaction.
Which best describes a vulnerability scan? A way to find open ports A way to diagram a network A proxy attack A way to automate the discovery of vulnerabilities
A way to automate the discovery of vulnerabilities
Which of the following is/are true of a worm? A worm is malware. A worm replicates on its own. A worm replicates with user interaction. A worm is an item that runs silently.
A worm is malware. & A worm replicates on its own.
What is missing from a half-open scan? SYN ACK SYN-ACK FIN
ACK An ACK flag belongs to the last part of the three-way handshake, and this part never happens in a half-open scan.
An overt channel is __________. An obvious method of using a system A defined backdoor process in a system A backdoor A Trojan on a system
AN obvious method of using a system.
Footprinting has two phases. What are they? Active and pseudonymous Active and passive Social and anonymous Scanning and enumerating
Active and passive Footprinting is typically broken into active and passive phases, which are characterized by how aggressive the process actually is. Active phases are much more aggressive than their passive counterparts.
What can be configured in most search engines to monitor and alert you of changes to content? Notifications Schedules Alerts HTTP
Alerts Alerts can be set up with Google as well as other search engines to monitor changes on a given website or URL. When a change is detected, the alert is sent to the requestor.
A covert channel or backdoor may be detected using all of the following except __________. Nmap Sniffers An SDK Netcat
An SDK (software development kit)
In IPsec, what does Authentication Header (AH) provide? Data security Header security Authentication services Encryption
Authentication services The Authentication Header provides authentication services to data, meaning that the sender of the data can be authenticated by the receiver of the data.
What kind of domain resides on a single switchport? Windows domain Broadcast domain Secure domain Collision domain
Collision domain Each port on a switch represents a collision domain.
A good defense against password guessing is __________. Complex passwords Password policy Fingerprints Use of NTLM
Complex passwords
What is not a benefit of hardware keyloggers? Easy to hide Difficult to install Difficult to detect Difficult to log
Difficult to install
A virus does not do which of the following? Replicate with user interaction Change configuration settings Exploit vulnerabilities Display pop-ups
Display pop-ups
Footprinting can determine all of the following except __________? Hardware types Software types Business processes Distribution and number of personnel
Distribution and number of personal
Ethical hackers are also referred to as white hat hackers or script kiddies.
False
Footprinting refers to gathering information using active methods that interact with the target servers.
False
What is the purpose of social engineering? Gain information from a computer through networking and other tools Gain information from the web looking for employee names Gain information from a job site using a careful eye Gain information from a human being through face-to-face or electronic means
Gain information from a human being through face-to-face or electronic means
A __________ is used to represent a password. NULL session Hash Rainbow table Rootkit
Hash
An administrator has just been notified of irregular network activity; what appliance functions in this manner? IPS Stateful packet filtering IDS Firewall
IDS (Intrusion detection systems) Intrusion detection systems (IDSs) react to irregular network activity by notifying support staff of the incident; however, unlike IPSs, they do not proactively take steps to prevent further activity from occurring.
What is an SID used to do? Identify permissions Identify a domain controller Identify a user Identify a mail account
Identify a user.
A sparse infector virus __________. Creates backdoors Infects data and executables Infects files selectively Rewrites itself
Infects files selectively.
Which of the following best describes footprinting? Enumeration of services Discovery of services Discussion with people Investigation of a target
Investigation of target Footprinting is the gathering of information relating to an intended target. The idea is to gather as much information about the target as possible before starting an attack.
__________ is a hash used to store passwords in older Windows systems. LM SSL SAM LMv2
LM
Hubs operate at what layer of the OSI model? Layer 1 Layer 2 Layer 3 Layer 4
Layer 1 Hubs operate at Layer 1, the Physical layer of the OSI model. Hubs simply forward the data they receive. There is no filtering or directing of traffic; thus, they are categorized at Layer 1.
If a device is using node MAC addresses to funnel traffic, what layer of the OSI model is this device working in? Layer 1 Layer 2 Layer 3 Layer 4
Layer 2 A network device that uses MAC addresses for directing traffic resides on Layer 2 of the OSI model. Devices that direct traffic via IP addresses, such as routers, work at Layer 3.
In IPsec, encryption and other processes happen at which layer of the OSI model? Level 1 Level 2 Level 3 Level 4
Level 3 IPsec operates at the Network layer, or Layer 3, of the OSI model, unlike many previous techniques.
Which of the following is a common hashing protocol? MD5 AES DES RSA
MD5 MD5 is the most widely used hashing algorithm, followed very closely by SHA1 and the SHA family of protocols.
SNMP is used to do which of the following? Transfer files Synchronize clocks Monitor network devices Retrieve mail from a server
Monitor network devices
ADS requires what to be present? SAM Domain NTFS FAT
NTFS
Alternate Data Streams are supported in which file systems? FAT16 FAT32 NTFS CDFS
NTFS
If a domain controller is not present, what can be used instead? Kerberos LM NTLMv1 NTLMv2
NTLMv2
__________ is used to synchronize clocks on a network. SAM NTP NetBIOS FTP
NTP
Which of the following types of attack has no flags set? SYN NULL Xmas tree FIN
NULL A NULL scan has no flags configured on its packets.
An attacker can use __________ to enumerate users on a system. NetBIOS TCP/IP NetBEUI NNTP
NetBIOS
Which of the following is used for identifying a web server OS? Telnet Netcraft Fragroute Wireshark
Netcraft Netcraft is used to gather information about many aspects of a system, including operating system, IP address, and even country of origin.
Which of the following is a port scanner?
Nmap
Which of the following tools is a vulnerability scanner?
OpenVAS
Enumeration is useful to system hacking because it provides __________. Passwords IP ranges Configuration Usernames
Passwords and Usernames
nmap is required to perform what type of scan? Port scan Vulnerability scan Service scan Threat scan
Port scan
What does the enumeration phase not discover? Services User accounts Ports Shares
Ports
LDAP is used to perform which function? Query a network Query a database Query a directory Query a file system
Query a database
A Trojan can include which of the following? RAT TCP Nmap Loki
RAT (remote access trojan)
A __________ is a type of offline attack. Cracking attack Rainbow attack Birthday attack Hashing attack
Rainbow attack
What are worms typically known for? Rapid replication Configuration changes Identity theft DDoS
Rapid replication
Which network topology uses a token-based access methodology? Ethernet Star Bus Ring
Ring networks Token ring networks use a token-based access methodology. Each node connected to the network must wait for possession of the token before it can send traffic via the ring.
Which of the following is a hashing algorithm?
SHA256
SNScan is used to access information for which protocol? SMTP FTP SMNP HTTP
SMNP
You have selected the option in your IDS to notify you via email if it senses any network irregularities. Checking the logs, you notice a few incidents but you didn't receive any alerts. What protocol needs to be configured on the IDS? NTP SNMP POP3 SMTP
SMTP (Simple mail transfer protocol) Simple Mail Transfer Protocol (SMTP) operates on port 25 and is used for outgoing mail traffic. In this scenario, the IDS SMTP configuration needs to be updated.
What is the sequence of the three-way handshake? SYN, SYN-ACK, ACK SYN, SYN-ACK SYN, ACK, SYN-ACK SYN, ACK, ACK
SYN, SYN-ACK, ACK
__________ is used to partially encrypt the SAM. SYSKEY SAM NTLM LM
SYSKEY
What phase comes after footprinting? System hacking Enumeration Scanning Transfer files
Scanning Scanning comes after the footprinting phase. Footprinting is used to get a better idea of the target.
NTLM provides what benefit versus LM? Performance Security Mutual authentication SSL
Security
SMTP is used to perform which function? Monitor network equipment Transmit status information Send email messages Transfer files
Send email messages
Symmetric cryptography is also known as __________. Shared key cryptography Public key cryptography Hashing Steganography
Shared key cryptography Symmetric cryptography is also known as shared key cryptography.
A remote access Trojan would be used to do all of the following except __________. Steal information Remotely control a system Sniff traffic Attack another system
Sniff traffic
A DNS zone transfer is used to do which of the following? Copy files Perform searches Synchronize server information Decommission servers
Synchronize server information
An SYN attack uses which protocol? TCP UDP HTTP Telnet
TCP
Which of the following is not a Trojan? BO2K LOKI Subseven TCPTROJAN
TCPTROJAN
Which utility will tell you in real time which ports are listening or in another state? Netstat TCPView Nmap Loki
TCPView
Which of the following is a utility used to reset passwords? TRK ERC WinRT IRD
TRK (Trinity Rescue Kit)
What does TOE stand for? Target of evaluation Time of evaluation Type of evaluation Term of evaluation
Target of Evaluation TOE stands for target of evaluation and represents the target being tested.
Which of the following is used for banner grabbing? Telnet FTP SSH Wireshark
Telnet
What is the three-way handshake? The opening sequence of a TCP connection A type of half-open scan A Xmas tree scan Part of a UDP scan
The opening sequence of a TCP connection.
Which of the following is true when creating a digital signature?
The sender encrypts the hash of a message with sender's private key.
A logic bomb is activated by which of the following? Time and date Vulnerability Actions Events
Time and date, Actions, and events
Why would you need to use a proxy to perform scanning? To enhance anonymity To fool firewalls Perform half-open scans To perform full-open scans
To enhance anonymity. You do not need to use a proxy to perform scanning, but using one will hide the process of scanning and make it more difficult to monitor by the victim or other parties.
What is the purpose of a proxy? To assist in scanning To perform a scan To keep a scan hidden To automate the discovery of vulnerabilities
To keep a scan hidden.
SNMP is used to perform which function in relation to hardware? Trap messages Monitor and manage traffic Manage users and groups Monitor security and violations
Trap messages
A logic bomb has how many parts, typically? One Two Three Four
Two
Which command can be used to view NetBIOS information? netstat nmap nbtstat telnet
nbtstat
How would you use Netcat to set up a server on a system? nc -l -p 192.168.1.1 nc -l -p 1000 nc -p -u 1000 nc -l -p -t 192.168.1.1
nc -l -p 192.168.1.1
What command is used to listen to open ports with netstat? netstat -an netstat -ports netstat -n netstat -s
netstat -an
Enumeration does not uncover which of the following pieces of information? Services User accounts Ports Shares
ports
Which of the following would be a very effective source of information as it relates to social engineering? Social networking Port scanning Websites Job boards
social networking Social networking has proven especially effective for social engineering purposes. Due to the amount of information people tend to reveal on these sites, they make prime targets for information gathering.
__________ is the process of exploiting services on a system. System hacking Privilege escalation Enumeration Backdoor
system hacking
A public and private key system differs from symmetric because it uses which of the following? One key One algorithm Two keys Two algorithms
two keys A public and private key are mathematically related keys, but they are not identical. In symmetric systems only one key is used at a time.
Which of the following would confirm a user named chell in SMTP? vrfy chell vrfy -u chell expn chell expn -u chell
vrfy chell
Which of the following best describes PGP? A symmetric algorithm A type of key A way of encrypting data in a reversible method A key escrow system
A way of encrypting data in a reversible method. PGP is a method of encrypting stored data to include emails, stored data, and other similar information. It is a form of public and private key encryption.
Which of the following best describes a vulnerability? A worm A virus A weakness A rootkit
A weakness A vulnerability is a weakness. Worms, viruses, and rootkits are forms of malware.
What is EDGAR used to do? Validate personnel Check financial filings Verify a website Gain technical details
Check financial filings EDGAR can be used to verify the financial filings of a company.
IPsec uses which two modes? AH/ESP AES/DES EH/ASP AES/ESP
AH/ESP IPsec uses two modes: Authentication Header (AH) and Encapsulating Security Payload (ESP). Both modes offer protection to data but do so in different ways.
What are the 7 steps of an ethical hacker?
Footprinting, Scanning, Enumeration, System Hacking, Escalation of Privilege, Covering Tracks, and Planting Backdoors
Which of the following would most likely engage in the pursuit of vulnerability research? White hat Gray hat Black hat Suicide hacker
White hat White hats are the most likely to engage in research activities, and although gray and black hats may engage in these activities, they are not typical.
Which OS holds 90 percent of the desktop market and is one of our largest attack surfaces? Windows Linux Mac OS iOS
Windows Windows remains king for sheer volume and presence on desktop and servers.