System Security Management Quiz 9

Which of the following statements are true? Each correct answer represents a complete solution. Choose all that apply. A. Rainbow tables can be used to suppress Syslog messages. B. Attackers can use rainbow tables to cover their tracks and for evasion. C. A tool called RainbowCrack can be used to automate the cracking of passwords using rainbow tables. D. Attackers can use rainbow tables to accelerate password cracking. Rainbow tables, which are precomputed tables for reversing cryptographic hash functions, can be used to derive a password by looking at the hashed value.

A tool called RainbowCrack can be used to automate the cracking of passwords using rainbow tables. Attackers can use rainbow tables to accelerate password cracking. Rainbow tables, which are precomputed tables for reversing cryptographic hash functions, can be used to derive a password by looking at the hashed value.

Which of the following is an example of a web application penetration testing tool? A. Burp Suite B. All of these C. OWASP Zed Attack Proxy (ZAP) D. W3AF

All of these

Which of the following is true about Shodan? A. All of these B. Penetration testers can use this tool to gather information about potentially vulnerable systems exposed to the Internet without actively scanning their victims. C. Attackers can use this tool to identify vulnerable and exposed systems on the Internet (such as misconfigured IoT devices and infrastructure devices). D. Shodan is an organization that continuously scans the Internet and exposes its results to users via its website.

All of these

Which of the following tools can be used to generate a wordlist? A. Hashcat B. CeWL C. Ncrack D. Rcrack

CeWL

Which of the following is a tool used to enumerate SMB shares, vulnerable Samba implementations, and corresponding users? A. Enum4linux B. FOCA C. Recon-ng D. Maltego

Enum4linux

Bash is a command shell and language interpreter that is available for operating systems such as Linux, Mac OS X, and even Windows. The name bash is an acronym for the Bourne-Again shell. What does a shell do? A. It deletes application logs. B. It deletes temporary files. C. It allows for interactive or non-interactive command execution. D. It suppresses Syslog messages.

It allows for interactive or non-interactive command execution.

Which of the following describes one of the uses of Theharvester? A. It is used to create a reverse shell on the victim system and to execute the bash shell. B. It is used to create a bind shell on the victim system and to execute the bash shell. C. It is used to perform active reconnaissance of a person or a website. It can query several data sources, including Baidu, Google, LinkedIn, public Pretty Good Privacy (PGP) servers, Twitter, vhost, Virus Total, ThreatCrowd, CRTSH, Netcraft, Yahoo, and others. D. It is used to enumerate DNS information about a given hostname or IP address. It is useful for passive reconnaissance. It can query several data sources, including Baidu, Google, LinkedIn, public Pretty Good Privacy (PGP) servers, Twitter, vhost, Virus Total, ThreatCrowd, CRTSH, Netcraft, Yahoo, and others.

It is used to enumerate DNS information about a given hostname or IP address. It is useful for passive reconnaissance. It can query several data sources, including Baidu, Google, LinkedIn, public Pretty Good Privacy (PGP) servers, Twitter, vhost, Virus Total, ThreatCrowd, CRTSH, Netcraft, Yahoo, and others.

What is the following command doing? root@kali:~# ncrack -p 22 --user dave -P my_list 172.18.104.166Starting Ncrack 0.6 ( http://ncrack.org ) at 2018-06-25 16:55 EDTDiscovered credentials for ssh on 172.18.104.166 22/tcp:172.18.104.166 22/tcp ssh: dave 'password123'Ncrack done: 1 service scanned in 3.00 seconds.Ncrack finished. A. Performing a reflected XSS attack against an SSH server B. Launching a brute-force attack against an SSH server C. Creating a wordlist for all the passwords that a user (dave) has used in the victim system D. Cracking a user s password and storing it in a password list called my_list

Launching a brute-force attack against an SSH server

Which of the following tools can be used to automate open source intelligence (OSINT) gathering? Each correct answer represents a complete solution. Choose all that apply. A. Meterpreter B. Maltego C. PowerSploit D. Recon-ng

Maltego Recon-ng

Which of the following is true about Metasploit? A. Metasploit was created using the C++ programming language. You can use Python and C++ to create exploits, scripts, and modules in Metasploit. B. Metasploit was created using the Ruby programming language. You can use Ruby to create exploits, scripts, and modules in Metasploit. C. Metasploit was created using the C programming language. You can use C to create exploits, scripts, and modules in Metasploit. D. Metasploit was created using the Python programming language. You can use Python to create exploits, scripts, and modules in Metasploit.

Metasploit was created using the Ruby programming language. You can use Ruby to create exploits, scripts, and modules in Metasploit.

Which of the following is a tool used by many penetration testers, attackers, and even malware that can be useful for retrieving password hashes from memory and is also a very useful post-exploitation tool? A. Memdump Dbg B. Mimikatz C. Maltego D. John the Ripper

Mimikatz

Which of the following is an open source web vulnerability scanner? A. Nikto B. Nexpose C. FOCA D. PowerSploit

Nikto

Which of the following is not a tool that is commonly used for passive reconnaissance? A. Maltego B. Nmap C. Shodan D. Dig

Nmap

Which of the following is an open source vulnerability scanner? A. Nexpose B. Qualys C. Retina D. OpenVAS

OpenVAS

Which of the following can be used for post-exploitation activities? A. WinDbg B. PowerShell C. Maltego D. IDA

PowerShell

Refer to the following sample script. @client = client@@exec_opts = Rex::Parser::Arguments.new( "-h" => [ false, "Help menu." ], "-i" => [ false, "Enumerate Local Interfaces"], "-r" => [ true, "The target address range or CIDRidentifier"], "-s" => [ false, "Save found IP Addresses to logs."])def enum_int print_status("Enumerating Interfaces") client.net.config.interfaces.each do |i| if not i.mac_name =~ /Loopback/ print_status(" #{i.mac_name}") print_status(" #{i.ip}") print_status(" #{i.netmask}") print_status() end endenddef arp_scan(cidr) print_status("ARP Scanning #{cidr}") ws = client.railgun.ws2_32 iphlp = client.railgun.iphlpapi i, a = 0, [] iplst,found = [],"" ipadd = Rex::Socket::RangeWalker.new(cidr) numip = ipadd.num_ips while (iplst.length < numip) ipa = ipadd.next_ip if (not ipa) break end What programming language is used here? A. Bash B. Python C. Ruby D. C++

Ruby

Which of the following is a tool that can help automate the enumeration of vulnerable applications, as well as the exploitation of SQL injection vulnerabilities.? WebGoat Empire SQLmap SQLSelect

SQLmap

Which of the following is not a tool that can be used to enumerate the available ports and protocols opened on a victim system? A. SQLmap B. Nmap C. Nexpose D. Nessus

SQLmap

Refer to the following sample script. What are these statements called, and what programming language is used here? # Adds a route to the framework instancedef add_route(opts={}) subnet = opts[:subnet] netmask = opts[:netmask] || "255.255.255.0" # Defaultclass C Rex::Socket::SwitchBoard.add_route(subnet, netmask, session)end# Removes a route to the framework instancedef delete_route(opts={}) subnet = opts[:subnet] netmask = opts[:netmask] || "255.255.255.0" # Defaultclass C Rex::Socket::SwitchBoard.remove_route(subnet, netmask, session)end A. These statements are functions, and the programming language used is Python. B. These statements are flow control statements, and the programming language used is Ruby. C. These statements are methods, and the programming language used is Ruby. D. These statements are flow control statements, and the programming language used is Python.

These statements are methods, and the programming language used is Ruby.

Which of the following can be used with John the Ripper to crack passwords? A. Nmap B. Meterpreter C. PowerSploit D. Wordlists

Wordlists

What is the following command used for? hashcat --force -m 0 -a 0 -o words file1 file2 A. Performing active reconnaissance of a victim using a dictionary attack B. Performing passive reconnaissance of OSINT C. cracking passwords D. Attempting SQL injection using a dictionary

cracking passwords

Which of the following commands performs a TCP SYN scan? A. None of these B. nmap -044 10.1.1.1 C. nmap -sS 10.1.1.1 D. nmap -sP -SYN 10.1.1.1

nmap -sS 10.1.1.1