Test 3
Encryption routines can use a variety of cryptographic functions and logical operations. One such technique is the XOR. Using the XOR function, which of the following is correct?
10011001
Which of the following is used to test for SQL injection?
123456 or '1'=1'
One of the reasons 3DES was adopted is because it is stronger than DES. What is the key length of 3DES?
168 bits
You found the following address in your log files: 0xde.0xaa.0xce.0x1a. What is the IP address in decimal?
222.170.206.26
Which of the following properly describes the steps to create an encrypted message that contains a digital signature using PKI? Place the steps in the correct order. 1. Encrypt the message with the recipient's public key. 2. Create a hash of the message. 3. Create the message to be sent. 4. Encrypt the hash with your private key.
3,2,4,1
How long is the DES encryption key?
56 bits
How many bits of plain text can DES process at a time?
64 Bits
Dansguardian
A firewall. Controls which websites a user can and can't visit. Also does virus filtering
Proxy server
A type of firewall that intercepts all requests to the real server to see whether it can fulfill the requests itself. If not, it forwards the request to the real server. Proxy servers are used to improve performance and add security.
WPA2 uses which of the following encryption standards?
AES
RSA is an example of which of the following?
Asymmetric algorithm
Which of the following can be used to provide confidentiality and integrity?
Asymmetric encryption
After identifying possible web servers, the attacker usually attempts to enumerate additional details about the server and its components, such as the web server version and type. Which of the following techniques is used to perform this task?
Banner grabbing and enumeration
Which of the following is an attack where the attacker does not make the application display or transfer any data, but instead, can reconstruct the information by sending specific statements and discerning the behavior of the application and database?
Blind SQL injection
Which of the following is a proxy tool that can be used to analyze requests and responses to and from a web application?
Burp Suite
Which of the following attacks is also referred to as UI redress attacks?
Clickjacking
You discover something strange in the logs: www.google.com && cat/etc/passwd. It appears that the two items were appended together. What is the best description of what this is called?
Command injection
Which of the following is a type of injection attack against web applications?
Command, LDAP, and file injections
Jake has just been given a new hacking tool by an old acquaintance. Before he installs it, he would like to make sure that it is legitimate. Which of the following is the best approach?
Compare the tool's hash value to the one found on the vendor's website.
While shoulder surfing some co-workers, you notice one executing the following command: ./john /etc/shadow. What is the co-worker attempting to do?
Crack the password file
Which of the following certification trust models can be described as allowing participants to trust other participants' PKI?
Cross-certification
You found the following string in an email that was sent to you: <img src="https://www.hackthestack.com/transfer?amount=1000&destination=bob"> What type of attack is the hacker attempting?
Cross-site request forgery
Which attack makes use of recursive DNS lookups?
DNS amplification attack
Which of the following binds a user's identity to a public key?
Digital certificate
When would a hashing algorithm be used in conjunction with a sender's private key?
Digital signatures
Which of the following EAP types only uses a password hash for client authentication?
EAP-MD5
Which of the following best describes HTTP?
HTTP is considered a stateless connection.
Tiger is an example of what?
Hashing algorithm
Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library?
Heartbleed
George has been sniffing the encrypted traffic between Bill and Al. He has noticed an increase in traffic and believes the two are planning a new venture. What is the name of this form of attack?
Inference attack
You have noticed the following in your logs. What was the attacker trying to do? GET/%c0%af..%c0%af..%c0%af..%c0%af..C:/mydocuments/home/cmd.exe/c+nc+-l+-p+8080+-e+cmd.exe HTTP/1.1
Install Netcat as a listener on port 8080 to shovel a command shell back to the attacker
Which of the following is a best defense against the Unicode vulnerability on an unpatched IIS server?
Install the web server to a separate logical drive other than that of the OS
Heap-based buffer overflows are different from stack-based buffer overflows because stack-based buffer overflows are dependent on overflowing what?
Internal structures
Why are hashing algorithms like bcrypt used now instead of MD5 ?
It is harder to find collisions.
Ginny has a co-worker's WinZip file with several locked documents that are encrypted, and she would like to hack it. Ginny also has one of the locked files in its unencrypted state. What's the best method to proceed?
Known plain-text attack
Which of the following is an example of a hashing algorithm?
MD5
What form of authentication takes a username and a random nonce and combines them?
Message digest authentication
Which of the following is usually discussed in addition to the concepts of AIC when dealing with cryptographic systems?
Nonrepudiation
Which of the following is a good tool to use as a proxy between the web application and the browser?
OWASP ZAP
A small company that you consult for has asked your advice on how to set up an encrypted email service. The company does not want to pay a license fee or manage a server for these services. What should you recommend?
PGP
Which of the following HTTP Methods is used to send data to the server (typically using HTML forms, API requests, and so on)?
POST
Which of the following does a digital signature not provide?
Privacy
Which of the following does symmetric encryption provide?
Privacy
When using digital signatures, which of the following does the recipient utilize when verifying the validity of the message?
Public Key
Which of the following is an example of a symmetric encryption algorithm?
RC4
Which of the following would be best suited to streaming voice communication?
RC4
Caesar's cipher is also known as what?
ROT3
Which of the following is a type of XSS attack?
Reflected, DOM, and Stored
During the exam, if you were asked to make two lists of symmetric and asymmetric algorithms, which of the following would you place in the symmetric algorithm category?
Rijndael
omar' or '1' = '1
SQL injection
What is the best definition of a style of software design where services are provided to the other components by application components, through a communication protocol over a network?
Service-oriented architecture
Which of the following is not correct about the registration authority?
The RA can issue certificates.
While conducting a penetration test for a new client, you noticed that they had several databases. After testing one, you got the following response: Microsoft OLE DB Provider for ODBC Drivers error '80004005'[Microsoft][ODBC Driver Manager]Data source name not found and no default driver specified errorin asp file line 82: What is the problem?
The SQL server is vulnerable to SQL injection.
You have been asked to investigate a breach of security. An attacker has successfully modified the purchase price of an item. You have verified that no entries were found in the IDS, and the SQL databases show no indication of compromise. How did this attack most likely occur?
The attack occurred by changing the hidden tag value from a local copy of the web page.
While performing a penetration test for your client, you discovered the following on the client's e-commerce website: <input type="hidden" name="com" value="add"><input type="hidden" name="un" value="Cowboy Hat/Stetson"><input type="hidden" name="pid" value="823-45"><input type="hidden" name="price" value="114.95"> Which of the following should you note in your report?
The dollar value should be confirmed before processing it.
What does the following command achieve? Telnet <IP Address> <Port 80>HEAD /HTTP/1.0<Return><Return>
This command returns the banner of the website specified by the IP address.
What type of attack is shown in the following example? https://store.h4cker.org/buyme.php?id=1234' UNION SELECT 1,user_name,password,'1','1','1',1 FROM user_system_data --
Union SQL injection
While using your online student loan service, you notice the following string in the URL browser bar: https://store.h4cker.org/userid=38471129543&amount=275 You notice that if you change the amount paid from $275 to $500, the value on that web page changes also. What type of vulnerability have you discovered?
Web parameter tampering
When discussing hashing algorithms, how would you best describe collisions?
When two messages produce the same digest or hash value
Which programs did we use for the lab?
Wireshark, md5sum, sha1sum, ciricada, yara, stringscommand
What type of vulnerabilities can be triggered by using the following string? <STYLE TYPE="text/javascript">alert("some code");</STYLE>
XSS
As part of a web application review, you have been asked to examine a web application and verify that it is designed to delete all browser cookies upon session termination. What type of problem is this seeking to prevent?
You are seeking to prevent hackers from obtaining a user's authentication credentials.
When discussing passwords, what is considered a brute-force attack?
You attempt every single possibility until you exhaust all possible combinations or discover the password
You have become worried that one of your co-workers accessed your computer and copied the secring.skr file while you were on break. What would that mean?
Your PGP secret key has been stolen.
You have identified a targeted website. You are now attempting to use Nmap scripts to further enumerate the targeted systems. Which of the following checks if a web server is vulnerable to directory traversal attack?
nmap --script http-passwd -- script-args http-passwd.root = / IP_address
Squid ACL
text files containing lists that define who can access Proxy Server resources
Squid
widely-used caching proxy server for Linux and Unix platforms
