BUS-S 535

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Message

Application

Permission

Before starting any penetration test, what must you always obtain?

UDP/53

DNS

Frames

Data Link

Availability

Data destruction is an attack on what part of the CIA triad?

False

Footprinting is the first phase in which target systems are actively engaged.

netstat

From the labs, what command is used to view network connections on a host?

TCP/443

HTTPS

False

IPSec is primarily used to encrypt data while "at-rest" (e.g. storage).

man

In Linux, if the syntax for a command is unknown, what command can be used to get additional guidance within the terminal?

/etc/shadow

In Linux, what file stores users encrypted passwords?

root

In a linux terminal, you see the following prompt. What type of account is currently in use? myLinuxPrompt#

TCP-UDP/389

LDAP

Packets

Network

Vulnerability scanner

OpenVAS is what type of tool?

Bits

Physical

TCP/445

SMB

TCP/22

SSH

True

Scapy can be used to execute denial of service attacks.

False

Scapy can only craft ICMP packets.

URG, ACK,SYN, PSH

Select all valid TCP flags.

Pass, Reject, Block

Select the three possible actions for a pfSense firewall rule.

Public, Private

Select the two keys that are involved with asymmetric cryptography.

TCP/23

Telnet

False

The Samba suite is only available for Linux servers/clients.

Segment

Transport

Firewall

What device is implemented on a network to control network traffic access based on security rulesets?

Common Vulnerabilities and Exposures

What does CVE stand for?

Common Vulnerability Scoring System

What does CVSS stand for?

ifconfig

What is the command in Linux/Unix to show network interface connections?

adduser username

What is the linux command to add a new user?

Scanning for vulnerabilities

What is the primary purpose of OpenVAS?

Password recovery

What is the primary use for the tool, hashcat?

1-1023

What is the range of ports is reserved for well-known services?

Creating encrypted volumes

What is the tool, VeraCrypt, used for?

cewl

What linux tool/command can be used to generate a wordlist that mimics a server's password policy?

SSL

What security mechanism is commonly used to secure HTTPS communications?

wordlist

What term is used to describe a dictionary of passwords used during password cracking efforts?

SYN

Which TCP flag is set in the first packet when connecting to a server?

Confidentiality

Which element of the CIA triad is the primary goal of encryption?

Network host discovery

Which of the following actions would not be taken during the enumeration phase?

sha1sum filename

Which of the following is a valid command (in Linux/Unix) to get the hash value of a file?

IMAP

Which of the following is an an Application layer protocol?

Server

Which of the following is not a category of scanning?

ACK-PSH

Which of the following is not a flag combination in the TCP three-way handshake?

Vulnerability identification

Which of the following is not a function of enum4linux?

Manage network assets

Which of the following is not a good reason to run real-time network monitoring software?

Critical

Which of the following is not a type of penetration test?

Host resolution

Which of the following is not a use of the tool, arpspoof?

Scanning

Which of the following is not an act of social engineering?

tcpdump

Which of the following network packet capturing tools is used via the CLI?

TCP/389

Which of the following protocol/port combinations is not part of the SMB reserved block of ports?

Crunch

Which of the following tools can be used to generate wordlists?

TCP/22

Which protocol/port is reserved for SSH traffic?

Footprinting, Scanning, Enumeration, System Hacking, Escalation of Privilege, Covering Tracks, Planting Backdoors

Which selection correctly states the phases of the Ethical Hacking Methodology in linear order?

nmap

Which tool is a commonly used command-line based network information gathering tool?

amap

Which tool is best suited to determine what application is listening on a given port?

True

Wireshark is limited to capturing one interface per application instance.

False

Wireshark provides clear insight into all network traffic data, regardless of traffic encryption levels.

False

Xplico is a network protocol analyzer.

Enumeration

You have just finished port scanning assets that you discovered in the first phase of the Ethical Hacking methodology. What is the next phase in which you will determine likely targets?

True

enum4linux can be used to determine server password policies.


Ensembles d'études connexes

Penny Review : MSK, Breast, Superficials

View Set

Med-Surg Exam #2 Practice Questions

View Set

Computer Forensics and Security: Chapter 3: Digital Evidence in the Court Room

View Set

Using Commas: Introductory Phrases and Clauses

View Set