CC6051 Ethical Hacking quiz 5

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

When a TCP three-way handshake ends, both parties send a(n) ____ packet to end the connection. Answer SYN ACK FIN RST

FIN

The ____ vi command deletes the current line. Answer d dl dd dw

dd

The ____ option of Nmap is used to perform a TCP SYN stealth port scan. Answer -sS -sU -sV -S

-sS

HTTP uses port ____ to connect to a Web service. Answer 21 22 25 80

80

typically used to get past a firewall

ACK scan

___ is a reasonably priced commercial port scanner with a GUI interface. Answer AW Security Port Scanner Common Vulnerabilities and Exposures Ethereal Tcpdump

AW Security Port Scanner

Which ports should security professionals scan when doing a test? Why?

As a security tester, you need to know which ports attackers are going after so those ports can be closed or protected. Security professionals must scan all ports when doing a test, not just the well-known ports (Ports 1 to 1023, the most common, are covered in Chapter 2). Many computer programs use port numbers outside the range of well-known ports. For example, pcAnywhere operates on ports 65301, 22, 5631, and 5632. A hacker who discovers that port 65301 is open might want to check the information at the Common Vulnerabilities and Exposures Web site for a possible vulnerability in pcAnywhere. After a hacker discovers an open service, finding a vulnerability or exploit isn't difficult.

A closed port can be vulnerable to an attack. Answer True False

False

A closed port responds to a SYN scan with an RST packet, so if no packet is received, the best guess is that the port is open. Answer True False

False

A disadvantage of Nmap is that it is very slow because it scans all the 65,000 ports of each computer in the IP address range. Answer True False

False

If subnetting is used in an organization, you can include the broadcast address by mistake when performing ping sweeps. How might this happen?

If you decide to use ping sweeps, be careful not to include the broadcast address in your range of addresses. You can do this by mistake if subnetting is used in an organization. For example, if the IP address 193.145.85.0 is subnetted with a 255.255.255.192 subnet mask, four subnets are created: 193.145.85.0, 193.145.85.64, 193.145.85.128, and 193.145.85.192. The broadcast addresses for each subnet are 193.145.85.63, 193.145.85.127, 193.145.85.191, and 193.145.85.255, respectively. If a ping sweep was inadvertently activated on the range of hosts 193.145.85.65 to 193.145.85.127, an inordinate amount of traffic could flood through the network because the broadcast address of 193.145.85.127 was included. This would be more of a problem on a Class B address, but if you perform ping sweeps, make sure your client signs a written agreement authorizing the testing.

How does a SYN scan work?

In a normal TCP session, a packet is sent to another computer with the SYN flag set. The receiving computer sends back a packet with the SYN/ACK flag set, indicating an acknowledgment. The sending computer then sends a packet with the ACK flag set. If the port to which the SYN packet is sent is closed, the computer responds to the SYN packet with an RST/ACK packet. If a SYN/ACK packet is received by an attacker's computer, it quickly responds with an RST/ACK packet, closing the session. This is done so that a full TCP connection is never made and logged as a transaction. In this sense, it is "stealthy." After all, you don't want a transaction to be logged showing the IP address that connected to the attacked computer.

A common Linux rootkit is ____. Answer Back Orfice Kill Trojans Packet Storm Security Linux Rootkit 5

Linux Rootkit 5

Why is port scanning considered legal by most security testers and hackers?

Most security testers and hackers argue that port scanning is legal simply because it doesn't invade others' privacy; it merely discovers whether the party being scanned is available. The typical analogy is a person walking down the street and turning the doorknob of every house along the way. If the door opens, the person notes that the door is open and proceeds to the next house. Of course, entering the house would be a crime in most parts of the world, just as entering a computer system or network without the owner's permission is a crime.

TCP scan with all the packet flags are turned off

NULL scan

The ____ tool was originally written for Phrack magazine in 1997 by Fyodor. Answer Unicornscan Fping Nessus Nmap

Nmap

____ is currently the standard port-scanning tool for security professionals. Answer Unicornscan Fping Nessus Nmap

Nmap

a port scanning tool

Nmap

What makes the ____________________ tool unique is the ability to update security check plug-ins when they become available.

OpenVAS

____, an open-source fork of Nessus, functions much like a database server, performing complex queries while the client interfaces with the server to simplify reporting and configuration. Answer Unicornscan NetScanTools OpenVAS Nmap

OpenVAS

Why is port scanning useful for hackers?

Port scanning helps you answer questions about open ports and services by enabling you to quickly scan thousands or even tens of thousands of IP addresses. Many port-scanning tools produce reports of their findings, and some give you best-guess assessments of which OS is running on a system. Most, if not all, scanning programs report open ports, closed ports, and filtered ports in a matter of seconds. When a Web server needs to communicate with applications or other computers, for example, port 80 is opened. An open port allows access to applications and can be vulnerable to an attack. A closed port does not allow entry or access to a service. For instance, if port 80 is closed on a Web server, users wouldn't be able to access Web sites. A port reported as filtered might indicate that a firewall is being used to allow specified traffic in or out of the network.

A computer that receives a SYN packet from a remote computer responds to the packet with a(n) ____ packet if its port is open. Answer FIN RST SYN/ACK ACK

SYN/ACK

____ is a protocol packet analyzer. Answer Nmap Fping Tcpdump Nessus

Tcpdump

Port scanning is a method of finding out which services a host computer offers. Answer True False

True

You can search for known vulnerabilities in a host computer by using the Common Vulnerabilities and Exposures Web site. Answer True False

True

____ was developed to assist security testers in conducting tests on large networks and to consolidate many of the tools needed for large-scale endeavors. Answer Unicornscan NetScanTools Nessus Nmap

Unicornscan

What makes the OpenVAS tool unique?

What makes this tool unique is the capability to update security check plug-ins when they become available. An OpenVAS plug-in is a security test program (script) that can be selected from the client interface. The person who writes the plug-in decides whether to designate it as dangerous, and the author's judgment on what's considered dangerous might differ from yours.

Closed ports respond to a(n) ____ with an RST packet. Answer XMAS scan SYN scan Connect scan ACK scan

XMAS scan

n this type of scan, the FIN, PSH, and URG flags are set

XMAS scan

Nmap has a GUI version called ____________________ that makes it easier to work with some of the more complex options.

Zenmap

does not allow entry or access to a service

closed port

The ____ relies on the OS of the attacked computer, so it's a little more risky to use than the SYN scan. Answer NULL scan connect scan XMAS scan ACK scan

connect scan

similar to the SYN scan, except that it does complete the three-way handshake

connect scan

might indicate that a firewall is being used

filtered port

allows access to applications

open port

operates on ports 65301, 22, 5631, and 5632

pcAnywhere

Port scanners can also be used to conduct a(n) ____________________ of a large network to identify which IP addresses belong to active hosts.

ping sweep

An OpenVAS____________________ is a security test program (script) that can be selected from the client interface. Answer

plug-in

A ____ or batch file is a text file containing multiple commands that are normally entered manually at the command prompt. Answer script program snippet signature

script

Some attackers want to be hidden from network devices or IDSs that recognize an inordinate amount of pings or packets being sent to their networks, so they use ____________________ attacks that are more difficult to detect.

stealth

In an ACK scan, if the attacked port returns an RST packet the attacked port is considered to be "____". Answer open closed unfiltered unassigned

unfiltered


Ensembles d'études connexes

Developing Through the Life Span

View Set

Combined NUR 317 Final Exam for Ob/Peds

View Set

VP Exam 1: Crisis Intervention, Anger-Aggression, & Grief/Loss Practice Question

View Set

EXCEL - Chapter 5, EXCEL Chapter 7, Excel Chapter 7, Excel Chapter 5

View Set

The dissolution of the monasteries

View Set

Financial Management & Policy - Ch 16

View Set

Chapter 8 - Using Supporting Materials

View Set