eh 1, eh 2, eh 3, eh 4, eh 5, eh 6

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Risk = Threats X _____

Vulnerabilities

Why is it important to find the IP address when running a Nikto web server scan?

You need the IP address as part of the Nikto command to run the scan.

What does the MITRE ATT&CK repository provide?

a deep dive into the tactics and techniques used to infiltrate malware

which tool would be best for Vscan nmap wireshark kali linux acunetix

acunetix

in the field of hacking, apt stands for

advance persistent threat

When would you write code as a new polymorphic version of malware?

after modifying existing code in memory

which kali tool is used to provide a list of suitable exploits

amitage

How is BlackEnergy2 delivered?

as an encrypted payload from which a rootkit is installed by a decrypting dropper

Organizations seek to develop and employ good security practices to protect _____, which are tangible and intangible items that can be assigned a value.

assets

tangible or intangible items that can be assigned a value are

assets

which part of the command ""nmap -O -v 100.10.10.10 refers to operating system

-O

The well-known ports are in the range _____.

1-1023

scanning is the ____ phase of ethical hacking

2nd

security policies should be reassessed about every _______ years

3 years

the dark web is estimated to be about ____ times larger than the public web

500

An HTTP tunnel it doesn't encapsulate within the HTTP protocol but sends contents over port _____.

80

a good way to prevent XSS in a web form is to prohibit the use of these symbols

<>

A list of _____ is an example of personally identifiable information.

A complete name and their corresponding social security number

In defending against spyware, disable _____, which has been known to be a security risk for quite a while.

Active X

NTFS __________ can be used to store data in hidden files that are linked to a regular visible file.

Alternate Data Streaming (ADS)

Google _____ will allow you to do your own analytics that will help you get a picture of your web traffic and to see what your customers see.

Analytics

____ is a very powerful scanner that seeks out vulnerabilities, and once found will provide a list of suitable exploits.

Armitage

Which can be applied to a switch on your network that will prevent spanning tree attacks?

BPDU Guard

The _____ group in the CVSS represents the basic qualities of a vulnerability that are constant over time and across user environments.

Base

Part of a vulnerability assessment is Fuzz Testing, which is a(n) _____ method that floods a system with input to discover errors and security gaps in systems and software.

Black Box

_____ attacks are denial of service attacks that shower the network with aggressive amounts of traffic to shut down a service.

Burst

Encryption applies to primarily which tenet of CIA triad

C

_____ changes the DNS cache on the local name server to point to a bogus server.

Cache Poisoning

Before leaving, the final phase of Ethical Hacking is to clean up any evidence or trace of any activity on that machine.

Covering Tracks

_____ is a set of security extensions for DNS that provides authentication mechanisms when dealing with DNS records.

DNSSec

_____ is used to test a DNS query and report the results.

Dig is native to Linux. If using Windows, you can use nslookup to test a DNS query.

With ICMP, a(n) _____ is used to test reachability

Echo request/echo reply

is one of the original methods to send malware, spam, and bogus links. It continues to improve in sophistication.

Email

Enumeration occurs before scanning.

FALSE

MSRPC is a network protocol.

FALSE

Microsoft's RPC is a true implementation of DCE/RPC

FALSE

SNMP can only be used across a local area network

FALSE

Shodan is a real-time system check.

FALSE

One IP addresses spoofing detection technique is called the "TCP Flow Control Method", which sends a SYN packet to what you perceive to be the attacker. It the IP address is spoofed, you will not receive a SYN-ACK.

Flow Control

What is one way to minimize threats to operating system?

Hardening

which browser is more susceptible to malware

IE

How do indicators of compromise (IOCs) prevent malware attacks?

IOCs can be identified and shared among members of the computing community.

With a(n) _____ scan, the TCP header is split over several packets and makes it hard for packet filters and intrusion detection systems to detect a port scan.

IP Fragmentation

The _____ ensures the information is classified appropriately, and assigned the appropriate level of protection.

Information Owner

Why is most malware constructed from kits?

It lowers the cost of malware creation to basically nothing.

Juno is part of the security applications team at Wells Fargo, which tests Wells Fargo's web applications for vulnerabilities. Which operating system will Juno use to do his fuzz testing?

Kali Linux

When conducting Ethical Hacking, _____ provides you with nearly all tools for Penetration Testing.

Kali Linux

_____ is built into Active Directory and uses tickets to access services.

Kerberos

Because a _____ records ALL keystrokes, you can see a user name and password in plain text as someone types it into a form.

Keylogger

What protocol is used to authenticate a user in an organizational unit?

LDAP

SSH tunnels allows you to bypass a firewall that restricts certain Internet services. The most common type of SSH tunnel is _____ port forwarding

Local

Which of the following is an OSINT Google Alerts MXtoolbox Maltego Edgar

Maltego

The nbtscan tool uses what protocol?

NetBios

_____ tools is a graphical user interface utility for Windows that is used to help collect information on a network for assessing irregularities and vulnerabilities.

NetScan

What is used to query host to test for reachability?

Ping

_____ is software used to encrypt and hide text messages within images.

S-tools

You can find templates to create policies that are free to use and will step you through the process at _____, a respected source for information security training

Sans

In Microsoft, user's passwords are stored in the _____ database

Security Account Manager (SAM)

automates vulnerability management, to ensure compliance with PCI, FISMA, HIPAA, and SOX

Security Content Automation Protocol (SCAP)

To search on an individual by using Public Records, White Pages listings, and Social Networking sites to find information, you should use _____.

Spokeo

Installing _____ on a phone allows you to monitor all types of activity, including: Text messages, social media posts, passwords, location, conversations, photos and videos, emails, and websites visited.

Spyware

what is required to transmit data over a network between two computers

Syn Ack Syn-Ack

To make sure a DNS zone transfer is only with authorized servers, deny all inbound connection requests to _____.

TCP Port 53

A Trojan Horse is presented as a useful tool or utility through a free download, or bundled into a popular program. It can create a backdoor that allows your PC to be remotely controlled.

TRUE

Attacks can be active or passive against a network resource, with the hopes of exploiting a vulnerability to achieve some result such as denial of service, data interception, modification, or theft.

TRUE

Normal TCP traffic begins with a 3-way handshake. The first packet is a synchronization packet, which is used to synchronize sequence numbers.

TRUE

SMB and SAMBA are interoperable.

TRUE

Universal Plug and Play (UPnP) works by discovery and advertisements so that the network is aware of what services and devices are available.

TRUE

_____creates guidelines for US agencies to create and implement risk-based policies and procedures that provide security protection for data.

The Federal Information Security Management Act (FISMA), also requires periodic penetration testing on all systems and data.

Legislation that governs data privacy and security practices that safeguard all patient electronic protected health information (e-PHI) in U.S medical facilities.

The Health Insurance Portability and Accountability Act (HIPAA), is also called the Privacy Rule. Anyone who is in violation will face penalties.

Nolan is preparing a vulnerability assessment report for the IT team. Which type of vulnerability assessment report should he prepare?

The IT team should have an executive summary, along with technical details.

How do rootkits achieve persistence?

They insert code into the startup boot records.

_____ threat management devices provide firewall functions, intrusion prevention, antivirus, data loss prevention along with content filtering.

Unified

Which group of the CVSS relects characteristics of a vulnerability that are constant over time and across user environment

base

Nikto performs testing on web servers for a variety of vulnerabilities, such as outdated versions of servers, missing headers such as anti-_____ X-Frame-Options header, and dangerous files and CGIs.

clickjacking

the common vuln scoring system does not include cost of an asset attack vector impact user interaction

cost of an asset

The final phase in system hacking is to _____.

cover tracks .

The steps to take after an incident include: Identify, respond, consider possible causes, _____, and resolve and document.

develop a solution

A _____ attack is a subset of a brute force attack and this uses a list of common passwords.

dictionary

least preferred way to prevent keystroke logging free anti-malware use FW use admin acc for install use more secure browsers

download free anti-malware

which search engine does not remember your searches

duck duck go

which tool is best for investigating a company's financial performance

edgar

which of the following is not reconmended for mobile devices enable geotagging use biometric autherication use https update OS

enable geotagging

Cyber actors use _____ to conceal malicious behavior

encryption

Paasswords are usually stored with the aid of hash functions, not ____

encryption functions

The Ethical Hacker attempts to _____ in order to achieve access to resources normally restricted from an end user or application.

escalate privilege

In the command netstat -abop, what does the b option provide?

executable

When Google Hacking, if I want to find all PDFs with the keyword networking, I would enter _____ in the search.

ext:pdf networking

SHA-1 is a highly preferred hash algorithm

false

a hacker usually prefers to use plaintext in their scripting attacks.

false

a hacker will likely clear logs when entering a system

false

a hardware keylogger runs with the aid of the target's OS

false

an example of a security incident is a business transaction

false

an organization generally has the ability to reduce security threats

false

nessus is used to fix vuln on a target system

false

penetration testing is usually done more often than vscanning

false

A _____is a hardware or software-based mechanism that controls in-coming and out-going traffic based on a set of rules that either permit or deny traffic on a network or host, and provide access control and active filtering.

firewall

which term mostly applies to limiting ping request from a computer

firewall

which stage of system hacking comes first priveledge escal obtaining password gaining access covering tracks

gaining access

which group often breaks the law but does not intend to do any real harm

gray hat hackers

A _____ hacker may try to gain access to a system without permission, but in general, without malice. Often, they will notify an organization in some manner that their system was vulnerable.

grey

Using legal and illegal tools to attack computer systems, deface web sites, and protest to promote political ideology or other causes is called _____.

hacktivism

A _____ is a small device that records each keystroke and then saves it to its on-board memory. It must be physically attached to the system and is observable within the task manager.

hardware keylogger

_____ is a one-way cryptographic function.

hashing

Steganography is the process of hiding data in a carrier. A popular method of hiding data in files is to use a(n) _____ which creates subtle changes in the color of pixels.

image

A regulatory _____ is a set of conditions outlined by a governing body.

law

which phase of hacking installs a backdoor

maintaining access

The zmap tool is used to _____.

map the internet .

a cyber attack occurs about every

minute

Zenmap is a gui for

nmap

vulerabilities do not exist in software people network none

none

in windows, the _____ command will show only the ip address of the destination

nslookup

Bob works at the Veterans Administration (VA) as a Security Analyst. The VA is requiring vulnerability assessments for all 3,500 VA projects. The most efficient way he can accomplish this is by _____.

outsourcing the vulnerability assessment to qualified and approved vendors.

Ricky responded to an intrusion alert which indicated someone was running an unauthorized port scan on the network. Ricky immediately notified his supervisor as this was indicative of a(n) _____ attack.

passive

weakest form of authetication

password

When launching a(n) _____ attack, the attacker wants to make sure the victim believes the site they are clicking on is real.

phishing

In Windows, the ________command will send 4 data packets to the destination

ping

which type of scan determines listening services port ping OS fngprnt

port

Reduce the threat of tunnels by allowing only _____ software and is best if done only by the administrator or network specialist.

pre-approved

The _____ value of the Exploitability metric captures the level of access required for a successful exploit of the vulnerability.

privileges required

The ps command enumerates

processes .

A _____ is installed so the Ethical Hacker can access the system at a later date.

rootkit

When using Nmap, use _____ to do a ping scan

sP

_____ software can be installed without someone's knowledge, and all activity can be monitored.

screen monitoring

Automating the analysis of malware through hybrid analysis includes both _____.

static and dynamic analysis

_____ is hiding in plain sight.

steganography

An organization must incorporate safeguards into the security compliance plan to defend against attacks. Safeguards include administrative, physical, and _____controls.

technical

Who runs the command and control systems over legitimate systems that are compromised?

the botmaster

hackers would be known as a

threat

the probability of a negative event happening to an asset

threat

How can you recover the source key of a malware and decrypt it to reveal the code?

through reverse engineering

Why does a ransomware DLL first create a mutex?

to ensure only one copy of ransomware is active

In a government classification system, _____ data is where the unauthorized disclosure of data could cause exceptionally grave damage.

top secret

_____ is a command line tool that traces the route of a packet across the Internet and provides route path and transit times.

tracert

Kevin downloaded what he thought was a harmless app. Instead, his computer was infected with a virus. Which type of virus was Kevin's computer most likely infected with?

trojan

Using google hacking database is legal

true

When defending against privilege escalation, restrict interactive logon privileges. Instead of using only a password, require multifactor authentication.

true

nmap can show you which ports are open on a computer

true

Salting the password with a random string will protect against a rainbow table attack.

truetrTrueuetrue

nessus is software used for

v- assessment

A _____ is a weakness in the system that can include unpatched systems, human error, software flaws, or weak or missing passwords.

vulnerability

A _____ scan will find known weaknesses, but it may miss key components that should be tested as it lacks the ability to reduce the overall threat.

vulnerability

For network systems, _____ management is a proactive approach to prevent the exploitation of IT vulnerabilities that exist within an organization.

vulnerability

Step two of the cyber kill chain is _____, where the malicious actors are aware of the weak spots in the organization and they devise a plan to get inside the network.

weaponization

Use _____ download an entire website and study the contents to find emails, phone numbers, and other organizational information such as employee directories.

website mirroring

which of the followingn would not be affective against email attacks website mirroring spam filtering user education spf

website mirroring

Which type of malware propagates itself through a network, without requiring any user action to move from one target to the next?

worm

_____ is used in business to help a company learn about its competitors in order to make better business decisions.

Competitive intelligence

In Linux, to erase the command history and set it back to zero so there's no trace you were in the system use the command: export _____.

HISTSIZE=0

To create a basic webpage, we can use _____. It's a simple language that was developed in 1990 and is used to created web pages and link content.

HTML

What is the difference between a hardware firewall and a personal firewall?

Hardware firewalls are used as part of a router, while personal firewalls are usually software-based and are used on an endpoint.

Proxy chaining is done to conceal your real IP address. Servers use _____, which provides authentication, so only authorized users can access a server.

SOCKS5

which law is designed to proect investors

SOX

This Ethical Hacking phase maps the network, including the make and model of the devices, checking for listening services, learning the operating systems, and evidence of data being sent in clear text.

Scanning

_____ is a comprehensive data privacy law, that gives consumers control of their data and affects companies located in and outside the European Union.

Under the General Data Protection Regulation (GDPR), companies can face up to 4% of total global turnover if they breach the rules.

What command can be used to check for the presence of an email username?

VRFY

Carmen combined available existing source code for a malware with additional new code to produce a revised code base. What has Carmen created?

a hybrid malware

When dealing with risk an organization can transfer the risk by _____.

using insurance

An attack _____is way for a hacker to gain access into a system, and can include software, networks, and the user.

vector

Ethical hacking is an important element of a comprehensive security plan, as it provides a method to test a computer system or network with the purpose of identifying and addressing

vulnerabilities

Footprinting a target and reconaisse usually takes several

weeeks

When is malware reverse engineering typically done?

when the original source of the executable code is not available

_____is a set of IT principles, provides a best practice framework designed to safeguard the privacy and security of company specific data to ensure value for its stakeholders.

COBIT is Control Objectives for Information and Related Technology used in IT governance and management.

How can you reduce data exfiltration with mobile devices?

Ensure patches and software updates are applied regularly.

Hping can create and send DNS and FTP packets to remote hosts and determine firewall rules

FALSE

A company's annual report on Edgar is called _____ and offers a thorough picture of a company's business

Form 10-K

Cookies help making browsing easier, yet some can be dangerous. _____ is a free download that blocks and cleans Google cookies and helps you to stay anonymous while searching online.

G-Zapper

With the knowledge of the vulnerabilities, this Ethical Hacking phase will launch an exploit, such as a web server attack including buffer overflows, or cross-site scripting (XSS).

Gaining Access

What was the first attempt to distribute a shareware virus construction kit?

GenVir

_____ Alerts will monitor the web for interesting new content and send you a notification.

Google

_____ uses advanced operators and keywords that may possibly yield pages that contain sensitive information such as protected login screens

Google Hacking

Question 3 of 5 Eduardo works as a security professional at TechCo. Part of his job requires him to run vulnerability scans on Cisco applications. How can Eduardo find out CVE scores based on the vulnerabilities?

He can go to the National Vulnerability Database to find scores on a particular vulnerability.

Where would you find the commonly used WMI classes documented?

MSDN

While data mining or gathering intelligence, a(n) _____ tool is used to gather artifacts, consolidated from publicly available sources.

OSINT

A free and open software security site that provides information on vulnerabilities along with guidelines on best practices to secure web infrastructures.

OWASP

This Ethical Hacking phase is about obtaining as much information about the target as possible.

Reconnaissance

_____ define how the assets are protected and a set of rules of conduct for anyone or anything that interacts with the assets.

Security policies

A(n) _____ record is an extension of the SMTP protocol and helps prevent spammers from forging the From fields in email messages.

Sender Policy Framework

There are many network mapping tools available for device and topology discovery. Some include GeoIP database from MaxMind to locate targets.

TRUE

A(n) _____ is when a malicious actor gains access to a network, and remains undetected for weeks, months and even years

advanced persistent threat

Which of the folliwing is not an attack vector web pages email automobiles

all are attack vectors

Juanita is in charge of scanning for vulnerabilities at her job. Her manager wants her to check for outdated patches and listening ports. Juanita should use a(n) ___ scan

authenticated

A(n) _____ is a snapshot of network traffic during a particular window of time and can include utilization, network protocols, and latency issues.

baseline

Steganography can be detected by spotting an unusually large payload, or by observing image irregularities called _____ with the naked eye.

blocky artifacts

A _____ attack uses software to try every possible combination of characters and generate a massive amount of consecutive guesses in order to get the password.

brute force

When someone looks into the trash outside or inside an organization for anything that might reveal sensitive information, this is called _____.

dumpster diving

RSA is a hash algorithm

false

Where is the configuration block for malware stored in encrypted form?

in the body of the deployed payload

Where is the best place for a rootkit to hide?

in the operating system kernel

A(n) _____ is an unplanned occurrence that disrupts operational or day to day activities.

incident

What does the command nmap -PS 10.0.2.13 list?

open TCP ports

Intrusion detection works _____ to identify, log, and report any malicious activity.

out of band

The term _____ stems from a military reference that deals with gathering information about the location of a target by scouting or by setting up covert observation posts.

reconnaissance

which element of the cyber kill chain occues earlier than others

reconnasisance

Why does a malware have the ability to change its binary file as it propagates?

so the malware can defeat traditional signature-based detection

Anti-malware will also most of the time pick up a _____ keylogger as they are a form of spyware.

software

What information does the psinfo -s command enumerate?

software

Within the evolution of malware, _____ has become the most concerning issue because it is extremely sophisticated and difficult to defeat.

state-sponsored malware

By the time we get to the _______________, we have completed the Reconnaissance and scanning phases of Ethical Hacking.

system hacking phase

In the command "hping3 - - traceroute -V -1 66.32.101.17 " the -1 option is to

use the ICMP protocol .

When are advanced persistent threats (APTs) usually found?

when network monitoring detects the installed malware attempting to connect to its command and control systems

The _____ hat hackers are Ethical Hackers who have the support of government and industry.

white

I am working with technology companies to fix a flaw with DNS, I did this because I am a _____ hacker

white hat

The _____ Routing or TOR is an open framework that encrypts and moves traffic within the network, and enables anonymous browsing

Onion

_____ is the set of widely accepted requirements to secure credit card transactions.

PCI DSS

_____ can monitor screen activity, capture keystrokes, gather web form data, track internet usage, and allow access to sensitive data, then phone home with the information.

spyware

In Linux, the user ID and password are kept in the _____ file.

/etc/shadow

How does a typical Sofacy attack start?

An exploit triggers a dropper to plant the malware onto a target.

This is used by routers, intermediary devices, or hosts to communicate updates or error information to other routers, intermediary devices, or hosts.

Internet Control Message Protocol is used along side of IPv4 or IPv6 to test for reachability.

In order to be totally in stealth mode, use the IDLE scan, which is an easy scan to use.

FALSE (hard to use)

In a company, _____ is the software side that ensures data availability and drives business processes and decision-making. IT or IS

Information Systems not INFORMATION TECHNOLOGY

Cutting a fiber optic backbone is an example of a _____ attack

Physical

The goal of _____ is to force an application into running with a higher security environment than intended by the designer

Privilege Escalation

In Windows, applications run in which Ring?

Ring 3

The _____ is where the plan is passed on to become the policies procedures, controls and guidelines for expected behavior.

Senior Agency Information Security Officer

Why does an anomaly detection system (ADS) typically result in a false positive detection?

Sometimes a stream of legitimate packets contains the same sequence of coding as the attack signature.

If the source IP is spoofed, a reply cannot be returned to the sender

TRUE

Keyloggers are hard to detect since their very goal is to steal data without being discovered, and because data theft is at stake, can do more damage than a virus.

TRUE

Before installing any software, you should make sure malware protection is used with _____ filtering to block communication with malicious websites.

egress

Where would you do sandboxing so it doesn't cause damage?

in a contained environment


Ensembles d'études connexes

˚˚˚¡™£¢∞§¶•ªº-≠œ∑´®†¥¨ˆøπ"'«åß∂ƒ©˙∆˚¬...æΩ≈ç√∫˜µ≤≥÷⁄€‹›fifl‡°·‚—űŒ„´‰ˇÁ¨ˆØ∏"'»ÅÍÎÏ˝ÓÔÒÚƸ˛Ç◊ı˜Â¯˘¿Ω≈¸˛Ç˜ÅÅ∏`1234567890-=qwertyuiop[]\asdfghjkl;'zxcvbnm,./ ~!@#$%^&*()_+QWERTYUIOP{}|ASDFGHJKL:"ZXCVBNM<>?

View Set

Comm 201 - Chapters 5 & 17 (Interviewing Techniques & Profiles)

View Set

Henry David Thoreau - "Civil Disobedience"

View Set

Project Management Ch. 10 Quizzes

View Set

Chap 3: The phoenix of statistics

View Set

Chapter 44: Alteration in Mobility/Neuromuscular or Musculoskeletal Disorder NCLEX

View Set

Physics - Chapter 4: Thermodynamics - Section 1

View Set