Ethical Hacking and Network Defense - Chapter: 4

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Get written permission from the person who hired you to conduct the security test.

Before conducting a security test by using social-engineering tactics, what should you do?

True

Can a cookie store information about its visitors?

Shoulder surfing

Discovering a user's password by observing the keys he or she presses is called which of the following?

Piggybacking

Entering a company's restricted area by following closely behind an authorized person is referred to as what?

c. View the company's Web site d. Look for company ads in phone directories

Fast and easy ways to gather information about a company.

State of Authority (SOA)

A DNS record that would contain the DNS Server information.

Canonical Name (CNAME)

A DNS record that can be used to alias a hostname to another hostname when a DNS Client requests a record.

Pointer (PTR)

A DNS record that resolves an IP address to a domain or host name.

http://groups.google.com

If you're trying to find newsgroup postings by IT employees of a certain company, which of the following Web sites should you visit?

The telephone

Many social engineers begin gathering the information they need by using which of the following?

a. Passwords b. ATM PINs c. Long-distance access codes

Shoulder surfers can use their skills to find which of the following pieces of information?

a. Whois c. Domain Dossier

Tools that would find information about the key IT personnel responsible for a company's domain.

Zone Transfers

What enables you to view all host components on a network?

View the header of an email you send to an email account that doesn't exist.

What is one way to gather information about a domain?

a. Urgency c. Position of Authority

What social-engineering technique involves telling an employee that you're calling from the CEO's office and need certain information ASAP?

Ask the user

What's the first method a security tester should attempt to find a password for a computer on the network?

Review job postings on Web sites such as www.monster.com or www.dice.com

When conducting competitive intelligence, which of the following is a good way to determine the size of a company's IT support staff?

Domain Name System (DNS)

Which component is most vulnerable to network attacks and contains host records for a domain?

a. www.google.com b. www.namedroppers.com c. http://centralops.net/co/ d. www.arin.net e. all of the above

Which is a good Web site for gathering information on a domain?

Search the Web for email addresses of IT employees.

Which of the following is one method of gathering information about the operating systems a company is using?

a. www.google.com b. http://groups.google.com

Which of the following tools can assist you in finding general information about an organization and its employees?


Ensembles d'études connexes

ACC 241 - Uses of Accounting Info II - Chapter 1

View Set

Real Estate Contracts - Section 3

View Set

FISD FINAL STUDY (1) The Market Quiz Questions , (2) The DATA Quiz Questions, (3) Technology Quiz Questions, (4) Industry Issues 4 Quiz Questions

View Set