Ethical Hacking and Network Defense Chapters 5 6 8 9
What is the best method of preventing NetBIOS attacks? a. Filtering certain ports at the firewall b. Telling users to create difficult-to-guess passwords c. Pausing the Workstation service d. Stopping the Workstation service
a. Filtering certain ports at the firewall
Many social engineers begin gathering the information they need by using which of the following? a. The Internet b. The telephone c. A company intranet d. E-mail
b. The telephone
A null session is enabled by default in all the following Windows versions except: a. Windows 95 b. Windows Server 2008 c. Windows 98 d. Windows 2000
b. Windows Server 2008
Which port numbers are most vulnerable to NetBIOS attacks? a. 135 to 137 b. 389 to 1023 c. 135 to 139 d. 110 and 115
c. 135 to 139
A NetBIOS name can contain a maximum of _________ characters. a. 10 b. 11 c. 15 d. 16
c. 15
What's the first method a security tester should attempt to find a password for a computer on the network? a. Use a scanning tool. b. Install a sniffer on the network. c. Ask the user. d. Install a password-cracking program.
c. Ask the user.
Enumeration of Windows systems can be more difficult if port _______ is filtered. a. 110/UDP b. 443/UDP c. 80/TCP d. 139/TCP
d. 139/TCP
Port scanning provides the state for all but which of the following ports? a. Closed b. Open c. Filtered d. Buffered
d. Buffered
________ is one of the components most vulnerable to network attacks. a. TCP/IP b. WINS c. DHCP d. DNS
d. DNS
Which of the following is a commonly used UNIX enumeration tool? a. Netcat b. Nbtstat c. Netstat d. Finger
d. Finger
In basic network scanning, ICMP Echo Requests (type 8) are sent to host computers from the attacker, who waits for which type of packet to confirm that the host computer is live? a. ICMP SYN-ACK packet b. ICMP SYN packet c. ICMP Echo Reply (type 8) d. ICMP Echo Reply (type 0)
d. ICMP Echo Reply (type 0)
A NULL scan requires setting the FIN, ACK, and URG flags. True or False?
False
Fping doesn't allow pinging multiple IP addresses simultaneously. True or False?
False
The Nbtstat command is used to enumerate *nix systems. True or False?
False
The Windows Net use command is a quick way to discover any shared resources on a computer or server. True or False?
False
Which type of scan is usually used to bypass a firewall or packet-filtering device? a. ACK scan b. SYN scan c. XMAS scan d. FIN scan
a. ACK scan
Why does the fping -f 193.145.85.201 193.145.85.220 command cause an error? a. An incorrect parameter is used. b. The IP range should be indicated as 193.145.85.201-220. c. There's no such command. d. IP ranges aren't allowed with this command.
a. An incorrect parameter is used.
Which of the following contains host records for a domain? a. DNS b. WINS c. Linux server d. UNIX Web clients
a. DNS
Which flags are set on a packet sent with the nmap -sX 193.145.85.202 command? (Choose all that apply.) a. FIN b. PSH c. SYN d. URG
a. FIN b. PSH d. URG
Security testers can use Hping to bypass filtering devices. True or False?
True
The Net view command can be used to see whether there are any shared resources on a server. True or False?
True
A cookie can store information about a Web site's visitors. True or False?
True
Security testers conduct enumeration for which of the following reasons? (Choose all that apply.) a. Gaining access to shares and network resources b. Obtaining user logon names and group memberships c. Discovering services running on computers and servers d. Discovering open ports on computers and servers
a. Gaining access to shares and network resources b. Obtaining user logon names and group memberships
What is a potential mistake when performing a ping sweep on a network? a. Including a broadcast address in the ping sweep range b. Including a subnet IP address in the ping sweep range c. Including the subnet mask in the ping sweep range d. Including the intrusion detection system's IP address in the ping sweep range
a. Including a broadcast address in the ping sweep range
A(n) scan sends a packet with all flags set to NULL. a. NULL b. VOID c. SYN d. XMAS
a. NULL
Which of the following tools can be used to enumerate Windows systems? (Choose all that apply.) a. OpenVAS b. DumpSec c. DumpIt d. Hyena
a. OpenVAS b. DumpSec d. Hyena
Shoulder surfers can use their skills to find which of the following pieces of information? (Choose all that apply.) a. Passwords b. ATM PINs c. Long-distance access codes d. Open port numbers
a. Passwords b. ATM PINs c. Long-distance access codes
When conducting competitive intelligence, which of the following is a good way to determine the size of a company's IT support staff? a. Review job postings on Web sites such as www.monster.com or www.dice.com. b. Use the Nslookup command. c. Perform a zone transfer of the company's DNS server. d. Use the host -t command.
a. Review job postings on Web sites such as www.monster.com or www.dice.com.
Which of the following is one method of gathering information about the operating systems a company is using? a. Search the Web for e-mail addresses of IT employees. b. Connect via Telnet to the company's Web server. c. Ping the URL and analyze ICMP messages. d. Use the ipconfig /os command.
a. Search the Web for e-mail addresses of IT employees.
To see a brief summary of Nmap commands in a Linux shell, which of the following should you do? a. Type nmap -h. b. Type nmap -summary. c. Type help nmap. d. Press the F1 key.
a. Type nmap -h.
What social-engineering technique involves telling an employee that you're calling from the CEO's office and need certain information ASAP? (Choose all that apply.) a. Urgency b. Status quo c. Position of authority d. Quid pro quo
a. Urgency c. Position of authority
What's one way to gather information about a domain? a. View the header of an e-mail you send to an e-mail account that doesn't exist. b. Use the Ipconfig command. c. Use the Ifconfig command. d. Connect via Telnet to TCP port 53.
a. View the header of an e-mail you send to an e-mail account that doesn't exist.
To find information about the key IT personnel responsible for a company's domain, you might use which of the following tools? (Choose all that apply.) a. Whois b. Whatis c. SamSpade d. Nbtstat
a. Whois c. SamSpade
If you're trying to find newsgroup postings by IT employees of a certain company, which of the following Web sites should you visit? a. http://groups.google.com b. www.google.com c. www.samspade.com d. www.arin.org
a. http://groups.google.com
To identify the NetBIOS names of systems on the 193.145.85.0 network, which of the following commands do you use? a. nbtscan 193.145.85.0/24 b. nbtscan 193.145.85.0-255 c. nbtstat 193.145.85.0/24 d. netstat 193.145.85.0/24
a. nbtscan 193.145.85.0/24
Which of the following Nmap commands sends a SYN packet to a computer with the IP address 193.145.85.210? (Choose all that apply.) a. nmap -sS 193.145.85.210 b. nmap -v 193.145.85.210 c. nmap -sA 193.145.85.210 d. nmap -sF 193.145.85.210
a. nmap -sS 193.145.85.210 b. nmap -v 193.145.85.210
Which Nmap command verifies whether the SSH port is open on any computers in the 192.168.1.0 network? (Choose all that apply.) a. nmap -v 192.168.1.0-254 -p 22 b. nmap -v 192.168.1.0-254 -p 23 c. nmap -v 192.168.1.0-254 -s 22 d. nmap -v 192.168.1.0/24 -p 22
a. nmap -v 192.168.1.0-254 -p 22 d. nmap -v 192.168.1.0/24 -p 22
Which of the following tools can assist you in finding general information about an organization and its employees? (Choose all that apply.) a. www.google.com b. http://groups.google.com c. Netcat d. Nmap
a. www.google.com b. http://groups.google.com
Which of the following testing processes is the most intrusive? a. Port scanning b. Enumeration c. Null scanning d. Numeration
b. Enumeration
Which of the following is the vulnerability scanner from which OpenVAS was developed? a. OpenVAS Pro b. Nessus c. ISS Scanner d. SuperScan
b. Nessus
Which of the following commands connects to a computer containing shared files and folders? a. Net view b. Net use c. Netstat d. Nbtstat
b. Net use
Entering a company's restricted area by following closely behind an authorized person is referred to as which of the following? a. Shoulder surfing b. Piggybacking c. False entering d. Social engineering
b. Piggybacking
To bypass some ICMP-filtering devices on a network, an attacker might send which type of packets to scan the network for vulnerable services? (Choose all that apply.) a. PING packets b. SYN packets c. ACK packets d. Echo Request packets
b. SYN packets c. ACK packets
Before conducting a security test by using social-engineering tactics, what should you do? a. Set up an appointment. b. Document all findings. c. Get written permission from the person who hired you to conduct the security test. d. Get written permission from the department head.
c. Get written permission from the person who hired you to conduct the security test.
Which of the following is a tool for creating a custom TCP/IP packet and sending it to a host computer? a. Tracert b. Traceroute c. Hping d. Nmapping
c. Hping
Which of the following is a Windows command-line utility for seeing NetBIOS shares on a network? a. Net use b. Net user c. Net view d. Nbtuser
c. Net view
What is the most widely used port-scanning tool? a. Netcat b. Netstat c. Nmap d. Nslookup
c. Nmap
Most NetBIOS enumeration tools connect to the target system by using which of the following? a. ICMP packets b. Default logons and blank passwords c. Null sessions d. Admin accounts
c. Null sessions
A FIN packet sent to a closed port responds with which of the following packets? a. FIN b. SYN-ACK c. RST d. SYN
c. RST
Which of the following is a fast and easy way to gather information about a company? (Choose all that apply.) a. Conduct port scanning. b. Perform a zone transfer of the company's DNS server. c. View the company's Web site. d. Look for company ads in phone directories.
c. View the company's Web site. d. Look for company ads in phone directories.
Which of the following enables you to view all host computers on a network? a. SOA b. Ipconfig c. Zone transfers d. HTTP HEAD method
c. Zone transfers
Which of the following commands should you use to determine whether there are any shared resources on a Windows computer with the IP address 193.145.85.202? a. netstat -c 193.145.85.202 b. nbtscan -a 193.145.85.202 c. nbtstat -a 193.145.85.202 d. nbtstat -a \\193.145.85.202
c. nbtstat -a 193.145.85.202
To view eDirectory information on a NetWare 5.1 server, which of the following tools should you use? a. Nmap b. Mmap c. Nbtstat d. Novell Client
d. Novell Client
Security testers and hackers use which of the following to determine the services running on a host and the vulnerabilities associated with these services? a. Zone transfers b. Zone scanning c. Encryption algorithms d. Port scanning
d. Port scanning
A closed port responds to a SYN packet with which of the following packets? a. FIN b. SYN-ACK c. SYN d. RST
d. RST
To determine a company's primary DNS server, you can look for a DNS server containing which of the following? a. Cname record b. Host record c. PTR record d. SOA record
d. SOA record
Discovering a user's password by observing the keys he or she presses is called which of the following? a. Password hashing b. Password crunching c. Piggybacking d. Shoulder surfing
d. Shoulder surfing
To find extensive Nmap information and examples of the correct syntax to use in Linux, which of the following commands should you type? a. nmap -h b. nmap -help c. nmap ? d. man nmap
d. man nmap
Which of the following is a good Web site for gathering information on a domain? a. www.google.com b. www.namedroppers.com c. www.samspade.org d. www.arin.net e. All of the above
e. All of the above