Ethical Hacking Exam 2

Which of the following programming languages is least likely to be susceptible to a stack-based buffer overflow attack?

Java

Attacker has access to plaintext/ciphertext pairs from previous conversations and uses the plaintext/ciphertext data to discover the key.

Known Plaintext

Which protocol is used for setting up secured channels between two devices, typically in VPNs ? (a) TCP (b) UDP (c) ICMP (d) IPSEC

(d) IPSEC

Which one of these ports does not transmit information in the clear? (a) 110 (b) 445 (c) 119 (d) 636

(d) Port 636 is LDAP-S

Given an IP Address of 172.19.15.11 and a subnet mask of 255.255.0.0 calculate the: [a] Network Address: [b] First Useable Address: [c] Last Useable Address: [d] Broadcast Address:

172.19.0.0 172.19.1.0 172.19.255.254 172.19.255.255

Which of the following malware programs is usually targeted at Microsoft products

Macros Virus

A ____________ virus is a virus that can reprogram itself

Metamorphic

. ______________ is a federal law that requires federal agencies to implement infosec programs, to include reporting on compliance and accreditation issues

NIST 800-53

_________________ performs comprehensive tests against webservers including dangerous files and CGIs

Nikto

Which of the following attacks mimics a man-in-the-middle attack, exploiting fallback security mechanisms in TLS users?

POODLE

The command below produces which type of scan? root@kali> nmap -sO 192.168.3.210-219

Performs a protocol scan of the 192.168.3.210 -219 hosts

__________ is a Bluetooth attack that knocks out some Bluetooth-enabled devices immediately. This Denial of Service attack can be conducted using standard tools that ship with the official Linux Bluez utils package

Bluesmacking

This virus moves the boot record instructions of a system into an alternate location and copies itself to the original boot record instructions location. After the malicious code is executed, the virus points to the boot record instructions at a new location to be executed.

Boot Sector Virus

Which of the following parameters describe LM Hash? (a) LM HASH does not distinguish between upper and lower case letters (b) LM HASH splits the password into 2 seven byte halves (c) LM HASH uses a single 14-byte format (d) Both (a) and (b) are correct (e) Both (a) and (c) are correct

Both (a) and (b) are correct

Which of the following is or are a type of buffer overflow

Both Stack and Heap

The Chewbacca Trojan is a type of _______ Trojan.

Botnet

Which method of cracking passwords takes the most time and effort?

Brute Force

Which linux command or tool can be used to change a password for a windows system using a USB to boot the windows system?

CHTNPWD

A _____________ virus creates a malicious companion to legitimate programs and runs in the virus execution chain. These programs exploit a DOS functionality that forces programs to be executed in a .com, .exe, and .bat execution order if the files all have the same name and are in the same folder.

Camouflage Virus

In a program called StackGuard, whenever a function is called, code is added that pushes a small value called a _______ value over to the stack.

Canary

. __________ is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.

Clickjacking

More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers? It basically hides the true nature of the shellcode in different disguises. How does a polymorphic shellcode work?

They compress the shellcode into normal instructions, uncompressed the shellcode using loader code and then executing the shellcode

Which one of these programs can be used to check for the presence of Trojans on a system or file?

Tripwire

Bluesnarfing is a term used to refer to the theft of data from a Bluetooth device.

True

Buffer overflows can be used to execute DoS/DDoS Attacks.

True

It is possible to add canary values as pointers(T/F)

True

n the case of C and C++ languages, there are no automatic bounds checks on boundaries

True

Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?

Use encrypted communications protocols to transmit the PII

Which of the following is a successor to SSL? a) TLS (b) ISPEC (c) RSA (d) GRE

a)TLS

. The hashed passwords for linux system distributions is saved in ___________.

etc/shadow file

Buffer overflows can occur in the heap memory space. Applications dynamically allocate heap memory as needed through a function. This function is called what?

malloc()

A medium-sized healthcare IT business decides to implement a risk management strategy. Which of the following is NOT one of the five basic responses to risk?

Delegate

The CodeBlueCS345ops recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data?

Digital Signatures with hashes of the original document can be used to share the information and ensure integrity

_______________ is the least restrictive access control model.

Discretionary Access Control

Shadow and his team have been going through tons of garbage, recycled paper, and other rubbish in order to find Some information about the target they are attempting to penetrate. How would you call this type of activity?

Dumpster Diving

Hardware(firmware) level rootkits work at Ring 0.

False firmware rootkits work at ring 1

Application Level viruses execute with the highest level privileges.

False. Applications run with the lowest privileges.

What is the name for the dynamic memory space that, unlike the stack, doesn't rely on sequential ordering or organization?

Heap

What device will neither limit the flow of traffic nor have an impact on the effectiveness of sniffing?

Hub

Target is up and running(ICMP Error Code)

ICMP Code 0

Time Exceeded (TTL Error Code)(ICMP Error Code)

ICMP Code 11:0

Communications Admin. Prohibited(ICMP Error Code)

ICMP Code 13:0

Host Unreachable(ICMP Error Code)

ICMP Code 3:2 Host Unreachable

Which one of the following terms is NOT a term accepted to describe how risk can be managed? (a) Delegate (b) Avoid (c) Mitigate (d) Transfer

(a) Delegate | | => Remember MAAST. Mitigate, Accept, Avoid, Share, Transfer

Which one of these ports does not transmit information in the clear? (a) 110 (b) 445 (c) 119 (d) 636

(b). NIST 800-53

Which of the following is true? (a) Packet sniffers work at layers 2 and 3 of the OSI model (b) Packet sniffers work at layer 1 of the OSI model (c) Packet sniffers work at layer 2 of the OSI model (d) Packet sniffers work at layer 5 of the OSI model

(c) Packet sniffers work at layer 2 of the OSI model

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software.The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port. What kind of vulnerability must be present to make this remote attack possible?

Privilege Escalation

An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network. Which AAA protocol is most likely able to handle this requirement?

RADIUS

Which one of the attacks listed below is the best attack for 'time/trade off' when cracking passwords?

Rainbow Attack

What attack is used to crack passwords by using a pre-computed table of hashed passwords?

Rainbow Table Attack

What terms describes the amount of risk that remains after the vulnerabilities have been classified and the countermeasures deployed?

Residual risk

Which cloud computing model is geared toward software development?

SaaS Software as a Service

The ____________ AAA mechanism implements an encrypted communication model that interacts with kerberors.

TACACS+