Ethical Hacking Exam 2

In the Perl programming language, comment lines begin with which character(s)?

#

What takes you from one area of a program (a function) to another area?

Branching

What programming languages are vulnerable to buffer overflow attacks?

C and C++

Which of the following is a markup language rather than a programming language?

HTML

What open source port-scanning tool is considered to be the standard port-scanning tool for security professionals?

Nmap

What type of ICMP Echo message is being disabled by administrators to protect their networks against Ping Sweeps?

Reply

SCADA systems controlling critical infrastructure are usually completely separated from the Internet by what?-

air gap

Ubuntu and Debian Linux use what command to update and manage their RPM packages?`

apt-get

What type of malicious code could be installed in a system's flash memory to allow an attacker to access the system at a later date?

bios based root kit

Software residing on a ROM chip

bios firmware

In the C programming language, what indicates where a block of code begins and ends?

brraces

In object-oriented programming, what structures hold pieces of data and functions?

classes

Which Windows 10 feature uses virtualization to protect access tokens from theft by attackers

credential guard

What are some flexible programs that automate a task that takes too much time to perform manually?

customized script

This Performs an action first and then tests to see whether the action should continue to occur

do loop

What type of Windows Server is the most likely server to be targeted by a computer hacker?

domain controller

What specific type of Windows Servers are used to authenticate user accounts and contain most of the information that attackers want to access?

domain controllers

This type of System is a small program developed specifically for use with embedded systems- embedded

embedded OS

The process of extracting critical information from a network

enumeration

What process allows a security professional to extract valuable information, such as information about users and recent login times from a network?

enumeration

When a TCP three-way handshake ends, both parties send this type of packet to end the connection?

fin

Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device?

firmware

When security professionals create a packet, which fields may they choose to specifically set to help initiate a response from a target computer?

flag

To determine what resources or shares are on a network, security testers must use port scanning and what other procedure first to determine what OS is being used?

footprinting

Allows you to ping multiple IP addresses simultaneously; it is usually included in Kali Linux

fping

What network security tool, usually included with Kali Linux, allows a user to ping multiple IP addresses?

fping

What are some excellent GUI tool for managing Windows OSs and is capable of displaying graphical representations of several areas?

hyena

What type of viruses and code has been created by security researchers and attackers that could infect phones running Google's Android, Windows Mobile, and the Apple iPhone OS?

java based

If an attacker decides to implement a less obvious port-scan, or stealth attack, which technique would be appropriate to make their activities more difficult to detect?

limit their scan speeds

What are some common Linux rootkits?

linux root kit 5

What is the act of performing a task over and over?

looping

A popular port scanner that has the ability to use a GUI front end.

nmap

What is considered to be the most critical SQL vulnerability?

null sa password

What is the the open-source descendant of Nessus called?

openVas

What open-source network utility allows you to use plug-ins to run test programs (scripts) that can be selected from the client interface?

openVas

To verify if all the IP addresses of a network are being used by computers that are up and running, you can use a port scanner to perform what procedure on a range of IP addresses?

ping

When using a port-scanner, what procedure can be conducted to identify which IP addresses belong to active hosts?

ping sweep

Allows you the ability to scan thousands or even tens of thousands of IP addresses quickly

port scanning

What is an open-source implementation of CIFS?

samba

What is a text file containing multiple commands that would usually be entered manually at the command prompt?

script

What feature implemented in Windows 8.1 prevents the execution of non-trusted boot content, preventing rootkits?

secure boot

What upper-level service is required to utilize file and printer sharing in Windows?

server message block

When using the Common Internet File System (CIFS), which security model does not require a password to be set for the file share?

share level security

What application is often found within an embedded OS that can cause a potential vulnerability to an attack?

web server

Which windows OS source code is now available to the public and was considered a trimmed down version of the Windows desktop OS?

windows CE

This version of Windows server introduced Authentication Silos to prevent pass-the-hash attacks

windows server 2012

Introduced Windows Containers to allow for application isolation to protect applications from one another

windows server 2016

What version of Windows Server has completely eliminated the option for telnet server?

windows server 2016

Nmap has a GUI front end that makes it easier to work with some of the complex options by providing a GUI. What is it called?

zenmap