Ethical Hacking Exam 2 Quizes
What type of malicious code could be installed in a system's flash memory to allow an attacker to access the system at a later date?
BIOS-based rootkit
What programming languages are vulnerable to buffer overflow attacks?
C and C++
What type of Windows Server is the most likely server to be targeted by a computer hacker?
Domain Controller
What type of viruses and code has been created by security researchers and attackers that could infect phones running Google's Android, Windows Mobile, and the Apple iPhone OS?
Java-based
What open source port-scanning tool is considered to be the standard port-scanning tool for security professionals?
NMap
What is the current file system that Windows utilizes that has strong security features?
NTFS
Which on of the following is an older network management service that is useful for network administrators that want to view system statistics, version numbers, and other detailed host information remotely?
SNMP
Which of the following is a Window's client/server technology designed to manage patching and updating systems software from the network?
WSUS
SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following?
air gap
SNMPWalk is a tool useful in enumerating hosts running SNMP with what type of configuration?
default
What specific type of Windows Servers are used to authenticate user accounts and contain most of the information that attackers want to access?
domain controllers
What process allows a security professional to extract valuable information, such as information about users and recent login times from a network?
enumeration
What critical component of any OS, that can be can be vulnerable to attacks, is used to store and manage information?
file system
Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device?
firmware
To determine what resources or shares are on a network, security testers must use port scanning and what other procedure first to determine what OS is being used?
footprinting
If an attacker decides to implement a less obvious port-scan, or stealth attack, which of the following techniques would be appropriate to make their activities more difficult to detect?
limit their scan speeds
To verify if all the IP addresses of a network are being used by computers that are up and running, you can use a port scanner to perform what procedure on a range of IP addresses?
ping
Which one of the following, if compromised might allow attackers the ability to gain complete access to network resources?
router
Which of the following describes a text file containing multiple commands that would usually be entered manually at the command prompt?
script
Some attackers want to be hidden from network devices or IDSs that recognize an inordinate amount of pings or packets being sent to their networks. Which of the following attacks are more difficult to detect?
stealth
