Ethical Hacking Exam 2
Network Basic Input/Output System (NetBIOS)
A Windows programming interface that allows computers to communicate across a LAN.
domain controllers
A Windows server that stores user account information, authenticates domain logons, maintains the master database, and enforces security policies for Windows domains.
enum4linux
A command line tool that allows you to enumerate information from Windows, Linux, and Samba systems. It is a wrapper around a number of other utilities, providing a unified, simplified script capable of collecting a significant amount of information.
NetBIOS Extended User Interface (NetBEUI)
A fast, efficient protocol that allows transmitting NetBIOS packets over TCP/IP and various network topologies, such as token ring and Ethernet.
Windows Software Update Services (WSUS)
A free add-in component that simplifies the process of keeping Windows computers current with the latest critical updates, patches, and service packs. WSUS installs a web-based application that runs on a Windows server.
for loop
A loop that initializes a variable, tests a condition, and then increments or decrements the variable.
do loop
A loop that performs an action and then tests to see whether the action should continue to occur.
while loop
A loop that repeats an action a certain number of times while a condition is true or false.
Port scanning
A method of finding out which services a host computer offers.
Branching
A method that takes you from one area of a program (a function) to another area.
function
A mini program within a main program that performs a particular task.
filtered ports
A port protected with a network-filtering device, such as a firewall.
closed ports
A port that is not listening or responding to a packet.
open ports
A port that responds to ping sweeps and other packets.
testing
A process conducted on a variable that returns a value of true or false.
compiler
A program that converts source code into executable or binary code.
bug
A programming error that causes unpredictable results in a program.
assembly language
A programming language that uses a combination of hexadecimal numbers and expressions to program instructions that are easier to understand than machine-language instructions.
Server Message Block (SMB)
A protocol for sharing files and printers and providing a method for client applications to read, write to, and request services from server programs in a network. SMB has been supported since Windows 95.
Common Internet File System (CIFS)
A remote file system protocol that enables computers to share network resources over the Internet.
OpenVAS
A security tool for conducting port scanning, OS identification, and vulnerability assessments.
Nmap
A security tool used to identify open ports and detect services and OSs running on network systems.
algorithm
A set of directions used to solve a problem.
System Center Configuration Manager (SCCM)
A systems management software product developed by Microsoft for managing large groups of computers. SCCM provides remote control, patch management, software distribution, operating system deployment, network access protection, and hardware and software inventory.
pseudocode
An English-like language for outlining the structure of a program.
Simple Network Management Protocol (SNMP)
An Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior.
Mandatory Access Control (MAC)
An OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users; included in SELinux.
Hping3
An enhanced Ping utility for crafting TCP and UDP packets to be used in port-scanning activities.
Fping
An enhanced Ping utility for pinging multiple targets simultaneously.
Remote Procedure Call (RPC)
An interprocess communication mechanism that allows a program running on one host to run code on a remote host.
Samba
An open-source implementation of CIFS that allows *nix servers to share resources with Windows clients and vice versa.
null session
An unauthenticated connection to a Windows system.
Which of the following Nmap commands sends a SYN packet to a computer with the IP address 193.145.85.210? (Choose all that apply.) a. nmap -sS 193.145.85.210 b. nmap -v 193.145.85.210 c. nmap -sA 193.145.85.210 d. nmap -sF 193.145.85.210
Answer: a and b nmap -sS 193.145.85.210 nmap -v 193.145.85.210
A NULL scan requires setting the FIN, ACK, and URG flags. True or false?
False
For a Windows computer to be able to access a *nix resource, CIFS must be enabled on at least one of the systems. True or false? a. True b. False
False
class
In object-oriented programming, the structure that holds pieces of data and functions.
What is the most widely used port-scanning tool? a. Netcat b. Netstat c. Nmap d. Nslookup
Nmap
ping sweep
Pinging a range of IP addresses to identify live systems on a network.
Nessus
Previously, an open-source scanning tool; now licensed by Tenable Network Security. See OpenVAS.
A security tester needs to extract usernames or groups assigned on the network along with information about users and recent logon times. What process will allow the security tester to accomplish this? a. Enumeration b. Zone transfer c. Port scanning d. Footprinting
a. Enumeration. Enumeration is a process that extracts detailed information about a network, such as user names, machine names, network resources, and services.
Third-party media players on webpages were often problematic and proved to be security risks, but are no longer needed due to which version of HTML? a. HTML5 b. HTML 3.2 c. HTML 2.0 d. HTML 4.01
a. HTML5. HTML5 introduced native support for multimedia content, eliminating the need for third-party plugins.
What benefit does SNMP have? a. SNMP enables remote administration. b. SNMP is made specifically for personal computers. c. SNMP uses private credentials for both read-only and read-write access. d. SNMP is safer to use because it does not allow remote administration.
a. SNMP enables remote administration. SNMP allows network administrators to manage network performance, find and solve network problems, and plan for network growth.
A Linux administrator wants to share files between Windows and Linux servers. What protocol should they use? a. Samba b. SMBv3 c. NetBIOS d. CIFS
a. Samba. Samba is an open-source implementation of the SMB/CIFS networking protocol that allows for file and print services across various operating systems, including Linux and Windows.
Python is a scripting language that is often used for creating small to medium-sized programs quickly. What quality of scripting languages arguably makes them faster when creating and testing short programs? a. Scripting languages do not need to be compiled. b. Scripting languages do not need to be interpreted. c. Scripting languages see their highest speed advantage when being executed. d. Scripting languages undergo less testing when being compiled.
a. Scripting languages do not need to be compiled. This makes the development cycle much faster for scripting compared to compiled languages.
A security analyst is reviewing assembly code in memory. Early Windows OSs used which of the following programs to interact with a network resource or device? a. Winsock b. IPX/SPX c. Microsoft RPC d. NetBIOS
a. Winsock. Winsock is a programming interface and the supporting program that handles input/output requests for Internet applications in a Windows operating environment.
Security testers conduct enumeration for which of the following reasons? (Choose all that apply.) a. Gaining access to shares and network resources b. Obtaining user logon names and group memberships c. Discovering services running on computers and servers d. Discovering open ports on computers and servers
a. and b. Gaining access to shares and network resources and obtaining user logon names and group memberships
Which of the following is a well-known SMB hacking tool? (Choose all that apply.) a. SMBRelay b. SMBsnag c. L0phtcrack's SMB Packet Capture utility d. NTPass
a. and c. SMBRelay and L0phtcrack's SMB Packet Capture utility
A vulnerability manager shows a report on Debian applications which are susceptible to a buffer overflow attack. What command will update and manage their RPM packages? a. apt-get b. dir c. yum d. get
a. apt-get
In HTML, each tag has a matching closing tag that is written with which of the following characters? a. forward slash (/) b. semicolon (;) c. backward slash (\) d. ampersand (&)
a. forward slash (/). In HTML, closing tags are denoted by a forward slash followed by the tag name.
To ping sweep a range of IP addresses without using an input file, which command would you use? a. fping -g BeginningIPAddress EndingIPAddress b. fping -g ip_address.txt c. fping -f ip_address.txt d. fping -f BeginningIPAddress EndingIPAddress
a. fping -g BeginningIPAddress EndingIPAddress. This command allows for sweeping a range of IP addresses without the need for an input file.
In the Perl programming language, which of the following keywords is used in front of function names? a. sub b. func c. proc d. declare
a. sub. In Perl, the keyword 'sub' is used before function names to define a subroutine.
A C program must contain which of the following? a. Name of the computer programmer b. A main()function c. The #include header file d. A description of the algorithm used
b. A main()function
Which of the following testing processes is the most intrusive? a. Port scanning b. Enumeration c. Null scanning d. Numeration
b. Enumeration
In a normal TCP session, the sender sends a packet to another computer with which of the following flags set? a. SYN/ACK flag b. SYN flag c. No flag d. Reset flag
b. SYN flag. A normal TCP session initiation begins with a packet with the SYN flag set to initiate a connection.
A network is running SNMP on its system. What can be assumed about the network? a. The network cannot be accessed remotely. b. The network can be accessed remotely. c. The network uses *nix OS. d. The network uses Windows OS.
b. The network can be accessed remotely. SNMP (Simple Network Management Protocol) allows for remote network management and monitoring.
If an attacker decides to implement a less obvious port-scan, or stealth attack, which of the following techniques would be appropriate to make their activities more difficult to detect? a. limit their tool set b. limit scan speeds c. increase the number of target ports d. increase scan speeds
b. limit scan speeds. Limiting scan speeds can help make a port scan less detectable to intrusion detection systems and other network monitoring tools.
A systems administrator is trying to harden an externally facing DNS server and wants to disable every port except for DNS. Which port should they leave open? a. 445 TCP b. 3389 TCP c. 53 UDP d. 1025-1039 TCP/UDP
c. 53 UDP. DNS queries are primarily made using UDP port 53, though DNS can also use TCP port 53 when the response data size exceeds 512 bytes or for DNS zone transfers.
What network security tool, usually included with Kali Linux, allows a user to ping multiple IP addresses? a. Tcpdump b. Nessus c. Fping d. Hping3
c. Fping. Fping is a command-line tool to ping multiple IP addresses and is included in many Linux distributions, including Kali Linux.
What is true of recent versions of Linux? a. Newer versions must be installed directly on the hard drive. b. Newer versions often exclude GUIs and web browsers. c. Newer versions include upgrades that have made Linux easier to use. d. Newer versions are often more complicated to install.
c. Newer versions include upgrades that have made Linux easier to use, including improved user interfaces and additional built-in functionality.
A FIN packet sent to a closed port responds with which of the following packets? a. FIN b. SYN-ACK c. RST d. SYN
c. RST
QUESTION 10 Enumeration is described as a process of discovery. What does this mean? a. Enumeration is the passive process of discovering information. b. Discovering live systems on a network is done through enumeration. c. Using one enumeration tool may lead to a discovery that directs you to use another enumeration tool. d. Currently just one tool exists for enumeration, so other tools are waiting to be discovered.
c. Using one enumeration tool may lead to a discovery that directs you to use another enumeration tool. Enumeration is a process of actively connecting to systems to discover more about the network and what it contains.
In order to get more information about perl command parameters, what command could be used? a. perl -p b. perl -c c. perl -h d. perl -w
c. perl -h. This command displays help information about Perl command line options.
If you do not have access to Nessus, what NMap procedure can be used to help you to gain information about remote *nix hosts? a. script analysis b. range ping c. script scanning d. snmp pinging
c. script scanning. Using NMap's scripting engine (with scripts like smb-os-discovery) can provide detailed information about remote Unix hosts.
The computer names you assign to Windows systems are called which of the following? a. AD Names b. IIS c. NetDDE d. NetBIOS
d. NetBIOS. The NetBIOS name is used to identify network devices over TCP/IP (the standard networking protocol).
Security testers and hackers use which of the following to determine the services running on a host and the vulnerabilities associated with these services? a. Zone transfers b. Zone scanning c. Encryption algorithms d. Port scanning
d. Port scanning
Closed ports respond to a NULL scan with what type of packet? a. FIN b. ACK c. SYN d. RST
d. RST. In a NULL scan, if a port is closed, the target will send an RST packet in response.
What feature implemented in Windows 8.1 prevents the execution of non-trusted boot content, preventing rootkits? a. Hyper-V b. AppLocker c. Windows Defender d. SecureBoot
d. SecureBoot. SecureBoot is a feature in modern Windows operating systems that helps to secure the boot process by preventing the execution of unauthorized boot loaders and kernel mode drivers.
A security professional is debating on whether to invest in Nessus Professional or utilize the free version of the software. Which of these is most important to determining which product to use? a. The number of vulnerabilities that the system most likely has b. Whether or not they need a vulnerability assessment included c. Whether the security professional needs additional training or not d. The number of IP addresses they will be scanning
d. The number of IP addresses they will be scanning. Nessus Professional is licensed per scanner, not per IP.
Nmap has a GUI front end that makes it easier to work with some of the complex options. Which of the following is the Nmap GUI front end? a. Hping b. Fping c. Nmap GUI d. Zenmap
d. Zenmap. Zenmap is the official GUI front end for Nmap and is designed to make it easier to work with Nmap's powerful features.
Carelessly reviewing your program's code might result in having which of the following in your program code? a. branch b. virus c. variable d. bug
d. bug. Carelessly reviewing code can easily leave bugs in the program, which can lead to unexpected behavior or vulnerabilities.
Which of the following C statements has the highest risk of creating an infinite loop? a.while (a > 10) b.while (a < 10) c.for (a = 1; a < 100; ++a) d.for (;;)
d. for (;;)
Looping
The act of repeating a task.
attack surface
The amount of code a computer system exposes to unauthenticated outsiders.
conversion specifiers
The part of code that tells the compiler how to convert the value indicated in a function.
enumeration
The process of connecting to a system and obtaining information such as logon names, passwords, group memberships, and shared resources.
FAT 32
The standard file system for most removable media other than CDs and DVDs
Systems Management Server (SMS)
This service includes detailed hardware inventory, software inventory and metering, software distribution and installation, and remote troubleshooting tools.
