Ethical hacking final prep
You work for a company as a security professional and have been given a new server. You plan to use it to connect the company's 24 client computers to the Internet for e-mail access. Currently, not one of these computers has antivirus software installed. Your research indicates that there is a 95 percent chance these systems are without antivirus. A local vendor has offered to sell you licenses for 25 copies for $400 with the promise you will consider him for future business. Even though the company's 10 paid employees make only about $9 an hour, there's a good chance that a virus could bring down the network for an entire day. This company would like you to calculate the ALE. How will you answer?
$684
Which Nmap scan option scans ports in consecutive order?
-r
You have just captured some TCP traffic. In the TCP session, you notice that the SYN flag is set and that the sequence number is 0BAA5001. The next packet has the SYN ACK flag set. What should the acknowledgment value be?
0BAA5002
which of the following is a Class D address
224.0.0.0
You have been asked to examine the following project details: 24 computers connected to the Internet 95 percent probability of virus infection 10 paid employees who make $9 an hour A successful virus outage could bring down the network for an entire day 25 copies of antivirus software will cost the nonprofit $399 The CEO would like to know what amounts, if any, will be saved through the purchase of antivirus software. What amount can you tell the CEO?
285
Which of the following indicates an ICMP destination unreachable type?
3
You have been asked to capture data going to a SYSLOG server. What port should you filter on?
514
Which of the following is the correct forumla for ALE
ALE = SLE * ARO
During a security review you have discovered that there are no documented security policies for the area you are assessing. Which of the following would be the most appropriate course of action?
Identify and evaluate currrent practices
If no flags are set at all, the flags can be referred to as which of the following?
NULL
Which of the following is not one of the TCP flags?
NULL
During a footprinting exercise, you are asked to look up whois information for a company in Czech Republic. Which of the following RIRs should be used?
RIPE
Which of the following is considered the first pre-attack phase and is a systematic attempt to locate, gather, identify, and record information about the target?
Reconnaissance and footprinting
You have been asked to perform a penetration test for a local company. You have had several meetings with the client and are now almost ready to begin the assessment. Which of the following is the document that would contain verbiage which describes what type of testing is allowed and when you will perform testing and limits your liabilities as a penetration tester?
Rules of engagement
You have captured data from a client to an HTTP server and would like to use Wireshark to filter for the first step of the TCP handshake. Which of the following TCP flags is set?
SYN
Firewalls can filter by port numbers, session state, or by TCP flags such as SYN, ACK, and FIN. On which layer of the OSI model are these items found?
Transport
Which of the following is the correct type for a ping request?
Type 8
This application uses clear-text community strings that default to public and private. Which of the following represents the correct port and protocol?
UDP 161
Which version of SNMP uses encryption?
Version 3
Which of the following scan types sets the FIN, URG, and PSH flags to an on value?
XMAS scan
Attackers sometimes hang on to unknown vulnerabilities until they can be used in an attack that has no known defense or patch. Some might call Flame and Stuxnet these types of attacks. Which of the following offers the best description?
Zero day
Because of findings discovered during a penetration test, you have been asked to investigate biometric authentication devices. Which of the following represents the best system to install?
a system with a low CER
SYSLOG is a well-known program that is used for transporting event messages. Programs such as SYSLOG are found at what layer of the OSI model?
application
Which of the following is not one of the three items that security is based on?
authentication
Who are the individuals who perform legal security tests while sometimes performing questionable activities?
gray hat hackers
Which individuals believe that hacking and defacing websites can promote social change?
hacktivists
Which of the following items is most closely associated with tools such as Tripwire and MD5sum?
integrity
During a penetration test, you are asked to collect information using specific Google search strings. Which of the following directs Google to search for a term within the title of a document?
intitle: " Index of .etc passwd
During a penetration test, you are asked to collect information using specific Google search strings. Which of the following directs Google to search for hyperlinks within a URL?
link: www.knowthetrade.com
Session splicing is on offset of fragmentation and a well-known IDS evasion technique. As such, which layer of the OSI model deals with fragmentation and session splicing?
network
Your client has asked you to run an Nmap scan against the servers they have located in their DMZ. They would like you to identify the OS. Which of the following switches would be your best option?
nmap -O
Which of the following OS fingerprint tools functions by passively listening on the network interface for traffic and then matching it to a known profile in a database?
p0f
This type of security test usually takes on an adversarial role and looks to see what an outsider can access and control.
penetration test
ICMP is a valuable tool for troubleshooting and reconnaissance. What is the correct type for a ping request and a ping response?
ping request type 8, ping reply type 0
Which of the following best describes passive information gathering?
reconnaissance
You have just performed an ACK scan and have been monitoring a sniffer while the scan was performed. The sniffer captured the result of the scan as an ICMP type 3 code 13. What does this result mean?
the port is filtered at the router
You have successfully extracted the SAM from a Windows server. Is it possible to determine whether an LM hash that you're looking at contains a password fewer than eight characters long?
the rightmost portion of the hash will always have the same value
While searching a website, you have been unable to find information that was on the site several months ago. What might you do to locate that information?
use the wayback machine