Final Study Guide

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which Linux folder holds the password and shadow files?

/etc

A security professional gains access to a SAM file that is protected with SYSKEY and wants to use a program named Syscraker to decrypt the SAM file and run the hashes through a password cracker. How many bits does SYSKEY use for encryption?

128

The IP address 132.58.90.55/20 is given for a machine your team is to test. Which of the following represents an address within the same subnet?

132.58.88.254

A junior security employee tells you a web application has halted. An examination of the syslog shows an entry from the web application indicating the canary word has been altered. What does this message indicate?

A buffer overflow was attempted but failed

Which of the following has a database containing thousands of signatures used to detect vulnerabilities in multiple operating systems?

Nessus

While pen testing a client, you discover that LM hashing, with no salting, is still engaged for backward compatibility on most systems. One stolen password hash reads 9FAF6B755DC38E12AAD3B435B51404EE. Is this user following good password procedures?

No, the hash reveals a seven-character-or-less password has been used

What is the difference between offline attack and nonelectronic attack for password attack?

Offline attack uses password cracking tools on hashed passwords, while nonelectronic attack uses social engineering

Which of the following HTTP method is used to send data in HTTP request body?

POST

Considering making a password that is not easy for cracking, which of the following is the most important for making a strong password?

Password length

What kind of attack is made through the above URL?

Path traversal

Which of the following are true regarding a pen test? (Choose all that apply)

Pen tests may include unannouced attacks against the network Pen tests always have a scope

Cleaning registry entries and removing uploaded files and tools are part of which phase of a pen test?

Post-attack

In which phase of a pen test would you compile a list of vulnerabilities found?

Post-attack

In which phase of a pen test is scanning performed?

Pre-attack

What are the three phases of a pen test?

Pre-attack, attack, post-attack

What marks the major difference between a hacker and an ethical hacker (pen test team member)?

Predefined scope and agreement made with the system owner

In the "Gaining Access" phase, the attacker tries to do what?

Privilege escalation Password cracking

Which of the following challenges can be solved by firewalls?

Protection against scanning

Web application are used to

Provide dynamic content

A _____________ is an offline attack.

Rainbow attack

What type of database uses multiple tables linked together in complex relationships?

Relational

Metasploit is a framework allowing for the development and execution of exploit code against a remote host and is designed for use in pen testing. The framework consists of several libraries, each performing a specific task and set of functions. Which library is considered the most fundamental component of the Metasploit framework?

Rex

Which of the following is another name for a record in a database?

Row

A _______________ is a file used to store passwords

SAM

can be used to attack databases

SQL injection

Which of the following statements is (are) true?

SQL injection is an example of injecting into interpreted context Injecting via Perl an example of injecting into interpreted context

______________ is used to partially encrypt the SAM

SYSKEY

NTLM provides what benefit versus LM?

Security

Which security assessment is designed to check policies and procedures within an organization?

Security audit

Which character is the best choice to start an SQL injection attempt?

Single quote

Which of the following would be considered a passive online password attack?

Sniffing subnet traffic to intercept a password

A security staff is preparing for a security audit and wants to know if additional security training for the end user would be beneficial. Which of the following methods would be the best option for testing the effectiveness of user training in the environment?

Social Engineering

A pen test member is experimenting with a web form on a target website and receives the following error message:Microsoft OLE DB Provider for ODBC Drivers error '80040e08' [Microsoft] {OBDC SQL Server Driver}What might this error indicate?

The application may be vulnerable to SQL injection

Additionally, no alerts have displayed in the Snort logs concerning a possible attack on the web application. Which of the following might explain the attack in play?

The attacker has copied the source code to his machine and altered hidden fields to modify the purchase price of the items

A security administrator monitoring logs comes across a user login attempt that reads "UserJoe)(&)." What can you infer from this username login attempt?

The attacker is attempting LDAP injection

You are examing IDS logs and come accross the following entry:Mar 20 10:31:07 (1123): IDS1661/NOPS-x86: 64.118.55.64:1146->192.168.119.56:53What can you infer from this log entry?

The attacker is attempting a buffer overflow against 192.168.119.56

In LM hash, if you see second half of the hash value is AAD3B435B51404EE, what does it mean?

The password is only 7-char long

Two pen testers are attempting to crack hash values found in a password file. The first tester uses a rather large file containing a list of possible passwords. The second uses a similar list but configures the cracker to substitute numbers and symbols. Which of the following statements is true?

The second tester is performing a hybrid attack

The attacker then clicks the Search button and a pop-up appears stating "It Worked." What can you infer from this?

The site is vulnerable to XSS.

There are 5 folder like structures displayed at the top level of Windows registry. What are these?

These are root level keys

What will happen when someone supplies the following username and any password (in HTML page username and password text box fields): admin'--

This user can log in as admin assuming admin is a user in the system

Which of the following causes a potential security breach?

Threat

Which type of security assessment notifies the customer of vulnerabilities but does not actively or intentionally exploit them?

Vulnerability assessment

Which command is used to query data in SQL Server?

WHERE SELECT from

SOAP is used to package and exchange information for web services. What does SOAP use to format this information?

XML

How can you mitigate XSS vulnerabilities?

You can filter user input at server side by using input validation Database query output data should be HTML-encoded to sanitize potentially malicious chars Do not insert untrusted user input data into your HTML document

Where is SAM file stored on Windows PC?

\Windows\system32\config

You decided to hide a few files from casual browsing on a Windows XP box. Which command will successfully engage the hidden attribute on file.txt?

attrib +h file.txt

A malicious file has been hidden inside a text file on the system. Which command would be used to extract the malicious file for use on the system?

cat filename.txt$badfile.exe > badfile.exe

You want to assign all privileges to the user, only read and write to the group, and only read access for all others for file1. Which command will accomplish this?

chmod 764 file1

which command is used to remove a table from a database?

drop table

Which command can be used to access the command prompt in SQL Server?

xp_cmdshell

What is the phase after "Gaining Access" in system attack phases?

Maintaining access

What can an error message tell an attacker?

All of the above

Which of the following tests is generally faster and costs less but is susceptible to more false reporting and contract violation?

Automatic

Which Metasploit payload type operates via DLL injection and is difficult for antivirus software to pick up?

Meterpreter

Alternate Data Streams (ADS) requires what to be present?

NTFS

Input validation is used to prevent which of the following

Bad input SQL injection

You have successfully acquired a copy of the password hashes from a Windows XP box. In previous enumerations, you've discovered the network policy requires complex passwords of at least eight characters. Which of the following offline password attacks would be best suited to discovering the true passwords?

Brute force

How is a brute-force attack performed?

By trying all possible combinations of characters

Where is the SAM file stored on a Windows 7 system?

C:\Windows\System32\Config

Which of the following is a scripting language?

CGI

EC-Council defines six stages of scanning methodology. Which of the following correctly lists the six steps?

Check for live systems, check for open ports, perform banner grabbing, scan for vulnerabilities, draw network diagrams, prepare proxies

Databases can be a victim of code exploits depending on

Configuration

Which of the following would be a good choice for an automated penetration test? (Choose all that apply)

Core Impact CANVAS

Alternate Data Streams are supported in which file system?

NTFS

If a domain controller is not present, what can be used instead?

NTLMv2

SQL injection attacks are aimed at which of the following?

Databases

http://www.example.com/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows\system32\cmd.exeWhat type of attack is in use?

Directory traversal

What type of database has its information spread across many disparate systems

Distributed

What is the main problem that Kerberos solved?

Doing authentication without transferring password in cleartext over the network

Which of the following may be effective countermeasures against an inside attacker?

Enforce elevated privilege control Secure all dumpsters and shred collection boxes Enforce good physical security practice and policy Perform background checks on all employees

Which of the following would you find in a final report from a full penetration test? (Choose all that apply)

Executive summary A list of findings from the test The names of all the participants

As HTTP POST can send HTML form data in HTTP request body, it is great for transferring data to the web server. Thus HTTP POST is a secure way to transfer data and HTTP GET is not a secure way to transfer data. Is the above statement true?

False

You can do this by scanning the URL only once and removing ../ or ..\ from the URL in web application code. Is the above statement true?

False

Which of the following would be considered an active online password attack?

Guessing passwords against an IPC$ share

A _____________ is used to store a password in a format that is not easily reversible.

Hash

Browsers do not display

Hidden fields

Joe is part of a penetration test team and is starting a test. The client has provided him a system on one of their subnets but did not provide any authentication information, network diagrams, or other notable data concerning the systems. Which type of test is Joe performing?

Internal, black box

What is inside a Makefile?

It has instruction/scripts for compiling source code

When sending data to web server using HTTP GET method, where is the data in HTTP request?

It is part of the URL

XSS attack can be used to steal the session token of a legitimate user. What is session token?

It is usually browser cookie

When a user searches for all books published by Wiley, the application performs the following query on its backend database

It return a list of books published by all publishers, not just Wiley

Which system should be used instead of LM or NTLM?

Kerberos

A _____________ is a hash used to store passwords.

LM

On newer Windows systems, what hashing mechanism is disabled?

LM

Which of the following Windows password hashing scheme is the weakest?

LM hash

An administrator installs IIS with all default settings. A pen tester is successful in running a buffer overflow attack, and the server spawns a shell for his use. Under which privileges will the shell run?

LOCAL SYSTEM

A good defense against password guessing is __________

Long and complex passwords

Which hash algorithm is used by NTLMv2?

MD5


Ensembles d'études connexes

Itc Ch 1 test, ITC ch2 test, Ch 3 test (itc), CH4 test ITC

View Set

EMT Chapter 32- Environmental Emergencies

View Set

Chapter 6 Connect: Merchandising Operations and the Multistep Income Statement

View Set

Managing People & Work: Exam 1 Study Guide

View Set