INFO SEC CHAPTER 05-09
<! -- -->
Carl is analyzing the Hypertext Markup Language (HTML) code of a company's website. He would like to identify any comments written in the code. What HTML tag should he search for?
IaaS deployments typically require more capital investment than on-premises deployments.
Carl's organization is considering moving to a cloud-based infrastructure-as-a-service (IaaS) provider. Which of the following statements is NOT true about IaaS deployments?
True
Cloud capacity can be provisioned with greater or fewer resources, based on current client needs.
many audit log settings
Common database vulnerabilities include the following except _______.
SNMPwalk
Darcy would like to gather information from network devices as she performs enumeration. Which tool exploits a common network management protocol to gather information?
False
Databases are rarely a target for attackers because many of them are "unhackable."
False
Default access point (AP) security settings should never be changed.
True
File Transfer Protocol (FTP) is considered an insecure application.
False
Firewalls provide very little protection to a database server.
Pineapple
Frank recently discovered that a rogue wireless network was set up in his building. He discovered that attackers placed a device behind a plant that performs a man-in-the-middle attack against legitimate users. What type of device did Frank discover?
Filtered
Gary is interpreting the results of an nmap scan and discovers ports with a variety of statuses. Which of the following indicates that the port may be accepting connections but a firewall makes it difficult to determine?
True
Google Hacking Database (GHDB) is a database of queries that can be used to conduct a Google web search to identify sensitive data and content.
sanitizing information that is available publicly whenever possible
Google hacking can be thwarted to a high degree by ________.
False
Google hacking is effective because Google indexes small amounts of information in just a few, focused types of formats.
Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)
In wireless networks based on the 802.11 standard, stations transmit their messages using ________.
True
Input validation refers to restricting the type of input or data the website will accept so that mistakes will not be entered into the system.
Regional Internet registries
Which of the following is NOT one of the Internet sources that hackers use to gather information about a company's employees?
Packet sniffing involves the attacker capturing traffic from both ends of a communication between two hosts.
Which of the following is NOT true regarding the use of a packet sniffer?
Superscan
Which of the following is a Windows-based port scanner designed to scan TCP and UDP ports, perform ping scans, run Whois queries, and use Traceroute?
Active fingerprinting
Which of the following is a form of OS fingerprinting that involves actively requesting information from a target system?
Passive fingerprinting
Which of the following is a method of identifying the OS of a targeted computer or device in which no traffic or packets are injected into the network? Attackers simply listen to and analyze existing traffic.
Database
Which of the following is a structured format for storing information for later retrieval, modification, management, and other purposes?
Man-in-the-middle attack
Which of the following is a type of passive online attack?
Precomputed attack
Which of the following is considered an offline attack?
Blog
Which of the following is created for the sole purpose of posting unflattering content about a company?
Weak ciphers or encoding algorithms
Which of the following is directly associated with encryption using short keys or keys that are poorly designed and implemented?
Preshared keys
Which of the following is entered ahead of time for both the access point (AP) and client so they can authenticate and associate securely?
nbtstat
Which of the following is included with every version of Windows and is intended to assist in network troubleshooting and maintenance?
Server administrator
Which of the following is primarily concerned with the security of the web server because it can provide an easy means of getting into the local network?
NoSQL database
Which of the following is the best choice for storing and retrieving massive volumes of data in extremely short periods of time?
Scanrand
Which of the following is unique among network scanners because it can scan ports in parallel using what is known as stateless scanning?
Bluebugging
Which of the following is used to make calls or send text messages from the targeted device?
Bluesnarfing
Which of the following is used to steal data from a Bluetooth-enabled mobile device?
They are specific to only one vendor's database and cannot force the application to reveal restricted information.
Which of the following statements is NOT true regarding Structured Query Language (SQL) injections?
During the enumeration phase, the attacker runs a series of port scans on a system.
Which of the following statements is NOT true regarding enumeration?
Companies should attempt to keep all information secret.
Which of the following statements is NOT true regarding information in a public company?
Warchalking
Which of the following techniques is not used to locate network access points but to reveal the presence of access points to others?
Platform as a Service (PaaS)
Which of the following typically refers to a virtual environment in the cloud in which a client rents access to a virtual infrastructure and to certain preinstalled software components?
Service set identifier (SSID)
Which of the following uniquely identifies a wireless network, thereby ensuring that clients can locate the correct wireless local area network (WLAN) they should be attaching to?
Poison null byte attack
Which of the following web application attack methods passes special characters that a script may not be designed to handle properly, resulting in the script granting access where it should not otherwise be given?
802.11g
Which standard combines the best of both 802.11a and 802.11b?
WiMAX
Which technology is specifically designed to deliver Internet access over the "last mile" to homes or businesses that may not otherwise be able to get access?
Bluetooth
Which technology was designed to be a short-range networking technology (up to 10 meters) that could connect different devices together?
TCP connect scan
Which type of TCP scan is the most reliable but also the easiest to detect?
SYSTEM
Which user account gets nearly unlimited access to the local system and can perform actions on the local system with little or no restriction?
Long-lived sessions
Which web session vulnerability is directly associated with sessions that remain valid for periods longer than they are needed?
802.11
Wi-Fi is a trademark, owned by the Wi-Fi Alliance, that is used to brand wireless technologies that conform to the ________ standard.
True
Wireless LANs are built upon the 802.11 family of standards and operate in a similar manner to wired networks.
True
Wireless networks use radio frequency (RF) or radio techniques, which allows wireless transmissions to reach out in all directions, enabling connectivity but also allowing anyone in those directions to eavesdrop.
False
It is much harder to detect active OS fingerprinting than passive OS fingerprinting.
SYN flooding
Quentin is analyzing an attack against his organization. He noticed that the traffic associated with the attack contains many Transmission Control Protocol (TCP) connection requests where the handshake was not completed. What type of attack most likely took place?
True
Rainbow tables compute every possible combination of characters prior to capturing a password.
multiple input and multiple output (MIMO)
The 802.11n standard can transmit multiple signals across multiple antennas. This method of transmitting signals is called ________.
Wi-Fi
The IEEE 802.11 family of standards, which include 802.11g, 802.11n, and 802.11ac, is known collectively in standard jargon as ________.
delegate resources as needed to customers, who include Internet service providers (ISPs) and end-user organizations
The Internet Assigned Numbers Authority (IANA) delegates Internet resources to the Regional Internet Registries (RIRs), which then ________.
True
The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the Domain Name System (DNS) root, IP addressing, and other Internet protocol resources.
Ping scan
The Nmap -sP option performs which of the following scans?
True
The Nslookup tool lists Domain Name System (DNS) nameservers.
True
The Regional Internet Registry responsible for North America, including the United States, is the American Registry for Internet Numbers (ARIN).
lists all top-level domains, such as .com, and also shows two-character country codes
The Root Zone Database page of Internet Assigned Numbers Authority (IANA) ________.
False
The Security Account Manager (SAM) is a file that resides on the network, not on the hard drive, and is not actively accessed while Windows is running.
True
The Whois tool is primarily used to verify whether a domain name is available or whether it has been registered.
the NULL session
The Windows operating system feature used to give access to certain types of information across the network is _________.
False
The amount of personal information that people put online themselves has made gathering information on human beings more difficult.
the Security Account Manager (SAM)
The database on the local Windows system that is used to store user account information is called ________.
True
The first step in port scanning is the gathering of information about the range of Internet protocols in use by the target.
802.11b
The first widely adopted wireless technology was ______.
True
The goal of defacing a website is to embarrass the website owner, make a statement, or just be a nuisance.
True
The goal of enumeration is to determine the value a system possesses.
True
The inSSIDer wireless hacking tool can inspect a wireless local area network (WLAN) and surrounding networks to troubleshoot competing access points (APs).
True
The inurl string is a Google keyword used to search within a site's uniform resource locator (URL).
management, distribution, and registration of public Internet Protocol (IP) addresses within their respective assigned regions
The manual method of obtaining network range information requires the attacker to visit at least one or more of the Regional Internet Registries (RIRs), which are responsible for ________.
False
The mere existence of an open port means vulnerability exists.
True
The p0f tool is commonly used to perform passive OS fingerprinting.
OS fingerprinting
The practice of identifying the operating system of a networked device through either passive or active techniques is called ________.
True
With passive fingerprinting, there's a lower chance of the victim detecting and reacting to the impending attack.
Poor end-user training
Which of the following is NOT considered a vulnerability of web servers?
False
Brute-force attacks are quick but rarely successful.
False
Active OS fingerprinting allows an attacker to obtain information about a target without triggering network defensive measures such as a firewall.
covering tracks
Attackers' attempts to stop their attacks from being detected are referred to as ________.
True
Brutus is a password cracker designed to decode different password types present in web applications.
are faster than manual methods
Automated methods for obtaining registrar network range information for a company ________.
True
A Bluetooth discoverable device could allow an attacker to attach to a Bluetooth device undetected and steal data from it easily.
False
A brute-force attack tries passwords that are pulled from a predefined list of words.
True
A buffer overflow associated with an web application can result in data being corrupted or overwritten.
True
A countermeasure for protecting domain information is to keep registration data as generic as possible.
True
A database linked to a web application can make a website and its content much easier to maintain and manage.
False
A denial of service (DoS) attack is considered a critical problem because it is very difficult to defeat.
False
A distributed denial of service (DDoS) attack is mostly an annoyance; however, a denial of service (DoS) attack is much more of a problem.
True
A good way to prevent Structured Query Language (SQL) injection attacks is to use input validation, which ensures that only approved characters are accepted.
True
A key characteristic of footprinting is that it gathers information about a victim without directly interacting and potentially providing advance notice of the attack.
True
A keystroke logger is software designed to capture a user's keystrokes, which are retrieved by an attacker later on.
the end or clearing of a connection
A packet flagged with the FIN flag signals ________.
False
A password length of 8 characters is considered to be the current standard.
True
A ping is actually an Internet Control Message Protocol (ICMP) message.
False
A poison null byte attack uploads masses of files to a server with the goal of filling up the hard drive on the server in an attempt to cause the application to crash.
True
A rootkit can provide a way to hide spyware so it is undetectable even to those looking for it.
True
A rootkit is typically unable to hide itself from detection, which makes the device easy to locate.
False
A session, the connection that a client has with a server application, should use the same identifier, encryption, and other parameters every time a new connection between the client and server is created.
True
A site administrator can block the Internet Archive from making snapshots of the site
True
A website's source code or HTML might prove valuable to a hacker.
True
Active fingerprinting contacts the host; passive fingerprinting does not.
False
Active fingerprinting takes longer than passive fingerprinting.
tools used to change passwords
Active@ and Trinity Rescue Kit are examples of ________.
True
Ad hoc networks can be created quickly and easily because no access point (AP) is required in their setup.
False
Ad hoc wireless networks are networks that use an access point (AP) that each client associates with.
True
After an attacker has performed enumeration, he or she can begin actually attacking the system.
1433
Alina is preparing to scan a Microsoft SQL Server database server for open ports. What port should she expect to find supporting the database service?
True
Although larger databases are likely to be on an administrator's radar, smaller ones that get bundled in with other applications can easily be overlooked.
False
An access point (AP) is a device that wired clients associate with in order to gain access to the network.
disabling auditing
An attacker can deprive the system owner of the ability to detect the activities that have been carried out by ________.
True
An attacker can steal a social media user's personal information after a user clicks on a malicious video link.
employ a commonly available proxy service to block the access of sensitive domain data
An effective countermeasure an organization can take to protect domain information is to ________.
False
An effective method for uncovering database vulnerabilities is to consider security problems simply from an insider's perspective, rather than an outsider's perspective.
the access point (AP)
An item that is present in wireless networks but not in wired networks is ________.
True
An organization's website is often the public face of the organization that customers see first.
True
Atmospheric conditions, building materials, and nearby devices can all affect emanations of wireless networks.
Bluejacking
Bruce is investigating a security incident in which attackers exploited weaknesses in the Bluetooth protocol to make messages appear on device screens. He does not believe any information was taken. What type of attack most likely occurred?
flags
Bits that are set in the header of a packet, each describing a specific behavior, are called ________.
False
Bluetooth devices cannot be secured.
True
Bluetooth employs security mechanisms called "trusted devices," which have the ability to exchange data without asking any permission because they are already trusted to do so.
Rainbow table
Brenda believes an attacker was using precomputed password hashes to attempt an attack against her network. What type of attack uses this approach?
adding unnecessary information to the website to throw attackers off the trail
Countermeasures to thwart footprinting of an organization's website include all of the following except ________.
Users
Devki would like to add a user to a group that allows one-time ordinary users to run applications and access local resources. After the user logs out, the profile is deleted. Which Windows Active Directory security group should she use?
140/tcp
Diego is concerned about attackers targeting his Windows servers using the NetBIOS protocol and wants to block use of that protocol at the firewall. Which of the following ports does Diego NOT need to block to prevent NetBIOS access?
True
During the enumeration phase of an attack, the attacker may employ techniques used to determine the placement and capabilities of countermeasures.
True
Early networks did not resemble the networks in use today because they were mainly proprietary and performed poorly compared with today's deployments.
True
Error messages should be considered a potential web server vulnerability because they can provide vital information to an attacker.
False
Exploiting a NULL session is difficult because it requires a long list of commands.
social media
Facebook, LinkedIn, and Twitter are ________ sites.
Xprobe2, an active OS fingerprinting tool, determines definitively which operating system is running on a system.
False
XMAS tree
Harry is analyzing inbound network traffic and notices a TCP packet that has the FIN, PSH, and URG flags set at the same time. Which type of scan is most likely occurring?
Web server version
Hunter collected the following banner information from a web server in his environment. What type of information can he determine solely by analyzing this banner?
True
If a database application does not require a specific port, changing it to a nonstandard port may provide additional protection.
True
In an NTFS file system, Alternate Data Streams (ADSs) are nondefault places to store data.
True
In networks based on the Ethernet standard (802.3), stations transmit their information using the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) method.
True
In the Windows operating system, the NetBIOS service is commonly targeted by attackers because diverse information can be obtained, including usernames, share names, and service information.
True
In wireless networks based on the 802.11 standard, stations transmit their information using the Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA).
-Pn (Don't Ping)
Jake is using nmap to scan a system that he believes blocks ICMP packets. He believes the TCP scan is not taking place because of this behavior. What flag can he use to bypass the ping portion of the scan?
Secure Sockets Layer (SSL)
Juan is analyzing the security of a website that he administers. Which of the following configurations is insecure and requires immediate remediation?
SMTP
Katie used nmap to scan a server running in her organization and received the following results. Which of the following services is not running on this system?
Server-side input validation
Keith is concerned about the frequency of SQL injection attacks against his organization's web applications. Which countermeasure is the best defense Keith can implement against SQL injection?
Mail servers
Kendra performed the nslookup commands shown in the image. What type of servers are identified in these results?
Wi-Fi Protected Access version 2 (WPA2)
Kolin is deploying a new wireless network and wants to use the strongest possible encryption. What encryption protocol should he select?
Tracert
Larry is attempting to identify the network route between two Windows systems. What command can he use on one system to identify the network path to the second system?
nbtstat -S
Lin is analyzing a system. She wishes to list all established NetBIOS sessions between that system and other networked systems. What command can she use to achieve this goal?
802.11ac
Maureen is planning a new wireless network. She wants to ensure she supports a modern wireless standard with dual-band technology and superior performance. Which of the following standards should she support?
True
Media access control (MAC) address filtering is a way to enforce access control on a wireless network by registering the MAC addresses of wireless clients with the access point (AP).
True
Most Internet of Things (IoT) devices use wireless network connections to join the local network.
True
Most of the services and processes that run on the Windows operating system run with the help of a user account.
False
Most users of social networking sites are diligent about protecting their personal information through privacy settings and similar configuration options available on these sites.
software tools for performing audits on databases
NCC SQuirreL and AppDetectivePro are ________.
False
NetStumbler is the only wireless hacking tool that can perform wireless network scanning.
False
Network range data from a registrar is useful to the associated company but not an attacker.
Whois
Nick is attempting to find the owner of a domain name. Which of the following would best assist him with this task?
True
Nmap can be used with or without a graphical user interface.
True
Nmap is valuable in OS fingerprinting as well as port scanning.
False
Obtaining financial information on companies operating in the United States is difficult because financial records on publicly traded companies are not available to the public.
True
Offline attacks are a form of password attack that relies on weaknesses in how passwords are stored on a system.
False
Offline attacks can be carried out using two methods: packet sniffing or man-in-the-middle and replay attacks.
cloud computing
Offloading services from a local intranet to the Internet can be done by using ________.
EDGAR
Tonya is conducting reconnaissance of a company that is the target of a penetration test. She would like to search for the company's financial filings with the SEC. What database should she use?
False
Over time, corporations have been moving fewer and fewer services to the cloud.
True
Password cracking is used to obtain the credentials of an account with the intent of using the information to gain access to the system as an authorized user.
True
Placement of an access point (AP) is an important security consideration in defending a wireless network.
False
Placing a backdoor on a system prevents an attacker from coming back later in an attempt to take control of the system.
True
Port scanning is designed to probe each port on a system in an effort to determine which ports are open.
perform actions on a system with fewer restrictions and perform tasks that are potentially more damaging
Privilege escalation gives the attacker the ability to ________.
False
Privilege escalation refers to changing account privileges to decrease access and increase restrictions.
True
Traceroute identifies the path to a targeted website.
False
Sanitizing a web posting refers to a company deleting information that others may find offensive.
True
Security professionals use the results of OS and network scanning activities to identify weaknesses in their environment.
nontechnical password attacks
Shoulder surfing, keyboard sniffing, and social engineering are considered ________.
True
SolarWinds has the ability to generate network maps.
True
Some organizations inadvertently put information from insecure applications on the Web.
False
Structured Query Language (SQL) injections require very little skill or knowledge to execute.
True
The process of active OS fingerprinting is accomplished by sending specially crafted packets to the targeted system.
True
The purpose of OS fingerprinting is to determine the operating system that is in use on a specific target.
security identifier (SID)
The unique ID assigned to each user account in Windows that identifies the account or group is called a(n) ________.
False
The widespread availability of wireless has made management and security much easier for the network and security administrator.
False
User Datagram Protocol (UDP) acknowledges each connection attempt; Transmission Control Protocol (TCP) does not, so it tends to produce less reliable results.
True
User Datagram Protocol (UDP) is harder to use for port scans successfully than Transmission Control Protocol (TCP).
False
Using the information obtained from wardriving to gain unauthorized access to a network is legal.
Time of day
Vincent is performing a wireless environment analysis and wishes to identify factors that affect signal propagation. Which factor is least likely to impact wireless signals?
True
Wardroning is a type of wireless attack in which an attacker uses a drone with a Global Positioning System (GPS) receiver and wireless detection adapter to monitor detected wireless signals.
Wardriving
What is the process of locating wireless access points and gaining information about the configuration of each?
Cross-site scripting (XSS)
What type of attack relies on a variation of the input validation attack but has the goal of going after a user instead of the application or data?
Defects and misconfiguration risks
Which category of risk inherent with web servers includes risks such as the ability to steal information from a server, run scripts or executables remotely, enumerate servers, and carry out denial of service (DoS) attacks?
Process isolation
Which of the following database protection methods provides extra protection against catastrophic failure of a system by ensuring that one process crashing will not take others with it?
Promiscuous clients
Which of the following is NOT a countermeasure to threats against wireless LANs?
Warflying
Which of the following is NOT a form of short-range connectivity attack?
Xprobe2
Which of the following is NOT a network mapping tool?
Set up a deny all access control to block all traffic to all ports unless such traffic has been explicitly approved.
Which of the following is NOT a step in planning an attack on a target?
Internet Assigned Numbers Authority (IANA)
Which of the following is NOT considered a readily available source of financial information on publicly traded U.S. companies?
Company logos
Which of the following is NOT considered a source from which valuable information can be gleaned about an intended target?
Wardialing
________ is a technique that has existed for more than 25 years as a footprinting tool and involves the use of modems.
A ping sweep
________ is the process of sending ping requests to a series of devices or to an entire range of networked devices.
Nslookup
________ refers to a program to query Internet domain name servers?
Rootkit
________ refers to software designed to alter system files and utilities on a victim's system with the intention of changing the way a system behaves.
Whois
________ refers to the software designed to query databases to look up and identify the registrant of a domain name.