Intrusion Detection- Ethical Hacking

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

In hexadecimal, what does the character E represent?

14

An individual wants to switch from using Hypertext Transfer Protocol (HTTP) to a more secure protocol. To which port are they most likely to switch?

443

What is a Class B IP address typically used for?

. Large organizations and ISPs

Which of the following is a method of educating network users to minimize the damage and the frequency with which computers become infected?

All of the answer choices are methods of educating users to minimize the damage and the frequency with which computers become infected.

Which term best describes a hash or code pattern that antivirus software companies use to compare known viruses to every file on a computer?

signatures

Which of the following is a malicious computer program that replicates and propagates itself without having to attach to a host?

worm

How many host addresses can be assigned with a subnet mask of 255.255.255.0?

254

What IPv4 address class has the IP address 221.1.2.3?

Class C

Which class of IP addresses are reserved for multicast and experimental addressing?

Class D and Class E

What federal law makes it illegal to intercept any type of communication, regardless of how it was transmitted?

Electronic Communication Privacy Act

What is the greatest advantage of whitelisting?

Helps prevent malicious code from being introduced into corporate networks

What advantage does subnetting offer?

Increased Security

What layer, in the TCP/IP stack, is responsible for routing a packet to a destination address?

Internet

What type of physical security device can be used by both security professionals and attackers?

Keyloggers

What term references half a byte?

Nibble

What advanced professional security certification requires applicants to demonstrate hands-on abilities to earn their certificate?

Offensive Security Certified Professional

What type of network attack relies on guessing a TCP header's initial sequence number, or ISN?

Session hijacking

Why are hackers able to bypass some security systems using IPv6?

Some router-filtering devices, firewalls, and intrusion detection systems (IDSs) are not configured to enable IPv6.

What does the acronym TCP represent?

Transmission Control Protocol

Why is UDP widely used on the Internet?

UDP is widely used because of its speed.

In the TCP/IP stack, what layer is concerned with physically moving bits across the network's medium?

Network

What connection-oriented protocol is utilized by the Transport layer?

TCP

What is the function of the Domain Name System?

The DNS server resolves the name of a URL to an IP address.

What IP address is used as a loopback address and is not a valid IP address that can be assigned to a network?

127 address

In binary, what is the largest number that can be represented by four low-order bits?

15

What is the decimal equivalent of the binary number 11000001

193

How many characters are required to write a hexadecimal number?

2

How many host computers can be assigned a valid IPv4 address when using a CIDR /24 prefix?

254

Approximately how many IP addresses are allowed under IPv4?

4.3 billion

What port does the Domain Name System, or DNS service use?

53

How many bits are needed to represent a character in base-64?

6

What is the largest digit in an octal number?

7

What derogatory title do experienced hackers give to inexperienced hackers who copy code or use tools created by knowledgeable programmers without understanding how the tools work?

packet monkey

If an attacker wishes to collect confidential financial data, passwords, PINs and any personal data stored on your computer which of the following programs would they choose to use?

spyware

How can a security tester ensure a network is nearly impenetrable?

unplug the network cable

Even though a security professional might think they are following the requirements set forth by the client who hired them to perform a security test, management may be dissatisfied. Which of the following is an example of an ethical hacking situation that might upset a manager?

The security testing reveals all the usernames and passwords of company personnel to the tester without the manager's prior consent.

If the low-order bit is turned on in a binary digit, what can be assumed?

The value is odd

What is true regarding physical network security?

There's a higher chance of threat from insiders within a company versus outsiders.

Why should a security professional fully understand the TCP header components?

To understand the basic methods of hacking into networks

In the TCP/IP stack, what layer is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP header?

Transport

What type of malicious computer programs present themselves as useful computer programs or applications?

Trojan programs

How can a nondisclosure agreement allay management fears about password discovery?

Correct. A nondisclosure agreement (NDA) should be in place to assure clients that testers will not reveal or use any information they find.

What may occur when a broadcast address is mistaken as a valid host address?

Denial-of-service attack.

What specific term does the U.S. Department of Justice use to label all illegal access to computer or network systems?

Hacking

What is the difference between penetration tests and security tests?

In a penetration test, an ethical hacker attempts to break into a company's network or applications to find weak links. In a security test, testers do more than attempt to break in; they also analyze a company's security policy and procedures and report any vulnerabilities to management.

Which of the following actions could be prosecuted under the Stored Wire and Electronic Communications and Transactional Records Act?

Incorrect. The Economic Espionage Act offers trade secret protection to both businesses and the government

Why have some judges dismissed charges for those accused of port scanning?

Incorrect. The federal government currently doesn't view port scanning as a violation of the U.S. Constitution.

Why might companies prefer black box testing over white box testing?

Many companies don't want a false sense of security.

Which type of security is specifically concerned with computers or devices that are part of a network infrastructure?

Network Security

An application is working with real-time data and needs the data to be sent immediately. Which flag should be set to accomplish this?

PSH Flag

What type of attack causes the victim's computer to crash or freeze when the attacker delivers an ICMP packet that is larger than the maximum allowed 65,535 bytes?

Ping of Death

What is the logical component of a TCP connection that can be assigned to a process that requires network connectivity?

Port

What port would a successful Trojan program most likely use?

Port 53

Which type of attack is being carried out when an attacker joins a TCP session and makes both parties think he or she is the other party?

Session hijacking

Which of the following statements about port scanning is true?

Some states consider port scanning as noninvasive or nondestructive in nature and deem it legal

What can be inferred about successful security professionals?

Successful security professionals have a combination of technical and soft skills.

What protocol is the most widely used and allows all computers on a network to communicate and function correctly?

TCP/IP

Why should a company employ an ethical hacker?

The benefit of an ethical hacker discovering vulnerabilities outweighs the cost of paying for the penetration/security test services.

What numbering system is used by computer engineers to make computers, and why was this numbering system selected?

The binary number system was chosen because logic chips make binary decisions (true/false, on/off).

Which of the following might be a violation of a contract between an independent contractor and a company that hires them to run security tests?

The independent contractor runs a program that prevents the employees from doing their jobs.

Which of the following is a possibility when you work as a security professional?

All are possibilitites

What layer protocols operate as the front end to the lower-layer protocols in the TCP/IP stack?

Application

Why is it a challenge and concern for an ethical hacker to avoid breaking any laws

The laws are constantly changing.

How do spyware and adware differ?

The main purpose of adware is to determine a user's purchasing habits, but spyware sends information, including confidential information, from the infected computer to the attacker.

Communication between two devices is not properly functioning. What is the most likely cause of the communication issues?

The protocols on each device differ.

Which of the following program files would most likely not be included in a whitelist?

Unknown.exe

The most insidious attacks against networks and computers worldwide take place via Trojan programs. Why do Trojan attacks continue to occur?

Users simply click Allow when warned about suspicious activity on a port.

Which of the following statements about written contracts is true?

Written contracts are always a good business practice.

What skill is most important when developing a written agreement between a security professional and a company that will be hiring them to execute a security assessment?

an understanding of the laws that apply to your location

Protecting an organization from malware attacks is difficult because new viruses, worms, and Trojans appear daily. What can mitigate some of these risks by detecting many malware programs?

antivirus software

What penetration model should be used when a company's management team does not wish to disclose that penetration testing is being conducted?

black box

Which of the following attacks occurs when a programmer exploits written code that doesn't check for a defined amount of memory space?

buffer overflow

An organization wants to install a physical security system which will protect its assets and document an individual's time of entry. Which option will allow them to accomplish both tasks?

card access

In Unix and Linux systems, what command allows you to alter the permissions of files and directories?

chmod

When a security professional is presented with a contract drawn up by a company's legal department, which allows them to "hack" the company's network, they should proceed by performing what precautionary step?

consult their lawyer

Penetration testing can create ethical, technical, and privacy concerns for a company's management team. What can a security consultant do to ensure the client fully understands the scope of testing that will be performed?

create a contractual agreement

Which type of attack cripples the network and prevents legitimate users from accessing network resources?

denial-of-service

An attacker is using Wireshark to capture network communications. Later these captured packets are reconstructed, and the attacker searches for confidential information that can be used to extend the attack. What malicious procedure is occuring?

eavesdropping

What term refers to a person who performs most of the same activities a hacker does, but with the owner or company's permission?

ethical hacker

What penetration model should a company use if they only want to allow the penetration tester(s) partial or incomplete information regarding their network system?

gray box

Which penetration model allows for an even distribution of time and resources along with a fairly comprehensive test?

gray box

Which term best describes malicious programmatic behaviors of known viruses that antivirus software companies compare to every file on a computer?

heuristics

What common term is used by security testing professionals to describe vulnerabilities in a network?

holes

What is the typical format for Class C addresses?

network.network.network.node

Which of the following is created after an attack and usually hides within the OS tools, so it is almost impossible to detect?

rootkit

Many experienced penetration testers will write a set of instructions that runs in sequence to perform tasks on a computer system. What type of resource are these penetration testers utilizing?

scripts

What type of testing procedure involves the tester(s) analyzing the company's security policy and procedures, and reporting any vulnerabilities to management?

security test

What type of assessment performed by a penetration tester attempts to identify all the weaknesses found in an application or on a system?

vulnerability

What policy, provided by a typical ISP, should be read and understood before performing any port scanning outside of your private network?

Acceptable Use Policy

With which type of laws should a penetration tester or student learning hacking techniques be familiar?

all of the above

Which of the following physical security options avoids the issue of combination or key sharing?

Biometric devices

What skills does a security professional need to be successful?

Both knowledge of network and computer technology and the ability to communicate with management and IT personnel.

What acronym represents the U.S. Department of Justice branch that addresses computer crime?

CHIP

Which of the following activities is not illegal?

Discovering passwords of company personnel when testing for vulnerabilities

Which of the following statements about antivirus software is true?

Even with antivirus software, protecting an organization from malware attacks is difficult because new viruses, worms, and Trojans appear daily.

Which of the following reasons explains why night-shift employees have easier access to physical network infrastructure?

Fewer employees are around during nonstandard business hours.

What is critical to remember when studying for a network security certification exam?

Following the laws and behaving ethically are more important than passing an exam

What penetration model would likely provide a network diagram showing all the company's routers, switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems?

White box

What line of defense allows only approved programs to run on a computer?

Whitelisting

All of the following are good resources for finding more information about contracts for independent security consultants except one. Which is the exception?

Your own attorney


Ensembles d'études connexes

Art Chapter 1.6 Unity, Variety, and Balance

View Set

personal finance study guide review

View Set

Politics of the Arab Israeli Conflict-Kiel

View Set

Psych 2300 Research Methods Exam 1

View Set

Complete these sentences with the correct tense (future simple or going to).

View Set