ITN 261 Chapter 8-14

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

A Trojan can include which of the following?

RAT

What are worms typically known for?

Rapid replication

Jennifer is a system administrator who is researching a technology that will secure network traffic from potential sniffing by unauthorized machines. Jennifer is not concerned with the future impact on legitimate troubleshooting. What technology can Jennifer implement?

SSH

A security camera picks up someone who doesn't work at the company following closely behind an employee while they enter the building. What type of attack is taking place?

Tailgating

XXS is typically targeted toward which of the following?

Web browsers

What is not a benefit of hardware keyloggers?

Difficult to install

Groups and individuals who hack system based on principle or personal beliefs are known as_________.

Hacktivists

Wireless access points function as a ________.

Hub

Jason notices that he is receiving mail, phone calls, and other requests for information. He has also noticed some problems with his credit checks such as bad debts and loan he did not participate in. What type of attack did Jason become a victim of?

Identity theft

A spare infector virus_______.

Infects files selectively

What is the hexadecimal value of a NOP instruction in a Intel system?

0x90

Tiffany is analyzing a capture from a client's network. She is particularly interested in NetBIOS traffic. What port does Tiffany filter for?

139

What is a covert channel?

A backdoor

MAC spoofing applies a legitimate MAC address to an unauthenticated host, which allows the attacker to pose as a valid user. Based on your understanding of ARP, what would indicate a bogus client?

A reverse ARP request maps to two hosts.

Which is/are a characteristic of a virus?

A virus is malware. A virus replicates with user interaction

What is a vulnerability scan designed to provide to those executing it?

A way to reveal vulnerabilities

Which of the following is/are true of a worm?

A worm is malware, A worm replicated on its own.

What response is missing in a SYN flood attack?

ACK

Which of the following is used to set permission on content in a website?

ACL

Jennifer is a junior system administrator for a small firm of 50 employees. For the last week a few users have been complaining of losing connectivity intermittently with no suspect behaviors on their part such as large downloads or intensive processes. Jennifer runs Wireshark on Monday morning to investigate. She sees a large amount of ARP broadcasts being sent at a fairly constant rate. What is Jennifer most likely seeing?

ARP poisoning

What technique funnels all traffic back to a single client, allowing sniffing from all connected hosts?

ARP poisoning

A covert channel or backdoor may be detected using all of the following except______.

An SDK

An overt channel is______.

An obvious method of using a system

Which of the following is not a source of session IDs?

Anonymous login

The Wayback Machine would be useful in viewing what type of information relating to a web application?

Archived versions of websites

Session hijacking can be thwarted with which of the following?

Authentication

Input validation is used to prevent which of the following?

Bad input, SQL injection

________can be used to identify a web server.

Banner grab

Julie has sniffed an ample amount of traffic between the targeted victim and an authenticated resource. She has been able to correctly guess the packet sequence numbers and inject packets, but she it unable to receive any of the responses. What does this scenario define?

Blind hijacking

A common attack against web servers and web applications is _____.

Buffer overflow

How is a brute-force attack performed?

By trying all possible combinations of characters

Which of the following is a scripting language?

CGI

What common tool can be used for launching an ARP poisoning attack?

Cain & Abel

Which of the following best describes a web application?

Code designed to be run on the server.

On a switch, each switchport represents a ______.

Collision domain

Databases can be victim of code exploits depending on which of the following?

Configuration

What is used to store session information?

Cookie

A session hijack can be initiated from all of the following except which one?

Cookies and devices

SQL injection attacks are aimed at which of the following?

Databases

Which of the following is used to access content outside the root of a website?

Directory traversal

A virus does not do which of the following?

Display pop-ups

Which pointer in a program stack gets shifted or overwritten during a successful overflow attack?

EIP

Phishing takes place using_______.

Email

What may be helpful in protecting the content on a web server from being viewed by unauthorized personnel?

Encryption

A blind SQL injection attack is used when which of the following is true?

Error message are not available.

A polymorphic virus_____.

Evades detection through rewriting itself

Which of the following is an attribute used to secure a cookie?

HIPS,NIDS,Logs

Human beings tend to follow set patterns and behaviors known as_________.

Habits

Groups and individuals who may hack a web server or web application based on principle or personal beliefs are known as_______.

Hacktivists

What is the name for the dynamic memory space that, unlike the stack, doesn't rely on sequential ordering or organization?

Heap

Browsers do not display________.

Hidden fields

In addition to relational database, there is also what kind of database?

Hierarchical

What device will neither limit the flow of traffic nor have an impact on the effective of sniffing?

Hub

Which of the following prevents ARP poisoning?

IP DHCP Snooping

Session hijacking can be performed on all of the following protocols except which one?

IPsec

Which technology can provide protection against session hijacking?

IPsec

Jason receives notices that he has unauthorized charges on his credit card account. What types of attack is Jason a victim of?

Identity theft

Jason is the local network administrator who has been tasked with securing the network from possible DoS attacks. Within the last few weeks, some traffic logs appear to have internal clients making requests from outside the internal LAN. Based on the traffic Jason has been seeing, what action should he take?

Implement ingress filtering

Which of the following can prevent bad input from being presented to an application through a form?

Input validation

A man-in-the-middle attack is an attack where the attacking party does which of the following?

Insert themselves into an active session

_______is a client-side scripting language.

JavaScript

In social engineering a proxy is used to_______.

Keep an attacker's origin hidden

When talking to victim, using ______can make an attack easier.

Keywords

The stack operates on a ______ basic.

LIFO

What is a single-button DDoS tool suspected to be used by groups such as Anonymous?

LOIC

Which DoS attack sends traffic to the target with a spoofed IP of the target itself?

Land

What would be used to monitor application errors and violations on a web server or application?

Logs

Bob is attempting to sniff a wired network in his first pen test contract. He sees only traffic form the segment he is connected to. What can Bob do to gather all switch traffic?

MAC flooding

Base on the diagram, what attack is occurring?

MITM

Social engineering is designed to___________.

Manipulate human behavior

Which mechanism can be used to influence a targeted individual?

Means of dress or appearance

An attack can use which technique to influence a victim?

Name-dropping

Which of the following is capable of port redirection?

Netcat

A session hijack can happen with which of the following?

Network and applications

Which kind of values is injected into a connection to the host machine in an effort to increment the sequence number in a predictable fashion?

Null

What is the main difference between DoS and DDoS?

Number of attackers

Proper input validation can prevent what from occurring?

Operating system exploits

Which of the following is an example of a server-side scripting language?

PHP

Jennifer has been working with sniffing and session-hijacking tools on her company network. Since she wants to stay white hat—that is, ethical¬¬---she has gotten permission to undertake these activities. What would Jennifer's activities be categorized as?

Passive

Janet receives an email enticing her to click a link. But when she clicks this link she is taken to a website for her bank, asking her to reset her account info. However, Janet noticed that the bank is not hers and the website is not for her bank. What type of attack is this?

Phishing

Jennifer receives an email claiming that her bank account information has been lost and the she needs to click a link to update the bank's database. However, she doesn't recognize the bank, because it is not one she does business with. What type of attack is she being present with?

Phishing

Social engineering can be used to carry out email campaigns known as__________.

Phishing

Training and education of end users can be used to prevent________.

Phishing, Tailgating/piggybacking

Session hijacking can do all of the following except which one?

Place a cookie on a server

What mode must be configured to allow an NIC to capture all traffic on the wire?

Promiscuous mode

Wireshark required a network card to be able to enter which mode to sniff all network traffic?

Promiscuous mode

Which of the following challenges can be solved by firewalls?

Protection against buffer overflow

What is the generic syntax of a Wireshark filter?

Protocol.field operator value

Web applications are used to ______

Provide dynamic content

Adding to and removing from a program stack are known as what?

Push and pop

What type of database uses multiple tables linked together in complex relationships?

Relational

Zombies Inc. is looking for ways to better protect their web servers from potential DoS attacks. Their web admin proposes the use of a network appliance the receives all incoming web request and forwards them to the web server. He says it will prevent direct customer contract with the server and reduce the risk of DoS attack. What appliance is he proposing?

Reverse proxy

Which of the following is another name for a record in a database?

Row

_________can be used to attack databases.

SQL injection

_________is used to audit databases.

SQLPing

A POODLE attack targets what exactly?

SSL

While monitoring traffic on the network, Jason captures the following traffic. What is he seeing occur?

SYN flood

Which attack can be used to take over a previous session?

Session hijacking

Which statement defines session hijacking most accurately?

Session hijacking is an attack that aims at stealing a legitimate session and posing as that user while communicating with the web resource or host machine.

What is the most common sign of a DoS attack?

Slow performance

A remote access Trojan would be used to do all of the following except______.

Sniff Traffic

A Trojan relies on _________ to be activated.

Social Engineering

Based on the packet capture shown in the graphic, what is contained in the highlighted section of the packet?

Source and destination IP addresses

An ethical hacker sends a packet with a deliberate and specific path to its destination. What technique is the hacker using?

Source routing

Phishing can be mitigated through the use of___________.

Spam filtering, Education

Network-level hijacking focuses on the mechanics of a connection such as the manipulation of packet sequencing. What is the main focus of web app session hijacking?

Stealing session IDs

What can error message tell an attacker?

Success of an attack, Failure of an attack, Structure of a database.

Which network devices can block sniffing to a single network collision domain, create VLANs, and make use of SPAN ports and port mirroring?

Switch

What is the key difference between a smurf and a fraggle attack?

TCP vs UDP

Which of the following is not a Trojan?

TCPTROJAN

Which utility will tell you in real time which ports are listening or in another state?

TCPView

What is an eight-in-one DoD tool that can launch such attacks as land and teardrop?

Targa

The command-line equivalent of WinDump is known as what?

Tcpdump

Social engineering can be thwart using what kinds of controls?

Technical, Administrative, Physical

Social engineering preys on many weakness, including______.

Technology, People, Human nature, Physical

A logic bomb is activated by which of the following?

Time and date, Actions, Events

In the field IT security, the concept of defense in depth is layering more than one control on another. Why would this be helpful in the defense of a system of session-hijacking?

To provide better protection

What is the best option for thwarting social-engineering attacks?

Training

Which statement define malware most accurately?

Trojan are malware . Malware covers all malicious most accurately

A man-in-the-browser attack is typically enabled by using which mechanism?

Trojans

A logic bomb had how many parts, typically?

Two

What protocol is used to carry out a fraggle attack?

UDP

A public use workstation contains the browsing history of multiple users who logged in during the last seven days. While digging through the history, a user run across the following web address: www.snaz22enu.com/&w25/session=22525. What kind of embedding are you seeing?

URL embedding

Social engineering can use all the following except________.

Viruses

Which command is used to limit data in SQL Server?

WHERE

Which command is used to query data in SQL Server?

WHERE, SELECT, from

Session fixation is a vulnerability in which of the following?

Web applications

In a DDoS attack, what communication channel is commonly used to orchestrate the attack?

\Internet Relay Chat (IRC)

Which command is used to remove a table from a database?

drop table

Which function(s) are considered dangerous because they don't check memory bounds?

get(), strcpy(), scanf(), strcat()

Which Wireshark filter displays only traffic from 192.168.1.1?

ip.addr =! 192.168.1.1

Which command would retrieve banner information from a website at port 80?

nc 192.168.10.27 80

What command is used to listen to open ports with netstat?

netstat -an

Jennifer is using tcpdump to capture traffic on her network. She would like to save the capture for the later review. What command can Jennifer use?

tcpdump -w capture.log

What is the command to retrieve header information from a web server using Telnet?

telnet <website name> 80

Which command launches a CLI version of Wireshark?

tshark

Which command can be used to access the command prompt in SQL Server?

xp_cmdshell

What command-line utility can you use to craft custom packets with specific flags set?

hping3

Jennifer is using tcpdump to capture traffic on her network. She would like to review a capture log gathered previously. What command can Jennifer use?

tcpdump -r capture.log


Ensembles d'études connexes

Business analytics final exam (9-10

View Set

Lesson 4: Conductors, Conductor Resistance, and Wattage Loss

View Set

WGU C724 Information Systems Management

View Set

taxation chap 1 multiple choice pt 1

View Set

Medsurg: Ch 51: caring for clients with diabetes mellitus

View Set

Quiz 2 Chapter 13 Physical Assessment

View Set