Midterm
What utility may be used to stop auditing or logging of events?
Auditpol
If you have not been contracted to perform an attack against a target system, and take it on as a target of opportunity to quickly make some money by selling PII, you are what type of hacker?
Black Hat
A white-box test means the tester has which of the following?
Complete Knowledge
A scan of a network client shows that port 53 is open; what protocol is this aligned with?
DNS
A virus does not do which of the following?
Display pop-ups
In IPsec, what does Encapsulating Security Payload (ESP) provide?
Encryption of the entire packet
A polymorphic virus ______________
Evades detection through rewriting itself
The group Anonymous is an example of what?
Hacktivists
A _______________ is used to represent a password.
Hash
A message digest is a product of which of algorithm?
Hashing
What network appliance sense irregularities and plays an active role in stopping that irregular activity from continuing?
IPS
What is an SID used to do?
Identify a user
What separates a suicide hacker from other attackers?
Lack of fear of being caught
SNMP is used to perform which function?
Monitor network equipment
An attacker can use ___________________ to enumerate users on a system.
NETBIOS
Which of the following types of attack has no flags set?
NULL
Which of the following is capable of port redirection?
Netcat
What is used to synchronize clocks on a network.
Network Time Protocol (NTP)
Wireshark requires a network card to be able to enter which mode to sniff all network traffic?
Promiscuous mode
This is a type of offline attack
Rainbow attack
Which network topology uses a token-based access methodology?
Ring
What is the proper sequence of the TCP three-way-handshake?
SYN, SYN-ACK, ACK
This is used to partially encrypt the SAM
SYSKEY
Symmetric encryption is also referred to as which of the following?
Shared Key
Which of the following is used for banner grabbing?
Telnet
What is the three-way handshake?
The opening sequence of a TCP connection
What does the enumeration phase not discover?
ports
What are worms typically known for?
rapid replication
Another Name for a covert channel is
A backdoor
What is a code of ethics?
A description of expected behavior
A full-open scan means that the three-way handshake has been completed. What is the difference between this and a half-open scan?
A half-open does not include the final ACK
IPsec uses which two modes?
AH ESP
An attacker can use a(n) ______________ to return to a system
Backdoor
What common tool can be used for launching an ARP poisoning attack?
Cain & Abel
A contract is important because it does what?
Gives permission
Which of the following prevents ARP poisoning?
IP DHCP Snooping
Which of the following is a common hashing protocol?
SHA-256
A trojan relies on _______________ to be activated.
Social Engineering
What is the process of exploiting services on a system.
System Hacking
An SYN attack uses which protocol?
TCP
Which port uses TLS to secure web traffic?
TCP 443
Which utility will tell you in real time which ports are listening or in another state?
TCP View
Why would you need to use a proxy to perform scanning?
To enhance anonymity
A public and private key system differs from symmetric because it uses which of the following?
Two Keys
VRFY is used to do which of the following?
Validate an email address
On a switch, each switchport represents a ____________.
collision domain
Tiffany is analyzing a capture from a client's network. She is particularly interested in NetBIOS traffic. What port does Tiffany filter for?
139
MAC spoofing applies a legitimate MAC address to an unauthenticated host, which allows the attacker to pose as a valid user. Based on your understanding of ARP, what would indicate a bogus client?
A reverse ARP request maps to two hosts.
Which of the following best describes PGP?
A way of encrypting data in a reversible method
What technique funnels all traffic back to a single client, allowing sniffing from allconnected hosts?
ARP poisoning
