Pen Testing - Chapter 4

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

phishing

An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information

______________ is one of the components most vulnerable to network attacks

DNS

which of the following contains host records for a domain?

DNS

FOCA

Extract metadata from documents on Web sites to reveal the document creator's network logon and email address, information on IP addresses of internal devices and more

Whois

Gather IP and domain information

wget

Retrieve web pages or files via HTTP, HTTPS or FTP (command available on all *nix systems)

before you conduct a security test by using social engineering tactics, what should you do?

get written permission from the person that hired you to conduct the security test

Social Engineering

hackers use their social skills to trick people into revealing access credentials or other valuable information

if you're trying to find newsgroup postings by IT employees of a certain company, which of the following websites should you visit?

http://groups.google.com

Shoulder surfers can use their skills to find which of the following pieces of information? (Choose all that apply.) a. Passwords b. ATM PINs c. Long-distance access codes d. Open port numbers

passwords, atm pins, long distances access codes

dig

perform DNS zone transfers; replaces the nslookup command (command available on all *nix systems)

Entering a company's restricted area by following closely behind an authorized person is referred to as which of the following? a. Shoulder surfing b. Piggybacking c. False entering d. Social engineering

piggy backing

HTTP operates on

port 80

netcat

read and write data to ports over a network (command available on all *nix systems)

500 Internal Server Error

request could not be fulfilled by the server

When conducting competitive intelligence, which of the following is a good way to determine the size of a company's IT support staff?

review job postings on websites such as www.monster.com or www.dice.com

namedroppers

run a domain name search, more than 30 million domain names updated daily

Google groups

search for email addresses in technical or non-technical newsgroup postings

which of the following is one method of gathering information about the operating systems a company is using?

search the web for email addresses of IT employees

Discovering a user's password by observing the keys he or she presses is called which of the following? a. Password hashing b. Password crunching c. Piggybacking d. Shoulder surfing

shoulder surfing

disk cleaning

software that writes binary 0s on all portions of the disks

footprinting

the process of finding information on a company's network (reconnaissance)

Many social engineers begin gathering the information they need by using which of the following? a. The Internet b. The telephone c. A company intranet d. E-mail

the telephone

piggybacking

trailing closing behind an employee who has access to an area without the person realizing you didn't use a PIN or security badet to enter the area

Netcraft Site Report

uncover underlying technologies that a Web site operates on

What social-engineering technique involves telling an employee that you're calling from the CEO's office and need certain information ASAP? (Choose all that apply.) a. Urgency b. Status quo c. Position of authority d. Quid pro quo

urgency, position of authority

social engineering techniques

urgency, quid pro quo, status quo, kindness and position

which of the following is a fast and easy way to gather information about a company

view the company's web site, look for the company's ads in the yellow pages

What's one way to gather information about a domain?

view the header of an email you send to an email account that doesn't exist

Zed Attack Proxy

web site analysis tool, can spider/crawl remote Web sites and even produce a list of vulnerabilities that might be present on a remote Web site

Domain dossier

web tool useful in gathering ip and domain information (whois, DNS, traceroute)

to find information about the key IT personnel responsible for a company's domain, you might use which of the following tools?

whois, domain dossier

which of the following tools can assist you in finding general information about an organization and its employees?

www.google.com, http://groups.google.com

which of the following is a good website for gathering information on a domain?

www.google.com, www.namedroppers.com, http://centralops.net/col, www.arin.net

active footpriting

you are actually prodding the target network in ways that might seem suspicious to network defenders. you are likely to be logged

what is meant by "footprinting is passive"

you are not accessing information illegally or gathering unauthorized information with false credentials. You are not even engaging with remote systems. Passive activities are likely to go unnoticed

Which fo the following enables you to veiw all the host computers on a network?

zone transfers

HEAD

HTTP method that is the same as the GET method, but retrieves only the header information of an HTML document, not the document body

OPTIONS

HTTP method that requests information on available options

GET

HTTP method that retrieves data by URI

TRACE

HTTP method, starts a remote application-layer loopback of the request message

CONNECT

HTTP method, used with a proxy that can dynamically switch a tunnel connection, such as Secure Sockets Layer (SSL)

DELETE

HTTP method; Requests that the origin server delete the identified resource

POST

HTTP method; allows data to be posted (i.e. sent to a Web server)

PUT

HTTP method; requests that the entity be stored under the Request-URI

dumpster diving

Involves digging through trash receptacles to find computer manuals, printouts, or password lists that have been thrown away

To determine a company's primary DNS server, you can look for a DNS server containing which of the following? a. Cname record b. Host record c. PTR record d. SOA record

SOA record

502 Bad Gateway

Server received an invalid response from the upstream server

WayBack Machine

Site used to find previous versions/history of a web site.

start of authority (SOA) record

The resource record that identifies which name server is the authoritative source of information for data within this domain. The first record in the zone database file must be an SOA record.

505 HTTP Version Not Supported

The server does not support the HTTP protocol version used in the request

501 Not Implemented

The server either does not recognize the request method, or it lacks the ability to fulfill the request

503 Service Unavailable

The server is currently unavailable (overloaded or down)

504 Gateway Timeout

The server was acting as a gateway or proxy and did not receive a timely response from the upstream server

A cookie can store information about a Websites visitors?

True

shoulder surfing

Watching an authorized user enter a security code on a keypad or what they are typing on a keyboard

web bug

a 1-pixel 1-pixel image file referenced in an <IMG> tag, and it usually works with a cookie. Its purpose is similar to that of spyware and adware: to get information about the person visiting the Web site, such as an IP address, the time the Web bug was viewed, and the type of browser used to view the page

Maltego (https://www.paterva.com)

a foot printing tool used to discover relevant files, email addresses, and other important information with this powerful graphic user interface (GUI) tool

google

a footprinting tool to uncover files, systems, sites, and other information about a target using advanced operators and specially crafted queries

spear phishing

a phishing expedition in which the emails are carefully designed to target a particular person or organization

cookie

a text file generated by a we server and stored on a user's browser

reconnaissance

another term for footprinting, the process of finding information on a company's network

What's the first method a security tester should attempt to find a password for a computer on the network? a. Use a scanning tool. b. Install a sniffer on the network. c. Ask the user. d. Install a password-cracking program.

ask the user

disk cleaning formatting should be performed how many times

at least 7

Recon-ng

automates footing printing with a powerful, advanced framework utilizing search engines, social media and other sources

zone transer

can be done using the dig command to attempt to transfer all the records for which the DNS server is responsible

white pages

conduct areserve phone number lookups and retrieve address information

spidering

crawl new web pages, archive their location, make records of their content and create a working history of all outbound and inbound links of the page.

Web Data Extractor

extract contact data such as email, phone, and fax information, from a selected target

competitive intelligence

gaining information about one's competitors' activities so that you can anticipate their moves and react appropriately

Metis

gather competitive intelligence from Web sites


Ensembles d'études connexes

Astronomy HW/Practice Exam Questions Unit 3

View Set

Factors that Influence Voter Behavior

View Set

Med Surg 1 Chapter 44 Harrison College 2017

View Set

Section 12: SELEX and RNA evolution in vitro; Riboswitches and Aptamers

View Set