Penetration Testing 5-9
Multifunction devices (MFDs) are rarely which of the following?
Scanned for vulnerabilities
Using the following Perl code, how many times will "This is easy..." be displayed onscreen?for ($count=1; $count <= 5; $count++){print "This is easy...";}
5
Which of the following HTML tags is used to create a hyperlink to a remote Web site?
<A HREF="http://URL>
A C program must contain which of the following?
A main() function
VxWorks is which of the following?
A proprietary embedded OS
An algorithm is defined as what?
A set of instructions for solving a specific problem
Which of the following doesn't use an embedded OS?
A workstation running Windows Vista Business
Which of the following describes an RTOS?
An embedded OS capable fo multitasking and responding predictably
Why does the fping -f 193.145.85.201 193.145.85.220 command cause an error?
An incorrect parameter is used
Port scanning provides the state for all but which of the following ports? a. Closed b. Open c. Filtered d. Buffered
Buffered
Which organization offers free benchmark tools for Windows and Linux?
Center for Internet Security
*nix embedded OSs are most likely to be found on which of the following devices?
Cisco switches and routers
What protocol replaced SMB in Windows 2000 Server and later?
Common Internet File System (CIFS)
Which of the following testing process is the most intrusive?
Enumeration
A NULL scan requires setting the FIN, ACK, and URG Flags. True or False?
False
An embedded OS must be developed specifically for use with embedded systems. True or False?
False
Employees should be able to install programs on their company computers as long as the programs aren't copyrighted. True or False?
False
For a Windows computer to be able to access a *nix resource, CIFS must be enabled on at least one of the systems. True or False?
False
Fping doesn't allow pinging multiple IP addresses simultaneously. True or False?
False
HTML files must be compiled before users can see the resulting Web pages. True or False?
False
Linux antivirus software can't detect backdoor Trojans. True or False?
False
Most printers now have only TCP/IP enabled and don't allow default administrator passwords, so they're inherently more secure. True or False?
False
The Windows Net use command is a quick way to discover any shared resources on a computer or server. True or False?
False
The Nbtstat command is used to enumerate *nix systems. True or False?
Fasle
What is the best method of preventing NetBIOS attacks
Filtering certain ports at the firewall
Which of the following is the Win32 API function for verifying the file system on a Windows computer?
FsType()
SCADA systems are used for which of the following?
Monitoring equipment in large-scale industries
If you don't have access to Nessus, which of the following can be used by an attacker to gain information about remote *nix hosts?
NMap
Which type of port scan sends a packet with all flags turned off?
NULL
Which of the following is the vulnerability scanner from which OpenVAS was developed?
Nessus
A null session is enabled by default in all the following Windows versions except: a. Windows 95 b. Windows Server 2008 c. Windows 98 d. Windows 2000
Windows Server 2008
SMB2 was released with which version of Windows?
Windows Vista
Which of the following is the most efficient way to determine which OS a company is using?
call the company and ask
Which program can detect rootkits on *nix systems?
chrootkit
A closed port responds to a SYN packet with which of the following packets?
RST
Which of the following programs includes several buffer overflow exploit plug-ins?
Metasploit
Which of the following is a popular network management service for network administrators?
SNMP
Which of the following is a commonly used UNIX enumeration tool?
SNMPWalk
The Net view command can be used to see whether there are any shared resources on a server. True or False?
True
The lack of a familiar interface, such as CD/DVD-ROM drives, contributes to the difficulty of updating embedded OSs. True or False?
True
Which of the following is considered a good defense against low-level rootkits?
Trusted Platform Module(TPM)
To see a brief summary of Nmap commands in a Linux shell, which of the following should you do?
Type help nmap
What is the result of running the following C program?main(){int a = 2; if (a = 1)printf("I made a mistake!");elseprintf("I did it correctly!");}
"I made a mistake!" is displayed
To add comments to a Perl script, you use which of the following symbols?
#
Which parameter can be added to nmap to run a script scan with the default scripts?
-sC
Which port numbers indicate NetBIOS is in use on a remote target?
135 to 139
Which ports should be filtered out to protect a network from SMB attacks?
137 to 139 and 445
Enumeration of Windows systems can be more difficult if port _______ is filtered. a. 110/UDP b. 443/UDP c. 80/TCP d. 139/TCP
139/TCP
A NetBIOS name can contain a maximum of how many characters?
15
Which of the following tags enables an HTML programmer to create a loop?
HTML doesn't have a looping function or tag
Which of the following is a tool for creating a custom TCP/IP packet and sending it to a host computer?
Hping
In basic network scanning, ICMP Echo Requests (type 8) are sent to host computers from the attacker, who waits for which type of packet to confirm that the host computer is live?
ICMP Echo Reply (type 0)
What is a potential mistake when performing a pings sweep on a network?
Including a broadcast address in the ping sweep range
Which of the following is an advantage of Windows CE over other Windows embedded OSs?
Its source code is available to the public
Which of the following is an OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users?
Mandatory Access Control
Which of the following commands connects to a computer containing shared files and folders?
Net use
Which of the following is a Windows command-line utility for seeing NetBIOS shares on a network?
Net view
What is the most widely used port-scanning tool?
Nmap
Most NetBIOS enumeration tools connect to the target system by using which of the following? a. ICMP packets b. Default logons and blank passwords c. Null sessions d. Admin accounts
Null sessions
Which of the following is a major challenge of securing embedded OSs?
Patching
Security testers and hackers use which of the following to determine the services running on a host and the vulnerabilities associated with these services?
Port scanning
Before writing a program, many programmers outline it first by using which of the following?
Pseudocode
Windows OSs are vulnerable to the Conficker worm because of which of the following?
RPC vulnerability
A FIN packet sent to a closed port responds with which of the following packets? a. FIN b. SYN-ACK c. RST d. SYN
RST
A missing parenthesis or brace might cause a C compiler to return which of the following?
Syntax error
Which of the following are more difficult to detect today because programmers develop them to make legitimate calls on outbound ports that an IDS or firewall wouldn't detect?
Trojan programs
If the time and money required to compromise an embedded system exceeds the value of the system's information, a security tester might recommend not fixing the vulnerability. True or False?
True
In Windows Server 2016, the administrator must enable IIS manually to use it. True or False?
True
In object-oriented programming, classes are defined as the structures that hold data and functions. True or False?
True
One reason that some vendors of embedded OSs are using open-source software more is that the cost of developing and patching an OS is shared by the entire open-source community. True or False?
True
Perl and C are the most widely used programming languages among security professionals. True or False?
True
Security testers can use Hping to bypass filtering devices. True or False?
True
SCADA systems controlling critical infrastructure are usually separated from the Internet by which of the following?
air gap
A common vulnerability of routers and other network devices with built-in Web management interfaces is which of the following?
authentication vulnerability
Which of the following commands would you enter from the directory you want to analyze to display any alternate data streams?
dir /r
In C, which looping function performs an action first and then test to see whether the action should continue to occur?
do loop
Which of the following C statements has the highest risk of creating an infinite loop?
for (;;)
To find extensive Nmap information and examples of the correct syntax to use in Linux, which of the following commands should you type?
man nmap
To identify the NetBIOS names of systems on the 193.145.85.0 network, which of the commands do you use?
nbtscan 193.145.85.0/24
Which of the following commands should you use to determine whether there are any shared resources on a Windows computer with the IP address 193.145.85.202?
nbtstat -a 193.145.85.202
An interprocess communication mechanism that allows a program running on one host to run code on a remote host is known as which of the following?
remote procedure call (RPC)
Which of the following can modify part of the OS or install themselves as kernel modules, drivers, libraries, and even applications?
rootkit