Quiz 5
Which command-line parameter would you use to disable name resolutions in tcpdump?
-n
What would a signal range for a Bluetooth 4.0 device commonly be?
300 ft.
20:45:55.272087 IP yazpistachio.lan.62882 > loft.lan.afs3-fileserver: Flags [P.], seq 915235445:915235528, ack 3437317287, win 2048, options [nop,nop,TS val 1310611430 ecr 1794010423], length 83
62882
If you were to see the following command in someone's history, what would you think had happened?
A malicious program was generated.
What is the primary difference between a worm and a virus?
A worm can self-propagate.
What tool could you use to enable sniffing on your wireless network to acquire all headers?
Airmon-ng
Which of these would be an example of pretexting?
An email from a former co-worker
What is the primary purpose of polymorphic code for malware programs?
Antivirus evasion
Which social engineering principle may allow a phone call from the help desk to be effective?
Authority
Why is bluesnarfing potentially more dangerous than bluejacking from the standpoint of the victim?
Bluejacking sends while bluesnarfing receives.
What is the policy that allows people to use their own smartphones on the enterprise network?
Bring your own device
In a botnet, what are the systems that tell individual bots what to do called
C2 servers
What is the web page you may be presented with when connecting to a wireless access point, especially in a public place?
Captive portal
Which hardware vendor uses the term SPAN on switches?
Cisco
What attack can a proximity card be susceptible to?
Cloning
What is the /etc/ettercap/etter.dns file used for?
Configuring hostnames to IP addresses
What is the purpose of using a disassembler?
Converting opcodes to mnemonics
What is one downside to running a default tcpdump without any parameters?
DNS requests
At which protocol layer does the Berkeley Packet Filter operate?
Data Link
What is the four-stage handshake used for?
Deriving keys
How would someone keep a baiting attack from being successful?
Disable autorun.
What does the malware that is referred to as a dropper do?
Drops files that may be more malware
What would you use Cuckoo Sandbox for?
Dynamic analysis of malware
What program could be used to perform spoofing attacks and also supports plug-ins?
Ettercap
What statistic are you more likely to be concerned about when thinking about implementing biometrics?
False acceptance rate
Question 12 :Which of these would be a reason why communications should originate from inside the infected network?
Firewall
What is the purpose of a deauthentication attack?
Forcing stations to reauthenticate
How many stages are used in the WPA handshake?
Four
What would you use sslstrip for?
Getting plaintext traffic
What do we call an ARP response without a corresponding ARP request?
Gratuitous ARP
Question 2 :If you wanted a tool that could help with both static and dynamic analysis of malware, which would you choose? A MalAlyzer
IDA
What is the SSID used for?
Identifying a network
What is the purpose of performing a Bluetooth scan?
Identifying endpoints
What would you use VirusTotal for?
Identifying malware against antivirus engines
What social engineering vector would you use if you wanted to gain access to a building?
Impersonation
What are the two types of wireless networks?
Infrastructure and ad hoc
What part of the encryption process was weak in WEP?
Initialization vector
Which form of biometrics scans a pattern in the area of the eye around the pupil?
Iris scanning
Why would someone use a Trojan?
It pretends to be something else.
What wireless attack would you use to take a known piece of information in order to be able to decrypt wireless traffic?
Key reinstallation
You are working on a red-team engagement. Your team leader has asked you to use baiting as a way to get in. What are you being asked to do?
Leave USB sticks around.
What would you use a bluebugging attack for?
Listening to a physical space
What is a viable approach to protecting against tailgating?
Man trap
What could you use to generate your own malware?
Metasploit
What mode has to be enabled on a network interface to allow all headers in wireless traffic to be captured?
Monitor
What wouldn't you see when you capture wireless traffic that includes radio headers?
Network type
Which of these tools would be most beneficial when trying to dynamically analyze malware?
OllyDbg
What would the result of a high false failure rate be?
People having to call security
Question 5 :What would you need to do before you could perform a DNS spoof attack?
Perform ARP spoof.
What types of authentications are allowed in a WPA-encrypted network?
Personal and enterprise
You get a phone call from someone telling you they are from IRS and they are sending the police to your house now to arrest you unless you provide a method of payment immediately. What tactic is the caller using?
Pretexting
Which functionality in Wireshark will provide you with percentages for every protocol in the packet capture, ordered by protocol layers?
Protocol hierarchy
Question 15 : What is the difference between a virus and ransomware?
Ransomware may be a virus.
Why would you use automated tools for social engineering attacks?
Reduce complexity.
What kind of access point is being used in an evil twin attack?
Rogue
What tool could you use to generate email attacks as well as wireless attacks?
SE Toolkit
You've received a text message from an unknown number that is only five digits long. It doesn't have any text, just a URL. What might this be an example of?
Smishing
Which of the following social engineering principles is in use when you see a line of people at a vendor booth at a security conference waiting to grab free USB sticks and CDs?
Social proof
How does an evil twin attack work?
Spoofing an SSID
What is one advantage of static analysis over dynamic analysis of malware?
Static analysis limits your exposure to infection.
What problem does port spanning overcome?
Switches filter traffic.
Why might you have more endpoints shown at layer 4 than at layer 2?
Systems may initiate multiple connections to the same host.
719 42.691135 157.240.19.26 192.168.86.26 TCP 1464 443 → 61618 [ACK] Seq=4361 Ack=1276 Win=31232 Len=1398 TSval=3725556941 TSecr=1266252437 [TCP segment of a reassembled PDU]
TCP
What are two sections you would commonly find in a portable executable (PE) file?
Text and data
What would be one reason not to write malware in Python?
The python interpreter may not be available.
Sequence number: 4361 (relative sequence number)
The sequence number shown is not the real sequence number.
630 41.897644 192.168.86.210 239.255.255.250 SSDP 750 NOTIFY * HTTP/1.1 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
The time since packet start
Why would you use an encoder when you are creating malware using Metasploit?
To evade antivirus
Why would you use wireless social engineering?
To gather credentials
Question 6 : What is the purpose of a packer for malware?
To obscure the actual program
tcpdump -i eth2 host 192.168.10.5
Traffic to and from 192.168.10.5
What method might you use to successfully get malware onto a mobile device?
Using a third-party app store
Which of these forms of biometrics is least likely to give a high true accept rate while minimizing false reject rates?
Voiceprint identification
What tool would allow you to run an evil twin attack?
Wifiphisher
What can you say about [TCP Segment Len: 35], as provided by Wireshark?
Wireshark has inferred this information.
What is an advantage of a phone call over a phishing email?
You are able to go into more detail with pretexting.
Fill in the blank with the appropriate term.
client
Why might you have problems with sslstrip?
sslstrip doesn't work with newer versions of TLS.
Question 12 :Which program would you use if you wanted to only print specific fields from the captured packet?
tshark
What tool could you use to clone a website?
wget