Chapter 13
While fragmentation of IP packets is supported when they encounter network segments that have a smaller maximum transmission unit (MTU), that feature can be manipulated by malicious parties in overlapping attacks. In calculating a defense for such an exploit, what is the only reliable defense? A dynamic filtering system that performs virtual reassembly A dynamic filtering system that performs packet reassembly A dynamic filtering system that performs header reassembly A dynamic filtering system that performs footer reassembly
A dynamic filtering system that performs virtual reassembly
Arturo is troubleshooting a firewall that may have been hacked by a malicious outsider. He is under pressure and immediately tries a fix that, if it fails, will not be easy to back out of. Before he makes the attempt, his supervisor warns him of the danger. What does Arturo's supervisor say? Make multiple fixes all at once. Update the troubleshooting log first. Avoid destructive or irreversible solutions until last. Repeat the failure at the start.
Avoid destructive or irreversible solutions until last.
______ is commonly exploited by many hackers because most enterprise web traffic is _________. Encryption; encrypted Encryption; tunneled Authentication; authenticated Fragmentation; fragmented
Encryption; encrypted
What is another term used to describe the vulnerability analysis step of penetration testing? Exploitation Scanning Examination Enumeration
Enumeration
During which step of firewall incident response is the compromised resolved? Eradication Follow-up Containment Detection
Eradication
Which step of penetration testing includes the actual attack? Enumeration Examination Exploitation Scanning
Exploitation
A malicious person is attempting to subvert a company's virtual private network (VPN). She is using a tool that creates TCP and UDP network connections that can link to or from any port. What is this tool? Cryptcat NetBus Back Orifice Netcat
Netcat
Which of the following rules exist to identify the type of traffic from the private (inside) network at 172.30.0.0/24 that should be allowed to pass through the firewall? Outbound rules on the LAN Inbound rules on the WAN Inbound rules on the LAN Outbound rules on the WAN
Outbound rules on the LAN
Which of the following statements is true regarding the security configuration of an organization? White-hat hackers generally know nothing about the security configuration of the IT system they are trying to penetrate. Actual attackers are likely to know as much about the environment as employees or those who are hired to protect that environment. It is not a good idea for pen testers to have advance information about the security configuration of a network. There are many possible security postures of any network and its constituent parts, from highly secure to not secure at all.
There are many possible security postures of any network and its constituent parts, from highly secure to not secure at all.
For attackers, the last step in penetration testing is often __________, during which log files or other forensic information is destroyed or modified. covering their tracks exploitation validation remediation
covering their tracks
All of the following are firewall management best practices, EXCEPT: review the written firewall policy regularly. have a written firewall policy. establish a philosophy of default allow rather than default deny. establish a no-exceptions policy.
establish a philosophy of default allow rather than default deny.
Netcat cannot be used to create covert channels to control a target system remotely. False True
false
You can fix a firewall's vulnerability to denial of service (DoS) flooding by upgrading the firewall or applying a patch. False True
false
All of the following protect against fragmentation attacks, EXCEPT: intrusion detection. internal code planting. firewall filtering. sender fragmentation.
internal code planting.
Which of the following is a malicious remote control tool? Tor Cryptcat NetBus Netcat
netbus
Penetration testing tests the strengths and weaknesses of the IT security, as well as the: readiness of white-hat hackers to respond to an attack. ability of white-hat hackers to make successful attacks when necessary. ability of personnel to complete the time-consuming job of typing commands. readiness of the facility and/or employees to respond to an attack.
readiness of the facility and/or employees to respond to an attack.
A best practice is to perform verification scans of all deployed firewall settings to ensure their functionality. True False
true
A written policy dictates which firewall features to enable or disable. False True
true
After installing a firewall, you should always install every available patch and update from the vendor. False True
true
Even with a firewall protecting the internal network, a denial of service (DoS) flooding attack can still successfully disconnect or interfere with external communications. True False
true
Hacker tunneling is the creation of a communication channel similar to the creation of a virtual private network (VPN). False True
true
In either a host firewall or an appliance firewall, the logic and controlling mechanisms are software. True False
true
Once a zero-day exploit is discovered, a hacker can utilize that vulnerability until it is patched. True False
true
Which of the following rules exist to block or permit the public (outside) traffic from coming into the 172.30.0.0 network? Inbound rules on the WAN Inbound rules on the LAN Outbound rules on the WAN Outbound rules on the LAN
Inbound rules on the WAN
Hacker tunneling uses two techniques. The first is to install a server component on an internal system and then have an external client make a connection. What is the second? Install a server component on an internal system and then have an internal client make the connection. Install a server component on an external system and then use an internal client to make the connection. Install a client component on an internal system and then have an external system make the connection. Install a client component on an external system and then have another external system make the connection.
Install a server component on an external system and then use an internal client to make the connection.
Which of the following statements is true regarding penetration testing? It is only done by individuals outside the organization, not by employees. It is too sophisticated to be done by script kiddies searching for a story to tell. It can be done by black-hat hackers as a part of their targeting rituals. It is considered an art, but not a science.
It can be done by black-hat hackers as a part of their targeting rituals.
