CIT484 Chapter 5
When a host initiates a connection to a server via the TCP Protocol, a three-way handshake is used. What is the host's final reply? SYN/ACK ACK FIN SYN
ACK
Which of the following are considered DNS hardening techniques? Review company websites. Limit the sharing of critical information. Learn about your web server software. Clean up out-of-date zones. Optimize resources to their full potential. Provide guidelines regarding the types of posts. Outsource all DNS inquires.
Clean up out-of-date zones. Optimize resources to their full potential. Learn about your web server software.
A user has reported that they can't remote into the OpenSSH service running on their Windows 10 machine that they use to transfer files from a development Linux box... Which tab on the screenshot below would you click on, and which steps could you take to start the service and ensure it starts every time the machine is booted? - Click on the Services tab and then right-click on the OpenSSH SSH Server and select Start. - Click on the Services tab and then click Open Services at the bottom. Then find the OpenSSH SSH Server entry, double-click on it, and click the Start button. Change the Startup Type field to Automatic. - Click on the Details tab and then right-click on the OpenSSH SSH Server and select Start. - Click on the Details tab and then click Open Services at the bottom. Then find the OpenSSH SSH Server entry, double-click on it, and click the Start button. Change the Startup Type field to Automatic.
Click on the Services tab and then click Open Services at the bottom. Then find the OpenSSH SSH Server entry, double-click on it, and click the Start button. Change the Startup Type field to Automatic.
What should be the FIRST reconnaissance countermeasure taken? Incorrect response: Perform internal vulnerability testing. Patch your firewall. Create information sharing policies. Perform DNS splitting.
Create information sharing policies.
During the reconnaissance phase, an attacker is looking for common attack vectors. Which of the following services is MOST likely to be targeted? DNS Autotimesvc IIS UDP
DNS
A hacker wants to leverage social media to glean information coming from a certain location. Which tool is BEST suited for the job? Wayback Machine Echosec Google hacking Maltego
Echosec
What information will be returned from the following google search? -site".giv-site:.go.uk filetype:xlsx intitle:password - Documents with the word "password" in the title, but not Excel documents and not from .gov and .gov.uk websites. - Excel documents with the word "password" in the title, but not from .gov and .gov.uk websites. - Documents with the word "password" in the title, but not Excel documents, and only docs from .gov and .gov.uk websites. - Excel documents with the word "password" in the title, but only from .gov and .gov.uk websites.
Excel documents with the word "password" in the title, but not from .gov and .gov.uk websites.
A hacker wants to check if a port is open using TCP Protocol. The hacker wants to be stealthy and not generate any security logs. Which type of port scan is BEST suited for this endeavor? NULL scan Full open scan Half-open scan Xmas tree scan
Half-open scan
A hacker doesn't want to use a computer that can be tracked back to them. They decide to use a zombie computer. Which type of scan BEST describes what the hacker is doing? Covert scan NULL scan Idle scan Xmas tree scan
Idle scan
Hackers use social networking, dumpster diving, social engineering, and web surfing during which portion of their reconnaissance? Information gathering techniques Maintaining access Information types Password cracking
Information gathering techniques
John, a security analyst, conducted a review of a company's website. He discovered that sensitive company information was publicly available. Which of the following information sharing policies did he discover was being violated? Employee social media Company social media Internet Printed materials
Internet
Troy, a security analyst, is tasked with reviewing company websites to see which type of information is being shared. Which sharing policy BEST describes this topic? Employee social media Printed materials Company social media Internet
Internet
You are auditing your network for online hosts and open ports. You are using nmap to perform this task. There are notes left from a previous administrator listing the command that they used to perform a previous audit, but there is no explanation as to what it does. You try the command and get the following output. What did the nmap -O 192.168.122.84 command do? It used SYN/ACK to open connections to the host. It queried for the 1,000 most commonly used open ports on the host. It created an ongoing query. It tried to determine which operating system was running on the host.
It tried to determine which operating system was running on the host.
Troy, a security analyst, is looking for a vulnerability scanning tool for internal use. His boss has told him to find the industry standard tool. Which tool BEST fits his mandate? OpenVAS BeyondTrust Nessus Insight VM
Nessus
John, a security analyst, needs a network mapping tool that will diagram network configurations. Which of the following BEST fits this category? SolarWinds Port Scanner NetAuditor Colasoft CurrPorts
NetAuditor
Which type of information contains intellectual property? PII Work product Information systems Operations
Operations
Which information type is a hacker working with when they gather geographical information, entry control points, and employee routines? Information systems Operations Physical security Employees
Physical security
Which scanning tool uses ICMP protocol? Three-way handshake On-path Ping Wardialing
Ping
An employee not authorized to release news to the press speaks to a reporter about upcoming management changes. Which sharing policy BEST explains why this shouldn't happen? Printed materials Employee social media Company social media Internet
Printed materials
Alex, a security specialist, is using an Xmas tree scan. Which of the following TCP flags will be sent back if the port is closed? FIN ACK RST URG
RST
William understands the need to keep internal and external DNS separate as a security countermeasure. Which term BEST describes this countermeasure? NAT Proxy Firewall Split DNS DNS combination
Split DNS
The following header is seen when inspecting traffic from a web server to a browser client. What might a security consultant recommend be changed to reduce risk for the web server? The administrator can disable the banner in IIS. The administrator can switch to the Apache Web Server. The administrator can use a different web browser. The administrator can remove the date and timestamp from IIS.
The administrator can disable the banner in IIS.
A recently patched Windows machine on your network no longer responds to ping, but you have confirmed it is otherwise functioning normally and servicing incoming connections to other machines on the network. No other changes were made to the machine or its connection to the network. When you use hping3, you get the following output. Which of the following BEST explains that behavior? The machine is blocking SYN packets. The machine is blocking TCP connections. The machine's firewall is blocking ICMP. The machine is no longer physically connected to the same network.
The machine's firewall is blocking ICMP.
Kjell is a security analyst and needs to see if any sensitive information is available through old website snapshots. Which tool is BEST suited for this purpose? Wayback Machine Whois Echosec Maltego
Wayback Machine
An attacker needs the following information about his target: domain ownership, domain names, IP addresses, and server types. Which tool is BEST matched for this operation? Whois Google hacking Maltego Echosec
Whois
When performing active reconnaissance, a malicious actor may try to do which of the following? Deploy malware Use phishing emails Work at peak hours to blend in Do nothing; only penetration testers use active reconnaissance
Work at peak hours to blend in
Which type of scan turns on an abundance of flags, causing the packet to be lit up? NULL scan FIN scan Xmas tree scan Port scan
Xmas tree scan
When scanning a Linux machine for running applications, you see the following output. Which kill signal should you use to clean up the offending process? kill -1 kill -15 kill -9 kill SIGTERM
kill -9
You have been tasked with securing a Linux box that the development team needs occasional FTP access to. The developers should start the vsftpd daemon as needed and then stop it when finished with their task. To help prevent the vsftpd service from running unintentionally, you run the following command and receive the output listed. What command should you run to prevent the service from starting when the Linux machine boots? systemctl disable vsftpd systemctl stop vsftpd systemctl is-active vsftpd systemctl is-enabled vsftpd
systemctl disable vsftpd
As a security consultant, you have been tasked with checking what company data is currently visible to the public. Using theHarvester tool, you query for information and receive too much information coming from too many sources. The following image represents your query. Which of the commands below limits the number of results to 750 and only queries Google? theHarvester -d rmksupplies.com -f 750 -b google.com theHarvester -d rmksupplies.com --only_use_google -l 750 theHarvester -d rmksupplies.com -l 750 -b google theHarvester -d rmksupplies.com -b google -f results
theHarvester -d rmksupplies.com -l 750 -b google
When performing an authorized security audit of a website, you are given only the website address and asked to find other hosts on that network that might be vulnerable to attack. Which of the following tools might be used to lead you to the following Nmap output? (Select two.) Google Maps Echosec whois.org Maltego nslookup
whois.org nslookup
