Ethical Hacker Pro Chapter 4, 5, 6
Jorge, a hacker, has gained access to a Linux system. He has located the usernames and IDs. He wants the hashed passwords for the users that he found. Which file should he look in?
/etc/shadow
Which of the following ports are used by null sessions on your network?
139 and 445
Xavier is doing reconnaissance. He is gathering information about a company and its employees by going through their social media content. Xavier is using a tool that pulls information from social media postings that were made using location services. What is the name of this tool?
Echosec
In which phase of the ethical hacking process do you gather information from a system to learn more about its configurations, software, and services?
Enumeration
Randy is an ethical hacker student. He has learned how nmap flag manipulation can help find open ports. Although the name of the operating system did not jump right out at him, he might be able to figure it out by reviewing packet information. In a packet, Randy can see a TTL of 255 and a window size of 4128. What type of scanning process is Randy using?
Fingerprinting
Which of the following best describes the scan with ACK evasion method?
Helps determine whether the firewall is stateful or stateless and whether or not the ports are open.
Which of the following enumeration tools provides information about users on a Linux machine?
finger
Shawn, a malicious insider, has obtained physical access to his manager's computer and wants to listen for incoming connections. He has discovered the computer's IP address, 192.168.34.91, and he has downloaded netcat. Which of the following netcat commands would he enter on the two computers?
nc -l -p 2222 (manager's computer) and nc -nv 192.168.34.91 2222 (Shawn's machine)
A hacker finds a target machine but wants to avoid getting caught, so the hacker finds another system to take the blame. This system is frequently called a zombie machine because it's disposable and creates a good distraction. Which of the following port scans is being used?
Idle scan
Which of the following is the most basic way to counteract SMTP exploitations?
Ignore messages to unknown recipients instead of sending back error messages.
After the enumeration stage, you have are considering blocking port 389. Your colleague has advised you to use caution when blocking ports that could potentially impact your network. Which of the following necessary services could be blocked?
LDAP
What's the name of the open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses, and other information?
Maltego
You are in the reconnaissance phase at the XYZ company. You want to use nmap to scan for open ports and use a parameter to scan the 1,000 most common ports. Which nmap command would you use?
nmap -sS xyzcompany.com
Nmap can be used for banner grabbing. Nmap connects to an open TCP port and returns anything sent in a five-second period. Which of the following is the proper nmap command?
nmap -sV --script=banner ip_address
The nmap -sn command is used to disable port scanning. The command nmap -sn 172.125.8. 1-225 will scan a range of ip addresses without listing the ports.
nmap -sn 172.125.68. 1-255
You are using an iOS device. You want to scan networks, websites, and ports to find open network devices. Which of the following network mapping tools should you use?
Scany
Which of the following information sharing policies addresses the sharing of critical information in press releases, annual reports, product catalogs, and marketing materials?
A printed materials policy
Which of the following is the difference between an ethical hacker and a criminal hacker?
An ethical hacker has permission to hack a system, and a criminal hacker doesn't have permission.
John, a security specialist, conducted a review of the company's website. He discovered that sensitive company information was publicly available. Which of the following information sharing policies did he discover were being violated?
An internet policy
The Simple Network Management Protocol (SNMP) is used to manage devices such as routers, hubs, and switches. SNMP works with an SNMP agent and an SNMP management station in which layer of the OSI model?
Application Layer
Information transmitted by the remote host can be captured to expose the application type, application version, and even operating system type and version. Which of the following is a technique hackers use to obtain information about the services running on a target system?
Banner grabbing
Which enumeration process tries different combinations of usernames and passwords until it finds something that works?
Brute force
Which of the following packet crafting software programs can be used to modify flags and adjust other packet content?
Colasoft
A penetration tester is trying to extract employee information during the reconnaissance phase. What kinds of data is the tester collecting about the employees?
Contact names, phone numbers, email addresses, fax numbers, and addresses
You want a list of all open UDP and TCP ports on your computer. You also want to know which process opened the port, which user created the process, and what time is was created. Which of the following scanning tools should you use?
Currports
Which of the following services is most targeted during the reconnaissance phase of a hacking attack?
DNS
Which of the following elements of penetration testing includes the use of web surfing, social engineering, dumpster diving, and social networking?
Information gathering techniques
Dan wants to implement reconnaissance countermeasures to help protect his DNS service. Which of the following actions should he take?
Install patches against known vulnerabilities and clean up out-of-date zones, files, users, and groups.
Which of the following is a benefit of using a proxy when you find that your scanning attempts are being blocked?
It filters incoming and outgoing traffic, provides you with anonymity, and shields you from detection.
Which of the following is an online tool that is used to obtain server and web server information?
Netcraft
Whois, Nslookup, and ARIN are all examples of:
Network footprinting tools
A ping sweep is used to scan a range of IP addresses to look for live systems. A ping sweep can also alert a security system, which could result in an alarm being triggered or an attempt being blocked. Which type of scan is being used?
Network scan
Joe wants to use a stealthy Linux tool that analyzes network traffic and returns information about operating systems. Which of the following banner grabbing tools is he most likely to use?
P0f
Which of the following flags is used by a TCP scan to direct the sending system to send buffered data?
PSH
Which of the following scans is used to actively engage a target in an attempt to gather information about it?
Port scan
Alex, a security specialist, is using an Xmas tree scan. Which of the following TCP flags will be sent back if the port is closed?
RST
When a penetration tester starts gathering details about employees, vendors, business processes, and physical security, which phase of testing are they in?
Reconnaissance
Robby, a security specialist, is taking countermeasures for SNMP. Which of the following utilities would he most likely use to detect SNMP devices on the network that are vulnerable to attacks?
SNscan
TCP is a connection-oriented protocol that uses a three-way handshake to establish a connection to a system port. Computer 1 sends a SYN packet to Computer 2. Which packet does Computer 2 send back?
SYN/ACK
What does the Google Search operator allinurl:keywords do?
Shows results in pages that contain all of the listed keywords.
MinJu, a penetration tester, is testing a client's security. She notices that every Wednesday, a few employees go to a nearby bar for happy hour. She goes to the bar and starts befriending one of the employees with the intention of learning the employee's personal information. Which information gathering technique is MinJu using?
Social engineering
Hugh, a security consultant, recommended the use of an internal and external DNS to provide an extra layer of security. Which of the following DNS countermeasures is being used?
Split DNS
Julie configures two DNS servers, one internal and one external, with authoritative zones for the corpnet.xyz domain. One DNS server directs external clients to an external server. The other DNS server directs internal clients to an internal server. Which of the following DNS countermeasures is she implementing?
Split DNS
What port does a DNS zone transfer use?
TCP 53
LDAP is an internet protocol for accessing distributed directory services. If this port is open, it indicates that Active Directory or Exchange may be in use. What port does LDAP use?
TCP/UDP 389
Typically, you think of the username as being the unique identifier behind the scenes, but Windows actually relies on the security identifier (SID). Unlike the username, a SID cannot be used again. When viewing data in the Windows Security Account Manager (SAM), you have located an account ending in -501. Which of the following account types did you find?
The built-in guest
Which of the following best describes telnet?
The tool of choice for banner grabbing that operates on port 23.
Diana, a penetration tester, executed the following command. Which answer describes what you learn from the information displayed?
This is a DNS zone transfer.
A hacker has managed to gain access to the /etc/passwd file on a Linux host. What can the hacker obtain from this file?
Usernames, but no passwords
Which of the following best describes IPsec enumeration?
Uses ESP, AH, and IKE to secure communication between VPN endpoints.
What type of scan is used to find system weaknesses such as open ports, access points, and other potential threats?
Vulnerability scan
A technician is using a modem to dial a large block of phone numbers in an attempt to locate other systems connected to a modem. Which type of network scan is being used?
Wardialing
Iggy, a penetration tester, is conducting a black box penetration test. He wants to do reconnaissance by gathering information about ownership, IP addresses, domain name, locations, and server types. Which of the following tools would be most helpful?
Whois