Ethical Hacking
Which of the following needs to be in the GRUB to run a terminal with root permissions?
'rw init=/install/gtk/initrd.gz quiet splash init=/bin/bash', to have read-write permissions
Which of the following is true regarding an SFX attack?
- Self extracting executables - Can be used to deceive a victim into running background executable scripts
What are some defensive measures you can take against a brute-force attack?
-Login attempt limitation -Fail2Ban -Strong password
If you run the following command nmap 5.25.128.0/18 -p 3389 how many potential IPs are you looking for and with what services?
16384 IPs with remote desktop
Which of the following users would you try to compromise if you could not get root access?
A user with sudo permissions
If a PC's boot order is requesting a password, what security solution has been implemented?
BIOS password
Which of the following is not an automated web application vulnerability scanning tool?
Bettercap
What tool is highly effective when testing client-server transactions, can be used to manipulate captured data, and can send data to the server?
Burp suite repeater
Which of the following IS an automated web application vulnerability scanning tool?
Burps Suite Acunetix Netsparker
Which of the following is true about Hashcat?
Can use the GPU as the processing unit for a brute-force attacks
What do you have to do to make your browser use an interception proxy like Burp Proxy Suite?
Change the manual proxy configuration to the loopback on port 8080
Ensuring that data is kept secret is what part of the CIA triangle?
Confidentially
Which concept of On-Path attack includes the process of redirecting a domain name request to a custom phishing domain?
DNS poisoning
Which of the following user types has the highest privilege in a Windows domain environment?
Enterprise Admin
Which SQL injection is the easiest to perform?
Error based SQLi
CUPP aka Cyber User Password Profiler is used for
Fundamentals - gathering info about user to create a password list
Which of the following is a known mitigation for Linux local privilege escalation?
GRUB encryption
What does Talos do?
Gathers global information about cyber attacks
To launch a phishing campaign, what tool can help to create a clone for a specific website?
HTTrack
MD5, SHA-1, and NTLM are examples of what?
Hashes
Creating a DWORD key in the registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Hides a user
Which establishment needs to be HIPPA certified?
Hospitals
What are social engineering attacks based on?
Human error
Which of the following is true regarding XSS?
It is a client-side attack
Which of the following tools can crack protected PDF files using the brute-force technique?
John the Ripper
Which of the following tools can be used to make the cracking process easier, in trying to crack a password on a website?
John the ripper
What is Eternal Blue?
Known Windows exploit
Which of the following platforms can help to perform penetration testing on a system?
MetaSploit
In a database, if you want data to be sequential, you would use the <blank> command.
ORDER
John the Ripper is a technical assessment tool used to for the following?
Offline password cracking
Intercepting and eavesdropping on communications is which type of attack?
On-Path attack
Hydra & Medusa are examples of what?
Online password attacks
Which of the following does an ethical hacker require to start evaluating a system?
Permission
Which of the following protocols is exploited to achieve the On-Path position?
Port Security
Which of the following can be used to prevent SQL injection on a website?
Prepared statements
Cross-site scripting or XSS, comes in what three forms?
Reflected, stored, and DOM
Which of the following IS a HASH algorithm?
SHA-1 MD5 SHA-256 RSA NTLM
Which of the following is NOT a HASH algorithm?
SHA-67 SHA-25
Which of the following is not a server-side technology?
SQL
Which tool(s) could you use to search for an exploit?
SearchSploit
Cookies are
Session hijacking
In MetaSploit, how do you display the required fields of an exploit?
Show Options
John built a forum-based website. He wants to save a payload in the database to affect its viewers. What is he most likely to use?
Stored XSS
In a database query, what does 1=1 do?
Tells the system it is a true statement
Which of the following describes the HTTP GET method?
The method requests a specific resource from the server.
A cyber consultant used Nmap to map an organization and find open ports. One scan received RST as a response. What is the port status?
The port is closed
What are the OWASP Top 10?
The top 10 most common web-related vulnerabilities
Why may cookies be stolen via XSS?
To steal another user's session
Which SQL query is used to change existing values?
UPDATE
Which of the following is the best way to mitigate Windows local privilege escalation technique?
Using full disk encryption
Apache, Nginx, and IIS are examples of what?
Web servers
For the dirbuster tool to work, it requires:
Wordlists
In Meterpreter, what command would you use to find the current user?
getuid
Which of the following is used to perform customized network scans?
nmap
What Nmap command would be used to fingerprint or to find out versions?
nmap 192.168.1.100 -sV