Ethical Hacking and Network Defense

Identifies PHP

<??>

Samba

A Linux administrator wants to share files between Windows and Linux servers. What protocol should they use?

apt-get

A vulnerability manager shows a report on Debian applications which are susceptible to a buffer overflow attack. What command will update and manage their RPM packages?

SMBRelay

An attacker has successfully compromised a user's workstation, but they want to try to trick an administrator into connecting to a user's share drive in order to intercept the credentials. What tool should they use to accomplish this objective?

____________ is the specific act of checking a user's privileges to understand if they should or should not have access to a page, field, resource, or action in an application.

Authorization

What type of malicious code could survive an OS reinstall to allow an attacker to access the system at a later date?

BIOS-based rootkit

Microsoft and the University of Michigan co-developed SubVirt. This is a ____.

BIOS-level rootkit

Attempts every possible Password combination

Brute Force

Trimmed down version of Windows OS

CE

Passes data from server to browser

CGI

A software development company set up a website for client access to the company's application. The company needs to ensure the interactions on the website are secure. They need to set up ________.

Certificates

A _________ attack is being performed when the attacker has access to plaintext and ciphertext, and can choose which messages to encrypt.

Chosen-plaintext

Targeted unpatched medical systems

Conficker

Process of breaking encryption algorithm

CryptoAnalysis

Converts Plaintext into Ciphertext

Cryptography

apt-get

Debian package manager

Converts Ciphertext into Plaintext

Decryption

The _______ algorithm is most efficient, requiring few hardware resources so it's a perfect candidate for wireless devices and cell phones.

ECC

________is usually considered the biggest security threat to an organization.

Employees

A security professional at a large corporation needs to transmit legal documentation over the internet. The professional does not want this sensitive data readily viewable if intercepted. The professional should implement ________.

Encryption Algorithms

_______ is a mathematical function or program that works with a key.

Encryption algorithm

If a cloud administrator is setting up management for devices in a SCADA network and wants to manage them through Microsoft Graph, they should use Windows CE to be the most compatible.

False

If concerned about the attack surface a system presents, use a Multiple embedded OS configuration.

False

Once the OS is reinstalled, BIOS-based rootkits are unable to access the system at a later date.

False

Static Application Security Testing analyzes a running application for vulnerabilities.

False

The botnet worm psyb0t targeted an Embedded web server weakness.

False

Unpatched vulnerabilities are usually the biggest security threat to an organization.

False

Rootkits that pose the biggest threat to any OS are those that infect _______ of the targeted device.

Firmware

______________ describes software that resides on a chip.

Firmware

CIFS

For a Windows computer to be able to access a *nix resource, which of the following must be enabled on both systems?

Scanning method

Fuzzing

Why is the fuzzing technique used with Wapiti valuable?

Fuzzing inspects code within an application line-by-line, allowing the maximum number of vulnerabilities to be discovered.

Originally, ________ were used to perform routing and switching before specialized hardware was developed.

General purpose computers

Log monitoring tool

How should a security analyst review system generated events for signs of intrusion or other problems on the network?

________ is the specific act of filtering, rejecting, or sanitizing a user's untrusted input before the application processes it.

Input validation

SELinux

Linux OS security mechanism

_______ is certified to run multiple levels of classification, such as unclassified, secret, and top secret, on the same CPU without leakage between levels.

MILS

A ____________ operating system sacrifices flexibility for simplicity and fewer hardware resources.

Microkernel

OS uses fewer hardware resources

Microkernel

_______ is the most common motivator behind today's cyber security attacks.

Money

To embed PHP, an open-source server scripting language, into an HTML webpage, the __________ tags should be used.

NOT <php> and </php>

Which statement about the debugging mode is true?

NOT All statements are true.

________ is the specific act of filtering, rejecting, or sanitizing a user's untrusted input before the application processes it.

NOT Authorization

_________ is not a security tool that can be used for web application testing.

NOT Developer Tools

____________ is NOT a best practice for protecting embedded OS's.

NOT Inventory

___________ is an open-source embedded OS found in many space systems because it supports processors designed specifically to operate in space.

NOT MILS

When designing sensitive embedded systems that need only a fraction of the features offered by other kernels, there are risks for vulnerabilities that might outweigh the benefits. A ________ kernel should be chosen for this system.

NOT Micro

The ______ JavaScript function is a "method" or sequence of statements that perform a routine or task?

NOT document.write()

To increase the impact a single vulnerability can have viruses, worms, Trojans, and other attack vectors take advantage of ___________ code.

NOT open-source

The ______ JavaScript function is a "method" or sequence of statements that perform a routine or task?

Not CFOCATION()

Standard database access method

ODBC

Vulnerability resources organization

OWASP

Samba

Open-source CIFS implementation

A user needs to set up a digital certificate to sign emails so that recipients can verify that email came from them. What low cost option would best fit this need?

OpenPGP

Holds Private signing keys offline

ROOT CA

___________ is an open-source embedded OS found in many space systems because it supports processors designed specifically to operate in space.

RTEMS

yum

Red Hat/Fedora RPM Package Manager

Offers monitoring and automation

SCADA

Which of the following systems should be used for equipment monitoring and when automation is critical?

SCADA

False

SELinux can detect rootkits on *nix systems.

An attacker is attempting to compromise a network through a router. Which of the following are they least likely to perform?

SQL Injection

Which of the following application tests analyzes an application's source code for vulnerabilities, and is therefore only possible when the source code of an application is available?

Static Application Security Testing

Which type of XSS vulnerability is especially harmful?

Stored because it can be delivered to subsequent users of the application.

False

The most serious security shortcoming of Microsoft's original File Allocation Table (FAT) file system is it has no built-in compression.

True

The remote file system protocol CIFS replaced SMB in Windows 2000 Server and later.

How can developer tools be accessed in Firefox or Chrome?

These tools can be accessed through the Tools menu in Firefox and Chrome.

A Real-time embedded OS configuration is a good choice if you are concerned about the attack surface a system presents.

True

ASP uses scripting languages, such as JScript (Microsoft's version of JavaScript) or VBScript to create dynamic webpages.

True

An RTOS is a specialized type of embedded OS that is typically used in devices such as programmable thermostats, appliance controls, and even spacecraft.

True

Because it runs on the majority of deployed Web servers, security professionals must have at least some knowledge of IIS.

True

Developer tools allow an attacker to tamper with and resend requests.

True

If a cloud administrator is setting up management for devices in a SCADA network and wants to manage them through Microsoft Graph, they should use Windows 10 IoT to be the most compatible.

True

It is possible to bypass firewall and IDS systems since many of these systems allow the content of HTTPS traffic to pass.

True

The JScript programming languages was originally used primarily on UNIX systems, but it is now used widely on many platforms, such as Macintosh and Windows.

True

To access a database from an ASP webpage, an ADO connection to the database must be created.

True

Wapiti is a web application vulnerability scanner that uses a black box approach.

True

To keep attackers from knowing the directory structure you create on an IIS web server, a(n) ___________ should be created.

Virtual directory

True

WSUS is a Windows client/server technology used to manage patching and updating systems software from the network.

Which web application vulnerability scanner uses a black box approach?

Wapiti

___________ is often found within an embedded OS that can cause a potential vulnerability to an attack.

Web Server

OWASP offers Broken Web Apps and what online utility that helps beginning security testers understand web application vulnerabilities?

Webgoat

File system

What critical component of any OS, that can be vulnerable to attacks, is used to store and manage information?

GC

What does a Windows environment use to locate resources in a domain containing thousands or even millions of objects?

True

When using the Common Internet File System (CIFS), the User-level security model requires a username and password be set for the file share.

Linux Rootkit 5

Which of the following is a common Linux rootkit?

Null SA password

Which of the following is considered to be the most critical SQL vulnerability?

NetBEUI

Which of the following protocols does NetBios use to access a network resource?

WSUS

Windows patch and update service

A certificate contains a unique serial number and must follow the _____ standard that describes the creation of a certificate.

X.509

Potential millennium software flaw

Y2K

How can new tools for hacking web applications be installed to Kali Linux?

apt-get install packagename

To check whether a CGI program works, you can test the URL in your Web browser. Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser?

cgi-bin

In a _________ attack, the attacker needs access to the cryptosystem and the ciphertext to be decrypted to yield the desired plaintext results.

chosen-ciphertext

An encryption algorithm is the process of ___________.

encoding information

Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input?

injection

An IT technician downloaded dd-wrt to experiment with embedded Linux operating systems. What major worm was this previously subjected to?

psyb0t