Ethical Hacking Final
michael is performing a penetration test for a hospital. which federal regulation does michael need to ensure he follows?
HIPAA
which of the following protocols included in the IPsec architecture?
IKE, AH, and ESP
which of the following protocols is one of the most common methods used to protect packet information and defend against network attacks in VPNs?
IPsec
the U.S. Department of Commerce has an agency with the goal of protecting organizational operations, assets, and individuals from threats such as malicious cyber-attacks, natural disasters, structural failures, and human errors. which of the following agencies was created for this purpose?
NIST
which of the following defines the security standards for any organization that handles cardholder information for any type of payment card?
PCI DSS
julie configures two dns servers, one internal and one external, with authoritative zones for the cornet.xyz domain. one dns server directs external clients to an external server. the other dns server directs internal clients to an internal server. which of the following dns countermeasures is she implementing?
Split DNS
iggy, a penetration tester, is conducting a black box penetration test. he wants to do reconnaissance by gathering information about ownership, IP addresses, domain name, locations, and server types. which of the following tools would be most helpful?
Whois
which of the following best describes a supply chain?
a company provides materials to another company to manufacture a product.
closed circuit television can be used as both a preventative tool (to monitor live events) or as an investigative tool (to record events for later playback). which camera is more vandal-resistant than other cameras?
a dome camera
which of the following best describes a DoS attack?
a hacker overwhelms or damages a system and prevents users from accessing a service.
which of the following best describes a script kiddie?
a hacker who uses scripts written by much more talented individuals.
as the cybersecurity specialist for your company, you have used Wireshark to check for man-in-the-middle DHCP spoofing attacks using the bootp filter. After examining the results, what is your best assessment?
a man-in-the-middle spoofing attack is possible due to two DHCP ACK packets.
Which of the following information sharing policies addresses the sharing of critical information in press releases, annual reports, product catalogs, and marketing materials?
a printed materials policy
Jason, an attacker, has manipulated a client's connection to disconnect the real client and allow the server to think that he is the authorized user. which of the following describes what he has done?
active hijacking
which of the following is the difference between an ethical hacker and a criminal hacker?
an ethical hacker has permission to hack a system, and a criminal hacker doesn't have permission
John, a security specialist, conducted a review of the company's website. he discovered that sensitive company information was publicly available. which of the following information sharing policies did he discover were being violated?
an internet policy
which of the following best describes an inside attack?
an unintentional threat actor; the most common threat.
an attacker may use compromised websites and emails to distribute specially designed malware to poorly secured devices. this malware provides an access point to the attacker, which he can use to control the device. which of the following devices can the attacker use?
any device that can communicate over the intranet can be hacked.
ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. ron starts a conversation about the dog on June's phone. Which phase of the social engineering process is Ron on?
development phase
which of the following services is most targeted during the reconnaissance phase of a hacking attack?
dns
compliments, misinformation. feigning ignorance, and being a good listener are tactics of which technique?
elictitation
implementing emergency lighting that runs on protected power and automatically switches on when the main power goes off is part of which physical control?
employee and visitor safety
randy is an ethical hacker student. he has learned how nmap flag manipulation can help find open ports. although the name of the operation system did not jump right out at him, he might be able to figure it out by reviewing packet information. in a packet, randy can see a ttl of 225 and a window size of 4128. what type of scanning process is randy using?
fingerprinting
Dan wants to implement reconnaissance countermeasures to help protect his DNS service. which of the following actions should he take?
install patches against known vulnerabilities and clean up out-of-date zones, files, users, and groups.
which of the following best describes a physical barrier used to deter an aggressive intruder?
large flowerpots
which of the following is an attack where all traffic is blocked by taking up all available bandwidth between the target computer and the internet?
volumetric attack
what type of scan is used to find system weaknesses such as open ports, access points, and other potential threats?
vulnerability scan
a technician is using a modem to dial a large block of phone numbers in an attempt to locate others connected to a modem. which type of network scan is being used?
wardialing
xavier is doing reconnaissance. he is gathering information about a company and is employees by going through their social media accounts. xavier is using a tool that pulls information from social media postings that were made using location services. what is the name of this tool?
Echosec
which of the following best describes a lock shim?
a thin, stiff piece of metal.
which of the following describes a session ID?
a unique token that a server assigns for the duration of a client's communication with a server
which of the following best describes the key difference between DoS and DDoS?
attackers use numerous computers and connections.
information transmitted by the remote host can be captured to expose the application type, application version, ..... even operating system type and version. which of the following is a technique hackers use to obtain information about the services running on a target system?
banner grabbing
creating an area of the network where offending traffic is forwarded and dropped is known as _____?
black hole filtering
which of the following packet crafting software programs can be used to modify flags and adjust other packet content?
colasoft
which of the following best describes the process of using prediction to gain session tokens in an Application level hijacking attack?
collect several session IDs that have been used before and then analyze them to determine a pattern.
ABC company is in the process of merging with XYZ company. as part of the merger, a penetration test has been recommended. testing the network systems, physical security, and data security have all been included in the scope of work. what else should be included in the scope of work?
company culture
which type of penetration test is required to ensure an organization is following federal laws and regulations?
compliance based
joe, a bookkeeper, works in a cubicle environment and is often called away from his desk. Joe doesn't want to log out of his computer each time he leaves. which of the following is the best solutions for securing joe's ______?
configure the screen saver to require a password
a penetration tester is trying to extract employee information during the reconnaissance phase. what kinds of data is the tester collecting about the employees?
contact names, phone numbers, email addresses, fax numbers, and addresses
you want a list of all open udp and tcp ports on your computer. you also want to know which process opened the port, which user created the process, and what time it was created. which of the following scanning tools should you use?
currports
which of the following best describes what FISMA does?
defines how federal government data, operations, and assets are handled.
which of the following best describes a goal-based penetration test?
focuses on end results. the hacker determines the methods.
a hacker has discovered UDP protocol weaknesses on a target system. the hacker attempts to send large numbers of UDP packets from a system with a spoofed IP address, which broadcasts out to the network in an attempt to flood the target system with an overwhelming amount of UDP responses. which of the following DoS attacks is the hacker attempting to use?
fraggle attack
which of the following motivates attackers to use DoS and DDoS attacks?
hacktivism, profit, and damage reputation
which of the following best describes the scan with ack evasion method?
helps determine whether the firewall is stateful or stateless and whether or not the ports are open
you are in the process of implementing policies and procedures that require identification. you observe employees holding a secure door for others to pass through. which of the following training sessions should you implement to help prevent this in the future
how to prevent piggybacking and tailgating.
a hacker finds a target machine but wants to avoid getting caught, so the hacker finds another system to take the blame. this system is frequently called a zombie machine because it's disposable and creates a good distraction. which of the following port scans is being used?
idle scan
which of the following best describes what SOX does?
implements accounting and disclosure requirements that increase transparency.
which of the following elements of penetration testing includes the use of web surfing, social engineering, dumpster diving, and social networking?
information gathering techniques
which of the following is a benefit of using a proxy when you find that your scanning attempts are being blocked?
it filters incoming and outgoing traffic, provides you with anonymity, and shields you from detection
whats the name of the open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses, and other information?
maltego
which term describes the process of sniffing traffic between a user and a server, then re-directing the traffic to the attacker's machine, where malicious traffic can be forwarded to either the user or server?
man-in-the-middle
on her way to work, Angela accidentally left her backpack with a company laptop at the coffee shop. what type of threat has she caused the company?
man-made threat
while reviewing video files form your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. the individual did not have a security badge. which of the following would you most likely implement to keep this from happening in the future?
mantraps
social engineers are master manipulators. which of the following are tactics they might use?
moral obligation, ignorance, and threatening
which of the following is an online tool that is used to obtain server and web server information?
netcraft
Whois, Nslookup, and ARIN are all examples of:
network footprinting tools
a ping sweep is used to scan a range of IP addresses to look for live sytems. a...... security system, which could result in an alarm being triggered or an attempt ...... ?
network scan
nmap can be used for banner grabbing. nmap connects to an open tcp port and returns anything sent in a five-second period. which of the following is the proper nmap command?
nmap -sV --script=banner ip_address
you have found the IP address of a host to be 172.125.68.30. you want to see other hosts are available on the network. which of the following nmap commands would you enter to do a ping sweep?
nmap -sn 172.125.68.1-255
which of the following tools can be used to create botnets?
shark, plugbot, and poison ivy
charles found a song he wrote being used without his permission in a videon on YouTube. which law will help him protect his work?
DMCA
jason is at home, attempting to access the website for his music store. when he goes to the website, he gets a simple form asking for name, email, and phone number. this is not the music sore website. Jason's website has been hacked. how did the hacker accomplish this hack?
DNS cache poisoning
you are in the reconnaissance phase at the XYZ company. you want to use nmap to scan for open ports and use a parameter to scan the 1,000 most common ports. which nmap command would you use?
nmap-sS xyzcompany.com
joe wants to use a stealthy linux tool that analyzes network traffic and returns information about operating systems. which of the following banner grabbing tools is he most likely to use?
p0f
which of the following is characterized by an attacker using a sniffer to monitor traffic between a victim and a host?
passive hijacking
while performing a penetration test, you captured a few HTTP POST packets using Wireshark. After examining the selected packet, which of the following concerns or recommendations will you include in your report?
passwords are being sent in clear text.
Which type of attack involves changing the boot order on a PC so that the hacker can gain access to the computer by bypassing the install operating system?
physical attack
which of the following scans is used to actively engage a target in an attempt to gather information
port scan
using a fictitious scenario to persuade someone to perform an action or give information they aren't authorized to shared is called?
pretexting
important aspects of physical security include which of the following?
preventing interruptions of computer services caused by problems such as fire.
What are the three factors to keep in mind with physical security?
prevention, detection, and recovery
which of the following flags is used by a tcp scan to direct the sending system to send buffered data?
psh
when a penetration tester starts gathering details about employees, vendor,s business processes, and physical security, which phase of testing are they in?
reconnaissance
which of the following best describes a reverse proxy method for protecting a system from a DoS attack?
redirects all traffic before it is forwarded to a server, so the redirected system takes the impact.
alex, a security specialist, is using an xmas tree scan. which of the following tcp flags will be sent back if the port is closed?
rst
you are using an iOS device. you want to scan networks, websites, and ports to find open network devices. which of the following network mapping tools should you use?
scany
which document explains the details of an objective-based test?
scope of work
a person in a dark grey hoodie has jumped the fence at your research center. a security guard has detained this person, denying him physical access. which of the following areas of physical security is the security guard currently in?
security sequence
it is important to be prepared for a DoS attack. these attacks are becoming more common. which of the following best describes the response you should take for a service degradation?
services van be set to throttle or even shut down.
your network administrator has set up training for all the users regarding clicking on links in emails or instant messages. which of the following is your network admin attempting to prevent?
session fixation
a penetration tester discovers a vulnerable application an dis able to hijack a website's URL hyperlink session ID. the penetration tester is able to intercept the session ID; when the vulnerable application sends the URL hyperlink to the website, the session IDs are embedded in the hyperlink. which of the following types of session hijacking countermeasures is the penetration tester using?
session fixation attack
which of the following tasks is being described? 1. sniff the traffic between the target computer and the server. 2. monitor traffic with the goal of predicting the packet sequence numbers. 3. desynchronize the current session. 4. predict the session ID and take over the session. 5. inject commands to target the server
session hijacking
brandon is helping fred with his computer. he needs fred to enter his username and passwords. fred enters the username and passord while brandon is watching him. brandon explains it is never a good idea to allow anyone to watch you type in usernames and passwords. which type of attack is fred referring to?
shoulder surfing
what does the google search operator allnurl:keywords do?
shows results in pages that contain all of the listed keywords.
you have a set of DVD-RW discs that were used to archive files from your latest project. you need to ____ sensitive information on the discs fro being compromised. which of the following methods _____ ___ destroy the data?
shred the discs.
Minju, a penetration tester, is testing a client's security. she notices that every Wednesday, a few employees go to a nearby bar for happy hour. she goes to the bar and starts befriending one of the employees with the intention of learning the employee's personal information. which information gathering technique is Minju using?
social engineering
any attack involving human interaction of some kind is referred to as ____?
social engineering
a goal-based penetration test needs to have specific goals. using SMART goals is extremely useful for this. what does SMART stand for?
specific/measurable/attainable/relevant/timely
you are instant messaging a coworker, and you get a malicious link. which type of social engineering attack is this?
spim
tcp is a connection-orientated protocol that uses a three-way handshake to establish a connection to a system. computer 1 sends a syn packet to computer 2. which packet does computer 2 send back?
syn/ack
which of the following best describes telnet?
the tool of choice for banner grabbing that operates on port 23
you are using wireshark to try and determine if a DoS attack is happening on your network (128.28.1.1). you previously captured packets using the tcp.flags.syn==1 and tcp.flags.ack==1 filter, but only saw a few SYN-ACK packets. you have now changed the filter to tcp.flags.syn==1 and tcp.flags.ack==0. after examining the wireshark results shown in the image, which of the following is the best reason to conclude that a DDoS is happening?
there are multiple SYN packets with different source addresses destined for 128.28.1.1
which of the following is a limitation of relying on regulations?
they rely heavily on password policies.
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. what could you do to add an additional layer of security to this organization?
train the receptionist to keep her iPad in a locked drawer
you have implemented a regular backup for a windows system, backing up data files every night and creating a system image backup once per week. for security reasons, your company has decided not to store a redundant copy of the backup media at an off-site location. which of the following would be the best backup and storage option?
use incremental backups and store them in a locked fireproof safe.
an attack that targets senior executives and high-profile victims is referred to as _______?
whaling
you get a call from one of your best costumers. they customer is asking about your company's admins and managers. what should yo do?
you should not provide any information and forward the call to the help desk.