INFO SEC CHAPTER 05-09

<! -- -->

Carl is analyzing the Hypertext Markup Language (HTML) code of a company's website. He would like to identify any comments written in the code. What HTML tag should he search for?

IaaS deployments typically require more capital investment than on-premises deployments.

Carl's organization is considering moving to a cloud-based infrastructure-as-a-service (IaaS) provider. Which of the following statements is NOT true about IaaS deployments?

True

Cloud capacity can be provisioned with greater or fewer resources, based on current client needs.

many audit log settings

Common database vulnerabilities include the following except _______.

SNMPwalk

Darcy would like to gather information from network devices as she performs enumeration. Which tool exploits a common network management protocol to gather information?

False

Databases are rarely a target for attackers because many of them are "unhackable."

False

Default access point (AP) security settings should never be changed.

True

File Transfer Protocol (FTP) is considered an insecure application.

False

Firewalls provide very little protection to a database server.

Pineapple

Frank recently discovered that a rogue wireless network was set up in his building. He discovered that attackers placed a device behind a plant that performs a man-in-the-middle attack against legitimate users. What type of device did Frank discover?

Filtered

Gary is interpreting the results of an nmap scan and discovers ports with a variety of statuses. Which of the following indicates that the port may be accepting connections but a firewall makes it difficult to determine?

True

Google Hacking Database (GHDB) is a database of queries that can be used to conduct a Google web search to identify sensitive data and content.

sanitizing information that is available publicly whenever possible

Google hacking can be thwarted to a high degree by ________.

False

Google hacking is effective because Google indexes small amounts of information in just a few, focused types of formats.

Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)

In wireless networks based on the 802.11 standard, stations transmit their messages using ________.

True

Input validation refers to restricting the type of input or data the website will accept so that mistakes will not be entered into the system.

Regional Internet registries

Which of the following is NOT one of the Internet sources that hackers use to gather information about a company's employees?

Packet sniffing involves the attacker capturing traffic from both ends of a communication between two hosts.

Which of the following is NOT true regarding the use of a packet sniffer?

Superscan

Which of the following is a Windows-based port scanner designed to scan TCP and UDP ports, perform ping scans, run Whois queries, and use Traceroute?

Active fingerprinting

Which of the following is a form of OS fingerprinting that involves actively requesting information from a target system?

Passive fingerprinting

Which of the following is a method of identifying the OS of a targeted computer or device in which no traffic or packets are injected into the network? Attackers simply listen to and analyze existing traffic.

Database

Which of the following is a structured format for storing information for later retrieval, modification, management, and other purposes?

Man-in-the-middle attack

Which of the following is a type of passive online attack?

Precomputed attack

Which of the following is considered an offline attack?

Blog

Which of the following is created for the sole purpose of posting unflattering content about a company?

Weak ciphers or encoding algorithms

Which of the following is directly associated with encryption using short keys or keys that are poorly designed and implemented?

Preshared keys

Which of the following is entered ahead of time for both the access point (AP) and client so they can authenticate and associate securely?

nbtstat

Which of the following is included with every version of Windows and is intended to assist in network troubleshooting and maintenance?

Server administrator

Which of the following is primarily concerned with the security of the web server because it can provide an easy means of getting into the local network?

NoSQL database

Which of the following is the best choice for storing and retrieving massive volumes of data in extremely short periods of time?

Scanrand

Which of the following is unique among network scanners because it can scan ports in parallel using what is known as stateless scanning?

Bluebugging

Which of the following is used to make calls or send text messages from the targeted device?

Bluesnarfing

Which of the following is used to steal data from a Bluetooth-enabled mobile device?

They are specific to only one vendor's database and cannot force the application to reveal restricted information.

Which of the following statements is NOT true regarding Structured Query Language (SQL) injections?

During the enumeration phase, the attacker runs a series of port scans on a system.

Which of the following statements is NOT true regarding enumeration?

Companies should attempt to keep all information secret.

Which of the following statements is NOT true regarding information in a public company?

Warchalking

Which of the following techniques is not used to locate network access points but to reveal the presence of access points to others?

Platform as a Service (PaaS)

Which of the following typically refers to a virtual environment in the cloud in which a client rents access to a virtual infrastructure and to certain preinstalled software components?

Service set identifier (SSID)

Which of the following uniquely identifies a wireless network, thereby ensuring that clients can locate the correct wireless local area network (WLAN) they should be attaching to?

Poison null byte attack

Which of the following web application attack methods passes special characters that a script may not be designed to handle properly, resulting in the script granting access where it should not otherwise be given?

802.11g

Which standard combines the best of both 802.11a and 802.11b?

WiMAX

Which technology is specifically designed to deliver Internet access over the "last mile" to homes or businesses that may not otherwise be able to get access?

Bluetooth

Which technology was designed to be a short-range networking technology (up to 10 meters) that could connect different devices together?

TCP connect scan

Which type of TCP scan is the most reliable but also the easiest to detect?

SYSTEM

Which user account gets nearly unlimited access to the local system and can perform actions on the local system with little or no restriction?

Long-lived sessions

Which web session vulnerability is directly associated with sessions that remain valid for periods longer than they are needed?

802.11

Wi-Fi is a trademark, owned by the Wi-Fi Alliance, that is used to brand wireless technologies that conform to the ________ standard.

True

Wireless LANs are built upon the 802.11 family of standards and operate in a similar manner to wired networks.

True

Wireless networks use radio frequency (RF) or radio techniques, which allows wireless transmissions to reach out in all directions, enabling connectivity but also allowing anyone in those directions to eavesdrop.

False

It is much harder to detect active OS fingerprinting than passive OS fingerprinting.

SYN flooding

Quentin is analyzing an attack against his organization. He noticed that the traffic associated with the attack contains many Transmission Control Protocol (TCP) connection requests where the handshake was not completed. What type of attack most likely took place?

True

Rainbow tables compute every possible combination of characters prior to capturing a password.

multiple input and multiple output (MIMO)

The 802.11n standard can transmit multiple signals across multiple antennas. This method of transmitting signals is called ________.

Wi-Fi

The IEEE 802.11 family of standards, which include 802.11g, 802.11n, and 802.11ac, is known collectively in standard jargon as ________.

delegate resources as needed to customers, who include Internet service providers (ISPs) and end-user organizations

The Internet Assigned Numbers Authority (IANA) delegates Internet resources to the Regional Internet Registries (RIRs), which then ________.

True

The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the Domain Name System (DNS) root, IP addressing, and other Internet protocol resources.

Ping scan

The Nmap -sP option performs which of the following scans?

True

The Nslookup tool lists Domain Name System (DNS) nameservers.

True

The Regional Internet Registry responsible for North America, including the United States, is the American Registry for Internet Numbers (ARIN).

lists all top-level domains, such as .com, and also shows two-character country codes

The Root Zone Database page of Internet Assigned Numbers Authority (IANA) ________.

False

The Security Account Manager (SAM) is a file that resides on the network, not on the hard drive, and is not actively accessed while Windows is running.

True

The Whois tool is primarily used to verify whether a domain name is available or whether it has been registered.

the NULL session

The Windows operating system feature used to give access to certain types of information across the network is _________.

False

The amount of personal information that people put online themselves has made gathering information on human beings more difficult.

the Security Account Manager (SAM)

The database on the local Windows system that is used to store user account information is called ________.

True

The first step in port scanning is the gathering of information about the range of Internet protocols in use by the target.

802.11b

The first widely adopted wireless technology was ______.

True

The goal of defacing a website is to embarrass the website owner, make a statement, or just be a nuisance.

True

The goal of enumeration is to determine the value a system possesses.

True

The inSSIDer wireless hacking tool can inspect a wireless local area network (WLAN) and surrounding networks to troubleshoot competing access points (APs).

True

The inurl string is a Google keyword used to search within a site's uniform resource locator (URL).

management, distribution, and registration of public Internet Protocol (IP) addresses within their respective assigned regions

The manual method of obtaining network range information requires the attacker to visit at least one or more of the Regional Internet Registries (RIRs), which are responsible for ________.

False

The mere existence of an open port means vulnerability exists.

True

The p0f tool is commonly used to perform passive OS fingerprinting.

OS fingerprinting

The practice of identifying the operating system of a networked device through either passive or active techniques is called ________.

True

With passive fingerprinting, there's a lower chance of the victim detecting and reacting to the impending attack.

Poor end-user training

Which of the following is NOT considered a vulnerability of web servers?

False

Brute-force attacks are quick but rarely successful.

False

Active OS fingerprinting allows an attacker to obtain information about a target without triggering network defensive measures such as a firewall.

covering tracks

Attackers' attempts to stop their attacks from being detected are referred to as ________.

True

Brutus is a password cracker designed to decode different password types present in web applications.

are faster than manual methods

Automated methods for obtaining registrar network range information for a company ________.

True

A Bluetooth discoverable device could allow an attacker to attach to a Bluetooth device undetected and steal data from it easily.

False

A brute-force attack tries passwords that are pulled from a predefined list of words.

True

A buffer overflow associated with an web application can result in data being corrupted or overwritten.

True

A countermeasure for protecting domain information is to keep registration data as generic as possible.

True

A database linked to a web application can make a website and its content much easier to maintain and manage.

False

A denial of service (DoS) attack is considered a critical problem because it is very difficult to defeat.

False

A distributed denial of service (DDoS) attack is mostly an annoyance; however, a denial of service (DoS) attack is much more of a problem.

True

A good way to prevent Structured Query Language (SQL) injection attacks is to use input validation, which ensures that only approved characters are accepted.

True

A key characteristic of footprinting is that it gathers information about a victim without directly interacting and potentially providing advance notice of the attack.

True

A keystroke logger is software designed to capture a user's keystrokes, which are retrieved by an attacker later on.

the end or clearing of a connection

A packet flagged with the FIN flag signals ________.

False

A password length of 8 characters is considered to be the current standard.

True

A ping is actually an Internet Control Message Protocol (ICMP) message.

False

A poison null byte attack uploads masses of files to a server with the goal of filling up the hard drive on the server in an attempt to cause the application to crash.

True

A rootkit can provide a way to hide spyware so it is undetectable even to those looking for it.

True

A rootkit is typically unable to hide itself from detection, which makes the device easy to locate.

False

A session, the connection that a client has with a server application, should use the same identifier, encryption, and other parameters every time a new connection between the client and server is created.

True

A site administrator can block the Internet Archive from making snapshots of the site

True

A website's source code or HTML might prove valuable to a hacker.

True

Active fingerprinting contacts the host; passive fingerprinting does not.

False

Active fingerprinting takes longer than passive fingerprinting.

tools used to change passwords

Active@ and Trinity Rescue Kit are examples of ________.

True

Ad hoc networks can be created quickly and easily because no access point (AP) is required in their setup.

False

Ad hoc wireless networks are networks that use an access point (AP) that each client associates with.

True

After an attacker has performed enumeration, he or she can begin actually attacking the system.

1433

Alina is preparing to scan a Microsoft SQL Server database server for open ports. What port should she expect to find supporting the database service?

True

Although larger databases are likely to be on an administrator's radar, smaller ones that get bundled in with other applications can easily be overlooked.

False

An access point (AP) is a device that wired clients associate with in order to gain access to the network.

disabling auditing

An attacker can deprive the system owner of the ability to detect the activities that have been carried out by ________.

True

An attacker can steal a social media user's personal information after a user clicks on a malicious video link.

employ a commonly available proxy service to block the access of sensitive domain data

An effective countermeasure an organization can take to protect domain information is to ________.

False

An effective method for uncovering database vulnerabilities is to consider security problems simply from an insider's perspective, rather than an outsider's perspective.

the access point (AP)

An item that is present in wireless networks but not in wired networks is ________.

True

An organization's website is often the public face of the organization that customers see first.

True

Atmospheric conditions, building materials, and nearby devices can all affect emanations of wireless networks.

Bluejacking

Bruce is investigating a security incident in which attackers exploited weaknesses in the Bluetooth protocol to make messages appear on device screens. He does not believe any information was taken. What type of attack most likely occurred?

flags

Bits that are set in the header of a packet, each describing a specific behavior, are called ________.

False

Bluetooth devices cannot be secured.

True

Bluetooth employs security mechanisms called "trusted devices," which have the ability to exchange data without asking any permission because they are already trusted to do so.

Rainbow table

Brenda believes an attacker was using precomputed password hashes to attempt an attack against her network. What type of attack uses this approach?

adding unnecessary information to the website to throw attackers off the trail

Countermeasures to thwart footprinting of an organization's website include all of the following except ________.

Users

Devki would like to add a user to a group that allows one-time ordinary users to run applications and access local resources. After the user logs out, the profile is deleted. Which Windows Active Directory security group should she use?

140/tcp

Diego is concerned about attackers targeting his Windows servers using the NetBIOS protocol and wants to block use of that protocol at the firewall. Which of the following ports does Diego NOT need to block to prevent NetBIOS access?

True

During the enumeration phase of an attack, the attacker may employ techniques used to determine the placement and capabilities of countermeasures.

True

Early networks did not resemble the networks in use today because they were mainly proprietary and performed poorly compared with today's deployments.

True

Error messages should be considered a potential web server vulnerability because they can provide vital information to an attacker.

False

Exploiting a NULL session is difficult because it requires a long list of commands.

social media

Facebook, LinkedIn, and Twitter are ________ sites.

Xprobe2, an active OS fingerprinting tool, determines definitively which operating system is running on a system.

False

XMAS tree

Harry is analyzing inbound network traffic and notices a TCP packet that has the FIN, PSH, and URG flags set at the same time. Which type of scan is most likely occurring?

Web server version

Hunter collected the following banner information from a web server in his environment. What type of information can he determine solely by analyzing this banner?

True

If a database application does not require a specific port, changing it to a nonstandard port may provide additional protection.

True

In an NTFS file system, Alternate Data Streams (ADSs) are nondefault places to store data.

True

In networks based on the Ethernet standard (802.3), stations transmit their information using the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) method.

True

In the Windows operating system, the NetBIOS service is commonly targeted by attackers because diverse information can be obtained, including usernames, share names, and service information.

True

In wireless networks based on the 802.11 standard, stations transmit their information using the Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA).

-Pn (Don't Ping)

Jake is using nmap to scan a system that he believes blocks ICMP packets. He believes the TCP scan is not taking place because of this behavior. What flag can he use to bypass the ping portion of the scan?

Secure Sockets Layer (SSL)

Juan is analyzing the security of a website that he administers. Which of the following configurations is insecure and requires immediate remediation?

SMTP

Katie used nmap to scan a server running in her organization and received the following results. Which of the following services is not running on this system?

Server-side input validation

Keith is concerned about the frequency of SQL injection attacks against his organization's web applications. Which countermeasure is the best defense Keith can implement against SQL injection?

Mail servers

Kendra performed the nslookup commands shown in the image. What type of servers are identified in these results?

Wi-Fi Protected Access version 2 (WPA2)

Kolin is deploying a new wireless network and wants to use the strongest possible encryption. What encryption protocol should he select?

Tracert

Larry is attempting to identify the network route between two Windows systems. What command can he use on one system to identify the network path to the second system?

nbtstat -S

Lin is analyzing a system. She wishes to list all established NetBIOS sessions between that system and other networked systems. What command can she use to achieve this goal?

802.11ac

Maureen is planning a new wireless network. She wants to ensure she supports a modern wireless standard with dual-band technology and superior performance. Which of the following standards should she support?

True

Media access control (MAC) address filtering is a way to enforce access control on a wireless network by registering the MAC addresses of wireless clients with the access point (AP).

True

Most Internet of Things (IoT) devices use wireless network connections to join the local network.

True

Most of the services and processes that run on the Windows operating system run with the help of a user account.

False

Most users of social networking sites are diligent about protecting their personal information through privacy settings and similar configuration options available on these sites.

software tools for performing audits on databases

NCC SQuirreL and AppDetectivePro are ________.

False

NetStumbler is the only wireless hacking tool that can perform wireless network scanning.

False

Network range data from a registrar is useful to the associated company but not an attacker.

Whois

Nick is attempting to find the owner of a domain name. Which of the following would best assist him with this task?

True

Nmap can be used with or without a graphical user interface.

True

Nmap is valuable in OS fingerprinting as well as port scanning.

False

Obtaining financial information on companies operating in the United States is difficult because financial records on publicly traded companies are not available to the public.

True

Offline attacks are a form of password attack that relies on weaknesses in how passwords are stored on a system.

False

Offline attacks can be carried out using two methods: packet sniffing or man-in-the-middle and replay attacks.

cloud computing

Offloading services from a local intranet to the Internet can be done by using ________.

EDGAR

Tonya is conducting reconnaissance of a company that is the target of a penetration test. She would like to search for the company's financial filings with the SEC. What database should she use?

False

Over time, corporations have been moving fewer and fewer services to the cloud.

True

Password cracking is used to obtain the credentials of an account with the intent of using the information to gain access to the system as an authorized user.

True

Placement of an access point (AP) is an important security consideration in defending a wireless network.

False

Placing a backdoor on a system prevents an attacker from coming back later in an attempt to take control of the system.

True

Port scanning is designed to probe each port on a system in an effort to determine which ports are open.

perform actions on a system with fewer restrictions and perform tasks that are potentially more damaging

Privilege escalation gives the attacker the ability to ________.

False

Privilege escalation refers to changing account privileges to decrease access and increase restrictions.

True

Traceroute identifies the path to a targeted website.

False

Sanitizing a web posting refers to a company deleting information that others may find offensive.

True

Security professionals use the results of OS and network scanning activities to identify weaknesses in their environment.

nontechnical password attacks

Shoulder surfing, keyboard sniffing, and social engineering are considered ________.

True

SolarWinds has the ability to generate network maps.

True

Some organizations inadvertently put information from insecure applications on the Web.

False

Structured Query Language (SQL) injections require very little skill or knowledge to execute.

True

The process of active OS fingerprinting is accomplished by sending specially crafted packets to the targeted system.

True

The purpose of OS fingerprinting is to determine the operating system that is in use on a specific target.

security identifier (SID)

The unique ID assigned to each user account in Windows that identifies the account or group is called a(n) ________.

False

The widespread availability of wireless has made management and security much easier for the network and security administrator.

False

User Datagram Protocol (UDP) acknowledges each connection attempt; Transmission Control Protocol (TCP) does not, so it tends to produce less reliable results.

True

User Datagram Protocol (UDP) is harder to use for port scans successfully than Transmission Control Protocol (TCP).

False

Using the information obtained from wardriving to gain unauthorized access to a network is legal.

Time of day

Vincent is performing a wireless environment analysis and wishes to identify factors that affect signal propagation. Which factor is least likely to impact wireless signals?

True

Wardroning is a type of wireless attack in which an attacker uses a drone with a Global Positioning System (GPS) receiver and wireless detection adapter to monitor detected wireless signals.

Wardriving

What is the process of locating wireless access points and gaining information about the configuration of each?

Cross-site scripting (XSS)

What type of attack relies on a variation of the input validation attack but has the goal of going after a user instead of the application or data?

Defects and misconfiguration risks

Which category of risk inherent with web servers includes risks such as the ability to steal information from a server, run scripts or executables remotely, enumerate servers, and carry out denial of service (DoS) attacks?

Process isolation

Which of the following database protection methods provides extra protection against catastrophic failure of a system by ensuring that one process crashing will not take others with it?

Promiscuous clients

Which of the following is NOT a countermeasure to threats against wireless LANs?

Warflying

Which of the following is NOT a form of short-range connectivity attack?

Xprobe2

Which of the following is NOT a network mapping tool?

Set up a deny all access control to block all traffic to all ports unless such traffic has been explicitly approved.

Which of the following is NOT a step in planning an attack on a target?

Internet Assigned Numbers Authority (IANA)

Which of the following is NOT considered a readily available source of financial information on publicly traded U.S. companies?

Company logos

Which of the following is NOT considered a source from which valuable information can be gleaned about an intended target?

Wardialing

________ is a technique that has existed for more than 25 years as a footprinting tool and involves the use of modems.

A ping sweep

________ is the process of sending ping requests to a series of devices or to an entire range of networked devices.

Nslookup

________ refers to a program to query Internet domain name servers?

Rootkit

________ refers to software designed to alter system files and utilities on a victim's system with the intention of changing the way a system behaves.

Whois

________ refers to the software designed to query databases to look up and identify the registrant of a domain name.