Module 8: Desktop and Server OS Vulnerabilities
NetBios is not available in Windows Vista, Server 2008, and later versions of Windows. However, NetBios should be understood by a security professional because it is used for which of the following?
Backward compatibility
Which standardized remote file system protocol replaced SMB in Windows 2000 Server and later?
Common Internet File System
A penetration tester is trying to authenticate a user account which contains most of the information that attackers want to access. Which of the following should they target?
Domain controllers
Which of the following is an SELinux OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users?
Mandatory Access Control
What is the current file system that Windows utilizes that has strong security features?
NTFS
A security analyst is reviewing assembly code in memory. Early Windows OSs used which of the following programs to interact with a network resource or device?
NetBIOS
Which of the following operating systems is considered the most secure?
None of these are more secure than the others
A Linux Security administrator wants to use a built in tool to implement an OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users.
SELinux
An attacker has successfully compromised a user's workstation, but they want to try to trick an administrator into connecting to a user's share drive in order to intercept the credentials. What tool should they use to accomplish this objective?
SMBRelay
A Linux administrator wants to share files between Windows and Linux servers. What protocol should they use?
Samba
A user is looking at SMB traffic which is used to share files and usually runs on top of NetBIOS, NetBEUI, or which of the following?
TCP/IP
A vulnerability manager shows a report on Debian applications which are susceptible to a buffer overflow attack. What command will update and manage their RPM packages?
apt-get
A security analyst suspects that a machine was recently compromised after a user has been navigating to several suspicious sites. What tool could the administrator use to find files that were downloaded from the internet?
dir /r
A systems administrator has been asked by the vulnerability manager to harden several external facing web servers. What would an example of hardening be?
disable telnet
When using the Common Internet File System (CIFS), which security model will require network users to have a username and password to access a specific resource?
user-level security
A systems administrator is trying to harden an externally facing DNS server and wants to disable every port except for DNS. Which port should they leave open?
53 UDP
What programming languages are most susceptible to buffer overflow attacks?
C and C++
For a Windows computer to be able to access a *nix resource, which of the following must be enabled on both systems?
CIFS
Which of the following is not a best practice in regards to password policies?
Common Words
A vulnerability manager is trying to get a Linux team manager's buy in for patching systems. They know that if they can convince the manager of the importance, there will not be nearly as much pushback. They want to demonstrate exploiting a server, so they make a copy of one of the server images and put it on a standalone instance for demonstration. Where could they look for active exploits?
Exploit-db.com
What critical component of any OS, that can be vulnerable to attacks, is used to store and manage information?
File System
What does a Windows environment use to locate resources in a domain containing thousands or even millions of objects?
GC
Which of the following is a common Linux rootkit?
Linux Rootkit 5
How should a security analyst review system generated events for signs of intrusion or other problems on the network?
Log monitoring tool
Which of the following is not a common tactic employed by trojans?
Maintain a list of hashes to check files against
To determine whether a system could be vulnerable to an RPC-related issue, which of the following tools can be used?
Nessus
Which of the following commands should an attacker use to enumerate anonymous SMB access?
Net view
Which of the following protocols does NetBios use to access a network resource?
NetBEUI
What is the most serious shortcoming of Microsoft's original File Allocation Ta
No ACL support
Which of the following is considered to be the most critical SQL vulnerability?
Null SA password
Which of the following is an interprocess communication mechanism that allows a program running on one host to run code on a remote host?
RPC
Which of the following is a function of a trojan?
Remote Administration
Which of the following Windows utilities includes a suite of tools to help administrators deploy and manage servers and even allows for administrators to control mobile devices running Android, iOS, and Windows Mobile OS?
SCCM
Which of the following is an open-source implementation of CIFS?
Samba
When using the Common Internet File System (CIFS), which security model does not require a password to be set for the file share?
Share-level security
A security administrator just scanned the network for vulnerabilities using Nessus and has produced a report to the administrators. Which of the following Window's client/server technology should they use to manage patching and updating systems software from the network?
WSUS
Red Hat and Fedora Linux use what command to update and manage their RPM packages?
yum
