Chapter 2
Which of the following are passive footprinting methods? (Choose all that apply.) A. Checking DNS replies for network mapping purposes B. Collecting information through publicly accessible sources C. Performing a ping sweep against the network range D. Sniffing network traffic through a network tap
A. Checking DNS replies for network mapping purposes B. Collecting information through publicly accessible sources
What is the name of the authoritative DNS server for the domain, and how often will secondary servers check in for updates? A. DNSRV1.anycomp.com, every 3600 seconds B. DNSRV1.anycomp.com, every 600 seconds C. DNSRV1.anycomp.com, every 4 seconds D. postmaster.anycomp.com, every 600 seconds
A. DNSRV1.anycomp.com, every 3600 seconds
A security peer is confused about a recent incident. An attacker successfully accessed a machine in the organization and made off with some sensitive data. A full vulnerability scan was run immediately following the theft, and nothing was discovered. Which of the following best describes what may have happened? A. The attacker took advantage of a zero-day vulnerability on the machine. B. The attacker performed a full rebuild of the machine after he was done. C. The attacker performed a denial-of-service attack. D. Security measures on the device were completely disabled before the attack began.
A. The attacker took advantage of a zero-day vulnerability on the machine.
Which OSRF application checks to see if a username has been registered in up to 22 different e-mail providers? A. mailfy.py B. usufy.py C. entify.py D. searchfy.py
A. mailfy.py
Which footprinting tool or technique can be used to find the names and addresses of employees or technical points of contact? A. whois B. nslookup C. dig D. traceroute
A. whois
Which of the following best describes the role that the U.S. Computer Security Incident Response Team (CSIRT) provides? A. Vulnerability measurement and assessments for the U.S. Department of Defense B. A reliable and consistent point of contact for all incident response services for associates of the Department of Homeland Security C. Incident response services for all Internet providers D. Pen test registration for public and private sector
B. A reliable and consistent point of contact for all incident response services for associates of the Department of Homeland Security
As a pen test team member, you begin searching for IP ranges owned by the target organization and discover their network range. You also read job postings and news articles and visit the organization's website. Throughout the first week of the test, you also observe when employees come to and leave work, and you rummage through the trash outside the building for useful information. Which type of footprinting are you accomplishing? A. Active B. Passive C. Reconnaissance D. None of the above
B. Passive
You have an FTP service and an HTTP site on a single server. Which DNS record allows you to alias both services to the same record (IP address)? A. NS B. SOAC. C. NAME D. PTR
C. NAME
Which of the following would be the best choice for footprinting restricted URLs and OS information from a target? A. www.archive.org B. www.alexa.com C. Netcraft D. Yesware
C. Netcraft
Which of the following consists of a publicly available set of databases that contain domain name registration contact information? A. IETF B. IANA C. Whois D. OSRF
C. Whois
Which Google hack would display all pages that have the words SQL and Version in their titles? A. inurl:SQL inurl:version B. allinurl:SQL version C. intitle:SQL inurl:version D. allintitle:SQL version
D. allintitle:SQL version
A pen tester is attempting to use nslookup and has the tool in interactive mode for the search. Which command should be used to request the appropriate records? A. request type=ns B. transfer type=ns C. locate type=ns D. set type=ns
D. set type=ns
