CIS 4350 EXAM 1
Attackers typically use ACK scans to get past a firewall or other filtering device. How does the process of an ACK scan work to determine whether or not a filtering device is in place? A filtering device looks for the ACK packet, the first packet in the three-way handshake. If the attacked port returns an SYN packet, the packet filter was fooled, or there's no packet-filtering device. A filtering device looks for the ACK packet, so by using an ACK scan, firewalls are automatically fooled. A filtering device looks for the SYN packet, the last packet in the three-way handshake. If the attacked port returns an SYN/ACK packet, the packet filter was fooled, or there's no packet-filtering device. A filtering device looks for the SYN packet, the first packet in the three-way handshake. If the attacked port returns an RST packet, the packet filter was fooled, or there's no packet-filtering device.
A filtering device looks for the SYN packet, the first packet in the three-way handshake. If the attacked port returns an RST packet, the packet filter was fooled, or there's no packet-filtering device.
What type of scan will attackers typically use to get past a firewall or other filtering device? NULL ACK SYN XMAS
ACK Attackers typically use ACK scans to get past a firewall or other filtering device. A filtering device looks for the SYN packet. If the attacked port returns an RST packet, the packet filter was fooled, or there's no packet-filtering device. In either case, the attacked port is considered to be unfiltered.
What type of footprinting might trigger a network alert? Active footprinting because you are not even engaging with the remote systems, but rather attempting to glean information about your target from other sources. Active footprinting because you are actually prodding the network in ways that might seem suspicious. Passive footprinting because you are actually prodding the network in ways that might seem suspicious. Passive footprinting because you are not even engaging with the remote systems, but rather attempting to glean information about your target from other sources.
Active footprinting because you are actually prodding the network in ways that might seem suspicious. Active reconnaissance means you are actually prodding the target network in ways that mightseem suspicious to network defenders. This includes activities such as port scans, DNS zone transfers, and interacting with a target's web server. With active footprinting techniques, you are likely to be noticed and your actions logged.
Which of the following sometimes displays a banner that notifies the user of its presence? Spyware Webware Adware Malware
Adware Adware sometimes displays a banner that notifies users of its presence. Adware's main purpose is to determine a user's purchasing habits so that web browsers can display advertisements tailored to the user.
Which of the following is a possibility when you work as a security professional? Being sued for slowing down a company's network Violating federal law All are possibilities. Causing a DoS attack inadvertently
All are possibilities All of the answers are possible when working as a security professional.
What layer protocols operate as the front end to the lower-layer protocols in the TCP/IP stack? Network Application Transport Internet
Application The Application layer is where applications and protocols, such as HTTPS and SSH, operate.
What skills does a security professional need to be successful? Both knowledge of network and computer technology and the ability to communicate with management and IT personnel. Ability to communicate with management and IT personnel Knowledge of network and computer technology Multiple IT certifications
Both knowledge of network and computer technology and the ability to communicate with management and IT personnel.
What type of port scan is similar to a SYN scan and is risky to use because it relies on the attacked computer's OS? XMAS. ACK NULL Connect
Connect
Which of the following activities is not illegal? Installing a worm on a network Discovering passwords of company personnel when testing for vulnerabilities Destroying data Copying information without the owner's permission
Discovering passwords of company personnel when testing for vulnerabilities While not necessarily illegal, this could potentially upset management. A nondisclosure agreement (NDA) should be in place to assure clients that testers will not reveal or use any information they find.
When a TCP three-way handshake ends, both parties send what type of packet to end the connection? FIN ACK SYN RST
FIN When a three-way handshake ends, both parties send a FIN packet to end the connection.
What layer, in the TCP/IP stack, is responsible for routing a packet to a destination address? Application Transport Internet Network
Internet
What tool can be used to read and write data to ports over a network? Netcat DNS Whois Dig
Netcat Netcat is a command available on all *nix systems that reads and writes data to ports over a network. It can also be downloaded to Windows platforms.
In the TCP/IP stack, what layer is concerned with physically moving bits across the network's medium? Application Internet Network Transport
Network
Almost all of the tools available for footprinting are free and open source. What name is used to refer to these tools? Open Source Footprinting (OSF) tools Free and Open Source Intelligence (FOSINT) tools Free and Open Source Footprinting (FOSF) tools Open Source Intelligence (OSINT) tool (OSINT) tools
Open Source Intelligence (OSINT) tools These tools are often referred to as Open Source Intelligence
What is the logical component of a TCP connection that can be assigned to a process that requires network connectivity? SYN ISN Port IP
Port
Closed ports respond to a NULL scan with what type of packet? RST FIN ACK SYN
RST Closed ports respond with an RST packet.
Footprinting is also known by what term? Reconnaissance. Piggybacking Spyware Phishing
Reconnaissance The process of finding information on a company's network is called footprinting. It is also known by the term reconnaissance.
In a normal TCP session, the sender sends a packet to another computer with which of the following flags set? Reset flag No flag SYN/ACK flag SYN flag.
SYN flag. In a normal TCP session, a packet is sent to another computer with the SYN flag set
What type of network attack relies on guessing a TCP header's initial sequence number, or ISN? Session hijacking DoS ARP spoofing Man-in-the-middle
Session hijacking Network session hijacking is an attack that relies on guessing the ISNs of TCP packets.
Which of the following is an automated way to discover pages of a website by following links? Phishing Piggybacking Spidering footprinting
Spidering Spidering (or crawling) is an automated way to discover pages of a website by following links. Footprintin
If an attacker wishes to collect confidential financial data, passwords, PINs and any personal data stored on your computer which of the following programs would they choose to use? Shell Adware Spybot Spyware
Spyware Spyware programs send information from the infected computer to the person who initiated the spyware program on the computer. This information could be confidential financial data, passwords, PINs-just about any data stored on a computer.
What connection-oriented protocol is utilized by the Transport layer? TCP HTTPS SSL UDP
TCP
What protocol is the most widely used and allows all computers on a network to communicate and function correctly? ATM TCP/IP IPX/SPX NetBIOS
TCP/IP Correct. For computers to communicate with one another, they must use the same protocol, and the most widely used is Transmission Control Protocol/Internet Protocol (TCP/IP).
How can computer criminals use the Whois utility for their purposes? The Whois utility can be used to uncover the underlying technologies that a website operates on. The Whois utility is a commonly used tool for gathering IP address and domain information. The Whois utility searches through previous versions of a website to uncover historical information about a target. The Whois utility replaces the nslookup command and performs DNS zone transfers.
The Whois utility is a commonly used tool for gathering IP address and domain information. The Whois utility can be used to gather IP address and domain information.
Which of the following might be a violation of a contract between an independent contractor and a company that hires them to run security tests? The company requests that the independent contractor sign a nondisclosure agreement should the security testing reveal sensitive information such as usernames and passwords. The independent contractor runs a program that prevents the employees from doing their jobs. The independent contractor signs an agreement written by the company's attorneys. The company offers the independent contractor a role within their IT department.
The independent contractor runs a program that prevents the employees from doing their jobs
Why is it a challenge and concern for an ethical hacker to avoid breaking any laws? To avoid breaking laws, it is important to get certifications. The laws are constantly changing. It costs too much money to hire a lawyer. People do not like hackers.
The laws are constantly changing.
What port does the Domain Name System, or DNS service use? 25 80 53 69
53
What port would a successful Trojan program most likely use? Port 150 Port 27 Port 53 Port 61
53 A good software or hardware firewall would most likely identify traffic that's using unfamiliar ports, but Trojan programs that use common ports, such as TCP port 80 (HTTP) or UDP port 53 (DNS), are more difficult to detect.
How do spyware and adware differ? Adware is a type of malware, whereas spyware is not. Spyware gathers your purchasing habits, which is a security and privacy violation, but it is not a type of malware. Unlike adware, spyware will often notify users of its presence. The main purpose of adware is to determine a user's purchasing habits, but spyware sends information, including confidential information, from the infected computer to the attacker.
The main purpose of adware is to determine a user's purchasing habits, but spyware sends information, including confidential information, from the infected computer to the attacker. The difference between spyware and adware is a fine line. Both programs can be installed without the user being aware of their presence. Adware, however, sometimes displays a banner that notifies the user of its presence. Spyware programs send information from the infected computer to the person who initiated the spyware program on the computer. This information could be confidential financial data, passwords, PINs-just about any data stored on a computer. Adware's main purpose is to determine a user's purchasing habits so that Web browsers can display advertisements tailored to that user
A computer receives a SYN packet and responds with a SYN/ACK packet. What is the status of this port? The port is open. The port is filtered The port is unfiltered. The port is closed.
The port is open
During a NULL scan, no packet is received as a response. What is the most likely cause of no packet receipt? The port is open. The port is unfiltered. The port is closed. The port is filtered.
The port is open
What does the acronym TCP represent? Transfer Computer Protocol Transmission Control Protocol The Control Protocol Transfer Control Protocol
Transmission Control Protocol
In the TCP/IP stack, what layer is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP header? Application Transport Network Internet
Transport
What type of malicious computer programs present themselves as useful computer programs or applications? worms Trojan programs Spyware programs macro viruses
Trojan programs Trojans disguise themselves as useful programs and can install a backdoor or rootkit on a computer.
What is a *nix system command that can be used to retrieve HTTP, HTTPS, and FTP files over the Internet? Harvest Wget Netcat Dig
Wget Correct. Wget is a *nix system command that can be used to retrieve HTTP, HTTPS, and FTP files over the Internet.
Which utility is used to gather IP and domain information? Whois Netcat Dig DNS
Whois
Which of the following statements about written contracts is true? Written contracts authored by the company's lawyers are always safe to sign. Written contracts undermine relationships with clients. Written contracts can be omitted when doing business with a friend. Written contracts are always a good business practice.
Written contracts are always a good business practice. Consulting an attorney and signing a written contract are good business.
What type of port scan has the FIN, PSH, and URG flags set? XMAS scan Connect scan NULL scan ACK scan
XMAS scan In a XMAS scan, the FIN, PSH, and URG flags are set. Closed ports respond to this type ofpacket with an RST packet. This scan can be used to determine which ports are open.
All of the following are good resources for finding more information about contracts for independent security consultants except one. Which is the exception? Free contract templates on the Internet Books on working as independent contractor The attorney of the company with which you will be contracting Your own attorney
Your own attorney
What footprinting tool would be most helpful in determining network vulnerabilities? White Pages Maltego Zed Attack Proxy. Domain Dossier
Zed Attack Proxy This is a useful website analysis tool that can crawl through remote websites and even produce a list of vulnerabilities for a remote website.
What skill is most important when developing a written agreement between a security professional and a company that will be hiring them to execute a security assessment? the ability to apply the necessary tools to perform your task the breadth of the target organization's security presence knowledge of network and computer technology an understanding of the laws that apply to your location
an understanding of the laws that apply to your location
When a security professional is presented with a contract drawn up by a company's legal department, which allows them to "hack" the company's network, they should proceed by performing what precautionary step? sign the contract consult the company's lawyer consult their lawyer begin testing immediately
consult their lawyer Having an attorney read the contract before it's signed is a good investment of time and money.
Penetration testing can create ethical, technical, and privacy concerns for a company's management team. What can a security consultant do to ensure the client fully understands the scope of testing that will be performed? create a lab demonstration create a virtual demonstration create a slide presentation create a contractual agreement
create a contractual agreement
What is the passive process of finding information on a company's network called? calling footprinting digging searching
footprinting In computer jargon, the process of finding information on a company's network is called footprinting.
Which term best describes malicious programmatic behaviors of known viruses that antivirus software companies compare to every file on a computer? heuristics signatures bots macros
heuristics
Which of the following is created after an attack and usually hides within the OS tools, so it is almost impossible to detect? macro virus rootkit shell toolbox
rootkit A rootkit is created after an attack and usually hides itself in the OS tools, so it's almost impossible to detect.
Which term best describes a hash or code pattern that antivirus software companies use to compare known viruses to every file on a computer? heuristics macros signatures bots
signatures
In an ACK scan, if the attacked port returns an RST packet, the attacked port is considered to be operating in what state? unassigned unfiltered open closed
unfiltered If the attacked port returns an RST packet, the packet filter was fooled, or there's no packet-filtering device. In either case, the attacked port is considered to be "unfiltered."
What type of malicious program needs a host to propagate and can replicate itself through an executable program attached to an email? shell worm trojan virus
virus
Which of the following is a malicious computer program that replicates and propagates itself without having to attach to a host? Trojan worm virus shell
worm