CMPS 409 all questions
Which of the following best describes a vulnerability? a. A rootkit b. A weakness c. A worm d. A virus
A weakness
IPsec uses which two modes? a. AES/DES b. EH/ASP c. AH/ESP d. AES/ESP
AH/ESP
At which layer of the OSI model does a proxy operate? a. Physical b. Data Link c. Network d. Application
Application
[IMPORTANT] What kind of domain resides on a single switchport? a. Secure domain b. Broadcast domain c. Collision domain d. Windows domain
Collision domain
A white‐box test means the tester has which of the following? a. No knowledge b. Complete knowledge c. Some knowledge d. All passwords
Complete knowledge
[IMPORTANT] A good defense against password guessing is _______. a. Complex passwords b. Fingerprints c. Use of NTLM d. Password policy
Complex passwords
[IMPORTANT] Which of the following can be used to protect data stored in the cloud? a. Harvesting b. SSL c. Drive encryption d. Transport encryption
Drive encryption
Which of the following is not a flag on a packet? a. END b. RST c. URG d. PSH
END
A vulnerability scan is a good way to do what? a. Identify hardware b. Find weaknesses c. Find open ports d. Find operating systems
Find weaknesses
A message digest is a product of which kind of algorithm? a. Steganography b. Hashing c. Asymmetric d. Symmetric
Hashing
[IMPORTANT] What can be used instead of a URL to evade some firewalls used to protect a cloud based web application? a. IP address b. NIDS c. Encryption d. Stateful inspection
IP address
What network appliance senses irregularities and plays an active role in stopping that irregular activity from continuing? a. Firewall b. System administrator c. IPS d. IDP
IPS
A banner can do what? a. Identify an OS b. Identify weaknesses c. Help during scanning d. Identify a service
Identify a service
Which attack alters data in transit within the cloud? a. Port scanning b. Encryption c. MitM d. Packet sniffing
MitM
__________ is used to synchronize clocks on a network. a. FTP b. NTP c. NetBIOS d. SAM
NTP
An attacker can use _______ to enumerate users on a system. a. TCP/IP b. NetBIOS c. NetBEUI d. NNTP
NetBIOS
Which of the following is used for identifying a web server OS? a. Telnet b. Wireshark c. Netcraft d. Fragroute
Netcraft
[IMPORTANT] Which tool can be used to view web server information? a. Packetcraft b. Netstat c. Warcraft d. Netcraft
Netcraft
Who first developed SSL? a. Netscape b. Sun c. Oracle d. Microsoft
Netscape
SNScan is used to access information for which protocol? a. SMTP b. HTTP c. FTP d. SNMP
SNMP
SMTP is used to perform which function? a. Send email messages b. Transmit status information c. Monitor network equipment d. Transfer files
Send email messages
What is the three-way handshake? a. A Xmas tree scan b. Part of a UDP scan c. The opening sequence of a TCP connection d. A type of half-open scan
The opening sequence of a TCP connection
There are how many different types of cloud hosting environments? a. Two b. Four c. Three d. Five
Three
[IMPORTANT] Why would you need to use a proxy to perform scanning? a. To perform full-open scans b. To fool firewalls c. To enhance anonymity d. Perform half-open scans
To enhance anonymity
Why use Google hacking? a. To speed up searches b. To target a domain c. To look for information about Google d. To fine-tune search results
To fine-tune search results
A public and private key system differs from symmetric because it uses which of the following? a. Two keys b. One algorithm c. Two algorithms d. One key
Two keys
Enumeration is useful to system hacking because it provides which of the following? a. IP ranges b. Usernames c. Configurations d. Passwords
Usernames
VRFY is used to do which of the following? a. Validate an email server b. Expand a mailing list c. Validate an email address d. Test a connection
Validate an email address
The Wayback Machine is used to do which of the following? a. View websites b. Back up copies of websites c. Get job postings d. View archived versions of websites
View archived versions of websites
________ involves grabbing a copy of a zone file. a. DNS transfer b. Zone transfer c. Zone update d. nslookup transfers
Zone transfer
Which command can be used to view NetBIOS information? a. nmap b. telnet c. netstat d. nbtstat
nbtstat
Which of the following is used to perform customized network scans? a. Nessus b. Wireshark c. nmap d. AirPcap
nmap
Which of the following would confirm a user named chell in SMTP? a. expn chell b. vrfy -u chell c. vrfy chell d. expn -u chell
vrfy chell
Port number __________ is used for SMTP. a. 25 b. 52 c. 389 d. 110
25
Which of the following best describes PGP? a. A key escrow system b. A type of key c. A way of encrypting data in a reversible method d. A symmetric algorithm
A way of encrypting data in a reversible method
Which ports does SNMP use to function? a. 161 and 162 b. 389 and 160 c. 160 and 161 d. 160 and 162
161 and 162
HTTPS is typically open on which port in a cloud based firewall? a. 110 b. 80 c. 443 d. 25
443
Port number ________ is used by DNS for zone transfers. a. 53/UDP b. 25/UDP c. 25/TCP d. 53/TCP
53/TCP
Which of the following does an ethical hacker require to start evaluating a system? a. Permission b. Training c. Planning d. Nothing
Permission
During an FIN scan, what indicates that a port is closed? a. SYN b. ACK c. RST d. No return response
RST
[IMPORTANT] During a Xmas tree scan what indicates a port is closed? a. SYN b. ACK c. No return response d. RST
RST
You have selected the option in your IDS to notify you via email if it senses any network irregularities. Checking the logs, you notice a few incidents but you didn't receive any alerts. What protocol needs to be configured on the IDS? a. SNMP b. POP3 c. SMTP d. NTP
SMTP
A DNS zone transfer is used to do which of the following? a. Synchronize server information b. Perform searches c. Copy files d. Decommission servers
Synchronize server information
________ is the process of exploiting services on a system. a. Backdoor b. Enumeration c. System hacking d. Privilege escalation
System hacking
An SYN attack uses which protocol? a. HTTP b. TCP c. Telnet d. UDP
TCP
Which of these protocols is a connection‐oriented protocol? a. POP3 b. TCP c. FTP d. UDP
TCP
Which of the following is used for banner grabbing? a. SSH b. Telnet c. Wireshark d. FTP
Telnet
Footprinting has two phases. What are they? a. Active and passive b. Scanning and enumerating c. Active and pseudonymous d. Social and anonymous
Active and passive
[IMPORTANT] When scanning a network via a hardline connection to a wired‐switch NIC in promiscuous mode, what would be the extent of network traffic you would expect to see? a. Entire network b. VLAN you are attached to c. All nodes attached to the same port d. None
All nodes attached to the same port
[IMPORTANT] What should a pentester do prior to initiating a new penetration test? a. Study the code of ethics b. Study the environment c. Get permission d. Plan
Get permission
An application would be developed on what type of cloud service? a. PaaS b. SaaS c. IaaS d. BaaS
PaaS
nmap is required to perform what type of scan? a. Service scan b. Threat scan c. Vulnerability scan d. Port scan
Port scan
Which of the following is not typically used during footprinting? a. Email b. Port scanning c. Google hacking d. Search engines
Port scanning
Enumeration does not uncover which of the following pieces of information? a. Services b. User accounts c. Ports d. Shares
Ports
A full-open scan means that the three-way handshake has been completed. What is the difference between this and a half-open scan? a. A half-open includes the final ACK. b. A half-open does not include the final ACK. c. A half-open uses TCP. d. A half-open uses UDP.
A half-open does not include the final ACK.
What is an ICMP echo scan? a. Part of a UDP scan b. A ping sweep c. A Xmas tree scan d. A SYN scan
A ping sweep
The group Anonymous is an example of what? a. Hacktivists b. Grayware c. Script kiddies d. Terrorists
Hacktivists
What is an SID used to do? a. Identify a domain controller b. Identify a user c. Identify a mail account d. Identify permissions
Identify a user
If a device is using node MAC addresses to funnel traffic, what layer of the OSI model is this device working in? a. Layer 3 b. Layer 2 c. Layer 4 d. Layer 1
Layer 2
Asymmetric encryption is also referred to as which of the following? a. Hashing b. Shared key c. Block d. Public key
Public key
[IMPORTANT] LDAP is used to perform which function? a. Query a file system b. Query a directory c. Query a mail server d. Query a network
Query a directory
[IMPORTANT] What type of cloud service would provide email hosting and associated security services? a. SaaS b. IaaS c. SSaS d. PaaS
SaaS
What phase comes after footprinting? a. Scanning b. Enumeration c. System hacking d. Transfer files
Scanning
SSL is a mechanism for which of the following? a. Securing stored data b. Verifying data c. Securing transmitted data d. Authenticating data
Securing transmitted data
[IMPORTANT] What is Tor used for? a. To tunnel through firewalls b. To hide the banner on a system c. To automate scanning d. To hide the process of scanning
To hide the process of scanning
What is the purpose of a proxy? a. To automate the discovery of vulnerabilities b. To perform a scan c. To keep a scan hidden d. To assist in scanning
To keep a scan hidden
[IMPORTANT] Why wouldn't someone create a private cloud? a. To reduce costs b. To maintain universal access c. To increase availability d. To offload technical support
To reduce costs
________ is a method for expanding an email list. a. RCPT TO b. VRFY c. SMTP d. EXPN
EXPN
SOAP is used to perform what function? a. Transport data b. Encrypt information c. Enable communication between applications d. Wrap data
Enable communication between applications
Altering a checksum of a packet can be used to do what? a. Send an RST b. Send a URG c. Reset a connection d. Evade an NIDS
Evade an NIDS
What is the purpose of social engineering? a. Gain information from the web looking for employee names b. Gain information from a human being through face-to-face or electronic means c. Gain information from a job site using a careful eye d. Gain information from a computer through networking and other tools
Gain information from a human being through face-to-face or electronic means
Which tool can show the network path of a packet? a. Whois b. DNS c. Tracert d. Ping
Tracert
SNMP is used to perform which function in relation to hardware? a. Trap messages b. Monitor security and violations c. Discard malicious traffic d. Manage users and groups
Trap messages
Which best describes a vulnerability scan? a. A way to find open ports b. A way to automate the discovery of vulnerabilities c. A way to diagram a network d. A proxy attack
A way to automate the discovery of vulnerabilities
Which type of hacker may use their skills for both benign and malicious goals at different times? a. White hat b. Black hat c. Gray hat d. Suicide hacker
Gray hat
Which of the following best describes what a hacktivist does? a. Defaces websites b. Performs social engineering c. Hacks for political reasons d. Hacks with basic skills
Hacks for political reasons
Which of the following describes an attacker who goes after a target to draw attention to a cause? a. Terrorist b. Hacktivist c. Criminal d. Script kiddie
Hacktivist
What does hashing preserve in relation to data? a. Integrity b. Repudiation c. Confidentiality d. Availability
Integrity
Which of the following best describes footprinting? a. Discussion with people b. Discovery of services c. Investigation of a target d. Enumeration of services
Investigation of a target
A cloud environment can be in which of the following configurations except? a. LaaS b. SaaS c. IaaS d. PaaS
LaaS
Hubs operate at what layer of the OSI model? a. Layer 1 b. Layer 2 c. Layer 4 d. Layer 3
Layer 1
In IPsec, encryption and other processes happen at which layer of the OSI model? a. Level 2 b. Level 3 c. Level 4 d. Level 1
Level 3
What level of knowledge about hacking does a script kiddie have? a. Advanced b. High c. Low d. Average
Low
Which of the following is a common hashing protocol? a. DES b. MD5 c. RSA d. AES
MD5
Which record will reveal information about a mail server for a domain? a. Q b. MS c. A d. MX
MX
SNMP is used to do which of the following? a. Monitor network devices b. Retrieve mail from a server c. Synchronize clocks d. Transfer files
Monitor network devices
Which technology allows the use of a single public address to support many internal clients while also preventing exposure of internal IP addresses to the outside world? a. NTP b. NAT c. VPN d. Tunneling
NAT
A __________ is used to connect to a remote system using NetBIOS. a. Hash b. Rainbow table c. Rootkit d. NULL session
NULL session
What is the proper sequence of the TCP three‐way‐handshake? a. SYN‐SYN, SYN‐ACK SYN b. SYN, SYN‐ACK, ACK c. ACK, SYN‐ACK, SYN d. SYN‐ACK, ACK, ACK
SYN SYN‐ACK ACK
What is the sequence of the three-way handshake? a. SYN, SYN-ACK b. SYN SYN-ACK, ACK c. SYN, ACK, SYN-ACK d. SYN, ACK, ACK
SYN, SYN-ACK, ACK
[IMPORTANT] Which of the following can help you determine business processes of your target through human interaction? a. Job boards b. Website c. Email d. Social engineering
Social engineering
Which of the following would be a very effective source of information as it relates to social engineering? a. Job boards b. Social networking c. Port scanning d. Websites
Social networking
SaaS is a cloud hosting environment that offers what? a. Development options b. Testing options c. Software hosting d. Improved security
Software hosting
What type of firewall analyzes the status of traffic and would be part of a IaaS solution? a. Stateful inspection b. Circuit level c. Packet filtering d. NIDS
Stateful inspection
Which of the following describes a hacker who attacks without regard for being caught or punished? a. Terrorist b. Hacktivist c. Criminal d. Suicide hacker
Suicide hacker
Which of the following types of attack has no flags set? a. FIN b. Xmas tree c. SYN d. NULL
NULL
Which category of firewall filters is based on packet header data only? a. Application b. Packet c. Proxy d. Stateful
Packet
At what point can SSL be used to protect data? a. On Bluetooth b. On a flash drive c. On a hard drive d. During transmission
During transmission
Which of the following would be hosted as SaaS? a. Email b. Firewalls c. Databases d. IDS
What is missing from a half-open scan? a. SYN-ACK b. ACK c. SYN d. FIN
ACK
