EH quiz 1-7
Which of the following sometimes displays a banner that notifies the user of its presence?
Adware
Which type of social engineering attack attempts to discover personal information through the use of email?
phishing
What connection-oriented protocol is utilized by the Transport layer?
tcp
What line of defense allows only approved programs to run on a computer?
whitelisting
Why is a simple process like "dumpster diving" so effective when gathering information utilizing social engineering?
All of the choices are reasons why dumpster diving can be effective.
Prior to performing a zone transfer to see all host computers on the company network, what step should be completed?
Determine a company's primary DNS server.
What federal law makes it illegal to intercept any type of communication, regardless of how it was transmitted?
Electronic Communication Privacy Act
Footprinting is also known by what term?
Reconnaissance
Why are hackers able to bypass some security systems using IPv6?
Some router-filtering devices, firewalls, and intrusion detection systems (IDSs) are not configured to enable IPv6.
Which of the following is an automated way to discover pages of a website by following links?
Spidering
What specific term does the U.S. Department of Justice use to label all illegal access to computer or network systems?
Hacking
How do spyware and adware differ?
The main purpose of adware is to determine a user's purchasing habits, but spyware sends information, including confidential information, from the infected computer to the attacker.
Why is UDP widely used on the Internet?
UDP is widely used because of its speed.
What tool can be used to read and write data to ports over a network?
Netcat
What advanced professional security certification requires applicants to demonstrate hands-on abilities to earn their certificate?
Offensive Security Certified Professional
Which type of attack is being carried out when an attacker joins a TCP session and makes both parties think he or she is the other party?
Session hijacking
In binary, what is the largest number that can be represented by four low-order bits?
15
What is the decimal equivalent of the binary number 11000001?
193
How many host addresses can be assigned with a subnet mask of 255.255.255.0?
254
How many host computers can be assigned a valid IPv4 address when using a CIDR /24 prefix?
254
Approximately how many IP addresses are allowed under IPv4?
4.3 billion
Which HTTP error informs you the server understands the request but refuses to comply?
403 Forbidden
What is a *nix system command that can be used to retrieve HTTP, HTTPS, and FTP files over the Internet?
Wget
Which term best describes a hash or code pattern that antivirus software companies use to compare known viruses to every file on a computer?
signatures
When an attacker chooses to combine social engineering with exploiting vulnerabilities carried out by e-mail, what type of attack is being performed?
spear phishing
In the TCP/IP stack, what layer is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP header?
transport
If the low-order bit is turned on in a binary digit, what can be assumed?
The value is odd.
What is true regarding physical network security?
There's a higher chance of threat from insiders within a company versus outsiders.
Why should a security professional fully understand the TCP header components?
To understand the basic methods of hacking into networks
What does the acronym TCP represent?
Transmission Control Protocol
What type of malicious computer programs present themselves as useful computer programs or applications?
Trojan programs
What may occur when a broadcast address is mistaken as a valid host address?
Denial-of-service attack.
What is the difference between penetration tests and security tests?
In a penetration test, an ethical hacker attempts to break into a company's network or applications to find weak links. In a security test, testers do more than attempt to break in; they also analyze a company's security policy and procedures and report any vulnerabilities to management.
What type of hardware devices and computer programs can be used to obtain passwords by capturing keystrokes on a targeted computer system?
Keyloggers
Almost all of the tools available for footprinting are free and open source. What name is used to refer to these tools?
Open Source Intelligence (OSINT) tools
An application is working with real-time data and needs the data to be sent immediately. Which flag should be set to accomplish this?
PSH flag
When a person without any security credentials follows close behind another employee to enter a restricted area, what tactic is being used?
Piggybacking
What type of attack causes the victim's computer to crash or freeze when the attacker delivers an ICMP packet that is larger than the maximum allowed 65,535 bytes?
Ping of Death
What port would a successful Trojan program most likely use?
Port 53
What type of network attack relies on guessing a TCP header's initial sequence number, or ISN?
Session hijacking
Which of the following statements about port scanning is true?
Some states consider port scanning as noninvasive or nondestructive in nature and deem it legal.
What is the function of the Domain Name System?
The DNS server resolves the name of a URL to an IP address.
How can computer criminals use the Whois utility for their purposes?
The Whois utility is a commonly used tool for gathering IP address and domain information.
Why should a company employ an ethical hacker?
The benefit of an ethical hacker discovering vulnerabilities outweighs the cost of paying for the penetration/security test services.
Which of the following might be a violation of a contract between an independent contractor and a company that hires them to run security tests?
The independent contractor runs a program that prevents the employees from doing their jobs.
What type of footprinting might trigger a network alert?
Active footprinting because you are actually prodding the network in ways that might seem suspicious.
Why is it a challenge and concern for an ethical hacker to avoid breaking any laws?
The laws are constantly changing.
Communication between two devices is not properly functioning. What is the most likely cause of the communication issues?
The protocols on each device differ.
Which of the following statements about written contracts is true?
Written contracts are always a good business practice.
What penetration model should be used when a company's management team does not wish to disclose that penetration testing is being conducted?
black box
Which of the following attacks occurs when a programmer exploits written code that doesn't check for a defined amount of memory space?
buffer overflow
In Unix and Linux systems, what command allows you to alter the permissions of files and directories?
chmod
Penetration testing can create ethical, technical, and privacy concerns for a company's management team. What can a security consultant do to ensure the client fully understands the scope of testing that will be performed?
create a contractual agreement
In *nix systems, the nslookup command has been replaced by which recommended command?
dig
An attacker is using Wireshark to capture network communications. Later these captured packets are reconstructed, and the attacker searches for confidential information that can be used to extend the attack. What malicious procedure is occuring?
eavesdropping
What term refers to a person who performs most of the same activities a hacker does, but with the owner or company's permission?
ethical hacker
What penetration model should a company use if they only want to allow the penetration tester(s) partial or incomplete information regarding their network system?
gray box
An analyst needs the header information of an HTML document. What HTTP method should be used to retrieve only this information?
head
Which term best describes malicious programmatic behaviors of known viruses that antivirus software companies compare to every file on a computer?
heuristics
What common term is used by security testing professionals to describe vulnerabilities in a network?
holes
What type of general commands allow a security tester to pull information from a server using a web browser?
http
What advantage does subnetting offer?
increased security
To see additional parameters that can be used with the Netcat command, what should you type at the command prompt?
nc -h
In the TCP/IP stack, what layer is concerned with physically moving bits across the network's medium?
network
What is the typical format for Class C addresses?
network.network.network.node
What derogatory title do experienced hackers give to inexperienced hackers who copy code or use tools created by knowledgeable programmers without understanding how the tools work?
packet monkey
One method of gathering information when footprinting a network is through the Domain Name System (DNS). What is the responsibility of DNS?
resolving hostnames to IP addresses and vice versa
What type of testing procedure involves the tester(s) analyzing the company's security policy and procedures, and reporting any vulnerabilities to management?
security test
What type of malicious program needs a host to propagate and can replicate itself through an executable program attached to an email?
virus
What 1-pixel x 1-pixel image file is referenced in an <img> tag, and usually works with a cookie to collect information about the person visiting the website?
web bug
What penetration model would likely provide a network diagram showing all the company's routers, switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems?
white box
Which of the following is a malicious computer program that replicates and propagates itself without having to attach to a host?
worm
How many bits are needed to represent a character in base-64?
6
What is the largest digit in an octal number?
7
Which class of IP addresses are reserved for multicast and experimental addressing?
Class D and Class E
What protocol is the most widely used and allows all computers on a network to communicate and function correctly?
TCP/IP
Which HTTP method starts a remote Application-layer loopback of the request message?
TRACE
What can be inferred about successful security professionals?
Successful security professionals have a combination of technical and soft skills.
Which type of attack cripples the network and prevents legitimate users from accessing network resources?
denial-of-service
What area of a network is a major area of potential vulnerability because of the use of URLs?
dns
Why is DNS a major area of potential vulnerability?
Because of the use of URLs.
An individual wants to switch from using Hypertext Transfer Protocol (HTTP) to a more secure protocol. To which port are they most likely to switch?
443
What IP address is used as a loopback address and is not a valid IP address that can be assigned to a network?
127 address
In hexadecimal, what does the character E represent?
14
What is a SOA record?
A Start of Authority (SOA) record shows for which zones or IP addresses a DNS server is responsible.
What layer protocols operate as the front end to the lower-layer protocols in the TCP/IP stack?
Application
What port does the Domain Name System, or DNS service use?
53
Which of the following is not a type of social engineering?
Honeypotting
What layer, in the TCP/IP stack, is responsible for routing a packet to a destination address?
Internet
Which process enables you to see all the host computers on a network and a large portion of an organization's network?
zone transfers
What policy, provided by a typical ISP, should be read and understood before performing any port scanning outside of your private network?
Acceptable Use Policy
What skills does a security professional need to be successful?
Both knowledge of network and computer technology and the ability to communicate with management and IT personnel.
Which of the following statements about antivirus software is true?
Even with antivirus software, protecting an organization from malware attacks is difficult because new viruses, worms, and Trojans appear daily.
What is critical to remember when studying for a network security certification exam?
Following the laws and behaving ethically are more important than passing an exam.
What is the greatest advantage of whitelisting?
Whitelisting helps prevent malicious code from being introduced into corporate networks.
Why are DDoS attacks often difficult to stop without measures like rate limiting?
Zombies, compromised computers, are unaware that their systems are sending malicious packets.
What footprinting tool would be most helpful in determining network vulnerabilities?
Zed Attack Proxy
What utility can be used to intercept detailed information from a company's website?
Zed Attack Proxy
