Ethical Hacking 102 T/F
A brute-force attack tries passwords that are pulled from a predefined list of words.
False
A denial of service (DoS) attack is considered a critical problem because it is very difficult to defeat.
False
A distributed denial of service (DDoS) attack is mostly an annoyance however a denial of service (DoS) attack is much more of a problem.
False
A drawback to public key infrastructure (PKI) is that the two parties must have prior knowledge of one another in order to establish a relationship.
False
A poison null byte attack uploads masses of files to a server with the goal of filling up the hard drive on the server in an attempt to cause the application to crash.
False
A session, the connection that a client has with the server application, should use the same identifier, encryption, and other parameters every time a new connection between client and server is created, rather than create new information for each connection and then discard it each time.
False
A site administrator can block the Internet Archive from making snapshots of the site.
False
Accumulating as many connections as possible on social media (seeking quantity over quality) makes it less likely that you will link or "friend" a scam artist or an identity thief.
False
Active fingerprinting takes longer than passive fingerprinting.
False
Adware is a type of malware designed to trick victims into purchasing and downloading useless and potentially dangerous software.
False
An advantage to brute-force password attacks is that they typically do not take much time to perform.
False
An effective method for uncovering database problems is to consider the security problem simply from an insider's perspective, rather than an outsider's perspective.
False
Antivirus software cannot detect suspicious behavior of applications on a system.
False
Because wardialing involves the use of modems, it is out of date and should no longer be used.
False
Covert channels are not capable of transferring information using a mechanism that was not designed for the purpose. Select one:
False
Databases are rarely a target for attackers because many of them are "unhackable."
False
Delivering malicious software via instant messaging (IM) is relatively difficult because IM software has had strong security controls from the beginning.
False
Fail-open state results in closed and completely restricted access or communication.
False
Firewalls provide very little protection to a database server.
False
Future generations of cryptography technology will most likely represent an evolution of past technologies and techniques.
False
In symmetric encryption, one key is used for encryption and a separate key is used for decryption.
False
It is much harder to detect active OS fingerprinting than passive OS fingerprinting.
False
Logic bombs are relatively easy to detect.
False
Many attackers gain access to their target system through something known as a window.
False
Modern antivirus software is not equipped to deal with the problems polymorphic viruses pose.
False
Most encryption cannot be broken.
False
Most users of social networking sites are diligent about protecting their personal information through privacy settings and similar configuration options available on these sites.
False
Obtaining financial information on companies operating in the United States is difficult because financial records on publicly traded companies are not available to the public.
False
Over the past several years, social networking sites have become less and less of a target for cybercriminals.
False
Over time, corporations have been moving fewer and fewer services to the cloud.
False
Placing a backdoor on a system prevents an attacker from coming back later in an attempt to take control of the system. Select one:
False
Private information on Facebook is truly private.
False
Safe browsing practices have little to do with whether individuals become victims online.
False
Sanitizing a Web posting refers to a company deleting information that others may find insensitive or offensive.
False
Scareware is software specifically designed to display advertisements on a system in the form of pop-ups or nag screens.
False
Social networking means tricking or coercing people into revealing information or violating normal security practices.
False
Structured Query Language (SQL) injections require very little skill or knowledge to execute.
False
Symmetric encryption is also called public key cryptography
False
The Security Account Manager (SAM) is a file that resides on the network, not on the hard drive, and is not actively accessed while Windows is running.
False
The ever-increasing amount of personal information that people put online themselves has made gathering information on human beings more difficult.
False
The first viruses debuted in the "wild" in the 1990s as ways to destroy exam records at universities.
False
The goals of confidentiality and integrity are basically the same.
False
The manual method of obtaining network range information is quick, but it is largely ineffective. Select one:
False
The mere existence of an open port means vulnerability exists.
False
The popularity of services such as Facebook, LinkedIn, and Twitter has made the loss of information or loss of control of that information through social media less of a concern.
False
User Datagram Protocol (UDP) acknowledges each connection attempt; Transmission Control Protocol (TCP) does not, so it tends to produce less reliable results.
False
Whenever possible, security practitioners work to encourage people to use their social network for both their professional activities and their personal activities.
False
Worms require user intervention for their infection to take place; viruses do not.
False
A buffer overflow can result in data being corrupted or overwritten.
True
A code is a mechanism that relies on the usage of complete words or phrases, whereas ciphers utilize single letters to perform encryption.
True
A countermeasure for protecting domain information is to employ commonly available proxy services to block the access of sensitive domain data.
True
A good way to prevent Structured Query Language (SQL) injection attacks is to use input validation, which ensures that only approved characters are accepted.
True
A one-way hash function is also known as a fingerprint.
True
A persuasion/coercion attack is considered psychological.
True
A ping is actually an Internet Control Message Protocol (ICMP) message.
True
A rootkit can provide a way to hide spyware such as a keystroke logger so that it is undetectable even to those looking for it. Select one:
True
An attacker can use enumeration methods to determine whether or how a target can respond to system hacking activities.
True
An organization's Web server is often the public face of the organization that customers and clients see first
True
Brutus is a password cracker that is designed to decode different password types present in Web applications.
True
Databases can be easily missed because they may be installed as part of another application or just not reported by the application owner.
True
Defacing a Web site is one of the most common acts of vandalism against Web sites.
True
Digital signatures are a combination of public key cryptography and hashing. Select one:
True
Education is the first line of defense for stopping both worms and viruses.
True
Enumeration represents the point at which the attack crosses the legal line to being an illegal activity in some areas.
True
Error messages should be considered a potential Web server vulnerability because they can provide vital information to an attacker.
True
For both symmetric and asymmetric cryptography, data is encrypted by applying the key to an encryption algorithm.
True
For many businesses, a social media presence is a key part of the corporate communications strategy.
True
Hardware-based keystroke loggers can be plugged into a universal serial bus (USB) or PS2 port on a system and monitor the passing signals for keystrokes.
True
Hoax viruses are those designed to make the user take action even though no infection or threat exists.
True
If any part of a multipartite virus is not eradicated from the infected system, it can re-infect the system.
True
In some cases, spyware creators have stated their intentions outright by presenting End-User License Agreements (EULAs) to the victim.
True
In symmetric encryption, the length of the key and the quality of the algorithm will determine how secure the encryption system is.
True
In the Windows OS, the NetBIOS service is commonly targeted by attackers because diverse information can be obtained, including usernames, share names, and service information.
True
Input validation refers to restricting the type of input or data the Web site will accept so that mistakes will not be entered into the system.
True
It is worthwhile to conduct an Internet search on yourself in order to see what personal information is available about you online.
True
Malware can be used to turn a system into a server hosting any type of content, such as illegal music or movies, pirated software, pornography, and financial data.
True
Malware in the current day has been adopted by criminals for a wide array of purposes to capture information about the victim or commit other acts.
True
Nmap is valuable in OS fingerprinting as well as port scanning.
True
Of the tools for detecting Trojans, one of the easiest to access would be the command line tool known as netstat.
True
Offline attacks are a form of password attack that relies on weaknesses in how passwords are stored on a system.
True
Once escalated privileges have been obtained, the PsTools suite makes it possible for an attacker to run an application on a remote system rather easily.
True
One of the common problems that make password attacks effective is that many people use ordinary words as their password.
True
One of the main characteristics of worms is that they do not need a host program to function.
True
Process isolation provides extra protection against catastrophic failure of a system by ensuring that one process crashing will not take others with it.
True
Public key infrastructure (PKI) addresses storing, managing, distributing, and maintaining keys and digital certificates securely.
True
Rainbow tables compute every possible combination of characters prior to capturing a password so that the attacker can then capture the password hash from the network and compare it with the hashes that have already been generated
True
SolarWinds has the ability to generate network maps that can be viewed in products such as Microsoft's diagramming product Visio.
True
Substitution, transposition, stream, and block are common forms of ciphers.
True
Symmetric encryption is inherently faster than asymmetric encryption due to the nature of the computations performed.
True
The Whois tool has been used by law enforcement to gain information useful in prosecuting criminal activity.
True
The purpose of OS fingerprinting is to determine the operating system that is in use on a specific target.
True
The strength of asymmetric encryption is that it addresses the key distribution problem inherent with symmetric encryption.
True
The terms algorithm and cipher describe the formula or process used to perform encryption.
True
There are currently five primary Regional Internet Registries (RIRs) across the globe
True
U.S. laws regulate the exportation of cryptographic systems.
True
When working on securing Web applications, the safety of information must be considered both when it is being stored and when it is being transmitted, because both stages are potential areas for attack.
True
With passive fingerprinting, the victim has less chance of detecting and reacting to the impending attack.
True
Wrappers can be used to merge an attacker's intended payload with a harmless executable to create a single executable from the two.
True
ohnny Long's Google Hacking Database (GHDB) is a database of queries that can be used to conduct a Google Web search to identify sensitive data and content.
True
A number of different methods can be used to deface a Web site.
True
