Ethical Hacking and Network Defense Chpt 1-3

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

A written contract isn't necessary when a friend recommends a client. True or False?

False

Antivirus software should be updated annually. True or False?

False

The Ping of Death is an exploit that sends multiple ICMP packets to a host faster than the host can handle. True or False?

False

List the six flags of a TCP packet.

SYN, ACK, PSH, URG, RST, FIN

List the three components of the TCP/IP three-way handshake.

SYN, SYN-ACK, and ACK

A UDP packet is usually smaller than a TCP packet. True or False?

True

An exploit discovered for one OS might also be effective on another OS. True or False?

True

FTP offers more security than TFTP. True or False?

True

One purpose of adware is to determine users' purchasing habits. True or False?

True

List three worms or viruses that use e-mail as a form of attack.

Waledec, Nimda, Melissa, and W32/Sobig.F

A security tester should possess which of the following attributes? (Choose all that apply.) a. Good listening skills b. Knowledge of networking and computer technology c. Good verbal and written communication skills d. An interest in securing networks and computer systems

a. Good listening skills b. Knowledge of networking and computer technology c. Good verbal and written communication skills d. An interest in securing networks and computer systems

What organization designates a person as a CISSP? a. International Information Systems Security Certification Consortium (ISC2) b. EC-Council c. SANS Institute d. GIAC

a. International Information Systems Security Certification Consortium (ISC2)

On a Windows computer, what command can you enter to show all open ports being used? a. Netstat b. Ipconfig c. Ifconfig d. Nbtstat

a. Netstat

Which command verifies the existence of a node on a network? a. Ping b. Ipconfig c. Netstat d. Nbtstat

a. Ping

An exploit that leaves an attacker with another way to compromise a network later is called which of the following? (Choose all that apply.) a. Rootkit b. Worm c. Backroot d. Backdoor

a. Rootkit d. Backdoor

Which organization issues the Top 20 list of current network vulnerabilities? a. SANS Institute b. ISECOM c. EC-Council d. OPST

a. SANS Institute

Which of the following exploits might hide its destructive payload in a legitimate application or game? a. Trojan program b. Macro virus c. Worm d. Buffer overflow

a. Trojan program

Which of the following protocols is connectionless? (Choose all that apply.) a. UDP b. IP c. TCP d. SPX

a. UDP b. IP

Which of the following doesn't attach itself to a host but can replicate itself? a. Worm b. Virus c. Trojan program d. Buffer overflow

a. Worm

Before using hacking software over the Internet, you should contact which of the following? (Choose all that apply.) a. Your ISP b. Your vendor c. Local law enforcement authorities to check for compliance d. The FBI

a. Your ISP c. Local law enforcement authorities to check for compliance

The base-64 numbering system uses bits to represent a character. a. 4 b. 6 c. 7 d. 8

b. 6

What exploit is used to elevate an attacker's permissions by inserting executable code in the computer's memory? a. Trojan program b. Buffer overflow c. Ping of Death d. Buffer variance

b. Buffer overflow

What organization offers the Certified Ethical Hacker (CEH) certification exam? a. International Information Systems Security Certification Consortium (ISC2) b. EC-Council c. SANS Institute d. GIAC

b. EC-Council

Which federal law prohibits intercepting any communication, regardless of how it was transmitted? a. Computer Fraud and Abuse Act, Title 18 b. Electronic Communication Privacy Act c. Stored Wire and Electronic Communications and Transactional Records Act d. Fourth Amendment

b. Electronic Communication Privacy Act

A software or hardware component that records each keystroke a user enters is called which of the following? a. Sniffer b. Keylogger c. Trojan program d. Buffer overflow

b. Keylogger

Which of the following is a good place to begin your search for vulnerabilities in Microsoft products? a. Hacking Web sites b. Microsoft Security Bulletins c. Newsgroup references to vulnerabilities d. User manuals

b. Microsoft Security Bulletins

The Netstat command indicates that POP3 is in use on a remote server. Which port is the remote server most likely using? a. Port 25 b. Port 110 c. Port 143 d. Port 80

b. Port 110

What port, other than port 110, is used to retrieve e-mail? a. Port 25 b. Port 143 c. Port 80 d. Port 135

b. Port 143

A Ping command initially uses which ICMP type code? a. Type 0 b. Type 8 c. Type 14 d. Type 13

b. Type 8

A computer relies on a host to propagate throughout a network. a. Worm b. Virus c. Program d. Sniffer

b. Virus

Which of the following is not a valid octal number? a. 5555 b. 4567 c. 3482 d. 7770

c. 3482

A penetration tester is which of the following? a. A person who accesses a computer or network without permission from the owner b. A person who uses telephone services without payment c. A security professional who's hired to hack into a network to discover vulnerabilities d. A hacker who accesses a system without permission but does not delete or destroy files

c. A security professional who's hired to hack into a network to discover vulnerabilities

What portion of your ISP contract might affect your ability to conduct a penetration test over the Internet? a. Scanning policy b. Port access policy c. Acceptable use policy d. Warranty policy

c. Acceptable use policy

What protocol is used for reporting or informational purposes? a. IGMP b. TCP c. ICMP d. IP

c. ICMP

Some experienced hackers refer to inexperienced hackers who copy or use prewritten scripts or programs as which of the following? (Choose all that apply.) a. Script monkeys b. Packet kiddies c. Packet monkeys d. Script kiddies

c. Packet monkeys d. Script kiddies

To determine whether scanning is illegal in your area, you should do which of the following? a. Refer to U.S. code. b. Refer to the U.S. Patriot Act. c. Refer to state laws. d. Contact your ISP.

c. Refer to state laws.

Which protocol offers guaranteed delivery and is connection oriented? a. UDP b. IP c. TCP d. TFTP

c. TCP

What command is used to log on to a remote server, computer, or router? a. Ping b. Traceroute c. Telnet d. Netstat

c. Telnet

"Destination Unreachable" is designated by which ICMP type code? a. Type 0 b. Type 14 c. Type 3 d. Type 8

c. Type 3

The initial sequence number (ISN) is set at which step of the TCP three-way handshake? a. 1, 2, 3 b. 1, 3 c. 1 d. 1 and 2

d. 1 and 2

To reduce the risk of a virus attack on a network, you should do which of the following? a. Use antivirus software. b. Educate users about opening attachments from suspicious e-mail. c. Keep virus signature files current. d. All of the above

d. All of the above

What type of network attack relies on multiple servers participating in an attack on one host system? a. Trojan attack b. Buffer overflow c. Denial-of-service attack d. Distributed denial-of-service attack

d. Distributed denial-of-service attack

If you run a program in New York City that uses network resources to the extent that a user is denied access to them, what type of law have you violated? a. City b. State c. Local d. Federal

d. Federal

What component can be used to reduce the risk of a Trojan program or rootkit sending information from an attacked computer to a remote host? a. Base-64 decoder b. Keylogger c. Telnet d. Firewall

d. Firewall

What organization designates a person as an OPST? a. International Information Systems Security Certification Consortium (ISC2) b. EC-Council c. SANS Institute d. ISECOM

d. ISECOM

TCP communication could be likened to which of the following? a. Announcement over a loudspeaker b. Bullhorn at a sporting event c. Internet traffic d. Phone conversation

d. Phone conversation

What port does DNS use? a. Port 80 b. Port 69 c. Port 25 d. Port 53

d. Port 53

A team composed of people with varied skills who attempt to penetrate a network is referred to as which of the following? a. Green team b. Blue team c. Black team d. Red team

d. Red team

Which protocol uses UDP? a. FTP b. Netstat c. Telnet d. TFTP

d. TFTP

Which federal law amended Chapter 119 of Title 18, U.S. Code? a. Computer Fraud and Abuse Act, Title 18 b. Electronic Communication Privacy Act c. Stored Wire and Electronic Communications and Transactional Records Act d. U.S. Patriot Act, Sec. 217: Interception of Computer Trespasser Communications

d. U.S. Patriot Act, Sec. 217: Interception of Computer Trespasser Communications

Which of the following is an example of a macro programming language? a. Cþþ b. Windows XP c. Visual Basic d. Visual Basic for Applications

d. Visual Basic for Applications

List three types of malware

viruses, worms, Trojan programs, adware, and spyware

What three models do penetration or security testers use to conduct tests?

white box, black box, gray box

The U.S. Department of Justice defines a hacker as which of the following? a. A person who accesses a computer or network without the owner's permission b. A penetration tester c. A person who uses telephone services without payment d. A person who accesses a computer or network system with the owner's permission

a. A person who accesses a computer or network without the owner's permission

An exploit that attacks computer systems by inserting executable code in areas of memory not protected because of poorly written code is called which of the following? a. Buffer overflow b. Trojan program c. Virus d. Worm

a. Buffer overflow

As a security tester, what should you do before installing hacking software on your computer? a. Check with local law enforcement agencies. b. Contact your hardware vendor. c. Contact the software vendor. d. Contact your ISP.

a. Check with local law enforcement agencies.

Which federal law prohibits unauthorized access of classified information? a. Computer Fraud and Abuse Act, Title 18 b. Electronic Communication Privacy Act c. Stored Wire and Electronic Communications and Transactional Records Act d. Fifth Amendment

a. Computer Fraud and Abuse Act, Title 18

How can you find out which computer crime laws are applicable in your state? a. Contact your local law enforcement agencies. b. Contact your ISP provider. c. Contact your local computer store vendor. d. Call 911.

a. Contact your local law enforcement agencies.

What is the main purpose of malware? a. Doing harm to a computer system b. Learning passwords c. Discovering open ports d. Identifying an operating system

a. Doing harm to a computer system

What's the hexadecimal equivalent of the binary number 1111 1111? a. FF b. 255 c. EE d. DD

a. FF


Set pelajaran terkait

VYC1 Principles of Accounting: Unit 4 - 5 Questions & Quizzes

View Set

Principles of Banking Chapters 1-5

View Set

Life Insurance: Retirement and Other Insurance Concepts

View Set

Lesson 11 Chapter 14 Fitness: Physical Activity, Nutrients and Body Adaptions

View Set

Ch. 6 Current Digital Forensics Tools

View Set