Ethical Hacking Midterm
Please list at least five kinds of Malware
1. Virus 2. Worm 3. Trojan Program 4. Spyware 5. Adware
Please list and explain the three main penetration testing methodologies
1. Whitebox model - tester is told about network topology and technology 2. Blackbox model - tester is not given details about network topology and technology 3. Greybox model - a hybrid between whitebox and blackbox model, the tester is given partial information
The POP3 service uses port ____.
110
The Network News Transport Protocol service uses port ____.
119
The Microsoft RPC service uses port ____.
135
The NetBIOS service uses port ____.
139
The binary number 11000001 converted to decimal is ____.
193
Currently, the CEH exam is based on ____ domains (subject areas) with which the tester must be familiar.
22
The SMTP service uses port ____.
25
Each Class C IP address supports up to ____ host computers.
254
The DNS service uses port ____.
53
The TFTP service uses port ____.
69
The HTTP service uses port ____.
80
____ sometimes displays a banner that notifies the user of its presence.
Adware
In the TCP/IP stack, the ____ layer is where applications and protocols, such as HTTP and Telnet, operate.
Application
The ____-layer protocols are the front ends to the lower-layer protocols in the TCP/IP stack.
Application
what is Buffer Overflow Attacks
Buffer Overflow Attack results from vulnerability in poorly written code, it is an application attack where an attacker writes code that overflows the buffer causing an application to crash.
The International Council of Electronic Commerce Consultants (EC-Council) has developed a certification designation called ____.
Certified Ethical Hacker (CEH)
The ____ certification for security professionals is issued by the International Information Systems Security Certifications Consortium (ISC2).
Certified Information Systems Security Professional (CISSP)
What type of class has the IP address 193.1.2.3?
Class C
What is Denial-of-Service Attacks
Denial of Service attack prevents legitimate users from accessing network resources while not attempting to truthfully access information.
____ is a tool that is used to perform DNS zone transfers.
Dig
A ____ attack prevents legitimate users from accessing network resources.
DoS
____ can be used to gather information useful for computer criminals, like company phone directories, financial reports, interoffice memos, resumes of employees, etc.
Dumpster diving
Please explain what Ethical hacker, penetration test and security test are
Ethical hackers are hired by companies to perform penetration tests. Penetrations tests are an attempt to break into a companies network to find the weakest link. Security tests analyze a company's security policy and procedures and report the vulnerabilities.
Please explain what is footprinting and list at least four method of footprinting method for information gathering.
Footprinting involves finding information on a companies network, it is passive and nonintrusive. Methods of footprinting include web site searching, and email, URL, and cookie researching.
The SysAdmin,Audit,Network, Security (SANS) Institute offers training and IT security certifications through ____.
Global Information Assurance Certification (GIAC)
In the TCP/IP stack, the ____ layer uses IP addresses to route packets.
Internet
IDS stands for ____.
Intrusion Detection System
____ are devices or computer programs that can be used to capture keystrokes on a computer.
Keyloggers
____ commands that open and close files can be used in destructive ways.
Macro
____ is a tool that is used to read and write data to ports over a network.
Netcat
In the TCP/IP stack, the ____ layer is concerned with physically moving electrons across a medium.
Network
____ is concerned with the security of computers or devices that are part of a network infrastructure.
Network security
The ____ certification uses the Open Source Security Testing Methodology Manual (OSSTMM), written by Peter Herzog, as its standardized methodology.
OPST
The ____ certification is designated by the Institute for Security and Open Methodologies (ISECOM), a nonprofit organization that provides security training and certification programs for security professionals.
OSSTMM Professional Security Tester (OPST)
The ____ tool can generate a report that can show an attacker how a Web site is structured and lists Web pages that can be investigated for further information.
Paros
____ is trailing closely behind an employee who has access to an area without the person realizing that you didn't use a PIN or a security badge to enter the area.
Piggybacking
In the ____ attack, the attacker simply creates an ICMP packet that's larger than the maximum allowed 65,535 bytes.
Ping of Death
What is Ping of Death Attacks and how they work
Ping of Death Attack occurs when an attacker creates a large ICMP packet and floods the server or workstation. The large packets are fragmented into small packets and sent repeadetly, the destination point cannot handle all of the requests and becomes unavailable.
PKI stands for ____.
Public Key Infrastructure
"____" is not a domain tested for the CEH exam.
Red team testing
The ____ Institute Top 20 list details the most common network exploits and suggests ways of correcting vulnerabilities.
SANS
____ is a Web tool used to gather IP and domain information. It is available for both UNIX and Window OSs.
SamSpade
What is Script kiddies or packet monkeys
Script kiddies or packet monkeys are younger inexperienced hackers who copy code from knowledgeable hackers
____ takes penetration testing to a higher level.
Security testing
____ enables an attacker to join a TCP session and make both parties think he or she is the other party.
Session hijacking
____ can be used to read PINs entered at ATMs or to detect long-distance authorization codes that callers dial.
Shoulder surfing
Please explain what social engineering is. Please list the five main technique of social engineering. Please explain these technique with examples
Social Engineering is targeted toward human components of the network and has the goal of obtaining confidential user information. Methods of social engineering include shoulder surfing(watching someone enter their password), dumpster diving(attackers find information in victims trash), piggybacking(someone trails a user through a key card door or somewhere they aren't cleared to be), and phishing(tricking a user into giving up confidential information).
____ means using a knowledge of human nature to get information from people.
Social engineering
The two most popular spyware and adware removal programs are ____ and Ad-Aware.
SpyBot
____ is a remote control program.
Symantec pcAnywhere
The ____ disseminates research documents on computer and network security worldwide at no cost.
SysAdmin,Audit,Network, Security (SANS) Institute
The most widely used is protocol is ____.
TCP/IP
Describe the TCP/IP protocol stack
The TCP/IP protocol stack has four layers: Application, Transport, Internet, and Network. The Application layer houses the HTTP, FTP, SMTP, SNMP, and Telnet protocols. The Transport layer houses the TCP and UDP protocols. The Internet layer houses the IP, ICMP, and IGMP protocols. The Network layer houses the Data Link and Physical layers of the OSI model as they represent the physical network and data transfer. The TCP/IP protocol is the most widely used protocol.
TCP stands for ____.
Transmission Control Protocol
In the TCP/IP stack, the ____ layer is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP header.
Transport
One of the most insidious attacks against networks and home computers worldwide is ____, which disguise themselves as useful computer programs or applications.
Trojan programs
Software keyloggers behave like ____ and are loaded on a computer.
Trojan programs
UDP stands for ____.
User Datagram Protocol
____ is a tool that is used to gather IP and domain information.
Whois
The virus signature file is maintained by ____ software.
antivirus
In the ____ model, management does not divulge to staff that penetration testing is being conducted, nor does it give the tester any diagrams or describe what technologies the company is using.
black box
A ____ can be created that welcomes new users joining a chat session, even though a person isn't actually present to welcome them.
bot
In a ____ attack, a programmer finds a vulnerability in poorly written code that doesn't check for a defined amount of memory space use.
buffer overflow
Which of the following provides the most secure method of securing a company's assets?
card access
Some of the most infamous cases are hacks carried out by ____ students, such as the eBay hack of 1999.
college
Based on the starting decimal number of the ____ byte, you can classify IP addresses as Class A, Class B, or Class C.
first
An April 2009 article in USA Today revealed that the federal government is looking for ____ to pay them to secure the nation's networks.
hackers
The U.S. Department of Justice labels all illegal access to computer or network systems as "____".
hacking
Penetration testers and security testers usually have a laptop computer configured with ____ and hacking tools.
multiple OSs
A(n) ____ is the logical, not physical, component of a TCP connection.
port
A ____ is created after an attack and usually hides itself within the OS tools, so it's almost impossible to detect.
rootkit
Trojan Programs can install a backdoor or ____ on a computer.
rootkit
Some hackers are skillful computer operators, but others are younger inexperienced people who experienced hackers refer to as ____.
script kiddies
Many experienced penetration testers can write computer programs or ____ in Perl or the C language to carry out network attacks.
scripts
In a(n) ____, the tester does more than attempt to break in; he or she also analyzes the company's security policy and procedures and reports any vulnerabilities to management.
security test
To help prevent ____ attacks, you must educate your users not to type logon names and passwords when someone is standing directly behind them—or even standing nearby.
shoulder-surfing
To represent 0 to 63 characters you need only ____ bits.
six
The collection of tools for conducting vulnerability assessments and attacks is sometimes referred to as a "____".
tiger box
A ____ can replicate itself, usually through an executable program attached to an e-mail.
virus
In the ____ model, the company might print a network diagram showing all the company's routers, switches, firewalls, and intrusion detection systems (IDSs) or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems.
white box
A ____ is a computer program that replicates and propagates itself without having to attach itself to a host.
worm
