Ethical Hacking Midterm Review Modules 1-6

What is the difference between penetration tests and security tests?

In a penetration test, an ethical hacker attempts to break into a company's network or applications to find weak links. In a security test, testers do more than attempt to break in; they also analyze a company's security policy and procedures and report any vulnerabilities to management.

What layer, in the TCP/IP stack, is responsible for routing a packet to a destination address?

Internet

What type of hardware devices and computer programs can be used to obtain passwords by capturing keystrokes on a targeted computer system?

Keyloggers

What type of physical security device can be used by both security professionals and attackers?

Keyloggers

What utility can be used for enumerating Windows OS's?

NBTscan

What open-source port-scanning tool is considered to be the standard port-scanning tool for security professionals?

NMap

Which of the following is a free vulnerability assessment tool from Tenable that extends NMAP capabilities by analyzing open ports and providing detailed vulnerability information?

Nessus Essentials

The computer names you assign to Windows systems are called which of the following?

NetBIOS

What tool can be used to read and write data to ports over a network?

Netcat

Which type of security is specifically concerned with computers or devices that are part of a network infrastructure?

Network security

What is true of recent versions of Linux?

Newer versions include upgrades that have made Linux easier to use.

Which tool is most useful for *nix enumeration?

Nmap, SNMPWalk, and OpenVAS can be used for *nix enumeration

What open-source network utility allows you to use plug-ins to run test programs (scripts) that can be selected from the client interface?

OpenVAS

When a person without any security credentials follows close behind another employee to enter a restricted area, what tactic is being used?

Piggybacking

What is the logical component of a TCP connection that can be assigned to a process that requires network connectivity?

Port

Closed ports respond to a NULL scan with what type of packet?

RST

Footprinting is also known by what term?

Reconnaissance

Which of the following is an older network management service that is useful for network administrators that want to view system statistics, version numbers, and other detailed host information remotely?

SNMP

What benefit does SNMP have?

SNMP enables remote administration.

In a normal TCP session, the sender sends a packet to another computer with which of the following flags set?

SYN flag

Which type of attack is being carried out when an attacker joins a TCP session and makes both parties think he or she is the other party?

Session hijacking

Why are hackers able to bypass some security systems using IPv6?

Some router-filtering devices, firewalls, and intrusion detection systems (IDSs) are not configured to enable IPv6.

Which of the following statements about port scanning is true?

Some states consider port scanning as noninvasive or nondestructive in nature and deem it legal.

A quick Internet search will reveal many free password-cracking programs. Why are security testers often able to guess passwords without needing these special programs?

Some users are careless when creating password

Which of the following is an automated way to discover pages of a website by following links?

Spidering

What can be inferred about successful security professionals?

Successful security professionals have a combination of technical and soft skills.

What connection-oriented protocol is utilized by the Transport layer?

TCP

What protocol is the most widely used and allows all computers on a network to communicate and function correctly?

TCP/IP

Which HTTP method starts a remote Application-layer loopback of the request message?

TRACE

What is the function of the Domain Name System?

The DNS server resolves the name of a URL to an IP address.

Why is it a challenge and concern for an ethical hacker to avoid breaking any laws?

The laws are constantly changing.

How do spyware and adware differ?

The main purpose of adware is to determine a user's purchasing habits, but spyware sends information, including confidential information, from the infected computer to the attacker.

During a NULL scan, no packet is received as a response. What is the most likely cause of no packet receipt?

The port is open.

Communication between two devices is not properly functioning. What is the most likely cause of the communication issues?

The protocols on each device differ.

Even though a security professional might think they are following the requirements set forth by the client who hired them to perform a security test, management may be dissatisfied. Which of the following is an example of an ethical hacking situation that might upset a manager?

The security testing reveals all the usernames and passwords of company personnel to the tester without the manager's prior consent.

A NetBIOS suffix may identify a computer or server being enumerated as a domain controller. Why do hackers often exert more effort to attack computers identified as domain controllers?

These systems store more information.

What does the acronym TCP represent?

Transmission Control Protocol

In the TCP/IP stack, what layer is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP header?

Transport

What is a *nix system command that can be used to retrieve HTTP, HTTPS, and FTP files over the Internet?

Wget

Which utility is used to gather IP and domain information?

Which utility is used to gather IP and domain information?

Which utility is used to gather IP and domain information?

Whois

What feature implemented in Windows Server 2016 allows for application isolation to protect applications from one another?

Windows Containers

Why is enumeration a more intrusive process than port scanning or footprinting?

With enumeration, attempts are made to access a resource.

Which of the following statements about written contracts is true?

Written contracts are always a good business practice.

What footprinting tool would be most helpful in determining network vulnerabilities?

Zed Attack Proxy

Nmap has a GUI front end that makes it easier to work with some of the complex options. Which of the following is the Nmap GUI front end?

Zenmap

What penetration model should be used when a company's management team does not wish to disclose that penetration testing is being conducted?

black box

In Unix and Linux systems, what command allows you to alter the permissions of files and directories?

chmod

In any *nix system, after saving a script named "script_name," it must be made executable so that it can be run. Which command will accomplish this task from the command line?

chmod +x script_name

When a security professional is presented with a contract drawn up by a company's legal department, which allows them to "hack" the company's network, they should proceed by performing what precautionary step?

consult their lawyer

Which of the following describes a flexible program that automates a task that takes too much time to perform manually?

customized script

SNMPWalk is a tool useful in enumerating hosts running SNMP with what type of configuration?

default

Which type of attack cripples the network and prevents legitimate users from accessing network resources?

denial-of-service

What process involves connecting to a remote system to access and extract valuable information?

enumeration

When security professionals create a packet, they may choose to specifically set which of the following fields to help initiate a response from a target computer?

flag

What penetration model should a company use if they only want to allow the penetration tester(s) partial or incomplete information regarding their network system?

gray box

Which term best describes malicious programmatic behaviors of known viruses that antivirus software companies compare to every file on a computer?

heuristics

If an attacker decides to implement a less obvious port-scan, or stealth attack, which of the following techniques would be appropriate to make their activities more difficult to detect?

limit scan speeds

An attacker manipulates messages between two parties in order to have one party send money to the attacker's account instead of the other party's account. What type of attack is occurring?

man-in-the-middle

To see additional parameters that can be used with the Netcat command, what should you type at the command prompt?

nc -h

What is the typical format for Class C addresses?

network.network.network.node

What derogatory title do experienced hackers give to inexperienced hackers who copy code or use tools created by knowledgeable programmers without understanding how the tools work?

packet monkey

Which type of social engineering attack attempts to discover personal information through the use of email?

phishing

When using a port-scanner, what procedure can be conducted to identify which IP addresses belong to active hosts?

ping sweep

A security tester needs to extract information from a network. What information cannot be gathered using enumeration?

purchasing habits of all users on the network

One of the limitations when using "ping sweeps" is that many network administrators configure nodes not to respond to ICMP Echo Requests. What type of ICMP Echo message is being disabled by these administrators?

reply

If you do not have access to Nessus, what NMap procedure can be used to help you to gain information about remote *nix hosts?

script scanning

What type of testing procedure involves the tester(s) analyzing the company's security policy and procedures, and reporting any vulnerabilities to management?

security test

Which technique can be used to read PINs entered at ATMs or at other areas when a pin code is entered?

shoulder surfing

Which process utilizes the knowledge of human nature to get information from people to use for executing an attack on a computer network?

social engineering

When an attacker chooses to combine social engineering with exploiting vulnerabilities carried out by e-mail, what type of attack is being performed?

spear phishing

What 1-pixel x 1-pixel image file is referenced in an <img> tag, and usually works with a cookie to collect information about the person visiting the website?

web bug

What penetration model would likely provide a network diagram showing all the company's routers, switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems?

white box

Which process enables you to see all the host computers on a network and a large portion of an organization's network?

zone transfers

What advanced port-scanning tool can allow a security tester to bypass filtering devices by injecting crafted or otherwise modified IP packets into a network?

Hping

What area of a network is a major area of potential vulnerability because of the use of URLs?

DNS

Prior to performing a zone transfer to see all host computers on the company network, what step should be completed?

Determine a company's primary DNS server.

What federal law makes it illegal to intercept any type of communication, regardless of how it was transmitted?

Electronic Communication Privacy Act

A security tester needs to extract usernames or groups assigned on the network along with information about users and recent logon times. What process will allow the security tester to accomplish this?

Enumeration

Which of the following is the most intrusive?

Enumeration

When a TCP three-way handshake ends, both parties send what type of packet to end the connection?

FIN

Which of the following is a useful enumeration tool that enables you to find out who is logged into a *nix system with one simple command?

Finger utility

What is critical to remember when studying for a network security certification exam?

Following the laws and behaving ethically are more important than passing an exam.

An analyst needs the header information of an HTML document. What HTTP method should be used to retrieve only this information?

HEAD

What type of general commands allow a security tester to pull information from a server using a web browser?

HTTP

What specific term does the U.S. Department of Justice use to label all illegal access to computer or network systems?

Hacking

Which of the following is not a type of social engineering?

Honeypotting

In a Linux script, which of the lines is important because it identifies the file as a script?

#!/bin/sh

What IP address is used as a loopback address and is not a valid IP address that can be assigned to a network?

127 address

How many host addresses can be assigned with a subnet mask of 255.255.255.0?

254

What port does the Domain Name System, or DNS service use?

53

How many bits are needed to represent a character in base-64?

6

When using the text editor vim, what command appends text after the insertion point?

A

What is a SOA record?

A Start of Authority (SOA) record shows for which zones or IP addresses a DNS server is responsible.

What type of footprinting might trigger a network alert?

Active footprinting because you are actually prodding the network in ways that might seem suspicious.

Why is DNS a major area of potential vulnerability?

Because of the use of URLs.

What skills does a security professional need to be successful?

Both knowledge of network and computer technology and the ability to communicate with management and IT personnel.

What type of port scan is similar to a SYN scan and is risky to use because it relies on the attacked computer's OS?

Connect