Ethical Hacking Midterm Review Modules 1-6
What is the difference between penetration tests and security tests?
In a penetration test, an ethical hacker attempts to break into a company's network or applications to find weak links. In a security test, testers do more than attempt to break in; they also analyze a company's security policy and procedures and report any vulnerabilities to management.
What layer, in the TCP/IP stack, is responsible for routing a packet to a destination address?
Internet
What type of hardware devices and computer programs can be used to obtain passwords by capturing keystrokes on a targeted computer system?
Keyloggers
What type of physical security device can be used by both security professionals and attackers?
Keyloggers
What utility can be used for enumerating Windows OS's?
NBTscan
What open-source port-scanning tool is considered to be the standard port-scanning tool for security professionals?
NMap
Which of the following is a free vulnerability assessment tool from Tenable that extends NMAP capabilities by analyzing open ports and providing detailed vulnerability information?
Nessus Essentials
The computer names you assign to Windows systems are called which of the following?
NetBIOS
What tool can be used to read and write data to ports over a network?
Netcat
Which type of security is specifically concerned with computers or devices that are part of a network infrastructure?
Network security
What is true of recent versions of Linux?
Newer versions include upgrades that have made Linux easier to use.
Which tool is most useful for *nix enumeration?
Nmap, SNMPWalk, and OpenVAS can be used for *nix enumeration
What open-source network utility allows you to use plug-ins to run test programs (scripts) that can be selected from the client interface?
OpenVAS
When a person without any security credentials follows close behind another employee to enter a restricted area, what tactic is being used?
Piggybacking
What is the logical component of a TCP connection that can be assigned to a process that requires network connectivity?
Port
Closed ports respond to a NULL scan with what type of packet?
RST
Footprinting is also known by what term?
Reconnaissance
Which of the following is an older network management service that is useful for network administrators that want to view system statistics, version numbers, and other detailed host information remotely?
SNMP
What benefit does SNMP have?
SNMP enables remote administration.
In a normal TCP session, the sender sends a packet to another computer with which of the following flags set?
SYN flag
Which type of attack is being carried out when an attacker joins a TCP session and makes both parties think he or she is the other party?
Session hijacking
Why are hackers able to bypass some security systems using IPv6?
Some router-filtering devices, firewalls, and intrusion detection systems (IDSs) are not configured to enable IPv6.
Which of the following statements about port scanning is true?
Some states consider port scanning as noninvasive or nondestructive in nature and deem it legal.
A quick Internet search will reveal many free password-cracking programs. Why are security testers often able to guess passwords without needing these special programs?
Some users are careless when creating password
Which of the following is an automated way to discover pages of a website by following links?
Spidering
What can be inferred about successful security professionals?
Successful security professionals have a combination of technical and soft skills.
What connection-oriented protocol is utilized by the Transport layer?
TCP
What protocol is the most widely used and allows all computers on a network to communicate and function correctly?
TCP/IP
Which HTTP method starts a remote Application-layer loopback of the request message?
TRACE
What is the function of the Domain Name System?
The DNS server resolves the name of a URL to an IP address.
Why is it a challenge and concern for an ethical hacker to avoid breaking any laws?
The laws are constantly changing.
How do spyware and adware differ?
The main purpose of adware is to determine a user's purchasing habits, but spyware sends information, including confidential information, from the infected computer to the attacker.
During a NULL scan, no packet is received as a response. What is the most likely cause of no packet receipt?
The port is open.
Communication between two devices is not properly functioning. What is the most likely cause of the communication issues?
The protocols on each device differ.
Even though a security professional might think they are following the requirements set forth by the client who hired them to perform a security test, management may be dissatisfied. Which of the following is an example of an ethical hacking situation that might upset a manager?
The security testing reveals all the usernames and passwords of company personnel to the tester without the manager's prior consent.
A NetBIOS suffix may identify a computer or server being enumerated as a domain controller. Why do hackers often exert more effort to attack computers identified as domain controllers?
These systems store more information.
What does the acronym TCP represent?
Transmission Control Protocol
In the TCP/IP stack, what layer is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP header?
Transport
What is a *nix system command that can be used to retrieve HTTP, HTTPS, and FTP files over the Internet?
Wget
Which utility is used to gather IP and domain information?
Which utility is used to gather IP and domain information?
Which utility is used to gather IP and domain information?
Whois
What feature implemented in Windows Server 2016 allows for application isolation to protect applications from one another?
Windows Containers
Why is enumeration a more intrusive process than port scanning or footprinting?
With enumeration, attempts are made to access a resource.
Which of the following statements about written contracts is true?
Written contracts are always a good business practice.
What footprinting tool would be most helpful in determining network vulnerabilities?
Zed Attack Proxy
Nmap has a GUI front end that makes it easier to work with some of the complex options. Which of the following is the Nmap GUI front end?
Zenmap
What penetration model should be used when a company's management team does not wish to disclose that penetration testing is being conducted?
black box
In Unix and Linux systems, what command allows you to alter the permissions of files and directories?
chmod
In any *nix system, after saving a script named "script_name," it must be made executable so that it can be run. Which command will accomplish this task from the command line?
chmod +x script_name
When a security professional is presented with a contract drawn up by a company's legal department, which allows them to "hack" the company's network, they should proceed by performing what precautionary step?
consult their lawyer
Which of the following describes a flexible program that automates a task that takes too much time to perform manually?
customized script
SNMPWalk is a tool useful in enumerating hosts running SNMP with what type of configuration?
default
Which type of attack cripples the network and prevents legitimate users from accessing network resources?
denial-of-service
What process involves connecting to a remote system to access and extract valuable information?
enumeration
When security professionals create a packet, they may choose to specifically set which of the following fields to help initiate a response from a target computer?
flag
What penetration model should a company use if they only want to allow the penetration tester(s) partial or incomplete information regarding their network system?
gray box
Which term best describes malicious programmatic behaviors of known viruses that antivirus software companies compare to every file on a computer?
heuristics
If an attacker decides to implement a less obvious port-scan, or stealth attack, which of the following techniques would be appropriate to make their activities more difficult to detect?
limit scan speeds
An attacker manipulates messages between two parties in order to have one party send money to the attacker's account instead of the other party's account. What type of attack is occurring?
man-in-the-middle
To see additional parameters that can be used with the Netcat command, what should you type at the command prompt?
nc -h
What is the typical format for Class C addresses?
network.network.network.node
What derogatory title do experienced hackers give to inexperienced hackers who copy code or use tools created by knowledgeable programmers without understanding how the tools work?
packet monkey
Which type of social engineering attack attempts to discover personal information through the use of email?
phishing
When using a port-scanner, what procedure can be conducted to identify which IP addresses belong to active hosts?
ping sweep
A security tester needs to extract information from a network. What information cannot be gathered using enumeration?
purchasing habits of all users on the network
One of the limitations when using "ping sweeps" is that many network administrators configure nodes not to respond to ICMP Echo Requests. What type of ICMP Echo message is being disabled by these administrators?
reply
If you do not have access to Nessus, what NMap procedure can be used to help you to gain information about remote *nix hosts?
script scanning
What type of testing procedure involves the tester(s) analyzing the company's security policy and procedures, and reporting any vulnerabilities to management?
security test
Which technique can be used to read PINs entered at ATMs or at other areas when a pin code is entered?
shoulder surfing
Which process utilizes the knowledge of human nature to get information from people to use for executing an attack on a computer network?
social engineering
When an attacker chooses to combine social engineering with exploiting vulnerabilities carried out by e-mail, what type of attack is being performed?
spear phishing
What 1-pixel x 1-pixel image file is referenced in an <img> tag, and usually works with a cookie to collect information about the person visiting the website?
web bug
What penetration model would likely provide a network diagram showing all the company's routers, switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems?
white box
Which process enables you to see all the host computers on a network and a large portion of an organization's network?
zone transfers
What advanced port-scanning tool can allow a security tester to bypass filtering devices by injecting crafted or otherwise modified IP packets into a network?
Hping
What area of a network is a major area of potential vulnerability because of the use of URLs?
DNS
Prior to performing a zone transfer to see all host computers on the company network, what step should be completed?
Determine a company's primary DNS server.
What federal law makes it illegal to intercept any type of communication, regardless of how it was transmitted?
Electronic Communication Privacy Act
A security tester needs to extract usernames or groups assigned on the network along with information about users and recent logon times. What process will allow the security tester to accomplish this?
Enumeration
Which of the following is the most intrusive?
Enumeration
When a TCP three-way handshake ends, both parties send what type of packet to end the connection?
FIN
Which of the following is a useful enumeration tool that enables you to find out who is logged into a *nix system with one simple command?
Finger utility
What is critical to remember when studying for a network security certification exam?
Following the laws and behaving ethically are more important than passing an exam.
An analyst needs the header information of an HTML document. What HTTP method should be used to retrieve only this information?
HEAD
What type of general commands allow a security tester to pull information from a server using a web browser?
HTTP
What specific term does the U.S. Department of Justice use to label all illegal access to computer or network systems?
Hacking
Which of the following is not a type of social engineering?
Honeypotting
In a Linux script, which of the lines is important because it identifies the file as a script?
#!/bin/sh
What IP address is used as a loopback address and is not a valid IP address that can be assigned to a network?
127 address
How many host addresses can be assigned with a subnet mask of 255.255.255.0?
254
What port does the Domain Name System, or DNS service use?
53
How many bits are needed to represent a character in base-64?
6
When using the text editor vim, what command appends text after the insertion point?
A
What is a SOA record?
A Start of Authority (SOA) record shows for which zones or IP addresses a DNS server is responsible.
What type of footprinting might trigger a network alert?
Active footprinting because you are actually prodding the network in ways that might seem suspicious.
Why is DNS a major area of potential vulnerability?
Because of the use of URLs.
What skills does a security professional need to be successful?
Both knowledge of network and computer technology and the ability to communicate with management and IT personnel.
What type of port scan is similar to a SYN scan and is risky to use because it relies on the attacked computer's OS?
Connect