Hands-On Ethical Hacking and Network Defense 3rd Ed. Chp 3-4 Quiz
The acronym IDS stands for which of the following?
Intrusion Detection System
Which HTTP method requests that the entity is stored under the Request-URI?
PUT
Which HTTP method starts a remote Application-layer loopback of the request message?
TRACE
Which term best describes malicious programmatic behaviors that antivirus software companies use to compare known viruses to every file on a computer?
Signatures
A computer hacker may use a phishing e-mail to lure a user into following a malicious link. What type of technique is being used by the computer hacker?
Social-engineering
Which process utilizes the knowledge of human nature to get information from people to use for executing an attack on a computer network?
Social-engineering
When an attacker chooses to combine social engineering with exploiting vulnerabilities carried out by e-mail, what type of attack is being performed?
Spear phishing
If an attacker wishes to collect confidential financial data, passwords, PINs and any personal data stored on your computer which of the following programs would they choose to use?
Spyware
Which technique can be used to read PINs entered at ATMs or at other areas when a pin code is entered?
Spyware
A computer hacker may use a phishing e-mail to lure a user into following a malicious link. What type of technique is being used by the computer hacker?
Phishing / Spearphising
To see additional parameters that can be used with the Netcat command, what should you type at the command prompt?
nc -h
Which utility is used to gather IP and domain information?
Whois
What type of general commands allow a security tester to pull information from a Web server using a web browser?
ZAP
Which HTTP error informs you the server understands the request but refuses to comply?
403 Forbidden
Which type of program can mitigate some risks associated with malware
Antivirus
Which HTTP method is used with a proxy that can dynamically switch to a tunnel connection, such as Secure Socket Layer (SSL)?
CONNECT
Which type of security is specifically concerned with computers or devices that are part of a network infrastructure?
Computer security
What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance?
Piggybacking
What type of virus is used to lock a user's system, or cloud accounts until the system's owner complies by paying the attacker a monetary fee?
Ransomware
Which of the following is created after an attack and usually hides within the OS tools, so it is almost impossible to detect?
Rootkit
Which term best describes a hash or code pattern that antivirus software companies use to compare known viruses to every file on a computer?
Signatures
What is the passive process of finding information on a company's network called?
Footprinting
Which of the following physical security methods provides the ability to secure a company's assets and document any individuals physical time of entry?
Card access
When an individual attempts to discover as much information legally possible about their competition, what information gathering technique are they performing?
Competitive Intelligence
Which type of social engineering attack attempts to discover personal information through the use of email?
Phishing
What type of malicious computer programs present themselves as useful computer programs or applications?
Trojan programs
In a buffer overflow attack, an attacker finds a vulnerability in poorly written code that doesn't check for a defined amount of memory space use.
True
Malware is malicious software, such as a virus, worm, or Trojan program, introduced into a network.
True
Network attacks can often begin by gathering information from a company's Web site.
True
Whitelisting allows only approved programs to run on a computer.
True
What 1-pixel x 1-pixel image file is referenced in an tag, and usually works with a cookie to collect information about the person visiting the Website?
Web bug
A malicious computer program that replicates and propagates itself without having to attach to a host is called which of the following?
Worm
When a computer hacker uses multiple compromised computers to carry out a DDOS attack, the compromised computers are usually referred to as which of the following?
Zombies
What area of a network is a major area of potential vulnerability because of the use of URLs?
DNS
Which type of attack cripples the network and prevents legitimate users from accessing network resources?
Denial of Service
What type of malicious procedure involves using sniffing tools to capture network communications to intercept confidential information or gather credentials that can be used to extend the attack?
Eavesdropping
A DDoS attack is launched against a host from a single server or workstation.
False
Malware programs cannot be detected by antivirus programs
False
Namedroppers is a tool that can be used to capture Web server information and vulnerabilities in a Web site's pages that could allow exploits such as SQL injection and buffer overflows.
False
The HTTP CONNECT method starts a remote application-layer loopback of the request message.
False
What is the HTTP method that retrieves data by URI?
GET
