ITN 261 Quiz 2
Which of the following Nmap commands does not perform a parallel scan?
-T Sneaky
Which of the following is a form of OS fingerprinting that involves actively requesting information from the target system?
Active fingerprinting
Which of the following reveals telling information such as version and service data that will help an attacker?
Banner
Which of the following is NOT a network mapping tool?
Conquistador
Which of the following statements is NOT true regarding enumeration?
During the enumeration phase, the attack has reached an advanced stage in which the attacker breaks into or penetrates the system.
A brute-force attack tries passwords that are pulled from a predefined list of words.
F
A rootkit is typically unable to hide itself from detection, which makes the device easy to locate.
F
Active OS fingerprinting allows an attacker to obtain information about a target without triggering network defensive measures such as IDS or firewalls.
F
Active fingerprinting takes longer than passive fingerprinting.
F
Because wardialing involves the use of modems, it is out of date and should no longer be used.
F
Exploiting a NULL session is difficult because it requires a long list of commands.
F
It is much harder to detect active OS fingerprinting than passive OS fingerprinting.
F
Offline attacks can be carried out using two methods: packet sniffing or man-in-the-middle and replay attacks.
F
Placing a backdoor on a system prevents an attacker from coming back later in an attempt to take control of the system.
F
Privilege escalation refers to changing the privileges to a level at which decreased access and more restrictions are in place.
F
The Security Account Manager (SAM) is a file that resides on the network, not on the hard drive, and is not actively accessed while Windows is running.
F
The mere existence of an open port means vulnerability exists.
F
There is no legitimate reason to map a network.
F
Today, a password length of 6 characters is considered to be the standard.
F
User Datagram Protocol (UDP) acknowledges each connection attempt; Transmission Control Protocol (TCP) does not, so it tends to produce less reliable results.
F
Xprobe2, an active OS fingerprinting tool, determines definitively which operating system is running on a system.
F
A denial of service (DoS) attack can be considered an "upgraded" and advanced version of a distributed denial of service (DDoS) attack.
False
A denial of service (DoS) attack is typically the first action an attacker will take in an attempt to access a system.
False
A distributed denial of service (DDoS) attack can be performed using only a software component; no hardware component is necessary.
False
Fail-open state results in closed and completely restricted access or communication.
False
It is easy for an attacker to predict the sequence numbers of the packets in order to hijack a session successfully.
False
Most networks and protocols are inherently secure making them difficult to sniff.
False
Session hijacking is the process of assisting two parties in establishing a new session.
False
Sniffers are fundamentally evil because they are only used to steal information.
False
Typically, a computer system can see all communications, whether they are addressed to the listening station or not.
False
Which of the following is NOT one of the ways to identify active machines on the network?
Firewall testing
Which of the following are considered offline attacks?
Hybrid and precomputed attacks
The feature in the Windows operating system that is used to give access to certain types of information across the network is the:
NULL session.
The practice of identifying the operating system of a networked device through either passive or active techniques is called:
OS identification
Which of the following is NOT true regarding the use of a packet sniffer?
Packet sniffing involves the attacker capturing traffic from both ends of the communication between two hosts.
Which of the following are considered passive online attacks?
Packet sniffing, or man-in-the-middle and replay attacks
Which of the following is a method of identifying the OS of a targeted computer or device in which no traffic or packets are injected into the network and attackers simply listen to and analyze existing traffic?
Passive fingerprinting
What type of sniffing takes place on networks such as those that have a hub as the connectivity device?
Passive sniffing
The Nmap command -sP performs which of the following scans?
Ping scan
Which of the following refers to software designed to alter system files and utilities on a victim's system with the intention of changing the way a system behaves?
Rootkits
Which of the following refers to a utility designed to detect Simple Network Management Protocol (SNMP)-enabled devices on a network and locate and identify devices that are vulnerable to SNMP attacks?
SNScan
Which of the following user accounts is considered a super user-style account that gets nearly unlimited access to the local system and can perform actions on the local system with little or no restriction?
SYSTEM
Which of the following is unique among network scanners because it scans ports in parallel using what is known as stateless scanning?
Scanrand
The Nmap command -T Paranoid performs which of the following scans?
Serial scan; 300 seconds between scans
Which of the following is NOT a step in planning an attack on a target?
Set up a deny all access control to block all traffic to all ports unless such traffic has been explicitly approved
Which of the following tools is used to perform port scanning, but can also be used to perform enumeration by using utilities designed for extracting information from a Windows-based host?
SuperScan
Which of the following is a Windows-based port scanner designed to scan TCP and UDP ports, perform ping scans, run Whois queries, and use Traceroute?
Superscan
A keystroke logger is software that is designed to capture the keystrokes of the user and then be retrieved by an attacker later on.
T
A ping is actually an Internet Control Message Protocol (ICMP) message.
T
A rootkit can provide a way to hide spyware such as a keystroke logger so that it is undetectable even to those looking for it.
T
Active fingerprinting contacts the host; passive fingerprinting does not.
T
An attacker can use enumeration methods to determine whether or how a target can respond to system hacking activities.
T
Brute force attacks are quick but are rarely successful.
T
Cheops has the ability to display the whole network in a graphic format showing the paths of data between systems on the target network.
T
Enumeration represents the point at which the attack crosses the legal line to being an illegal activity in some areas.
T
In the Windows OS, the NetBIOS service is commonly targeted by attackers because diverse information can be obtained, including usernames, share names, and service information.
T
Most of the services and processes that run on the Windows operating system run with the help of a user account.
T
Nmap can be used with or without a GUI.
T
Nmap is valuable in OS fingerprinting as well as port scanning.
T
Offline attacks are a form of password attack that relies on weaknesses in how passwords are stored on a system.
T
Once escalated privileges have been obtained, the PsTools suite makes it possible for an attacker to run an application on a remote system rather easily.
T
Password cracking is used to obtain the credentials of an account with the intent of using the information to gain access to the system as an authorized user.
T
Port scanning is designed to probe each port on a system in an effort to determine which ports are open.
T
Rainbow tables compute every possible combination of characters prior to capturing a password so that the attacker can then capture the password hash from the network and compare it with the hashes that have already been generated.
T
SolarWinds has the ability to generate network maps that can be viewed in products such as Microsoft's diagramming product Visio.
T
The first step in port scanning is one of preparation, specifically the gathering of information about the range of Internet protocols in use by the target.
T
The goal of the process of enumeration is to determine what a system is offering.
T
The process of active OS fingerprinting is accomplished by sending specially crafted packets to the targeted system.
T
The purpose of OS fingerprinting is to determine the operating system that is in use on a specific target.
T
User Datagram Protocol (UDP) is harder to scan with successfully; as data is transmitted, there are no mechanisms designed to deliver feedback to the sender.
T
With passive fingerprinting, the victim has less chance of detecting and reacting to the impending attack.
T
Which type of scan is the most reliable but also the easiest to detect?
TCP connect scan
Which of the following excels at allowing the security professional to find services that have been redirected from standard ports?
THC-Amap
A denial of service (DoS) attack is designed to deny legitimate users the use of a system or service through the systematic overloading of its resources.
True
A lookup table is used to track which Media Access Control (MAC) addresses are present on which ports on the switch.
True
Active session hijacking takes sniffing to the next level by moving from listening to interacting.
True
Active sniffing introduces traffic onto the network, meaning that the user's presence is now detectable by anyone or anything that may be looking.
True
Both denial of service (DoS) and distributed denial of service (DDoS) attacks seek to overwhelm a victim with requests designed to lock up, slow down, or crash a system.
True
Content addressable memory (CAM) is the memory present on a switch that is used to look up the Media Access Control (MAC) address to port mappings that are present on a network.
True
Content addressable memory (CAM) is used to build a lookup table.
True
In the first wave of a distributed denial of service (DDoS) attack, the targets that will be the "foot soldiers" are infected with the implements that will be used to attack the ultimate victim.
True
Promiscuous mode is a special mode that a network card can be switched to that will allow the card to observe all traffic that passes by on the network.
True
Which of the following techniques is not used to locate network access points, but to reveal the presence of access points to others?
Warchalking
A technique that has existed for more than 25 years as a footprinting tool and involves the use of modems is called:
Wardialing
Which of the following is the process of locating wireless access points and gaining information about the configuration of each?
Wardriving
Attackers attempts to stop their attacks from being detected are referred to as:
covering tracks.
An attacker can deprive the system owner of the ability to detect the activities that have been carried out by:
disabling auditing.
Bits that are set in the header of a packet, each describing a specific behavior are called:
flags
A form of offline attack that functions much like a dictionary attack, but with an extra level of sophistication, is a:
hybrid attack.
Which of the following tools is included with every version of the Windows operating system and has a number of switches that can be used to perform different functions, some of which can be useful for the ethical hacker?
nbtstat
Shoulder surfing, keyboard sniffing, and social engineering are considered:
nontechnical attacks.
Cain and Abel, John the Ripper, Pandora, and Pwdump3 are examples of:
password crackers.
Privilege escalation gives the attacker the ability to:
perform actions on the system with fewer restrictions and perform tasks that are potentially more damaging.
The process of sending ping requests to a series of devices or to the entire range of networked devices is called a:
ping sweep
Precomputed hashes are used in an attack type known as a:
rainbow table.
The unique ID that is assigned to each user account in Windows that identifies the account or group is called a(n):
security identifier (SID).
An application or device that is designed to capture network traffic as it moves across the network itself is referred to as a:
sniffer
The database on the local Windows system that is used to store user account information is called:
the Security Account Manager (SAM).
A packet flagged with the FIN flag signals:
the end or clearing of a connection.
Active@ and Trinity Rescue Kit are examples of:
tools used to change passwords.
