Pen Test Chp. 4-7 Review Questions
List three logical operators used in C programming.
AND, OR, and NOT
To bypass some ICMP-filtering devices on a network, an attacker might send which type of packets to scan the network for vulnerable services? (Choose all that apply.) PING packets SYN packets ACK packets Echo Request packets
SYN packets ACK packets
What are the three looping mechanisms in C? (Choose all that apply.) for loop while loop if-then-else loop do loop
for loop while loop do while loop
Name two looping mechanisms used in Perl.
for loop, while loop
Port scanning provides the state for all but which of the following ports? Closed Open Filtered Buffered
Buffered
A NULL scan requires setting the FIN, ACK, and URG flags. True or False?
False
Which of the following is the Win32 API function for verifying the file system on a Windows computer? Filesystem() FsType() System() IsNT()
FsType()
Which flags are set on a packet sent with the nmap -sX 193.145.85.202 command? (Choose all that apply.) FIN PSH SYN URG
FIN PSH URG
What is the best method of preventing NetBIOS attacks? Filtering certain ports at the firewall Telling users to create difficult-to-guess passwords Pausing the Workstation service Stopping the Workstation service
Filtering certain ports at the firewall
A FIN packet sent to a closed port responds with which of the following packets? FIN SYN-ACK RST SYN
RST
To find information about the key IT personnel responsible for a company's domain, you might use which of the following tools? (Choose all that apply.) Whois Whatis Domain Dossier Nbtstat
Whois
What's the first method a security tester should attempt to find a password for a computer on the network? Use a scanning tool. Install a sniffer on the network. Ask the user. Install a password-cracking program.
Ask the user.
To determine a company's primary DNS server, you can look for a DNS server containing which of the following? Cname record Host record PTR record SOA record
SOA record
Security testers and hackers use which of the following to determine the services running on a host and the vulnerabilities associated with these services? Zone transfers Zone scanning Encryption algorithms Port scanning
port scanning
Before writing a program, many programmers outline it first by using which of the following? Pseudocode Machine code Assembly code Assembler code
pseudocode
A missing parenthesis or brace might cause a C compiler to return which of the following? System fault Interpreter error Syntax error Machine-language fault
syntax error
To see a brief summary of Nmap commands in a Linux shell, which of the following should you do? Type nmap -h. Type nmap -summary. Type help nmap. Press the F1 key.
type nmap -h
Which of the following tools can assist you in finding general information about an organization and its employees? (Choose all that apply.) www.google.com http://groups.google.com netcat nmap
www.google.com http://groups.google.com
An algorithm is defined as which of the following? A list of possible solutions for solving a problem A method for automating a manual process A program written in a high-level language A set of instructions for solving a specific problem
A set of instruction for solving a specific problem
Why does the fping -f 193.145.85.201 193.145.85.220 command cause an error? An incorrect parameter is used. The IP range should be indicated as 193.145.85.201-220. There's no such command. IP ranges aren't allowed with this command.
An incorrect parameter is ued.
Documentation of a program should include which of the following? (Choose all that apply.) Author Date written Explanation of complex algorithms Modifications to the code
Author Date written Explanation of complex algorithms Modifications to the code
Most programming languages enable programmers to perform which of the following actions? (Choose all that apply.) Branching Testing Faulting Looping
Branching Testing Looping
Which of the following contains host records for a domain? DNS WINS Linux server UNIX Web clients
DNS
is one of the components most vulnerable to network attacks. TCP/IP WINS DHCP DNS
DNS
Which of the following testing processes is the most intrusive? Port scanning Enumeration Null scanning Numeration
Enumeration
Fping doesn't allow pinging multiple IP addresses simultaneously. True or False?
False
HTML files must be compiled before users can see the resulting Web pages. True or False?
False
The Nbtstat command is used to enumerate *nix systems. True or False?
False
The Windows Net use command is a quick way to discover any shared resources on a computer or server. True or False?
False
Security testers conduct enumeration for which of the following reasons? (Choose all that apply.) Gaining access to shares and network resources Obtaining user logon names and group memberships Discovering services running on computers and servers Discovering open ports on computers and servers
Gaining access to shares and network resources Obtaining user logon names and group memberships
If you're trying to find newsgroup postings by IT employees of a certain company, which of the following Web sites should you visit? http://groups.google.com www.google.com www.samspade.com www.arin.org
http://groups.google.com
To find extensive Nmap information and examples of the correct syntax to use in Linux, which of the following commands should you type? nmap -h nmap -help nmap? man nmap
man nmap
To identify the NetBIOS names of systems on the 193.145.85.0 network, which of the following commands do you use? nbtscan 193.145.85.0/24 nbtscan 193.145.85.0-255 nbtstat 193.145.85.0/24 netstat 193.145.85.0/24
nbtscan 193.145.85.0/24
Which of the following commands should you use to determine whether there are any shared resources on a Windows computer with the IP address 193.145.85.202? netstat -c 193.145.85.202 nbtscan -a 193.145.85.202 nbtstat -a 193.145.85.202 nbtstat -a \\193.145.85.202
nbtstat -a \\193.145.85.202
Which of the following Nmap commands sends a SYN packet to a computer with the IP address 193.145.85.210? (Choose all that apply.) nmap -sS 193.145.85.210 nmap -v 193.145.85.210 nmap -sA 193.145.85.210 nmap -sF 193.145.85.210
nmap -sS 193.145.85.210 nmap -v 193.145.85.210
Which Nmap command verifies whether the SSH port is open on any computers in the 192.168.1.0 network? (Choose all that apply.) nmap -v 192.168.1.0-254 -p 22 nmap -v 192.168.1.0-254 -p 23 nmap -v 192.168.1.0-254 -s 22 nmap -v 192.168.1.0/24 -p 22
nmap -v 192.168.1.0-254 -p 22 nmap -v 192.168.1.0/24 -p 22
A closed port responds to a SYN packet with which of the following packets? FIN SYN-ACK SYN RST
RST
When conducting competitive intelligence, which of the following is a good way to determine the size of a company's IT support staff? Review job postings on Web sites such as www.monster.com or www.dice.com. Use the nslookup command. Perform a zone transfer of the company's DNS server. Use the host -t command.
Review job postings on Web sites such as www.monster.com or www.dice.com.
Which of the following is a commonly used UNIX enumeration tool? Netcat Nbtstat Netstat SNMPWalk
SNMPWalk
The Net view command can be used to see whether there are any shared resources on a server. True or False?
True
Which of the following is a good Web site for gathering information on a domain? www.google.com www.namedroppers.com http://centralops.net/co/ www.arin.net All of the above
All of the above
In object-oriented programming, classes are defined as the structures that hold data and functions. True or False?
True
Perl and C are the most widely used programming languages among security professionals. True or False?
True
Security testers can use Hping to bypass filtering devices. True or False?
True
Which of the following HTML tags is used to create a hyperlink to a remote Web site? <A HREF=http://URL> <A HREF="http://URL"> <A HREF="file:///c:/filename> <A HREF/>
<A HREF="http://URL">
A C program must contain which of the following? Name of the computer programmer A main() function The #include <std.h> header file A description of the algorithm used
A main() function
Using the following Perl code, how many times will "This is easy..." be displayed onscreen? for ($count=1; $count <= 5; $count++) { print "This is easy..."; } 6 4 None (syntax error) 5
5
What is the result of running the following C program? main() { int a = 2; if (a = 1) printf("I made a mistake!"); else printf("I did it correctly!"); } "Syntax error: illegal use of ;" is displayed. "I made a mistake!" is displayed. "Syntax error: variable not declared" is displayed. "I did it correctly!" is displayed.
"I made a mistake!" is displayed.
To add comments to a Perl script, you use which of the following symbols? // /* # <!--
#
Which port numbers indicate NetBIOS is in use on a remote target? 135 to 137 389 to 1023 135 to 139 110 and 115
135 to 139
Enumeration of Windows systems can be more difficult if port is filtered. 110/UDP 443/UDP 80/TCP 139/TCP
139/TCP
A NetBIOS name can contain a maximum of characters. 10 11 15 16
16
What is the most widely used port-scanning tool? Netcat Netstat Nmap Nslookup
nmap
Before conducting a security test by using social-engineering tactics, what should you do? Set up an appointment. Document all findings. Get written permission from the person who hired you to conduct the security test. Get written permission from the department head.
Get written permission from the person who hired you to conduct the security test.
Which of the following tags enables an HTML programmer to create a loop? <LOOP> <NEST> <WHILE> HTML doesn't have a looping function or tag.
HTML doesn't have a looping function or tag.
Which of the following is a tool for creating a custom TCP/IP packet and sending it to a host computer? Tracert Traceroute Hping Nmapping
Hping
In basic network scanning, ICMP Echo Requests (type 8) are sent to host computers from the attacker, who waits for which type of packet to confirm that the host computer is live? ICMP SYN-ACK packet ICMP SYN packet ICMP Echo Reply (type 8) ICMP Echo Reply (type 0)
ICMP Echo Reply (type 0)
What is a potential mistake when performing a ping sweep on a network? Including a broadcast address in the ping sweep range Including a subnet IP address in the ping sweep range Including the subnet mask in the ping sweep range Including the intrusion detection system's IP address in the ping sweep range
Including a broadcast address in the ping sweep range
A(n) scan sends a packet with all flags set to NULL. NULL VOID SYN XMAS
NULL
Which of the following is the vulnerability scanner from which OpenVAS was developed? OpenVAS Pro Nessus ISS Scanner SuperScan
Nessus
Which of the following commands connects to a computer containing shared files and folders? Net view Net use Netstat Nbtstat
Net use
Which of the following is a Windows command-line utility for seeing NetBIOS shares on a network? Net use Net user Net view Nbtuser
Net view
Most NetBIOS enumeration tools connect to the target system by using which of the following? ICMP packets Default logons and blank passwords Null sessions Admin accounts
Null Sessions
Which of the following tools can be used to enumerate Windows systems? (Choose all that apply.) OpenVAS or Nessus Reddit DumpIt Hyena
OpenVAS or Nessus Dumpit Hyena
Shoulder surfers can use their skills to find which of the following pieces of information? (Choose all that apply.) Passwords ATM PINs Long-distance access codes Open port numbers
Passwords ATM PINs Long-distance access codes
Entering a company's restricted area by following closely behind an authorized person is referred to as which of the following? Shoulder surfing Piggybacking False entering Social engineering
Piggybacking
Which of the following is one method of gathering information about the operating systems a company is using? Search the Web for e-mail addresses of IT employees. Connect via Telnet to the company's Web server. Ping the URL and analyze ICMP messages. Use the ipconfig /os command.
Search the Web for e-mail addresses of IT employees.
Discovering a user's password by observing the keys he or she presses is called which of the following? Password hashing Password crunching Piggybacking Shoulder surfing
Shoulder surfing
Many social engineers begin gathering the information they need by using which of the following? The Internet The telephone A company Intranet E-mail
The telephone
A cookie can store information about a Web site's visitors. True or False?
True
What social-engineering technique involves telling an employee that you're calling from the CEO's office and need certain information ASAP? (Choose all that apply.) Urgency Status quo Position of authority Quid pro quo
Urgency Position of authority
Which of the following is a fast and easy way to gather information about a company? (Choose all that apply.) Conduct port scanning. Perform a zone transfer of the company's DNS server. View the company's Web site. Look for company ads in phone directories.
View the company's Web site.
What's one way to gather information about a domain? View the header of an e-mail you send to an e-mail account that doesn't exist. Use the ipconfig command. Use the ifconfig command. Connect via Telnet to TCP port 53.
View the header an e-mail you send to an e-mail account that doesn't exist.
A null session is enabled by default in all the following Windows versions except: Windows 95 Windows Server 2008 Windows 98 Windows 2000
Windows Server 2008
Which of the following enables you to view all host computers on a network? SOA ipconfig Zone transfers HTTP HEAD method
Zone transfers
In C, which looping function performs an action first and then tests to see whether the action should continue to occur? for loop while loop do loop unless loop
do loop
Which of the following C statements has the highest risk of creating an infinite loop? while (a > 10) while (a < 10) for (a = 1; a < 100; ++a) for (;;)
for (;;)