Pentesting
A Logic bomb typically has how many parts?
2
Port number _____ is used for SMTP?
25
Which of the following specifies security standards for wireless?
802.11i
What is an ICMP echo scan?
A Ping Sweep
Which of the following is true of a worm? (select two)
A worm is a form of malware., A worm replicates on its own.
What response is missing in a SYN flood attack?
ACK
What is a rouge access point?
An access point not managed by the company
An overt channel is _________.
An obvious method of using a system.
What utility can be used to stop auditing or logging of events?
Auditpol
Session hijacking can be thwarted with which of the following?
Authetication
A common attack against web servers and web applications is ___________.
Buffer overflow
How is a brute force attack preformed?
By trying all possible combinations of characters
A Session hijack cab be initiated from all the following except which one?
Cookies and devices
SQL injection attacks are aimed at which of the following?
Databases
What type of database has information spread across many desperate systems?
Distributed
What is the last phase before you attempt to gain access to systems?
Enumeration
Groups and individuals who hack systems based on principle or personal beliefs are know as __________.
Hacktivists
Groups and individuals who hack web server or web application based on a principle or personal belief are?
Hacktivists
Wireless access points function as ______.
Hub
Session hijacking can be performed on all the following except which one?
IPSEC
Which technology can provide protection against session hijacking?
IPSec
A banner can do what?
Identify a service
You receive word of an unauthorized charge to you credit card. What type of attack is this?
Identity Theft
An SSID is used to do which of the following?
Identity of a network
What option would you use to install software that's not from the Google Play store?
Install from unknown sources
Using __________, when talking to a victim can make the attack easier.
Keywords
Is a hash used to store passwords in older Windows systems.
LM
Which DoS attack sends traffic with a spoofed IP of the target itself?
Land
Android is based on which operating system?
Linux
What is used to monitor application errors and violations on a web server or application?
Logs
When a device is rooted, what is the effect on security?
Lowered
Social Engineering is designed to _______.
Manipulate human behavior
SNMP is used for which of the following?
Monitor Network Devices
Alternate data streams are supported in which file systems
NTFS
An attacker can use which technique to influence a victim?
Name-Dropping
What type of scan is designed to locate all active hosts on a network?
Network Scan
NTP stands for
Network Time Protocol
A password attack that does not require technical skill or knowledge.
Nontechnical Attack
Which type of DNS record helps in mapping an IP address to a hostname?
PTR
What does the enumeration phase not discover?
Ports
Adding to and removing from a program stack are known as what?
Push and pop
Identify the hacking phase in which an attacker tries to gather information about the target prior to launch an attack.
Reconnaissance
can be used to attack databases.
SQL injections
is used to audit databases.
SQLPing
A POODLE attack targets what exactly?
SSL
Bluejacking is a means of which of the following?
Sending unsolicited messages
From the following, identify the attack in which an attacker exploit default configuration and settings of off-the-self libraries and code.
Shrink- Wrap Code Attacks
Which of the following is designed to locate wireless access points?
Site Survey
What is the most common sign of a DoS attack?
Slow Performance
An ethical hacker sends a packet with a deliberate and specific path to its destination. What technique is being used?
Source Routing
What can an error message tell an attacker?
Success of an attack, Failure of an attack, structure of a database
A DNS zone transfer is used to do which of the following?
Synchronize server information
What is the key difference between a smurf and a fraggle attack?
TCP vs UDP
Which of the following is not a Trojan?
TCPTROJAN
What is an eight in one DoS tool that can launch such attacks as land and teardrop?
Targa
Why would you use a proxy to preform a scan?
To enhance Anonymity
What is the goal of Network mapping?
To gain a clearer picture of the network
A man-in-the-browser attack is typically enabled by using which mechanism?
Trojans
What protocol is used to carry out a fraggle attack?
UDP
Session fixation is a vulnerability in which of the following?
Web applications
WEP is designed to offer security comparable to which of the following?
Wired Networks
Which of the following is another name for a record in a database?
cell
Which command can be used to view NetBIOS information?
nbtstat
Which command is used to limit data in SQL server?
WHERE
Which of the following is a device used to perform a DoS on a wireless network?
WIFI Jammer
Which of the following makes WPA easy to defeat?
WPS Support
XSS is typically targeted toward which of the following?
Web Browsers
Session hijacking can be used against a mobile device using all the following Except?
Worms
Google supports several advanced operators that help in modifying the search. Which ofthe following Google advanced search operator displays the web pages stored in the Google cache
[cache:]
What is a client-to-client wireless connection called?
ad hoc
Which of the following is not a source of session IDs?
Anonymous login
An attacker can use a(n) _______ to return to a system.
Backdoor
__________ can be used to identify a web server.
Banner Grab
A good defense against password guessing is ___________.
Complex Passwords
Databases can be a victim of a code exploits depending on which of the following?
Configuration
What is used to store session information?
Cookie
Which of the following is used to access content outside the root of a website?
Directory Traversing
What may be helpful in protecting the content of a web server from being viewed by unauthorized personnel?
Encryption
A blind SQL injection attack is used when which of the following is true?
Error messages are not available
Humans tend to follow set patterns and behaviors known as ________.
Habits
Which technology can provide protection against session hijacking?
IPSEC
A sparse infector virus ________.
Infects Files Selectively
In a DoS attack, what communications channel is commonly used to orchestrate the attack?
Internet Relay Chat (IRC)
Warchalking is used to do which of the following?
Make others aware of a wireless network
What is main difference between DoS and DDoS?
Number of Attackers
iOS is based on which operating system?
OS X
Which of the following is an example of a server-side scripting language?
PHP
What could a company do to protect itself from a lass of date when a phone is stolen?
Passwords, Encryption, Remote wipe
An attack that includes an enticing link to click on, is what type of attack?
Phishing
What is the benefit of encryption on mobile devices?
Protection of data on lost or stolen devices
Web applications are used to _________.
Provide Dynamic Content
is a type of offline attack
Rainbow Attacking
Which attack can be used to take over a previous session?
Session Hijacking
In which type of Social engineering technique does an attacker secretly observers the target to gain critical information such as passwords, credit card information, etc.?
Shoulder Surfing
Social Engineering can be thwarted using what kind of controls? (select all that apply)
Technical , Administative, Physical
Social Engineering preys on many weaknesses, including _____________. (choose all that apply)
Technology, People, Human nature, Physical
What is the best option for thwarting social-engineering attacks?
Training
A man-in-the-browser attack delivered by a piece of malware can be prevented by which of the following?
AV
Jailbreaking a phone refers to what?
Acquiring root access on a device
Phishing can be mitigated through the use of _______. (choose two)
Spam filtering, Education
