8.2.9 practice questions
Which of the following is used to remove files and clear the internet browsing history? User Account Control CCleaner cPassword Steganography
CCleaner CCleaner is a cleaning tool that can remove files and clear internet browsing history. It also frees up hard disk space. It clears the temporary files, history, and cookies from each of the six major search engines. User Account Control's goal is to prevent unauthorized changes from happening on your system. It does this by running all processes on the system as a limited user by default. UAC was introduced back in Windows Vista, and it's been used in all versions of Windows ever since then. cPasswords is the name of the attribute that stores passwords in a Group Policy preference item in Windows. Steganography is the method of embedding data into legitimate files like graphics, banner ads, or plain text messages to hide it and then extracting the data once it reaches its destination, hiding messages or files in plain sight.
A hacker has gained physical access to a system and has changed an administrator's account password. Which of the following tools did the hacker most likely use to accomplish this? CCleaner StegoStick Timestomp Ultimate Boot CD
Ultimate Boot CD; it is a tool that you can put on a disc or a flash drive that has many tools to facilitate recovering a machine. The intended use is to help people who have lost data, forgotten their password, or corrupted their operating system. For us, it's a treasure trove of hacking tools. One of its capabilities is to change an administrator's account passwords.
Which of the following is the name of the attribute that stores passwords in a Group Policy preference item in Windows? LSASS cPasswords SPNs SAM
cPasswords; it is the name of the attribute that stores passwords in a Group Policy preference item in Windows. This attribute is easy to exploit because Microsoft publishes the public key for the encryption of the account credentials in the group policy preferences. These preferences allow domain admins access to create and deploy in any local user or local admin accounts. The cpasswords are stored in the SYSVOL folder on the domain controllers in an encrypted XML file. Any user can view the public key and decrypt the passwords to escalate their security privileges.
Which of the following best describes the Security Account Manager (SAM)? A protocol that allows authentication over an unsecure network through tickets or service principal names. A file in the directory that performs the system's security protocol. The attribute that stores passwords in a Group Policy preference item in Windows. A database that stores user passwords in Windows as an LM hash or a NTLM hash.
A database that stores user passwords in Windows as an LM hash or a NTLM hash.
An attacker installed a malicious file in the application directory. When the victim starts installing the application, Windows searches in the application directory and selects the malicious file instead of the correct file. The malicious file gives the attacker remote access to the system. Which of the following escalation methods best describes this scenario? Clear text credentials in LDAP Unattended installation Kerberoasting DLL hijacking
DLL hijacking; It can happen during an application installation. Windows applications usually search the application directory from which they were loaded before they attempt a fully qualified path when loading an external DLL library. If an attacker has installed a malicious DLL in the application directory before the application installation has begun, then the application will search the Windows system directory and choose the malicious DLL. Then the attacker has remote access to the system.
Roger, a security analyst, wants to tighten up privileges to make sure each user has only the privileges they need to do their work. Which of the following additional countermeasure could he take to help protect privilege? Instigate multi-factor authentication and authorization. Restrict the interactive logon privileges. Allow unrestricted interactive logon privileges. Create plain text storage for passwords.
Instigate multi-factor authentication and authorization. Instigating multi-factor authentication and authorization is important for preventing escalation because it adds more layers to protect unauthorized access
Which of the following privilege escalation risks happens when a program is being installed without the constant supervision of the IT employee and fails to clean up after? Unattended installation DLL hijacking Kerberoasting Gaining credentials in LSASS
Unattended installation; While being able to install a program throughout a network without having to sit at every computer and having to stay involved with the process during the installation is often necessary, the process comes with risks. If the administrator fails to go back and clean up after the installation, a file called Unattended is left on the individual workstations. The Unattended file is an XML file and has configuration settings used during the installation that can contain the configuration of individual accounts to include admin accounts, making privilege escalation easy on each computer.
Which of the following extracts service account credentials from Active Directory using a brute force for offline cracking over a non-secure network by using tickets or service principal names (SPNs)? Credentials in LSASS DLL hijacking Unattended installation Kerberoasting
Kerberoasting is a protocol that allows authentication over a non-secure network by using tickets or service principal names (SPNs). DLL hijacking is when malicious DLL (dynamic link library) is inserted in a directory, and a service or application follows that malicious path instead of the correct path. In Microsoft Windows, the local security authority subsystem service (LSASS) is a file in the directory that performs the security protocol of the system. It's an essential part of the security process as it verifies user logins, creates access tokens, and handles the password changes. Installing a program throughout a network without having to sit at every computer and having to stay involved with the process during the installation is often necessary, but it does have risks. If the administrator fails to go back and clean up after the installation, a file called Unattended is left on the individual workstations. The Unattended file is an XML file and has configuration settings used during the installation that can contain the configuration of individual accounts to include admin accounts, making for easy privilege escalation on each computer.
Which of the following is a tool for cracking Windows login passwords using rainbow tables? GreyFish ERD Commander Ophcrack Trinity Rescue Kit
Ophcrack; it is a tool for cracking Windows login passwords. It uses rainbow tables and has the capability to receive hashes in many formats. It is an open-source program and free to download.
