Attack - 1530 - Final 4
Which of the following best describes active scanning?
A scanner to a network node to determine exposed ports and can also independently repair security flaws.
An attacker installed a malicious file in the application directory. When the victim starts installing the application, Windows searches in the application directory and selects the malicious file instead of the correct file. The malicious file gives the attacker remote access to the system. Which of the following escalation methods best describes this scenario?
DLL hijacking
Which of the following could a hacker use Alternate Data Streams (ADS) for?
Hiding evidence
Which of the following assessment types focus on all types of user risks, including threats from malicious users, ignorant users, vendors, and administrators?
Host-based assessment
Which of the following flags is used by a TCP scan to direct the sending system to send buffered data?
PSH
Jack is tasked with testing the password strength for the users of an organization. He has limited time and storage space. Which of the following would be the best password attack for him to choose?
Rainbow attack
Which of the following includes a list of resolved vulnerabilities?
Security vulnerability summary
Which of the following solutions creates the risk that a hacker might gain access to the system?
Service-based
Which of the following phases of the vulnerability management lifecycle implements patches, hardening, and correction of weaknesses?
The remediation phase
Diana, a penetration tester, executed the following command. Which answer describes what you learn from the information displayed?
This is a DNS zone transfer?.
Which of the following are the three metrics used to determine a CVSS score?
Base, temporal, and environmental
Which enumeration process tries different combinations of usernames and passwords until it finds something that works?
Brute force
Which of the following government resources is a directory of known patters of cyberattacks used by hackers?
CAPEC
You want a list of all open UDP and TCP ports on your computer. You also want to know which process opened the port, which user created the process, and what time is was created. Which of the following scanning tools should you use?
Currports
Which of the following is also known as ZeroAccess and has virus, Trojan horse, and rootkit components?
Sirefef
Which of the following is malware that works by stealth to capture information and then sends it to a hacker to gain remote access?
Spyware
LDAP is an internet protocol for accessing distributed directory services. If this port is open, it indicates that Active Directory or Exchange may be use. Which port does LDAP use?
TCP/UDP 389
Which of the following best describes IPsec enumeration?
Uses ESP, AH, and IKE to secure communication between VPN endpoints.
Which of the following enumeration tools provides information about users on a Linux machine?
finger
You have created and sorted an md5 rainbow crack table. You want to crack the password. Which of the following commands would you use to crack a single hash?
rcrack . -h 202cb962ac59075b964b07152d234b70
Which of the following ports are used by null sessions on your network?
139 and 445
Who would be most likely to erase only parts of the system logs file?
A black hat hacker
The Simple Network Management Protocol (SNMP) is used to manage devices such as routers, hubs, and switches. SNMP works with an SNMP agent and an SNMP management station in which layer of the OSI model?
Application Layer
Which of the following best describes a rootkit?
Can modify the operating system, and the utilities of the target system.
Which of the following best describes the scan with ACK evasion method?
Helps determine whether the firewall is stateful or stateless and whether or not the ports are open.
Hackers can maintain access to a system in several ways. Which of the following best describes the unsecure file and folder method?
This can lead to DLL hijacking and malicious file installations on a non-admin targeted user.
You have just run the John the Ripper command shown in the image. Which of the following was his command used for?
To extract the password hashes and save them in the secure.txt file.
A technician is using a modem to dial a large block of phone numbers in an attempt to locate other systems connected to a modem. Which type of network scan is being used?
Wardialing
Jorge, a hacker, has gained access to a Linux system. He has located the usernames and IDs. He wants the hashed passwords for the users that he found. Which file should he look in?
/etc/shadow
Which of the following best describes the Security Account Manager (SAM)?
A database that stores user passwords in Windows as an LM hash or a NTLM hash.
Which of the following is used to remove files and clear the internet browsing history?
CCleaner
The list of cybersecurity resources below are provided by which of the following government sites? Information exchange Training and exercises Risk and vulnerability assessments Data synthesis and analysis Operational planning and coordination Watch operations Incident response and recovery
CISA
As an ethical hacker, you are looking for a way to organize and prioritize vulnerabilities that were discovered in your work. Which of the following scoring systems could you use?
CVSS
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?
Dumpster diving
Which of the following is a protocol that allows authentication over a non-secure network by using tickets or service principle names (SPNs)?
Kerberoasting
After the enumeration stage, you have are considering blocking port 389. Your colleague has advised you to use caution when blocking ports that could potentially impact your network. Which of the following necessary services could be blocked?
LDAP
Which of the following would be the best open-source tool to use if you are looking for a web server scanner?
Nikto
Which of the following assessment types can monitor and alert on attacks but cannot stop them?
Passive
Which of the following techniques involves adding random bits of data to a password before it is stored as a hash?
Password salting
First, you must locate the live nodes in the network. Second, you must itemize each open port and service in the network. Finally, you test each open port for known vulnerabilities. There are the three basic steps in which of the following types of testing?
Penetration
Which of the following best describes the verification phase of the vulnerability management life cycle?
Proves your work to management and generates verifiable evidence to show that your patching and hardening implementations have been effective.
Alex, a security specialist, is using an Xmas tree scan. Which of the following TCP flags will be sent back if the port is closed?
RST
You are using an iOS device. You want to scan networks, websites, and ports to find open network devices. Which of the following network mapping tools should you use?
Scany
A hacker has gained physical access to a system and has changed an administrator's account password. Which of the following tools did the hacker most likely use to accomplish this>
Ultimate Boot CD
This government resource is a community-developed list of common software security weaknesses. They strive to create commonality in the descriptions of weaknesses of software security. Which of the following government resources is described?
CWE
Which of the following assessment types relies on each step to determine the next step, and then only tests relevant areas of concern?
Inference-based
Robby, a security specialist, is taking countermeasures for SNMP. Which of the following utilities would he most likely use to detect SNMP devices on the network that are vulnerable to attacks?
SNscan
TCP is a connection-oriented protocol that uses a three-way handshake to establish a connection to a system port. Computer 1 sends a SYN packer to Computer 2. Which packet does Computer 2 send back?
SYN/ACK
Mark is moving files from a device that is formatted using NTFS to a device that is formatted using FAT. Which of the following is he trying to get rid of?
Malicious alternate data streams.
Clive, a penetration tester, is scanning for vulnerabilities on the network, specifically outdated versions of Apple iOS. Which of the following tools should he use?
Nessus
What port does a DNS zone transfer use?
TCP 53
Which of the following best describes shoulder surfing?
Someone nearby watches you enter your password on your computer and records it.
You believe that your system has been hacker. Which of the following is the first thing you should check?
System log files
Which of the following do hackers install in systems to allow them to have continued admittance, gather sensitive information, or establish access to resources and operations within the system?
Backdoors
Shawn, a malicious insider, has obtained physical access to his manager's computer and wants to listen for incoming connections. He has discovered the computer's IP address, 192.168.34.91, and he has downloaded netcat. Which of the following netcat commands would he enter on the two computers?
nc -l -p 2222 (manager's computer) and nc -nv 192.168.34.91 2222 (Shawn's machine)
On your network, you have a Windows 10 system with the IP address 10.10.10.195. You have installed XAMPP along with some web pages, php, and forms. You want to put it on the public-facing internet, but you are not sure if it has any vulnerabilities. On your Kali Linux system, you have downloaded the nmap-vulners script from GitHub. Which of the following is the correct nmap command to run?
nmap --script nmap-vulners -sV 10.10.10.195
Which of the following includes all possible characters or values for plaintext?
Charset
In which phase of the ethical hacking process do you gather information from a system to learn more about its configurations, software, and services?
Enumeration
It may be tempting for an organization to feel secure after going through the process of penetration testing and the corrections and hardening that you must perform. Which of the following should you help them to understand?
Hackers have time on their side, and there will always be new threats to security.
Sam has used malware to access Sally's computer on the network. He had found information that will allow him to use the underlying NTLM to escalate his privileges without needing the plaintext password. Which of the following types of attacks did he use?
Pass the hash
There are two non-government sites that provide lists of valuable information for ethical hackers. Which of the following best describes the Full Disclosure site?
A mailing list that often shows the newest vulnerabilities before other sources.
You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using?
Brute force
The results section of an assessment report contains four sub-topics. Which of the following sub-sections contains the origin of the scan?
Classification
Hugh, a security consultant, recommended the use of an internal and external DNS to provide and extra layer of security. Which of the following DNS countermeasures is being used?
Split DNS
A hacker finds a target machine but wants to avoid getting caught, so the hacker finds another system to take the blame. This system is frequently called a zombie machine because it's disposable and creates a good distraction. Which of the following port scans is being used?
Idle scan
Which of the following packet crafting software programs can be used to modify flags and adjust other packet content?
Colasoft
Roger, a security analyst, wants to tighten up privileges to make sure that each user has only the privileges they need to do their work. Which of the following additional countermeasure could he take to help protect privilege?
Instigate multi-factor authentication and authorization.
Which of the following is a benefit of using a proxy when you find that you scanning attempts are being blocked?
It filters incoming and outgoing traffic, provides you with anonymity , and shields you from detection.
Which of the following best describes Qualys Vulnerability Management assessment tool?
It is a cloud-based service that keeps all your data in a private virtual database.
Jessica, an employee, has come to you with a new software package she would like to use. Before you purchase and install the software, you would like to know if there are any known security-related flaws or if it is commonly misconfigured in a way that would make it vulnerable to attack. You only know the name and version of the software package. Which of the following government resources would you consider using to find an answer to your question?
NVD
A ping sweep is used to scan a range of IP addresses to look for live systems. A ping sweep can also alert a security system, which could result in an alarm being triggered or an attempt being blocked. Which type of scan is being used?
Network scan
Which of the following is a tool for cracking Windows login passwords and using rainbow table?
Ophcrack
Joe wants to use a stealthy Linux tool that analyzes network traffic and returns information about operating systems. Which of the following banner grabbing tools is he most likely to use?
P0f
Which of the following system exploitation methods happens by adding a malicious file to a file path that is missing quotation marks and has spaces in it?
Path interception
Which of the following scans is used to actively engage a target in an attempt to gather information about it?
Port scan
Rose, an ethical hacker, has created a report that clearly identifies her findings and recommendations for locking down and organization's systems and patching problems. Which of the following phases of the vulnerability management life cycle is she working on?
Risk assessment
You are looking for a vulnerability assessment tool that detects vulnerabilities in mobile devices and gives you a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions. Which of the following vulnerability assessment tolls should you use?
SecurityMetrics Mobile
Carl received a phone call from a woman who states that she is calling from his bank. She tells him that someone has tried to access his checking account and she needs him to confirm his account number and password to discuss further details. He gives her is his account number and password. Which of the following types of non-technical password attack has occurred?
Social engineering
Typically, you think of the username as being the unique identifier behind the scenes, but Windows actually relies on the security identifier (SID). Unlike the username, a SID cannot be used again. When viewing data in the Windows Security Account Manager (SAM), you have located an account ending in -501. Which of the following accounts types did you find?
The built-in guest
James, a hacker, has hacked into a Unix system and wants to change the timestamps on some files to hide his tracks. Which of the following timestamp tools would he most likely use?
Touch
Which of the following privilege escalation risks happens when a program is being installed without the constant supervision of the IT employee and fails to clean up after?
Unattended installation
A hacker has managed to gain access to the /ect/passwd file on a Linux host. What can the hacker obtain from this file?
Usernames, but no passwords
What type of scan is used to find system weaknesses such as open ports, access points, and other potential threats?
Vulnerability scan
Phil, a hacker, has found his way into a secure system. He is looking for a Windows utility he can use to retrieve, set, back up, and restore logging policies. Which of the following utilities should he consider?
auditpol
Which of the following is the name of the attribute that stores passwords in a Group Policy preference item in Windows?
cPasswords
Nmap can be used for banner grabbing. Nmap connects to an open TCP port and returns anything sent in a five-second period. Which of the following is the proper nmap command?
nmap -sV --script=banner ip_address
Jaxon, a pentester, is discovering vulnerabilities and design flaws on the Internet that will open an operating system and applications to attack or misuse. Which of the following tasks is he accomplishing?
Vulnerability research
Which of the following best describes CCleaner?
A tool that can remove files and clear internet browsing history. It also frees up hard disk space. It clears the temporary files, history, and cookies from each of the six major search engines.
Karen received a report of all the mobile devices on the network. This report showed the total risk score, summary of revealed vulnerabilities, and remediation suggestions. Which of the following types of software generated this report?
A vulnerability scanner
[!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWZYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~] are the possible values in which of the following hash types?
Ascii-32-95
Randy is an ethical hacker student. He has learned how nmap flag manipulation can help find open ports. Although the name of the operating system did not jump right out at him, he might be able to figure it out by reviewing packet information. In a packet, Randy can see a TTL of 255 and a window size of 4128. What type of scanning process is Randy using?
Fingerprinting
You are an ethical hacker contracting with a medical clinic to evaluate their environment. Which of the following is the first thing you should do?
Define the effectiveness of the current security policies and procedures.
This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Open-source and commercial tools are both recommended for this assessment. Which of the following types of vulnerability research is being done?
Application flaws
Which of the following parts of the Trojan horse packet installs the malicious code onto the target machine?
Dropper
A virus has replicated itself throughout the infected systems and is executing its payload. Which of the following phases of the virus lifecycle is the virus in?
Launch
Which of the following best describes an anti-virus sensor system?
A collection of software that detects and analyzes malware.
The program shown is a crypter. Which of the following best defines what this program does?
A crypter can encrypt, obfuscate, and manipulate malware to make it difficult to detect.
Information transmitted by the remote host can be capture to expose the application type, application version, and even operating system type and version. Which of the following is a technique hackers use to obtain information about the services running on a target system?
Banner grabbing
Which of the following laws is designed to regulate emails?
CAN-SPAM Act
Daphne has determined that she has malware on her Linux machine. she prefers to only use open-source software. Which anti-malware software should she use?
ClamAV
Rudy is analyzing a piece of malware discovered in a pentest. He has taken a snapshot of the test system and will run the malware. He will take a snapshot afterwards and monitor different components such as ports, processes, event logs, and more for any change. Which of the following processes is he using?
Host integrity monitoring
Patrick is planning a penetration test for a client. As part of this test, he will perform a phishing attack. He needs to create a virus to distribute through email and run a custom script that will let him track who has run the virus. Which of the following programs will allow him to create this virus?
JPS
Which of the following virus types is shown in the code below?
Logic bomb
Part of a penetration test is checking for malware vulnerabilities. During this process, the penetration tester will need to manually check many different areas of the system. After these checks have been complete, which of the following is the next step?
Run anti-malware scans
Anti-malware software utilizes different methods to detect malware. One of these methods is scanning. Which of the following best describes scanning?
Scanning uses live system monitoring to detect malware immediately. This technique utilizes a database that needs to be updated regularly. Scanning is the quickest way to catch malware programs.
Which of the following malware types shows the user signs of potential harm that could occur if the user doesn't take a certain action?
Scareware
Which of the following best describes the heuristic or behavior-based detection method?
Searches for execution path hooking, which allows a function value in an accessible environment to be changed.
Analyzing emails, suspect files, and systems for malware is known as which of the following?
Sheep dipping
Cameron wants to send secret messages to his friend Brandon, who works at a competitor's company. To secure these messages, he uses a technique to hide a secret message within a video. Which of the following techniques is he using?
Steganography
The method of embedding data into legitimate files like graphics to hide it and then extracting the data once it reaches its destination is called:
Steganography
Heather wants to gain remote access to Randy's machine. She has developed a program and hidden it inside of a legitimate program that she is sure Randy will install on his machine. Which of the following types of malware is she using?
Trojan horse
Heather is performing a penetration test of her client's malware protection. She has developed a malware program that doesn't require any user interaction and wants to see how far it will spread through the network. Which of the following types of malware is she using?
Worm
Daphne suspects a Trojan horse is installed on her system. She wants to check all active network connections to see which programs are making connections and the FQDN of where those programs are connecting. Which command will allow her to do this?
netstat -f -b
A hacker finds a system that has a poorly design and unpatched program installed. He wants to create a backdoor for himself. Which of the following tools could he use to establish a backdoor?
Metasploit
Which of the following is the most basic way to counteract SMTP exploitations?
Ignore messages to unknown recipients instead of sending back error messages.
Which of the following is an online tool that is used to obtain server and web server information.
Netcraft
Which of the following best describes telnet?
The tool of choice for banner grabbing that operates on port 23.
In a world where so much private information is stored and transferred digitally, it is essential to proactively discover weaknesses. An ethical hacker's assessment sheds light on the flaws that can open doors for malicious attackers. Which of the following types of assessments does an ethical hacker complete to expose these weaknesses?
Vulnerability assessment
An ethical hacker is running an assessment test on your networks and systems. The assessment test includes the following times: Inspecting physical security Checking open ports on network devices and router configurations Scanning for Tojans, spyware, viruses, and malware Evaluating remote management processes Determining flaws and patches on the internal network systems, devices and servers Which of the following assessment tests is being performed?
Internal assessment
Jerry runs a tool to scan a clean database to create a database. The tool then scans the system again and compares the second scan to the clean database. Which of the following detection methods is Jerry using?
Integrity-based
Which of the following is the first step you should take if malware is found on a system?
Isolate the system from the network immediately.
