chap 4 quiz
You are about to target a Linux server and would like to attempt access to the passwords. Which of the following folders is where you would find them?
/etc
during enumeration what port may specifically indicate a portmapper on a linux computer?
111
which of the following matches the common padding dounf on the end of short wundows LanMan(LM) passwords?
1404EE
during enumeration, what port may specifically indicate a windows computer and most likely not a linux computer?
445
Which of the following tools can be used to clear the Windows logs?
ELsave
When discussing Windows authentication, which of the following is considered the weakest?
LM
You have gained access to a system. You would now like to hide a file that will be hidden and streamed behind another. Which of the following file systems is required?
NTFS
microsoft uses various techniques to protect user account information. The second layer of security on the SAM file is known as what?
SYSKEY
As part of a review of an access control system, you have been asked to recommend a replacement for the username/password system that is currently used. As such, which of the following is best when selecting a biometric system?
a low crossover error rate
which of the following is considered a nontechnical attack?
dumpster diving
which of the following is a tool commonly used for enumeration?
hyena
Which of the following types of biometric systems is considered the most accurate?
iris scanning
What is one of the disadvantages of using John the Ripper?
it cannot differentiate between uppercase and lowercase passwords
SNMP is a protocol used to query hosts and other network devices about their network status. One of its key features is its use of network agents to collect and store management information, such as the number of error packets received by a managed device. Which of the following makes it a great target for hackers?
it sends community strings in clear text
Which of the following types of rootkits would be found at ring 0?
kernel
if you were going to enumerate DNS, which of the following tools could you use?
nslookup
After finding port 161 open on a targeted system, you have decided to attempt to guess what passwords/community strings to use. Which of the following should you try first?
public/private
Which of the following uses the faster time-memory trade-off technique and works by precomputing all possible passwords in advance?
rainbow tables
You are part of an incident response team. You have discovered that an attacker broke into the network, planted a rootkit, and secretly installed a cryptominer. To contain the incident and complete the investigation, what is the best alternative now that you found a rootkit has been installed on one of your computers?
rebuild from known good media
When reviewing the Windows core design, which of the following corresponds to user mode and is the level of least privilege?
ring 3
which format stores windows passwords in a 14-character field?
salted
Which of the following protocols uses UDP port 514?
syslog
when reviewing a Windows domain, you are able to extract some account information. A RID of 500 is associated with what account?
the administrator account
Why would an attacker scan for port 445?
to scan for SMB services and verify that the system is windows OS
During a pen test, you have successfully gained access to a system. You are able to gain local administrator status on one workstation and have now moved to the local administrator on a second workstation. With this in mind, which of the following is true?
you have completed horizontal privilege escalation
