Computer Security Final
A security analyst is using tcpdump to capture suspicious traffic detected on port 443 of a server. The analyst wants to capture the entire packet with hexadecimal and ascii output only. Which of the following tcpdump options will achieve this output?
-SX port 443
Jorge, a hacker, has gained access to a Linux system. He has located the usernames and IDs. He wants the hashed passwords for the users that he found. Which file should he look in?
/etc/shadow
Which of the following ports are used by null sessions on your network?
139 and 445
Which of the following best describes an anti-virus sensor system?
A collection of software that detects and analyzes malware.
The program shown is a crypter. Which of the following best defines what this program does?
A crypter can encrypt, obfuscate, and manipulate malware to make it difficult to detect.
Which of the following best describes a script kiddie?
A hacker who uses scripts written by much more talented individuals
You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You have used Wireshark to capture a series of packets. Using the tcp contains Invoice filter, you have found one packet. Using the captured information shown, which of the following is the name of the company requesting payment?
ACME, Inc
The Stuxnet worm was discovered in 2010 and was used to gain sensitive information on Iran's industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet?
APT
As part of your penetration test, you are using Ettercap in an attempt to spoof DNS. You have configured the target and have selected the dns_spoof option (see image). To complete the configuration of this test, which of the following MITM options should you select?
ARP poisoning
Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on the network?
ARP poisoning
As the cybersecurity specialist for your company, you believe a hacker is using ARP poisoning to infiltrate your network. To test your hypothesis, you have used Wireshark to capture packets and then filtered the results. After examining the results, which of the following is your best assessment regarding ARP poisoning?
ARP poisoning is occurring, as indicated by the duplicate response IP address.
Which of the following is the difference between an ethical hacker and a criminal hacker?
An ethical hacker has permission to hack a system, and a criminal hacker doesn't have permission.
Which of the following best describes an inside attacker?
An unintentional threat actor; the most common threat
The Simple Network Management Protocol (SNMP) is used to manage devices such as routers, hubs, and switches. SNMP works with an SNMP agent and an SNMP management station in which layer of the OSI model?
Application Layer
[ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~] are the possible values in which of the following hash types?
Ascii-32-95
Which of the following do hackers install in systems to allow them to have continued admittance, gather sensitive information, or establish access to resources and operations within the system?
Backdoors
Which enumeration process tries different combinations of usernames and passwords until it finds something that works?
Brute Force
You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using?
Brute Force
Which of the following laws is designed to regulate emails?
CAN-SPAM Act
Which of the following are network sniffing tools?
Cain and Abel, Ettercap, and TCPDump
Which of the following includes all possible characters or values for plaintext?
Charset
Daphne has determined that she has malware on her Linux machine. She prefers to only use open-source software. Which anti-malware software should she use?
ClamAV
Which of the following packet crafting software programs can be used to modify flags and adjust other packet content?
Colasoft
A penetration tester is trying to extract employee information during the reconnaissance phase. What kinds of data is the tester collecting about the employees?
Contact names, phone numbers, email addresses, fax numbers, and addresses
You want a list of all open UDP and TCP ports on your computer. You also want to know which process opened the port, which user created the process, and what time is was created. Which of the following scanning tools should you use?
Currports
Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack?
DNS cache poisioning
Which of the following elements of penetration testing includes the use of web surfing, social engineering, dumpster diving, and social networking?
Information gathering techniques
Which of the following is the first step you should take if malware is found on a system?
Isolate the system from the network immediately.
Which of the following is a benefit of using a proxy when you find that your scanning attempts are being blocked?
It filters incoming and outgoing traffic, provides you with anonymity, and shields you from detection.
Patrick is planning a penetration test for a client. As part of this test, he will perform a phishing attack. He needs to create a virus to distribute through email and run a custom script that will let him track who has run the virus. Which of the following programs will allow him to create this virus?
JPS
A virus has replicated itself throughout the infected systems and is executing its payload. Which of the following phases of the virus lifecycle is the virus in?
Launch
Which of the following virus types is shown in the code below?
Logic Bomb
What's the name of the open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses, and other information?
Maltego
A hacker finds a system that has a poorly design and unpatched program installed. He wants to create a backdoor for himself. Which of the following tools could he use to establish a backdoor?
Metasploit
Social engineers are master manipulators. Which of the following are tactics they might use?
Moral obligation, ignorance, and threatening
A ping sweep is used to scan a range of IP addresses to look for live systems. A ping sweep can also alert a security system, which could result in an alarm being triggered or an attempt being blocked. Which type of scan is being used?
Network Scan
Whois, Nslookup, and ARIN are all examples of:
Network footprinting tools
Using Wireshark, you have used a filter to help capture only the desired types of packets. Using the information shown in the image, which of the following best describes the effects of using the host 192.168.0.34 filter?
Only packets with 192.168.0.34 in either the source or destination address are captured.
Using Wireshark, you have used a filter to help capture only the desired types of packets. Using the information shown in the image, which of the following best describes the effects of using the net 192.168.0.0 filter?
Only packets with either a source or destination address on the 192.168.0.0 network are captured.
Which of the following flags is used by a TCP scan to direct the sending system to send buffered data?
PSH
Sam has used malware to access Sally's computer on the network. He has found information that will allow him to use the underlying NTLM to escalate his privileges without needing the plaintext password. Which of the following types of attacks did he use?
Pass the hash
Which of the following techniques involves adding random bits of data to a password before it is stored as a hash?
Password Salting
Which of the following system exploitation methods happens by adding a malicious file to a file path that is missing quotation marks and has spaces in it?
Path interception
Which of the following scans is used to actively engage a target in an attempt to gather information about it?
Port Scan
Using a fictitious scenario to persuade someone to perform an action or give information they aren't authorized to share is called:
Pretexting
Alex, a security specialist, is using an Xmas tree scan. Which of the following TCP flags will be sent back if the port is closed?
RST
Jack is tasked with testing the password strength for the users of an organization. He has limited time and storage space. Which of the following would be the best password attack for him to choose?
Rainbow Attack
When a penetration tester starts gathering details about employees, vendors, business processes, and physical security, which phase of testing are they in?
Reconnaissance
Part of a penetration test is checking for malware vulnerabilities. During this process, the penetration tester will need to manually check many different areas of the system. After these checks have been completed, which of the following is the next step?
Run anti-malware scans
TCP is a connection-oriented protocol that uses a three-way handshake to establish a connection to a system port. Computer 1 sends a SYN packet to Computer 2. Which packet does Computer 2 send back?
SYN/ACK
Anti-malware software utilizes different methods to detect malware. One of these methods is scanning. Which of the following best describes scanning?
Scanning uses live system monitoring to detect malware immediately. This technique utilizes a database that needs to be updated regularly. Scanning is the quickest way to catch malware programs.
You are using an iOS device. You want to scan networks, websites, and ports to find open network devices. Which of the following network mapping tools should you use?
Scany
Which of the following malware types shows the user signs of potential harm that could occur if the user doesn't take a certain action?
Scareware
Analyzing emails, suspect files, and systems for malware is known as which of the following?
Sheep dipping
Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to?
Shoulder Surfing
What does the Google Search operator allinurl:keywords do?
Shows results in pages that contain all of the listed keywords.
Carl received a phone call from a woman who states that she is calling from his bank. She tells him that someone has tried to access his checking account and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password. Which of the following types of non-technical password attack has occured?
Social Engineering
MinJu, a penetration tester, is testing a client's security. She notices that every Wednesday, a few employees go to a nearby bar for happy hour. She goes to the bar and starts befriending one of the employees with the intention of learning the employee's personal information. Which information gathering technique is MinJu using?
Social Engineering
Any attack involving human interaction of some kind is referred to as:
Social engineering
Which of the following best describes shoulder surfing?
Someone nearby watches you enter your password on your computer and records it.
You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this?
Spim
Which of the following is malware that works by stealth to capture information and then sends it to a hacker to gain remote access?
Spyware
You have just captured the following packet using Wireshark and the filter shown. Which of the following is the captured password?
St@y0ut!@
What port does a DNS zone transfer use?
TCP 53
LDAP is an internet protocol for accessing distributed directory services. If this port is open, it indicates that Active Directory or Exchange may be in use. What port does LDAP use?
TCP/UDP 389
Typically, you think of the username as being the unique identifier behind the scenes, but Windows actually relies on the security identifier (SID). Unlike the username, a SID cannot be used again. When viewing data in the Windows Security Account Manager (SAM), you have located an account ending in -501. Which of the following account types did you find?
The built-in guest
Hackers can maintain access to a system in several ways. Which of the following best describes the unsecure file and folder method?
This can lead to DLL hijacking and malicious file installations on a non-admin targeted user.
Which statement best describes a suicide hacker?
This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught
The process of analyzing an organization's security and determining its security holes is known as:
Threat Modeling
You have just run the John the Ripper command shown in the image. Which of the following was this command used for?
To extract the password hashes and save them in the secure.txt file
Heather wants to gain remote access to Randy's machine. She has developed a program and hidden it inside a legitimate program that she is sure Randy will install on his machine. Which of the following types of malware is she using?
Trojan Horse
A hacker has managed to gain access to the /etc/passwd file on a Linux host. What can the hacker obtain from this file?
Usernames, but no passwords
Which of the following best describes IPsec enumeration?
Uses ESP, AH, and IKE to secure communication between VPN endpoints.
What type of scan is used to find system weaknesses such as open ports, access points, and other potential threats?
Vulnerability Scan
A technician is using a modem to dial a large block of phone numbers in an attempt to locate other systems connected to a modem. Which type of network scan is being used?
Wardialing
An attack that targets senior executives and high-profile victims is referred to as:
Whaling
Which type of threat actor only uses skills and knowledge for defensive purposes?
White Hat
Iggy, a penetration tester, is conducting a black box penetration test. He wants to do reconnaissance by gathering information about ownership, IP addresses, domain name, locations, and server types. Which of the following tools would be most helpful?
Whois
Heather is performing a penetration test of her client's malware protection. She has developed a malware program that doesn't require any user interaction and wants to see how far it will spread through the network. Which of the following types of malware is she using?
Worm
Which of the following actions was performed using the WinDump command line sniffer?
Wrote packet capture files from interface 1 into mycap.pcap.
You get a call from one of your best customers. The customer is asking about your company's employees, teams, and managers. What should you do?
You should not provide any information and forward the call to the help desk.
Which of the following enumeration tools provides information about users on a Linux machine?
finger
Using Wireshark filtering, you want to see all traffic except IP address 192.168.142.3. Which of the following is the best command to filter a specific source IP address?
ip.src ne 192.168.142.3
Shawn, a malicious insider, has obtained physical access to his manager's computer and wants to listen for incoming connections. He has discovered the computer's IP address, 192.168.34.91, and he has downloaded netcat. Which of the following netcat commands would he enter on the two computers?
nc -l -p 2222 (manager's computer) and nc -nv 192.168.34.91 2222 (Shawn's machine)
Daphne suspects a Trojan horse is installed on her system. She wants to check all active network connections to see which programs are making connections and the FQDN of where those programs are connecting to. Which command will allow her to do this?
netstat -f -b
You are in the reconnaissance phase at the XYZ company. You want to use nmap to scan for open ports and use a parameter to scan the 1,000 most common ports. Which nmap command would you use?
nmap -sS xyzcompany.com
You have found the IP address of a host to be 172.125.68.30. You want to see what other hosts are available on the network. Which of the following nmap commands would you enter to do a ping sweep?
nmap -sn 172.125.68. 1-255
You have created and sorted an md5 rainbow crack table. You want to crack the password. Which of the following commands would you use to crack a single hash?
rcrack . -h 202cb962ac59075b964b07152d234b70
You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You have used Wireshark to capture a series of packets. Using the tcp contains Invoice filter, you have found one packet. Using the captured information shown, which of the following is the account manager's email address?
Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in?
Development Phase
Which of the following parts of the Trojan horse packet installs the malicious code onto the target machine?
Dropper
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?
Dumpster Diving
Xavier is doing reconnaissance. He is gathering information about a company and its employees by going through their social media content. Xavier is using a tool that pulls information from social media postings that were made using location services. What is the name of this tool?
Echosec
Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique?
Elitication
In which phase of the ethical hacking process do you gather information from a system to learn more about its configurations, software, and services?
Enumeration
Randy is an ethical hacker student. He has learned how nmap flag manipulation can help find open ports. Although the name of the operating system did not jump right out at him, he might be able to figure it out by reviewing packet information. In a packet, Randy can see a TTL of 255 and a window size of 4128. What type of scanning process is Randy using?
Fingerprinting
Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and instructed him how to secure the system. What type of hacker is Miguel in this scenario?
Gray Hat
Which of the following best describes the scan with ACK evasion method?
Helps determine whether the firewall is stateful or stateless and whether or not the ports are open
Rudy is analyzing a piece of malware discovered in a pentest. He has taken a snapshot of the test system and will run the malware. He will take a snapshot afterwards and monitor different components such as ports, processes, event logs, and more for any changes. Which of the following processes is he using?
Host integrity monitoring
A hacker finds a target machine but wants to avoid getting caught, so the hacker finds another system to take the blame. This system is frequently called a zombie machine because it's disposable and creates a good distraction. Which of the following port scans is being used?
Idle Scan
