Ethical Hacking Final Part 6
What is a PSK?
Pre-Shared Key, A key entered into each client
A closed network is typically which of the following?
Private network
Which of the following uses an asymmetric algorithm?
RSA, Diffie Hellman, Eliptic Curve, CRYSTALS-Kyber
Bluesnarfing is used to perform what type of attack?
Read information from a Bluetooth device
What type of database used multiple tables linked together in complex relationships?
Relational Database
Bluejacking is a means of which of the following?
Sending unsolicited messages to a bluetooth device
Which of the following is designed to locate wireless access points?
Site survey
What can an error message tell an attacker?
Success of an attack, failure of an attack, structure of a database
A security camera picks up someone who doesn't work at the company following closely behind an employee while they enter the building. What type of attack is taking place?
Tailgating
Physical security can prevent which of the following?
Tailgating
What can be used along with WPA to improve security?
VPN
Which feature makes WPA easy to defeat?
WPS support
802.11 was developed by IEEE in?
1997
Which fire suppression system class is required for protecting server rooms full of computing equipment?
a class C fire extinguisher
What is a drop ceiling?
a false ceiling
Lock-pick sets typically contain which of the following at a minimum?
a pick and a tension wrench
Which of the following could be considered required components of an alarm systems?
a visual and audio alerting method
What is a vulnerability scan designed to provide to those executing it?
A way to reveal vulnerabilities
What is a rogue access point?
An access point not managed by an organization that is in their spaces.
AirPcap is used to do which of the following?
Assist in sniffing wireless traffic
A honeyspot is designed to do what?
Attract victims to connect to it to sniff connections
A _______ is used to prevent cars from ramming a building.
Bollard
Monitor mode is used by wireless cards to do what?
Capture info of wireless networks
A hashing algorithm producing the same hash value for two or more files is called?
Collision
Which of the following is not a component of public key infrastructure?
Components: RA, CA, TAs, Directory Service/LDAP, App Server, Revocation Service
What type of database has its information pread across many disparate systems?
Distributed Databse
A blind SQL injection attack is used when which of the following is true?
Error messages are not available
True or False, A symmetric encryption algorithm uses different keys for encryption and decryption?
FALSE
True or False, An anomaly detection IDS relies on a database of known attacks?
FALSE
Which of the following is a wall that is less than full height?
False wall
Which of the following uses a symmetric algorithm?
HMAC, AES, DES, Blowfish...
An SSID is used to do which of the following?
Identify a network
When a wireless client is attached to an access point, it is known as which of the following?
Infrastructure Network
While gueards and dogs are both good for physical security, which of the following is a concen with dogs?
Liability
The wardriving process involves which of the following?
Locating wireless networks
Warchalking is used to do which of the following?
Make others aware of a wireless network
Which of the following is a good defense against tailgating and piggybacking?
Mantraps
An anomaly detection IDS that relies on a database of known attacks
Pattern matching systems
Which of the following tools could you use to crack a wireless network's pre-shared key?
aircrack-ng
Which intrusion prevention system can be used in conjunction with fences?
bollards
What is a type of combination lock?
cipher lock
Phishing takes place using _______
Which type of biometric system is frequently found on laptops buy can be used on entry ways as well?
fingerprint
In social engineering a proxy is used to______
keep an attacker's origin hidden
Social engineering can be used to carry out email campaigns known as ______
phishing
What is the best option for thwarting social-engineering attacks?
training
Social engineering can use all of the following except ________
viruses
For a fence to deter a determined intruder, it should be at least how many feet tall?
8 Feet
Which of the following operates at 5GHz?
802.11a
When talking to a victim, using ______ can make an attack easier.
keywords
Janet receives an email enticing her to click a link. But when she click this link she is taken to a website for her bank, asking her to reset her acconut info. However, Janet noticed that the bank is not hers and the website is not for her bank. What type of attack is this?
phishing
Jennifer receives an email claiming that her bank account information has been lost and that she needs to click a link to update the bank's database. However, she doesn't recognize the bank, because it is not one she does business with. What type of attack is she being presented with?
phishing
Training and educations of end users can be used to prevent _________
phishing
WEP is designed to offer security comparable to which of the following?
Wired networks
Which of the following is not a common Snort keyword?
anything that isn't -content, -ack, -flags, -id, -ttl, -msg
Which of the following is not a method of identifiying a firewall?
anything that isn't firewalking, port scanning, banner grabbing
Human beings tend to follow set patterns and behaviors known as ______
habits
Social engineering is designed to ________
manipulate human behavior
What is another word for portals?
mantraps
Which mechanism can be used to influence a targeted individual?
means of dress or appearance
An attacker can use which technique to influence a victim?
name-dropping
Social engineering preys on many weaknesses, including _______
technology, human nature, people
Which of the following is a device used to perform a DoS on a wireless network?
WiFi Jammer
Which of the following is a characteristic of USB flash drives that makes security a problem?
easily hidden
What mechanism is intended to deter theft of hard drives?
encryption
Frequency of type 2 errors is also known as what?
false rejection rate
What is the first defense that a physical intruder typically encounters?
fences
Jason notices that he is receiving mail, phone calls, and other requests for information. He has also noticed some problems with his credit checks such as bad debts and loans he did not participate in. What type of attack did Jason become a victim of?
identity theft
Jason receives notices that he has unauthorized charges on his credit card account. What type of attack is Jason a victim of?
identity theft
During an assessment you discovered that the target company was using a fax machine. Which of the following is the least important?
the phone is publicly available
In the field of IT security, the concept of defense in depth is the layering of more than one control on another. Why is this?
to provide better protection
802.11b was released in ____ and operates in the 2.4GHz range
1999
What is a client-to-client connection called?
Ad-Hoc Network
Which of the following is another name for a record in a database?
row
Phishing can be mitigated through the use of ______
spam filtering
Social engineering can be thwarted using what kinds of controls?
technical, administrative, physical
Which of the following options shows the protocols in order from strongest to weakest?
WPA2, WPA, WEP, Public/Open Network
Which of the following is a detective control when not used in real time?
Alarm
Which of the following specifies security standards for wireless?
802.11i
