Ethical Hacking Midterm

Ace your homework & exams now with Quizwiz!

Charles found a song he wrote being used without his permission in a video on YouTube. Which law will help him protect his work?

DMCA

Which of the following services is most targeted during the reconnaissance phase of a hacking attack?

DNS

Dan wants to implement reconnaissance countermeasures to help protect his DNS service. Which of the following actions should he take?

Install patches against known vulnerabilities, and clean up out of date zones, files, users, and groups

What's the name of the open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses and other information?

Maltego

On her way to work, Angela accidentally left her backpack with a company laptop at the coffee shop. What type of threat has she caused the company? Environmental threat Cloud threat Man-made threat External threat

Man-made threat

Randy was just hired as a penetration tester for the red team. Which of the following best describes the red team?

Performs offensive security tasks to test the network's security.

During a penetration test, Dylan is caught testing the physical security. Which document should Dylan have on his person to avoid being arrested?

Permission to test

Which type of attack involves changing the boot order on a PC so that the hacker can gain access to the computer by bypassing the install operating system? Physical attack Opportunistic attack Man-made attack Environmental attack

Physical attack

Using a fictitious scenario to persuade someone to perform an action or give information they aren't authorized to share is called: Pretexting Footprinting Impersonation Preloading

Pretexting

A goal-based penetration test needs to have specific goals. Using SMART goals is extremely useful for this. What does SMART stand for?

Specific/Measurable/Attainable/Relevant/Timely

Miguel is performing a penetration test. His client needs to add Miguel's computer to the list of devices allowed to connect to the network. What type of security exception is this?

Whitelisting

Which of the following is a consideration when scheduling a penetration test?

Who is aware of the test?

Iggy, a penetration tester, is conducting a black box penetration test. He wants to do reconnaissance by gathering information about ownership, IP addresses, domain name, locations, and server types. Which of the following tools would be most helpful?

Whois

Which of the following best describes a lock shim? A cut to the number nine position When the pins are scraped quickly A thin, stiff piece of metal A small, angled, and pointed tool

A thin, stiff piece of metal

Which of the following best describes a non-disclosure agreement?

A common legal contract outlining confidential material that will be shared during the assessment.

Which of the following best describes a supply chain?

A company provides materials to another company to manufacture a product.

Heather is working for a cybersecurity firm based in Florida. She will be conducting a remote penetration test for her client, who is based in Utah. Which state's laws and regulations will she need to adhere to?

A lawyer should be consulted on which laws to adhere to and both parties agree.

Heather has been hired to work in a firm's cybersecurity division. Her role will include performing both offensive and defensive tasks. Which of the following roles applies to Heather?

A member of the purple team.

The following formula defines which method of dealing with risk? Cost of Risk > Damage = Risk _________

Acceptance

Which of the following best describes what FISMA does?

Defines how federal government data, operations, and assets are handled.

Which of the following best describes the rules of engagement document?

Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data.

You are in the process of implementing policies and procedures that require employee identification. You observe employees holding a secure door for others to pass through. Which of the following training sessions should you implement to help prevent this in the future? Why employees should wear their badge at all times How to prevent piggybacking and tailgating Why employees should never share their ID badge with anyone What to do if you encounter a person without a badge

How to prevent piggybacking and tailgating

Which of the following is considered a mission-critical application?

Medical Database

What does an organization do to identify areas of vulnerability within their network and security systems?

Risk Assessment

Heather is performing a penetration test. She has gathered a lot of valuable information about her target already. Heather has used some hacking tools to determine that, on her target network, a computer named Production Workstation has port 445 open. Which step in the ethical hacking methodology is Heather performing?

Scanning and enumeration

A client asking for small deviations from the scope of work is called:

Scope creep

Which document explains the details of an objective-based test?

Scope of Work

Which of the following documents details exactly what can be tested during a penetration test?

Scope of work

The process of analyzing an organization's security and determining its security holes is known as:

Threat Modeling

Which of the following is a deviation from standard operating security protocols?

Security exception

Which of the following is a limitation of relying on regulations?

They rely heavily on password policies.

You are in the reconnaisance phase at the XYZ company. You want to use nmap scapn for open ports and use a parameter to scan the 10000 common ports. Which nmap command would you use.

nmap -sS xyzcompany.com

Jorge, a hacker, has gained access to a Linux system. He has located the usernames and IDs. He wants the hashed passwords for the users that he found. Which file should he look in?

/etc/shadow

Which of the following ports are used by null sessions on your network?

139 and 445

Who would be most likely to erase only parts of the system logs file? An everyday user A black hat hacker A penetration tester The network admin

A black hat hacker

Which of the following best describes a master service agreement?

A contract where parties agree to the terms that will govern future actions.

Which of the following best describes the Security Account Manager (SAM)? A file in the directory that performs the system's security protocol A database that stores user passwords in Windows as an LM hash or a NTLM hash A protocol that allows authentication over an unsecure network through tickets or service principal names The attribute that stores passwords in a Group Policy preference item in Windows

A database that stores user passwords in Windows as an LM hash or a NTLM hash

Closed-circuit television can be used as both a preventative tool (to monitor live events) or as an investigative tool (to record events for later playback). Which camera is more vandal-resistant than other cameras? A Pan Tilt Zoom camera A bullet camera A dome camera A c-mount camera

A dome camera

Which of the following best describes a script kiddie? A hacker whose main purpose is to draw attention to their political views A hacker who uses scripts written by much more talented individuals A hacker willing to take more risks because the payoff is a lot higher A hacker who helps companies see the vulnerabilities in their security

A hacker who uses scripts written by much more talented individuals

There are two non-government sites that provide lists of valuable information for ethical hackers. Which of the following best describes the Full Disclosure site? A mailing list that often shows the newest vulnerabilities before other sources A community-developed list of common software security weaknesses A list searchable by mechanisms of attack or domains of attack A list of standardized identifiers for known software vulnerabilities and exposures

A mailing list that often shows the newest vulnerabilities before other sources

Which of the following information sharing polices addresses the sharing of critical information in press releases, annual reports, product catalogs and marketing materials.

A printed materials policy

Which of the following best describes active scanning? A scanner tries to find vulnerabilities without directly interacting with the target network. A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws. A scanner is limited to the moment in time that it is running and may not catch vulnerabilities that only occur at other times. A scanner allows the ethical hacker to scrutinize completed applications when the source code is unknown.

A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws.

Which of the following best describes CCleaner? A command line tool in Windows 2000 that will dump a remote or local event log into a tab-separated text file. It can also be used to filter specific types of events. A program that searches for carrier files through statistical analysis techniques, scans for data hiding tools, and can crack password-protected data to extract the payload. A software that can clear cookies, stored data like passwords, browser history, and temporary cached filed. It can clear the recycling bin, clipboard data, and recent documents lists as well. A tool that can remove files and clear internet browsing history. It also frees up hard disk space. It clears the temporary files, history, and cookies from each of the six major search engines.

A tool that can remove files and clear internet browsing history. It also frees up hard disk space. It clears the temporary files, history, and cookies from each of the six major search engines.

Launch

A virus has replicated itself throughout the infected systems and is executing its payload. Which of the following phases of the virus life cycle is the virus in?

Karen received a report of all the mobile devices on the network. This report showed the total risk score, summary of revealed vulnerabilities, and remediation suggestions. Which of the following types of software generated this report? A port scanner A vulnerability scanner A malware scanner An antivirus scanner

A vulnerability scanner

The Stuxnet worm was discovered in 2010 and was used to gain sensitive information on Iran's industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet?

APT

Hannah is working on the scope of work with her client. During the planning, she discovers that some of the servers are cloud-based servers. Which of the following should she do?Add the cloud host to the scope of work.

Add the cloud host to the scope of work.

Which of the following is the difference between an ethical hacker and a criminal hacker?

An ethical hacker has permission to hack a system, and a criminal hacker doesn't have permission

Which of the following best describes an insider attacker? A good guy who tries to help a company see their vulnerabilities An agent who uses their technical knowledge to bypass security An unintentional threat actor; the most common threat An attacker with lots of resources and money at their disposal

An unintentional threat actor; the most common threat

Yesenia was recently terminated from her position, where she was using her personal cell phone for business purposes. Upon termination, her phone was remotely wiped. Which of the following corporate policies allows this action?

BYOD policy

Joe, a bookkeeper, works in a cubicle environment and is often called away from his desk. Joe doesn't want to sign out of his computer each time he leaves. Which of the following is the best solutions for securing Joe's workstation? Configure the screen saver to require a password Apply multifactor authentication on his computer Set a strong password, that require special characters Change the default account names and passwords

Configure the screen saver to require a password

A penetration tester is trying to extract employee information during the reconnaissance phase. What kinds of data is the tester collecting about the employees?

Contact names, phone numbers, email addresses, fax numbers and addresses

What are the rules and regulations defined and put in place by an organization called?

Corporate policies

Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack? Feigning ignorance Host file modification DNS cache poisoning Social networking

DNS cache poisoning

Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in? Development phase Elicitation phase Research phase Exploitation phase

Development phase

Xavier is doing reconnaissance. He is gathering information about a company and its employees by going through their social media content. Xavier is using a tool that pulls information from social media postings that were made using location services. What is the name of this tool?

Echosec

Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique? Elictitation Interrogation Preloading Impersonation

Elictitation

Implementing emergency lighting that runs on protected power and automatically switches on when the main power goes off is part of which physical control? Physical access controls Perimeter barriers Physical access logs Employee and visitor safety

Employee and visitor safety

Which of the following is a common corporate policy that would be reviewed during a penetration test?

Password policy

Important aspects of physical security include which of the following? Implementing adequate lighting in parking lots and around employee entrances Influencing the target's thoughts, opinions, and emotions before something happens Preventing interruptions of computer services caused by problems such as fire Identifying what was broken into, what is missing, and the extent of the damage

Preventing interruptions of computer services caused by problems such as fire

What are the three factors to keep in mind with physical security? Prevention, detection, and recovery Implementation, detection, and recovery Detection, prevention, and implementation Detection, implementation, and prevention

Prevention, detection, and recovery

When a penetration tester starts gathering details about employees, vendors, business processes, and physical security, which phase of testing are they in?

Reconnaissance

The penetration testing life cycle is a common methodology used when performing a penetration test. This methodology is almost identical to the ethical hacking methodology. Which of the following is the key difference between these methodologies?

Reporting

A person in a dark grey hoodie has jumped the fence at your research center. A security guard has detained this person, denying him physical access. Which of the following areas of physical security is the security guard currently in? Security factors Layered defense Security sequence Physical control

Security sequence

Any attack involving human interaction of some kind is referred to as: Social engineering An opportunistic attack Attacker manipulation A white hat hacker

Social engineering

MinJu, a penetration tester, is testing a client's security. She notices that every Wednesday, a few employees go to a nearby bar for happy hour. She goes to the bar and starts befriending one of the employees with the intention of learning the employee's personal information. Which information gathering technique is MinJu using?

Social engineering

You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this? Spam Hoax Surf Spim

Spim

Julie configures two DNS servers, one internal and one external, with authoriative zones for the corpnet.xyz domain. One DNS server directs external clients to an external server. The other DNS server directs internal clients to an internal server. Which of the following DNS countermeasures is she implementing?

Split DNS

Which of the following best describes social engineering?

The art of deceiving and manipulating others into doing what you want.

Which statement best describes a suicide hacker?

This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught.

After performing a risk assessment, an organization must decide what areas of operation can be included in a penetration test and what areas cannot be included. Which of the following describes the process?

Tolerance

You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. What could you do to add an additional layer of security to this organization? Require users to use workstation screensaver passwords Train the receptionist to keep her iPad in a locked drawer Move the receptionist's desk into the secured area Replace the biometric locks with smart cards

Train the receptionist to keep her iPad in a locked drawer

Which of the following best describes a gray box penetration test?

Which of the following best describes a gray box penetration test?

You get a call from one of your best customers. The customer is asking about your company's employees, teams, and managers. what should you do? You should provide the information as part of quality customer service You should put the caller on hold and then hang up You should not provide any information and forward the call to the help desk You should not provide any information except your manager's name and number

You should not provide any information and forward the call to the help desk

You have found the IP address of a host to be 172.125.60.30. You want to see what other hosts are available on the network. Which of the following nmap commands would you enter to do a ping sweep?

nnmap -sn 172.125.68 1-255

Which of the following best describes the Wassenaar Arrangement?

An agreement between 41 countries to enforce similar export controls for weapons, including intrusion software.

John, a security specialist conducted a review of the company's website. He discovered that sensitive company information was publicly available. Which of the following information sharing policies did he discover were being violated?

An internet policy

Sheep dipping

Analyzing emails, suspect files, and systems for malware is known as which of the following?

The Simple Network Management Protocol (SNMP) is used to manage devices such as routers, hubs, and switches. SNMP works with an SNMP agent and an SNMP management station in which layer of the OSI model?

Application Layer

This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Open-source and commercial tools are both recommended for this assessment. Which of the following types of vulnerability research is being done? Default settings Application flaws Buffer overflows Open services

Application flaws

[ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~] are the possible values in which of the following hash types? Mix alpha-numeric Ascii-32-65-123-4 Ascii-32-95 Alpha-numeric-symbol32-space

Ascii-32-95

During a risk assessment, the organization determines that the risk of collecting personal data from its customers is not acceptable and stops. What method of dealing with risk is the organization using?

Avoidance

Which of the following do hackers install in systems to allow them to have continued admittance, gather sensitive information, or establish access to resources and operations within the system? Backdoors Crackers Kerberos cPassword

Backdoors

Information transmitted by the remote host can be captured to expose the application type, application version, and even operating system type and version. Which of the following is a technique hackers use to obtain information about the services running on a target system?

Banner grabbing

Which of the following are the three metrics used to determine a CVSS score? Base, change, and environmental Base, temporal, and environmental Risk, temporal, and severity Risk, change, and severity

Base, temporal, and environmental

You are executing an attack in order to simulate an outside attack. Which type of penetration test are you performing?

Black box

Which enumeration process tries different combinations of usernames and passwords until it finds something that works?

Brute force

You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using? Pass the hash Keylogger Password sniffing Brute force

Brute force

Which of the following government resources is a dictionary of known patterns of cyberattacks used by hackers? CWE CAPEC CISA CVE

CAPEC

Which of the following is sued to remove files and clear the internet browsing history? CCleaner User Account Control cPassword Steganography

CCleaner

The list of cybersecurity resources below are provided by which of the following government sites? •Information exchange •Training and exercises •Risk and vulnerability assessments •Data synthesis and analysis •Operational planning and coordination •Watch operations •Incident response and recovery CAPEC CISA CWE CVE

CISA

As an ethical hacker, you are looking for a way to organize and prioritize vulnerabilities that were discovered in your work. Which of the following scoring systems could you use? CAPEC CISA CVSS CVE

CVSS

This government resource is a community-developed list of common software security weaknesses. They strive to create commonality in the descriptions of weaknesses of software security. Which of the following government resources is described? CVE CISA CWE NVD

CWE

Which of the following best describes a rootkit? Scans the system and compares the current scan to the clean database Can modify the operating system and the utilities of the target system Allows each file an unlimited number of data streams with unlimited size Allows the user to create a password to make the hidden file more secure

Can modify the operating system and the utilities of the target system

Heather is in the middle of performing a penetration test when her client asks her to also check the security of an additional server. Which of the following documents does she need to submit before performing the additional task?

Change Order

Which of the following includes all possible characters or values for plaintext? Table_index Chain_len Chain_num Charset

Charset

The results section of an assessment report contains four sub-topics. Which of the following sub-sections contains the origin of the scan? Assessment Services Classification Target

Classification

Which of the following packet crafting software programs can be used to modify flags and adjust other packet content?

Colasoft

ABC company is in the process of merging with XYZ company. As part of the merger, a penetration test has been recommended. Testing the network systems, physical security, and data security have all been included in the scope of work. What else should be included in the scope of work?

Company Culture

Which type of penetration test is required to ensure an organization is following federal laws and regulations?

Compliance-based

You want a list of all open UDP and TCP ports on your computer. You also want to know which process opened the port, which user created the process, and what time is was created. Which of the following scanning tools should you use?

Currports

An attacker installed a malicious file in the application directory. When the victim starts installing the application, Windows searches in the application directory and selects the malicious file instead of the correct file. The malicious file gives the attacker remote access to the system. Which of the following escalation methods best describes this scenario? DLL hijacking Kerberoasting Unattended installation Clear text credentials in LDAP

DLL hijacking

You are an ethical hacker contracting with a medical clinic to evaluate their environment. Which of the following is the first thing you should do? Decide the best times to test to limit the risk of having shutdowns during peak business hours. Choose the best security assessment tools for the systems you choose to test. Define the effectiveness of the current security policies and procedures. Create reports that clearly identify the problem areas to present to management.

Define the effectiveness of the current security policies and procedures.

You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled? Social engineering Dumpster diving Shoulder surfing Password guessing

Dumpster diving

In which phase of the ethical hacking process do you gather information from a system to learn more about its configurations, software, and services?

Enumeration

Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term?

Ethical Hacking

Miguel is performing a penetration test on a web server. Miguel was given only the server's IP address and name. Which of the following best describes the type of penetration test Miguel is performing?

External

Randy is an ethical hacker student. He has learned how nmap flag manipulation can help find open ports. Although the name of the operating system did not jump right out at him, he might be able to figure it out by reviewing packet information. In a packet, Randy can see a TTL of 255 and a window size of 4128. What type of scanning process is Randy using?

Fingerprinting

United States Code Title 18, Chapter 47, Section 1029 deals with which of the following?

Fraud and related activity involving access devices.

It may be tempting for an organization to feel secure after going through the process of penetration testing and the corrections and hardening that you must perform. Which of the following should you help them to understand? The risks associated with enforcing security procedures and what threats may have been overlooked. They need a plan of action to control weaknesses and harden systems. How to define the effectiveness of the current security policies and procedures. Hackers have time on their side, and there will always be new threats to security.

Hackers have time on their side, and there will always be new threats to security.

Worm

Heather is performing a penetration test of her client's malware protection. She has developed a malware program that doesn't require any user interaction and wants to see how far it will spread through the network. Which of the following types of malware is she using?

Trojan Horse

Heather wants to gain remote access to Randy's machine. She has developed a program and hidden it inside a legitimate program that she is sure Randy will install on his machine. Which of the following types of malware is she using?

Which of the following best describes the scan with ACK evasion method?

Helps determine whether the firewall is stateful or stateless and whether or not the ports are open.

Which of the following could a hacker use Alternate Data Streams (ADS) for? Tracking evidence Erasing evidence Modifying evidence Hiding evidence

Hiding evidence

Which of the following assessment types focus on all types of user risks, including threats from malicious users, ignorant users, vendors, and administrators? External assessment Host-based assessment Passive assessment Wireless network assessment

Host-based assessment

Which of the following elements is generally considered the weakest link in an organization's security?

Human

A hacker finds a target machine but wants to avoid getting caught, so the hacker finds another system to take the blame. This system is frequently called a zombie machine because it's disposable and creates a good distraction. Which of the following port scans is being used?

Idle scan

Which of the following is the most basic way to counteract SMTP exploitations?

Ignore messages to unknown recipients instead of sending back error messages.

Which of the following assessment types relies on each step to determine the next step, and then only tests relevant areas of concern? Inference-based Tree-based Service-based Product-based

Inference-based

Roger, a security analyst, wants to tighten up privileges to make sure each user has only the privileges they need to do their work. Which of the following additional countermeasures could he take to help protect privilege? Instigate multi-factor authentication and authorization Allow unrestricted interactive logon privileges Restrict the interactive logon privileges Create plain text storage for passwords

Instigate multi-factor authentication and authorization

Jerry runs a tool to scan a clean system to create a database. The tool then scans the system again and compares the second scan to clean the database. Which of the following detection methods is Jerry using? Integrity-based Cross view-based Behavior-based Signature-based

Integrity-based

You are performing a penetration test of a local area network (LAN). Refer to the circled area on the network diagram. network. Which of the following types of penetration tests is being performed?

Internal

An ethical hacker is running an assessment test on your networks and systems. The assessment test includes the following items: •Inspecting physical security •Checking open ports on network devices and router configurations •Scanning for Trojans, spyware, viruses, and malware •Evaluating remote management processes •Determining flaws and patches on the internal network systems, devices, and servers Which of the following assessment tests is being performed? Active assessment Passive assessment Internal assessment External assessment

Internal assessment

Which of the following is a benefit of using a proxy when you find that your scanning attempts are being blocked?

It filters incoming and outgoing traffic, provides you with anonymity, and shields you from detection.

Which of the following best describes Qualys Vulnerability Management assessment tool? It has more than 50,000 vulnerability tests with daily updates It scans for known vulnerabilities, malware, and misconfigurations It is a cloud-based service that keeps all your data in a private virtual database It scans for more than 6,000 files and programs that can be exploited

It is a cloud-based service that keeps all your data in a private virtual database

Which of the following is a protocol that allows authentication over a non-secure network by using tickets or service principal names (SPNs)? Unattended installation Credentials in LSASS Kerberoasting DLL hijacking

Kerberoasting

After the enumeration stage, you have are considering blocking port 389. Your colleague has advised you to use caution when blocking ports that could potentially impact your network. Which of the following necessary services could be blocked?

LDAP

Which of the following best describes a physical barrier used to deter an aggressive intruder? Anti-passback system Double-entry doors Large flowerpots Alarmed carrier PDS

Large flowerpots

Mark is moving files from a device that is formatted using NTFS to a device that is formatted using FAT. Which of the following is he trying to get rid of? Antivirus and anti-spyware programs Encrypted steganographic information Malicious alternate data streams Software programs that hackers use

Malicious alternate data streams

A hacker finds a system that has a poorly designed and unpatched program installed. He wants to create a backdoor for himself. Which of the following tools could he use to establish a backdoor? Timestomp Metasploit CCleaner AuditPol

Metasploit

The U.S. Department of Commerce has an agency with the goal of protecting organizational operations, assets, and individuals from threats such as malicious cyber-attacks, natural disasters, structural failures, and human errors. Which of the following agencies was created for this purpose? NIST NVD JPCERT CAPEC

NIST

Jessica, an employee, has come to you with a new software package she would like to use. Before you purchase and install the software, you would like to know if there are any known security-related flaws or if it is commonly misconfigured in a way that would make it vulnerable to attack. You only know the name and version of the software package. Which of the following government resources would you consider using to find an answer to your question? CVSS CVE CWE NVD

NVD

Clive, penetration tester, is scanning for vulnerabilities on the network, specifically outdated versions of Apple iOS. Which of the following tools should he use? Nessus Nikto Retina CS NetScan

Nessus

Which of the following is an online tool that is used to obtain server and web server information?

Netcraft

Whois, Nslookup and ARIN are all examples of

Network footprinting tools

A ping sweep is used to scan a range of IP addresses to look for live systems. A ping sweep can also alert a security system, which could result in an alarm being triggered or an attempt being blocked. Which type of scan is being used?

Network scan

Which of the following would be the best open-source tool to use if you are looking for a web server scanner? Nikto NetScan OpenVAS Nessus

Nikto

Miguel is performing a penetration test on his client's web-based application. Which penetration test frameworks should Miguel utilize?

OWASP

Which of the following assessment types can monitor and alert on attacks but cannot stop them? Passive External Vulnerability Host-based

Passive

Which of the following techniques involves adding random bits of data to a password before it is stored as a hash? Pass the hash Keylogging Password salting Password sniffing

Password salting

Which of the following system exploitation methods happens by adding a malicious file to a file path that is missing quotation marks and has spaces in it? Writable services Spyware Path interception Unsecure file and folder permissions

Path interception

JPS

Patrick is planning a penetration test for a client. As a part of this test, he will perform a phishing attack. He needs to create a virus to distribute through email and run a custom script that will let him track who has run the virus. Which of the following programs will allow him to create this virus?

First, you must locate the live nodes in the network. Second, you must itemize each open port and service in the network. Finally, you test each open port for known vulnerabilities. These are the three basic steps in which of the following types of testing? Baseline Stress Patch level Penetration

Penetration

Which of the following scans is used to actively engage a target in an attempt to gather information about it?

Port scan

Which of the following best describes the verification phase of the vulnerability management life cycle? Communicate clearly to management what your findings and recommendations are for locking down the systems and patching problems. Is critical to ensure that organizations have monitoring tools in place and have regularly scheduled vulnerability maintenance testing. Protect the organization from its most vulnerable areas first and then focus on less likely and less impactful areas. Proves your work to management and generates verifiable evidence to show that your patching and hardening implementations have been effective.

Proves your work to management and generates verifiable evidence to show that your patching and hardening implementations have been effective.

Alex, a security specialist, is using an Xmas tree scan. Which of the following TCP flags will be sent back if the port is closed?

RST

Jack is tasked with testing the password strength for the users of an organization. He has limited time and storage space. Which of the following would be the best password attack for him to choose? Brute force attack Dictionary attack Rainbow attack Keylogger attack

Rainbow attack

During a penetration test, Heidi runs into an ethical situation she's never faced before and is unsure how to proceed. Which of the following should she do?

Reach out to an attorney for legal advice.

Rose, an ethical hacker, has created a report that clearly identifies her findings and recommendations for locking down an organization's systems and patching problems. Which of the following phases of the vulnerability management life cycle is she working in? Risk assessment Remediation Create a baseline Verification

Risk assessment

Host integrity monitoring

Ruudy is analyzing a piece of malware discovered in a pentest. He has taken a snapshot of the test system and will run the malware. He will take a snapshot afterwards and monitor different components such as ports, processes, event logs, and more for any changes. Which of the following processes is he using?

Robby, a security specialist, is taking countermeasures for SNMP. Which of the following utilities would he most likely use to detect SNMP devices on the network that are vulnerable to attacks?

SNscan

TCP is a connection-oriented protocol that uses a three-way handshake to establish a connection to a system port. Computer 1 sends a SYN packet to Computer 2. Which packet does Computer 2 send back?

SYN/ACK

You are using an iOS device. You want to scan networks, websites, and ports to find open network devices. Which of the following network mapping tools should you use?

Scany

Which of the following best describes the heuristic or behavior-based detection method? Searches for execution path hooking, which allows a function value in an accessible environment to be changed. Uses an algorithm as it goes through the system files, processes, and registry keys to create a baseline that is compared to the data returned by the operating system's APIs. Runs a tool to scan a clean system and create a database, then scans the system and compares the current scan to the clean database. Scan a system's processes and executable files, looking for byte sequences of known malicious rootkit programs.

Searches for execution path hooking, which allows a function value in an accessible environment to be changed.

Which of the following includes a list of resolved vulnerabilities? Security vulnerability summary Security vulnerability report Statistical vulnerability report Statistical vulnerability summary

Security vulnerability summary

You are looking for a vulnerability assessment tool that detects vulnerabilities in mobile devices and gives you a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions. Which of the following vulnerability assessment tools should you use? Nessus Professional Retina CS for Mobile Network Scanner SecurityMetrics Mobile

SecurityMetrics Mobile

Which of the following policies would cover what you should do in case of a data breach?

Sensitive data handling policy

Which of the following solutions creates the risk that a hacker might gain access to the system? Inference-based Tree-based Service-based Product-based

Service-based

Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to? Spam and spim Shoulder surfing Eavesdropping Keyloggers

Shoulder surfing

What does the google search operator allinurl:keywords do?

Shows results in pages that contain all of the listed keywords

You have a set of DVD-RW discs that were used to archive files from your latest project. You need to prevent the sensitive information on the discs from being compromised. Which of the following methods should you use to destroy the data? Write junk data on the discs Degauss the discs Delete the data on the discs Shred the discs

Shred the discs

Which of the following is also known as ZeroAccess and has virus, Trojan horse, and rootkit components? Touch DeepSound Sirefef GrayFish

Sirefef

Carl received a phone call from a woman who states that she is calling from his bank. She tells him that someone has tried to access his checking account and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password. Which of the following types of non-technical password attack has occurred? Password guessing Shoulder surfing Dumpster diving Social engineering

Social engineering

Which of the following best describes shoulder surfing? Giving someone you trust your username and account password. Finding someone's password in the trash can and using it to access their account. Guessing someone's password because it is so common or simple. Someone nearby watches you enter your password on your computer and records it.

Someone nearby watches you enter your password on your computer and records it.

Hugh, a security consultant, recommended the use of an internal and external DNS to provide an extra layer of security. Which of the following DNS countermeasures is being used?

Split DNS

Which of the following is malware that works by stealth to capture information and then sends it to a hacker to gain remote access? Writable services Spyware Crackers ERD Commander

Spyware

Cameron wants to send secret messages to his friend Brandon, who works at a competitor's company. To secure these messages, he uses a technique to hide a secret message within a video. Which of the following techniques is he using? Public-key cryptograph Encryption RSA algorithm Steganography

Steganography

The method of embedding data into legitimate files like graphics to hide it and then extracting the data once it reaches its destination is called: NTFS data streaming Execution path profiling Steganography Rootkits

Steganography

You believe your system has been hacked. Which of the following is the first thing you should check? Modified timestamps Browser history System log files Hidden files

System log files

What port does a DNS zone transfer use?

TCP 53

LDAP is an internet protocol for accessing distributed directory services. If this port is open, it indicates that Active Directory or Exchange may be in use. What port does LDAP use?

TCP/UDP 389

Typically, you think of the username as being the unique identifier behind the scenes, but Windows actually relies on the security identifier (SID). Unlike the username, a SID cannot be used again. When viewing data in the Windows Security Account Manager (SAM), you have located an account ending in -501. Which of the following account types did you find?

The built-in guest

A crypter can encrypt, obfuscate, and manipulate malware to make it difficult to detect.

The program shown is a crypter. Which of the following best defines what this program does?

Which of the following phases of the vulnerability management lifecycle implements patches, hardening, and correction of weaknesses? The verification phase The remediation phase The risk assessment phase The monitoring phase

The remediation phase

Which of the following best describes telnet?

The tool of choice for banner grabbing that operates on port 23.

Hackers can maintain access to a system in several ways. Which of the following best describes the unsecure file and folder method? There is no problem if the path is written within quotation marks and has no spaces This can lead to DLL hijacking and malicious file installations on a non-admin targeted user Services with weak permissions allow anyone to alter the execution of the service The hacker will have rights to do whatever the admin account can do

This can lead to DLL hijacking and malicious file installations on a non-admin targeted user

Diana, a penetration tester, executed the following command. Which answer describes what you learn from the information displayed?

This is a DNS zone transfer.

What is the following John the Ripper command used for? zip2john secure.zip > secure.txt To extract the password and save it in the secure.txt file To extract the password from a rainbow hash and save it in the secure.txt file To extract the password and save it in a rainbow table named secure.txt To extract the password hashes and save them in the secure.txt file

To extract the password hashes and save them in the secure.txt file

James, a hacker, has hacked into a Unix system and wants to change the timestamps on some files to hide his tracks. Which of the following timestamp tools would he most likely use? Timestomp Meterpreter Touch ctime

Touch

A hacker has gained physical access to a system and has changed an administrator's account password. Which of the following tools did the hacker most likely use to accomplish this? Timestomp CCleaner Ultimate Boot CD StegoStick

Ultimate Boot CD

Which of the following privilege escalation risks happens when a program is being installed without the constant supervision of the IT employee and fails to clean up after? Gaining credentials in LSASS Kerberoasting DLL hijacking Unattended installation

Unattended installation

You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once per week. For security reasons, your company has decided not to store a redundant copy of the backup media at an off-site location. Which of the following would be the best backup and storage option? Use incremental backups and store them in a drawer in your office Use incremental backups and store them in a locked fireproof safe Use differential backups and store them in a locked room Use differential backups and store them on a shelf next to the backup device

Use incremental backups and store them in a locked fireproof safe

A hacker has managed to gain access to the /etc/passwd file on a Linux host. What can the hacker obtain from this file?

Usernames, but no passwords

Which of the following best describes IPsec enumeration?

Uses ESP, AH, and IKE to secure communication between VPN endpoints.

In a world where so much private information is stored and transferred digitally, it is essential to proactively discover weaknesses. An ethical hacker's assessment sheds light on the flaws that can open doors for malicious attackers. Which of the following types of assessments does an ethical hacker complete to expose these weaknesses? Vulnerability assessment External assessment Host-based assessment Passive assessment

Vulnerability assessment

Jaxon, a pentester, is discovering vulnerabilities and design flaws on the Internet that will open an operating system and applications to attack or misuse. Which of the following tasks is he accomplishing? Vulnerability management Vulnerability research Vulnerability assessment Vulnerability scanning

Vulnerability research

What type of scan is used to find system weaknesses such as open ports, access points, and other potential threats?

Vulnerability scan

A technician is using a modem to dial a large block of phone numbers in an attempt to locate other systems connected to a modem. Which type of network scan is being used?

Wardialing

An attack that targets senior executives and high-profile victims is referred to as: Pharming Scrubbing Vishing Whaling

Whaling

A collection of software that detects and analyzes malware.

Which of the following best describes an anti-virus sensor system?

CAN-SPAM Act

Which of the following laws is designed to regulate emails?

Scareware

Which of the following malware types shows the user signs of potential harm that could occur if the user doesnt take a certain action?

Dropper

Which of the following parts of the trojan horse packet installs the malicious code onto the target machine?

Logic bomb

Which of the following virus types is shown in the code below?

Which type of threat actor only uses skills and knowledge for defensive purposes?

White Hat

Phil, a hacker, has found his way into a secure system. He is looking for a Windows utility he can use to retrieve, set, back up, and restore logging policies. Which of the following utilities should he consider? poledit gpedit secedit auditpol

auditpol

Which of the following is the name of the attribute that stores passwords in a Group Policy preference item in Windows? SPNs LSASS cPasswords SAM

cPasswords

Which of the following enumeration tools provides information about users on a Linux machine?

finger

Shawn, a malicious insider, has obtained physical access to his manager's computer and wants to listen for incoming connections. He has discovered the computer's IP address, 192.168.34.91, and he has downloaded netcat. Which of the following netcat commands would he enter on the two computers?

nc -l -p 2222 (manager's computer) and nc -nv 192.168.34.91 2222 (Shawn's machine)

On your network, you have a Windows 10 system with the IP address 10.10.10.195. You have installed XAMPP along with some web pages, php, and forms. You want to put it on the public-facing internet, but you are not sure if it has any vulnerabilities. On your Kali Linux system, you have downloaded the nmap-vulners script from GitHub. Which of the following is the correct nmap command to run? nmap --script vulners -sV 10.10.10.195 nmap -sC vulners -sV 10.10.10.195 nmap --script nmap-vulners -sV 10.10.10.195 nmap -sC nmap-vulners -sV 10.10.10.195

nmap --script nmap-vulners -sV 10.10.10.195

Nmap can be used for banner grabbing. Nmap connects to an open TCP port and returns anything sent in a five-second period. Which of the following is the proper nmap command?

nmap -sV --script=banner ip_address

You have created and sorted an md5 rainbow crack table. You want to crack the password. Which of the following commands would you use to crack a single hash? rtgen md5 ascii-32-95 1 20 0 1000 1000 0 rcrack . -l /root/hashes.txt rtgen sha1 ascii-32-95 1 20 0 1000 1000 0 rcrack . -h 202cb962ac59075b964b07152d234b70

rcrack . -h 202cb962ac59075b964b07152d234b70

Which of the following is a tool for cracking Windows login passwords using rainbow tables? Trinity Rescue Kit GreyFish ERD Commander Ophcrack

Ophcrack

Joe wants to use a stealthy Linux tool that analyzes network traffic and returns information about operating systems. Which of the following banner grabbing tools is he most likely to use?

P0f

Which of the following defines the security standards for any organization that handles cardholder information for any type of payment card?

PCI DSS

Which of the following flags is used by a TCP scan to direct the sending system to send buffered data?

PSH

Sam has used malware to access Sally's computer on the network. He has found information that will allow him to use the underlying NTLM to escalate his privileges without needing the plaintext password. Which of the following types of attacks did he use? Dictionary attack Rainbow attack Password sniffing Pass the hash

Pass the hash

Which of the following best describes a goal-based penetration test?

Focuses on the end results. The hacker determines the methods.

Which of the following is the third step in the ethical hacking methodology?

Gain access

Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and instructed him how to secure the system. What type of hacker is Miguel in this scenario?

Gray Hat

Michael is performing a penetration test for a hospital. Which federal regulation does Michael need to ensure he follows?

HIPPA

During an authorized penetration test, Michael discovered his client's financial records. Which of the following should he do?

Ignore the records and move on.

During a penetration test, Mitch discovers child pornography on a client's computer. Which of the following actions should he take?

Immediately stop the test and report the finding to the authorities.

Which of the following best describes what SOX does?

Implements accounting and disclosure requirements that increase transparency.

Which of the following elements of penetration testing includes the use of web surfing, social engineering, dumpster diving, and social networking?

Information gathering techniques

While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following would you most likely implement to keep this from happening in the future? Anti-passback Scrubbing Cable locks Mantraps

Mantraps

Social engineers are master manipulators. Which of the following are tactics they might use? Eavesdropping, ignorance, and threatening Keylogging, shoulder surfing, and moral obligation Shoulder surfing, eavesdropping, and keylogging Moral obligation, ignorance, and threatening

Moral obligation, ignorance, and threatening


Related study sets

Math coordinate graphing and solving systems of equations

View Set

PCC 2 Test 1 (Osteoporosis Questions)

View Set

Business Law Chapter 20 - Corporations

View Set

Speaking and Listening: Effective Group Discussions

View Set

CH 5, Osseous Tissue & Skeletal Structure, Mastering A & P

View Set

The Rosetta Stone by Anne Miranda

View Set

GL03- Introduction to human factors

View Set