Ethical Hacking Modules 5 and 6
A hacker finds a target machine but wants to avoid getting caught, so the hacker finds another system to take the blame. This system is frequently called a zombie machine because it's disposable and creates a good distraction. Which of the following port scans is being used? Idle scan Xmas tree scan NULL scan Full open scan
Idle scan
Which of the following is the most basic way to counteract SMTP exploitations? Ignore messages to unknown recipients instead of sending back error messages. Review and implement the security settings and services available with your server software. Restrict zones to ensure where zones are copied, use digital signatures, and split zones. Monitor ports, remove agents, update systems, and change default password.
Ignore messages to unknown recipients instead of sending back error messages.
Which of the following is benefit of using a proxy when you find that your scanning attempts are being blocked? It filters incoming and outgoing traffic, provides you with anonymity, and shields you from detection This scan will help you to determine whether the firewall is stateful or stateless and whether o not the ports are open. The scan is sent to the recipient, the feedback is returned to the fake IP address, and then there is no record of your IP address sending the requests. As long as you are not bombarding the system, the packet segments float by without concern.
It filters incoming and outgoing traffic, provides you with anonymity, and shields you from detection
After the enumeration stage, you have are considering blocking port 389. Your colleague has advised you to use caution when blocking ports that could potentially impact your network. Which of the following necessary services could be blocked? LDAP SMTP DNS SNMP
LDAP
Which of the following is an online tool that is used to obtain server and web server information? Telnet Netcraft nmap P0f
Netcraft
A ping sweep is used to scan a range of IP addresses to look for live systems. A ping sweep can also alert a security system, which could result in an alarm being triggered or an attempts being blocked. Which type of scan is being used? Port scan Decoy scan Vulnerability scan Network scan
Network scan
Joe wants to use a stealthy Linux tool that analyzes network traffic and returns information about operating systems. Which of the following banner grabbing tools is he most likely to use? Shodan P0f Netcraft Telnet
P0f
Which of the followings flags is used by a TCP scan to direct the sending system to send buffered data? SYN FIN URG PSH
PSH
Which of the following scans is used to actively engage a target in an attempt to gather information about it? TCP scan Network scan Port scan Vulnerability scan
Port scan
Alex, a security specialist, is using an Xmas tree scan. Which of the following TCP flags will be sent back if the port is closed? RST ACK URG FIN
RST
Robby, a security specialist, is taking countermeasures for SNMP. Which of the following utilities would he most likely use to detect SNMP devices on the network that are vulnerable to attacks? Colasoft SNscan Scany Currport
SNscan
TCP is a connection-oriented protocol that uses a three-way handshake to establish a connection to a system port. Computer 1 sends a SYN packet to Computer 2. Which packet does Computer 2 send back? RST ACK SYN/ACK SYN/RST
SYN/ACK
You are using an iOS device. You want to scan networks, websites, and ports to find open network devices. Which of the following network mapping tools should you use? Network Topology Manager NetAuditor Scany Colasoft
Scany
Hugh, a security consultant, recommended the use of an internal and external DNS to provide an extra layer of security. Which of the following DNS countermeasures is being used? Digital signatures Split DNS DNS zone transfer DNS zone restriction
Split DNS
What port does a DNS zone transfer use? TCP 23 TCP 445 TCP 53 TCP 139
TCP 53
LDAP is an internet protocol for accessing distributed directory services. If this port is open, it indicates that Active Directory or Exchange may be in use. What port does LDAP use? TCP/UDP 53 TCP/UDP 389 TCP/UDP 445 TCP/UDP 3268
TCP/UDP 389
Typically, you think of the username as being the unique identifier behind the scenes, but Windows actually relies on the security identifier (SID). Unlike the username, a SID cannot be used again. When viewing data in the Windows Security Account Manager (SAM), you have located an account ending in -501. Which of the following account types did you find? The built-in administrator The domain guests The domain admins The built-in guest
The built-in guest
Which of the following best describes telnet? The tool of choice for banner grabbing that operates on port 23. A Linux tool that analyzes network traffic and returns information about operating systems. An online tool that is used to obtain server and web server information. A tool that connects to an open TCP port and returns anything sent in a five-second period.
The tool of choice for banner grabbing that operates on port 23.
Jorge, a hacker, has gained access to a Linux system. He has located the usernames and IDs. He wants the hashed passwords for the users that he found. Which file should he look in? /etc/passwd /etc/group /etc/services /etc/shadow
/etc/shadow
The Simple Network Management Protocol (SNMP) is used to manage devices such as routers, hubs, and switches. SNMP works with an SNMP agent and an SNMP management station in which layer of the OSI model? Session Layer Network Layer Application Layer Transport Layer
Application Layer
Information transmitted by the remote host can be captured to expose the application type, application version, and even operating system type and version. Which of the following is a technique hackers use to obtain information about the services running on a target system? Wardriving Banner grabbing Firewalking Wardialing
Banner grabbing
Which enumeration process tries different combinations of usernames and passwords until it finds something that works? Brute force Exploiting SMTP Default passwords Zone transfers
Brute force
Which of the following packet crafting software programs can be used to modify flags and adjust other packet content? Currports IP Tools ping Colasoft
Colasoft
You want a list of all open UDP and TCP ports on your computer. You also want to know which process opened the port, which used created the process, and what time it was created. Which of the following scanning tools should you use? IP tools Angry IP scanner Hping3 Currports
Currports
In which phase of the ethical hacking process do you gather information from a system to learn more about its configurations, software, and services? Sniffing Reconnaissance Enumeration Scanning
Enumeration
Randy is an ethical hacker student. He has learned how nmap flag manipulation can help find open ports. Although the name of the operating system did not jump right out at him, he might be able to figure it out by reviewing packet information. In a packet, Randy can see a TTL of 255 and a window size of 4128. What type of scanning process is Randy using? Fingerprinting Beyond Trust Wardialing Ping sweep
Fingerprinting
Which of the following best describes the scan with ACK evasion method? Returns feedback to the fake IP address adn ensures there is no record of the IP address sending the requests. Filters incoming and outgoing traffic, provides you with anonymity, and shields you from possible detection. Sends packets and breaks them apart so intrusion detection systems don't know what they are. Helps determine whether the firewall is stateful or stateless and whether or not the ports are open.
Helps determine whether the firewall is stateful or stateless and whether or not the ports are open.
A hacker has managed to gain access to the /etc/passwd file on a Linux host. What can the hacker obtain from this file? Usernames, but no passwords The root username and password Usernames and passwords No usernames or passwords
Usernames, but no passwords
Which of the following best describes IPsec enumeration? Uses SIP to enable voice and video calls over an IP network Is used to manage devices such as routers, hubs, and switches Uses ESP, AH, and IKE to secure communication between VPN endpoints Is used by most email servers and clients to send email messages
Uses ESP, AH, and IKE to secure communication between VPN endpoints
What type of scan is used to find system weaknesses such as open ports, access points, and other potential threats? Network scan Decoy scan Port scan Vulnerability scan
Vulnerability scan
A technician is using a modem to dial a large block of phone numbers in an attempt to locate other systems connected to a modem. Which type of network scan is being used? Fingerprinting Stealth Ping sweep Wardialing
Wardialing
Which of the following enumeration tools provides information about users on a Linux machine? Null session finger PsTools SuperScan
finger
Shawn, a malicious insider, has obtained physical access to his manager's computer and wants to listen for incoming connections. He has discovered the computer's IP address, 192.168.34.91, and he has downloaded netcat. Which of the following netcat commands would he enter on the two computers? nc -l -p 2222 (manager's computer) and nc -nv 192.168.34.91 2222 (Shawn's machine) nc -l -s 2222 (manager's computer) and nc -pv 192.168.34.91 2222 (Shawn's machine) nc -l -p 2222 (manager's computer) and nc -sv 192.168.34.91 2222 (Shawn's machine) nc -n -s 2222 (manager's computer) and nc -lp 192.168.34.91 2222 (Shawn's machine)
nc -l -p 2222 (manager's computer) and nc -nv 192.168.34.91 2222 (Shawn's machine)
Which of the following ports are used by null sessions on your network? 137 and 443 139 and 445 139 and 444 135 and 445
139 and 445
Nmap can be used for banner grabbing. Nmap connects to an open TCP port and returns anything sent in a five-second period. Which of the following is the proper nmap command? nmap -sV --script=banner [ip_address] nmap -sT --script=banner [ip_address] nmap -sX --script=banner [ip_address] nmap -sN --script=banner [ip_address]
nmap -sV --script=banner [ip_address]