Ethical Hacking

Which of the following users would you try to compromise if you could not get root access?

A user with sudo permissions

If a PC's boot order is requesting a password, what security solution has been implemented?

BIOS password

Ensuring that data is kept secret is what part of the CIA triangle?

Confidentially

CUPP aka Cyber User Password Profiler is used for

Fundamentals - gathering info about user to create a password list

Which of the following is a known mitigation for Linux local privilege escalation?

GRUB encryption

What does Talos do?

Gathers global information about cyber attacks

To launch a phishing campaign, what tool can help to create a clone for a specific website?

HTTrack

Which of the following is true regarding XSS?

It is a client-side attack

What is Eternal Blue?

Known Windows exploit

John the Ripper is a technical assessment tool used to for the following?

Offline password cracking

Which of the following describes the HTTP GET method?

The method requests a specific resource from the server.

Which of the following is used to perform customized network scans?

nmap

Which concept of On-Path attack includes the process of redirecting a domain name request to a custom phishing domain?

DNS poisoning

MD5, SHA-1, and NTLM are examples of what?

Hashes

Creating a DWORD key in the registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Hides a user

Which of the following tools can crack protected PDF files using the brute-force technique?

John the Ripper

Which of the following platforms can help to perform penetration testing on a system?

MetaSploit

In a database, if you want data to be sequential, you would use the <blank> command.

ORDER

Which of the following is not a server-side technology?

SQL

John built a forum-based website. He wants to save a payload in the database to affect its viewers. What is he most likely to use?

Stored XSS

A cyber consultant used Nmap to map an organization and find open ports. One scan received RST as a response. What is the port status?

The port is closed

Which SQL query is used to change existing values?

UPDATE

Apache, Nginx, and IIS are examples of what?

Web servers

For the dirbuster tool to work, it requires:

Wordlists

Which of the following is not an automated web application vulnerability scanning tool?

Bettercap

What tool is highly effective when testing client-server transactions, can be used to manipulate captured data, and can send data to the server?

Burp suite repeater

Why may cookies be stolen via XSS?

To steal another user's session

What Nmap command would be used to fingerprint or to find out versions?

nmap 192.168.1.100 -sV

Which of the following needs to be in the GRUB to run a terminal with root permissions?

'rw init=/install/gtk/initrd.gz quiet splash init=/bin/bash', to have read-write permissions

Which of the following is true regarding an SFX attack?

- Self extracting executables - Can be used to deceive a victim into running background executable scripts

What are some defensive measures you can take against a brute-force attack?

-Login attempt limitation -Fail2Ban -Strong password

If you run the following command nmap 5.25.128.0/18 -p 3389 how many potential IPs are you looking for and with what services?

16384 IPs with remote desktop

Which of the following tools can be used to make the cracking process easier, in trying to crack a password on a website?

John the ripper

Cookies are

Session hijacking

Which of the following IS an automated web application vulnerability scanning tool?

Burps Suite Acunetix Netsparker

Which of the following is true about Hashcat?

Can use the GPU as the processing unit for a brute-force attacks

Which of the following user types has the highest privilege in a Windows domain environment?

Enterprise Admin

Which SQL injection is the easiest to perform?

Error based SQLi

Cross-site scripting or XSS, comes in what three forms?

Reflected, stored, and DOM

In a database query, what does 1=1 do?

Tells the system it is a true statement

Hydra & Medusa are examples of what?

Online password attacks

Which of the following is the best way to mitigate Windows local privilege escalation technique?

Using full disk encryption

Which of the following is NOT a HASH algorithm?

SHA-67 SHA-25

What do you have to do to make your browser use an interception proxy like Burp Proxy Suite?

Change the manual proxy configuration to the loopback on port 8080

What are social engineering attacks based on?

Human error

Which of the following IS a HASH algorithm?

SHA-1 MD5 SHA-256 RSA NTLM

What are the OWASP Top 10?

The top 10 most common web-related vulnerabilities

Which establishment needs to be HIPPA certified?

Hospitals

Intercepting and eavesdropping on communications is which type of attack?

On-Path attack

Which of the following does an ethical hacker require to start evaluating a system?

Permission

Which of the following protocols is exploited to achieve the On-Path position?

Port Security

Which of the following can be used to prevent SQL injection on a website?

Prepared statements

Which tool(s) could you use to search for an exploit?

SearchSploit

In MetaSploit, how do you display the required fields of an exploit?

Show Options

In Meterpreter, what command would you use to find the current user?

getuid