Hands-On Ethical Hacking and Network Defense, 3e, Ch. 4 Solutions

Ace your homework & exams now with Quizwiz!

If you're trying to find newsgroup postings by IT employees of a certain company, which of the following Web sites should you visit?

a. http://groups.google.com

Entering a company's restricted area by following closely behind an authorized person is referred to as which of the following?

b. Piggybacking

Many social engineers begin gathering the information they need by using which of the following?

b. The telephone

What's the first method a security tester should attempt to find a password for a computer on the network?

c. Ask the user.

Before conducting a security test by using social-engineering tactics, what should you do?

c. Get written permission from the person who hired you to conduct the security test.

Which of the following enables you to view all host computers on a network?

c. Zone transfers

Case Project 4-1: Using an E-mail Address to Determine a Network's Operating System

2: Students should have determined that Christy Fitzgerald is using RHEL 5.8. 3: Students should performs some research using the CVE websites mentioned earlier to discover vulnerabilities in Red Hat Enterprise Linux 5.8. Students' memos should discuss the risks of IT personnel posting to newsgroups / help sites and suggest that e-mail accounts linking employees with the company not be used (A Gmail address can be used to register a LinkedIn profile that advertises where the individual works, etc) . The memo shouldn't specifically mention the employee who posted to a newsgroup; instead, it should simply state that the company needs to create a policy prohibiting these actions. Also, the memo should cover information regarding the importance of updating software regularly.

Activity 4-2

Step 2: Answers will vary. Hostname to IP address mapping from using the WHOIS function of DomainDossier for the mit.edu domain should be accepted

Activity 4-4

Step 4: Answers will vary. Students should look for any information in the cookie that identifies their computer name, username, and so forth. In most cases, cookies contain this type of personal information. However, it's good practice for students to learn how to view cookies.

Activity 4-3

Step 4: The GET and TRACE methods are available on this server. (OPTIONS and HEAD are already known.)

Case Project 4-2: Using Dumpster-Diving Skills

There are no right or wrong answers, but the report should mention the significance of the OS training kit and the Oracle and SQL Server references. The memos can be used to obtain personnel information. The bottle of vodka and running shoes might reveal habits or personality traits of employees and can be used to gather additional information. Students' imaginations and experience will guide their responses.

A cookie can store information about a Web site's visitors. True or False?

True

Which of the following contains host records for a domain?

a. DNS

Shoulder surfers can use their skills to find which of the following pieces of information? (Choose all that apply.)

a. Passwords b. ATM PINs c. Long-distance access codes

When conducting competitive intelligence, which of the following is a good way to determine the size of a company's IT support staff?

a. Review job postings on Web sites such as www.monster.com or www.dice.com.

Which of the following is one method of gathering information about the operating systems a company is using?

a. Search the Web for e-mail addresses of IT employees.

What social-engineering technique involves telling an employee that you're calling from the CEO's office and need certain information ASAP? (Choose all that apply.)

a. Urgency c. Position of authority

What's one way to gather information about a domain?

a. View the header of an e-mail you send to an e-mail account that doesn't exist.

To find information about the key IT personnel for a company's domain, you might use which of the following tools? (Choose all that apply.)

a. Whois c. DomainDossier

Which of the following tools can assist you in finding general information about an organization and its employees? (Choose all that apply.)

a. www.google.com b. http://groups.google.com

Which of the following is a fast and easy way to gather information about a company? (Choose all that apply.)

c. View the company's Web site. d. Look for company ads in phone directories.

_____ is one of the components most vulnerable to network attacks.

d. DNS

To determine a company's primary DNS server, you can look for a DNS server containing which of the following?

d. SOA record

Discovering a user's password by observing the keys he or she presses is called which of the following?

d. Shoulder surfing

Which of the following is a good Web site for gathering information on a domain?

e. All of the above


Related study sets

CompTIA Project+ Cert Study Guide

View Set

Animal Science: Companion Animals, Production Animals+Animal Products, AnSci / DySci 101 Basic Terminology, Animal Science: Production Animal Agriculture, Animal Science: Test One and Two Questions

View Set

AP1 Ch. 10 Gross Anatomy of Muscular System lecture review

View Set