Hands-on Ethical Hacking And Network Defense Final Review

In a Linux script, which of the lines is important because it identifies the files as a script?

#!/bin/sh

A NULL scan requires setting the FIN, ACK, and URG flags. (True/False)

False

A NetBIOS name does not need to be unique on a network. (T/F)

False

To determine what resources or shares are on a network, security testers must use port scanning and what other procedure first to determine what OS is being used?

Footprinting

What network security tool, usually included with Kali Linux, allows a user to ping multiple IP addresses?

Fping

What is the most widely used port-scanning tool? a. netcat b. netstat c. Nmap d. Nslookup

Nmap

What open source port-scanning tool is considered to be the standard port-scanning tool for security professionals?

Nmap

A FIN packet sent to a closed port responds with which of the following packets?

RST

Closed ports respond to a NULL scan with what type of packet?

RST

Introduces Widows Containers to allow for application isolation to protect applications from one another.

Windows Server 2016

What is a potential mistake when performing a ping sweep on a network?

including a broadcast address in the ping sweep range

If an attacker decides to implement a less obvious port-scan, or stealth attack, which of the following techniques would be appropriate to make their activities more difficult to detect?

limit their scan speeds

One of the limitations when using "ping sweeps" is that many network administrators configure nodes not to respond to ICMP Echo Requests. What type of ICMP Echo message is being disabled by these administrators?

reply

Windows Server 2012 introduced what protection feature to prevent pass-the-hash attacks?

Authentication Silos

What type of port scan is similar to a SYN scan and is risky to use because it relies on the attacked computer's OS?

Connect

Which Windows 10 feature uses virtualization to protect access tokens from theft by attackers?

Credential Guard

Which vi command deletes the current line?

Dd

SNMPWalk is a tool useful in enumerating hosts running SNMP with what type of configuration?

Default / Administrative

What type of Windows Server is the most likely server to be targeted by a computer hacker?

Domain Controller

What enumeration tool is extremely useful when working with Windows NT, 2000, and Windows XP systems?

Dumpsec

When a TCP three-way handshake ends, both parties send what type of packet to end the connection?

FIN

Which flags are set on a packet sent with the nmap -sX 193.145.85.202 command? (Choose all that apply.) a. FIN b. PSH c. SYN d. URG

FIN PSH URG

All of the enumeration techniques that work with older Windows OSs still work with Windows Server 2012. (T/F)

False

An open port allows access to specific applications and cannot be vulnerable to attack. (T/F)

False

Fping doesn't allow pinging multiple IP addresses simultaneously. True or False?

False

In a NULL scan, all packet flags are turned on. (T/F)

False

Which of the following is a useful enumeration tool that enables you to find out who is logged into a *nix system with one simple command?

Finger Utility

you can ping multiple IP addresses simultaneously an enhanced PING utility for pinging multiple targets simultaneously

Fping

Which of the following is an older network management service that is useful for network administrators that want to view system statistics, version numbers, and other detailed host information remotely?

SNMP

In a normal TCP session, the sender sends a packet to another computer with which of the following flags set?

SYN Flag

If you do not have access to Nessus, what NMap procedure can be used to help you to gain information about remote *nix hosts?

Script Scanning

Designed for use on tablets and traditional PCs and only allows trusted applications by default through Device Guard.

Windows 10

Builds on the security advances made in Vista with the introduction of AppLocker.

Windows 7

The first Microsoft GUI product that didn't rely on DOS?

Windows 95

What feature implemented in Windows Server 2016 allows for application isolation to protect applications from one another?

Windows Containers

A well-documented Window's OS vulnerability was null sessions. What Windows operating system was the first to disable null sessions by default?

Windows Server 2003

Introduced Authentication Silos to prevent pass-the-hash attacks.

Windows Server 2012

What version of Windows Server has completely eliminated the option for telnet server?

Windows Server 2016

First Windows version to introduce User Account Control and BitLocker.

Windows Vista

What type of port scan has the FIN, PSH, and URG flags set?

X Mas Scan

Nmap has a GUI front end that makes it easier to work with some of the complex options by providing a GUI. Which of the following is the NMap GUI fron end?

Zen map

Which parameter can be added to nmap to run a script scan with the default scripts? a. -sC b. -oA c. -p d. -rT

a. -sC

When using the text editor vim what command appends text after the insertion point?

A

To bypass some ICMP-filtering devices on a network, an attacker might send which type of packets to scan the network for vulnerable services? (Choose all that apply.) a. PING packets b. SYN packets c. ACK packets d. Echo Request packets

b. SYN packets c. ACK packets

Which of the following Nmap commands sends a SYN packet to a computer with the IP address 193.145.85.210? (choose all that apply) a. nmap -sS 193.145.85.210 b. nmap -v 193.145.85.210 c. nmap -sA 193.145.85.210 d. nmap -sF 193.145.85.210

nmap -sS 193.145.85.210 nmap -v 193.145.85.210

What type of unauthenticated connection is considered to be a significant vulnerability of NetBIOS systems?

null session

allows access to applications and can be vulnerable to an attack ports that respond to ping sweeps and other packets

open port

When using a port-scanner, what procedure can be conducted to identify which IP addresses belong to active hosts?

ping sweep

identify which IP addresses belong to active hosts, in other words to find out which hosts are "live" ping sweeps simply ping a range of IP addresses and see what type of response is returned. pinging a range of IP addresses to identify live systems on a network

ping sweep

a method of finding out which services a host computer offers.

port scanning

Which of the following describes a text file containing multiple commands that would usually be entered manually at the command prompt?

script

When writing a script which statement allows you to avoid creating an endless loop in your script?

while

A closed port responds to a SYN packet with which of the following packets? a. FIN b. SYN-ACK c. SYN d. RST

d. RST

Which statement is where the script performs its main task?

do

Process of extracting critical information from a network.

enumeration

What process allows a security professional to extract valuable information, such as information about users and recent login times form a network?

enumeration

To find extensive Nmap information and examples of the correct syntax to use in Linux, which of the following commands should you type? a. nmap -h b. nmap -help c. nmap ? d. man nmap

man nmap

NBTscan is a utility that can be used for enumerating Windows OSs. (T/F)

True

NTFS was implemented to replace FAT16 and FAT32 because of the difficulty in incorporating security in these file systems. (T/F)

True

Port scanning is a method of finding out which services a host computer offers. (T/F)

True

Security testers can use Hping to bypass filtering devices. True or False?

True

The latest version of Nessus Server and Client can run on Windows, MAC OS X, FreeBSD, and most Linux distributions. (T/F)

True

You can search for vulnerabilities in a host computer by using a port-scanning tool. (T/F)

True

__________ might indicate that a firewall is being used to allow specific traffic into or out of the network ports protected with a network-filtering device, such as a firewall

filtered port

When security professionals create a packet, they may choose to specifically set which of the following fields to help initiate a response from a target computer?

flag

What boot loader will allow your computer or laptop to start in both Windows and Linux?

Grub

What advanced port-scanning tool can allow a security tester to bypass filtering devices by injecting crafted or otherwise modified IP-packets into a network?

Hping

Which of the following is a tool for creating a custom TCP/IP packet and sending it to a host computer?

Hping

it is used to bypass filtering devices by injecting crafted or other wise modified IP-packets An enhanced Ping utility for crafting TCP and UDP packets to be used in port-scanning activities

Hping

Which of the following is an excellent GUI tool for managing Windows OSs and is capable of displaying graphical representations of several areas?

Hyena

Which of the following commands is a powerful enumeration tool included with Windows?

NBTSTAT

A(n) _______ scan sends a packet with all flags set to NULL.

NULL

Previously an open-source scanning tool; now licensed by Tenable Network Security. See OpenVAS.

Nessus

The computer names you assign to Windows systems are called which of the following?

NetBIOS

Which of the following is a Windows programming interface that allows computers to communicate across a local area network (LAN)?

NetBIOS

What does the "NBT" part of the "NBTscan" stand for?

NetBIOS over TCP/IP

Windows programing interface that allows computers to communicate across a local area network?

Network Basic Input/Output System (NetBIOS)

Which of the following commands gives you a quick way to see if there are any shared resources on a computer or server?

New view

most popular port scanners and adds new features constantly, such as OS detection and fast multiple-probe ping scanning a security tool used to identify open ports and detect services and OSs running on network systems

Nmap

Unauthenticated connection to a Windows computer that uses no logon and password values.

Null Session

The open-source descendant of Nessus is called which of the following?

OpenVas

What open-source network utility allows you to use plug-ins to run test programs (scripts) that can be selected from the client interface?

OpenVas

allows for updating of security check plug-ins when they become available, it is a security test program (script) that can be selected from the client interface a security tool for conducting port scanning, OS identification, and network vulnerability assessments. A client computer (*nix or Windows) must connect to the server to perform these tests

OpenVas

To verify if all the IP addresses of a network are being used by computers that are up and running, you can use a port scanner to perform what procedure on a range of IP addresses?

Ping

Security testers and hackers use which of the following to determine the services running on a host and the vulnerabilities associated with these services? a. Zone transfers b. Zone scanning c. Encryption algorithms d. Port scanning

Port Scanning

What feature implemented in Windows 8.1 prevents the execution of non-trusted boot content, preventing rootkits?

Secure Boot

What upper-level service is required to utilize file and printer sharing in Windows?

Server Message Block (SMB)

An older network management service which enables remote administration and run on both Windows and *nix systems.

Simple Network Management Protocol (SNMP)

What security feature was extended to the OS to alert the user when an application is launched on a Windows 8.1 computer?

Smart Screen

Some attackers want to be hidden from network devices or IDSs that recognize an inordinate amount of pings or packets being sent to their networks. Which of the following attacks are more difficult to detect?

Stealth Attacks

Attackers typically use ACK scans to get past a firewall or other filtering devices. (T/F)

True

To see a brief summary of Nmap commands in a Linux shell, which of the following should you do? a. Type nmap -h. b. Type nmap -summary. c. Type help nmap. d. Press the F1 key.

Type nmap -h

In an ACK scan, if the attacked port returns an RST packet the attacked port is considered to be operating in what state?

Unfiltered

Why does the fping -f 193.145.85.201 193.145.85.220 command cause an error? a. An incorrect parameter is used. b. The IP range should be indicated as 193.145.85.201-220. c. There's no such command. d. IP ranges aren't allowed with this command.

a. an incorrect parameter is used

Which Nmap command verifies whether the SSH port is open on any computers in the 192.168.1.0 network? (Choose all that apply.) a. nmap -v 192.168.1.0-254 -p 22 b. nmap -v 192.168.1.0-254 -p 23 c. nmap -v 192.168.1.0-254 -s 22 d. nmap -v 192.168.1.0/24 -p 22

a. nmap -v 192.168.1.0-254 -p 22 d. nmap -v 192.168.1.0/24 -p 22

In any *NIX system, after saving a script named "script_name," you need to make it executable so that you can run it. Which command will accomplish this task from the command line?

chmod +x script_name

doesn't allow entry or access to a service ports that aren't listening or responding to a packet

closed port

Which of the following describes a flexible program that automates a task that takes too much time to perform manually?

customized script

Port scanning provides the state for all but which of the following ports? a. Closed b. Open c. Filtered d. Buffered

d. Buffered

In basic network scanning, ICMP Echo Requests (type 8) are sent to host computers from the attacker, who waits for which type of packet to confirm that the host computer is live? a. ICMP SYN-ACK packet b. ICMP SYN packet c. ICMP Echo Reply (type 8) d. ICMP Echo Reply (type 0)

d. ICMP Echo Reply (type 0)