ITN 261 CHAP 1-7 Pratice Question

Ace your homework & exams now with Quizwiz!

Which best describe a vulnerability scan?

A way to automate the discovery of vulnerabilities.

Which of the following best describe a vulnerability?

A weakness

What is the proper sequence of the TCP three-way-handshake?

A. SYN, SYN-ACK, ACK

What is missing from a half-open scan?

ACK

IPsec uses which two models?

AH/ESP

Footprinting has two phases. What are they?

Active and passive

What can be configured in most search engines to monitor and alert you of changes to content?

Alerts

When scanning a network via a hardline connection to a wired-switch NIC in promiscuous mode, what would be the extent of network traffic you would except to see?

All nodes attached to the same port.

At which layer of the OSI model a proxy operate?

Application

Choosing a protective network appliance, you want a device that will inspect packets at the most granular level possible while providing improved traffic efficiency. What appliance would satisfy these requirements?

Application firewall

In IPsec, what does Authentication Header (AH) provide?

Authentication services

Which of the following manages digital certificates?

Certificate authority

What is EDGAR used to do?

Check financial filings

What kind of domain resides on a single switchport?

Collision domain

If you can't gain enough information directly from a target, what is another option?

Competitive analysis

A white-box test means the test had which of the following?

Complete Knowledge

In IPsec, what does Encapsulating Security Payload (ESP) provides?

Data security

Footprinting can determine all of the following except?

Distribution and number of personnel

At what point can SSL be used to protect data?

During transmission

Which of the following is not a flag on a packet?

END

A vulnerability scan is good way to do what?

Find open ports, Find weaknesses

What is the purpose of social engineering?

Gain information from a human being through face-to-face or electronic means

What should a pentester do prior to initiating a new penetration test?

Get permission

A contract is important because it does what?

Gives proof

Which type of hacker may use their skills for both benign and malicious goals as different times?

Gray Hat

Which of the following best describe what a hacktivist does?

Hacks for political reasons

Which of the following best describes what a suicide hacker does?

Hacks without stealth

Which of the following describes an attack who does after a target to draw attention to a cause?

Hacktivist

The group Anonymous in an example of what?

Hacktivists

A message digest is a product of which kind of algorithm?

Hashing

An administrator has just been notified of irregular network activity; what appliance functions in this manner?

IDS

What network appliance senses irregularities and plays an active role in stopping that irregular activity from continuing?

IPS

A banner can do what?

Identify a service

What does hashing preserve in relation to data?

Integrity

Which of the following best describes footprinting?

Investing of a target

Which of the following can an attacker use to determine the technology and structure within an organization?

Job boards

Hubs operate at what layer of the OSI model?

Layer 1

If a device is using node MAC addresses to funnel traffic, what layer of the OSI model is this device working in?

Layer 2

Companies may require a penetration test for which of the following reasons?

Legal reasons, Regulatory reasons, To perform an audit

In IPsec, encryption and other processes happen at which layer of the OSI models?

Level 3

What level of knowledge about hacking does a script kiddie have?

Low

Which of the following is a common hashing protocol?

MD5

Which record will reveal information about a mail server for a domain?

MX

Which OS holds 90 percent of the desktop market and is one of our largest attack surfaces?

Mas OS

Which topology has built-in redundancy because of its many client connections?

Mesh

Which technology allows the use of single public address to support many internal clients while also preventing exposure of internal IP addresses to the outside world?

NAT "Network Address Translation"

Which of the following types of attack has no flags set?

NULL

Which of the following is used to identifying a web server OS?

Netcraft

Which tool can be used to view web server information?

Netcraft

Who first developed SSL?

Netscape

Which of the following is used to perform customized network scans?

Nmap

Which of the following best describe hashing?

Nonreversible

Symmetric key systems have key distribution problems due to?

Number of keys

Which of the following can be used to tweak or fine-tune search results?

Operators

Which of the following does IPsec use?

PKI

Which system does SSL use to function?

PKI

A public key is stored on the local computer by its owner in a?

PKI system

Which category of firewall filter is based on packer header data only?

Packet

Vulnerability research deals with which of the following?

Passively uncovering vulnerabilities

Which of the following does an ethical hacker require to start evaluating a system?

Permission

Which of the following is not typically used during footprinting?

Port Scanning

Nmap is required to perform what type of scan?

Port scan

What device acts as an intermediary between an internal client and a web resource?

Proxy

Asymmetric encryption is also referred to as which of the following?

Public Key

During a Xmas tree can what indicates a port is closed?

RST ( Reset the Connection)

During an FIN scan, what indicates that a port is closed?

RST (Reset the Connection)

Which network topology uses a token-based access technology?

Ring

You have selected the option in your IDS to notify you via email if it senses any nervous irregularities. Checking the logs, you notice a few incidents, but you didn't receive any alerts. What protocol needs to be configured on the IDS?

SMTP

What is the sequence of the three-way handshake?

SYN, SYN-ACK, ACK

What phase comes after footprinting?

Scanning

SSL is a mechanism for which of the following?

Securing transmitted data

Symmetric cryptography is also known as?

Share key cryptography.

Which of the following can help you determine business processes of your target through human interaction?

Social engineering

Which of the following would be a very effective source of information as it relates to social engineering?

Social networking

Which of the following can be used to assess physical security?

Street views

Which of the following describe a hacker who attacks without regard for being caught or punished?

Suicide hacker

An SYN attack uses which protocol?

TCP

Which of the protocol is a connection-oriented protocol?

TCP

What does TOE stand for?

Target of evaluation

A scan of a network client shows that port 23 is open; what protocol is this aligned with?

Telnet

Which of the following is used for banner grabbing?

Telnet

What is the three-way handshake?

The opening sequence of a TCP connection

Why would you need to use a proxy to perform scanning?

To enhance anonymity

Why use Google hacking?

To fine-tune search results

What is the role of social engineering?

To gain information from human being.

What is Tor used for?

To hide the process of scanning

What is the purpose of a proxy?

To keep a scan hidden.

Which tool can trace the path of a packet?

Tracert

A public and private key system differs from symmetric because it uses which of the following?

Two Keys

The Wayback Machine is used to so which of the following?

View archived version of websites

If you have been contract to perform an attack against a target system, you are what type of hacker?

White Hat

Which of the following would most likely engage in the pursuit of vulnerability research?

White Hat

How is black-fox testing performed?

With no knowledge

Which port uses SSL to secure web traffic?

443

What port range is an obscure third-party application most likely to use?

49152 to 65535

What is a code of ethics?

A description of expected behavior

A full-open scan means that the three-way handshake has been completed. What is the difference between this and a half-open scan?

A half-open does not include the final ACK

What separates a suicide hacker form other attackers?

A lack of fear of being caught

What is an ICMP echo scan?

A ping sweep

Which of the following best describes PGP?

A way of encryption data in a reversible method


Related study sets

Chinese Dynasty and Chinese Revolution

View Set

NU 273 PrepU Collecting Subjective Data: The Interview and Health History

View Set

Chapter 37: Assessment and Management of Patients With Allergic Disorders Prep-U

View Set

Indul a karaván - Első fejezet szavai

View Set

Step 4 - Apply Memorization Techniques

View Set