ITSY 2330 Study Guide 2 Modules 4-6

c. Piggybacking

12. When a person without any security credentials follows close behind another employee to enter a restricted area, what tactic is being used? a. Shoulder surfing b. Footprinting c. Piggybacking d. Dumpster diving

D. Social engineering

13. Which process utilizes the knowledge of human nature to get information from people to use for executing an attack on a computer network? a. fingerprinting b. footprinting c. zone transferring d. social engineering

a. shoulder surfing

14. Which technique can be used to read PINs entered at ATMs or at other areas when a pin code is entered? a. shoulder surfing b. footprinting c. zone transfering d. piggybacking

d. phishing

15. Which type of social engineering attack attempts to discover personal information through the use of email? a. email surfing b. footprinting c. spamming d. phishing

D. All of the choices are reasons why dumpster diving can be effective.

16. Why is a simple process like "dumpster diving" so effective when gathering information utilizing social engineering? A. Sometimes network administrators write notes in manuals or even write down passwords. B. Company calendars with meeting schedules, employee vacation schedules, and so on can be used to gain access to offices that won't be occupied for a specified period. C. Discarded computer manuals can indicate what OS is being used. D. All of the choices are reasons why dumpster diving can be effective.

d. The port is open.

17. A computer receives a SYN packet and responds with a SYN/ACK packet. What is the status of this port? A. The port is filtered. b. The port is unfiltered. c. The port is closed. d. The port is open.

d. web bug

8. What 1-pixel x 1-pixel image file is referenced in an <img> tag, and usually works with a cookie to collect information about the person visiting the website? a. spyware b. zone transfer c. cookie d. web bug

a. Zed Attack Proxy

9. What footprinting tool would be most helpful in determining network vulnerabilities? a. Zed Attack Proxy b. Maltego c. Domain Dossier d. White Pages

a. footprinting

10. What is the passive process of finding information on a company's network called? a. footprinting b. searching c. calling d. digging

c. HTTP

11. What type of general commands allow a security tester to pull information from a server using a web browser? a. TFTP b. DNS c. HTTP d. ARP

A. DNS can be used in combination with zone transfers to get a diagram of an organization's network.

1. How can DNS be used for footprinting? A. DNS can be used in combination with zone transfers to get a diagram of an organization's network. B. DNS is a set of tools available for free that assist with footprinting. C. DNS can be used as a HTTP proxy that processes HTTP requests between the browser and the user. D. DNS can be used as an automated way to discover pages of a website by following links.

C. A filtering device looks for the SYN packet, the first packet in the three-way handshake. If the attacked port returns an RST packet, the packet filter was fooled, or there's no packet-filtering device.

18. Attackers typically use ACK scans to get past a firewall or other filtering device. How does the process of an ACK scan work to determine whether or not a filtering device is in place? A. A filtering device looks for the ACK packet, so by using an ACK scan, firewalls are automatically fooled. B. A filtering device looks for the SYN packet, the last packet in the three-way handshake. If the attacked port returns an SYN/ACK packet, the packet filter was fooled, or there's no packet-filtering device. C. A filtering device looks for the SYN packet, the first packet in the three-way handshake. If the attacked port returns an RST packet, the packet filter was fooled, or there's no packet-filtering device. D. A filtering device looks for the ACK packet, the first packet in the three-way handshake. If the attacked port returns an SYN packet, the packet filter was fooled, or there's no packet-filtering device.

b. The port is open.

19. 19. During a NULL scan, no packet is received as a response. What is the most likely cause of no packet receipt? a. The port is closed. b. The port is open. c. The port is unfiltered. d. The port is filtered.

a. #!/bin/sh

20. In a Linux script, which of the lines is important because it identifies the file as a script? a. #!/bin/sh b. #!/bin/script c. #!/bin/shscript d. #!/bin/sc

c. Zenmap

21. Nmap has a GUI front end that makes it easier to work with some of the complex options. Which of the following is the Nmap GUI front end? a. Nmap GUI b. Fping c. Zenmap d. Hping

b. Fping

23. What network security tool, usually included with Kali Linux, allows a user to ping multiple IP addresses? A. Hping3 b. Fping c. Tcpdump d. Nessus

b. NMap

24. What open-source port-scanning tool is considered to be the standard port-scanning tool for security professionals? a. NULL b. NMap c. NScanner d. PortGhost

c. XMAS scan

25. What type of port scan has the FIN, PSH, and URG flags set? a. NULL scan b. Connect scan c. XMAS scan d. ACK scan

c. FIN

26. When a TCP three-way handshake ends, both parties send what type of packet to end the connection? a. SYN b. ACK c. FIN d. RST

a. ping sweep

28. When using a port-scanner, what procedure can be conducted to identify which IP addresses belong to active hosts? a. ping sweep b. ping check c. network sweep d. ICMP probing

D. a set of commands repeatedly used to perform the same task

29. Which of the following would be a good candidate for a script? A. a single command that is never or rarely used B. a set of commands that are never or rarely used C. a single command that is used repeatedly to perform the same task D. a set of commands repeatedly used to perform the same task

a. do

30. Which statement is where the script performs its main task? a. do b. while c. count d. bin

d. A computer might not respond even though it is live.

31. Why is depending on ping sweeps to find out which hosts are live a problem? a. Many network administrators configure nodes to respond to an ICMP Echo Request (type 8). b. Ping sweeps will acknowledge whether not a range of IP addresses have live hosts, but they will not identify the exact IP addresses of live hosts. c. Responses to ping sweeps are only sent when a computer is shut down. d. A computer might not respond even though it is live.

A. Nmap has become one of the most popular port scanners and adds new features constantly, such as OS detection and fast multiple-probe ping scanning.

32. Why is it important for a security tester to be able to use Nmap? A. Nmap has become one of the most popular port scanners and adds new features constantly, such as OS detection and fast multiple-probe ping scanning. B. Nmap has a GUI front end called Zenmap that makes working with complex options easier. C. Nmap has been enhanced over the years because, like many other security tools, it's open-source; if bugs are found, users can offer suggestions for correcting them. D. Nmap is important for a security tester to be able to use for all of the reasons listed within the choices.

C. Resolving hostnames to IP addresses and vice versa

6. One method of gathering information when footprinting a network is through the Domain Name System (DNS). What is the responsibility of DNS? A. resolving hostnames to IP addresses B. resolving IP addresses to hostnames C. Resolving hostnames to IP addresses and vice versa D. transferring records from servers

B. Port scanning helps hackers to answer questions about open ports and services by enabling them to quickly scan thousands of IP addresses.

33. Why is port scanning useful for hackers? A. Port scanning compares signatures (hashes or code patterns) and common malicious programmatic behaviors (heuristic analysis) of known viruses against every file on a port. B. Port scanning helps hackers to answer questions about open ports and services by enabling them to quickly scan thousands of IP addresses. C. Port scanning would most likely identify traffic that is using unfamiliar ports. D. Port scanning can be used to capture keystrokes throughout a port, giving hackers access to valuable information such as bank account credentials or passwords.

a. These systems store more information.

34. A NetBIOS suffix may identify a computer or server being enumerated as a domain controller. Why do hackers often exert more effort to attack computers identified as domain controllers? a. These systems store more information. b. These systems are easier to hack. c. These systems do not have firewalls. d. These systems are registered by the Microsoft Exchange Interchange service.

c. The network can be accessed remotely. .

35. A network is running SNMP on its system. about the network? What can be assumed a. The network uses Windows OS. b. The network uses *nix OS. c. The network can be accessed remotely. d. The network cannot be accessed remotely.

C. Some users are careless when creating passwords.

36. A quick Internet search will reveal many free password-cracking programs. Why are security testers often able to guess passwords without needing these special programs? A. Some users create stringent passwords. B. Some users change default passwords. C. Some users are careless when creating passwords. D. Hackers are often able to memorize thousands of passwords.

C. Using one enumeration tool may lead to a discovery that directs you to use another enumeration tool.

37. Enumeration is described as a process of discovery. What does this mean? A. Enumeration is the passive process of discovering information. B. Currently just one tool exists for enumeration, so other tools are waiting to be discovered. C. Using one enumeration tool may lead to a discovery that directs you to use another enumeration tool. D. Discovering live systems on a network is done through enumeration.

C. Port scanning allows a security tester to discover live systems on a network. The next steps are finding what resources are shared on the systems, discovering logon accounts and passwords, and gaining access to network resources through enumeration.

38. How does port scanning help in the enumeration process? A. Port scanning is the next logical step after enumeration. B. Enumeration is synonymous with port scanning. C. Port scanning allows a security tester to discover live systems on a network. The next steps are finding what resources are shared on the systems, discovering logon accounts and passwords, and gaining access to network resources through enumeration. D. Enumeration allows a security tester to discover live systems on a network. The next steps are finding what resources are shared on the systems, discovering logon accounts and passwords, and gaining access to network resources through port scanning.

d. default

39. SNMPWalk is a tool useful in enumerating hosts running SNMP with what type of configuration? a. open b. administrator c. advanced d. default

b. NetBIOS

40. The computer names you assign to Windows systems are called which of the following? a. AD Names b. NetBIOS c. NetDDE d. IIS

d. port scanning

41. To determine what resources or shares are on a network, security testers must use footprinting and what other procedure to determine what services a host computer offers? a. rookits b. ping sweeps c. sandboxing d. port scanning

d. GRUB

42. What bootloader will allow a computer or laptop to start in both Windows and Linux? a. BASH b. BIOS c. X500 d. GRUB

c. SecureBoot

43. What feature implemented in Windows 8.1 prevents the execution of non-trusted boot content, preventing rootkits? a. Windows Defender b. AppLocker c. SecureBoot d. Hyper-V

d. Windows Containers

44. What feature implemented in Windows Server 2016 allows for application isolation to protect applications from one another? a. Windows Boxes b. Windows VMs c. Windows NT d. Windows Containers

D. All of the choices can be extracted with enumeration.

45. What information can be extracted with enumeration? A. Only resources or shares on the network B. Only network topology and architecture C. Usernames or groups assigned on the network and information about users' recent logon times D. All of the choices can be extracted with enumeration.

b. NetBIOS

46. What utility can be used for enumerating Windows OS's? a. LDAP b. NetBIOS c. NBTscan d. Solaris

A. Enumeration is the process of accessing and extracting information from a network.

47. Which of the following best describes enumeration? A. Enumeration is the process of accessing and extracting information from a network. B. Enumeration is the visualization of the structure and connectivity within a network. C. Enumeration is used to find out which hosts are "live" by simply pinging a range of IP addresses and seeing what type of response is returned. D. Enumeration is a method of finding out which services a host computer offers.

b. Finger utility

48. Which of the following is a useful enumeration tool that enables you to find out who is logged into a *nix system with one simple command? a. Net utility b. Finger utility c. Nix utility d. Point utility

d. Enumeration

49. Which of the following is the most intrusive? a. Footprinting b. Passive reconnaissance c. Port scanning d. Enumeration

d. All of these tools can be used for *nix enumeration.

50. Which tool is most useful for *nix enumeration? a. SNMPWalk b. OpenVAS c. Nmap d. All of these tools can be used for *nix enumeration.

c. nc -h

7. To see additional parameters that can be used with the Netcat command, what should you type at the command prompt? a. nc -l b. nc -p c. nc -h d. nc -u

B. Find the DNS server containing a Start of Authority (SOA) record.

How can an individual determine a company's primary DNS server? a. Ask an employee. B. Find the DNS server containing a Start of Authority (SOA) record. C. Look for the DNS server with a Host record. d. Use the ZAP tool.

C. The Whois utility is a commonly used tool for gathering IP address and domain information.

How can computer criminals use the Whois utility for their purposes? A. The Whois utility replaces the nslookup command and performs DNS zone transfers. B. The Whois utility searches through previous versions of a website to uncover historical information about a target. C. The Whois utility is a commonly used tool for gathering IP address and domain information. D. The Whois utility can be used to uncover the underlying technologies that a website operates on.

B. By gathering information from a company's website.

How do most attacks begin? A. By massive data breaches with leaked information. B. By gathering information from a company's website. C. By utilizing third-party websites to glean more information about a company. D. Most attacks occur randomly.

b. dig

In *nix systems, the nslookup command has been replaced by which recommended command? a. wget b. dig c. netcat d. whois

d. reply

One of the limitations when using "ping sweeps" is that many network administrators configure nodes not to respond to ICMP Echo Requests. What type of ICMP Echo message is being disabled by these administrators? a. ping b. test c. acknowledge d. reply

b. flag

When security professionals create a packet, they may choose to specifically set which of the following fields to help initiate a response from a target computer? a. box b. flag c. open d. id