Pentesting

Ace your homework & exams now with Quizwiz!

A Logic bomb typically has how many parts?

2

Port number _____ is used for SMTP?

25

Which of the following specifies security standards for wireless?

802.11i

What is an ICMP echo scan?

A Ping Sweep

Which of the following is true of a worm? (select two)

A worm is a form of malware., A worm replicates on its own.

What response is missing in a SYN flood attack?

ACK

What is a rouge access point?

An access point not managed by the company

An overt channel is _________.

An obvious method of using a system.

What utility can be used to stop auditing or logging of events?

Auditpol

Session hijacking can be thwarted with which of the following?

Authetication

A common attack against web servers and web applications is ___________.

Buffer overflow

How is a brute force attack preformed?

By trying all possible combinations of characters

A Session hijack cab be initiated from all the following except which one?

Cookies and devices

SQL injection attacks are aimed at which of the following?

Databases

What type of database has information spread across many desperate systems?

Distributed

What is the last phase before you attempt to gain access to systems?

Enumeration

Groups and individuals who hack systems based on principle or personal beliefs are know as __________.

Hacktivists

Groups and individuals who hack web server or web application based on a principle or personal belief are?

Hacktivists

Wireless access points function as ______.

Hub

Session hijacking can be performed on all the following except which one?

IPSEC

Which technology can provide protection against session hijacking?

IPSec

A banner can do what?

Identify a service

You receive word of an unauthorized charge to you credit card. What type of attack is this?

Identity Theft

An SSID is used to do which of the following?

Identity of a network

What option would you use to install software that's not from the Google Play store?

Install from unknown sources

Using __________, when talking to a victim can make the attack easier.

Keywords

Is a hash used to store passwords in older Windows systems.

LM

Which DoS attack sends traffic with a spoofed IP of the target itself?

Land

Android is based on which operating system?

Linux

What is used to monitor application errors and violations on a web server or application?

Logs

When a device is rooted, what is the effect on security?

Lowered

Social Engineering is designed to _______.

Manipulate human behavior

SNMP is used for which of the following?

Monitor Network Devices

Alternate data streams are supported in which file systems

NTFS

An attacker can use which technique to influence a victim?

Name-Dropping

What type of scan is designed to locate all active hosts on a network?

Network Scan

NTP stands for

Network Time Protocol

A password attack that does not require technical skill or knowledge.

Nontechnical Attack

Which type of DNS record helps in mapping an IP address to a hostname?

PTR

What does the enumeration phase not discover?

Ports

Adding to and removing from a program stack are known as what?

Push and pop

Identify the hacking phase in which an attacker tries to gather information about the target prior to launch an attack.

Reconnaissance

can be used to attack databases.

SQL injections

is used to audit databases.

SQLPing

A POODLE attack targets what exactly?

SSL

Bluejacking is a means of which of the following?

Sending unsolicited messages

From the following, identify the attack in which an attacker exploit default configuration and settings of off-the-self libraries and code.

Shrink- Wrap Code Attacks

Which of the following is designed to locate wireless access points?

Site Survey

What is the most common sign of a DoS attack?

Slow Performance

An ethical hacker sends a packet with a deliberate and specific path to its destination. What technique is being used?

Source Routing

What can an error message tell an attacker?

Success of an attack, Failure of an attack, structure of a database

A DNS zone transfer is used to do which of the following?

Synchronize server information

What is the key difference between a smurf and a fraggle attack?

TCP vs UDP

Which of the following is not a Trojan?

TCPTROJAN

What is an eight in one DoS tool that can launch such attacks as land and teardrop?

Targa

Why would you use a proxy to preform a scan?

To enhance Anonymity

What is the goal of Network mapping?

To gain a clearer picture of the network

A man-in-the-browser attack is typically enabled by using which mechanism?

Trojans

What protocol is used to carry out a fraggle attack?

UDP

Session fixation is a vulnerability in which of the following?

Web applications

WEP is designed to offer security comparable to which of the following?

Wired Networks

Which of the following is another name for a record in a database?

cell

Which command can be used to view NetBIOS information?

nbtstat

Which command is used to limit data in SQL server?

WHERE

Which of the following is a device used to perform a DoS on a wireless network?

WIFI Jammer

Which of the following makes WPA easy to defeat?

WPS Support

XSS is typically targeted toward which of the following?

Web Browsers

Session hijacking can be used against a mobile device using all the following Except?

Worms

Google supports several advanced operators that help in modifying the search. Which ofthe following Google advanced search operator displays the web pages stored in the Google cache

[cache:]

What is a client-to-client wireless connection called?

ad hoc

Which of the following is not a source of session IDs?

Anonymous login

An attacker can use a(n) _______ to return to a system.

Backdoor

__________ can be used to identify a web server.

Banner Grab

A good defense against password guessing is ___________.

Complex Passwords

Databases can be a victim of a code exploits depending on which of the following?

Configuration

What is used to store session information?

Cookie

Which of the following is used to access content outside the root of a website?

Directory Traversing

What may be helpful in protecting the content of a web server from being viewed by unauthorized personnel?

Encryption

A blind SQL injection attack is used when which of the following is true?

Error messages are not available

Humans tend to follow set patterns and behaviors known as ________.

Habits

Which technology can provide protection against session hijacking?

IPSEC

A sparse infector virus ________.

Infects Files Selectively

In a DoS attack, what communications channel is commonly used to orchestrate the attack?

Internet Relay Chat (IRC)

Warchalking is used to do which of the following?

Make others aware of a wireless network

What is main difference between DoS and DDoS?

Number of Attackers

iOS is based on which operating system?

OS X

Which of the following is an example of a server-side scripting language?

PHP

What could a company do to protect itself from a lass of date when a phone is stolen?

Passwords, Encryption, Remote wipe

An attack that includes an enticing link to click on, is what type of attack?

Phishing

What is the benefit of encryption on mobile devices?

Protection of data on lost or stolen devices

Web applications are used to _________.

Provide Dynamic Content

is a type of offline attack

Rainbow Attacking

Which attack can be used to take over a previous session?

Session Hijacking

In which type of Social engineering technique does an attacker secretly observers the target to gain critical information such as passwords, credit card information, etc.?

Shoulder Surfing

Social Engineering can be thwarted using what kind of controls? (select all that apply)

Technical , Administative, Physical

Social Engineering preys on many weaknesses, including _____________. (choose all that apply)

Technology, People, Human nature, Physical

What is the best option for thwarting social-engineering attacks?

Training

A man-in-the-browser attack delivered by a piece of malware can be prevented by which of the following?

AV

Jailbreaking a phone refers to what?

Acquiring root access on a device

Phishing can be mitigated through the use of _______. (choose two)

Spam filtering, Education


Related study sets

Games and Strategic Behavior (Chapter 9)

View Set

Consumer choice (econ 101 midterm 2)

View Set

Bipolar and Depressive disorders CH 26

View Set

Chapter 3: Business Continuity Planning

View Set

Section 5.6 Part 1: Writing Ratios and Using Ratios in Applications

View Set

chapter 18: disorders of blood flow and blood pressure objectives

View Set

CH 8 Application: The Costs Of Taxation

View Set

Chapter 43: Fluid and Electrolyte Balance

View Set