Ethical Hacking

It is possible to have a wireless network that does not connect to a wired network.

True

There are measures for preventing radio waves from leaving or entering a building so that wireless technology can be used only by people located in the facility.

True

Which of the following terms is the rate at which a sound wave repeat?

frequency

When hackers drive around or investigate an area with an antenna, they are usually looking for which component of a wireless network?

access point

Which of the following IEEE projects was developed to create LAN and WAN standards?

802

In 802.11, which of the following is an addressable unit?

station (STA)

Which of the following is contained in a wireless frequency band and breaks up the band into smaller frequency ranges?

channels

Which frequency band is used by commercial AM radio stations?

medium frequency (MF)

Which of the following protocols is an enhancement to PPP, and was designed to allow a company to select its authentication method?

EAP

Which of the following EAP methods uses TLS to authenticate the server to the client, but not the client to the server?

PEAP

Defines how data is placed on a carrier signal

modulation

Data is spread across a large-frequency bandwidth instead of traveling across just one frequency band

spread spectrum

Data hops to other frequencies to avoid interference that might occur over a frequency band

FHSS

A technology that uses microwave radio band frequencies to transmit data

narrowband

Data packets are spread simultaneously over multiple frequencies instead of hopping to other frequencies

DSSS

Technology is restricted to a single room or line of sight because this light spectrum cannot penetrate walls

Infrared (IR)

A standard that addresses the issue of authentication

802.1x

An enhancement to PPP, that was designed to allow a company to select its authentication method

EAP

The name used to identify a WLAN

SSID

An independent WLAN without an AP

ad-hoc network

AES uses a 128-bit key and is used in PGP encryption software.

false

ECC is an efficient algorithm requiring few hardware resources, so it's a perfect candidate for wireless devices and cell phones.

True

Which of the following is the process of converting ciphertext back into plaintext?

decryption

Which of the following is a mathematical function or program that works with a key?

encryption algorithm

Cryptosystems that have a single key that encrypts and decrypts data are using what type of algorithm?

symmetric

Which type of symmetric algorithm operates on plaintext one bit at a time?

stream ciphers

Which of the following encryption standards is part of the NSA's suite B cryptographic algorithms and is validated strong enough to protect classified data?

AES-256

What encryption algorithm can be used for both encryption and digital signing, uses a one-way function, and is still widely used in e-commerce?

RSA

A certificate contains a unique serial number and must follow which standard that describes the creating of a certificate?

X.509

In what type of attack does the attacker have the ciphertext of several messages that were encrypted with the same encryption algorithm, but has no access to the plaintext so he or she must try to calculate the key used to encrypt the data?

ciphertext-only

Routers operate at the Network layer of the TCP/IP protocol stack.

True

What configuration mode allows a Cisco administrator to configure router settings that affect the overall operations of the router?

Global configuration mode

If a Cisco administrator needs to configure a serial or Fast Ethernet port, which configuration mode should they use?

Interface configuration mode

Which of the following sits between the Internet and the internal network and is sometimes referred to as a perimeter network?

DMZ

Which type of device monitors a network's hardware so that security administrators can identify attacks in progress and stop them?

IDS

What type of an IDS is being used when it does not take any action to stop or prevent an activity occurring?

passive system

A large organization that is responsible for sensitive or critical data may elect to create which of the following to do damage assessment, risk remediation, and legal consultation?

Security Operations Center

Which IDS system uses a baseline of normal activity and then sends an alert if the activity deviates significantly from this baseline?

Anomaly-based IDS

What type of firewall inspects network traffic at a higher level in the OSI model than a traditional stateful packet inspection firewall does?

application-aware firewall

What router feature provides basic security by mapping internal private IP addresses to public external IP addresses, essentially hiding the internal infrastructure from unauthorized personnel?

NAT

Windows 10, Windows 8, Windows Server 2016, and Windows Server 2012 have most services and features enabled by default.

False

To determine whether a system could be vulnerable to an RPC-related issue, which of the following tools can be used?

MBSA

Which of the following protocols does NetBios use to access a network resource?

NetBEUI

What specific type of Windows Servers are used to authenticate user accounts and contain most of the information that attackers want to access?

domain controllers

Which of the following is an open-source implementation of CIFS?

Samba

Red Hat and Fedora Linux use what command to update and manage their RPM packages?

yum

For a Windows computer to be able to access a *nix resource, which of the following must be enabled on both systems?

CIFS

What is the most serious shortcoming of Microsoft's original File Allocation Table (FAT) file system?

no ACL support

When using the Common Internet File System (CIFS), which security model will require network users to have a user name and password to access a specific resource?

User-level security

Which of the following is considered to be the most critical SQL vulnerability?

null SA password

Amount of code a computer system exposes to unauthenticated outsiders

attack surface

A Windows client/server technology introduced in 2005 used to manage patching and updating system software from the network

Windows software update services

Microsoft's standard for managing Windows security patches on multiple computers in a network between 1994 and 2005

Systems management server

Used to share files and usually runs on top of NetBIOS, NetBEUI, or TCP/IP

Server message block

A fast and efficient protocol that requires little configuration and allows transmitting NetBIOS packets over TCP/IP

NetBEUI

An OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users

Mandatory access control

A standardized protocol that replaced SMB in Windows 2000 Server and later

Common internet file system

In 2007 became Windows new standard to deploy and manage servers alongside updated patch-management functionality

System center configuration manager

An interprocess communication mechanism that allows a program running on one host to run code on a remote host

remote procedure call

An open-source implementation of CIFS

Samba

Adobe System's ColdFusion uses its proprietary tags, which are written in which of the following languages?

CFML

Which of the following cross-site scripting vulnerabilities types relies on social engineering to trick a user into visiting a maliciously crafted link or URL?

Reflected

Which of the following interfaces is a standard database access method, developed by SQL Access Group, that allows an application to access data stored in a database management system (DBMS)?

ODBC

Which of the following interfaces, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system (DBMS)?

OLE DB

Which of the following does Object Linking and Embedding Database (OLE DB) rely on that allows an application to access data stored on an external device?

connection strings

Which of the following cross-site scripting vulnerabilities types is especially harmful because it can be delivered to subsequent users of the application?

Stored

Which of the following application tests analyzes an application's source code for vulnerabilities, and is therefore only possible when the source code of an application is available?

Static Application Security Testing

Which of the following application tests analyzes a running application for vulnerabilities?

Dynamic Application Security Testing

What is the specific act of checking a user's privileges to understand if they should or should not have access to a page, field, resource, or action in an application?

authorization

Which of the following refers to the flow a user is expected to follow in an application to accomplish a goal?

business logic

Which of the following is a common Linux rootkit?

Linux Rootkit 5

Which of the following systems should be used when equipment monitoring and automation is critical?

SCADA

Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device?

firmware

SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following?

air gap

What type of viruses and code has been created by security researchers and attackers that could infect phones running Google's Android, Windows Mobile, and the Apple iPhone OS?

Java-based

Which one of the following, if compromised might allow attackers the ability to gain complete access to network resources?

router

A device that performs more than one function, such as printing and faxing is called which of the following?

MFD

What type of malicious code could be installed in a system's flash memory to allow an attacker to access the system at a later date?

BIOS-based rootkit

Wget is a *nix system command that can be used to retrieve HTTP, HTTPS, and FTP files over the Internet.

True

What tool can be used to read and write data to ports over a network?

Netcat

Which HTTP error informs you the server understands the request but refuses to comply?

403 Forbidden

To see additional parameters that can be used with the Netcat command, what should you type at the command prompt?

nc -h

Which process enables you to see all the host computers on a network and basically give you a diagram of an organization's network?

zone transfers

What area of a network is a major area of potential vulnerability because of the use of URLs?

DNS

Which technique can be used to read PINs entered at ATMs or at other areas when a pin code is entered?

shoulder surfing

What social engineering tactic can be utilized to acquire old notes that may contain written passwords or other items that document important information?

dumpster diving

What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance?

Piggybacking

Which of the following is a text file generated by a Web server and stored on a user's browser?

cookie

A popular port scanners that has the ability to use a GUI front end

Nmap

Allows you to ping multiple IP addresses simultaneously and is usually included in Kali Linux

Fping

Tool for performing ping sweeps and used to bypass filtering devices by injecting crafted or otherwise modified IP-packets

Hping

The original utility from which OpenVas was developed

Nessus

A port state which does not allow entry or access to a service

closed port

An open-source fork of Nessus

OpenVAS

A port state that may indicate a firewall is being used to allow specified traffic into or out of the network

filtered port

A port state that allows access to applications and can be vulnerable

open port

Allows you the ability to scan thousands or even tens of thousands of IP addresses quickly

port scanning

Performed by port scanners to scan large networks to identify which IP addresses belong to active hosts

ping sweep

Port scanning is a method of finding out which services a host computer offers.

True

In a NULL scan, all packet flags are turned on.

False