Ethical Hacking Midterm

The U.S. Department of Justice defines a hacker as which of the following?

A person who accesses a computer or network without the owner's permission

A penetration tester is which of the following?

A security professional who's hired to hack into a network to discover vulnerabilities

Some experienced hackers refer to inexperienced hackers who copy or use prewritten scripts or programs as which of the following? (Choose all that apply.)

Packet monkeys

Script kiddies

What three models do penetration or security testers use to conduct tests?

white box

black box

gray box

A team composed of people with varied skills who attempt to penetrate a network is referred to as which of the following?

Red team

How can you find out which computer crime laws are applicable in your state?

Contact your local law enforcement agencies

What portion of your ISP contract might affect your ability to conduct a penetration test over the Internet?

Acceptable use policy

If you run a program in New York City that uses network resources to the extent that a user is denied access to them, what type of law have you violated?

Federal

Which federal law prohibits unauthorized access of classified information?

Computer Fraud and Abuse Act, Title 18

Which federal law prohibits intercepting any communication, regardless of how it was transmitted?

Electronic Communication Privacy Act

Which federal law amended Chapter 119 of Title 18, U.S. Code?

U.S. Patriot Act, Sec. 217: Interception of Computer Trespasser Communications

To determine whether scanning is illegal in your area, you should do which of the following?

Refer to state laws

What organization offers the Certified Ethical Hacker (CEH) certification exam?

EC-Council

What organization designates a person as a CISSP?

International Information Systems Security Certification Consortium (ISC2)

What is an OSCP?

Offensive Security Certified Professional

As a security tester, what should you do before installing hacking software on your computer?

Check with local law enforcement agencies

Before using hacking software over the Internet, you should contact which of the following? (Choose all that apply.)

Your ISP

Local law enforcement authorities to check for compliance

Which organization issues the Top 20 list of current network vulnerabilities?

SANS Institute

A written contract isn't necessary when a friend recommends a client. True or False?

False

A penetration tester should possess which of the following attributes? (Choose all that apply.)

Good listening skills

Knowledge of networking and computer technology

Good verbal and written communication skills

An interest in securing networks and computer systems

The Netstat command indicates that POP3 is in use on a remote server. Which port is the remote server most likely using?

Port 110

On a Windows computer, what command can you enter to show all open ports being used?

Netstat

Which protocol uses UDP?

TFTP

Which protocol offers guaranteed delivery and is connection oriented?

TCP

TCP communication could be likened to which of the following?

Phone conversation

Which of the following protocols is connectionless? (Choose all that apply.)

UDP

IP

Which command verifies the existence of a node on a network?

Ping

FTP offers more security than TFTP. True or False?

True

List the three components of the TCP/IP three-way handshake.

SYN

SYN-ACK

ACK

What protocol is used for reporting or informational purposes?

ICMP

List the six flags of a TCP packet.

SYN

ACK

PSH

URG

RST

FIN

A UDP packet is usually smaller than a TCP packet. True or False?

True

What port, other than port 110, is used to retrieve e-mail?

Port 143

What port does DNS use?

Port 53

What command is used to log on to a remote server, computer, or router?

Telnet

Which of the following is not a valid octal number?

3482

The initial sequence number (ISN) is set at which step of the TCP three-way handshake?

1 and 2

A Ping command initially uses which ICMP type code?

Type 8

"Destination Unreachable" is designated by which ICMP type code?

Type 3

What's the hexadecimal equivalent of the binary number 1111 1111?

FF

What is the main purpose of malware?

Financial gain or destruction

A computer _____ relies on a host to propagate throughout a network.

Virus

An exploit that attacks computer systems by inserting executable code in areas of memory not protected because of poorly written code is called which of the following?

Buffer overflow

Which of the following exploits might hide its destructive payload in a legitimate application or game?

Trojan program

Antivirus software should be updated annually. True or False?

False

Which of the following doesn't attach itself to a host but can replicate itself?

Worm

Which of the following is an example of a macro programming language?

Visual Basic for Applications

One purpose of adware is to determine users' purchasing habits. True or False?

True

List three types of malware.

viruses

worms

Trojan programs

adware

spyware

A software or hardware component that records each keystroke a user enters is called which of the following?

Keylogger

List three worms or viruses that use e-mail as a form of attack.

Waledac

Nimda

Melissa

W32/Sobig.F

The Ping of Death is an exploit that sends multiple ICMP packets to a host faster than the host can handle. True or False?

False

What type of network attack relies on multiple servers participating in an attack on one host system?

Distributed denial-of-service attack

What exploit is used to elevate an attacker's permissions by inserting executable code in the computer's memory?

Buffer overflow

What component can be used to reduce the risk of a Trojan program or rootkit sending information from an attacked computer to a remote host?

Firewall

To reduce the risk of a virus attack on a network, you should do which of the following?

All of the above

The base 64 numbering system uses ____ bits to represent a character.

6

An exploit that leaves an attacker with another way to compromise a network later is called which of the following?

Rootkit

Backdoor

Which of the following is a good place to begin your search for vulnerabilities of Microsoft products?

Microsoft Security Bulletins

An exploit discovered for one OS might also be effective on a different OS. True or False?`

True

Which of the following is a fast and easy way to gather information about a company? (Choose all that apply.)

View the company's Web site.

Look for company ads in phone directories.

To find information about the key IT personnel for a company's domain, you might use which of the following tools? (Choose all that apply.)

Whois

DomainDossier

_____ is one of the components most vulnerable to network attacks.

DNS

Which of the following contains host records for a domain?

DNS

Which of the following is a good Web site for gathering information on a domain?

All of the above

A cookie can store information about a Web site's visitors. True or False?

True

Which of the following enables you to view all host computers on a network?

Zone transfers

What's one way to gather information about a domain?

View the header of an e-mail you send to an e-mail account that doesn't exist

Which of the following is one method of gathering information about the operating systems a company is using?

Search the Web for e-mail addresses of IT employees

To determine a company's primary DNS server, you can look for a DNS server containing which of the following?

SOA record

When conducting competitive intelligence, which of the following is a good way to determine the size of a company's IT support staff?

Review job postings on Web sites such as www.monster.com or www.dice.com

If you're trying to find newsgroup postings by IT employees of a certain company, which of the following Web sites should you visit?

http://groups.google.com

Which of the following tools can assist you in finding general information about an organization and its employees? (Choose all that apply.)

www.google.com

http://groups.google.com

What's the first method a security tester should attempt to find a password for a computer on the network?

Ask the user

Many social engineers begin gathering the information they need by using which of the following?

The telephone

Discovering a user's password by observing the keys he or she presses is called which of the following?

Shoulder surfing

Shoulder surfers can use their skills to find which of the following pieces of information? (Choose all that apply.)

Passwords

ATM PINs

Long-distance access codes

Entering a company's restricted area by following closely behind an authorized person is referred to as which of the following?

Piggybacking

What social-engineering technique involves telling an employee that you're calling from the CEO's office and need certain information ASAP? (Choose all that apply.)

Urgency

Position of authority

Before conducting a security test by using social-engineering tactics, what should you do?

Get written permission from the person who hired you to conduct the security test

Security testers and hackers use which of the following to determine the services running on a host and the vulnerabilities associated with these services?

Port scanning

What is the most widely used port-scanning tool?

Nmap

To find extensive Nmap information and examples of the correct syntax to use in Linux, which of the following commands should you type?

man nmap

To see a brief summary of Nmap commands in a Linux shell, which of the following should you do?

Type nmap -h

Which of the following Nmap commands sends a SYN packet to a computer with the IP address 193.145.85.210? (Choose all that apply.)

nmap -sS 193.145.85.210

nmap -v 193.145.85.210

Which flags are set on a packet sent with the nmap -sX 193.145.85.202 command? (Choose all that apply.)

FIN

PSH

URG

Which Nmap command verifies whether the SSH port is open on any computers in the 192.168.1.0 network? (Choose all that apply.)

nmap -v 192.168.1.0-254 -p 22

nmap -v 192.168.1.0/24 -p 22

A closed port responds to a SYN packet with which of the following packets?

RST

Which parameter can be added to nmap to run a script scan with the default scripts?

-sC

Security testers can use Hping to bypass filtering devices. True or False?

True

A FIN packet sent to a closed port responds with which of the following packets?

RST

A(n) ________ scan sends a packet with all flags set to NULL.

NULL

What is a potential mistake when performing a ping sweep on a network?

Including a broadcast address in the ping sweep range

Port scanning provides the state for all but which of the following ports?

Buffered

A NULL scan requires setting the FIN, ACK, and URG flags. True or False?

False

Why does the fping -f 193.145.85.201 193.145.85.220 command cause an error?

An incorrect parameter is used

In basic network scanning, ICMP Echo Requests (type 8) are sent to host computers from the attacker, who waits for which type of packet to confirm that the host computer is live?

ICMP Echo Reply (type 0)

To bypass some ICMP-filtering devices on a network, an attacker might send which type of packets to scan the network for vulnerable services? (Choose all that apply.)

SYN packets

ACK packets

Which of the following is a tool for creating a custom TCP/IP packet and sending it to a host computer?

Hping

Fping doesn't allow pinging multiple IP addresses simultaneously. True or False?

False