Hands on Ethical Hacking and Network Defense 3rd ed Midterm Prep Chapters 1-6

What penetration model would likely provide a network diagram showing all the company's routers, switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems?

white box

What policy, provided by a typical ISP, should be read and understood before performing any port scanning outside of your private network?

Acceptable Use Policy

What security certification uses the Open Source Security Testing Methodology Manual (OSSTMM) as its standardized methodology?

OPST

What professional security certification requires applicants to demonstrate hands-on abilities to earn their certificate?

Offensive Security Certified Professional

Of what type of laws should a penetration tester or student learning hacking techniques be aware?

all of the other answers

federal

local

state

List 3 penetration testing methodologies.

white box, gray box, black box

Name one thing that you should be knowledgeable about to be an ethical hacker.

the laws

What is the term for an inexperienced hacker?

script kiddie, packet monkey

What is a policy called that tells you what you can and can not do when it comes to the use of a computer at a workplace, for example?

acceptable use policy

List 3 colors of teams involved with penetration testing.

red, blue, purple

What connection-oriented protocol is utilized by the Transport layer?

TCP

What layer, in the TCP/IP stack, do applications and protocols, such as HTTP and Telnet, operate?

Application

What is the decimal equivalent of the binary number 11000001?

193

How many host computers can be assigned a valid IPv4 address when using a CIDR /24 prefix?

254

What layer, in the TCP/IP stack, is responsible for routing a packet to a destination address?

Internet

What layer protocols operate as the front end to the lower-layer protocols in the TCP/IP stack?

Application

What TCP/IP protocol is used to send messages related to network operations and can be used to troubleshoot network connectivity?

ICMP

In the TCP/IP stack, what layer is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP header?

Transport

In the TCP/IP stack, what layer is concerned with physically moving bits across the network's medium?

Network

What TCP flag is responsible for synchronizing the beginning of a session?

SYN flag

List 2 ports that a successful Trojan program commonly uses.

53, 80

List the two different types of keyloggers.

software, hardware

What type of malicious procedure involves using sniffing tools to capture network communications to intercept confidential information or gather credentials that can be used to extend the attack?

eavesdropping

The acronym IDS stands for which of the following?

Intrusion Detection System

If an attacker wishes to collect confidential financial data, passwords, PINs and any personal data stored on your computer which of the following programs would they choose to use?

Spyware

Which of the following is created after an attack and usually hides within the OS tools, so it is almost impossible to detect?

rootkit

What type of hardware devices and computer programs can be used to obtain passwords by capturing key strokes on a targeted computer system?

Keyloggers

A malicious computer program that replicates and propagates itself without having to attach to a host is called which of the following?

worm

Which of the following sometimes displays a banner that notifies the user of its presence?

Adware

The virus signature file is maintained by what type of software?

antivirus

What is a Web bug?

1-pixel x 1-pixel image file

What is the most common HTTP method?

GET

List the five high-level techniques used by social engineers in their attempts to gain information from unsuspecting people; i.e. not specific like tailgating or dumpster diving.

Urgency, Quid pro quo, Status quo, Kindness, Position

What information can one use HTTP methods to gain to help run an exploit on a server?

OS version

List four tools available for footprinting provided by a default Linux distro or most *nix systems.

whois, wget, dig, netcat

What area of a network is a major area of potential vulnerability because of the use of URLs?

DNS

What is the passive process of finding information on a company's network called?

footprinting

Which tool can be used to gather competitive intelligence from Web sites?

Metis

Which HTTP error informs you the server understands the request but refuses to comply?

403 Forbidden

What social engineering tactic can be utilized to acquire old notes that may contain written passwords or other items that document important information?

dumpster diving

What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance?

Piggybacking

What is the HTTP method that retrieves data by URI?

GET

Which HTTP method is used with a proxy that can dynamically switch to a tunnel connection, such as Secure Socket Layer (SSL)?

CONNECT

When an individual attempts to discover as much information legally possible about their competition, what information gathering technique are they performing?

competitive intelligence

Which technique can be used to read PINs entered at ATMs or at other areas when a pin code is entered?

shoulder surfing

Which of the following is a text file generated by a Web server and stored on a user's browser?

cookie

Which process utilizes the knowledge of human nature to get information from people to use for executing an attack on a computer network?

social engineering

What type of general commands allow a security tester to pull information from a Web server using a web browser?

HTTP

Which HTTP error informs you the server understands the request but refuses to comply?

403 Forbidden

What tool can be used to read and write data to ports over a network?

Netcat

List 3 reasons depending on ping sweeps to find out which hosts are "live" may be a problem.

shut down, ICMP Echo, filtered

If subnetting is used in an organization, why should you be extra cautious when performing ping sweeps?

broadcast

What is a TCP scan?

In this type of scan, a TCP packet is sent to the target computer. If the port sends back an ICMP "Port Unreachable" message, the port is closed. Again, not getting that message might imply the port is open, but this isn't always true. A firewall or packet-filtering device could undermine your assumptions.

One of the limitations when using "ping sweeps" is that many network administrators configure nodes not to respond to ICMP Echo Requests. What type of ICMP Echo message is being disabled by these administrators?

reply

Which vi command deletes the current line?

Dd

To verify if all the IP addresses of a network are being used by computers that are up and running, you can use a port scanner to perform what procedure on a range of IP addresses?

ping

In any *NIX system, after saving a script named "script_name," you need to make it executable so that you can run it. Which command will accomplish this task from the command line?

chmod +x script_name

If an attacker decides to implement a less obvious port-scan, or stealth attack, which of the following techniques would be appropriate to make their activities more difficult to detect?

limit their scan speeds

What advanced port-scanning tool can allow a security tester to bypass filtering devices by injecting crafted or otherwise modified IP-packets into a network?

Hping

Which of the following describes a text file containing multiple commands that would usually be entered manually at the command prompt?

script

List 3 things that one can gather using the "Simple Network Management Protocol".

system statistics, version numbers, network statistics

________ is an excellent GUI product for managing and securing Microsoft OSs. The interface is easy to use and gives security professionals a wealth of information. With just a click,you can look at the shares and user logon names for Windows servers and domain controllers. If any domains or workgroups are on the network, this tool displays them, too. ________ can also display a graphical representation of the following areas:

- Microsoft Terminal Services

- Microsoft Windows Network

- Web Client Network

- Find User/Group

Hyena

What does the "NBT" part of "NBTscan" stand for?

NetBIOS over TCP/IP

What type of unauthenticated connection is considered to be a significant vulnerability of NetBIOS systems?

null session

The computer names you assign to Windows systems are called which of the following?

NetBIOS

Which of the following is an excellent GUI tool for managing Windows OSs and is capable of displaying graphical representations of several areas?

Hyena

What boot loader will allow your computer or laptop to start in both Windows and Linux?

GRUB

Which of the following is a useful enumeration tool that enables you to find out who is logged into a *nix system with one simple command?

Finger utility

Which of the following is a Windows programming interface that allows computers to communicate across a local area network (LAN)?

NetBIOS

(fill in the blank)

________ is a popular enumeration tool for Windows systems. The information you can gather with this tool is astonishing. For example, after connecting to a Windows server, you can download the following information:

- Permissions for shares

- Permissions for printers

- Permissions for the Registry

- Users in column or table format

- Policies (such as local, domain, or group policies)

- Rights

- Services

dumpsec