06- Footprinting Flashcards

1
Q

active fingerprinting

A

specially crafted packets are sent to the operating system get a response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Application

A

Is designed for end user operation. It is a program or collection of programs that provides users with access to word processors, Web browsers, picture viewer, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Attack

A

occurs when a system is compromised based on a vulnerability by an unknown exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

banner grabbing

A

can reveal compromising information about the operating system and the services that are running on the system; works by using Telnet or a proprietary program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

BiLE

A

stands for Bi?directional Link Extractor; includes a couple of Perl scripts used in enumeration processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DNS footprinting

A

allows you to obtain information about DNS zone data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DNS zone data

A

includes DNS domain names, computer names, IP addresses, and more information about the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

DNSstuff

A

DNS interrogation tool; extracts DNS information about IP addresses, mail server extensions, DNS lookups, WHOIS lookups, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Enumeration

A

the first attack on a target network; the process to gather the information about a target machine by actively connecting to it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Ethical Hacking

A

testing the resources for a good cause and for the betterment of technology; another term for ?penetration testing.?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Exploit

A

written to take advantage of a vulnerability; could be a piece of software; a technology; or data that can cause damage or change the behavior of a computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Firewall

A

Is a security system consisting of a combination of hardware and software which limits the exposure of a computer or computer network to attack from crackers; commonly used on local area networks that are connected to the Internet. It is a tool that provides security to a network against unauthorized access from the Internet or other outside networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

footprinting

A

the first step in hacking; the process of collecting information about a target network and its environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Google

A

A popular search engine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Google hacking

A

refers to creating complex search engine queries; An attacker can try to find websites that are vulnerable to exploits and vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Google Hacks

A

a compilation of carefully crafted Google searches that expose novel functionality from Google’s search and map services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Goolink Scanner

A

removes the cache from your searches, and collects and displays only vulnerable site’s links

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Gooscan

A

a tool that automates queries against Google search appliances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Hackers for Charity

A

a group of technologists who have sourced their information from various sources and maintain a GHDB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Hacking

A

a loaded term that in some ways defies definition. Very simply, it is an intrusion upon a system. In some cases, as with Certified Ethical Hackers, this intrusion is solicited for the purposes of defining and ultimately resolving network vulnerabilities. Still, in others, hacking denotes unauthorized access. In some cases, the term “hacker” is used synonymously with “programmer”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Initial information gathering

A

Gathering information available in the outside world about any organization

22
Q

Intrusion Detection System (IDS)

A

Can either be implemented as hardware or software and is responsible for monitoring a network and defining various activities as either valid, allowed activities or malicious activities, all based on predefined rules

23
Q

Intrusion Prevention System (IPS)

A

an active IDS; the next level of security technology with its capability to provide security at all system levels from the operating system kernel to network data packets

24
Q

IP addresses

A

used to find the machines in a network

25
Q

IPSec (Internet Protocol Security)

A

a collection of protocols to support data packet exchange at the IP layer

26
Q

Linux

A

the number one OS used for hacking and penetration testing; started in 1991 by Finnish student Linus Torvalds

27
Q

Maltego

A

a platform that gives you a clear threat picture to the environment that an organization owns and operates; footprinting tool

28
Q

Malware

A

any type of program that is created with the intent to cause damage, steal data, or abuse computer system resources; includes computer viruses, worms, and Trojan horses

29
Q

map

A

provides the hacker with a blueprint of the organization?s security profile

30
Q

Metagoofil

A

performs a search in Google to identify and download the documents to a local disk and then extracts the metadata with different libraries such as Hachoir and PdfMiner

31
Q

Netcat

A

known as the Swiss Army knife for hackers because it can perform many different tasks all in one small program

32
Q

Netcraft

A

a wide neighborhood watch scheme; enables anyone who is alert at that moment to defend everyone within the community against phishing attacks

33
Q

network scanning

A

scanning the private and public network; Most of the techniques are developed to scan internally and quite a few have the ability to scan the public network and give reliable results.

34
Q

Nmap

A

considered one the best available tools for security scanning; free and open source and works on Linux, Windows, and Mac OS X

35
Q

operating system

A

A software system which manages the interaction between users and hardware

36
Q

passive fingerprinting

A

try to sniff a packet and try to understand the operating system and its version

37
Q

Patch

A

a fix to a vulnerability

38
Q

Pen testers

A

Penetration testers; people who perform penetration testing, also called Ethical Hackers

39
Q

Penetration testing

A

also referred to as ethical hacking; however, the validity of the term ?ethical hacker? is debated still today. The primary difference between penetration testing and vulnerability scanning is that penetration testing actually exploits a vulnerability and access to a target resource is obtained to prove without a doubt that the system or resource is vulnerable to attack. As with vulnerability scanning, penetration scanning should occur routinely and only with the permission of the owner whose systems and network are being targeted. Penetration testing can be carried out using a wide range of tools or with a vendor provided solution

40
Q

Phishing

A

Any type of situation where an individual or application is posing as something it is not for the purpose of gaining personal information from a user

41
Q

Ping

A

used to know if the host computer you are trying reach is actually operating; a built?in command on the Operation System

42
Q

reconnaissance

A

The process of information gathering

43
Q

Security

A

should protect against vandalism, theft, and attacks by individuals

44
Q

SiteDigger

A

searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on websites

45
Q

Sniff

A

Is the process of monitoring data travel on a network for constructive or malicious purposes

46
Q

Social engineering

A

The art of convincing people to disclose sensitive information using social methods of communication. The information is generally exploited by attackers to gain access to a system or network

47
Q

Social Engineering Attacks

A

Social engineering is a form of hacking exploiting human vulnerabilities. There are several types of social engineering attacks, such as pretexting (inventing a scenario), phishing (appearing as a legitimate authority) and quid pro quo (offering a service in return for the requested information), but all have the same goal: divulging sensitive information

48
Q

SQL injection

A

can give access to the data with privileges to create, read, update, alter, delete, and/or steal data from the database

49
Q

Telnet

A

A program that allows for remote access to another system’s terminal. It is a specialized protocol in terminal emulation which allows the client to appear to be directly connected to a server

50
Q

Vishing

A

used to get information by calling potential victims to share the confidential information

51
Q

Vulnerability

A

a weak link in the software, settings, etc., through which, if not fixed early, someone can get access to the computer, application, and/or network and can cause damage

52
Q

WHOIS

A

a query and response based protocol used to query databases that store registered users,assignees, and owners of internet resources