8.1.15 Practice Questions Flashcards
You have just run the John the Ripper command shown in the image. Which of the following was this command used for?
admin@ubuntu:~$ zip2jhon secure.zip > secure.txt
ver 1.0 efh 5455 efh 7875 secure.zip/secret.dat PKZIP Encr: 2b1 chk,
TS_chk, cmple n=31, decmplen=19, crc=F6DFB9BA7F
admin@ubuntu:~$
answer
To extract the password and save it in the secure.txt file.
To extract the password hashes and save them in the secure.txt file.
To extract the password and save it in a rainbow table named secure.txt.
To extract the password from a rainbow hash and save it in the secure.txt file.
To extract the password hashes and save them in the secure.txt file.
Listen to exam instructions
Carl received a phone call from a woman who states that she is calling from his bank. She tells him that someone has tried to access his checking account and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password. Which of the following types of non-technical password attack has occured?
answer
Password guessing
Social engineering
Dumpster diving
Shoulder surfing
Social engineering
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?
answer
Password guessing
Social engineering
Shoulder surfing
Dumpster diving
Dumpster diving
Listen to exam instructions
Which of the following best describes shoulder surfing?
answer
Giving someone you trust your username and account password.
Someone nearby watches you enter your password on your computer and records it.
Guessing someone’s password because it is so common or simple.
Finding someone’s password in the trash can and using it to access their account.
Someone nearby watches you enter your password on your computer and records it.
Listen to exam instructions
Which of the following techniques involves adding random bits of data to a password before it is stored as a hash?
answer
Password salting
Password sniffing
Keylogging
Pass the hash
Password salting
[ !”#$%&’()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~] are the possible values in which of the following hash types?
answer
Mix alpha-numeric
Ascii-32-95
Ascii-32-65-123-4
Alpha-numeric-symbol32-space
Ascii-32-95
Which of the following includes all possible characters or values for plaintext?
answer
Chain_num
Chain_len
Charset
Table_index
Charset
Jack is tasked with testing the password strength for the users of an organization. He has limited time and storage space.
Which of the following would be the BEST password attack for him to choose?
answer
Dictionary Attack
Brute Force Attack
Rainbow Table Attack
Social Engineering
Rainbow Table Attack
You have created and sorted an md5 rainbow crack table. You want to crack the password. Which of the following commands would you use to crack a single hash?
answer
rtgen md5 ascii-32-95 1 20 0 1000 1000 0
rcrack . -l /root/hashes.txt
rtgen sha1 ascii-32-95 1 20 0 1000 1000 0
rcrack . -h 202cb962ac59075b964b07152d234b70
rcrack . -h 202cb962ac59075b964b07152d234b70
You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using?
answer
Brute force
Keylogger
Password sniffing
Pass the hash
Brute force
Sam has used malware to access Sally’s computer on the network. He has found information that will allow him to use the underlying NTLM to escalate his privileges without needing the plaintext password. Which of the following types of attacks did he use?
answer
Rainbow attack
Pass the hash
Dictionary attack
Password sniffing
Pass the hash
