CEH Notes 02

Question 1

Quiz: Which of the following techniques can be used to get banner information about a service?
A. Passive banner grabbing
B. TTL values
C. Aggressive scan
D. All of the above

Answer 1

Answer: A. Passive banner grabbing can extract banner information from network traffic, while TTL values and aggressive scans can be used for OS detection and version scanning.

Question 2

Quiz: Which tool can be used for OS discovery by observing the TTL values?
A. Nmap
B. Unicornscan
C. Telnet
D. FTP

Answer 2

Answer: B. Unicornscan can guess the target OS by observing the TTL values.

Question 3

Quiz: Which switch in Nmap can be used for OS discovery?
A. -sV
B. -sT
C. -O
D. -A

Answer 3

Answer: C. The -O switch in Nmap can be used for OS discovery.

Question 4

What is the difference between active and passive banner grabbing?

A. Active banner grabbing sends traffic and analyzes responses, while passive banner grabbing just sniffs network traffic and tries to extract info from captured packets.
B. Active banner grabbing sniffs network traffic and tries to extract info from captured packets, while passive banner grabbing sends traffic and analyzes responses.
C. Active banner grabbing is used for OS discovery, while passive banner grabbing is used for port scanning.
D. Passive banner grabbing is used for OS discovery, while active banner grabbing is used for port scanning.

Answer 4

Answer: A. Active banner grabbing sends traffic and analyzes responses, while passive banner grabbing just sniffs network traffic and tries to extract info from captured packets.

Explanation: Active banner grabbing sends traffic and waits for responses from target services, which are then analyzed to extract information such as service and OS version. Passive banner grabbing, on the other hand, does not send any traffic and instead just sniffs network traffic to extract the same information from packets captured.

Question 5

Quiz: What is the typical TTL value for Windows and Linux systems?

A. Windows: 64, Linux: 128
B. Windows: 128, Linux: 64
C. Windows: 256, Linux: 128
D. Windows: 128, Linux: 256

Answer 5

Answer: B. Windows typically defaults to a TTL value of 128, while Linux systems often have a TTL value of 64.

Question 6

Quiz: What is Unicornscan used for in terms of OS discovery?

A. It guesses the target OS’s based on TCP flags.
B. It guesses the target OS’s based on network traffic sniffing.
C. It guesses the target OS’s based on TTL values.
D. It guesses the target OS’s based on active scans.

Answer 6

Answer: C. It guesses the target OS’s based on TTL values.

Question 7

Quiz: Which of the following switches is used for OS discovery in Nmap?
A. -sV
B. -sS
C. -O
D. -A

Answer 7

Answer: C. -O

Explanation: The -O switch in Nmap is used for OS discovery. It allows Nmap to determine the operating system running on the target host based on various characteristics, such as TTL values and fingerprinting.

Question 8

Which of the following is true about the Nmap aggressive scan (-A)?

A. It only does OS detection (-O)
B. It includes script scanning with several scripts (-sC)
C. It excludes version scanning (-sV)
D. It’s a silent and stealthy scan

Answer 8

Answer: B. It includes script scanning with several scripts (-sC).

Explanation: The Nmap aggressive scan (-A) is a very “noisy” scan that includes OS detection (-O), version scanning (-sV), script scanning with several scripts (-sC), and a traceroute (–traceroute). It is not a silent and stealthy scan, as it sends a lot of traffic and is meant to be a comprehensive scan. The “http-methods” script scans a webserver to see which HTTP methods are enabled, and the “ftp-anon” script checks if an FTP server allows anonymous logins.

Question 9

Quiz: What is the purpose of Nmap timing templates?

A. To control the speed of Nmap scans.
B. To determine the operating system of a target.
C. To perform banner grabbing on FTP, Telnet, and HTTP services.
D. To scan for open ports on a target.

Answer 9

Answer: A. To control the speed of Nmap scans.

Question 10

Quiz: What is the default timing template for Nmap scans?

A. -T0
B. -T3
C. -T4
D. -T5

Answer 10

Answer: B. -T3

Question 11

Quiz: Which Nmap timing template is recommended for modern networks?

A. -T0
B. -T3
C. -T4
D. -T5

Answer 11

Answer: C. -T4

Question 12

Quiz: What is the purpose of using decoys in Nmap scans?

A. To speed up the scanning process
B. To disguise the attacker’s IP address
C. To generate false positive results
D. To block the target’s network traffic

Answer 12

Answer: B. To disguise the attacker’s IP address.

Explanation: Decoys are used in Nmap scans to make it difficult for security staff to identify the true attacker by generating fake IP addresses that appear to have performed the port scan along with the attacker’s real IP address. This can be useful for attackers who want to remain anonymous and avoid detection.

Question 13

What option do you use to export Nmap scan results to an XML file?
A. -oR
B. -oN
C. -oG
D. -oX

Answer 13

Answer: D. -oX

Explanation: The -oX option is used to export Nmap scan results to an XML file. This file can then be imported into many programs for viewing or converted into HTML for easy viewing with a web browser.

Question 14

Quiz 2:
What is the purpose of Hping?
A. To generate decoy port scans
B. To import Nmap scan results to an XML file
C. To analyze banner information
D. To craft packets and perform manual port scans

Answer 14

Answer: D. To craft packets and perform manual port scans

Explanation: Hping is a command-line based packet crafting utility that can be used to craft packets and perform manual port scans.

Question 15

Quiz 3:
What is the default protocol used by Hping?
A. UDP
B. ICMP
C. TCP
D. FTP

Answer 15

Answer: C. TCP

Explanation: By default, Hping uses TCP.

Question 16

Quiz 4:
What is the purpose of the -oX option in Nmap?
A. To generate decoy port scans
B. To analyze banner information
C. To control the speed of the scan
D. To export scan results to an XML file

Answer 16

Answer: D. To export scan results to an XML file

Explanation: The -oX option in Nmap is used to export scan results to an XML file.

Question 17

Quiz 5:
What is the recommended timing template for modern networks in Nmap?
A. -T0
B. -T3
C. -T4
D. -T5

Answer 17

Answer: C. -T4

Explanation: The recommended timing template for modern networks in Nmap is -T4.

Question 18

Quiz 6:
What is the purpose of using decoys in Nmap?
A. To generate decoy port scans
B. To analyze banner information
C. To control the speed of the scan
D. To make it difficult to determine the actual attacker in log files

Answer 18

Answer: D. To make it difficult to determine the actual attacker in log files

Explanation: The purpose of using decoys in Nmap is to make it difficult to determine the actual attacker in log files.

Question 19

What is the purpose of the NetBIOS protocol?

A. To broadcast names to the network
B. To encrypt network traffic
C. To provide remote access to networks
D. To filter network traffic

Answer 19

Answer: A. To broadcast names to the network.

Question 20

Which command-line Windows command can be used to list domains, computers, and shares?

A. ping
B. nslookup
C. net view
D. dir

Answer 20

Answer: C. net view.

Question 21

What does LNMIB2.MIB contain?

A. Object types for workstations and server services
B. SNMP server configuration settings
C. Network topology diagrams
D. LDAP user and computer names

Answer 21

Answer: A. Object types for workstations and server services.

Question 22

What is Jxplorer?

A. A protocol for enumerating users and computers
B. A free client for browsing LDAP servers
C. A tool for querying DNS records
D. A command-line utility for enumerating SMTP accounts

Answer 22

Answer: B. A free client for browsing LDAP servers.

Question 23

How can the vrfy command be used to enumerate user accounts on a mail server?

A. By testing user accounts
B. By encrypting network traffic
C. By listing domains, computers, and shares
D. By dumping DNS records for the domain

Answer 23

Answer: A. By testing user accounts.

Question 24

What command can be used from Linux to perform DNS queries?

A. ping
B. dig
C. traceroute
D. netstat

Answer 24

Answer: B. dig.

Question 25

What option can be used with the NSLOOKUP command to “dump” the records for the domain (zone-transfer) onto the screen?

A. -d
B. -t
C. -a
D. -xfr

Answer 25

Answer: A. -d.

Question 26

What Linux command can be used to find the A record (IP to FQDN) of a domain?

A. ping
B. traceroute
C. netstat
D. host

Answer 26

Answer: D. host.

Question 27

What is the purpose of DNS cache snooping?

A. To forward DNS queries to a DNS server
B. To prevent unauthorized access to DNS records
C. To find out if a device knows the answer to a DNS query
D. To encrypt DNS traffic

Answer 27

Answer: C. To find out if a device knows the answer to a DNS query.

Question 28

What is the purpose of the -norecursive switch in an nslookup query?

A. To forward the query to a DNS server
B. To prevent unauthorized access to DNS records
C. To see if the device itself knows the answer to the DNS query
D. To encrypt DNS traffic

Answer 28

Answer: C. To see if the device itself knows the answer to the DNS query.

Question 29

What is the purpose of the -oX option in an nmap scan?

A. To control the speed of the scan
B. To generate decoy port scans
C. To export the scan results to an XML file
D. To guess the target OS’s by observing the TTL values

Answer 29

Answer: C. To export the scan results to an XML file.

Question 30

What is hping?

A. A protocol for enumerating users and computers
B. A tool for querying DNS records
C. A command-line based packet crafting utility
D. A tool for enumerating SMTP accounts

Answer 30

Answer: C. A command-line based packet crafting utility.

Question 31

Quiz 1: What is the purpose of vuln scanners?
A. To fix vulnerabilities on a system
B. To generate reports of vulnerabilities, compliance issues, and problems
C. To encrypt network protocols
D. To configure system settings

Answer 31

Answer: B. To generate reports of vulnerabilities, compliance issues, and problems.

Question 32

Quiz 2: Which of the following is an example of a vulnerability that can be detected by a vuln scanner?
A. A firewall rule
B. A printer’s paper jam
C. A weak password
D. A network cable unplugged

Answer 32

Answer: C. A weak password.

Question 33

Quiz 3: What is the CVSS score for vulnerabilities that are rated as “Critical”?
A. 0.0
B. 4.0-6.9
C. 7.0-8.9
D. 9.0-10.0

Answer 33

Answer: D. 9.0-10.0.

Question 34

Quiz 4: What does CVSS stand for?
A. Common Vulnerability Scoring System
B. Configuration and Vulnerability Scoring System
C. Compliance and Vulnerability Scoring System
D. Cybersecurity and Vulnerability Scoring System

Answer 34

Answer: A. Common Vulnerability Scoring System.

Question 35

Quiz 5: Can a vuln scanner fix the vulnerabilities it detects?
A. Yes
B. No

Answer 35

Answer: B. No.

Question 36

Quiz 6: What types of vulnerabilities can a vuln scanner detect?
A. Hardware issues
B. Physical security issues
C. Compliance issues
D. Software vulnerabilities

Answer 36

Answer: D. Software vulnerabilities.

Question 37

Quiz 1: What is the score range for vulnerabilities classified as “Critical” in the Common Vulnerability Scoring System (CVSS)?
A. 4.0-6.9
B. 7.0-8.9
C. 9.0-10.0
D. 0.1-3.9

Answer 37

Answer: C. 9.0-10.0.

Question 38

Quiz 2: What is the score range for vulnerabilities classified as “High” in the Common Vulnerability Scoring System (CVSS)?
A. 4.0-6.9
B. 7.0-8.9
C. 9.0-10.0
D. 0.1-3.9

Answer 38

Answer: B. 7.0-8.9.

Question 39

Quiz 3: What is the score range for vulnerabilities classified as “Medium” in the Common Vulnerability Scoring System (CVSS)?
A. 4.0-6.9
B. 7.0-8.9
C. 9.0-10.0
D. 0.1-3.9

Answer 39

Answer: A. 4.0-6.9.

Question 40

Quiz 4: What is the score range for vulnerabilities classified as “Low” in the Common Vulnerability Scoring System (CVSS)?
A. 4.0-6.9
B. 7.0-8.9
C. 9.0-10.0
D. 0.1-3.9

Answer 40

Answer: D. 0.1-3.9.

Question 41

Quiz 5: What is the score range for vulnerabilities classified as “None” in the Common Vulnerability Scoring System (CVSS)?
A. 4.0-6.9
B. 7.0-8.9
C. 9.0-10.0
D. 0.1-3.9

Answer 41

Answer: D. 0.0.

Question 42

Quiz: What is step 1 of the Vulnerability Management Life Cycle?
A. Vulnerability Scan
B. Remediation
C. Monitor
D. Identify Assets and Create a Baseline

Answer 42

Answer: D. Identify Assets and Create a Baseline

Question 43

Quiz: What is step 2 of the Vulnerability Management Life Cycle?
A. Identify Assets and Create a Baseline
B. Risk Assessment
C. Verification
D. Vulnerability Scan

Answer 43

Answer: D. Vulnerability Scan

Question 44

Quiz: What is step 3 of the Vulnerability Management Life Cycle?
A. Remediation
B. Risk Assessment
C. Monitor
D. Verification

Answer 44

Answer: B. Risk Assessment

Question 45

Quiz: What is step 4 of the Vulnerability Management Life Cycle?
A. Verification
B. Monitor
C. Remediation
D. Risk Assessment

Answer 45

Answer: C. Remediation

Question 46

Quiz: What is step 5 of the Vulnerability Management Life Cycle?
A. Risk Assessment
B. Monitor
C. Remediation
D. Verification

Answer 46

Answer: D. Verification

Question 47

Quiz: What is step 6 of the Vulnerability Management Life Cycle?
A. Identify Assets and Create a Baseline
B. Vulnerability Scan
C. Risk Assessment
D. Monitor

Answer 47

Answer: D. Monitor

Question 48

Quiz 1:
What are the different types of vulnerability assessments?
A) Active, Passive
B) Internal, External
C) Host-based, Network-based
D) All of the above

Answer 48

Answer: D) All of the above

Question 49

Quiz 2:
What is an Active Vulnerability Assessment?
A) An assessment that scans a network or system using packets and requests to simulate an attacker’s actions.
B) An assessment that monitors network traffic passively to identify vulnerabilities without actually interacting with the system.
C) An assessment that evaluates vulnerabilities from within the system, such as through user accounts or application logs.
D) None of the above.

Answer 49

Answer: A) An assessment that scans a network or system using packets and requests to simulate an attacker’s actions.

Question 50

What is the purpose of a wireless network assessment?
A) To ensure all wireless devices are up to date
B) To test the strength of the wireless signal
C) To identify vulnerabilities in the wireless network
D) To find hidden SSIDs

Answer 50

Answer: C

Question 51

Which of the following is a common method used to gain unauthorized access to a wireless network during an assessment?
A) Brute force password cracking
B) Man-in-the-middle attack
C) Denial-of-service attack
D) Distributed denial-of-service attack

Answer 51

Answer: A

Question 52

What is a rogue access point?
A) A wireless access point that is intentionally set up by the network administrator
B) A wireless access point that is not authorized by the network administrator
C) A wireless access point that has been hacked
D) A wireless access point that is no longer in use

Answer 52

Answer: B

Question 53

What is the purpose of trying to crack wireless encryption keys during a wireless network assessment?
A) To test the strength of the encryption
B) To determine the type of encryption used
C) To gain unauthorized access to the network
D) To see how many wireless devices are connected to the network

Answer 53

Answer: C

Question 54

Which of the following is an example of a tool used for wireless network assessments?
A) Ping
B) Tracert
C) Nmap
D) netstat

Answer 54

Answer: C

Question 55

Quiz: Which of the following is a method for approaching vulnerability assessments?
A. Active vs Passive
B. Product-Based vs Service-Based
C. Internal vs External
D. Host-based vs Network-based

Answer 55

Answer: B. Product-Based vs Service-Based

Question 56

Quiz 1: Which approach to vulnerability assessments involves selecting vulnerabilities in a specific protocol and performing only relevant tests?
A. Product-Based
B. Service-Based
C. Tree-Based
D. Inference-Based

Answer 56

Answer: D. Inference-Based

Question 57

Quiz 2: Which approach to vulnerability assessments requires initial information to begin the assessment?
A. Product-Based
B. Service-Based
C. Tree-Based
D. Inference-Based

Answer 57

Answer: C. Tree-Based

Question 58

Quiz 3: Which approach to vulnerability assessments involves focusing on the product being assessed?
A. Product-Based
B. Service-Based
C. Tree-Based
D. Inference-Based

Answer 58

Answer: A. Product-Based

Question 59

Quiz 4: Which approach to vulnerability assessments involves focusing on the service being provided?
A. Product-Based
B. Service-Based
C. Tree-Based
D. Inference-Based

Answer 59

Answer: B. Service-Based

Question 60

Quiz 1: Which of the following is a common vulnerability scanner?
A. Mozilla Firefox
B. Nessus
C. Adobe Photoshop
D. Microsoft Word

Answer 60

Answer: B. Nessus

Question 61

Quiz 2: What is the name of the open source vulnerability scanner that is a Nessus alternative?
A. OpenVAS
B. Retina
C. SAINT
D. Nikto

Answer 61

Answer: A. OpenVAS

Question 62

Quiz 3: Which vulnerability scanner is known for its cloud-based platform?
A. Nessus
B. OpenVAS
C. Qualys
D. SAINT

Answer 62

Answer: C. Qualys

Question 63

Quiz: What is Nikto?
A. A vulnerability scanner for web servers
B. A network scanner for detecting open ports
C. A password cracker tool
D. A tool for sniffing network traffic

Answer 63

Answer: A. A vulnerability scanner for web servers

Question 64

Quiz: Which of the following describes a true positive in vulnerability assessment?
A. Mistakenly reports a vulnerability that doesn’t really exist
B. Correctly identifies a vulnerability
C. Mistakenly determines no vulnerability exists
D. Mistakenly fails to identify a vulnerability that does exist

Answer 64

Answer: [B. Correctly identifies a vulnerability]

Question 65

Quiz: Which of the following describes a true negative in vulnerability assessment?
A. Mistakenly reports a vulnerability that doesn’t really exist
B. Correctly identifies a vulnerability
C. Mistakenly determines no vulnerability exists
D. Mistakenly fails to identify a vulnerability that does exist

Answer 65

Answer: [C. Mistakenly determines no vulnerability exists]

Question 66

Quiz: Which of the following describes a false positive in vulnerability assessment?
A. Mistakenly reports a vulnerability that doesn’t really exist
B. Correctly identifies a vulnerability
C. Mistakenly determines no vulnerability exists
D. Mistakenly fails to identify a vulnerability that does exist

Answer 66

Answer: [A. Mistakenly reports a vulnerability that doesn’t really exist]

Question 67

Quiz: Which of the following describes a false negative in vulnerability assessment?
A. Mistakenly reports a vulnerability that doesn’t really exist
B. Correctly identifies a vulnerability
C. Mistakenly determines no vulnerability exists
D. Mistakenly fails to identify a vulnerability that does exist

Answer 67

Answer: [D. Mistakenly fails to identify a vulnerability that does exist]

Question 68

Quiz: What is the purpose of salting a password before hashing?
A. To store the original password in plain text
B. To make the password shorter and easier to remember
C. To add random characters to the password before hashing it
D. To make password cracking attempts easier to perform

Answer 68

Answer: [C. To add random characters to the password before hashing it]

Question 69

Quiz: Which of the following is NOT a type of password attack?
A. Brute force
B. Dictionary
C. Rainbow table
D. Firewall

Answer 69

Answer: [D. Firewall]

Question 70

Quiz: What is the difference between a true positive and a false positive in password auditing?
A. True positive correctly identifies a password vulnerability, while false positive identifies a valid password
B. True positive incorrectly identifies a password vulnerability, while false positive correctly identifies a valid password
C. True positive correctly identifies a password vulnerability, while false positive does not identify any password vulnerability
D. True positive incorrectly identifies a valid password, while false positive does not identify any password vulnerability

Answer 70

Answer: [C. True positive correctly identifies a password vulnerability, while false positive does not identify any password vulnerability]

Question 71

Quiz: Which of the following is a password cracking program?
A. John the Ripper
B. Nikto
C. Nessus
D. Jxplorer

Answer 71

Answer: [A. John the Ripper]

Question 72

Quiz: Which of the following is a password cracking program?
A. John the Fisherman
B. L0phtcrack
C. THC-Falcon
D. Hashwhip

Answer 72

Answer: [B. L0phtcrack]

Question 73

Quiz: Which tool is known for its ability to perform brute force attacks and dictionary attacks?
A. John the Ripper
B. THC-Hydra
C. Cain
D. Hashcat

Answer 73

Answer: [A. John the Ripper]

Question 74

Quiz: Which password cracking program is commonly used for cracking Windows passwords?
A. L0phtcrack
B. Cain
C. Hashcat
D. THC-Hydra

Answer 74

Answer: [A. L0phtcrack]

Question 75

Quiz: Which tool uses both CPU and GPU power for password cracking?
A. Hashcat
B. John the Ripper
C. THC-Hydra
D. Cain

Answer 75

Answer: [A. Hashcat]

Question 76

Quiz: Which password cracking program is also known as Ophcrack?
A. L0phtcrack
B. Cain
C. John the Ripper
D. Hashcat

Answer 76

Answer: [A. L0phtcrack]

Question 77

What is Pass-The-Hash attack?
A. A method to crack passwords
B. A method to transmit password hashes for logon
C. A method to protect passwords
D. A method to hide password hashes

Answer 77

Answer: [B. A method to transmit password hashes for logon]

Question 78

Can an attacker impersonate a user without cracking their password hash?
A. Yes, with a Pass-The-Hash attack
B. No, it’s impossible
C. Yes, by brute-forcing the password hash
D. Yes, by guessing the password

Answer 78

Answer: [A. Yes, with a Pass-The-Hash attack]

Question 79

How can you prevent a Pass-The-Hash attack?
A. By letting the attacker get your password hash
B. By using a weak password
C. By not letting the attacker get your password hash
D. By sharing your password with others

Answer 79

Answer: [C. By not letting the attacker get your password hash]

Question 80

Quiz 1: What is the Internal Monologue Attack?
A. An attack that targets the SSH protocol
B. An attack that targets the newer Kerberos protocol
C. An attack that targets the older NetNTLMv1 protocol to steal password hashes
D. An attack that targets the SNMP protocol

Answer 80

Answer: [C. An attack that targets the older NetNTLMv1 protocol to steal password hashes]

Question 81

Quiz 2: What is CHNTPW?
A. A Windows command-line tool to edit the Registry
B. A Linux command-line tool to manage services
C. A tool to crack wireless encryption keys
D. A Linux command-line tool to edit a Windows SAM file and change user passwords

Answer 81

Answer: [D. A Linux command-line tool to edit a Windows SAM file and change user passwords]

Question 82

Quiz 3: What is the purpose of CHNTPW?
A. To perform a Pass-The-Hash attack
B. To brute force passwords
C. To change user passwords in the Windows SAM file
D. To sniff network traffic and capture password hashes

Answer 82

Answer: [C. To change user passwords in the Windows SAM file]

Question 83

What is Metasploit?
A. A tool for generating and encoding payloads
B. A tool for monitoring network traffic
C. A tool for generating secure passwords
D. A tool for automating backup processes

Answer 83

Answer: A. A tool for generating and encoding payloads

Question 84

What is the LHOST in Metasploit?
A. Attacker’s IP
B. Victim’s IP
C. A random IP
D. None of the above

Answer 84

Answer: A. Attacker’s IP

Question 85

What is getsystem command in Metasploit used for?
A. To generate and encode payloads
B. To attempt privilege escalation attack on the target
C. To monitor network traffic
D. To detect rootkits on the target system

Answer 85

Answer: B. To attempt privilege escalation attack on the target

Question 86

What is a buffer overflow?
A. A tool for automating backup processes
B. A type of privilege escalation attack
C. A type of rootkit
D. A memory manipulation attack that can lead to problems

Answer 86

Answer: D. A memory manipulation attack that can lead to problems

Question 87

What is C# (C-Sharp) programming language protected from?
A. Buffer overflow attacks
B. Rootkit attacks
C. Privilege escalation attacks
D. None of the above

Answer 87

Answer: A. Buffer overflow attacks

Question 88

What is privilege escalation?
A. Acquiring the permissions/rights of another user
B. Generating and encoding payloads
C. Scanning the network for vulnerabilities
D. None of the above

Answer 88

Answer: A. Acquiring the permissions/rights of another user

Question 89

What is a kernel rootkit?
A. A type of buffer overflow attack
B. A type of privilege escalation attack
C. A type of rootkit that gets into the core of the OS
D. None of the above

Answer 89

Answer: C. A type of rootkit that gets into the core of the OS

Question 90

What is the Internal Monologue Attack?
A. An attack that steals password hashes by exploiting the NetNTLMv1 protocol
B. An attack that exploits a buffer overflow vulnerability
C. An attack that attempts to escalate privileges
D. None of the above

Answer 90

Answer: A. An attack that steals password hashes by exploiting the NetNTLMv1 protocol

Question 91

What is CHNTPW?
A. A tool for generating and encoding payloads
B. A tool for detecting rootkits on a system
C. A tool for editing Windows SAM file to change user passwords
D. None of the above

Answer 91

Answer: C. A tool for editing Windows SAM file to change user passwords

Question 92

What is MSFvenom?
A. A tool for monitoring network traffic
B. A tool for scanning the network for vulnerabilities
C. A tool for generating and encoding payloads
D. A tool for detecting rootkits on a system

Answer 92

Answer: C. A tool for generating and encoding payloads.

Question 93

Quiz: Which of the following is true about Shellshock?
A. It affects Windows operating systems.
B. It allows attackers to remotely configure Windows environment variables.
C. It is a high-profile vulnerability in the popular Linux Bash shell.
D. It only affects Mac OS X.

Answer 93

Answer: C. It is a high-profile vulnerability in the popular Linux Bash shell.

Question 94

Quiz: Which command can be used to display a directory listing of files and subfolders in the current directory in Linux?
A. dir
B. ls -l
C. cd
D. pwd

Answer 94

Answer: B. ls -l

Question 95

Quiz: What is the purpose of the command “cat” in Linux?
A. To display the contents of a file to the command prompt.
B. To list all files in the current directory.
C. To create a new file in the current directory.
D. To move to a different directory.

Answer 95

Answer: A. To display the contents of a file to the command prompt.

Question 96

Quiz: What types of operating systems are affected by Shellshock?
A. Windows only
B. Linux and Unix only
C. Mac OS X only
D. Linux, Unix, and Mac OS X

Answer 96

Answer: D. Linux, Unix, and Mac OS X

Question 97

Quiz: What types of operating systems are affected by Shellshock?
A. Windows only
B. Linux and Unix only
C. Mac OS X only
D. Linux, Unix, and Mac OS X

Answer 97

Answer: D. Linux, Unix, and Mac OS X

Question 98

Quiz: Choose the correct order of the following stages in Advanced Persistent Threat (APT) attacks.
A. Preparation, Expansion, Persistence, Search and Exfiltration, Cleanup, Initial Intrusion
B. Expansion, Initial Intrusion, Persistence, Preparation, Search and Exfiltration, Cleanup
C. Initial Intrusion, Persistence, Expansion, Search and Exfiltration, Preparation, Cleanup
D. Preparation, Initial Intrusion, Expansion, Persistence, Search and Exfiltration, Cleanup

Answer 98

Answer: [C. Initial Intrusion, Persistence, Expansion, Search and Exfiltration, Preparation, Cleanup]