CEHv8 BOOTCAMP: MODULE 02-FOOTPRINTING AND RECONNAISSANCE_SET-3 Flashcards

1
Q

Describe a “RP” record.

A

Responsible person.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe a “HINFO” record.

A

Host information record includes CPU type and OS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe a “TXT” record.

A

Unstructured text records.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How can obtaining network range information assist an attacker?

A

To create a map of the target’s network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How do traceroute programs work?

A

On the concept of ICMP protocol and use the TTL field in the header of ICMP packets to discover the routers on the path to a target host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Why do attackers use traceroute?

A

To extract information about: network topology, trusted routers, and firewall location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Social Engineering?

A

The art of convincing people to reveal confidential information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are 4 techniques used by social engineers?

A
  • Eavesdropping
  • Shoulder surfing
  • Dumpster diving
  • Impersonation on social networking sites
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are some things that social engineers attempt to gather?

A
  • Credit Card details and social security numbers
  • User names and passwords
  • Other personal information
  • Security products in use
  • Operating systems and software versions
  • Network layout information
  • IP addresses and names of servers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Eavesdropping?

A

Unauthorized listening of conversations or reading of messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Shoulder Surfing?

A

The procedure where the attackers look over the user’s shoulder to gain critical information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Dumpster Diving?

A

Looking for treasure in someone else’s trash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How do attackers use social networking sites lure employees into giving up sensitive information?

A

By creating fake profiles on social networking sites and then use the false identity to lure the employees to give up their sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Maltego?

A

A program that can be used to determine the relationships and real world links between people, groups of people (social networks), companies, organizations, websites, Internet infrastructure, phrases, documents, and files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What can you do with the Footprinting tool Web Data Extractor?

A

Extract targeted company contact data (email, phone, fax) from web for responsible b2b communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are some Footprinting Countermeasures?

A
  • Configure routers to restrict the responses to Footprinting requests.
  • Configure web servers to avoid information leakage and disable unwanted protocols.
  • Lock the ports with the suitable firewall configuration.
  • Use an IDS that can be configured to refuse suspicious traffic and pick up Footprinting patterns.
  • Evaluate and limit the amount of information available before publishing it on the website/Internet and disable the unnecessary services.
  • Perform Footprinting techniques and remove any sensitive information found.
  • Prevent search engines from caching a web page and use anonymous registration services.
  • Enforce security policies to regulate the information that employees can reveal to third parties.
17
Q

What is Footprinting Pen Testing used for?

A

To determine organization’s publicly available information on the internet such as network architecture, operating systems, applications, and users.

18
Q

What can Footprinting Pen Testing help administrators do?

A
  • Prevent information leakage.
  • Prevent social engineering attempts.
  • Prevent DNS record retrieval from publically available servers.
19
Q

What is the first step in Footprinting Pen Testing?

A

Get authorization.

20
Q

What is the last step in Footprinting Pen Testing?

A

Document all the findings.

21
Q

What do DNS records provide?

A

Important information about location and type of servers.