CompTIA Pentest+ Chapter 7 Questions Flashcards

1
Q
Which protocols provide name resolution? (Select all that apply)
A.DNS
B.ARP
C.LLMNR
D.DIG
A

A.DNS
C.LLMNR

Explanation:
The Address Resolution Protocol (ARP) is used to resolve MAC addresses to IP addresses, not host names and DIG is a program used to integrate DNS name servers and is not a protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Your team successfully used Responder to poison an LLMNR request for a SMB mount request and recovered a username and password hash.

However, your team is trying to use a pass the hash (PtH) technique and it is not working.

What is the likely reason for this failure?
A.They are using the LM hash value and not the NTLM hash
B.They are using the NTLMv2 hash value which cannot be used to “pass the hash”
C.The LM and NTLM hash is likely missing the “:” between the values
D.The NTLMv2 hash is padded with additional characters

A

B.They are using the NTLMv2 hash value which cannot be used to “pass the hash”

Explanation:
The NTLMv2 hash cannot be passed like the NTLM hash.

The NTLMv2 hash is a derivative of the NTLM but is based off of a challlenge-response algorithm

You must first decrypt the NTLMv2 hash and use the plain-text value for authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
Select the DoS technique that an adversary would use to consume the resources of a target by rapidly engaging in a large number of interactions with the target.
A.Resource leak exposure
B.Excessive allocation
C.Flooding
D.Sustained client engagement
A

C.Flooding

Explanation:
In a flooding attack, the attacker will consume the resources of a target by rapidly engaging in a large number of interactions with the target.

Resource leak exposure can be used by an attacker to deplete the resources available to service legitimate requests, but may not be enough to cause a DoS.

The sustained client engagement attack is not intended to crash or flood the target and excessive allocation can cause a vulnerable application to allocate an excessive amount of resources but it doesnt need to have a large number of interactions with the target to do so.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
Which command flag tells hping3 to ue a random-source IP address?
A.--random-source
B.--rand-source
C.-S
D.--S
A

B.–rand-source

Explanation:
The –rand-source command flag can be used to randomize the source address.

The –s option sets the SYN flag on the packet, and –S and –random-source are incorrect options for hping3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

During an nmap scan, you receive a “host prohibited” reason in the scan results.

Which protocol is responsible for delivering that message back to your scan host?
A.TCP
B.UDP
C.ARP
D.ICMP
A

D.ICMP

Explanation:
The Internet Control Message Protocol (ICMP) is used to communicate messages between hosts over the network and uses different types (type 3 -destination unreachable) and codes (code 10 -host administratively prohibited) to address breakdowns in the communication path

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Before executing an STP discovery, your team asks how to determine which version of STP type a root switch is using (RSTP,MSTP)
How do you reply?
A.By inspecting the Bridge Protocol Data Units in the update frame
B.Looking at the TCP header of the packet
C.By inspecting the Bride Protocol Data Units in the data frame
D.By inspecting the Bridge Protocol Data Units in the management frame

A

A.By inspecting the Bridge Protocol Data Units in the update frame

Explanation:
Wireshark will provide you with the version of the STP type (STP,RSTP or MST) by inspecting the Bridge Protocol Data Units (BPDUs), which are the update frames that multicast between swtiches over the network every so often to determine if a port is in a forwarding or blocking state (prevents looping) and determine the root bridge during the election process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
Select the two techniques that can be used to conduct VLAN hopping
A.ARP spoofing
B.Double tagging
C.DNS Spoofing
D.Switch spoofing
A

B.Double tagging
D.Switch spoofing

Explanation:
VLAN hopping is an attack vector used to gain access to resources on another VLAN.

The MITRE ATT&CK framework identifies VLAN hopping as a network-based hiding techniques.

Two methods are used to accomplish VLAN hopping: Switch spoofing and double tagging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your nmap scan identifies port 445/tcp open on a Windows server with one of the common shares available and accessible anonymously.

This share allowed the scanner to enumerate additional users and services on the domain.

Which network share were you likely to have enumerated during the scan?
A.ADMIN$
B.C$
C.IPC$
D.HOME$
A

C.IPC$

Explanation:
The ADMIN$ and C$ shares are hidden administrative shares restricted to privileged users.

Although it sounds believable, the HOME$ share is not a typical share

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You were able to successfully mount an NFS share over the network with restricted privileges.

When going through the network file system, you notice that the files and directories are not showing the owner or group name of the files and directories.

What is likely cause of this?
A.You are not mounting the file system with root permission, so your system cant interpret the UID values
B.The NFS file system is not configured correctly, which means you could probably take advantage of the weakness
C.The UID and GID values assigned to the files and directories on the NFS share are not mapping to your local host
D.The NFS server only knows that the UID 0 maps to the root account.

If you create an account on your local host with a UID value of one the NFS files, the NFS server will no longer be able to read the file

A

C.The UID and GID values assigned to the files and directories on the NFS share are not mapping to your local host
D.The NFS server only knows that the UID 0 maps to the root account.

Explanation:
NFSv3 and earlier will map numeric UIDs and GIDs to files and directories on an NFS file system

When you mount an NFS share from a client using NFSv3, you may see a UID or GID in place of a username or group, because your local operating system cannot map to them, either because you are not on the domain (ie LDAP) or the user does not exist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Open mail relay servers with VRFY and EXPN enabled that allow anonymous users to connect can be sued to do what? (Select all that apply)
A.Enumerate valid user accounts
B.Send email to internal email addresses
C.Send email to external email addresses
D.Determine the OS version of the target host

A

A.Enumerate valid user accounts
B.Send email to internal email addresses
C.Send email to external email addresses

Explanation:
Open mail relay servers configured for anonymous access can allow an attacker to impersonate both an internal and external destination address..

The VRFY command is used to ask the server for information about an address

EXPN is used to ask the server for the membership of a mailing list.

If the VRFY command against a local account address is successful, it could allow the attacker to enumerate local user accounts.

If the EXPN command is successful, the server will show each subscriber to the mailing list.

This information can assist an attacker with future spear phishing campaigns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly