CPSA Flashcards
What is the default password for user ADAMS on Oracle 7/8/9?
WOOD
What is the default password for user BLAKE on Oracle 7/8?
PAPER
What is the default password for user DBSNMP on Oracle 7/8?
DBSNMP
What is the default password for user internal on Oracle 7/8/9?
oracle
What is the default password for user JONES on Oracle 7/8/9?
STEEL
What is the default password for user MODTEST on Oracle 7/8/9?
YES
What is the default password for user Scott on Oracle 7/8/9?
Tiger
What is the default password for user SYS on Oracle 7/8/9?
CHANGE_ON_INSTALL
What is the default password for user SYSADM on Oracle 7/8/9?
SYSADM
What is the default password for user SYSTEM on Oracle 7/8/9?
MANAGER
What is the default password for user TRACESRV on Oracle 7/8/9?
TRACE
What does DNS stand for?
Domain Name System
What does HTTP stand for?
Hypertext Transfer Protocol
What does HTTPS stand for?
Hypertext Transfer Protocol Secure
What does ICMP stand for?
Internet Control Message Protocol
What does IIS stand for?
Internet Information Services
What does IP stand for?
Internet Protocol
What does RIP stand for?
Routing Information Protocol
What does SIP (VoIP) stand for?
Session Initiation Protocol
What does SMTP stand for?
Simple Mail Transfer Protocol
What does SOAP stand for?
Simple Object Access Protocol
What does TCP stand for?
Transmission Control Protocol
What does UDP stand for?
User Datagram Protocol
What does SNMP stand for?
Simple Network Management Protocol
What does TFTP stand for?
Trivial File Transfer Protocol
What does SSH stand for?
Secure Shell
What does FTP stand for?
File Transfer Protocol
What does SMB stand for?
Server Message Block
What does LDAP stand for?
Lightweight Directory Access Protocol
What does FTPS stand for?
File Transfer Protocol Secure
What does SFTP stand for?
Simple File Transfer Protocol (TCP/115), SSH File Transfer Protocol
What does NFS stand for?
Network File System
What does IMAP stand for?
Internet Message Access Protocol
What does HTTPS stand for?
Hypertext Transfer Protocol Secure (over TLS/SSL)
What does Rlogin stand for?
Remote Login
What does Rexec stand for?
Remote Process Execution
What port does SNMP operate on?
UDP 161
What port does TFTP operate on?
UDP 69;
What port does SMTP operate on?
TCP 25
What port does SSH operate on?
port 22
What port does HTTP operate on?
TCP 80
What port does SIP (VoIP) operate on?
port 5060
What port does FTP data transfer operate on?
port 20
What port does FTP control operate on?
port 21
What port does SMB operate on?
139/tcp (NETBIOS over TCP/IP), 445/tcp (raw SMB transport)
What port does LDAP operate on?
port 389
What port does HTTPS operate on?
TCP 443
What port does rlogin operate on?
TCP 513
What port does RIP operate on?
UDP 520
What port does FTPS data transfer operate on?
port 989
What port does FTPS control operate on?
port 990
What port does rexec operate on?
TCP 512
What port does Telnet operate on?
port 23
What port does WHOIS operate on?
port 43
What port does DNS operate on?
port 53
What port does Finger operate on?
TCP 79
What port does Kerberos operate on?
port 88
What port does SFTP (Simple FTP) operate on?
TCP 115
What port does NFS operate on?
port 2049
What port does MSSQL Server operate on?
TCP 1433
What port does MSSQL Monitor operate on?
port 1434
What port does MySQL database system operate on?
port 3306
What port does PostgreSQL database system operate on?
port 5432
What port does IMAP operate on?
TCP 143
What does OSPF stand for?
Open Shortest Path First
What does IGRP stand for?
Interior Gateway Routing Protocol
What does EIGRP stand for?
Enhanced Interior Gateway Routing Protocol
What does DES stand for?
Data Encryption Standard
What does 3DES stand for?
Triple Data Encryption Standard
What does AES stand for?
Advanced Encryption Standard
What does RSA stand for?
Rivest Shamir Adleman
What does RC4 stand for?
Rivest Cipher 4
What does SHA1 stand for?
Secure Hash Algorithm 1
What does MD5 stand for?
Message Digest (Algorithm) 5
What does HMAC stand for?
Hash-based Message Authentication Code
What does SSL stand for?
Secure Sockets Layer
What does IPsec stand for?
Internet Protocol Security
What does PGP stand for?
Pretty Good Privacy
What does WEP stand for?
Wired Equivalent Privacy
What does WPA stand for?
Wi-Fi Protected Access
What does TKIP stand for?
Temporal Key Integrity Protocol
What does NTP stand for?
Network Time Protocol
What does PCAP stand for?
Packet Capture
What does ARP stand for?
Address Resolution Protocol
What does DHCP stand for?
Dynamic Host Configuration Protocol
What does CDP stand for?
Cisco Discovery Protocol
What does HSRP stand for?
Hot Standby Router Protocol
What does VRRP stand for?
Virtual Router Redundancy Protocol
What does VTP stand for?
VLAN Trunking Protocol
What does STP stand for?
Spanning Tree Protocol
What does TACACS+ stand for?
Terminal Access Controller Access-Control System Plus
DNS Records: What does SOA stand for?
Start of Authority Record
DNS Records: What does MX stand for?
Mail Exchange Record
DNS Records: What does TXT stand for?
Text Record
DNS Records: What does A stand for?
Address Record
DNS Records: What does NS stand for?
Name Server Record
DNS Records: What does HINFO stand for?
Host Information Record
DNS Records: What does CNAME stand for?
Canonical Name Record
What does EAP stand for?
Extensible Authentication Protocol
What does LEAP stand for?
Lightweight Extensible Authentication Protocol
What does PEAP stand for?
Protected Extensible Authentication Protocol
What port does POP3S operate on?
TCP 995
What port does Echo operate on?
port 7
What port does CHARGEN operate on?
port 19
What port does Daytime operate on?
port 13
What port does Quote of the Day operate on?
port 17
What port does Telnet operate on?
port 23
What port does POP2 operate on?
TCP 109
What port does POP3 operate on?
TCP 110
What port does NNTP operate on?
TCP 119
What port does Syslog operate on?
UDP 514
What port does LDAPS operate on?
port 636
What port does IMAPS operate on?
TCP 993
What port does Oracle operate on by default for older releases?
TCP 1521
What port does Oracle database officially run on, for newer releases?
port 2483
What port does Oracle database officially run on over SSL, for newer releases?
port 2484
What is the common alternative port for Oracle database to run on?
TCP 1528
What port does OpenVPN operate on?
port 1194
What port does NetBIOS Name Service operate on?
port 137
What port does NetBIOS Datagram Service operate on?
port 138
What port does NetBIOS Session Service operate on?
port 139
What port does RDP operate on?
port 3389
Which two ports does X11 operate on?
TCP 6000, UDP 6001
What port does Virtual Network Computing (VNC)/Remote Frame Buffer (RFB) operate on?
port 5900
What port does RPC operate on in Linux?
port 111
What port does ISAKMP operate on?
port 500
What port does Telnet over SSL operate on?
port 992
What port does IDENT operate on?
TCP 113
What port does Authentication Service (auth) operate on?
UDP 113
What port does IMAP version 3 operate on?
port 220
What port does SMTPS operate on?
TCP 465
What does CVE stand for?
Common Vulnerabilities & Exposures
What frequency does 802.11a operate on?
5 Ghz
5 Ghz
What frequency does 802.11a operate on?
What frequency does 802.11b operate on?
2.4 GHz
2.4 GHz
What frequency does 802.11b operate on?
What frequency does 802.11g operate on?
2.4 GHz
2.4 GHz
What frequency does 802.11g operate on?
What frequency does 802.11n operate on?
Both 2.4 GHz and 5 GHz
Both 2.4 GHz and 5 GHz
What frequency does 802.11n operate on?
What is IP protocol number 1?
ICMP
What is IP protocol number 2?
IGMP
What is IP protocol number 6?
TCP
What is IP protocol number 16?
CHAOS
What is IP protocol number 17?
UDP
What is IP protocol number 47?
GRE (Generic Routing Encapsulation)
What message is ICMP type 0?
Echo Reply
What message is ICMP type 3 code 0?
Destination network unreachable
What message is ICMP type 4?
Source Quench
What message is ICMP type 8?
Echo
What message is ICMP type 13?
Timestamp
What message is ICMP type 14?
Timestamp Reply
What message is ICMP type 15?
Information Request
What message is ICMP type 16?
Information Reply
What message is ICMP type 30?
Traceroute
What message is ICMP type 37?
Domain Name Request
What message is ICMP type 38?
Domain Name Reply
What port does Sysstat operate on?
port 11
What port does Tcpmux operate on?
port 1
What port does Netstat operate on?
port 15
What does QOTD stands for?
Quote Of The Day
What port does Message Send Protocol operate on?
port 18
Identify the OS version from this banner: “220 hostname FTP server ready”
Solaris 9 and later, SGI IRIX 6.x
Identify the OS version from the banner: “220 Microsoft FTP Service”
Windows 2003
Identify the OS version from the banner: “220 hostname FTP server (Version 6.00LS) ready”
FreeBSD 4.x and later
Identify the OS version from the banner: “220 hostname FTP server (Version 6.00) ready”
FreeBSD 3.x, MacOS
Identify the OS version from the banner: “220 hostname Microsoft FTP Service (Version 5.0)”
Windows 2000
Identify the OS version from the banner: “220 hostname FTP server (Digital Unix Version 5.60) ready”
Compaq Tru64
Identify the OS version from the banner: “220 hostname Microsoft FTP Service (Version 4.0)”
Windows NT 4.0
Identify the OS version from the banner: “220 hostname FTP server (Version 4.1 Tue Sep 8 17:35:59 CDT 1998) ready
IBM AIX 4.x
Identify the OS version from the banner: “220 hostname FTP server (NetBSD-ftpd 20020615) ready”
NetBSD 1.6.x
Identify the OS version from the banner: “220 hostname FTP server (SunOS 5.7) ready”
Solaris 7
Identify the OS version from the banner: “220 hostname FTP server (Version 1.1.214.6 Wed Feb 9 08:03:34 GMT 2000) ready”<br></br>
HP-UX 11.x
Identify the FTP implementation from the banner:”220 hostname FTP server (Version 6.5/OpenBSD) ready”
WU-FTPD 2.6.2
Which service is related to glob() vulnerability?
FTP
How many different versions of SSH servers exist?
4
Which service uses the PAM option?
SSH
Which SSH version was deprecated?
SSH Version 1.0
Identify the OS version from the banner: “Unix(r) System V Release 4.0 (hostname)”
Solaris 2.6
What is the Exim?
Mail Transport Agent
Where is PGP used?
It is used for SMTP encryption
What port does TIME protocol operate on?
port 37
What port does WINS service operate on?
port 42
What is the POSTFIX?
Mail Transport Agent
What does RIR stand for?
Regional Internet Registries
What port does TACACS+ operate on?
port 49
What does the BIND refers to?
Default Linux DNS server
What does BIND stand for?
Berkley Internet Name Domain
DNS Records: What does RP stand for?
Responsible Person record
What does DIG stand for?
Domain Information Groper
What protocol and ports are associated with DHCP networking protocol?
BOOTP, UDP 67(server), UDP 68(client)
Why do you need to tell a client to inform their employees about a pentest either before the test commences or via the computer usage policy (Answer the Law)?
Human Rights Act
Why do you need to get permission from the owner of a system before commencing a pentest (Answer the Law)?
Breach of Computer Misuse Act
Each DNS ____ represents a boundary of authority subject to management by certain entities
Zone
How many IP addresses could be used in an IP range with mask bit /25?
126
What port can be queried to request a zone transfer?
TCP 53
How many bits, bytes and octets are there in an IPv4 address?
32 bits, 4 bytes, 4 octets
You have connected to an SSH service and its banner states it is running SSH v1.99. Which versions of the SSH protocol does this SSH support?
v1 and v2
Which of the following is not a reserved IP range? a) 10.0.0.0/8b) 75.0.0.0/16c) 192.168.0.0/16d) 172.16.0.0/12
75.0.0.0/16
How many possible IP addresses are there in a class A??
16777216
On an assessment, if you are told that the network is a /28 subnet on an IPv4 network with 14 active hosts how many IPs are free?
0
If ICMP is filtered, how you can view your possible traffic route to a secure web server from a Windows machine? a) tcptraceroute server.comb) traceroute -p 80 server.com c) ping -r server.comd) ping -R server.com:443 e) tcptraceroute server.com 443
tcptraceroute server.com 443
How many mask bits are there for a subnet mask of 255.255.248.0?
/21
Which IP addresses are used for automatic addressing (APIPA)?
169.254.0.0 - 169.254.255.255
What does IANA stands for?
Internet Assigned Numbers Authority
What does IGMP stands for?
Internet Group Message Protocol
What does CAT5 stand for?
Category 5
What does IEEE stand for?
Institute of Electrical and Electronic Engineers
What does SING stand for?
Send ICMP Nasty Garbage
What does SSRR stand for?
Strict Source and Route Record
What does LSRR stand for?
Loose Source and Route Record
What does WINS stand for?
Windows Internet Name Service
DNS Records: What does PTR stand for?
Pointer Record
What does HTML stand for?
HyperText Markup Language
What is IP protocol number 4?
IP-in-IP
What is IP protocol number 9?
IGP Interior Gateway Protocol, used by CISCO for their IGRP
What is IP protocol number 41?
IPv6
What is IP protocol number 88?
EIGRP
What is IP protocol number 89?
OSPF
What does CHARGEN stand for?
Character Generator Protocol
How many bits is the IPv6 address?
128 bits
What message is ICMP type 3 code 1?
Destination host unreachable
What message is ICMP type 3 code 2?
Destination Protocol unreachable
What message is ICMP type 3 code 3?
Destination port unreachable
What message is ICMP type 3 code 6?
Destination network unknown
What message is ICMP type 3 code 7?
Destination host unknown
What message is ICMP type 11 code 1?
Fragment reassembly time exceeded
What message is ICMP type 11 code 0?
TTL Time Exceeded
What message is ICMP type 17?
Address mask request
What message is ICMP type 18?
Address mask reply
What message is ICMP type 37?
Domain name request
What message is ICMP type 38?
Domain name reply
What message is ICMP type 3 code 13?
Communication administratively prohibited
What message is ICMP type 5?
Redirect message
What is the meaning of 802.3?
Ethernet
What is the meaning of 802.5
Token Ring
What frequency does 802.3 operate on?
100Mb/s or Gigabit Ethernet (1Gb/s)
What kind of connectors does the 802.3 uses?
RJ-45
Name a specific property of 802.5 regarding bandwidth
It is shared fairly
Which is the OSes that the nmap Inverse TCP Flag Scanning is deemed unsuccessful?
Microsoft Windows, many Cisco devices, IBM OS/400
How can you perform a UDP scan using netcat?
nc -v -w 4 -u -z <> <>
You perform a UDP scan and the target port returns no response. What is the state of the port?
open | filtered
You perform an ACK scan and the target port returns TCP RST response. What is the conclusion regarding the firewall?
Stateless, blocks simply SYN packets
You perform an nmap Maimon Scan and the target port returns no response. What is the state of the port?
open | filtered
You perform an nmap Protocol scan and the target port returns a garbage response. What is the state of the port?
open
What kind of packets does xprobe2 uses to fingerprint OS version?
ICMP
ICMP Default system response: 8 and 13. Which is the OS?
Linux, BSD, Windows 2000
ICMP Default system response: 8, 13 and 15. Which is the OS?
HP-UX, AIX, CISCO IOS, Ultrix
ICMP Default system response: 8, 13, 17. Which is the OS?
Solaris, Windows 95, 98, ME
ICMP Default system response: 8. Which is the OS?
Windows NT 4.0
Which file should be changed in order to avoid disclosing WU-FTPD banner?
/etc/ftpaccess
Which file should be changed in order to avoid disclosing ProFTPD banner?
/etc/proftpd.conf
Which file should be changed in order to avoid disclosing host information after a user connects using telnet?
/etc/issue
Which file should be changed in order to avoid disclosing sendmail banner?
sendmail.cf
Which file should be changed in order to avoid disclosing qmail banner?
qmail-smtpd
Which file should be changed in order to avoid disclosing Postfix banner?
main.cf
Which file should be changed in order to avoid disclosing Exim banner?
exim.conf
Identify the OS version from the banner: “SunOS 5.9”<br></br>
Solaris 9
Identify the OS version from the banner: “Unix (hostname)”
SunOS 4.1.x SunOS
Identify the OS version from the banner: “IRIX (hostname)”
SGI IRIX 6.x
Identify the OS version from the banner: “AIX Version 5 (C) Copyrights by IBM and by others 1982, 2000”
IBM AIX 5.2.x
Identify the OS version from the banner: “AIX Version 4 (C) Copyrights by IBM and by others 1982, 1996”
IBM AIX 4.2.x or 4.3.x
Identify the OS version from the banner: “AIX Version 4 (C) Copyrights by IBM and by others 1982, 1994”
IBM AIX 4.1.x
Identify the OS version from the banner: “IPSO (hostname) (ttyp0)”
Nokia IPSO
Identify the OS version from the banner: “User Access Verification”
Cisco IOS
Which part of cryptography is used to describe the feature: same input produces same output?
Hash
Which part of cryptography is used to describe the feature: it is not possible to go from the output to the input?
Hash
Which part of cryptography is used to describe the feature: Integrity
Hash
Which part of cryptography is used to describe the feature:Confidentiality
Encryption
Which part of cryptography is used to describe the feature: Usability
Encoding
Which cipher starts from a random seed that is XORed with the clear text to generate the cipher text?
Stream Cipher
What is the length of the DES key?
56 bits
What is the block size of DES?
64 bits
How many secret bits are there in a standard 3DES key?
168 bits if 3 keys DES is used (standard 3DES), 112 bits if 2 keys DES is used
What is the size of AES block?
128, 192 or 256 bits
What is the key length of AES?
128, 192 or 256 bits
How many bytes output does the SHA1 cryptographic algorithm produce?
20 bytes hex value or 160 bits
How many bytes output does the MD5 cryptographic hash function produce?
16 bytes or 128 bits
Which protocols use HMAC?
TLS, IPsec
What key is used to sign a website valid public key certificate?
The private key of a CA
Which mode of operation for block ciphers discloses structure of clear-text?
ECB
What does CVE stand for?
Common Vulnerabilities and Exposures
Which of the following statements is not true about hashing?a) It is a deterministic procedureb) It does not take an arbitrary block of datac) It returns a fixed-size bit string referred to as cryptographic hash valued) Accidental or intentional change to the data will change the hash valuee) It is an one-way function
b)
TCP wrappers use which configuration files?
/etc/hosts.allow and /etc/hosts.deny
What is the following type of port scan being used?nmap -sX -n 192.168.1.100
XMAS Scan
What operating system has a TTL of 64?
Solaris 8
What does AH stand for?
Authentication Header
Which encryption modes are used in IPSec?
Tunnel and Transport
Which IPSec security component is used to ensure integrity?
Authentication Header (AH)
Which IPSec security component is used to ensure confidentiality?
Encapsulating Security Payload (ESP)
What does ESP stand for?
Encapsulating Security Payload
What does IKE stand for?
Internet Key Exchange
What is the purpose of IKE in IPSec?
To securely exchange the secret key
Which shared key exchange are used in IPSec?
Main mode, Aggressive mode (possible to capture Pre Shared Key using a sniffer and crack it offline)
What does ISAKMP stand for?
Internet Security Association and Key Management Protocol
Which command is used to add a user to a group?
usermod -G group user
What are the group permissions of the following file?drwxr-xr-x file
Read and Execute
How can you set the sticky bit to a directory?
chmod +t
What does the -i UNIX file attribute mean?
That the file cannot be modified or deleted
Which command is used in UNIX to find files with suid enabled?
find / ( -perm -4000 -o -perm -2000 ) -ls 2>/dev/null
What does ARIN stand for?
American Registry for Internet Numbers
What does RIPE stand for?
Reseaux IP Europeens
What does APNIC stand for?
Asia Pacific Network Information Centre
What does LACNIC stand for?
Latin American and Caribbean Network Information Centre
What does AfrNIC stand for?
African Network Information Centre
DNS Records: Where can you find domain administrator’s email?
SOA not MX!
What does NNTP stand for?
Network News Transfer Protocol
What does DTP stand for?
Dynamic Trunking Protocol
What does CRLF stand for?
Carriage Return Line Feed
What port does Cisco HSRP operate on?
UDP 1985
Name two DHCP vulnerabilities
DHCP Server SpoofDHCP Table Exhaustion - Snoop
Name CDP vulnerabilities
Information disclosureSend a CDP packet and setup virtual deviceFlood CDP neighbors table
Name HSRP vulnerabilities
DoS or MITMClear-text authentication
Name VRRP vulnerabilities
Take over VRRP master role
Name VTP vulnerabilities
Network topology information disclosureDelete all/one VLAN (DoS)Add a VLANCatalyst crash (DoS)
Name TACACS vulnerabilities
Clear-text data transmission in RADIUS
Which NET-SNMP versions were vulnerable?
All prior to 4.2.2
Which SNMP version uses MD5 and encryption?
SNMPv2
What does MIB stand for?
Management Information Base
What does OID stand for?
Object Identifier
Which SNMP version uses clear text data transfer?
SNMPv1
OID: .1.3.6.1.2.1.1.5. What is the information retrieved?
Hostname
OID: .1.3.6.1.4.1.77.1.4.2. What is the information retrieved?
Domain Name
OID: .1.3.6.1.4.1.77.1.2.25. What is the information retrieved?
Usernames
OID:.1.3.6.1.4.1.77.1.2.3.1.1. What is the information retrieved?
Running Services
OID:.1.3.6.1.4.1.77.1.2.27. What is the information retrieved?
Share Information
What does PPTP stand for?
Point-to-Point Tunelling Protocol
What kind of encryption is IPSec based?
Based on symmetric-key encryption
What does SA stand for?
Security Association
Which module is used to define the IPSec protocol to be used, as well as crypttographic algorithms, keys and their lifetime?
Security Association (SA)
What port does PPTP operate on?
TCP 1723
What does MGCP stand for?
Media Gateway Control Protocol
What does RTP stand for?
Real-Time Transport Protocol
What does RTCP stand for?
Real-time Transport Control Protocol
What does SRTP stand for?
Secure Real-time Transport Protocol
What does SDP stand for?
Session Description Protocol
What does IAX stand for?
Inter-Asterisk eXchange (IAX)
What does BSS stand for?
Basic Service Set
What does BSSID stand for?
Basic Service Set Identifier
What does ESSID stand for?
Enhanced Service Set Identifier
What does SSID stand for?
Service Set Identifier
What does CCMP stand for?
Counter Cipher Mode with block chaining MAC Protocol
What is the length of the WEP secret key?
40 bits
What is the length of the WEP IV?
24 bits
What does WEP use for integrity?
32-bit CRC
What does MAIC stand for?
Message Authentication and Integrity Code
What does WPS stand for?
Wi-Fi Protected Setup
What protocol uses TKIP?
WPA
What is the purpose of TKIP?
Encryption. 128-bit per packet
What is the difference between WPA and WPA2?
Different encryption algorithm (WPA2 uses CCMP)
What ports are available for Cisco web servers?
1003, 1004, 1005
What does enable password and enable secret commands mean for a Cisco device?
enable password (clear-text), enable secret (MD5 or SHA)
What kind of authentication is used in authNoPriv for SNMPv3 in Cisco?
MD5 or SHA, no encryption
Which command is used to disable CDP from a CISCO device?
no cdp run
What does authPriv means in a Cisco device?
MD5 or SHA 1 authentication and DES encryption
In 64-bit WEP key, how many bits is the IV?
24
How can you distinguish a root domain controller from a child domain controller?
Root DC has the NETBIOS name entry of <1B> (Domain Master Browser)
What is the maximum which is defined by Microsoft for a new device to appear in the browse list of all other machines in the domain?
48 minutes, anywhere from 24 minutes on a well specified network
What does CIFS stand for?
Common Internet File System
What port does RPC operate on in Windows?
port 135
What does NBT stand for?
NetBIOS Name Table
What port does CIFS operate on?
port 445
What port does Kerberos version IV operate on?
UDP 750
What port does Kerberos change/set password - authentication mechanism operate on?
port 464
What does RDP stand for?
Remote Desktop Protocol
What does IFID stand for?
Interface ID
What does SID stand for?
Security Identifier
What is the command to perform a NULL session connection from Linux?
rpcclient -U “”%”” <>
What is the command to perform a NULL session connection from smbclient?
smbclient //<>/ipc$
What does LSA stand for?
Local Security Authority
What does SAM stand for?
LSA Security Account Manager
What does SCM stand for?
Service Control Manager
RID Values: Administrator?
500
RID Values: Guest user?
501
RID Values:Domain Admins Group?
512
RID Values:Domain User?
513
RID Values:Domain Guest?
514
What port does LDAP Global Catalogue server operate on?
port 3268
What port does LDAP Global Catalogue server over SSL operate on?
port 3269
What does FSMO stand for?
Flexible Single Master Operation
On a Windows OS how are domain cached credentials stored?
Salted Hash
What does DSE stand for?
Domain Specific Entry
Which Windows password technique does not use salt?
LM / NT
What does SMS stand for?
Systems Management Server
What does SCCM stand for?
System Centre Configuration Manager
What does SUS stand for?
Software Update Services
What does WSUS stand for?
Windows Server Update Services
What port does rwho operate on?
UDP 513
Which OS is vulnerable to this kind of user enumeration: finger ‘1 2 3 4 5 6 7 8 9 0’@host?
Solaris, Returns all users
What does this command means in Solaris: finger 0@host
Returns users with blank GCOS field in /etc/passwd
What kind of password hash uses $1 in UNIX password?
MD5
What kind of password hash uses $2 in UNIX password?
Blowfish
What kind of password hash uses $2a in UNIX password?
EKS Blowfish
What kind of password hash uses $3 in UNIX password?
NTLM, no salt
What kind of password hash uses $5 in UNIX password?
SHA-256
What kind of password hash uses $6 in UNIX password?
SHA-512
What does NIS stand for?
Network Information Service
How many clear-text characters is each LM hash?
14
Which command would you use to list NFS shares on the system 10.10.10.10?
showmount -e 10.10.10.10
Which of these is not a network service that can be used to obtaining usernames? a) rusers b) rwhoc) SMTP d) finger e) rpcinfo
e) RPCInfo
What does the following .rhosts file signify in bob’s home directory?+ exchange
The user exchange can log in as bob from any server
What is the default password for the SYS account on Oracle 10?
CHANGE_ON_INSTALL
How many bits, bytes and octets are there in an IPv6 address? a) 128 bits, 16 bytes, 16 octets b) 32 bits, 4 bytes, 4 octets c) 64 bits, 8 bytes, 8 octets d) 32 bits, 8 bytes, 8 octets e) 64 bits, 4 bytes, 4 octets
a) 128 bits, 16 bytes, 16 octets
What does POP stand for?
Post Office Protocol
What port does videoconf (H.323) service operate on?
TCP 1720
Which file defines host level authorization in NFS?
/etc/exports
Which command is used to query NFS server?
showmount
What action does an HTTP GET request perform?
It retrieves a resource from the web server.
What action does an HTTP HEAD request perform?
It returns the same headers as a GET request but with no message body.
What action does an HTTP POST request perform?
It performs actions sent in both URL query strings and in the message body.
What action does an HTTP PUT request perform?
It attempts to upload the specified resource to the server, contained in the body of the request.
What action does an HTTP DELETE request perform?
It attempts to remove the specified resource, contained in the body of the request.
What action does an HTTP TRACE request perform?
It asks the server to return in the response body the exact contents of the request message it recieved. It is used to detect the effect of any proxy servers between the client and server.
What action does an HTTP OPTIONS request perform?
It asks the server to report the HTTP methods that are available for a particular resource.
What action does an HTTP CONNECT request perform?
It converts the request connection to a transparent TCP/IP tunnel, usually to facilitate HTTPS communication through an unencrypted HTTP proxy.
What action does an HTTP PATCH request perform?
It attempts to apply partial modifications to a resource, contained in the body of the request.
What is the HTTP status code for “OK”?
200
What is the HTTP status code for “Created”?
201
What is the HTTP status code for “Found”?
302
What is the HTTP status code for “Not Modified”?
304
What is the HTTP status code for “Bad Request”?
400
What is the HTTP status code for “Unauthorized”?
401
What is the HTTP status code for “Forbidden”?
403
What is the HTTP status code for “Not Found”?
404
What is the HTTP status code for “Method Not Allowed”?
405
What is the HTTP status code for “Request Entity Too Large”?
413
What is the HTTP status code for “Request URI Too Long”?
414
What is the HTTP status code for “Internal Server Error”?
500
What is the HTTP status code for “Service Unavailable”?
503
What is the reason for using root_squash in NFS?
Prevent root on the NFS client from taking a superuser privilege on the NFS server
What is the reason for using nosuid in NFS?
To disallow suids and guids to take effect on an NFS export mounted on the client
What is the reason for using noexec in NFS?
To disable execution of executable files
Which files list hosts and users that are trusted when a connection is made using R* services?
/etc/hosts.equiv, .rhosts
What port does XDMC display protocol operate on?
UDP 177
What port does Citrix operate on?
port 1494
What does ICA stand for?
Independent Computing Architecture
What does VNC stand for?
Virtual Network Computing
Where does the VNC password string is stored in registry?
\HKEY_CURRENT_USER\Software\ORL\WinVNC3\HKEY_USERS.DEFAULT\Software\ORL\WinVNC3
How can nmap be used to query RPC services?
nmap -sS -sR <>
What does ISAPI stand for?
Internet Server Application Programming Interface
/_vti_inf.html. Which kind of web server is this?
Microsoft IIS. Contains Microsoft Frontpage extensions
What does SSP stand for?
Security Support Provider
What port does BGP operate on?
TCP 179
What does the Daytime service return?
Current date and current time in human readable form
What does WSDL stand for?
Web Services Description Language
IP Address: 192.168.1.29/24. How many hosts exist in total without the Network ID and the Broadcast Address?
254
IP Address: 10.25.253.2/23Which is the broadcast address?
10.25.253.255
IP Address: 10.145.25.1/9. Which is the Network ID?
10.128.0.0
The maximum size of IP header is:a) 40b) 64c) 48d) 60
d)
What does LSASS stand for?
Local Security Authority Subsystem Service
How many possible IP addresses are there in a class B?
65536
What informational message indicates web redirection? a) 1xx b) 2xx c) 3xx d) 4xx e) 5xx
c) 3xx
Which act protects Privacy?
Human Rights Act
IIS Banner: Microsoft-IIS/8.0. What is the OS?
Windows Server 2012, Windows 8
IIS Banner: Microsoft-IIS/7.5. What is the OS?
Windows Server 2008 R2, Windows 7
IIS Banner: Microsoft-IIS/7.0. What is the OS?
Windows Vista, Windows Server 2008
IIS Banner: Microsoft-IIS/6.0. What is the OS?
Windows Server 2003, Windows XP Professional x64
IIS Banner: Microsoft-IIS/5.0. What is the OS?
Windows 2000
IIS Banner: Microsoft-IIS/4.0. What is the OS?
Windows NT 4 Option Pack
IIS Banner: Microsoft-IIS/3.0. What is the OS?
Windows NT 4 SP2
IIS Banner: Microsoft-IIS/2.0. What is the OS?
Windows NT 4
Windows Versions: Windows 4.00?
Windows 95
Windows Versions: Windows NT 4.1?
Windows 98
Windows Versions: Windows NT 5.0?
Windows 2000
Windows Versions: Windows NT 5.1?
Windows XP, Windows 2003
Windows Versions: Windows NT 6.0?
Windows Vista, Windows 2008
Windows Versions: Windows NT 6.1?
Windows 7, Windows 2008 R2
Windows Versions: Windows NT 6.2?
Windows 8, Windows 2012
Windows Versions: Windows NT 6.3?
Windows 8.1, Windows 2012 R2
Which layer implements the application’s interface in a 3-tier architecture?
Presentation Layer
Which layer implements the core application’s logic in a 3-tier architecture?
Application Layer
What does XML stand for?
Extensible Markup Language
Which are the files used from Apache for authentication?
.htaccess, httpd.conf
Name the three different kinds of HTTP authentication
BasicNTLMDigest
What does the If-None-Match header means and who is able to send it?
The client sends it to specify and submit an entity tag that the server issued earlier
Which two headers does the server use to cache data?
Cache-Control, Pragma
What does the 201 response code mean?
It is a response to a PUT request indicating a successful request
What does the 301 response code mean?
Moved Permanently. Permanently redirects the browser to a different URL as specified to Location header
What does the 302 response code mean?
Found. Temporarily redirects the browser to a different URL as specified in the Location header
What does the 304 response code mean?
Not Modified. Instructs the browser to use its cached copy of the requested resource
What does the 403 response code mean?
Forbidden. No one is allowed to access the resource regardless authentication
What does the 401 response code mean?
Unauthorized. The server requires HTTP authentication
What does the 405 response code mean?
Method Not Allowed. The method used in the request is not supported for the specified URL
What does the 413 response code mean?
Request Entity Too Large
What does the 414 response code mean?
Request URI Too Long
The web server itself is functioning but the application accessed via the server is not responding. Which response code is likely to be returned?
503 Service Unavailable
What does 404 response code mean?
Not Found. Requested resouce does not exist
What does 500 response mean?
Internal Server Error. The server encountered a problem fullfilling the request
Which header enforces secure connections to the server?
HTTP Strict-Transport-Security
Which header prevents Clickjacking attacks?
X-Frame-Options
Which header reduces exposure to drive-by download attacks?
X-Content-Type-Options
How many possible IP addresses are there in a class C?
256
What kind of password uses no dollar sign in Unix password?
DES
What message is ICMP type 3 code 4?
Fragmentation required
What message is ICMP type 3 code 5?
Source route failed
What message is ICMP type 3 code 8?
Source host isolated
What operating system has a TTL of 128?
Windows 98, 2000, Server 2003, XP
What operating system has a TTL of 254?
Cisco IOS
What Linux kernel version has a TTL of 255?
2.2.14, 2.4
What does IMS stand for?
IP Multimedia Subsystem
