CYBR 4330 - Week 8 Flashcards
1
Q
standard that describes the creating of a certificate
A
X.509
2
Q
technique that uses a phishing e-mail to lure a user into following a malicious link
A
social engineering
3
Q
A device that performs more than one function, such as printing and faxing is called what
A
MFD
4
Q
A large organization that is responsible for sensitive or critical data may elect to create which of the following to do damage assessment, risk remediation, and legal consultation?
A
Security Operations Center
5
Q
A malicious computer program that replicates and propagates itself without having to attach to a host is called which of the following?
A
worm
6
Q
What Windows operating system was the first to disable null sessions by default?
A
Windows Server 2003
7
Q
Adobe System’s ColdFusion uses its proprietary tags, which are written in which of the following languages?
A
CFML
8
Q
Carelessly reviewing your program’s code might result in having which of the following in your program code?
A
bug
9
Q
Closed ports respond to a NULL scan with what type of packet?
A
RST
10
Q
Connecting to an MS SQL Server database with Microsoft’s Object Linking and Embedding Database (OLE DB) requires using what provider?
A
SQLOLEDB
11
Q
Cryptography is the process of converting plaintext, which is readable text, into unreadable or encrypted text called which if the following?
A
ciphertext
12
Q
Cryptosystems that have a single key that encrypts and decrypts data are using what type of algorithm?
A
symmetric
13
Q
Early Windows OSs used which of the following programs loaded into memory to interact with a network resource or device?
A
NetBIOS
14
Q
For a Windows computer to be able to access a *nix resource, which of the following must be enabled on both systems?
A
CIFS
15
Q
How many host computers can be assigned a valid IPv4 address when using a CIDR /24 prefix?
A
254
16
Q
If a Cisco administrator needs to configure a serial or Fast Ethernet port, which configuration mode should they use?
A
Interface configuration mode
17
Q
If a security expert decides to study the process of breaking encryption algorithms, they are performing what?
A
cryptanalysis
18
Q
If an attacker decides to implement a less obvious port-scan, or stealth attack, which of the following techniques would be appropriate to make their activities more difficult to detect?
A
limit their scan speeds
19
Q
If an attacker wishes to collect confidential financial data, passwords, PINs and any personal data stored on your computer which of the following programs would they choose to use?
A
Spyware
20
Q
If an organization does not want to rely on a wireless device to authenticate users, which of the following is a secure alternative?
A
RADIUS server
21
Q
If you do not have access to Nessus, what NMap procedure can be used to help you to gain information about remote *nix hosts?
A
script scanning
22
Q
If you want to know what the Perl print command does, you can use what command?
A
perldoc -f print
23
Q
What is the standard name for a team made up of security professionals?
A
red team
24
Q
In 802.11, what is an addressable unit?
A
station (STA)
25
In 802.1X, what component refers specifically to the wireless user attempting access to a WLAN?
supplicant
26
In a Linux script, which of the lines is important because it identifies the file as a script?
#!/bin/sh
27
In a Perl program, to go from one function to another, you simply call the function by entering which of the following in your source code?
name
28
In a normal TCP session, the sender sends a packet to another computer with which of the following flags set?
SYN flag
29
In an ACK scan, if the attacked port returns an RST packet the attacked port is considered to be operating in what state?
unfiltered
30
In any *NIX system, after saving a script named "script_name," you need to make it executable so that you can run it. Which command will accomplish this task from the command line?
chmod +x script_name
31
In object-oriented programming, a function contained in a class is called which of the following?
member function
32
In the C programming language, which of the following show where a block of code begins and ends?
braces
33
n the C programming language, which statement tells the compiler to keep doing what is in the brackets over and over and over?
for(;;)
34
In the C programming language, which variable type holds the value of a single letter?
Char
35
In the Perl programming language, comment lines begin with the which of the following character(s)?
#
36
In the Perl programming language, variables begin with which of the following characters?
$
37
In the Perl programming language, which of the following keywords is used in front of function names?
sub
38
In the TCP/IP stack, what layer is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP header?
Transport
39
In the TCP/IP stack, what layer is concerned with physically moving bits across the network's medium?
Network
40
In what type of attack does the attacker have the ciphertext of several messages that were encrypted with the same encryption algorithm, but has no access to the plaintext so he or she must try to calculate the key used to encrypt the data?
ciphertext-only
41
In what type of attack does the attacker need access to the cryptosystem, and the ciphertext to be decrypted to yield the desired plaintext results?
chosen-ciphertext
42
Many experienced penetration testers will write a set of instructions that runs in sequence to perform tasks on a computer system. What type of resource are these penetration testers utilizing?
scripts
43
Microsoft Baseline Security Analyzer has its origins in which of the following command line scanners?
HFNetChk
44
NetBIOS over TCP/IP is called what in Windows Server 2003?
NetBT
45
NetBios should be understood by a security professional because it is used for which of the following?
backward compatibility
46
One of the limitations when using "ping sweeps" is that many network administrators configure nodes not to respond to ICMP Echo Requests. What type of ICMP Echo message is being disabled by these administrators?
reply
47
What can a security consultant do to ensure the client fully understands the scope of testing that will be performed?
create a contractual agreement
48
Red Hat and Fedora Linux use what command to update and manage their RPM packages?
yum
49
Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device?
firmware
50
SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following?
air gap
51
SMB is used to share files and usually runs on top of NetBIOS, NetBEUI, or which of the following?
TCP/IP
52
SNMPWalk is a tool useful in enumerating hosts running SNMP with what type of configuration?
default
53
Some attackers want to be hidden from network devices or IDSs that recognize an inordinate amount of pings or packets being sent to their networks. Which of the following attacks are more difficult to detect?
stealth
54
The 802.11 standard applies to the Physical layer of the OSI model, which deals with wireless connectivity issues of fixed, portable, and moving stations in a local area, and the Media Access Control (MAC) sublayer of which OSI model layer?
Data Link layer
55
The acronym IDS stands for which of the following?
Intrusion Detection System
56
The computer names you assign to Windows systems are called which of the following?
NetBIOS
57
The open-source descendant of Nessus is called which of the following?
OpenVAS
58
The print command for Perl is almost identical to the print command used in which of the following programming languages?
C
59
The virus signature file is maintained by what type of software?
antivirus
60
What directions do you save the a program to on your Web server before you check the URL in your Web browser?
cgi-bin
61
To determine what resources or shares are on a network, security testers must use port scanning and what other procedure first to determine what OS is being used?
footprinting
62
To determine whether a system could be vulnerable to an RPC-related issue, what tool can be used?
MBSA
63
To examine the router's routing table, a Cisco administrator would enter which command?
show ip route
64
To see additional parameters that can be used with the Netcat command, what should you type at the command prompt?
nc -h
65
To verify if all the IP addresses of a network are being used by computers that are up and running, you can use a port scanner to perform what procedure on a range of IP addresses?
ping
66
Trojan Programs can install a specific type of program to allow an attacker access to the attacked computer later. What means of access is the attacker utilizing?
backdoor
67
UNIX was first written in assembly language. However, it was soon rewritten in what programming language?
Python
68
Ubuntu and Debian Linux use what command to update and manage their RPM packages?
apt-get
69
Ubuntu and Debian Linux use what command to update and manage their RPM packages?
apt-get
70
Visual Basic Script (VBScript) is a scripting language developed by what companies?
Microsoft
71
What 1-pixel x 1-pixel image file is referenced in an tag, and usually works with a cookie to collect information
Web bug
72
What 32-bit number tracks packets received by a node and allows the reassembling of large packets that have been broken up into smaller packets?
ISN
73
What HTTP method is the same as the GET method, but retrieves only the header information of an HTML document, not the document body?
HEAD
74
What IP address is used as a loopback address and is not a valid IP address that can be assigned to a network?
127 address
75
What IPv4 address class has the IP address 221.1.2.3?
Class C
76
What TCP flag is responsible for delivering data directly and immediately to an application?
PSH flag
77
What TCP flag is responsible for synchronizing the beginning of a session?
SYN flag
78
What TCP/IP protocol is fast, unreliable, and operates at the Transport layer?
UDP
79
What TCP/IP protocol is used to send messages related to network operations and can be used to troubleshoot network connectivity?
ICMP
80
What acronym represents the U.S. Department of Justice new branch that addresses computer crime?
CHIP
81
What advanced port-scanning tool can allow a security tester to bypass filtering devices by injecting crafted or otherwise modified IP-packets into a network?
Hping
82
What application is considered the original password-cracking program and is now used by many government agencies to test for password strength?
L0phtcrack
83
What area of a network is a major area of potential vulnerability because of the use of URLs?
DNS
84
What boot loader will allow your computer or laptop to start in both Windows and Linux?
GRUB
85
What common term is used by security testing professionals to describe vulnerabilities in a network?
holes
86
What configuration mode allows a Cisco administrator to configure router settings that affect the overall operations of the router?
Global configuration mode
87
What connection-oriented protocol is utilized by the Transport layer?
TCP
88
What critical component of any OS, that can be can be vulnerable to attacks, is used to store and manage information?
file system
89
What derogatory title do experienced hackers, who are skilled computer operators, give to inexperienced hackers?
script kiddies
90
What does the "NBT" part of "NBTscan" stand for?
NetBIOS over TCP/IP
91
What does the acronym TCP represent?
Transmission Control Protocol
92
What encryption algorithm can be used for both encryption and digital signing, uses a one-way function, and is still widely used in e-commerce?
RSA
93
What encryption algorithm is efficient requiring few resources, and is based on complex algebra and calculations on curves?
ECC
94
What enumeration tool is extremely useful when working with Windows NT, 2000, and Windows XP systems?
DumpSec
95
What feature implemented in Windows 8.1 prevents the execution of non-trusted boot content, preventing rootkits?
SecureBoot
96
What feature implemented in Windows Server 2016 allows for application isolation to protect applications from one another?
Windows Containers
97
What federal law makes it illegal to intercept any type of communication, regardless of how it was transmitted?
Electronic Communication Privacy Act
98
What is the 1 to 32 character configurable name used to identify a WLAN?
SSID
99
What is the HTTP method that retrieves data by URI?
GET
100
What is the IEEE 802 standards name for a wireless network that is limited to one person's workspace?
WPAN
101
What is the current file system that Windows utilizes that has strong security features?
NTFS
102
What is the current file system that Windows utilizes that has strong security features?
NTFS
103
What is the decimal equivalent of the binary number 11000001?
193
104
What is the logical component of a TCP connection that can be assigned to a process that requires network connectivity?
port
105
What is the most serious shortcoming of Microsoft's original File Allocation Table (FAT) file system?
no ACL support
106
What is the most serious shortcoming of Microsoft's original File Allocation Table (FAT) file system?
no ACL support
107
What is the passive process of finding information on a company's network called?
footprinting
108
What is the specific act of checking a user's privileges to understand if they should or should not have access to a page, field, resource, or action in an application?
authorization
109
What is the specific act of filtering, rejecting, or sanitizing a user's untrusted input before the application processes it?
input validation
110
What layer protocols operate as the front end to the lower-layer protocols in the TCP/IP stack?
Application
111
What layer, in the TCP/IP protocol stack, is responsible for encapsulating data into segments?
Transport layer
112
What layer, in the TCP/IP stack, do applications and protocols, such as HTTP and Telnet, operate?
Application
113
What layer, in the TCP/IP stack, is responsible for routing a packet to a destination address?
Internet
114
What name is given to people who break into computer systems with the sole purpose to steal or destroy data?
crackers
115
What network security tool, usually included with Kali Linux, allows a user to ping multiple IP addresses?
Fping
116
What open source port-scanning tool is considered to be the standard port-scanning tool for security professionals?
NMap
117
What open-source network utility allows you to use plug-ins to run test programs (scripts) that can be selected from the client interface?
OpenVAS
118
What organization disseminates research documents on computer and network security worldwide at no cost?
SANS
119
What penetration model should a company use if they only want to allow the penetration tester(s) partial or incomplete information regarding their network system?
gray box
120
What penetration model should be used when a company's management team does not wish to disclose that penetration testing is being conducted?
black box
121
What penetration model would likely provide a network diagram showing all the company's routers, switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems?
white box
122
What policy, provide by a typical ISP, should be read and understood before performing any port scanning outside of your private network?
Acceptable Use Policy
123
What port does the Domain Name System, or DNS service use?
53
124
What port does the Hypertext Transfer Protocol, or HTTP service use?
80
125
What port does the Simple Mail Transfer Protocol, or SMTP service use?
25
126
What port does the Trivial File Transfer Protocol, or TFTP service use?
69
127
What port is typically reserved and utilized by the Secure Hypertext Transfer Protocol to create a secure connection to a Web server?
443
128
What process allows a security professional to extract valuable information, such as information about users and recent login times from a network?
enumeration
129
What professional level security certification did the "International Information Systems Security Certification Consortium" (ISC2) develop?
Certified Information Systems Security Professional (CISSP)
130
What professional level security certification requires five years of experience and is designed to focus on an applicant's security-related managerial skills?
Certified Information Systems Security Professional
131
What professional security certification requires applicants to demonstrate hands-on abilities to earn their certificate?
Offensive Security Certified Professional
132
What programming languages are vulnerable to buffer overflow attacks?
C and C++
133
What programming languages are vulnerable to buffer overflow attacks?
C and C++
134
What protocol improves WPA encryption by adding Message Integrity Checks, Extended Initialization Vectors, Per-packet key mixing, and a Re-keying mechanism to improve encryption?
TKIP
135
What protocol is the most widely used and allows all computers on a network to communicate and function
TCP/IP
136
What router feature provides basic security by mapping internal private IP addresses to public external IP addresses, essentially hiding the internal infrastructure from unauthorized personnel?
NAT
137
What security certification did the "The International Council of Electronic Commerce Consultants" (EC-Council) develop?
Certified Ethical Hacker (CEH)
138
What security certification uses the Open Source Security Testing Methodology Manual (OSSTMM) as its standardized methodology?
OPST
139
What security feature was extended to the OS to alert the user when an application is launched on a Windows 8.1 computer?
SmartScreen
140
What social engineering tactic can be utilized to acquire old notes that may contain written passwords or other items that document important information?
dumpster diving
141
What specific term does the U.S. Department of Justice use to label all illegal access to computer or network systems?
Hacking
142
What specific type of Windows Servers are used to authenticate user accounts and contain most of the information that attackers want to access?
domain controllers
143
What specific type of spread spectrum modulation allows data to hop to other frequencies to avoid interference that might occur over a frequency band?
FHSS
144
What specific type of tools can assist teams by identifying attacks and indicators of compromise by collecting, aggregating, and correlating log and alert data from routers, firewalls, IDS/IPS, endpoint logs, Web filtering devices, and other security tools?
SIEM
145
What standard specifically defines the process of authenticating and authorizing users on a network?
802.1X
146
What subject area is not one of the 22 domains tested during the CEH exam?
Trojan hijacking
147
What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance?
Piggybacking
148
What term best describes a person who hacks computer systems for political or social reasons?
hacktivist
149
What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance?
Piggybacking
150
What term best describes a person who hacks computer systems for political or social reasons?
hacktivist
151
What tool can be used to read and write data to ports over a network?
Netcat
152
What type of IDS/IPS is used to protect a critical network server or database server by installing the IDS or IPS software on the system you're attempting to protect?
Host-based
153
What type of IDSs/IPSs monitors activity on network segments by sniffing traffic as it flows over the network and alerting a security administrator when something suspicious occurs?
Network-based
154
What type of Windows Server is the most likely server to be targeted by a computer hacker?
Domain Controller
155
What type of an IDS is being used when it does not take any action to stop or prevent an activity occurring?
passive system
156
What type of assessment performed by a penetration tester attempts to identify all the weaknesses found in an application or on a system?
vulnerability
157
What type of attack causes the victim's computer to crash or freeze when the attacker delivers an ICMP packet that is larger than the maximum allowed 65,535 bytes?
Ping of Death
158
What type of attack is being attempted when an attacker uses a password-cracking program to guess passwords by attempting every possible combination of letters?
brute force
159
What type of attack is being conducted when the attacker has messages in both encrypted form and decrypted forms?
known plaintext
160
What type of attack is being performed when an attacker intercepts the initial communications between a Web server and a Web browser while forcing a vulnerable server to insecurely renegotiate the encryption being used down to a weaker cipher?
SSL/TLS downgrade attack
161
What type of attack is being performed when the attacker has access to plaintext and ciphertext, and can choose which messages to encrypt?
chosen-plaintext
162
What type of attack is occurring when an attacker places themselves between two parties and manipulates messages being passed back and forth?
Man-in-the-Middle
163
What type of cryptography is demonstrated by reversing the alphabet so A becomes Z, B becomes Y, and so on?
substitution cipher
164
What type of encryption is currently used to secure WPA2?
AES
165
What type of firewall inspects network traffic at a higher level in the OSI model than a traditional stateful packet inspection firewall does?
application-aware firewall
166
What type of function is being performed when a router screens packets based on information in the packet header?
router screening
167
router screening
HTTP
168
What type of hardware devices and computer programs can be used to obtain passwords by capturing key strokes on a targeted computer system?
Keyloggers
169
What type of laws should a penetration tester or student learning hacking techniques be aware of?
local, state, and federal
170
What type of malicious code could be installed in a system's flash memory to allow an attacker to access the system at a later date?
BIOS-based rootkit
171
What type of malicious computer programs present themselves as useful computer programs or applications?
Trojan programs
172
What type of malicious procedure involves using sniffing tools to capture network communications to intercept confidential information or gather credentials that can be used to extend the attack?
eavesdropping
173
What type of malicious program cannot stand on its own and can replicate itself through an executable program attached to an e-mail?
virus
174
What type of modulation spreads data across a large-frequency bandwidth instead of traveling across just one frequency band?
Spread spectrum
175
What type of network attack relies on guessing a TCP header's initial sequence number, or ISN?
Session hijacking
176
What type of packet filtering records session-specific information about a network connection, including the ports a client uses?
Stateful
177
What type of port scan has the FIN, PSH, and URG flags set?
XMAS scan
178
What type of port scan is similar to a SYN scan and is risky to use because it relies on the attacked computer's OS?
Connect
179
What type of system converts between plaintext and ciphertext?
cryptosystem
180
What type of testing procedure involves the tester(s) analyzing the company's security policy and procedures, and reporting any vulnerabilities to management?
security test
181
What type of unauthenticated connection is considered to be a significant vulnerability of NetBIOS systems?
null session
182
What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?
developer tools
183
What type of virus is used to lock a user's system, or cloud accounts until the system's owner complies by paying the attacker a monetary fee?
ransomware
184
What type of viruses and code has been created by security researchers and attackers that could infect phones running Google's Android, Windows Mobile, and the Apple iPhone OS?
Java-based
185
What upper-level service is required to utilize file and printer sharing in Windows?
Server Message Block
186
What utility can be used to intercept detailed information from a company's Web site?
Zed Attack Proxy
187
What version of Windows Server has completely eliminated the option for telnet server?
Windows Server 2016
188
What wireless hacking tool can perform scans for wireless access points and can set up fake APs to social-engineer users or confuse attackers using airbase-ng?
WiFi Pineapple
189
When Web site visitors are involved in downloading malicious code without their knowledge, they may be unknowingly involved in what type of process?
drive-by download
190
When a TCP three-way handshake ends, both parties send what type of packet to end the connection?
FIN
191
When a computer hacker uses multiple compromised computers to carry out a DDOS attack, the compromised computers are usually referred to as which of the following?
zombies
192
When a programmer exploits written code that doesn't check for a defined amount of memory space they are executing which of the following attacks?
buffer overflow
193
When a security professional is presented with a contract drawn up by a company's legal department, which allows them to "hack" the company's network, they should proceed by performing what precautionary step?
consult their lawyer
194
When an attacker chooses to combine social engineering with exploiting vulnerabilities carried out by e-mail, what type of attack is being performed?
spear phishing
195
When an attacker has access to a password file, they can run a password-cracking program that uses a dictionary of known words or passwords as an input file. What type of attack is this attacker performing?
dictionary
196
When an individual attempts to discover as much information legally possible about their competition, what information gathering technique are they performing?
competitive intelligence
197
When hackers drive around or investigate an area with an antenna, they are usually looking for which component of a wireless network?
access point
198
When security professionals create a packet, they may choose to specifically set which of the following fields to help initiate a response from a target computer?
flag
199
When using a port-scanner, what procedure can be conducted to identify which IP addresses belong to active hosts?
ping sweep
200
When using the Common Internet File System (CIFS), which security model does not require a password to be set for the file share?
Share-level security
