EH Review 1.3

Question 1

Which Establishment Needs to be HIPAA Certified

Hospitals
Shops
Credit Card Companies
Banks

Answer 1

Hospitals
(HIPAA)Health Insurance Portability Accountability Act

Question 2

Why may Cookies be stolen via XSS (Cross Site Scripting)
Steal another user’s session
Inject malware to the client
Deprive the server of data
Steal another users ID

Answer 2

Steal another user’s session

Question 3

Which of the following is true regarding an SFX attack?
SFX are self-extracting executables
SFX can be used to deceive a victim into running background executables and scripts
SFX icons cannot be changed
All files extracted via SFX are visible

Answer 3

SFX are self-extracting executables
SFX can be used to deceive a victim into running background executables and scripts

Question 4

Hashcat

Can use the GPU as the processing unit for brute-force attacks
Is considered outdated and deprecated
Can only perform brute-force using rainbow tables
Can perform fast online brute-force attacks

GPU=General Processing Unit
Graphics Processing Units are specially purposed GPUs

Answer 4

Can use the GPU as the processing unit for brute-force attacks

GPU=General Processing Unit
Graphics Processing Units are specially purposed GPUs

Question 5

Talos

Gathers global information cyber attacks
Alerts the police if it detects suspicious network behavior
Detects all illegal traffic in an internal network
Collects other information on people

Answer 5

Gathers global information cyber attacks

Question 6

What is the best way to mitigate unwanted pre-boot access to a windows machine?

Full disk encryption
Table Lock
BIOS Password
Implementing Password Complexity

Answer 6

Full disk encryption

Question 7

Which SQL Attack is easiest to perform?

Blind SQLi
Error based SQLi
User based SQLi
Time based SQLi

Answer 7

Error based SQLi

Question 8

Which of the following needs to be in the GRUB to run a terminal with root permissions?

‘rw initrd=/install/gtk/initrd.gz quiet splash init=/bin/bash’, to have read-write permissions
‘ro initrd=/bin/bash’, to run the bash terminal as root
RW initrd=/bin/bash’, to run /bin/bash as root with read-write permissions
‘rw init=/install/initrd.gz’, to run the correct image of the linux system with read-write permissions.

Answer 8

‘rw initrd=/install/gtk/initrd.gz quiet splash init=/bin/bash’, to have read-write permissions

Question 9

Prior to beginning a test or ethical hacker work, what must you have?

Permission
Planning
Nothing
Training

Answer 9

Permission

Question 10

Which of the following is used to perform customized network scans?

NMAP
Nessus
Wireshark
AirPcup

Answer 10

NMAP

NMAP scans networks, looks for IPs (Internet Protocol Addresses) that are ‘turned on/alive’, as it finds one it scans that IP for any open ports it can find

Question 11

Which protocol is used to commonly perform on path attacks?

ARP
Port Security
ICMP
Subnetting

Answer 11

ARP

ARP= Address Resolution Protocol; found on switching fabric not routing fabric.
Switching fabric routes packets based on MAC (Media Access Controller) addresses
Routing fabric routes packets based on IP addresses

Question 12

Which of the following are Hashing algorithms?

SHA-67
MD5 (obsolete, if used must also track file size; faked files are always 30% larger))
SHA-256
SHA-1 (obsolete – file size must also be tracked)

Answer 12

MD5 (obsolete, if used must also track file size; faked files are always 30% larger))
SHA-256
SHA-1 (obsolete – file size must also be tracked)

Question 13

What are social engineering attacks based on?

Human Errors
System Bugs
Calculation Errors
Computer Error

Answer 13

Human Errors

Question 14

What is the name of a popular exploit used in the MSF (Metasploit Framework)

Social Engineering Toolkit
Custom Payload Generation Tool
Linux CNC (Command and Control) Framework
Eternal Blue

Answer 14

Eternal Blue

Question 15

Which of the following user types has the highest privileges in a windows domain environment?

Enterprise Admin
Domain Admin
Guest User
Delegated User

Answer 15

Enterprise Admin

Question 16

GRUB encryption prevents which of the following?

Unwanted reboots
Half disk encryption
Editing
Full Disk Encryption

Answer 16

Unwanted reboots

Editing

Question 17

Which of the following are server side technologies?

HTML
SQL
PHP
ASP

Answer 17

SQL
PHP
ASP

SQL=Structured Query Language
PHP=Pretext Hypertest Preprocessor
ASP=Active Server Pages
HTML=Hypertext Markup Language

Question 18

Which of the following is false regarding XSS?

It is a client-side Attack?
It is a cracking method?
It is a scanning method?
It is a server-side attack?

Answer 18

It is a cracking method?
It is a scanning method?
It is a server-side attack?

Question 19

What part of the CIA triad ensures only those whom should see data, do see data?
Confidentiality
Integrity
Availability
Accessibility

Answer 19

Confidentiality

Question 20

If the following command is run, ‘nmap 5.25.128.0/18 –p 3389’ how many potential IPs are being analyzed, and what services are being analyzed?

16384 IPs with remote desktop
256 IPs with web services
1 with remote desktop
65536 with web services

Answer 20

16384 IPs with remote desktop

how many bits does it take to represent 65535?
What does CIDR stand for?

Question 21

What is the NMAP command used to fingerprint versions of services?

NMAP 192.168.1.100 –sV
NMAP 192.168.1.100 –xX
NMAP 192.168.1.100 – oN
NMAP 192.168.1.100 –O

-sV = Version
-xX =red herring
-oN=red herring
-O=TCP OS fingerprinting

Answer 21

-sV = Version

Question 22

what is –sS
what is –sT
What is –sU
What is –sN
What is –sF
What is -sX

Answer 22

-sS=SYN Scan
-sT=TCP Full connection Scan
-sU=UDP Scan
-sN= NULL Scan (No flags set)-sF=FIN scan (FIN flag set)
-sX=Christmas Tree Scan (urg, psh, fin flags set)

Question 23

Intercepting and eavesdropping on communications is which type of attack?
On-Path Attack (aka MiTM)
Smurf Attack
Infinity and Beyond Attack
Stuxnet Attack

Answer 23

On-Path Attack (aka MiTM)

Question 24

MD5, SHA-1, NTLM are examples of?
Hashing algorithms (hashes)
Protocols
Rainbow tables
Phishing types

Answer 24

Hashing algorithms (hashes)

Question 25

What are some defensive measures that can be taken against a brute force attack?

Strong passwords
Using dictionary words
Login attempt limitation
Fail2Ban

Answer 25

Fail2Ban

Question 26

In a database query, what does 1=1 do? (what is its significance in information security)

Is interpreted as a true statement no matter the query
Is interpreted as a false statement no matter the query
Tells the system to count by 2
Tells the system to multiply by 2

Answer 26

Is interpreted as a true statement no matter the query

Question 27

What tools could be used to search for an exploit?

Searchsploit
Maximum damage
Exploit-db.com
SEToolkit

Answer 27

Searchsploit

Question 28

In Meterpreter, what command could be used to find the current user

Getuid
Showuser
Pwd
Sessions -I

Answer 28

Getuid

Question 29

In Metasploit, how are the required fields of an exploit displayed?

Show options
Set LHOSTS
Show targethosts
Settarget

Answer 29

Show options

Question 30

Which of the following tools can crack protected PDF files using the brute-force technique?

Searchsploit
John The Ripper
Hydra
Crunch

Answer 30

John The Ripper

Question 31

Creating a DWORD key in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList\with a username and a value of zero does what?

Hides a user on the login screen list of users
Creates a user
Nothing
Everything

Answer 31

Hides a user on the login screen list of users

Question 32

Apache, NGINX, and IIS are examples of what kind of Daemons?

Web Servers
Social engineering toolkit
Custom payload generation tool
Linux CNC framework

Answer 32

Web Servers

Question 33

What are the OWASP top 10?
The top 10 most common web-related vulnerabilities?
The top 10 best practices for application security
The top 10 hacker movies of ALL Time!
The top 10 cookie recipes in the world

Answer 33

The top 10 most common web-related vulnerabilities?

Question 34

Which of the following describes the HTTP GET Method?

The method requests a specified resource from the server
The method requests a web server to accept the body parameters
The method sends a to upload a file to the server
The method returns which HTTP methods are supported by the server

Answer 34

The method requests a specified resource from the server

Question 35

What has to be done to make the browser use a proxy like BURP suite?

Change the manual proxy configuration to the loopback on port 8080
Configure the cookie to be static
Change DNS to point to BURP proxy suite
Change the word burp to snot

Answer 35

Change the manual proxy configuration to the loopback on port 8080

Question 36

Cross-Site Scripting, or XSS, comes in what 3 forms?

Reflected, stored, and DOM
User, system, and administrator
1, 2, 3
a, b, c

Answer 36

Reflected, stored, and DOM

Question 37

In a database, if the data is ordered sequentially, what command would do that?

Order by …
Union …
Sort by …
Call by …

Answer 37

Order by …

Question 38

For DIRBUSTER to work, it requires what?

Wordlists
Semaphore lists
External presence
Internal presence

Answer 38

Wordlists

Question 39

Don’t forget about a VPN!

PIA – private internet access
NORD
Proton.com
Mullvad

Question 40

What is wireshark

A packet analyzer
IRL- a Packet Analyzer
NOT A packet capture tool
Comes ‘packaged with a packet capture utility like tcpdump or winpcap’

Answer 40

A packet analyzer

Question 41

What are Rainbow Tables?

Answer 41

Large tables that contain pre-computed hashes of certain values.

Question 42

What are Dictionary Attacks?

Answer 42

Numerous common and/or personalized passwords that together form a password dictionary.

Question 43

What is Meterpreter?

Answer 43

Metasploit framework payload framework that you can fire exploits

Question 44

What does CVE stand for?

Answer 44

Common Vulnerabilities and Exposures

Question 45

What’s the differences between passive and active scanning?

Answer 45

Passive - proxy to inspect pages to which a user navigates (if packets don’t touch)
Active – scanning tries to investigate a page using the fuzzing technique (if packets touch)