EH Review 1.3 Flashcards
Which Establishment Needs to be HIPAA Certified
Hospitals
Shops
Credit Card Companies
Banks
Hospitals
(HIPAA)Health Insurance Portability Accountability Act
Why may Cookies be stolen via XSS (Cross Site Scripting)
Steal another user’s session
Inject malware to the client
Deprive the server of data
Steal another users ID
Steal another user’s session
Which of the following is true regarding an SFX attack?
SFX are self-extracting executables
SFX can be used to deceive a victim into running background executables and scripts
SFX icons cannot be changed
All files extracted via SFX are visible
SFX are self-extracting executables
SFX can be used to deceive a victim into running background executables and scripts
Hashcat
Can use the GPU as the processing unit for brute-force attacks
Is considered outdated and deprecated
Can only perform brute-force using rainbow tables
Can perform fast online brute-force attacks
GPU=General Processing Unit
Graphics Processing Units are specially purposed GPUs
Can use the GPU as the processing unit for brute-force attacks
GPU=General Processing Unit
Graphics Processing Units are specially purposed GPUs
Talos
Gathers global information cyber attacks
Alerts the police if it detects suspicious network behavior
Detects all illegal traffic in an internal network
Collects other information on people
Gathers global information cyber attacks
What is the best way to mitigate unwanted pre-boot access to a windows machine?
Full disk encryption
Table Lock
BIOS Password
Implementing Password Complexity
Full disk encryption
Which SQL Attack is easiest to perform?
Blind SQLi
Error based SQLi
User based SQLi
Time based SQLi
Error based SQLi
Which of the following needs to be in the GRUB to run a terminal with root permissions?
‘rw initrd=/install/gtk/initrd.gz quiet splash init=/bin/bash’, to have read-write permissions
‘ro initrd=/bin/bash’, to run the bash terminal as root
RW initrd=/bin/bash’, to run /bin/bash as root with read-write permissions
‘rw init=/install/initrd.gz’, to run the correct image of the linux system with read-write permissions.
‘rw initrd=/install/gtk/initrd.gz quiet splash init=/bin/bash’, to have read-write permissions
Prior to beginning a test or ethical hacker work, what must you have?
Permission
Planning
Nothing
Training
Permission
Which of the following is used to perform customized network scans?
NMAP
Nessus
Wireshark
AirPcup
NMAP
NMAP scans networks, looks for IPs (Internet Protocol Addresses) that are ‘turned on/alive’, as it finds one it scans that IP for any open ports it can find
Which protocol is used to commonly perform on path attacks?
ARP
Port Security
ICMP
Subnetting
ARP
ARP= Address Resolution Protocol; found on switching fabric not routing fabric.
Switching fabric routes packets based on MAC (Media Access Controller) addresses
Routing fabric routes packets based on IP addresses
Which of the following are Hashing algorithms?
SHA-67
MD5 (obsolete, if used must also track file size; faked files are always 30% larger))
SHA-256
SHA-1 (obsolete – file size must also be tracked)
MD5 (obsolete, if used must also track file size; faked files are always 30% larger))
SHA-256
SHA-1 (obsolete – file size must also be tracked)
What are social engineering attacks based on?
Human Errors
System Bugs
Calculation Errors
Computer Error
Human Errors
What is the name of a popular exploit used in the MSF (Metasploit Framework)
Social Engineering Toolkit
Custom Payload Generation Tool
Linux CNC (Command and Control) Framework
Eternal Blue
Eternal Blue
Which of the following user types has the highest privileges in a windows domain environment?
Enterprise Admin
Domain Admin
Guest User
Delegated User
Enterprise Admin
GRUB encryption prevents which of the following?
Unwanted reboots
Half disk encryption
Editing
Full Disk Encryption
Unwanted reboots
Editing
Which of the following are server side technologies?
HTML
SQL
PHP
ASP
SQL
PHP
ASP
SQL=Structured Query Language
PHP=Pretext Hypertest Preprocessor
ASP=Active Server Pages
HTML=Hypertext Markup Language
Which of the following is false regarding XSS?
It is a client-side Attack?
It is a cracking method?
It is a scanning method?
It is a server-side attack?
It is a cracking method?
It is a scanning method?
It is a server-side attack?
What part of the CIA triad ensures only those whom should see data, do see data?
Confidentiality
Integrity
Availability
Accessibility
Confidentiality
If the following command is run, ‘nmap 5.25.128.0/18 –p 3389’ how many potential IPs are being analyzed, and what services are being analyzed?
16384 IPs with remote desktop
256 IPs with web services
1 with remote desktop
65536 with web services
16384 IPs with remote desktop
how many bits does it take to represent 65535?
What does CIDR stand for?
What is the NMAP command used to fingerprint versions of services?
NMAP 192.168.1.100 –sV
NMAP 192.168.1.100 –xX
NMAP 192.168.1.100 – oN
NMAP 192.168.1.100 –O
-sV = Version
-xX =red herring
-oN=red herring
-O=TCP OS fingerprinting
-sV = Version
what is –sS
what is –sT
What is –sU
What is –sN
What is –sF
What is -sX
-sS=SYN Scan
-sT=TCP Full connection Scan
-sU=UDP Scan
-sN= NULL Scan (No flags set)-sF=FIN scan (FIN flag set)
-sX=Christmas Tree Scan (urg, psh, fin flags set)
Intercepting and eavesdropping on communications is which type of attack?
On-Path Attack (aka MiTM)
Smurf Attack
Infinity and Beyond Attack
Stuxnet Attack
On-Path Attack (aka MiTM)
MD5, SHA-1, NTLM are examples of?
Hashing algorithms (hashes)
Protocols
Rainbow tables
Phishing types
Hashing algorithms (hashes)
What are some defensive measures that can be taken against a brute force attack?
Strong passwords
Using dictionary words
Login attempt limitation
Fail2Ban
Fail2Ban
In a database query, what does 1=1 do? (what is its significance in information security)
Is interpreted as a true statement no matter the query
Is interpreted as a false statement no matter the query
Tells the system to count by 2
Tells the system to multiply by 2
Is interpreted as a true statement no matter the query
What tools could be used to search for an exploit?
Searchsploit
Maximum damage
Exploit-db.com
SEToolkit
Searchsploit
In Meterpreter, what command could be used to find the current user
Getuid
Showuser
Pwd
Sessions -I
Getuid
In Metasploit, how are the required fields of an exploit displayed?
Show options
Set LHOSTS
Show targethosts
Settarget
Show options
Which of the following tools can crack protected PDF files using the brute-force technique?
Searchsploit
John The Ripper
Hydra
Crunch
John The Ripper
Creating a DWORD key in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList\with a username and a value of zero does what?
Hides a user on the login screen list of users
Creates a user
Nothing
Everything
Hides a user on the login screen list of users
Apache, NGINX, and IIS are examples of what kind of Daemons?
Web Servers
Social engineering toolkit
Custom payload generation tool
Linux CNC framework
Web Servers
What are the OWASP top 10?
The top 10 most common web-related vulnerabilities?
The top 10 best practices for application security
The top 10 hacker movies of ALL Time!
The top 10 cookie recipes in the world
The top 10 most common web-related vulnerabilities?
Which of the following describes the HTTP GET Method?
The method requests a specified resource from the server
The method requests a web server to accept the body parameters
The method sends a to upload a file to the server
The method returns which HTTP methods are supported by the server
The method requests a specified resource from the server
What has to be done to make the browser use a proxy like BURP suite?
Change the manual proxy configuration to the loopback on port 8080
Configure the cookie to be static
Change DNS to point to BURP proxy suite
Change the word burp to snot
Change the manual proxy configuration to the loopback on port 8080
Cross-Site Scripting, or XSS, comes in what 3 forms?
Reflected, stored, and DOM
User, system, and administrator
1, 2, 3
a, b, c
Reflected, stored, and DOM
In a database, if the data is ordered sequentially, what command would do that?
Order by …
Union …
Sort by …
Call by …
Order by …
For DIRBUSTER to work, it requires what?
Wordlists
Semaphore lists
External presence
Internal presence
Wordlists
Don’t forget about a VPN!
PIA – private internet access
NORD
Proton.com
Mullvad
What is wireshark
A packet analyzer
IRL- a Packet Analyzer
NOT A packet capture tool
Comes ‘packaged with a packet capture utility like tcpdump or winpcap’
A packet analyzer
What are Rainbow Tables?
Large tables that contain pre-computed hashes of certain values.
What are Dictionary Attacks?
Numerous common and/or personalized passwords that together form a password dictionary.
What is Meterpreter?
Metasploit framework payload framework that you can fire exploits
What does CVE stand for?
Common Vulnerabilities and Exposures
What’s the differences between passive and active scanning?
Passive - proxy to inspect pages to which a user navigates (if packets don’t touch)
Active – scanning tries to investigate a page using the fuzzing technique (if packets touch)
