Ethical Hacking 5

Question 1

What does the NetBIOS Auditing Tool send to a target system to get the NetBIOS computer name?

Answer 1

UDP query

Question 2

After compromising a server, you wish to hide the exploit file exploit.exe in your present working directory. How can you hide the file using the ATTRIB command?

Answer 2

Attrib +s +h exploit.exe

Question 3

Which type of attack is a combination of both the brute force attack and the dictionary attack?

Answer 3

syllable

Question 4

What tool can execute processes on remote Windows system?

Answer 4

PsExec

Question 5

Which password cracking tool creates tables of all possible pairs of plaintext and ciphertext?

Answer 5

RainbowCrack

Question 6

What two methods are available for disabling the use of LM hashes on a Windows system?

Answer 6

Implement the NoLMHash Policy via Group Policy.

Add the NoLMHash key to HKLM\SYSTEM\CurrentControlSet\Control\Lsa in the registry.

Question 7

You have gained temporary access to a remote Windows NT server you are auditing, and need to quickly copy the password file. Where is this file located>

Answer 7

%SYSTEMROOT%\system32\config

Question 8

What password cracking utility will crack both UNIX and Windows NT passwords and supports several common hash types found on both of these systems?

Answer 8

John The Ripper

Question 9

An attacker can gain repeated, unregulated, and undetected access to a compromised system by installing a backdoor process, which is the primary purpose of which type of attack?

Answer 9

Rootkit

Question 10

What statement regarding hardware keystroke loggers is not accurate?

Answer 10

Hardware keystroke loggers can interact with the attached system to send data over the network.

Question 11

Which Windows utility randomly generates the key used to encrypt password hashes in the SAM database?

Answer 11

Syskey

Question 12

For Windows 9x and Windows NT operating systems, which authentication protocol should be used that protects the authentication process through the use of a secure channel for logon purposes?

Answer 12

NTLMv2

Question 13

You are attempting to automate the process of hardening workstations from attacks network wide. What tool can you use that will display program execution on multiple remote computers simultaneously?

Answer 13

Alchemy Remote Executor

Question 14

Which type of password attack involves a third party intercepting the communication between the two parties?

Answer 14

Man-in-the-Middle

Question 15

What are two general countermeasures for preventing privilege escalation?

Answer 15

Restrict interactive logons and access to system programs that are not required by users.

Performing auditing of events such as account logons, privilege use, and system events.

Question 16

A compromised server has been placed under your control, and your client has asked that you determine how it was compromised. After utilizing a LiveCD environment to compare file hashes to a known clean installation, you notice a file named msdirectx.sys in the System32 folder that looks out of place. From the presence of this file, what can you determine has happened?

Answer 16

The Fu rootkit is installed on the server.

Question 17

What are two methods that might be used by a rootkit to avoid detection by an administrator?

Answer 17

The rootkit may disable auditing and event logs.

The rootkit may modify execution paths or system binaries.

Question 18

What method is typically utilized to hide data within an image?

Answer 18

Least-significant bit insertion

Question 19

A client has asked you to implement software keyloggers countermeasures. They have requested that you use a utility that does not require hard disk or memory scanning. What utility should you utilize?

Answer 19

Advanced Anti Keylogger

Question 20

Which tool tracks any LAN activity, giving the most detailed information on what users did on the System?

Answer 20

Activity Monitor