Ethical Hacking 6 Flashcards
Which penetration testing tool can discover and fix security holes and enables you to compress settings to manipulate a network or conduct a full-hammer assault?
FoundScan
What compiler can be used in conjunction with GCC to protect programs against stack smashing attacks?
StackGuard
What type of penetration testing is considered to be a more versatile view of the security where testing is performed from several network access points, including both logical and physical segments?
Internal Testing
A client has asked you to install a keylogger on several target systems in order to see if their anti-malware software can detect the software used. You have decided to deploy a keylogger that can be set via e-mail and utilizes executable and registry entries that can be renamed to provide some level of stealth. What keylogger should you use?
Spector Professional
Recent vulnerability scans show that several web servers on your client’s network are susceptible to session hijacking. What software can be deployed to monitor sessions and act as a intrusion detection system?
SecureNet Pro
Which type of security assessment is designed to evaluate an organization’s security policies and procedures?
Security audits
What type of testing involves the simulation of real-world attacks and minimizes false positives?
Black Box testing
As part of an audit of a web server utilizing Perl CGI scripts, you wish to run tests and debug running scripts locally on your computer that have been pulled from the target web server. What utility should you use?
OptiPerl
Your ethical hacking consulting company is auditing a web server and part of the audit specifies a deliverable report on what files are present in the web serving directory that have no links leading to them in the web application’s code. What utility can you use to generate this report?
Link Utility
What is the purpose of a gap analysis?
A gap analysis evaluates the differences between an organizations vision and its current position.
What type of black box testing involves exploring around a targeted area in a car to discover wireless networks?
War Driving
With what type of reconnaissance does a hacker attempt to scout for or survey potential targets then investigate the target using publicly available information?
Passive
Which vulnerability assessment utility performs remote self-scans, supports API facilities, and combines with popular NMAP packages for advanced operating system fingerprinting?
SARA
Which penetration-testing tool enables the user to identify vulnerabilities and creates 3-D maps by examining systems for responsive devices without scanning them?
CyberCop Scanner
Which type of analysis illustrates who, when, why how, and with what probability an attacker might strike a system?
Attack trees
As part of network audit, you have been tasked with performing a mock Denial-of-Service attack against a target server. What are some valid means of performing this type of attack?
Contract out to a firm that performs mock DoS testing to purposely create large volumes of traffic directed at the target host.
Utilize hardware devices specifically designed to emulate common DoS attacks.
If an IDS is present on the network, you can simulate a DoS attack by spoofing router source addresses to trigger the IDS to cut off the network.
Which type of security assessment scans networks for known security weaknesses?
Vulnerability Assessment
What two statements accurately describe the two different types of vulnerability scanners?
A network-based scanner will attempt to find vulnerabilities from the outside.
A host based scanner typically requires a software agent or client to be installed.
In an outsourced penetration test, which person will be fully aware of how the test will be conducted, the time frame involved, and the comprehensive nature of the test?
CutOut
What software can be used to provide a graphical representation of VPN tunnel statuses for mobile user VPNs?
Watchguard
