Ethical Hacking 9 Flashcards

1
Q

What is the ARP method of detecting a sniffer on the LAN?

A

ARP packets are transmitted with a nonbroadcast IP address, and any responding systems are suspected to be running a network sniffer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which ARP poisoning tools can be used to sniff and analyze traffic generated by SSH? (Choose all that apply.)

A

Ettercap

Cain and Abel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Your consulting company has been hired to secure a client’s network. Specifically, the client has asked that you determine hosts on the network that are using protocols vulnerable to sniffing that might compromise user account information. What protocols should you look for when sniffing the network?

A

telnet, SNMP, FTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are currently connected to a switch and are attempting to capture all network traffic on the LAN. How can you force all traffic on this switched Ethernet network to become visible to your sniffing application?

A

Use ARP spoofing software and spoof the MAC address of the local gateway.

Overwhelm the network switch utilizing MAC address flooding, forcing it to broadcast all frames out all ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which method for sniffing the network causes traffic to pass through the wrong gateway because computers have the wrong MAC address for the gateway.

A

ARP spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the DNS poisoning techniques involves an attacker using a Trojan to change the victim’s DNS server IP address to that of the attacker’s machine?

A

Internet DNS spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

While capturing network traffic as part of a network audit, you discover an active telnet session that appears to be automated. What tool can you utilize to inject commands into this communication, possibly allowing you to gain access to a system?

A

Ettercap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When using Snort to capture packets, which switch is used to specify which class of network packets has to be captured by IP address?

A

-h

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Whichattack works by broadcasting DHCP requests with spoofed MAC addresses?

A

DHCP starvation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What WinDump command should you use to display output using IP addresses and actual TCP/IP sequence numbers?

A

windump -n -S

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In the 1992 movie “Sneakers”, a group of hackers collect trash from a target individual’s home for the purpose of gathering intelligence on the corporation the individual works for. What is this an example of?

A

dumpster diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which method used to detect sniffing can identify a system operating in promiscuous mode by using a nonbroadcast IP address request?

A

ARP Method

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What protocols are most vulnerable to sniffing? (Choose three.)

A

SNMP, Telnet, HTTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A client has asked you to deploy software that will allow them to collect information about network packets, analyze the packets, and then generate reports regarding network traffic. They would like this information to be available via a web interface. What tool can you deploy?

A

ntop

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What statements regarding the different types of sniffing is accurate?

A

Most sniffing tools are suited primarily to sniff data in a hub environment, utilizing passive sniffing.

Active sniffing involves the injection of traffic designed to enable total traffic collection on a switched LAN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Your client has a switched LAN and would like to deploy additional countermeasures to ensure that sniffing is unlikely on this sensitive network. What steps can you take to ensure sniffing valuable data will be difficult, if not impossible?

A

Perform encryption of all network traffic between end systems.

Utilize a static MAC address entries for all sensitive servers, routers, and firewalls.

17
Q

You have been called in to investigate a network that is actively being attacked. Computers are receiving IP addresses outside the normal scope of the local DHCP server, and upon investigating the DHCP server, you discover that all the leases available are currently used. What has most likely occurred?

A

An attacker has filled the DHCP lease table with bogus MAC address entries, then used a rogue server to provide malicious default gateway and DNS server information to hosts on the network.

18
Q

What is another way that all network traffic can be captured in a switched network? (Choose all that apply.)

A

Port mirroring, Switched Port Analyzer (SPAN), Port monitoring

19
Q

Which lawful intercept component stores and processes traffic intercepted by the service provider?

A

Collection function

20
Q

Which device maintains a table keeping track of each computer’s MAC address, and the physical port on which that MAC address is connected?

A

switch