Ethical Hacking as a Whole Flashcards
Mark, a professional hacker, targets his opponent’s website. He finds susceptible user inputs, injects malicious SQL code into the database, and tampers with critical information.
Active attack:
Tamper with the data in transit or disrupt the communication or services between the systems to bypass or break into secured systems.
Identify the type of attack vector that focuses on stealing information from the victim machine without its user being aware and tries to deliver a payload affecting computer performance.
APT Attack: Advanced Persistent Threat (APT) is an attack that focuses on stealing information from the victim machine without its user being aware of it. These attacks are generally targeted at large companies and government networks. APT attacks are slow in nature, so the effect on computer performance and Internet connections is negligible.
Identify the insider attack wherein the miscreant can easily bypass security rules by using privileged access and cause a threat to the organization’s information systems.
Pod Slurping:
the act of using a portable data storage device such as an iPod digital audio player to illicitly download large quantities of confidential data by directly plugging it into a computer where the data are held, and which may be on the inside of a firewall.
Which of the following titles of the Sarbanes Oxley Act (SOX) mandates that only senior executives should take individual responsibility for the accuracy and completeness of corporate financial reports?
Title III: Corporate Responsibility: Title III consists of eight sections and mandates that senior executives take individual responsibility for the accuracy and completeness of corporate financial reports.
Which of the following titles in The Digital Millennium Copyright Act (DMCA) allows the owner of a copy of a program to make reproductions or adaptations when these are necessary to use the program in conjunction with a system?
Title III: Computer Maintenance or Repair
Which of the following countries has implemented the cyber law “Regulation of Investigatory Powers Act 2000”?
United Kingdom
Given below are the various phases involved in the cyber kill chain methodology.
Installation
Delivery
Reconnaissance
Actions on objectives
Weaponization
Exploitation
Command and control
What is the correct sequence of phases involved in the cyber kill chain methodology?
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control
Actions on Objectives
Identify the type of threat actors that include groups of individuals or communities involved in organized, planned, and prolonged criminal activities and who exploit victims from distinct jurisdictions on the Internet, making them difficult to locate.
Criminal Syndicates:
Criminal syndicates are groups of individuals or communities that are involved in organized, planned, and prolonged criminal activities.
In which of the following hacking phases do attackers extract information such as live machines, port, port status, OS details, device type, and system uptime to launch further attacks?
Scanning:
Scanning refers to the pre- attack phase when the attacker scans the network for specific information based on information gathered during reconnaissance
Identify the term that refers to IT professionals who employ their hacking skills for defensive purposes, such as auditing their systems for known vulnerabilities and testing the organization’s network security for possible loopholes and vulnerabilities.
Ethical Hacker:
Ethical hacker refers to security professionals who employ their hacking skills for defensive purposes.
Which of the following tools includes scanners such as comprehensive security scanners and port scanners and provides information such as NetBIOS names, configuration info, open TCP and UDP ports, transports, and shares?
Mega Ping
the ultimate must-have toolkit that provides all essential utilities for Information System specialists, system administrators, IT solution providers or individuals. Mega Ping includes: Scanners: Comprehensive Security Scanner, Port scanner (TCP and UDP ports), IP scanner, NetBIOS scanner, Share Scanner.
Given below is the syntax of the nbtstat command.
nbtstat [-a RemoteName] [-A IP Address] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [Interval]
Which of the following Nbtstat parameters in the above syntax purges the name cache and reloads all #PRE-tagged entries from the Lmhosts file?
-R
Purges the name cache and reloads all #PRE-tagged entries from the Lmhosts file
Which of the following malware distribution techniques involves mimicking legitimate institutions in an attempt to steal login credentials?
Spear-phishing Sites: This technique is used for mimicking legitimate institutions, such as banks, to steal passwords, credit card and bank account data, and other sensitive information.
Identify the trojan that uses port number 443 to infect the target systems and propagate malicious software to other systems.
Emotet
Emotet uses functionality that helps the software evade detection by some anti-malware products. Emotet uses worm-like capabilities to help spread to other connected computers. This helps in distribution of the malware.
Benson, a professional hacker, uses a technique that can exploit browser vulnerabilities. Using this technique, he is able to install malware simply by visiting a web page, and the victim system gets exploited whenever the webpage is being explored.
Which of the following technique was mentioned in the above scenario?
Drive-by downloads
This refers to exploiting flaws in browser software to install malware just by visiting a web page.
Which of the following viruses combines the approach of file infectors and boot record infectors and attempts to simultaneously attack both the boot sector and executable or program files?
Multipartite Viruses: A multipartite virus combines the approach of file infectors and boot record infectors and attempts to simultaneously attack both the boot sector and the executable or program files. When the virus infects the boot sector, it will, in turn, affect the system files and vice versa.
James, a student, was curious about hacking. Although he does not possess much knowledge about the subject, he initiated a DoS attack on a website using freely available tools on the Internet. As the website already has some sort of security controls, it detected unusual traffic and blocked James’s IP address.
Which of the following types of threat sources is discussed in the above scenario?
Unstructured external threats: Unstructured external threats are implemented by unskilled attackers, typically script kiddies who may be aspiring hackers, to access networks.
Daniel, an employee working from home, was assigned a task to complete within a half-day, but due to frequent power failures at his residential area, he failed to accomplish the task.
Which of the following threats was demonstrated in the above scenario?
Natural Threats: Natural factors such as fires, floods, power failures, lightning, meteor, and earthquakes are potential threats to the assets of an organization.
A computer user was trying to read the latest news articles from a popular website, but the user was prevented from accessing the resources of the website as certain underlying vulnerabilities in the webpage allowed an attacker to inject fake requests into the network; as a result, the server stopped responding to legitimate user requests.
What is the impact caused due to vulnerabilities in the above scenario?
Denial of service: Vulnerabilities may prevent users from accessing website services or other resources.
Rogers, an administrator, has installed new software on an employee’s system and forgot to change the credentials provided by the software vendor. Robert, an attacker, on the other hand, browsed an online resource to obtain credentials provided by the software vendor and used those credentials to gain remote access to the employee’s system to steal valuable data.
Identify the type of vulnerability demonstrated in the above scenario.
Default password and settings
A default password is a password supplied by the manufacturer with new equipment (e.g., switches, hubs, routers) that is password protected.
James, a professional pen tester, was appointed by an organization to perform a vulnerability assessment on server systems. James conducted a configuration-level check to identify system configurations, user directories, and file systems to evaluate the possibility of compromise for all the systems.
Identify the type of vulnerability assessment James performed in the above scenario.
Application assessment
An application assessment focuses on transactional web applications, traditional client- server applications, and hybrid systems.
Identify the metric used in CVSS assessment that represents the features that continue to change during the lifetime of the vulnerability.
Temporal Metric: Represents the features that continue to change during the lifetime of the vulnerability.
Which of the following malware masks itself as a benign application or software that initially appears to perform a desirable or benign function but steals information from a system?
Trojan: A Trojan is a program that masks itself as a benign application. The software initially appears to perform a desirable or benign function, but instead steals information or harms the system.
Identify the type of password attack that does not require any technical knowledge about hacking or system exploitation.
Non-Electronic Attack: This is, for most cases, the attacker’s first attempt at gaining target system passwords. Non-electronic or non-technical attacks do not require any technical knowledge about hacking or system exploitation. Techniques used to perform non-electronic attacks include shoulder surfing, social engineering, dumpster diving, etc.
Which of the following tools allows an attacker to crack the passwords of the target system?
Medusa: Medusa is a speedy, parallel, and modular, login brute-forcing tool.
Which of the following tools allows you to reset unknown or lost Windows local administrator, domain administrator, and other user account passwords?
John the Ripper
an Open Source password security auditing and password recovery tool available for many operating systems.
Which of the following practices can help administrators protect an organization’s server from password cracking attempts?
Enable account lockout with a certain number of attempts, counter time, and lockout duration.
Which of the following practices can make devices or networks vulnerable to password cracking attempts?
Using the system’s default passwords,
DO NOT USE any system’s default passwords.
Ross, a professional hacker, created a fake website and posted fake testimonials about a malicious anti-malware program that he developed. Upon reading the fake testimonials, some of the lured customers downloaded and installed the anti-malware.
Identify the behavior that made customers vulnerable to attack in the above scenario.
Social Proof: Consensus or social proof refers to the fact that people are usually willing to like things or do things that other people like or do. Attackers take advantage of this by doing things like creating websites and posting fake testimonials from users about the benefits of certain products such as anti-malware (rogue ware). Therefore, if users search the Internet to download the rogue ware, they encounter these websites and believe the forged testimonials.
Given below are different phases of social engineering attacks.
- Develop a relationship
- Exploit the relationship
- Research the target company
- Select a target
What is the correct sequence of steps attackers follow to execute a successful social engineering attack?
3 -> 4 -> 1 -> 2
Research the target company
Select a target
Develop a relationship
Exploit the relationship
Jade, a professional hacker, was planning to enter the premises of an organization that allows access only to authorized persons. For this purpose, he creates a fake ID resembling the ID of the office staff and enters the restricted area by closely following an authorized person through a door that requires key access.
Identify the type of attack performed by Jade in the above scenario.
Tailgating
Tailgating implies accessing a building or secured area without the consent of the authorized person.
Which of the following malware tricks the computer users into visiting malware-infested websites by telling the target user that their machine has been infected with malware?
Scareware: Scareware is a type of malware that tricks computer users into visiting malware-infested websites or downloading or buying potentially malicious software. Scareware is often seen in pop-ups that tell the target user that their machine has been infected with malware.
Abin, an attacker intending to access the critical assets and computing devices of an organization, impersonated Sally, a system administrator. Abin masquerades as Sally and gathers critical information from computing devices of the target organization.
Identify the type of insider threat demonstrated in the above scenario.
Compromised insider
An insider with access to critical assets of an organization who is compromised by an outside threat actor.
Which of the following encompasses all forms of identity theft, where the perpetrators attempt to impersonate someone else simply to hide their original profile?
Identity Cloning and Concealment: This type of identity theft encompasses all forms of identity theft, where the perpetrators attempt to impersonate someone else simply in order to hide their identity.
Which of the following is the best practice to be followed to increase password security?
Avoid using the same password for different accounts
Which of the following countermeasures can assist users in reducing the chances of identity theft?
Enable two-factor authentication on all online accounts
Which of the following protocols is used to communicate through port 23 and allows an attacker to log in to a network machine remotely via a TCP connection to sniff keystrokes, including usernames and passwords, that are sent in cleartext?
Telnet: Telnet is a protocol used for communicating with a remote host (via port 23) on a network using a command-line terminal. rlogin enables an attacker to log into a network machine remotely via a TCP connection. Neither of these protocols provides encryption; therefore, data traveling between clients connected through any of these protocols are in plaintext and vulnerable to sniffing. Attackers can sniff keystrokes, including usernames and passwords.
In which of the following OSI layers do sniffers operate and perform an initial compromise?
The data link layer is the second layer of the OSI model. In this layer, data packets are encoded and decoded into bits. Sniffers operate at the data link layer and can capture packets from this layer. Networking layers in the OSI model are designed to work independently of each other; thus, if a sniffer sniffs data in the data link layer, the upper OSI layers will not be aware of the sniffing.
Which of the following tool helps an attacker perform an ARP poisoning attack?
BetterCAP: bettercap is an ARP poisoning tool and also it is the Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks.
Identify the technique that sends non-broadcast ARP to all the nodes in the network, and the node that runs in promiscuous mode broadcasts a ping message on the network with the local IP address but a different MAC address.
ARP method
Address Resolution Protocol (ARP) is a protocol that enables network communications to reach a specific device on the network. ARP translates Internet Protocol (IP) addresses to a Media Access Control (MAC) address, and vice versa.