Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IT > examples > Flashcards

examples Flashcards

1
Q

Which of the following files can be used to block the “internet archive” from making snapshots of a website?

A

Robots.txt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The strength of asymmetric encryption lies in the face that in addresses the most serious problem of symmetric encryption - -key distribution

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Before launching an active security tool, a pen tester will always perform footprinting so that s/he can better plan a more effective attack

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is the primary goal of a penetration test?

A

primary goal of a penetration test is to determine whether a specific resource can be compromised

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A penetration tester may be able to find organizations’ insecure applications by searching Google.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Because the User Datagram Protocol does not perform hand shaking like TCP does, it is harder to scan and enumerate

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following command allows pen tester to view the arp cache of a windows system

A

Arp -a

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

which of the following best describes the concept of “port scanning” when it is performed as part of a pen test?

A

Identify services present on a system or range of systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following tools was designed to query the database that holds domain registration information and is also often used during footprinting?

A

Whois

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Which of the following tools was designed to query the database that holds domain registration information and is also often used during footprinting?
A

whois

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. A penetration test does not normally require formal rules of engagement.?
A

false

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. Which of the following statements describes one of the goals of “footprinting”?
A

a. Find information which is specifically designed to passively gain information about a target.

b. to gather information about a victim without
directly interacting and potentially providing advance notice of the attack.

c. Footprinting also generally focuses on gathering information externally, from outside the target organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. What is the ultimate goal of performing enumeration on a system?
A

uncovering specific information about the system itself

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Which file system supports a feature called Alternate data Stream that a pen tester can use to hide files?
A

a. NTFS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is a defining characteristic of an ethical hacker?

A

Someone who knows how hacking works and understands the dangers it poses but uses
those skills for good purposes; often known as a white-hat hacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Which of the following is the best source for manually obtaining a target organization network range during footprinting?
A

a. IANA website at the Root Zone Database

17
Q
  1. Most search engineers support the use of advanced search operators like the ones used with google Hacking
A

a. True

18
Q
  1. Passive OS fingerprinting tools examine which of the following fields to try to determine a system’s OS?.
A

a. TTL, Fragment bit, Type of Service, Window size

19
Q
  1. Some tcp port scan work by altering which fields in the tcp header
A

a. Flags (SYN/ACK/FIN/RST/PSH)

20
Q
  1. Which of the following is installed on both windows and linux and allows the pen tester to query internet domain name servers?
A

nslookup

21
Q

What will a pen tester see, is s/he is able to surreptitiously plug into an unused switch port during a test? (select two)

A

likely be able to capture network traffic, including sensitive data and credentials, using a packet sniffer or other network analysis tool.

Additionally, the penetration tester may be able to launch further attacks against other hosts on the network, depending on the network configuration and security measures in place.
SOC will be altered

22
Q
  1. What is a pen tester’s next step after performing a port scan?
A

a. Infiltration and escalation

23
Q

Which of the following activities can be performed when footprinting an organization?

A

a. Gathering information from general resources (such as Google or the organization’s website)
b. Determining the network’s logical and physical dimensions
c. Identifying active computers and devices
d. Finding open ports, active services, and access points
e. Detecting operating systems
f. Researching known vulnerabilities of running software

24
Q

Which of the following best describes an “evil twin” access point? (select two)

A

This fake access point is used to launch a man-in the-middle attack. Attackers simply place their own access points in the same area as users and attempt to get them to log on.

25
Q
  1. Which of the following would NOT be considered a step is a hacking methodology?
A

These are the methods It reviews the various methods attackers use, including footprinting, port scanning, enumeration, malware, sniffers, denial of service, and social engineering.

26
Q
  1. Hackers have begun working in teams so that they can achieve better results
A

True

27
Q
  1. Which of the following would a pen tester NOT seek when performing enumeration on a target system?
A

Recon

28
Q
  1. What is the term used for the first phase of pen test whereby the pen tester seeks to passively gain information about the target?
A

Footprinting

29
Q

What must a pen tester hope for when attempting to decrypt an AES256 encrypted document that was taken from a target system?

A

Private key

30
Q

Which of the following is one of the best places to footprint an organization’s employees?

A

a. Company website

31
Q

The “ping” command cannot be used to enumerate a target system

A

flase

32
Q
  1. What is the term used for an access point (AP) that was installed inside a corporate LAN by an employee and that is not administered by corporate IT?
A

Rogue access point

33
Q
  1. If the number of possible keys in an encryption scheme does not necessarily make it secure, what does?
A

a. algorithm

34
Q
  1. Footprinting could include viewing the HTML codes of a target website
A

true

35
Q

Which protocol does “ping” use when performing a ping sweep?

A

ICMP

36
Q
  1. How do job postings that include the names and versions of software and hardware used by the company help the pen tester?
A

a. How its infrastructure is organized

37
Q
  1. Thumb drive may be able to deliver malicious code if the pen tester can convince the target to insert the thumb drive into their system
A

true

38
Q
  1. Which of the following types of attack would a penetration test NOT include?
A

a. Actuall types are Tech/administrative/physical

IT (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions