Final Flashcards
Penetration testing can create ethical, technical, and privacy concerns for a company’s management team. What can a security consultant do to ensure the client fully understands the scope of testing that will be performed?
create a contractual agreement
What professional level security certification did the “International Information Systems Security Certification Consortium” (ISC2) develop?
Certified Information Systems Security Professional (CISSP)
What name is given to people who break into computer systems with the sole purpose to steal or destroy data?
Crackers
What organization disseminates research documents on computer and network security worldwide at no cost?
SANS
What security certification uses the Open Source Security Testing Methodology Manual (OSSTMM) as its standardized methodology?
OPST
What port does the Simple Mail Transfer Protocol, or SMTP service use?
25
What layer, in the TCP/IP protocol stack, is responsible for encapsulating data into segments?
Transport Layer
To retrieve e-mail from a mail server, you most likely access port 119.
TRUE OR FALSE
False
In the TCP/IP stack, what layer is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP header?
Transport
An octal digit can be represented with only three bits because the largest digit in octal is seven.
TRUE OR FALSE
True
A malicious computer program that replicates and propagates itself without having to attach to a host is called which of the following?
worm
In a buffer overflow attack, an attacker finds a vulnerability in poorly written code that doesn’t check for a defined amount of memory space use.
TRUE OR FALSE
TRUE
What type of attack is occurring when an attacker places themselves between two parties and manipulates messages being passed back and forth?
Man-in-the-Middle
Which term best describes a hash or code pattern that antivirus software companies use to compare known viruses to every file on a computer?
signatures
What type of malicious program cannot stand on its own and can replicate itself through an executable program attached to an e-mail?
Virus
What social engineering tactic can be utilized to acquire old notes that may contain written passwords or other items that document important information?
Dumpster driving
To see additional parameters that can be used with the Netcat command, what should you type at the command prompt?
nc -h
What is the passive process of finding information on a company’s network called?
Footprinting
What HTTP method is the same as the GET method, but retrieves only the header information of an HTML document, not the document body?
HEAD
When an individual attempts to discover as much information legally possible about their competition, what information gathering technique are they performing?
Competitive intelligence
When a TCP three-way handshake ends, both parties send what type of packet to end the connection?
FIN
In a NULL scan, all packet flags are turned on.
TRUE OR FALSE
FALSE
Attackers typically use ACK scans to get past a firewall or other filtering devices.
TRUE OR FALSE
TRUE
In any *NIX system, after saving a script named “script_name,” you need to make it executable so that you can run it. Which command will accomplish this task from the command line?
chmod +x script_name
Which vi command deletes the current line?
Dd
Windows Server 2012 introduced what protection feature to prevent pass-the-hash attacks?
Authentication Silos
What type of unauthenticated connection is considered to be a significant vulnerability of NetBIOS systems?
null session
What enumeration tool is extremely useful when working with Windows NT, 2000, and Windows XP systems?
DumpSec
SNMPWalk is a tool useful in enumerating hosts running SNMP with what type of configuration?
default
SNMPWalk is a tool useful in enumerating hosts running SNMP with what type of configuration?
default
What process allows a security professional to extract valuable information, such as information about users and recent login times from a network?
enumeration
Which of the following is a markup language rather than a programming language?
HTML
Which of the following logical operators in the C programming language is evaluated as true if both sides of the operator are true?
&&
Security professionals often need to examine Web pages and recognize when something looks suspicious.
TRUE OR FALSE
True
In the C programming language, which of the following show where a block of code begins and ends?
braces
Which of the following is the act of performing a task over and over?
Looping
Which standardized remote file system protocol replaced SMB in Windows 2000 Server and later?
Common Internet File System
Which of the following is considered to be the most critical SQL vulnerability?
null SA password
Red Hat and Fedora Linux use what command to update and manage their RPM packages?
yum
Which of the following is an interprocess communication mechanism that allows a program running on one host to run code on a remote host?
RPC
Microsoft Baseline Security Analyzer has its origins in which of the following command line scanners?
HFNetChk
SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following?
air gap
Rootkits containing Trojan binary programs that are ready to install are more dangerous than typical Trojan programs.
true
Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device?
firmware
Which of the following systems should be used when equipment monitoring and automation is critical?
SCADA
Which of the following source code is now available to the public and was considered a trimmed down version of the Windows desktop OS?
Windows CE
Connecting to an MS SQL Server database with Microsoft’s Object Linking and Embedding Database (OLE DB) requires using which of the following providers?
SQLOLEDB
Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities?
Microsoft Security Bulletin
What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?
developer tools
Which of the following cross-site scripting vulnerabilities types is especially harmful because it can be delivered to subsequent users of the application?
stored
Web applications written in CFML can also contain other client-side technologies, such as HTML and JavaScript.
TRUE or FALSE
True
What security certification uses the Open Source Security Testing Methodology Manual (OSSTMM) as its standardized methodology?
OPST
When a security professional is presented with a contract drawn up by a company’s legal department, which allows them to “hack” the company’s network, they should proceed by performing what precautionary step?
consult their lawyer
What common term is used by security testing professionals to describe vulnerabilities in a network?
holes
Port scanning is a noninvasive, nondestructive, and legal testing procedure that is protected by federal law.
False
An ethical hacker is a person who performs most of the same activities a hacker does, but with the owner or company’s permission.
True
What IPv4 address class has the IP address 221.1.2.3?
Class C
What TCP flag is responsible for synchronizing the beginning of a session?
SYN flag
What port is typically reserved and utilized by the Secure Hypertext Transfer Protocol to create a secure connection to a Web server?
443
What port does the Trivial File Transfer Protocol, or TFTP service use?
69
What port does the Hypertext Transfer Protocol, or HTTP service use?
80
What type of attack causes the victim’s computer to crash or freeze when the attacker delivers an ICMP packet that is larger than the maximum allowed 65,535 bytes?
Ping of Death
Whitelisting allows only approved programs to run on a computer.
True
What type of virus is used to lock a user’s system, or cloud accounts until the system’s owner complies by paying the attacker a monetary fee?
ransomware
Malware is malicious software, such as a virus, worm, or Trojan program, introduced into a network.
True
Which type of attack cripples the network and prevents legitimate users from accessing network resources?
denial-of-service
Which utility can extract meta-data and documents on a Website to reveal the document creator’s network login, e-mail
address, IP address, and other important information?
FOCA
When an attacker chooses to combine social engineering with exploiting vulnerabilities carried out by e-mail, what type of attack is being performed?
spear phishing
Which process utilizes the knowledge of human nature to get information from people to use for executing an attack on a computer network?
social engineering
Which HTTP method starts a remote Application-layer loopback of the request message?
TRACE
What is the passive process of finding information on a company’s network called?
footprinting
Closed ports respond to a NULL scan with what type of packet?
RST
Which vi command deletes the current line?
Dd
In a Linux script, which of the lines is important because it identifies the file as a script?
!/bin/sc
To verify if all the IP addresses of a network are being used by computers that are up and running, you can use a port scanner to perform what procedure on a range of IP addresses?
ping
Attackers typically use ACK scans to get past a firewall or other filtering devices. TRUE or FALSE
True
Which of the following is an excellent GUI tool for managing Windows OSs and is capable of displaying graphical representations of several areas?
Hyena
Which of the following commands is a powerful enumeration tool included with Windows?
Nbtstat
A NetBIOS name does not need to be unique on a network.
False
What does the “NBT” part of “NBTscan” stand for?
NetBIOS over TCP/IP
What feature implemented in Windows Server 2016 allows for application isolation to protect applications from one another?
Windows Containers
In a Perl program, to go from one function to another, you simply call the function by entering which of the following in your source code?
name
Which of the following mathematical operators in the C programming language increments the unary value by 1?
++
In HTML, each tag has a matching closing tag that is written with which of the following characters?
forward slash (/)
Which of the following special characters is used with the printf() function in the C programming language to indicate a new line?
\n
Which of the following logical operators in the C programming language is used to compare the equality of two variables?
==
Which of the following is a Window’s client/server technology designed to manage patching and updating systems software from the network?
WSUS
What is the most serious shortcoming of Microsoft’s original File Allocation Table (FAT) file system?
no ACL support
Rootkits containing Trojan binary programs that are ready to install are more dangerous than typical Trojan programs.
True
Microsoft Baseline Security Analyzer has its origins in which of the following command line scanners?
HFNetChk
What critical component of any OS, that can be can be vulnerable to attacks, is used to store and manage information?
file system
When using the Common Internet File System (CIFS), which security model will require network users to have a user name and password to access a specific resource?
User-level security
What is the current file system that Windows utilizes that has strong security features?
NTFS
When using the Common Internet File System (CIFS), which security model does not require a password to be set for the file share?
Share-level security
A device that performs more than one function, such as printing and faxing is called which of the following?
MFD
Which of the following source code is now available to the public and was considered a trimmed down version of the Windows desktop OS?
Windows CE
Which JavaScript function is a “method” or sequence of statements that perform a routine or task?
getElementById()
Adobe System’s ColdFusion uses its proprietary tags, which are written in which of the following languages?
CFML
Connecting to an MS SQL Server database with Microsoft’s Object Linking and Embedding Database (OLE DB) requires using which of the following providers?
SQLOLEDB
Which of the following interfaces, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system (DBMS)?
OLE DB
To check whether a CGI program works, you can test the URL in your Web browser. Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser?
cgi-bin
What type of assessment performed by a penetration tester attempts to identify all the weaknesses found in an application or on a system?
vulnerability
What professional level security certification did the “International Information Systems Security Certification Consortium” (ISC2) develop?
Certified Information Systems Security Professional (CISSP)
What subject area is not one of the 22 domains tested during the CEH exam?
Trojan hijacking
What term best describes a person who hacks computer systems for political or social reasons?
hacktivist
What security certification uses the Open Source Security Testing Methodology Manual (OSSTMM) as its standardized methodology?
OPST
What port is typically reserved and utilized by the Secure Hypertext Transfer Protocol to create a secure connection to a Web server?
443
What TCP flag is responsible for delivering data directly and immediately to an application?
PSH flag
What connection-oriented protocol is utilized by the Transport layer?
TCP
What layer protocols operate as the front end to the lower-layer protocols in the TCP/IP stack?
Application
What port does the Simple Mail Transfer Protocol, or SMTP service use?
25
When a computer hacker uses multiple compromised computers to carry out a DDOS attack, the compromised computers are usually referred to as which of the following?
zombies
Which type of security is specifically concerned with computers or devices that are part of a network infrastructure?
Network security
Which term best describes malicious programmatic behaviors that antivirus software companies use to compare known viruses to every file on a computer?
heuristics
Malware programs cannot be detected by antivirus programs. TRUE or FALSE
False
Which of the following is created after an attack and usually hides within the OS tools, so it is almost impossible to detect?
rootkit
Which HTTP method requests that the entity is stored under the Request-URI?
PUT
What type of general commands allow a security tester to pull information from a Web server using a web browser?
HTTP
Which process enables you to see all the host computers on a network and basically give you a diagram of an organization’s network?
zone transfers
Network attacks can often begin by gathering information from a company’s Web site.
True
Namedroppers is a tool that can be used to capture Web server information and vulnerabilities in a Web site’s pages that could allow exploits such as SQL injection and buffer overflows. TRUE or FALSE
False
Attackers typically use ACK scans to get past a firewall or other filtering devices. TRUE or FALSE
True
In an ACK scan, if the attacked port returns an RST packet the attacked port is considered to be operating in what state?
unfiltered
One of the limitations when using “ping sweeps” is that many network administrators configure nodes not to respond to ICMP Echo Requests. What type of ICMP Echo message is being disabled by these administrators?
reply
An open port allows access to specific applications and cannot be vulnerable to attack.
False
In a NULL scan, all packet flags are turned on.
False
All of the enumeration techniques that work with older Windows OSs still work with Windows Server 2012.
False
The open-source descendant of Nessus is called which of the following?
OpenVAS
What process allows a security professional to extract valuable information, such as information about users and recent login times from a network?
enumeration
What security feature was extended to the OS to alert the user when an application is launched on a Windows 8.1 computer?
SmartScreen
What enumeration tool is extremely useful when working with Windows NT, 2000, and Windows XP systems?
DumpSec
Carelessly reviewing your program’s code might result in having which of the following in your program code?
bug
In the Perl programming language, comment lines begin with the which of the following character(s)?
#
If you want to know what the Perl print command does, you can use which of the following commands?
perldoc -f print
When a compiler finds errors, it usually indicates what they are so you can correct the code and compile the program again. TRUE or FALSE
True
In the C programming language, which statement tells the compiler to keep doing what is in the brackets over and over and over?
for(;;)
Microsoft Baseline Security Analyzer has its origins in which of the following command line scanners?
HFNetChk
What is the current file system that Windows utilizes that has strong security features?
NTFS
The MSBA tool can quickly identify missing patches and misconfigurations TRUE or FALSE
True
Which of the following Window’s utilities includes a suite of tools to help administrators deploy and manage servers and even allows for administrators to control mobile devices running Android, iOS, and Windows Mobile OS?
SCCM
Which of the following is an open-source implementation of CIFS?
Samba
Which of the following if often found within an embedded OS that can cause a potential vulnerability to an attack?
Web server
What programming languages are vulnerable to buffer overflow attacks?
C and C++
Which of the following systems should be used when equipment monitoring and automation is critical?
SCADA
Which of the following source code is now available to the public and was considered a trimmed down version of the Windows desktop OS?
Windows CE
Which of the following is an SELinux OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users?
Mandatory Access Control
JavaScript is a server-side scripting language that is embedded in an HTML Web page.
TRUE or FALSE
False
Which of the following interfaces is a standard database access method, developed by SQL Access Group, that allows an application to access data stored in a database management system (DBMS)?
ODBC
What is the specific act of filtering, rejecting, or sanitizing a user’s untrusted input before the application processes it?
input validation
What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?
Developer tools
Which of the following is a programming interface for connecting a Web application to a database and defines technologies that allow applications, such as Word or Excel, to interact with the Web?
ADO
What organization disseminate research documents on computer and network security worldwide at no cost?
SANS
What layer protocols operate as the front end to the lower layer protocols in the TCP/IP stack? 
Application
What IP address is used as a loop back address and is not a valid IP address that can be assigned to a network?
127 address
What layer, and the TCP/IP Protocol stack, is responsible for encapsulating data and two segments?
Transport layer
Whixh HTTP Method is used with a proxy that can dynamically switch to a tunnel connection, such as secure socket layer SSL?
CONNECT
which HTTP method starts a remote application layer loop back of the request message?
TRACE
