FootPrinting and Social Engineering

Question 1

Which of the following contains host records for a domain?

Answer 1

DNS

Question 2

Which of the following is one method of gathering information about the operating systems a company is using?

Answer 2

Search the Web for e-mail addresses of IT emloyees.

Question 3

Entering a company’s restricted area by following closely behind an authorized person is referred to as which of the following?

Answer 3

Piggybacking

Question 4

Which of the following is a fast and easy way to gather information about a company?

Answer 4

View the company’s WebSite

Look for company ads in phone directories

Question 5

What’s the first method a security tester should attempt to find a password for a computer on the network?

Answer 5

Ask the user

Question 6

Wget is a*nix system command that can be used to retrieve HTTP, HTTPS, and FTP files over the internet

Answer 6

True

Question 7

Which utility can extract meta-data and documents on a website to reveal the document creator’s network login, e-mail address, IP address, and other important information?

Answer 7

FOCA

Question 8

What’s one way to gather information about a domain?

Answer 8

View the header of an e-mail you send to an e-mail account that doesn’t exist

Question 9

When conducting competitive intelligence, which of the following is a good way to determine the size of a company’s IT support staff?

Answer 9

Review job posting on Web sites such as www.monster.com and www.dice.com

Question 10

What tool can be used to read and write data to ports over a network?

Answer 10

Netcat

Question 11

A cookie can store information about a Web site’s visitors. True of False?

Answer 11

True

Question 12

To see additional parameters that can be used with the Netcat command, what should you type at the command prompt?

Answer 12

nc -h

Question 13

Shoulder Surfers can use their skills to find which of the following pieces of information?

Answer 13

ATM PINs
Passwords
Long-Distance access codes

Question 14

When an attacker chooses to combine social engineering with exploiting vulnerabilities carried out by e-mail, what type of attack is being performed?

Answer 14

Spear Phishing

Question 15

Network attacks can often begin by gathering information from a company’s Web site.

Answer 15

True

Question 16

What 1-pixel x 1-pixel image file is referened in an tag, and usually works with a cookie to collect information about the person visiting the Website?

Answer 16

Web Bug

Question 17

Namedroppers is a tool that can be used to capture Web serer information and vulnerabilites in a Web site’s pages that could allow exploits such as SQL injection and buffer overflows/

Answer 17

False

Question 18

Which tools can be used to gather competitive intelligence from Websites?

Answer 18

Metis

Question 19

What are of a network is major area of potential vulnerability because of the use of URLs?

Answer 19

DNS

Question 20

What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance?

Answer 20

Piggybacking

Question 21

What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance?

Answer 21

Piggybacking

Question 22

Before conducting a security test by using social-engineering tactics, what should you do?

Answer 22

Get witten permission from the person who hired you to conduct the security test

Question 23

Which utility is being used to gather IP and domain information?

Answer 23

Whois

Question 24

Walking is an automated way to discover pages of a Website by following links

Answer 24

False

Question 25

Many social engineers begin gathering the information they need by using which of the following ?

Answer 25

The telephone

Question 26

Which of the following tools can assist you in finding general information about an organization and its employees?

Answer 26

Https://groups.google.com

www.google.com

Question 27

Which technique can be used to read PINs entered at ATMs or at other areas when a pin code is entered?

Answer 27

Shoulder Surfing

Question 28

What social engineering tactic can be utilized to accquire old notes that may contain written passwords or other items that document important information?

Answer 28

Dumspter Driving

Question 29

What utility can be used to intercept detailed information from a company’s Web site?

Answer 29

Zed Attack Proxy

Question 30

What HTTP method is the same as the GET method, but retrieves only the header information of an HTMP document, not the document body?

Answer 30

Head