FootPrinting and Social Engineering Flashcards

1
Q

Which of the following contains host records for a domain?

A

DNS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is one method of gathering information about the operating systems a company is using?

A

Search the Web for e-mail addresses of IT emloyees.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Entering a company’s restricted area by following closely behind an authorized person is referred to as which of the following?

A

Piggybacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is a fast and easy way to gather information about a company?

A

View the company’s WebSite

Look for company ads in phone directories

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What’s the first method a security tester should attempt to find a password for a computer on the network?

A

Ask the user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Wget is a*nix system command that can be used to retrieve HTTP, HTTPS, and FTP files over the internet

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which utility can extract meta-data and documents on a website to reveal the document creator’s network login, e-mail address, IP address, and other important information?

A

FOCA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What’s one way to gather information about a domain?

A

View the header of an e-mail you send to an e-mail account that doesn’t exist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When conducting competitive intelligence, which of the following is a good way to determine the size of a company’s IT support staff?

A

Review job posting on Web sites such as www.monster.com and www.dice.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What tool can be used to read and write data to ports over a network?

A

Netcat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A cookie can store information about a Web site’s visitors. True of False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

To see additional parameters that can be used with the Netcat command, what should you type at the command prompt?

A

nc -h

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Shoulder Surfers can use their skills to find which of the following pieces of information?

A

ATM PINs
Passwords
Long-Distance access codes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When an attacker chooses to combine social engineering with exploiting vulnerabilities carried out by e-mail, what type of attack is being performed?

A

Spear Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Network attacks can often begin by gathering information from a company’s Web site.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What 1-pixel x 1-pixel image file is referened in an tag, and usually works with a cookie to collect information about the person visiting the Website?

17
Q

Namedroppers is a tool that can be used to capture Web serer information and vulnerabilites in a Web site’s pages that could allow exploits such as SQL injection and buffer overflows/

18
Q

Which tools can be used to gather competitive intelligence from Websites?

19
Q

What are of a network is major area of potential vulnerability because of the use of URLs?

20
Q

What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance?

A

Piggybacking

21
Q

What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance?

A

Piggybacking

22
Q

Before conducting a security test by using social-engineering tactics, what should you do?

A

Get witten permission from the person who hired you to conduct the security test

23
Q

Which utility is being used to gather IP and domain information?

24
Q

Walking is an automated way to discover pages of a Website by following links

25
Many social engineers begin gathering the information they need by using which of the following ?
The telephone
26
Which of the following tools can assist you in finding general information about an organization and its employees?
Https://groups.google.com | www.google.com
27
Which technique can be used to read PINs entered at ATMs or at other areas when a pin code is entered?
Shoulder Surfing
28
What social engineering tactic can be utilized to accquire old notes that may contain written passwords or other items that document important information?
Dumspter Driving
29
What utility can be used to intercept detailed information from a company's Web site?
Zed Attack Proxy
30
What HTTP method is the same as the GET method, but retrieves only the header information of an HTMP document, not the document body?
Head