FootPrinting and Social Engineering Flashcards
Which of the following contains host records for a domain?
DNS
Which of the following is one method of gathering information about the operating systems a company is using?
Search the Web for e-mail addresses of IT emloyees.
Entering a company’s restricted area by following closely behind an authorized person is referred to as which of the following?
Piggybacking
Which of the following is a fast and easy way to gather information about a company?
View the company’s WebSite
Look for company ads in phone directories
What’s the first method a security tester should attempt to find a password for a computer on the network?
Ask the user
Wget is a*nix system command that can be used to retrieve HTTP, HTTPS, and FTP files over the internet
True
Which utility can extract meta-data and documents on a website to reveal the document creator’s network login, e-mail address, IP address, and other important information?
FOCA
What’s one way to gather information about a domain?
View the header of an e-mail you send to an e-mail account that doesn’t exist
When conducting competitive intelligence, which of the following is a good way to determine the size of a company’s IT support staff?
Review job posting on Web sites such as www.monster.com and www.dice.com
What tool can be used to read and write data to ports over a network?
Netcat
A cookie can store information about a Web site’s visitors. True of False?
True
To see additional parameters that can be used with the Netcat command, what should you type at the command prompt?
nc -h
Shoulder Surfers can use their skills to find which of the following pieces of information?
ATM PINs
Passwords
Long-Distance access codes
When an attacker chooses to combine social engineering with exploiting vulnerabilities carried out by e-mail, what type of attack is being performed?
Spear Phishing
Network attacks can often begin by gathering information from a company’s Web site.
True
What 1-pixel x 1-pixel image file is referened in an tag, and usually works with a cookie to collect information about the person visiting the Website?
Web Bug
Namedroppers is a tool that can be used to capture Web serer information and vulnerabilites in a Web site’s pages that could allow exploits such as SQL injection and buffer overflows/
False
Which tools can be used to gather competitive intelligence from Websites?
Metis
What are of a network is major area of potential vulnerability because of the use of URLs?
DNS
What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance?
Piggybacking
What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance?
Piggybacking
Before conducting a security test by using social-engineering tactics, what should you do?
Get witten permission from the person who hired you to conduct the security test
Which utility is being used to gather IP and domain information?
Whois
Walking is an automated way to discover pages of a Website by following links
False
Many social engineers begin gathering the information they need by using which of the following ?
The telephone
Which of the following tools can assist you in finding general information about an organization and its employees?
Https://groups.google.com
www.google.com
Which technique can be used to read PINs entered at ATMs or at other areas when a pin code is entered?
Shoulder Surfing
What social engineering tactic can be utilized to accquire old notes that may contain written passwords or other items that document important information?
Dumspter Driving
What utility can be used to intercept detailed information from a company’s Web site?
Zed Attack Proxy
What HTTP method is the same as the GET method, but retrieves only the header information of an HTMP document, not the document body?
Head
