Incorrect Answers Flashcards
What is a Cavity Virus?
A cavity virus attempts to install itself inside of the file it is infecting.
What is an Insider Affiliate
Somebody who is contracted to work for the company and through social engineering gains access from an actual employee.
What does Set type=ns do?
It uses nslookup to query Domain Name Service (DNS).
What does this command do? >host -t a hackeddomain.com
Looks for IP addresses. Perameter -t a
What is this image?
The Hacker first attempted logins with suspected user names, then used SQL Injection to gain access to valid bank login IDs.
In Buffer Overflow exploit, which of the following registers gets overwritten with return address of the exploit code?
EIP - EIP is a register in x86 architectures (32bit). It holds the “Extended Instruction Pointer” for the stack. In other words, it tells the computer where to go next to execute the next command and controls the flow of a program.
Splint is a source code analyzer that is capable of detecting a _____
Buffer Overflow
Attackers craft malicious probe packets and scan for services such as HTTP over SSL (HTTPS), SMTP over SSL (SMPTS) and IMAP over SSL (IMAPS) to detect honeypots in a network. Which of the following condition shows the presence of a honeypot?
Ports show a particular service running but deny a three-way handshake connection
What is this 0xFFFFFFFFFFFF
A destination MAC address of a broadcast frame.
Which of the following is a characteristic of Public Key Infrastructure (PKI)?
Public-key cryptosystems distribute public-keys within digital signatures.
How will you stop web spiders from crawling certain directories on your website?
Place robots.txt file in the root of your website with listing of directories that you don’t want to be crawled
How do you ensure if the e-mail is authentic and sent from fedex.com?
Verify the digital signature attached with the mail, the fake mail will not have Digital ID at all
What is true about ICMP flood
How do you defend against DHCP Starvation attack?
Enable DHCP snooping on the switch
A covert channel is a channel that:
transfers information over, within a computer system, or network that is outside of the security policy.
Trojan horse attacks pose one of the most serious threats to computer security. Which are the easiest and most convincing ways to infect a computer?
Legitimate “shrink-wrapped” software packaged by a disgruntled employee
Which of the following types of firewalls ensures that the packets are part of the established session?
Stateful inspection firewall
Enumeration is defined as the process of extracting user names, machine names, network resources, shares, and services from a system. Which of the following command can be used in UNIX environment to enumerate the shared directories on a machine?
showmount
In the context of Trojans, what is the definition of a Wrapper?
A tool used to bind the Trojan with a legitimate file
You have several plain-text firewall logs that you must review to evaluate network traffic. You know that in order to do fast, efficient searches of the logs you must use regular expressions. Which command-line utility are you most likely to use?
Grep
When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration. What type of an alert is this?
False Positive
Firewall implementation and design for an enterprise can be a daunting task. Choices made early in the design process can have far-reaching security implications for years to come. Which of the following firewall architecture is designed to host servers that offer public services?
Screened subnet
As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find and verify just SMTP traffic. What command in Wireshark will help you to find this kind of traffic?
tcp.port eq 25
Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends “many” IP packets, based on the average number of packets sent by all origins and using some thresholds. In concept, the solution developed by Bob is actually:
Just a network monitoring tool
Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening ports on the targeted system. If a scanned port is open, what happens?
The port will send a SYN
Which of the following scan only works if the operating system’s TCP/IP implementation is based on RFC 793?
NULL Scan
Enumeration is defined as the process of extracting user names, machine names, network resources, shares, and services from a system. Which of the following command can be used in UNIX environment to enumerate the shared directories on a machine?
showmount
Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?
Use encrypted communications protocols to transmit PII
A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named “nc.” The FTP server’s access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server’s software. The ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port. What kind of vulnerability must be present to make this remote attack possible?
Directory traversal
Splint is a source code analyzer that is capable of detecting a ______
Buffer Overflow
What is the least important information when you analyze a public IP address in a security alert?
ARP Address Resolution Protocol
You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?
Internet Firewall/Proxy log
Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?
Maltego
Which is the first step followed by Vulnerability Scanners for scanning a network?
Checking if the remote host is alive
You are analyzing a traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs. – 192.168.8.0/24. What command you would use?
wireshark –capture –local –masked 192.168.8.0 –range 24
Firewalls are categorized into two; namely hardware firewall and software firewall. Identify the correct statement for a software firewall.
Software firewall is placed between the normal application and the networking components of the operating system
Steganography is a technique of hiding a secret message within an ordinary message and extracting it at the destination to maintain confidentiality of data. Which of the following steganography technique embed secret message in the frequency domain of a signal?
Answers
Transform domain techniques
OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?
openssl s_client –connect www.website.com:443
You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?
Snort
A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?
The password file does not contain the passwords themselves.
What does a firewall check to prevent particular ports and applications from getting packets into an organization?
Transport layer port numbers and application layer headers
BB
During a black-box pen test you attempt to pass IRC traffic (Internet Relay Chat) over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?
Application
Which of the following act in the united states officially crimalised the transmition of unsolicitated commercial email (SMAPM)
2004 CANSPAM Act
What is the step after footrpinting?
Scanning
What is LACNIC
A directory where you can find IP addresses.
In Ping what does -f -l mean?
- f = Do not fragment
- l Payload size
In the C++ Object-oriented programming language, which of these situations can result in a buffer overflow?
When a program returns an incorrect output
What’s stack smashing?
A buffer overflow that overwrites the return address
You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?
TCP
Steganography is a technique of hiding a secret message within an ordinary message and extracting it at the destination to maintain confidentiality of data. Which of the following steganography technique embed secret message in the frequency domain of a signal?
Transform Domain Techniques
Which of these is the best defense against a buffer overflow attack?
Write Secure Code
Which Port is NETBios?
137
What systems might night respond to xmas scan?
Windows Server, Cisco.
Which ICMP message types are used for destination unreachables?
3
how many blocks in LM Hash
7 blocks
WHat are the phases of system hacking
Gaining Access
Escelation of Privalge
Execute applications
Maintain Access
Clear tracks
page 164
Where are hashes stored on microsoft
SAM file - system 32 /
config,
What hash algrythem does LM hash and NTLM hash use
MD4
What encryption algorythem does LM and NTLM Hash use
LM = DES 56bit
NTLM
= Triple 3DES - 112 bit
What tool can you use to crack hashes
hashkiller.co.uk
hashsuite
WHat are dif types of hacking
Non Electronic
Active Online Attacks
Passive Online Attacks
Offline Attacks
Types of root kits
pg 193
What is SynStealth also known as
Half Open scan
What protocoal would be used to guess sequance number
TCP
Encrypted message cycle with PKI
Create a hash of message, Encrypt hash with private key, Encrypt message iwth Recipients public key.
Where are failed log in attempts logged in Linux
btmp
What is a layer 3 limited broadcast address
255.255.255.255
