Module 6 - System Hacking Flashcards

1
Q

Cracking Passwords:

Searching for sensitive information in the user’s trash-bins, printer trash bins, and user desk for sticky notes.

a. Social Engineering
b. Shoulder Surfing
c. Dumpster Diving
d. Tailgating

A

c. Dumpster Diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Cracking Passwords:

The program tries every combination of characters until the password is broken.

a. Hybrid Attack
b. Rule-based Attack
c. Dictionary Attack
d. Brute Force Attack
e. Password Guessing

A

d. Brute Force Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Cracking Passwords:

The attacker creates a list of all possible passwords from the information collected through social engineering or any other way and tries them manually on the victim’s machine to crack the passwords.

a. Hybrid Attack
b. Rule-based Attack
c. Dictionary Attack
d. Brute Force Attack
e. Password Guessing

A

e. Password Guessing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Cracking Passwords:

Uses a combination of dictionary file and every combination of characters until the password is broken.

a. Hybrid Attack
b. Rule-based Attack
c. Dictionary Attack
d. Brute Force Attack
e. Password Guessing

A

a. Hybrid Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Cracking Passwords:

A dictionary file is loaded into the cracking application that runs against user accounts.

a. Hybrid Attack
b. Rule-based Attack
c. Dictionary Attack
d. Brute Force Attack
e. Password Guessing

A

c. Dictionary Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Cracking Passwords:

Is a password supplied by the manufacturer with new equipment (e.g. switches, hubs, routers) that is password protected.

A

Default Password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cracking Passwords:

In a ______ attack, the attacker acquires access to the communication channels between victim and server to extract the information.

a. Replay Attack
b. Man-in-the-Middle Attack

A

b. Man-in-the-Middle Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cracking Passwords:

  • Windows stores user password in ___, or in the Active Directory database in domains.
  • Passwords are never stored in clear text; passwords are hashed and the results are stored in the ___.
    a. Kerberos Authentication
    b. NTLM Aughentication
    c. Security Accounts Manager (SAM) Database
A

c. Security Accounts Manager (SAM) Database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cracking Passwords:

  • Password _______ is a technique where random string of characters are added to the password before calculating their hashes.
  • Makes it more difficult to reverse the hashes and defeat pre-computed hash attacks.
    a. Extensions
    b. Padding
    c. Salting
    d. Hashing
A

c. Salting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Cracking Passwords:

This software cracks hashes with ranbow tables. It uses time-memory tradeoff algorithm to crack hashes.

a. Cain & Abel
b. RainbowCrack
c. Windows Password Key
d. hashcat

A

b. RainbowCrack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Escalating Privileges:

Refers to acquiring the same level of privileges that already has been granted but assuming the identity of another user with the similar privileges.

a. Vertical Privilege Escalation
b. Horizontal Privilege Escalation

A

b. Horizontal Privilege Escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Escalating Privileges:

Refers to gaining higher privileges than the existing.

a. Vertical Privilege Escalation
b. Horizontal Privilege Escalation

A

a. Vertical Privilege Escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Escalating Privileges:

Windows Application Compatibility Framework, ____ is used to provide compatibility between the older and newer versions of Windows operating system.

a. Access Token Manipulation
b. Application Shimming
c. File System Permissions Weakness
d. Path Interception
e. Scheduled Task

A

b. Application Shimming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Executing Applications:

Attackers execute malicious applications in this stage. This is called ______ the system.

a. Owning
b. Logging
c. Cracking
d. Running

A

a. Owning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Executing Applications:

  • It allows attacker to gather confidential information about victim such as email ID, passwords, banking details, chat room activity, IRC, instant messages, etc.
  • Physical ones are placed between the keyboard hardware and the operating system.
    a. Spyware
    b. Backdoors
    c. Crackers
    d. Keyloggers
A

d. Keylogger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Executing Applications:

  • Is a stealthy program that records user’s interaction with the computer and internet without the user’s knowledge and sends them to the remote attackers.
  • Hides its process, files, and other objects in order to avoid detection and removal.
    a. Spyware
    b. Backdoors
    c. Crackers
    d. Keyloggers
A

a. Spyware

17
Q

Hiding Files:

  • Programs that hide their presence as well as attacker’s malicious activities, granting them full access to the server or host at that time and also in future.
  • Replace certain operating system calls and utilities with its own modified versions of those routines that in turn undermine the security of the target system causing milicious functions to be executed.
  • A typical one comprises of backdoor programs, DDoS programs, packet sniffers, log-wiping utilities, IRC bots, etc.
    a. Backdoor
    b. Rootkit
    c. Spyware
    d. Keylogger
    e. Crackers
A

b. Rootkit

18
Q

Hiding Files:

Adds malicious code or replaces original OS kernel and device driver codes.

a. Hypervisor Level Rootkit
b. Hardware/Firmware Rootkit
c. Kernel Level Rootkit
d. Boot Loader Level Rootkit
e. Library Level Rootkit

A

c. Kernel Level Rootkit

19
Q

Hiding Files:

____ is the ability to fork data into existing files without changing or altering their functionality, size, or display to file browsing utilities.

A

Alternate Data Stream (ADS)

20
Q

Hiding Files:

-A technique of hiding a secret message within an ordinary message and extracting it at the destination to maintain confidentiality of data.

A

Steganography

21
Q

Hiding Files:

  • Is the art of discovering and rendering covert messages using steganography.
  • It detects the hidden messages embedded in images, text, audio, and video carrier mediums using steganography.
A

Staganalysis

22
Q

Covering Tracks:

Attacker uses which of the following techniques to cover tracks on the target system. (Choose 2)

a. Hiding Files
b. Steganography
c. Disable Auditing
d. Clearing Logs
e. Wiping Computer

A

c. Disable Auditing
d. Clearing Logs