QUESTIONS 26-50

Question 1

26. Whois information searches start with which organization?

Answer 1

http://www .iana.org/domains/root/db/.

Question 2

27. Why is the physical address to a company useful to hackers?

Answer 2

The Whois protocol was designed to query databases to look up and identify the registrant of a domain name. Whois information contains the name, address, and phone number of the administrative, billing, and technical contacts of the domain name. It is primarily used to verify whether a domain name is available or whether it has been registered.

Question 3

28. Why is footprinting a useful tool?

Answer 3

Footprinting can be a very powerful tool in the hands of an attacker who has the knowledge and patience to ferret out the information that is available about any entity online. But although footprinting is a powerful tool, there are some countermeasures that can lessen the impact to varying degrees. (See review for more info)

Question 4

29. What can be revealed from info gathering from a company’s Website (job posting or employee blogs)?

Answer 4

• Examine the company’s Web site
• Identify key employees
• Analyze open positions and job requests
• Assess affiliate, parent, or sister companies
• Find technologies and software used by the organization

Question 5

30. Where can newsgroups be used?

Answer 5

?

Question 6

31. What does the option –Po do for nmap?

Answer 6

(–Po= Don’t ping) -At its core, Nmap is a port scanner that has the ability to perform a number of different scan types. The scanner is freely available for several operating systems.
Nmap is a widely used security tools and a firm understanding of Nmap is considered a requirement for security professionals.

Question 7

31a.To perform an Nmap scan, at the Windows command prompt you ___.

Answer 7

type Nmap IP address, followed by the switches that are needed to perform the scan desired.
For example, to scan the host with the IP address 192.168.123.254 using a full TCP connecting scan type, enter the following at the command line:
Nmap -sT 92.168.123.254)

Question 8

31a.To perform an Nmap scan, at the Windows command prompt you ___.

Answer 8

type Nmap IP address, followed by the switches that are needed to perform the scan desired.
For example, to scan the host with the IP address 192.168.123.254 using a full TCP connecting scan type, enter the following at the command line:
Nmap -sT 92.168.123.254)

Question 9

32. What is Nessus and OpenVAS?

Answer 9

Providing an additional tool is the use of a category of software known as the vulnerability scanner. Software of this type can be used to scan a system, locate, and report back on services such as Trojans listening on the ports of a system. One of the best known scanners of this type is the tool known as Nessus.

Question 10

32a.What is OpenVAS?

Answer 10

From Internet} The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 35,000 in total (as of April 2014).
All OpenVAS products are Free Software.

Question 11

33. What does OS fingerprinting allow?

Answer 11

Once analyzed, can allow for a well-educated guess to be made about the system in place. To seek out these unique characteristics, active and passive fingerprinting can probe a system to generate a response or listen to a system’s communications for details about the OS.

Question 12

34. What type of port scan shows Windows IPC administrative shares?

Answer 12

NULL sessions are designed to facilitate connection between systems on a network to allow one system to enumerate the process and shares on another

Question 13

34a. Examples of a NULL session would include?

Answer 13

• List of users and groups
• List of machines
• List of shares
• Users and host SIDs

Question 14

35. What does NetBIOS enumeration show?

Answer 14

Enumeration represents a more aggressive step in the hacking and penetration testing process because the attacker has now started to access the system to see specifically what is available.When enumeration is performed, the process is now attempting to discover what is offered by these services for later usage in actual system hacking.

Question 15

36. What type of probe bypasses some firewalls?

Answer 15

???

Question 16

.

Answer 16

.

Question 17

37. What technology connects private and public addresses?

Answer 17

Network address translation (NaT)NAT can be used to translate between private and public addresses. Private IP addresses are those that are considered unroutable.

Question 18

38. Which technique is used to determine the network range of your target organization?

Answer 18

whois

Question 19

39. What is the name of the attack that takes a low privilege user to assume higher privileges?

Answer 19

If a lower-level account is cracked, the next step is privilege escalation: to escalate the privileges to a level at which increased access and fewer restrictions are in place such as with the administrator account.

Question 20

40. What attack does installing Netcat on a remote system provide?

Answer 20

• Placing a rootkit

* Executing a Trojan

Question 21

41. What is XSS?

Answer 21

It relies on a variation of the input validation attack, but the target is different
because the goal is to go after a user instead of the application or data.

Question 22

42. What is Brutus?

Answer 22

A password cracker that is designed to decode different password types present in Web applications.

Question 23

43. What can an insecure login [??Logon??] system provide?

Answer 23

Properly handle invalid logons and passwords.

Question 24

43. What can an insecure login [??Logon??] system provide?

Answer 24

Properly handle invalid logons and passwords.

Question 25

44. Sending queries to a database is what type of attack?

Answer 25

SQL injection attack

Question 26

45. What security feature should a session have?

Answer 26

A unique identifier, encryption, and other parameters assigned every time a new connection between client and server is created.

Question 27

45a. After a session is ended, what security feature should a session have?

Answer 27

After the session is exited, closed, or not needed, the information is discarded and not used again (or at least not used for an extended period of time),

Question 28

46. What happens on a database when users are not properly tracked?

Answer 28

Some common vulnerabilities include:
• Unused stored procedures 
• Services account privilege issues 
• Weak or poor authentication methods enabled 
• No (or limited) audit log settings

Question 29

47. What type of attack uses alert?

Answer 29

By careful analysis, an attacker can look for ways to inject malicious code into Web pages

• to gain information from session info on the browser,
• to elevated access,
• to content in the browser.

Question 30

48. Why are SQL attacks on databases a concern for organizations?

Answer 30

Essentially an SQL injection is carried out by placing special characters into existing SQL commands and modifying the behavior to achieve the attacker’s desired result.

Question 31

49. What are some defenses for databases?

Answer 31

• Learn the provided security features in the database system
• Evaluate the use of nonstandard ports
• Keep up to date
• It is as good as its foundation
• Use a firewall

Question 32

50. HTTP/1.1 200 OK SERVER: can be found by using what type of attack?

Answer 32

Telnet
Web info of server
To give banner info w/out opening a web browser