QUESTIONS 26-50 Flashcards

1
Q
  1. Whois information searches start with which organization?
A

http://www .iana.org/domains/root/db/.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Why is the physical address to a company useful to hackers?
A

The Whois protocol was designed to query databases to look up and identify the registrant of a domain name. Whois information contains the name, address, and phone number of the administrative, billing, and technical contacts of the domain name. It is primarily used to verify whether a domain name is available or whether it has been registered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Why is footprinting a useful tool?
A

Footprinting can be a very powerful tool in the hands of an attacker who has the knowledge and patience to ferret out the information that is available about any entity online. But although footprinting is a powerful tool, there are some countermeasures that can lessen the impact to varying degrees. (See review for more info)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. What can be revealed from info gathering from a company’s Website (job posting or employee blogs)?
A
  • Examine the company’s Web site
  • Identify key employees
  • Analyze open positions and job requests
  • Assess affiliate, parent, or sister companies
  • Find technologies and software used by the organization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Where can newsgroups be used?
A

?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. What does the option –Po do for nmap?
A

(–Po= Don’t ping) -At its core, Nmap is a port scanner that has the ability to perform a number of different scan types. The scanner is freely available for several operating systems.
Nmap is a widely used security tools and a firm understanding of Nmap is considered a requirement for security professionals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

31a.To perform an Nmap scan, at the Windows command prompt you ___.

A

type Nmap IP address, followed by the switches that are needed to perform the scan desired.
For example, to scan the host with the IP address 192.168.123.254 using a full TCP connecting scan type, enter the following at the command line:
Nmap -sT 92.168.123.254)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

31a.To perform an Nmap scan, at the Windows command prompt you ___.

A

type Nmap IP address, followed by the switches that are needed to perform the scan desired.
For example, to scan the host with the IP address 192.168.123.254 using a full TCP connecting scan type, enter the following at the command line:
Nmap -sT 92.168.123.254)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. What is Nessus and OpenVAS?
A

Providing an additional tool is the use of a category of software known as the vulnerability scanner. Software of this type can be used to scan a system, locate, and report back on services such as Trojans listening on the ports of a system. One of the best known scanners of this type is the tool known as Nessus.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

32a.What is OpenVAS?

A

From Internet} The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 35,000 in total (as of April 2014).
All OpenVAS products are Free Software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. What does OS fingerprinting allow?
A

Once analyzed, can allow for a well-educated guess to be made about the system in place. To seek out these unique characteristics, active and passive fingerprinting can probe a system to generate a response or listen to a system’s communications for details about the OS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. What type of port scan shows Windows IPC administrative shares?
A

NULL sessions are designed to facilitate connection between systems on a network to allow one system to enumerate the process and shares on another

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

34a. Examples of a NULL session would include?

A
  • List of users and groups
  • List of machines
  • List of shares
  • Users and host SIDs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. What does NetBIOS enumeration show?
A

Enumeration represents a more aggressive step in the hacking and penetration testing process because the attacker has now started to access the system to see specifically what is available.When enumeration is performed, the process is now attempting to discover what is offered by these services for later usage in actual system hacking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. What type of probe bypasses some firewalls?
A

???

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

.

A

.

17
Q
  1. What technology connects private and public addresses?
A

Network address translation (NaT)NAT can be used to translate between private and public addresses. Private IP addresses are those that are considered unroutable.

18
Q
  1. Which technique is used to determine the network range of your target organization?
A

whois

19
Q
  1. What is the name of the attack that takes a low privilege user to assume higher privileges?
A

If a lower-level account is cracked, the next step is privilege escalation: to escalate the privileges to a level at which increased access and fewer restrictions are in place such as with the administrator account.

20
Q
  1. What attack does installing Netcat on a remote system provide?
A
  • Placing a rootkit

* Executing a Trojan

21
Q
  1. What is XSS?
A

It relies on a variation of the input validation attack, but the target is different
because the goal is to go after a user instead of the application or data.

22
Q
  1. What is Brutus?
A

A password cracker that is designed to decode different password types present in Web applications.

23
Q
  1. What can an insecure login [??Logon??] system provide?
A

Properly handle invalid logons and passwords.

24
Q
  1. What can an insecure login [??Logon??] system provide?
A

Properly handle invalid logons and passwords.

25
Q
  1. Sending queries to a database is what type of attack?
A

SQL injection attack

26
Q
  1. What security feature should a session have?
A

A unique identifier, encryption, and other parameters assigned every time a new connection between client and server is created.

27
Q

45a. After a session is ended, what security feature should a session have?

A

After the session is exited, closed, or not needed, the information is discarded and not used again (or at least not used for an extended period of time),

28
Q
  1. What happens on a database when users are not properly tracked?
A
Some common vulnerabilities include:
• Unused stored procedures 
• Services account privilege issues 
• Weak or poor authentication methods enabled 
• No (or limited) audit log settings
29
Q
  1. What type of attack uses alert?
A

By careful analysis, an attacker can look for ways to inject malicious code into Web pages

  • to gain information from session info on the browser,
  • to elevated access,
  • to content in the browser.
30
Q
  1. Why are SQL attacks on databases a concern for organizations?
A

Essentially an SQL injection is carried out by placing special characters into existing SQL commands and modifying the behavior to achieve the attacker’s desired result.

31
Q
  1. What are some defenses for databases?
A
  • Learn the provided security features in the database system
  • Evaluate the use of nonstandard ports
  • Keep up to date
  • It is as good as its foundation
  • Use a firewall
32
Q
  1. HTTP/1.1 200 OK SERVER: can be found by using what type of attack?
A

Telnet
Web info of server
To give banner info w/out opening a web browser