Questions Flashcards
What type of packets are used in linux traceroute?
UDP
What effect does setting the ResrictAnonymous registry setting to 1 have on a Windows NT or 2000 system?
Prevents the enumaration of SAM accounts and names from malicious hacker
The RestrictAnonymous registry setting controls the level of enumeration granted to an anonymous user. If RestrictAnonymous is set to 0 (that is, the default setting), any user can obtain system information, including: user names and details, account policies, and share names. Anonymous users can use this information in an attack against your system. The list of user names and share names could help potential attackers identify who is an administrator, which computers have weak account protection, and which computers share information with the network.
What is the default VLAN on most switches?
1
What is the function of of the /etc/ftpusers file on a Unix FTP server?
Lists user that are not permitted on an FTP server
Ports associated with IPSEC
UDP port 500, IP protocol 50 and 51
The register_globals settings in php.ini are what?
Security risk if enabled and should be avoided
When on, register_globals will inject your scripts with all sorts of variables, like request variables from HTML forms. This coupled with the fact that PHP doesn’t require variable initialization means writing insecure code is that much easier.
The UK Government protective marking levels are, from the lowest to highest protection
NPM, Protected,Restricted,Confidential,Secret,Top Secret
Which of the following protocols provides confidentiality and integrity and is not vulnerable to mitm
SSHv2
MongoDB
Classified as a NoSQL database program, MongoDB uses JSON-like documents with optional schemas.
Privilege Ports
0-1023 inclusive
What is the main function of ISAPI?
Collection of Window Based web server services
ISAPI stands for Internet Server Application Programming Interface registered at either site or global level.ISAPI filters are the set of program/DLL files that are registered with IIS to modify the behavior of a Web Server.ISAPI filter manage paths and filters both incoming and outgoing streams of data until they find one they need to process
Why might a pen tester look for all files that have the mode bit 4000 set?
SUID files
Which Algorithm could be used to negotiate shared encryption?
AES
What command would you use to list the installed packages on a Redhat or Fedora system?
rpm -qa
What command would you use to display the version number of a Microsoft SQL Server database if you are connected with a command-line client?
display version;
How would you establish a null session to a Windows host from a Windows command shell?
NET USE \hostname\ipc$ “” /u:””
Question 32: Correct
Which of these methods is the best way to determine if a remote host is running an X Window server that allows remote connections from the local host?
xdpyinfo -display remotehost:0.0
A webserver return “Server: Microsoft-IIs/5.0” in the HTTP headers. What O/S is it probably using?
Windows Server 2000
What is the purpose and legal reason for obtaining written permission before commencing a pen test?
Computer Misuse Act (CMA) says it is lawful to do so and if not done may be a breach
Written permission must be obtained before any pentest is conducted this is known as the authorisation form that is discussed during the scoping call. Failing to do may result in breaching the Computer Misuse Act (CMA)
Which of these standards defines the structure of a digital certificate?
x.509
What is the significance of the string “SEP” in the configuration filename of a Cisco IP Phone?
Selsuis Ethernet phone (original name for the CISCO IP Phone
Which two routing protocols do not support Classless Inter-Domain Routing?
IGRP + RIP
What does “export” signify for an SSL Cipher?
Weak Cipher which was acceptable for export under old US cryptography export regulations
Which string in a NetBios name indicates that the specified host is a Master Browser?
MSBROWSE
A web server returns “server: Microsoft-IIs/6.0” in the HTTP header. What operating system is it probably using?
Windows Server 2003
IIS
IIS version Built-in
- 0 Windows 2000
- 1 Windows XP Pro
- 0 Windows Server 2003
- 0 Windows Vista and Windows Server 2008
- 5 Windows 7 and Windows Server 2008 R2
- 0 Windows 8 and Windows Server 2012
Which of these techniques is commonly implemented in modern C compilers to prevent buffer overflow exploitation?
Canary Values
What is the default password for the SYS user in reference to an Oracle 9i system?
CHANGE_ON_INSTALL
Command used to preform DNS Zone Transfer
dig @test.example.com example.com axfr
Query name server for DNS zone file that relate to a network black
dig @relay.example.com 130.80.198.in-addr.arpa axfr
Which command will retrieve the version number from default installation of the BIND Name server
dig @nameserver version.bind txt chaos
DHCP Messages
DHCPDISCOVER DHCPOFFER DHCPREQUEST DHCPACK DHCPNAK DHCPDECLINE DHCPRELEASE DHCPINFORM
Microsoft PPTP
Point to Point Tunnelling Protocol uses TCP 1723 to negotiate and establish connection and IP procotol 47 GRE for data communication
SIP
INVITE ACK BYE CANCEL REGISTER OPTIONS
What are SIP and RTP protocols used for in VoIP pick the most relevant answer
SIP is used for setting up and closing down calls, TRP is used for audio data
ONC/RPC Services
NTP,NFS,NETBIOS,NNTP
Which Scan would be most likely to discover a firewall that blocks all traffic to itself from the interface connected to the network you are scanning from ?
Arp Scan
What would you expect the finger 0@hostname against a solaris 8 system to display?
Users with empty GCOS field in the password file
Older versions of Solaris that run the finger daemon are affected by enumeration bugs. For example, you can run the command finger 0@host and it will enumerate all users with an empty GCOS field in the password file. Furthermore you can run finger ‘a b c d e f g h’@host and it will enumerate all users on the remote target.
Which of the following techniques can be used to prevent man in the middle attacks
Authenticating the server
What is the maximum length of SSID
32 bytes
On Unix system, what is the effect of the execute bit on a directory
It allows the directory to be traversed
Digest Length for a SHA-1 Hash Function
160 bits
Sys user default password on Oracle
There is no Default
EAP
Extensible Authentication Protocol
REST (web applcations)
Representational State Transfer
IP Option
Record Route
Ethernet Multicast MAC address
01:00:0c:cc:cc:cc
Length of the IV for a WEP Key
24 bits
Tool used for passive TCP/IP finger printing
p0f
What RPC authentication mechanism does NFSv2 and v3 USE
AUTH_SYS, using UID and GID
OSPF
Open Shortest Path First
CRLF
Carriage Return / Line Feed”
Which UDP port does RWHO use
513
Which SQL server version was the SQL Server Resolution Service introduced ?
MS SQL Server 2000
LDAP command injection characters
()&|=*`
What version of SQL did CVE 2003 0780 impact ?
4.0.15
Netbios Datagram service
138
400 HTTP codes
400 Bad Request 401 Unauthorized 402 Payment required 403 Forbidden 404 Not Found
Which PHP version did the chunk_split() overflow function affect ?
PHP 5 before 5.2.3 and PHP 4 before 4.4.8
DoS
Where is SAM file located ?
C:\WINDOWS\system32\config
Size of MAC address
48 bit
Size of IPv4
32-bit
Terminal services port ?
3389
Port 5423
PostGres
DES Key size ?
56 bits
HTTP code indicates Bad Request ?
400
ASP
Active Server Pages
