Quiz 4

Question 1

\_\_\_\_ is a Web tool used to gather IP and domain information. It is available for both UNIX and Window OSs.
Answer    
Samba 
   Bugnosis 
   SamSpade 
   FOCA

Answer 1

SamSpade

Question 2

What is “competitive intelligence”?

Answer 2

If you want to open a piano studio to compete against another studio that has been in your neighborhood for many years, getting as much information as possible about your competitor is wise. How could you know the studio was successful without being privy to its bank statements? First, many businesses fail after the first year, so the studio being around for years is a testament to the owner doing something right. Second, you can simply park your car across the street from the studio and count the students to get a good idea of the number of clients. You can easily find out the cost of lessons by calling the studio or looking for ads in newspapers, flyers, telephone books, billboards, and so on. Numerous resources are available to help you discover as much as is legally possible about your competition. Business people have been doing this for years. Now this information gathering, called competitive intelligence, is done on an even higher level through technology. As a security professional, you should be able to explain to the company that hired you all the methods competitors use to gather information. To limit the amount of information a company makes public, you should have a good understanding of what a competitor would do to discover confidential information.

Question 3

The HTTP \_\_\_\_ method retrieves data by URI.
Answer    
GET 
   PUT 
   POST 
   HEAD

Answer 3

PUT

Question 4

To limit the amount of information a company makes public, you should have a good understanding of what a competitor would do to discover confidential information.

Answer 4

True

Question 5

\_\_\_\_ is a Web tool used to gather IP and domain information. It is available for both UNIX and Window OSs.
Answer  
 Samba 
   Bugnosis 
   SamSpade 
   FOCA

Answer 5

SamSpade

Question 6

How can a computer criminal use HTTP methods before running an exploit on a server?

Answer 6

If you know HTTP methods, you can send a request to a Web server and, from the generated output, determine what OS the Web server is using. You can also find other information that could be used in an attack. After you determine which OS version a company is running, you can search for any exploits that might be used against that network’s systems.

Question 7

\_\_\_\_ is a tool that is used to perform DNS zone transfers.
Answer   
 Whois 
   Netcat 
   Metis 
   Dig

Answer 7

Dig

Question 8

Why is ATM shoulder surfing much easier than computer shoulder surfing?

Answer 8

ATM theft is much easier than computer shoulder surfing because a keypad has fewer characters to memorize than a computer keyboard. If the person throws away the receipt in a trash can near the ATM, the shoulder surfer can match the PIN with an account number and then create a fake ATM card. Often shoulder surfers use binoculars or high-powered telescopes to observe PINS being entered, making it difficult to protect against this attack.

Question 9

Some cookies can cause security issues because unscrupulous people might store personal information in cookies that can be used to attack a computer or server.

Answer 9

True

Question 10

\_\_\_\_ enable you to see all the host computers on a network. In other words, they give you an organization’s network diagram.
Answer   
 Web bugs 
   Footprints 
   Zone transfers 
   Namedroppers

Answer 10

Zone transfers

Question 11

The HTTP CONNECT method starts a remote application-layer loopback of the request message.

Answer 11

False

Question 12

Network attacks often begin by gathering information from a company’s Web site.

Answer 12

True

Question 13

The HTTP \_\_\_\_ method is the same as the GET method, but retrieves only the header information of an HTML document, not the document body.
Answer   
 CONNECT 
   PUT 
   POST 
   HEAD

Answer 13

HEAD

Question 14

In computer jargon, the process of finding information on a company’s network is called ____________________.

Answer 14

footprinting

Question 15

List at least five tools available for footprinting.

Answer 15

The following tools can be used for footprinting: Google groups, Whois, SamSpade, Web Data Extractor, FOCA, Necrosoft NS Scan, Google search engine, Namedroppers, White Pages, Metis, Dig, Netcat, Wget, Paros, and Maltego.

Question 16

As a security tester, should you use social-engineering tactics?

Answer 16

As a security tester, you should never use social-engineering tactics unless the person who hired you gives you permission in writing. You should also confirm on which employees you’re allowed to perform social-engineering tests, and document the tests you conduct. Your documentation should include the responses you received, and all test results should, of course, be confidential.

Question 17

What is the purpose of a Web bug? How do they relate to or differ from spyware?

Answer 17

A Web bug is a 1-pixel x 1-pixel image file referenced in an <img></img> tag, and it usually works with a cookie. Its purpose is similar to that of spyware and adware: to get information about the person visiting the Web site. Web bugs are not from the same Web site as the Web page creator. They come from third-party companies specializing in data collection. Security professionals need to be aware of cookies and Web bugs to keep these information-gathering tools off company computers.

Question 18

To help prevent \_\_\_\_ attacks, you must educate your users not to type logon names and passwords when someone is standing directly behind them—or even standing nearby.
Answer    
shoulder-surfing 
   footprinting 
   piggybacking 
   social engineering

Answer 18

shoulder-surfing

Question 19

How can computer criminals use the Whois utility for their purposes?

Answer 19

The Whois utility is a commonly used tool for gathering IP address and domain information. With just a company’s Web address, you can discover a tremendous amount of information. Unfortunately, attackers can also make use of this information. Often companies don’t realize that they’re publishing information on the Web that computer criminals can use. The Whois utility gives you information on a company’s IP addresses and any other domains the company might be part of.

Question 20

To see additional parameters that can be used with the \_\_\_\_ command, you can type nc -h at the command prompt.
Answer  
  Nslookup 
   Namedroppers 
   Netcat 
   Whois

Answer 20

Netcat

Question 21

The HTTP ____________________ method is used with a proxy that can dynamically switch to a tunnel connection, such as Secure Socket Layer (SSL).

Answer 21

CONNECT

Question 22

\_\_\_\_ can be used to read PINs entered at ATMs or to detect long-distance authorization codes that callers dial.
Answer    
Shoulder surfing 
   Footprinting 
   Zone transferring 
   Social engineering

Answer 22

Shoulder surfing

Question 23

With commands such as \_\_\_\_, you can perform zone transfers of all DNS records.
Answer  
  Dig 
   Whois 
   DNS 
   Netcat

Answer 23

Dig

Question 24

\_\_\_\_ is a tool that is used to gather IP and domain information.
Answer    
Whois 
   Netcat 
   Metis 
   Dig

Answer 24

Whois

Question 25

\_\_\_\_ is the most basic HTTP method.
Answer 
   GET 
   PUT 
   CONNECT 
   HEAD

Answer 25

GET

Question 26

The HTTP \_\_\_\_ method requests that the entity be stored under the Request-URI.
Answer   
 GET 
   PUT 
   POST 
   HEAD

Answer 26

PUT

Question 27

A(n) ____________________ is a text file generated by a Web server and stored on a user’s browser.

Answer 27

cookie

Question 28

The HTTP \_\_\_\_ allows data to be sent to a Web server.
Answer   
 GET 
   PUT 
   POST 
   HEAD

Answer 28

POST

Question 29

The HTTP \_\_\_\_ method retrieves data by URI.
Answer    
GET 
   PUT 
   POST 
   HEAD

Answer 29

GET

Question 30

Wget is a tool that can be used to retrieve HTTP, HTTPS, and FTP files over the Internet.

Answer 30

True

Question 31

A(n) \_\_\_\_ is a 1-pixel x 1-pixel image file referenced in an <img> tag, and it usually works with a cookie.
Answer    
image bug 
   zone transfer 
   Bugnosis detector 
   Web bug

Answer 31

Web bug

Question 32

A(n) ____________________ is a person skilled at reading what users enter on their keyboards, especially logon names and passwords.

Answer 32

shoulder surfer

Question 33

The \_\_\_\_ tool can generate a report that can show an attacker how a Web site is structured and lists Web pages that can be investigated for further information.
Answer 
   Netcat 
   Paros 
   Dig 
   Whois

Answer 33

Paros

Question 34

How can DNS be used for footprinting?

Answer 34

DNS uses name servers to resolve names. After you determine what name server a company is using, you can attempt to transfer all the records for which the DNS server is responsible. This process, called a zone transfer, can be done with the Dig command.

To determine a company’s primary DNS server, you can look for a DNS server containing a Start of Authority (SOA) record. An SOA record shows which zones or IP addresses the DNS server is responsible. After you determine the primary DNS server, you can perform another zone transfer to see all host computers on the company network. In other words, the zone transfer give you an organization’s network diagram. You can use this information to attack other servers or computers that are part of the network infrastructure.

Question 35

\_\_\_\_ can be used to gather information useful for computer criminals, like company phone directories, financial reports, interoffice memos, resumes of employees, etc.
Answer   
 Shoulder surfing 
   Footprinting 
   Piggybacking 
   Dumpster diving

Answer 35

Dumpster diving

Question 36

\_\_\_\_ is trailing closely behind an employee who has access to an area without the person realizing that you didn’t use a PIN or a security badge to enter the area.
Answer   
 Shoulder surfing 
   Footprinting 
   Piggybacking 
   Dumpster diving

Answer 36

Piggybacking

Question 37

What type of information is usually gathered by social engineering?

Answer 37

Social engineering means using a knowledge of human nature to get information from people. In computer attacks, the information is usually a password to a network or other information an attacker could use to compromise a network. A salesperson can get personal information about customers, such as income, hobbies, social life, drinking habits, music preferences, and the like, just by asking the customer the right questions. A salesperson uses charm and sometimes guile to relax customers. In a sense, a salesperson attempts to bond with customers by pretending to be empathetic with them. After leaving the store, customers might regret some of the information they freely gave, but if the salesperson was personable, they might not think twice about the personal information the salesperson elicited. Social engineers might also use persuasion tactics, intimidation, coercion, extortion, and even blackmail to gather the information they need. They are probably the biggest security threat to networks and the most difficult to protect against.

Question 38

Namedroppers is a tool that can be used to capture Web server information and possible vulnerabilities in a Web site’s pages that could allow exploits such as SQL injection and buffer overflows.

Answer 38

False

Question 39

What is “competitive intelligence”?

Answer 39

If you want to open a piano studio to compete against another studio that has been in your neighborhood for many years, getting as much information as possible about your competitor is wise. How could you know the studio was successful without being privy to its bank statements? First, many businesses fail after the first year, so the studio being around for years is a testament to the owner doing something right. Second, you can simply park your car across the street from the studio and count the students to get a good idea of the number of clients. You can easily find out the cost of lessons by calling the studio or looking for ads in newspapers, flyers, telephone books, billboards, and so on. Numerous resources are available to help you discover as much as is legally possible about your competition. Business people have been doing this for years. Now this information gathering, called competitive intelligence, is done on an even higher level through technology. As a security professional, you should be able to explain to the company that hired you all the methods competitors use to gather information. To limit the amount of information a company makes public, you should have a good understanding of what a competitor would do to discover confidential information.

Question 40

The ____________________ utility gives you information on a company’s IP addresses and any other domains the company might be part of.

Answer 40

Whois

Question 41

\_\_\_\_ means using a knowledge of human nature to get information from people.
Answer    
Fingerprinting 
   Footprinting 
   Zone transferring 
   Social engineering

Answer 41

Social engineering

Question 42

List the five techniques used by social engineers in their attempts to gain information from unsuspecting people.

Answer 42

• Urgency
• Quid pro quo
• Status quo
• Kindness
• Position

Question 43

Elaborate on the following statement: “The most difficult job of a security professional is preventing social engineers from getting crucial information from company employees.”

Answer 43

No matter how thorough a security policy is or how much money is spent on firewalls and intrusion detection systems (IDSs), employees are still the weakest link in an organization. Attackers know this fact and use it. Employees must be trained and tested periodically on security practices. Just as fire drills help prepare people to evacuate during a fire, random security drills can improve a company’s security practices. For example, randomly selecting and testing employees each month to see whether they would give their passwords to someone within or outside the organization is a good way to see if your security memos are being read and followed.

Question 44

\_\_\_\_ is a tool that is used to gather competitive intelligence from Web sites.
Answer  
  Whois 
   Netcat 
   Metis 
   Dig

Answer 44

Metis

Question 45

define HTTP 400 Bad Request

Answer 45

Request not understood by server

Question 46

define HTTP 405 Method Not Allowed

Answer 46

Request not allowed for the resource

Question 47

define HTTP 408 Request Timeout

Answer 47

Request not made by client in allotted time

Question 48

define HTTP 403 Forbidden

Answer 48

Server understands request but refuses to comply

Question 49

define HTTP 404 Not Found

Answer 49

Unable to match request

Question 50

define HTTP 500 Internal Server Error

Answer 50

Request could not be fulfilled by server

Question 51

define HTTP 503 Service Unavailable

Answer 51

Server is unavailable due to maintenance or overload

Question 52

define HTTP 502 Bad Gateway

Answer 52

Server received invalid response from upstream server

Question 53

define HTTP 504 Gateway Timeout

Answer 53

Server did not receive a timely response