quiz 8

Question 1

In Microsoft systems, an excellent resource for finding configuration errors, missing patches, and so on is the ________________________________________.

Answer 1

Microsoft Baseline Security Analyzer
MBSA
Microsoft Baseline Security Analyzer (MBSA)

Question 2

What functions do most Trojan programs perform?

Answer 2

Most Trojan programs perform one or more of the following functions:

• Allow remote administration of the attacked system
• Create a file server on the attacked computer so files can be loaded and downloaded without the user’s knowledge
• Steal passwords from the attacked system and e-mail them to the attacker
• Log all keystrokes a user enters and e-mail the results to the attacker or store them in a hidden file the attacker can access remotely

Question 3

What is the Common Internet File System (CIFS) protocol?

Answer 3

Common Internet File System (CIFS) is a standardized protocol that replaced SMB in Windows 2000 Server and later, but to allow backward compatibility, the original SMB is still used. CIFS is a remote file system protocol that enables computers to share network Windows OS Vulnerabilities 207 resources over the Internet. In other words, files, folders, printers, and other resources can be made available to users throughout a network. For sharing to occur, there must be an infrastructure that allows placing these resources on the network and a method to control access to resources.

Question 4

To perform MBSA-style scans you can run the tool from the command line by using ____________________.exe.

Answer 4

mbsacli

Question 5

Rootkits containing Trojan binary programs ready to be installed are more dangerous than typical Trojan programs.

Answer 5

True

Question 6

To determine whether a system is vulnerable to an RPC-related issue, the best tool is ____.

Answer 6

MBSA

Question 7

The Conficker worm took advantage of a vulnerability in ____ to run arbitrary code on susceptible hosts

Answer 7

RPC

Question 8

____ is an open-source implementation of CIFS.

Answer 8

Samba

Question 9

If the LRK5 rootkit is installed on a Linux computer, entering the Trojaned ____ command allows the attacker’s processes to continue running, even though the Linux administrator thinks all processes were killed.

Answer 9

Killall

Question 10

MBSA has its origins in the ____ scanner.

Answer 10

HFNetChk

Question 11

The Trojan program called Sheepshank makes HTTP GET requests over port ____.

Answer 11

80

Question 12

Samba is as an closed-source implementation of CIFS.

Answer 12

False

Question 13

If the LRK5 rootkit is installed on a Linux computer, entering the Trojaned ____ command allows the attacker’s processes to continue running, even though the Linux administrator thinks all processes were killed.

Answer 13

Killall

Question 14

Trusted Computer Solutions____ program is used to tighten Linux system security configuration by using templates.

Answer 14

Security Blanket

Question 15

The best way to protect a network from SMB attacks is to make sure routers filter out ports 137 to 139 and ____.

Answer 15

445

Question 16

Complete instructions for MBSA are available from the MBSA Help interface or the ____ site.

Answer 16

Microsoft Security Tools Web

Question 17

Early Windows OSs communicated with each other by using ____.

Answer 17

NetBIOS

Question 18

What is the purpose of a file system?

Answer 18

The purpose of any file system, regardless of the OS, is to store and manage information. The file system organizes information that users create as well as the OS files needed to boot the system, so the file system is the most vital part of any OS. In some cases, this critical component of the OS can be a vulnerability.

Question 19

SMB stands for _________________________.

Answer 19

Server Message Block

Question 20

The MBSA can check for missing security updates.

Answer 20

True

Question 21

Red Hat and Fedora Linux use the ____ command to update and manage RPM packages.

Answer 21

yum

Question 22

Why should you review logs regularly? How should you accomplish this task?

Answer 22

You should review logs regularly for signs of intrusion or other problems on the network. Scanning through thousands of log entries is time consuming, and missing important entries is likely. A log-monitoring tool is best for this task. Several are available, depending on network needs and budget.

Question 23

What can a security tester using enumeration tools do?

Answer 23

A security tester using enumeration tools can do the following:

• Identify a computer on the network by using port scanning and zone transfers
• Identify the OS the computer is using by conducting port scanning and enumeration
• Identify via enumeration any logon accounts and passwords configured on the computer
• Learn the names of shared folders by using enumeration
• Identify services running on the computer

Question 24

What is Samba used for?

Answer 24

Samba is an open-source implementation of CIFS. With Samba, *nix servers can share resources with Windows clients, and Windows clients can access a *nix resource without realizing that the resource is on a *nix computer. For a Windows computer to be able to access a *nix resource, CIFS must be enabled on both systems. On networks that require *nix computers to access Windows resources, Samba is often used. It’s not a hacking tool; this product was designed to enable *nix computers to “trick” Windows services into believing that *nix resources are Windows resources. A *nix client can connect to a Windows shared printer and vice versa when Samba is configured on the *nix computer. Most new versions of Linux include Samba as an optional package, so you don’t need to download, install, and compile it.

Question 25

Windows Server 2003 and 2008 ____ are used to authenticate user accounts, so they contain much of the information that attackers want to access.

Answer 25

domain controllers

Question 26

What is Server Message Block (SMB) used for in Windows? Can hacking tools still damage a network using SMB?

Answer 26

In Windows, Server Message Block (SMB) is used to share files and usually runs on top of NetBIOS, NetBEUI, or TCP/IP. Several hacking tools that target SMB can still cause damage to Windows networks. Two well-known SMB hacking tools are L0phtcrack’s SMB Packet Capture utility and SMBRelay, which intercept SMB traffic and collect usernames and password hashes.

Question 27

NetBIOS over TCP/IP is called ____ in Windows Server 2003.

Answer 27

NetBT

Question 28

What should a password policy include?

Answer 28

A comprehensive password policy is critical, as a user name and password are often all that stands between an attacker and access. A password policy should include the following: - Change passwords regularly on system-level accounts - Require users to change their passwords regularly - Require a minimum password length of at least eight characters - Require complex passwords - Passwords can’t be common words, words found in the dictionary, or slang, jargon, or dialect - Passwords must not be identified with a particular user - Never write a password down or store it online or in a file on the user’s computer - Don’t hint at or reveal a password to anyone over the phone, in e-mail, or in person - Use caution when logging on to make sure no one sees you entering your password - Limit reuse of old passwords

Question 29

In Windows Server 2003 and 2008, how does a domain controller locate resources in a domain

Answer 29

In Windows Server 2003 and 2008, a domain controller uses a global catalog (GC) server to locate resources in a domain containing thousands or even millions of objects. For example, if a user wants to locate a printer with the word “color” in its description, he or she can use a GC server, which contains attributes such as the resource’s name and location and points the user to the network resource.

Question 30

You can use _____________________________________________ information when testing Linux computers for known vulnerabilities.

Answer 30

Common Vulnerabilities and Exposures CVE Common Vulnerabilities and Exposures (CVE)

Question 31

A common Linux rootkit is ____.

Answer 31

Linux Rootkit 5

Question 32

NetBIOS is not a protocol; it usually works with ____, a fast, efficient protocol that requires little configuration.

Answer 32

NetBEUI

Question 33

The MBSA can check for user account passwords that have dictionary words in them.

Answer 33

False

Question 34

In Microsoft systems, an excellent resource for finding configuration errors, missing patches, and so on is the ________________________________

Answer 34

Microsoft Baseline Security Analyzer MBSA Microsoft Baseline Security Analyzer (MBSA)

Question 35

HTTP is associated with this port

Answer 35

port 80

Question 36

LDAP is associated with this port

Answer 36

port 389

Question 37

DNS is associated with this port

Answer 37

port 53

Question 38

HTTPS is associated with this port

Answer 38

port 443

Question 39

gives an intruder a potential point of entry into a network

Answer 39

unused services

Question 40

almost useless if it isn’t updated regularly

Answer 40

antivirus software

Question 41

to harden Microsoft systems, you should disable this account

Answer 41

Guest

Question 42

to harden Microsoft systems, you should rename this account

Answer 42

Administrator

Question 43

no account should have this type of password

Answer 43

blank