Sample Questions 1 Flashcards
Hacker is a person who illegally breaks into a system or network without any authorization to destroy, steal sensitive data or to perform any malicious attacks.
Black hat hackers are:
a) Individuals with extraordinary computing skills, resorting to malicious or destructive activities and are also known as crackers
b) Individuals professing hacker skills and using them for defensive purposes and are also known as security analysts
c) Individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing 30 years in jail for their actions
d) Individuals who work both offensively and defensively at various times
a) Individuals with extraordinary computing skills, resorting to malicious or destructive activities and are also known as crackers
In order to compromise or to hack a system or network the hackers go through various phases of the hacking.
What is the first hacking phase that hackers perform to gather information about a target prior to launching an attack?
a) Reconnaissance
b) Scanning
c) Gaining Access
d) Maintaining Access
e) Clearing Track
a) Reconnaissance
Penetration testing is a method of actively evaluating the security of an information system or network by simulating an attack from a malicious source. Which of the following technique is used to simulate an attack from someone who is unfamiliar with the system?
a) Black box pen testing
b) White box pen testing
c) Grey box pen testing
d) Maintaining Access
e) Announced pen testing
a) Black box pen testing
Which of the following scanning technique attackers use to bypass firewall rules, logging mechanism, and hide themselves as usual network traffic?
a) Stealth scanning technique
b) TCP connect scanning technique
c) Xmas scanning technique
d) Maintaining Access
e) FIN scanning technique
a) Stealth scanning technique
OS fingerprinting is the method used to determine the operating system running on a remote target system. It is an important scanning method, as the attacker will have a greater probability of success if he/she knows the OS. Active stack fingerprinting is one of the types of OS fingerprinting.
Which of the following is true about active stack fingerprinting?
a) Uses password crackers to escalate system privileges
b) Is based on the fact that various vendors of OS implement the TCP stack differently
c) TCP connect scan
d) Uses sniffing techniques instead of the scanning techniques
b) Is based on the fact that various vendors of OS implement the TCP stack differently
Proxy is a network computer that can serve as an intermediary for connecting with other computers.
Which of the following sentence is true about a proxy?
a) Protects the local network from outside access
b) Does not allow the connection of a # of PCs to the Internet when having only one IP address
c) Allows attacker to view the desktop of users system
d) Cannot be used to filter out unwanted content
a) Protects the local network from outside access
Comments:
Proxy servers primarily prevent external users who identifying the IP addresses of an internal network. Without knowledge of the correct IP address, even the physical location of the network cannot be identified. Proxy servers can make a network virtually invisible to external users.When you use proxy servers to control access to the untrusted network, you gain the following advantages:
The proxy server breaks the TCP/IP connection to hide your internal network information (such as internal host names and Internet Protocol (IP) addresses).
You can set the proxy server to require user authentication before it accepts and forwards the user requests for services (TELNET only).
The proxy server provides advanced logging capabilities so that you can record access information. Proxy server logging capabilities are superior to those of the SOCKS server because the proxy server provides the URL that the user accesses.
Proxy servers help you control which services users can access. If you do not create a proxy for the service, users cannot access the service because each service must have its own proxy. (This is true as long as you do not allow access to the service through a SOCKS server or network address translation.)
IP spoofing refers to the procedure of an attacker changing his or her IP address so that he or she appears to be someone else. Which of the following IP spoofing detection technique succeed only when the attacker is in a different subnet?
a) Direct TTL probes technique
b) IP identification number technique
c) TCP flow control method
d) UDP flow control method
a) Direct TTL probes technique
Enumeration is defined as the process of extracting user names, machine names, network resources, shares, and services from a system. Which of the following enumeration an attacker uses to obtain list of computers that belongs to a domain?
a) Netbios enumeration
b) SNMP enumeration
c) NTP enumeration
d) SMTP enumeration
a) Netbios enumeration
Network Time Protocol (NTP) is designed to synchronize clocks of networked computers.
Which of the following port NTP uses as its primary means of communication?
a) UDP port 123
b) UDP port 113
c) UDP port 161
d) UDP port 320
a) UDP port 123
Rootkits are kernel programs having the ability to hide themselves and cover up traces of activities. It replaces certain operating system calls and utilities with its own modified versions of those routines. Which of the following rootkit modifies the boot sequence of the machine to load themselves instead of the original virtual machine monitor or operating system?
a) Hypervisor level rootkit
b) Kernel level rootkit
c) Boot loader level rootkit
d) Library level rootkits
a) Hypervisor level rootkit
[https://heimdalsecurity.com/blog/rootkit/](https://heimdalsecurity.com/blog/rootkit/%5C)
A virus is a self-replicating program that produces its own code by attaching copies of it into other executable codes.
Which of the following virus evade the anti-virus software by intercepting its requests to the operating system?
a) Stealth/Tunneling virus
b) Cluster virus
c) Macro virus
d) System or boot sector virus
a) Stealth/Tunneling virus
Sniffer turns the NIC of a system to the promiscuous mode so that it listens to all the data transmitted on its segment. It can constantly read all information entering the computer through the NIC by decoding the information encapsulated in the data packet. Passive sniffing is one of the types of sniffing. Passive sniffing refers to:
a) Sniffing through a hub
b) Sniffing through a router
c) Sniffing through a switch
d) Sniffing through a bridge
a) Sniffing through a hub
Address Resolution Protocol (ARP) is a protocol for mapping an IP address to a physical machine address that is recognized in the local network. ARP Spoofing involves constructing a large number of forged ARP request and reply packets to overload:
a) Switch
b) Router
c) Hub
d) Bridge
a) Switch
Denial of Service (DoS) is an attack on a computer or network that prevents legitimate use of its resources. In a DoS attack, attackers flood a victim system with non-legitimate service requests or traffic to overload its resources, which prevents it from performing intended tasks. Which of the following is a symptom of a DoS attack?
a) Unavailability of a particular website
b) Decrease in the amount of spam emails received
c) Automatic increase in network bandwidth
d) Automatic increase in network performance
a) Unavailability of a particular website
Session Hijacking refers to the exploitation of a valid computer session where an attacker takes over a session between two computers.
Which of the following factor contribute to a successful session hijacking attack?
a) Account lockout for invalid session IDs
b) Definite session expiration time
c) Weak session ID generation algorithm
d) No clear text transmission
c) Weak session ID generation algorithm
Buffer Overflow occurs when an application writes more data to a block of memory, or buffer, than the buffer is allocated to hold. Buffer overflow attacks allow an attacker to modify the ___________ in order to control the process execution, crash the process and modify internal variables.
a) Target process’s address space
b) Target remote access
c) Target rainbow table
d) Target SAM file
a) Target process’s address space
Which wireless standard has bandwidth up to 54 Mbps and signals in a regulated frequency spectrum around 5 GHz?
a) 802.11a
b) 802.11b
c) 802.11g
d) 802.11i
a) 802.11a
Which device in a wireless local area network (WLAN) determines the next network point to which a packet should be forwarded toward its destination?
a) Wireless modem
b) Antenna
c) Wireless router
d) Mobile station
c) Wireless router
Wireless antenna is an electrical device which converts electric currents into radio waves, and vice versa. Which of the following antenna used in wireless base stations and provides a 360 degree horizontal radiation pattern?
a) Omnidirectional antenna
b) Parabolic grid antenna
c) Yagi antenna
d) Dipole antenna
a) Omnidirectional antenna
Firewall is a set of related programs, located at a network gateway server that protects the resources of a private network from users from other networks. A firewall examines all traffic routed between the two networks to see if it meets certain criteria. Packet filter is one of the categories of firewall. Packet filtering firewall works at which of these layers of the OSI model?
a) Network layer
b) Physical layer
c) Session layer
d) Application layer
a) Network layer
Keystroke loggers are stealth software packages that are used to monitor keyboard activities. Which is the best location to place such keyloggers?
a) Keyboard hardware & the operating system
b) UPS and keyboard
c) Operating system and UPS
d) Monitor and keyboard software
a) Keyboard hardware & the operating system
You have invested millions of dollars for protecting your corporate network. You have the best IDS, firewall with strict rules and routers with no configuration errors. Which of the following techniques practiced by an attacker exploits human behavior to make your network vulnerable to attacks?
a) Social Engineering
b) Buffer overflow
c) Denial of Service
d) SQL injection
a) Social Engineering
Nmap is a free open source utility, which is designed to rapidly scan large networks. Identify the Nmap Scan method that is often referred to as half open scan because it does not open a full TCP connection.
a) ACK Scan
b) SYN Stealth
c) Half open
d) Windows Scan
b) SYN Stealth
As a system administrator, you are responsible for maintaining the website of your company which deals in online recharge of mobile phone cards. One day to your surprise, you find the home page of your company’s website defaced. What is the reason for webpage defacement?
a) Denial of Service attack
b) Session Hijacking
c) DNS attack through cache poisoning
d) Buffer overflow
c) DNS attack through cache poisoning
Which of the following protocols are susceptible to sniffing?
a) SNMP
b) FTP
c) NNTP
d) Telnet
d) Telnet
Which of the following cryptographic attack refers to extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or torture?
a) Ciphertext-only Attack
b) Chosen-ciphertext Attack
c) Adaptive Chosen-plaintext Attack
d) Rubber Hose Attack
d) Rubber Hose Attack
Firewall implementation and design for an enterprise can be a daunting task. Choices made early in the design process can have far-reaching security implications for years to come. Which of the following firewall architecture is designed to host servers that offer public services?
a) Bastion Host
b) Screened subnet
c) Screened host
d) Screened
b) Screened subnet
Attackers craft malicious probe packets and scan for services such as HTTP over SSL (HTTPS), SMTP over SSL (SMTPS) and IMAP over SSL (IMAPS) to detect honeypots in a network. Which of the following condition shows the presence of a honeypot?
a) Ports show a particular service running but deny a three-way handshake connection
b) Ports show a particular service running and allow a three-way handshake connection
c) Ports do not show any particular service running
d) Scan shows that no scanned port is live on the NW
a) Ports show a particular service running but deny a three-way handshake connection
Identify the denial-of-service attack that is carried out using a method known as “bricking a system.” Unlike other DoS attacks, it sabotages the system hardware, requiring the victim to replace or reinstall the hardware.
a) ICMP Flood Attack
b) Application Level Flood Attacks
c) Phlashing
d) Bandwidth Attacks
c) Phlashing
Which of the following Wi-Fi chalking method refers to drawing symbols in public places to advertise open Wi-Fi networks?
a) WarWalking
b) WarFlying
c) WarChalking
d) WarDriving
c) WarChalking
Bluetooth hacking refers to exploitation of Bluetooth stack implementation vulnerabilities to compromise sensitive data in Bluetooth-enabled devices and networks. Which of the following Bluetooth attack refers to sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as PDA and mobile phones?
a) Bluesmacking
b) Bluejacking
c) Blue Snarfing
d) BlueSniff
b) Bluejacking
Enumeration is defined as the process of extracting user names, machine names, network resources, shares, and services from a system. Which of the following command can be used in UNIX environment to enumerate the shared directories on a machine?
a) showmount
b) finger
c) rpcinfo
d) rpcclient
a) showmount
CAM table in switch stores information such as MAC addresses available on physical ports with their associated VLAN parameters. What happens when the CAM table is full?
a) Additional ARP request traffic will not be forwarded to any port on the switch
b) The switch will stop functioning and get disconnected from network
c) Additional ARP request traffic will flood every port on the switch
d) It does not affect the switch functioning
c) Additional ARP request traffic will flood every port on the switch
Identify the web application attack where attackers exploit webpage vulnerabilities to force an unsuspecting user’s browser to send malicious requests they did not intend. The victim holds an active session with a trusted site and simultaneously visits a malicious site, which injects an HTTP request for the trusted site into the victim user’s session, compromising its integrity
a) Cross-Site Scripting (XSS)
b) Cross-Site Request Forgery (CSRF)
c) LDAP Injection attack
d) SQL injection attack
b) Cross-Site Request Forgery (CSRF)
Jason, a penetration tester, is testing a web application that he knows is vulnerable to an SQL injection but the results of the injection are not visible to him. He tried waitfor delay command to check the SQL execution status which confirmed the presence of the SQL injection vulnerability. Which type of SQL injection Jason is attempting on the web application?
a) Blind SQL injection
b) Error-based SQL injection
c) UNION SQL Injection
d) Simple SQL Injection
a) Blind SQL injection
Consider the attack scenario given below:
Step 1: User browses a web page
Step 2: Web server replies with requested page and sets a cookie on the user’s browser
Step 3: Attacker steals cookie (Sniffing, XSS, phishing attack)
Step 4: Attacker orders for product using modified cookie
Step 5: Product is delivered to attacker’s address
Identify the web application attack.
a) Session fixation attack
b) Unvalidated redirects attack
c) Cookie poisoning attack
d) Denial-of-Service (DoS) attack
c) Cookie poisoning attack
Which of the following countermeasure can specifically protect against both the MAC Flood and MAC Spoofing attacks?
A. Configure Port Security on the switch
B. Configure Port Recon on the switch
C. Configure Switch Mapping
D. Configure Multiple Recognition on the switch
A. Configure Port Security on the switch
This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments & the IDS will not spot the true nature of the fully assembled datagram. The datagram is not reassembled until it reaches its final destination. It would be a processor-intensive task for IDS to reassemble all fragments itself, and on a busy system the packet will slip through the IDS onto the network. What is this technique called?
A. IP Routing or Packet Dropping
B. IDS Spoofing or Session Assembly
C. IP Fragmentation or Session Splicing
D. IP Splicing or Packet Reassembly
C. IP Fragmentation or Session Splicing
If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of
business, they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they will be in the organization. How would you prevent such type of attacks?
A. It is impossible to block these attacks
B. Hire the people through third-party job agencies who will vet them for you
C. Conduct thorough background checks before you engage them
D. Investigate their social networking profiles
C. Conduct thorough background checks before you engage them
This type of Port Scanning technique splits TCP header into several packets so that the packet filters are not able to detect what the packets intends to do.
A. UDP Scanning
B. IP Fragment Scanning
C. Inverse TCP flag scanning
D. ACK flag scanning
B. IP Fragment Scanning
Joel and her team have been going through tons of garbage, recycled paper, and other rubbish in order to find some information about the target they are attempting to penetrate. How would you call this type of activity?
A. Dumpster Diving
B. Scanning
C. CI Gathering
D. Garbage Scooping
A. Dumpster Diving
Jack Hacker wants to break into Brown Co.’s computers and obtain their secret double fudge cookie recipe. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co. Jack tells Jane that there has been a problem with some accounts and asks her to verify her password with him ‘‘just to double check our records.’’ Jane does not suspect anything amiss, and parts with her password. Jack can now access Brown Co.’s computers with a valid user name & password, to steal the cookie recipe. What kind of attack is being illustrated here?
A. Reverse Psychology
B. Reverse Engineering
C. Social Engineering
D. Spoofing Identity
E. Faking Identity
C. Social Engineering
How do you defend against ARP Spoofing? Select three.
A. Use ARPWALL system and block ARP spoofing attacks
B. Tune IDS Sensors to look for large amount of ARP traffic on local subnets
C. Use private VLANS
D. Place static ARP entries on servers,workstation and routers
A. Use ARPWALL system and block ARP spoofing attacks
C. Use private VLANS
D. Place static ARP entries on servers,workstation and routers
TCP SYN Flood attack uses the three-way handshake mechanism.
1. An attacker at system A sends a SYN packet to victim at system B.
2. System B sends a SYN/ACK packet to victim A.
3. As a normal three-way handshake mechanism system A should send an ACK packet to system B, however, system A does not send an ACK packet to system B. In this case client B is waiting for an ACK packet from client A.
This status of client B is called _________________
A. “half-closed”
B. “half open”
C. “full-open”
D. “xmas-open”
B. “half open”
SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake and opens a large number of half-open TCP connections. The signature of attack for SYN Flood contains:
A. The source and destination address having the same value
B. A large number of SYN packets appearing on a network without the corresponding reply packets
C. The source and destination port numbers having the same value
D. A large number of SYN packets appearing on a network with the corresponding reply packets
B. A large number of SYN packets appearing on a network without the corresponding reply packets
Which of the following type of scanning utilizes automated process of proactively identifying vulnerabilities of the computing systems present on a network?
A. Port Scanning
B. Single Scanning
C. External Scanning
D. Vulnerability Scanning
D. Vulnerability Scanning
What are the limitations of Vulnerability scanners? (Select 2)
A. There are often better at detecting well-known vulnerabilities than more esoteric ones
B. The scanning speed of their scanners are extremely high
C. It is impossible for any one scanning product to incorporate all known vulnerabilities in a timely manner
D. The more vulnerabilities detected, the more tests required
E. They are highly expensive and require per host scan license
A. There are often better at detecting well-known vulnerabilities than more esoteric ones
C. It is impossible for any one scanning product to incorporate all known vulnerabilities in a timely manner
Dan is conducting penetration testing and has found a vulnerability in a Web App which gave him the sessionID token via a XSS vulnerability. Dan wants to replay this token. However, the sessionID manager checks the originating IP address as well. Dan decides to spoof his IP address in order to replay the sessionID. Why do you think Dan might not be able to get an interactive session?
A. Dan cannot spoof his IP address over TCP network
B. The scenario is incorrect as Dan can spoof his IP and get responses
C. The server will send replies back to the spoofed IP address
D. Dan can establish an interactive session only if he uses a NAT
C. The server will send replies back to the spoofed IP address
An attacker finds a web page for a target organization that supplies contact info for the company. Using available details to make the message seem authentic, the attacker drafts e-mail to an employee on the contact page that appears to come from an individual who might reasonably request confidential info, such as a NW admin. The email asks the employee to log into a bogus page that requests the employee’s user name & password or click on a link that will download spyware or other malicious programming. Google’s Gmail was hacked using this technique & attackers stole source code and sensitive data from Google servers. This is highly sophisticated attack using zero-day exploit vectors, social engineering and malware websites that focused on targeted individuals working for the company. What is this deadly attack called?
A. Spear phishing attack
B. Trojan server attack
C. Javelin attack
D. Social networking attack
A. Spear phishing attack
Vulnerability scanners are automated tools that are used to identify vulnerabilities and misconfigurations of hosts. They also provide information regarding mitigating discovered vulnerabilities. Which of the following statements is incorrect?
A. Vulnerability scanners attempt to identify vulnerabilities in the hosts scanned.
B. Vulnerability scanners can help identify out-of-date software versions, missing patches, or system upgrades
C. They can validate compliance with or deviations from the organization’s security policy
D. Vulnerability scanners can identify weakness and automatically fix and patch the vulnerabilities without user intervention
D. Vulnerability scanners can identify weakness and automatically fix and patch the vulnerabilities without user intervention
How does traceroute map the route a packet travels from point A to point B?
A. Uses a TCP timestamp packet that will elicit a time exceeded in transit message
B. Manipulates the value of the time to live (TTL) within packet to elicit a time exceeded in transit message
C. Uses a protocol that will be rejected by gateways on its way to the destination
D. Manipulates the flags within packets to force gateways into generating error messages
B. Manipulates the value of the time to live (TTL) within packet to elicit a time exceeded in transit message
How do you defend against DHCP Starvation attack?
A. Enable ARP-Block on the switch
B. Enable DHCP snooping on the switch
C. Configure DHCP-BLOCK to 1 on the switch
D. Install DHCP filters on the switch to block this attack
B. Enable DHCP snooping on the switch
Jayden is a network administrator for her company. Jayden wants to prevent MAC spoofing on all the Cisco switches in the network. How can she accomplish this?
A. Jayden can use the command ip binding set.
B. Jayden can use the command no ip spoofing.
C. She should use the command no dhcp spoofing.
D. She can use the command ip dhcp snooping binding.
D. She can use the command ip dhcp snooping binding.
This attack uses social engineering techniques to trick users into accessing a fake Web site and divulging personal information. Attackers send a legitimate-looking e-mail asking users to update their information on the company’s Web site, but the URLs in the e-mail actually point to a false Web site.
A. Wiresharp attack
B. Switch and bait attack
C. Phishing attack
D. Man-in-the-Middle attack
C. Phishing attack