Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CYBR 644 Midterm
Midterm
| Question | Answer |
|---|---|
| An IPv4 address looks like? | 10.2.12.180 |
| An IPv6 address looks like? | 2001:0db8:85a3:0000:0000:8a2e:0370:7334 |
| What is the RFC that declares reserved IPv4 addresses? | RFC 1918 Reservations |
| What is the IP of the localhost or loopback adapter in IPv4 format? | 127.0.0.1 |
| What is the link local address in IPv4 format? | 169.254.0.0/16 or 169.254.0.0 – 169.254.255.255 |
| How many potential IP addresses are available in a class A network? | 16,777,214 |
| How many potential IP addresses are available in a class B network? | 65,534 |
| How many potential IP addresses are available in a class C network? | 256 |
| What is the IP of the localhost or loopback adapter in IPv6 format? | 0000:0000:0000:0000:0000:0000:0000:0001/128 OR ::1/128 |
| What is the link local address in IPv6 format? | fe80::/10 |
| What is the appropriate CIDR notation for 256 available addresses? | /24 |
| How many hosts does a CIDR notation of /23 provide? | 512 |
| Which of the following is used to identify wireless networks across multiple Access Points? | (SSID) - Service Set Identifier |
| Which of the following is the MAC address of the Access Point Radio? | (BSSID) - Basic Service Set Identifier |
| Which of the following is not an Authentication Method? | (something you know, have and are) |
| What command line tool is used to view a system's network information? | ipconfig, ifconfig |
| What command do I run to see what services/ports are in use and what is connected? | netstat |
| In Windows, I would use which NET command to connect/map a network drive? | net use |
| Using the simple RISK equation, what is the risk of not applying a patch that costs $100 per system in an environment with 200 systems with a 50% probability of occuring? | 10000 |
| What Act, from 1974, was updated in 2004 to provide further restrictions on the use of an individual's Social Security Number? | Privacy Act of 1974 |
| What Act, from 1984, established criminal offenses for password trafficking, insertion of malicious code, and knowledgeable and unauthorized access to Government systems? | Computer Fraud and Abuse Act (1984) |
| What Act, from 1987, established the National Informaiton Assurance Partnership which establishes an international common criteria to evaluate them? | Computer Security Act of 1987 |
| What Act, from 1996, implemented electronic healthcare transactions? | Health Insurance Portability and Accountability Act 1996 |
| What Act, from 1998, made it legal to crack copyright protection to conduct encryption research, assess product interoperabilitiy, and test computer security systems? | Digital Millennium Copyright act (1998) |
| What Act, from 1999, impelmented protection and usage rules for Financial Electronic transactions? | Gramm-Leach-Bliley Act of 1999 |
| What Act, from 2002 and based on California's SB1386, requires protection of Personally Identifiable Informaiton (PII)? | SAFE Data Act (2002) |
| In Maryland, damage caused in a computer related crime dictates a Felony charge if the the amount is over what amount? | Felony if over $10,000 |
| If you have been contracted to perform an attack against a target system, you are what type of hacker? | White Hat Hacker |
| Which of the following describes an attacker who goes after a target to draw attention to a cause? | Hacktivists |
| What level of knowledge about hacking does a script kiddie have? | low or no knowledge |
| Which of the following does an ethical hacker require to start evaluating a system? | permission and training |
| A white box test means the tester has which of the following? | complete knowledge of the inner workings of a system under test |
| Which of the following descirbes a hacker who attacks without regard for being caught or punished? | suicide hackers |
| What is a code of ethics? | a description of expected behavior. |
| The group Anonymous is an example of what? | hacktivists |
| Companies may require a penetration test for which of the following reasons? | All of the above |
| What should a pentester do prior to initiating a new penetration test? | Get permission |
| Which of the following best describes what a hacktivist does? | Hacks for political reasons |
| Which of the following best describes what a suicide hacker does? | Hacks without stealth |
| Which type of hacker may use their skills for both benign and malicious goals at different times? | Gray hat |
| What separates a suicide hacker from the other hackers? | A lack of fear of being caught |
| Which of the following would most likely engage in the persuit of vulnerability research? | White hat |
| Vulnerability research deals with which of the following? | Passively uncovering vulnerabilities |
| How is black box testing performed? | With no knowledge |
| A contract is important because it does what? | Gives proof |
| What does TOE stand for? | Target of evaluation |
| Which of the following best describes a vulnerability? | A weakness |
| In which phase of the attack methodology do we try to identify hosts that we can then look for vulnerabilities on? | Scanning and enumeration |
| In which phase of the attack methodology do we use google and social media to learn about our target? | Performing reconnaissance |
| In which phase of the attack methodology do we correlate open ports and running services to a potential attack vector? | Scanning and enumeration |
| In which phase of the attack methodology do we actually "break in" to a system? | Gaining access |
| Which of the following best describes footprinting? | Investigation of a target |
| Which of the following is not typically used during footprinting? | port scanning |
| Why use Google hacking? | to fine-tune search results |
| What is the role of social engineering? | to gain information from human beings |
| What is EDGAR used to do? | check financial filings |
| Which of the following can be used to tweak or fine-tune search results? | operators. |
| Which of the following can an atacker use to determine the technology and structure within an organization? | job boards |
| Which of the following can be used to assess physical security? | street views |
| Which of the following can help you determine business processes of your target through human interaction? | social engineering |
| The Wayback Machine is used to do which of the following? | view archived versions of websites |
| Which record will reveal information about a mail server for a domain? | MX |
| Which tool can be used to view web server information? | Net Craft |
| What can be configured in most search engines to monitor and alert you of changes to content? | Alerts |
| What phase comes after footprinting? | scanning |
| If you can't gain enough information directly from a target, what is another option? | competitive analysis |
| What is the purpose of social engineering? | gain info from a human being through face to face or electronic means |
| Which of the following would be a very effective source of information as it relates to social engineering? | social networking |
| Footprinting can determine all of the following except? | distribution and number of personnel |
| Footprinting has two phased. What are they? | active and passive |
| Which tool can trace the path of a packet? | tracert |
| Which of the following is an example of Technical Reconnaissance? | Social Engineering, Social Media |
| Which of the following is an example of "Low-Tech" Reconnaissance? | Visiting, Breaking In |
| Baiting is an example of Social Engineering using? | USB, CD, Removable Media |
| Pretending to be a vendor or recruiter and calling a target is an example of? | Job Requisitions |
| The Domain Name Registration records provide which of the following? | Administrative Information, Expiration Date, Points of Contact |
| Open Source Intelligence requires us to access the target systems directly? | FALSE |
| Shodan is an example of? | OSINT Search Engine - System Configurations |
| Which of the following is the best search engine to find all Linksys WRT54G routers attached to the internet? | SHOWDANHQ.COM |
| Bing can be BEST used to identify? | Systems or websites on the same IP address. |
| In Google Hacking, what would you use to find all PDF documents within HCC's website? | site:hcc.edu filetype:pdf |
| In Google Hacking, what would you use to find all webservers with Directory Browsing enabled? | intitle:"index of" |
| What file is available on most websites that tells you about portions of the website that may be sensitive in an administrator's attempt to "secure" the site? | robots.txt |
| Using the Harvester, what command would allow me to search for the first 500 google results for HCC email addresses? | ./theharvester.py -d howardcc.edu -l 500 -b google |
| Using the Harvester, what command would allow me to search for the first 200 Linkedin results for Microsoft employees? | ./theharvester.py -d microsoft.com -l 200 -b linkedin |
| Which of the following is used for banner grabbing? | telnet |
| Which of the following is used for identifying a web server OS? | Netcraft |
| Which of the following is used to perform customized network scans? | nmap |
| Which of the following is not a flag on a packet? | END |
| A SYN attack used which protocol? | TCP |
| Which of the following types of attack has no flags set? | NULL scan |
| What is missing from a half-open scan? | ACK |
| During a FIN scan, what indicates that a port is closed? | RST |
| During a XMAS tree scan, what indicates a port is closed? | RST |
| What is the three-way handshake? | The opening sequence of a TCP connection |
| A full-open scan means that the three-way handshake has been completed. What is the difference between this and a half-open scan? | A half-open does not include the final ACK. |
| What is the sequence of the three-way handshake? | SYN, SYN/ACK, ACK |
| What is an ICMP echo scan? | A ping sweep |
| Which best describes a vulnerability scan? | A way to automate the discovery of weaknesses. |
| What is the purpose of a proxy? | to keep a scan hidden |
| What is TOR used for? | To hide the process of scanning |
| Why would you need to use a proxy to perform scanning? | To enhance anonymity |
| A vulnerability scan is a good way to do what? | Find weaknesses |
| A banner can do what? | Identify a service |
| NMAP is required to perform what type of scan? | Port scan |
| In TCP/IP, what is the correct way to open a connection to a remote system using the 3-way handshake? | SYN -> SYN/ACK -> ACK |
| In TCP/IP, what is the correct way to close a connection with a remote system using the 3-way handshake? | FIN -> FIN/ACK -> ACK |
| Who created NMAP? | Gordon Lyon |
| Which NMAP scan type attempts to complete the 3-way handshake with each scanned port? | TCP Connect Scan - nmap -sT |
| Which NMAP scan type only sends the initial SYN request and waits for an ACK to detect the open port? | SYN Scan/Half-open scan -sS |
| A NMAP scan type with FIN, URG, and PUSH code bits set is which type of scan type? | Xmas Scan |
| When using a NMAP TCP FIN (-sF) scan type, what response indicates the port may be open? | no response |
| Which NMAP scan type allows an attacker to get past some packet filtering devices? | TCP ACK (-sA) |
| Which two scan types are known as NMAP PING scans? | -sP or -sn |
| Which of the following NMAP command line strings will scan a full class C network, perform version detection, and output to a file? | nmap -sn 192.168.1.1/24 -oN filename.txt |
| Which NMAP -T option would you use in a network where you want to minimize any detection and potential unintended consequences of your scan? | Paranoid (-T0) |
| Which NMAP -T option would you use in a network where you need to find out as much information as quick as possible but don't want to encounter any traffic loss? | Normal (-T3) |
| Which NMAP scan sends one packet ever 15 seconds? | Sneaky (-T1) Scan |
| Which of the following NMAP command line strings will scan a target for specific web ports, and perform version detection of those ports? | nmap -sV -p [port number] |
| Identify which of the follow this war chalking graphic represents | - |
| Enumeration is useful to system hacking because it provides which of the following? | Usernames |
| Enumeration does not uncover which of the following pieces of information? | ports |
| _______ involves grabbing a copy of a zone file. | zone transfers |
| Which of the following would confirm a user named chell in SMTP? | vrfy chell |
| VRFY is used to do which of the following? | validate an email address |
| _______ is a method for expanding an email list. | EXPN |
| An attacker can use ______ to enumerate users on a system. | netbios |
| A _______ is used to connect to a remote system using NetBIOS. | null session |
| _______ is used to synchronize clocks on a network. | ntp (network time protocol) |
| Port number _____ is used for SMTP. | port 25 or port 587 |
| Port number _____ is used by DNS for zone transfers. | port 53 |
| Which command can be used to view NetBIOS information? | nbtstat |
| SNScan is used to access information for which protocol? | snmp |
| SMTP is used to perform which function? | send email messages |
| Which ports does SNMP use to function? | ports 161 & 162 |
| LDAP is used to perform which function? | query a db |
| SNMP is used to do which of the following? | monitor network devices |
| SNMP is used to perform which function in relation to hardware? | trap messages |
| What is a SID used to do? | identify a user |
| A DNS zone transfer is used to do which of the following? | synchronize server information |
| OpenVAS is an example of what? | vulnerability scanning tools |
| A vulnerability is known as the intersection of which three elements? | System susceptibility or flaw, Access to the flaw, Exploitation of a flaw |
| A vulnerability is known as the intersection of exploiting a flaw, access to a flaw, and what? | System susceptibility or flaw |
| Which of the following is a publicly available vulnerability list? | NIST Vulnerability Database, MITRE CVE DB, Open Source Vulnerability DB, etc) |
| What personal software inspection tool can you use to scan your own system to ensure your applications are up to date? | Secunia PSI |
| What Microsoft based tool can you use to scan your Windows system to check for security issues? | Microsoft Baseline Secuirty Analyzer (MBSA) |
| What network based vulnerability scanner can be used to audit your systems for vulnerabilities, as well as compliance checks? | Nessus |
| Enumeration is useful to system hacking because it provides ________. | Usernames |
| What does the enumeration phase NOT discover? | ports |
| How would you use Netcat to set up a server on a system? | nc -l -p 1000 |
| _______ is the process of exploiting services on a system. | system hacking |
| How is a brute-force attack performed? | by trying all possible combinations of characters |
| A _______ is a type of offline attack. | rainbow attack |
| An attacker can use a(n) ________ to return to a system. | backdoor |
| A _______ is used to represent a password. | hash |
| A _______ is a file used to store passwords. | SAM |
| _______ is a hash used to store passwords in older Windows systems. | LM |
| _______ is used to partially encrypt the SAM. | syskey |
| Which system should be used instead of LM or NTLM? | kerberos |
| NTLM provides what benefit versus LM? | security |
| ADS requires what to be present? | ntfs |
| What utility may be used to stop auditing or logging of events? | auditpol |
| On newer Windows systems, what hashing mechanism is disabled? | LM |
| Which of the following is a utility used to reset passwords? | trinity rescue kit (TRK) |
| A good defense against password guessing is _______. | complex passwords |
| If a domain controller is not present, what can be used instead? | ntlmv2 |
| Alternate Data Streams are supported in which file systems? | ntfs |
| What is an exploit? | Code or commands that take advantage of a bug or vulnerablity. |
| Which of the following are types of exploits? | Remote, Local, Client Side |
| Core Impact is an example of what? | Exploit Framework/Pen Test Suite |
| Exploit-DB is a resource to find? | Exploits |
| Packet Storm is a resource to find? | Exploits |
| Who created Metasploit? | HD Moore |
| Metasploit was originally written in which programming language? | Perl |
| Metasploit was ported to which programming language in 2006? | Ruby |
| Which company purchased Metasploit in 2009? | Rapid7 |
| In Metasploit, a port scanner module would be an example of what? | auxillary modules |
| In Metasploit, the Meterpreter shell is an example of what? | payload |
| In Metasploit, what command do you use to list the sessions of the systems you have exploited? | -l |
| Given the following set of Metasploit Commands, which command is missing in order to make this work? | set payload |
| When using Meterpreter, what command shows all processes on the remote system? | ps |
| When using Meterpreter, what command provides you with the Windows Password store? | hashdump |
| What is the name of the Graphical Front End to Metasploit? | Armitage |
Created by:
Briskly0583