Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Ethical Hack M3&4
| Question | Answer |
|---|---|
| Why would a penetration tester perform a passive reconnaissance scan instead of an active one? | to collect information about a network without being detected |
| A threat actor is looking at the IT and technical job postings of a target organization. What would be the most beneficial information to capture from these postings? | the type of hardware and software used |
| What is the disadvantage of conducting an unauthenticated scan of a target when performing a penetration test? | Vulnerability of services running inside the target may not be detected. |
| A company hires a cybersecurity consultant to conduct a penetration test to assess vulnerabilities in network systems. The consultant is preparing the final report to send to the company. What is an important feature of a final penetration test report? | It gives an accurate presentation of vulnerabilities. |
| What are three considerations when planning a vulnerability scan on a target production network during a penetration test? (Choose three.) | the timing of the scan the network topology the available network bandwidth |
| What is required for a penetration tester to conduct a comprehensive authenticated scan against a Linux host? | user credentials with root-level access to the target system |
| What is the purpose of applying the Common Vulnerability Scoring System (CVSS) to a vulnerability detected by a penetration test? | to calculate the severity of the vulnerability |
| A penetration tester must run a vulnerability scan against a target. What is the benefit of running an authenticated scan instead of an unauthenticated scan? | Authenticated scans can provide a more detailed picture of the target attack surface. |
| Which specification defines the format used by image and sound files to capture metadata? | Exchangeable Image File Format (Exif) |
| When performing passive reconnaissance, which Linux command can be used to identify the technical and administrative contacts of a given domain? | whois |
| A threat actor has altered the host file for a commonly accessed website on the computer of a victim. Now when the user clicks on the website link, they are redirected to a malicious website. What type of attack has the threat actor accomplished? | pharming |
| Why would a threat actor use the Social-Engineering Toolkit (SET)? | to send a spear phishing email |
| Which Apple iOS and Android tools can spoof a phone number, record calls, and generate different background noises? | SpoofCard |
| What method of influence is characterized when a celebrity endorses a product on social media? | social proof |
| What type of threat allows an attacker to obtain the credentials of a bank client by spoofing the login webpage of a financial institution? | malvertising |
| Which resource would mitigate piggybacking and tailgating? | security guard |
| What two physical attacks are mitigated by using access control vestibules? (Choose two.) | piggybacking tailgating |
| Which option is a voice over IP management tool that can be used to impersonate caller ID? | Asterisk |
| A new employee is celebrating their position with a large company by posting a picture of their access identification on social media. What kind of physical attack has the new employee unknowingly enabled? | badge cloning |
| Which tool can launch social engineering attacks and be integrated with third-party tools and frameworks such as Metasploit? | SET |
| What is a Kerberoasting attack? | It is a post-exploitation attempt that is used to extract service account credential hashes from Active Directory for offline cracking. |
| Which is a characteristic of a Bluesnarfing attack? | An attack that can be performed using Bluetooth with vulnerable devices in range. This attack actually steals information from the device of the victim. |
| Match the attack type with the respective description. | - |
| Route Manipulation attacks | typically a BGP hijacking attack by configuring or compromising an edge router to announce prefixes that have not been assigned to the organization |
| Downgrade attacks | the attacker forces a system to favor a weak encryption protocol or hashing algorithm that may be susceptible to other vulnerabilities |
| DHCP Starvation attack | an attacker floods a server with bogus DISCOVER packets until the server exhausts the supply of IP addresses |
| VLAN Hopping attack | an attacker bypass any layer 2 restrictions built to divide hosts |
| MAC address spoofing attack | an attacker spoofs the physical address of the NIC device to match the address of another on a network in order to gain unauthorized access or launch a Man-in-the-Middle attack |
| What is a characteristic of a Kerberos silver ticket attack? | It uses forged service tickets for a given service on a particular server. |
| Which four items are needed by an attacker to create a silver ticket for a Kerberos silver ticket attack? (Choose four.) | system account target service SID FQDN SSTF |
| Which is a characteristic of the pass-the-hash attack? | capture of a password hash (as opposed to the password characters) and using the same hashed value for authentication and lateral access to other networked systems |
| What UDP port number is used by SNMP protocol? | 161 |
| Which NetBIOS service is used for connection-oriented communication? | NetBIOS-SSN (Session Service) |
| Which is the default TCP port used in SMTP for non-encrypted communications? | 25 |
| What is a common mitigation practice for ARP cache poisoning attacks on switches to prevent spoofing of Layer 2 addresses? | DAI (Dynamic ARP Inspection) |
| What is the disadvantage of running a TCP Connect scan compared to running a TCP SYN scan during a penetration test? | The extra packets required may trigger an IDS alarm. |
| When performing a vulnerability scan of a target, how can adverse impacts on traversed devices be minimized? | The scan should be performed as close to the target as possible. |
| What initial information can be obtained when performing user enumeration in a penetration test? | a valid list of users |
| What can be deduced when a tester enters the nmap -sF command to perform a TCP FIN scan and the target host port does not respond? | that the port is open |
| Which two tools could be used to gather DNS information passively? (Choose two.) | Recon-ng Dig |
| Who is the target of a whaling attack? | upper managers such as the CEO or key individuals in an organization |
| Which tool provides a threat actor a web console to manipulate users who are victims of cross-site scripting (XSS) attacks? | BeEF |
| A salesperson is attempting to convince a customer to buy a product because limited supplies are available. Which social engineering method of influence is being used by the salesperson? | scarcity |
| Which Apple iOS and Android tool can be used to spoof a phone number? | SpoofApp |
| What is the purpose of a vishing attack? | to convince a victim on a phone call to disclose private or financial information |
| Which attack is a post-exploitation activity that an attacker uses to extract service account credential hashes from Active Directory for offline cracking? | Kerberoasting |
| Match the SMTP command with the respective description. | ---------------------------------------------------------- |
| Used to denote the email address of the sender | |
| RSET | Used to cancel an email transaction |
| EHELO | Used to initiate a conversation with an Extended Simple Mail Transport Protocol server |
| DATA | Used to initiate the transfer of the contents of an email message |
| STARTTLS | Used to start a Transport Layer Security connection to an email server |
| HELO | Used to initiate an SMTP conversation with an email server |
| What does the MFP feature in the 802.11w standard do to protect against wireless attacks? | It helps defend against deauthentication attacks. |
| What is a DNS resolver cache on a Windows system? | It is a temporary database that contains records of all the recent visits and attempted visits to websites and other internet domains. |
| What is the advantage of using the target Wi-Fi network for reconnaissance packet inspection? | Physical access to the building may not be required. |
| Why would a penetration tester use the nmap -sF command? | when a TCP SYN scan is detected by a network filter or firewall |
| What useful information can be obtained by running a network share enumeration scan during a penetration test? | systems on a network that are sharing files, folders, and printers |
| How is open-source intelligence (OSINT) gathering typically implemented during a penetration test? | by using public internet searches |
| When a penetration test identifies a vulnerability, how should the vulnerability be further verified? | determine if the vulnerability is exploitable |
| Which two access control options are commonly used in conjunction with access control vestibules? (Choose two.) | proximity card and PIN biometric scan |
| A threat actor has sent a phishing email to a victim stating that suspicious activity has been detected on their bank account and that they must immediately click on a provided link to change their password. | urgency |
| Which tool permits post-exploitation activities, such as Windows reverse VNC DLL and reverse TCP shell? | SET |
| Which tool can send fake notifications to the browser of a victim? | BeEF |
| Which kind of attack is an IP spoofing attack? | On-path |
| Match the TCP port number with the respective email protocol that uses it. | ----------------------------------------- |
| 465 | The port registered by the Internet Assigned Numbers Authority (IANA) for SMTP over SSL (SMTPS). |
| 587 | The Secure SMTP (SSMTP) protocol for encrypted communications, as defined in RFC 2487, using STARTTLS. |
| 143 | The default port used by the IMAP protocol in non-encrypted communications |
| 995 | The default port used by the POP3 protocol in encrypted communications. |
| 993 | The default port used by the IMAP protocol in encrypted (SSL/TLS) communications. |
| Which two best practices would help mitigate FTP server abuse and attacks? (Choose two.) | use encryption at rest require re-authentication of inactive sessions |
| What guidance does the NIST Cybersecurity Framework provide to help improve an organization’s cybersecurity posture? | The framework outlines standards and industry best practices. |
| In which circumstance would a penetration tester perform an unauthenticated scan of a target? | when user credentials were not provided |
| Which social engineering physical attack statement is correct? | Shoulder surfing can be prevented by using special screen filters for computer displays. |
| Which tool can be used to perform a Disassociation attack? | Airmon-ng |
| Which is a characteristic of a DNS poisoning attack? | The DNS resolver cache is manipulated. |
| What type of server is a penetration tester enumerating when they enter the nmap -sU command? | DNS, SNMP, or DHCP server |
| A user has found a USB pen drive in the corporate parking lot. What should the user do with this pen drive? | deliver the pen drive to the security sector of the company |
| What is the act of gaining knowledge or information from a victim without directly asking for that particular information? | elicitation |
| A threat actor has sent a text message to a victim stating that they have won bitcoins in a bank contest. To claim their prize, the victim must click the provided link and enter their bank account information. What social engineering attack can be accompl | SMS phishing |
| Which Wi-Fi protocol is most vulnerable to a brute-force attack during a Wi-Fi network deployment? | WPS |
| Match the attack type with the respective description. | ------------------------------------- |
| Reflected DOS | This attack uses spoofed packets that appear to be from the victim. Then the sources become unwitting participants in the attack by sending the response traffic back to the intended victim. |
| DNS Amplification | This an attack in which the attacker exploits vulnerabilities in target servers to initially turn small queries into much larger payloads, which are used to bring down the servers of the victim. |
| Direct DOS | This occurs when the source of the attack generates the packets, regardless of protocol, application, and so on, that are sent directly to the victim of the attack. |
| DDOS | This attack uses botnets that can be manipulated from a command and control (CnC, or C2) system. |
| Which Kali Linux tool or script can gather information on devices configured for SNMP? | snmp-check |
| What two features are present on DNS servers using BIND 9.5.0 and higher that help mitigate DNS cache poisoning attacks? (Choose two.) | randomization of ports provision of cryptographically secure DNS transaction identifiers |
| What is a watering hole attack? | an attack that exploits a website that is commonly accessed by members of a targeted organization |
| Apple is a company constantly working towards making its products and processes more environmentally friendly. Therefore, the Apple brand is associated with ideals and values that customers can relate to and support. What method of influence is being used | likeness |
| What is the purpose of host enumeration when beginning a penetration test? | to identify all active IP addresses within the scope of the test |
| Match the port type and number with the respective NetBIOS protocol service. | ------------------------- |
| UDP port 138 | NetBIOS Datagram Service |
| UDP port 137 | NetBIOS Name Service |
| TCP port 445 | SMB protocol |
| TCP port 139 | NetBIOS Session Service |
| TCP port 135 | Microsoft Remote Procedure Call (MS-RPC) |
Created by:
jxxnixx