Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

TestOut Ethical Hacker Pro > 8.4.12 Practice Questions > Flashcards

8.4.12 Practice Questions Flashcards

1
Q

You believe your system has been hacked. Which of the following is the first thing you should check?

answer

Browser history

Hidden files

Modified timestamps

System log files

A

System log files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Listen to exam instructions
Who would be most likely to erase only parts of the system logs file?

answer

A penetration tester

The network admin

A black hat hacker

An everyday user

A

A black hat hacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Phil, a hacker, has found his way into a secure system. He is looking for a Windows utility he can use to retrieve, set, back up, and restore logging policies. Which of the following utilities should he consider?

answer

gpedit

secedit

auditpol

poledit

A

auditpol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following could a hacker use Alternate Data Streams (ADS) for?

answer

Hiding evidence

Erasing evidence

Modifying evidence

Tracking evidence

A

Hiding evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

James, a hacker, has hacked into a Unix system and wants to change the timestamps on some files to hide his tracks. Which of the following timestamp tools would he most likely use?

answer

Touch

Timestomp

ctime

Meterpreter

A

Touch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following best describes CCleaner?

answer

A software that can clear cookies, stored data like passwords, browser history, and temporary cached files. It can clear the recycling bin, clipboard data, and recent documents lists as well.

A program that searches for carrier files through statistical analysis techniques, scans for data hiding tools, and can crack password-protected data to extract the payload.

A tool that can remove files and clear internet browsing history. It also frees up hard disk space. It clears the temporary files, history, and cookies from each of the six major search engines.

A command line tool in Windows 2000 that will dump a remote or local event log into a tab-separated text file. It can also be used to filter specific types of events.

A

A tool that can remove files and clear internet browsing history. It also frees up hard disk space. It clears the temporary files, history, and cookies from each of the six major search engines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Listen to exam instructions
Mark is moving files from a device that is formatted using NTFS to a device that is formatted using FAT. Which of the following is he trying to get rid of?

answer

Software programs that hackers use.

Antivirus and anti-spyware programs.

Encrypted steganographic information.

Malicious alternate data streams.

A

Malicious alternate data streams.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following best describes a rootkit?

answer

Scans the system and compares the current scan to the clean database.

Allows each file an unlimited number of data streams with unlimited size.

Allows the user to create a password to make the hidden file more secure.

Can modify the operating system and the utilities of the target system.

A

Can modify the operating system and the utilities of the target system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Listen to exam instructions
Which of the following is also known as ZeroAccess and has virus, Trojan horse, and rootkit components?

answer

Sirefef

GrayFish

DeepSound

Touch

A

Sirefef

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Listen to exam instructions
Jerry runs a tool to scan a clean system to create a database. The tool then scans the system again and compares the second scan to the clean database. Which of the following detection methods is Jerry using?

answer

Cross view-based

Integrity-based

Behavior-based

Signature-based

A

Integrity-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Listen to exam instructions
Which of the following best describes the heuristic or behavior-based detection method?

answer

Runs a tool to scan a clean system and create a database, then scans the system and compares the current scan to the clean database.

Searches for execution path hooking, which allows a function value in an accessible environment to be changed.

Scans a system’s processes and executable files, looking for byte sequences of known malicious rootkit programs.

Uses an algorithm as it goes through the system files, processes, and registry keys to create a baseline that is compared to the data returned by the operating system’s APIs.

A

Searches for execution path hooking, which allows a function value in an accessible environment to be changed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Listen to exam instructions
The method of embedding data into legitimate files like graphics to hide it and then extracting the data once it reaches its destination is called:

answer

NTFS data streaming

Steganography

Rootkits

Execution path profiling

A

Steganography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Cameron wants to send secret messages to his friend Brandon, who works at a competitor’s company. To secure these messages, he uses a technique to hide a secret message within a video. Which of the following techniques is he using?

answer

Steganography

Encryption

RSA algorithm

Public-key cryptograph

A

Steganography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

TestOut Ethical Hacker Pro (28 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions