Chapter 8-10 Flashcards
This document protects the pen-tester from legal liability should issues arise from an agreed-upon pen test. A. Rules of Engagement B. Title IX C. Memorandum of Understanding D. Acceptable Use Policy
A. Rules of Engagement
Which of these is not an example of a server-side exploitation:
A. Insert SQL code into a form on a webpage to gain unauthorized access to database records
B. Gaining unauthorized access to a server via a backdoor
C. Inserting malicious code into a website through cross site scripting
D. Exploiting a vulnerability in the management interface of a server
B. Gaining unauthorized access to a server via a backdoor
This multipurpose tool that is installed on most Linux distros provides a discreet, but unencrypted channel to remotely send text and files to a target machine. A. Empire B. Meterpreter C. NetCat D. Nmap
C. NetCat
In order to determine whether SSH were running on a host, this scanning type would be used: A. Port scanning B. Network Tracing C. Version Scanning D. OS Fingerprinting
C. Version Scanning
This phase involves gaining access to a target through means of some type of unintended access. A. Post-Exploitation B. Exploitation C. Scanning D. Reconnaissance E. Planning
B. Exploitation
A user who is infected with malware from a web server due to a vulnerability in their browser has experienced a: A. Server-side exploit B. Humiliation C. Client-side exploit D. Local Privilege Escalation
C. Client-side exploit
Determining which hosts are active on a network is part of which phase of a pen-test: A. Exploitation B. Post-Exploitation C. Planning D. Scanning E. Reconnaissance
D. Scanning
Examining publicly available information to gather information about the target is part of this phase: A. Planning B. Scanning C. Post-Exploitation D. Reconnaissance E. Exploitation
D. Reconnaissance
Which of these is not a passive scanning technique?
A. Scanning the organization’s public IP range
B. Pulling site registration records
C. Scanning for files on a public website
D. Examining metadata in publicly available files
A. Scanning the organization’s public IP range
What port is used for file shares (SMB)? A. 445 B. 143 C. 110 D. 443
A. 445
What port is used for DNS services? A. 22 B. 53 C. 445 D. 25
B. 53
Data collected from publicly available sources and used in an intelligent context is known as: A. Open Source Intelligence B. Open Source Collective C. Collective Intelligence D. Open Source Software
A. Open Source Intelligence
When an Nmap scan has determined a port has no service listening on it, the status is reported as: A. Unfiltered B. Open C. Closed D. Filtered
C. Closed
Sending scan packets gradually so as to not trigger alerts is which type of firewall evasion technique: A. Sending bad checksums B. Specify MTU C. Decoys D. Timing attacks E. Fragmented packets
D. Timing attacks
Sending spoofed packets to hide the attacker's IP address is which type of firewall evasion technique: A. Sending bad checksums B. Specify MTU C. Decoys D. Timing attacks E. Fragmented packets
C. Decoys
Forcing packets to be sent in smaller packet sizes to force payloads to be broken up into multiple packets in an effort to obfuscate the payload is which type of firewall evasion technique: A. Timing attacks B. Sending bad checksums C. Specify MTU D. Decoys E. Fragmented packets
C. Specify MTU
Sending an echo request to a host to determine its status is which type of scan: A. TCP Connect B. UDP C. TCP SYN D. ICMP
D. ICMP
When an Nmap scan cannot access a port, the status is reported as: A. Unfiltered B. Filtered C. Closed D. Open
B. Filtered