Final Flashcards
(157 cards)
1
Q
Penetration testing can create ethical, technical, and privacy concerns for a company’s management team. What can a security consultant do to ensure the client fully understands the scope of testing that will be performed?
A
create a contractual agreement
2
Q
What professional level security certification did the “International Information Systems Security Certification Consortium” (ISC2) develop?
A
Certified Information Systems Security Professional (CISSP)
3
Q
What name is given to people who break into computer systems with the sole purpose to steal or destroy data?
A
Crackers
4
Q
What organization disseminates research documents on computer and network security worldwide at no cost?
A
SANS
5
Q
What security certification uses the Open Source Security Testing Methodology Manual (OSSTMM) as its standardized methodology?
A
OPST
6
Q
What port does the Simple Mail Transfer Protocol, or SMTP service use?
A
25
7
Q
What layer, in the TCP/IP protocol stack, is responsible for encapsulating data into segments?
A
Transport Layer
8
Q
To retrieve e-mail from a mail server, you most likely access port 119.
TRUE OR FALSE
A
False
9
Q
In the TCP/IP stack, what layer is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP header?
A
Transport
10
Q
An octal digit can be represented with only three bits because the largest digit in octal is seven.
TRUE OR FALSE
A
True
11
Q
A malicious computer program that replicates and propagates itself without having to attach to a host is called which of the following?
A
worm
12
Q
In a buffer overflow attack, an attacker finds a vulnerability in poorly written code that doesn’t check for a defined amount of memory space use.
TRUE OR FALSE
A
TRUE
13
Q
What type of attack is occurring when an attacker places themselves between two parties and manipulates messages being passed back and forth?
A
Man-in-the-Middle
14
Q
Which term best describes a hash or code pattern that antivirus software companies use to compare known viruses to every file on a computer?
A
signatures
15
Q
What type of malicious program cannot stand on its own and can replicate itself through an executable program attached to an e-mail?
A
Virus
16
Q
What social engineering tactic can be utilized to acquire old notes that may contain written passwords or other items that document important information?
A
Dumpster driving
17
Q
To see additional parameters that can be used with the Netcat command, what should you type at the command prompt?
A
nc -h
18
Q
What is the passive process of finding information on a company’s network called?
A
Footprinting
19
Q
What HTTP method is the same as the GET method, but retrieves only the header information of an HTML document, not the document body?
A
HEAD
20
Q
When an individual attempts to discover as much information legally possible about their competition, what information gathering technique are they performing?
A
Competitive intelligence
21
Q
When a TCP three-way handshake ends, both parties send what type of packet to end the connection?
A
FIN
22
Q
In a NULL scan, all packet flags are turned on.
TRUE OR FALSE
A
FALSE
23
Q
Attackers typically use ACK scans to get past a firewall or other filtering devices.
TRUE OR FALSE
A
TRUE
24
Q
In any *NIX system, after saving a script named “script_name,” you need to make it executable so that you can run it. Which command will accomplish this task from the command line?
A
chmod +x script_name
25
Which vi command deletes the current line?
Dd
26
Windows Server 2012 introduced what protection feature to prevent pass-the-hash attacks?
Authentication Silos
27
What type of unauthenticated connection is considered to be a significant vulnerability of NetBIOS systems?
null session
28
What enumeration tool is extremely useful when working with Windows NT, 2000, and Windows XP systems?
DumpSec
29
SNMPWalk is a tool useful in enumerating hosts running SNMP with what type of configuration?
default
30
SNMPWalk is a tool useful in enumerating hosts running SNMP with what type of configuration?
default
31
What process allows a security professional to extract valuable information, such as information about users and recent login times from a network?
enumeration
32
Which of the following is a markup language rather than a programming language?
HTML
33
Which of the following logical operators in the C programming language is evaluated as true if both sides of the operator are true?
&&
34
Security professionals often need to examine Web pages and recognize when something looks suspicious.
TRUE OR FALSE
True
35
In the C programming language, which of the following show where a block of code begins and ends?
braces
36
Which of the following is the act of performing a task over and over?
Looping
37
Which standardized remote file system protocol replaced SMB in Windows 2000 Server and later?
Common Internet File System
38
Which of the following is considered to be the most critical SQL vulnerability?
null SA password
39
Red Hat and Fedora Linux use what command to update and manage their RPM packages?
yum
40
Which of the following is an interprocess communication mechanism that allows a program running on one host to run code on a remote host?
RPC
41
Microsoft Baseline Security Analyzer has its origins in which of the following command line scanners?
HFNetChk
42
SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following?
air gap
43
Rootkits containing Trojan binary programs that are ready to install are more dangerous than typical Trojan programs.
true
44
Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device?
firmware
45
Which of the following systems should be used when equipment monitoring and automation is critical?
SCADA
46
Which of the following source code is now available to the public and was considered a trimmed down version of the Windows desktop OS?
Windows CE
47
Connecting to an MS SQL Server database with Microsoft's Object Linking and Embedding Database (OLE DB) requires using which of the following providers?
SQLOLEDB
48
Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities?
Microsoft Security Bulletin
49
What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?
developer tools
50
Which of the following cross-site scripting vulnerabilities types is especially harmful because it can be delivered to subsequent users of the application?
stored
51
Web applications written in CFML can also contain other client-side technologies, such as HTML and JavaScript.
TRUE or FALSE
True
52
What security certification uses the Open Source Security Testing Methodology Manual (OSSTMM) as its standardized methodology?
OPST
53
When a security professional is presented with a contract drawn up by a company's legal department, which allows them to "hack" the company's network, they should proceed by performing what precautionary step?
consult their lawyer
54
What common term is used by security testing professionals to describe vulnerabilities in a network?
holes
55
Port scanning is a noninvasive, nondestructive, and legal testing procedure that is protected by federal law.
False
56
An ethical hacker is a person who performs most of the same activities a hacker does, but with the owner or company's permission.
True
57
What IPv4 address class has the IP address 221.1.2.3?
Class C
58
What TCP flag is responsible for synchronizing the beginning of a session?
SYN flag
59
What port is typically reserved and utilized by the Secure Hypertext Transfer Protocol to create a secure connection to a Web server?
443
60
What port does the Trivial File Transfer Protocol, or TFTP service use?
69
61
What port does the Hypertext Transfer Protocol, or HTTP service use?
80
62
What type of attack causes the victim's computer to crash or freeze when the attacker delivers an ICMP packet that is larger than the maximum allowed 65,535 bytes?
Ping of Death
63
Whitelisting allows only approved programs to run on a computer.
True
64
What type of virus is used to lock a user's system, or cloud accounts until the system's owner complies by paying the attacker a monetary fee?
ransomware
65
Malware is malicious software, such as a virus, worm, or Trojan program, introduced into a network.
True
66
Which type of attack cripples the network and prevents legitimate users from accessing network resources?
denial-of-service
67
Which utility can extract meta-data and documents on a Website to reveal the document creator's network login, e-mail
address, IP address, and other important information?
FOCA
68
When an attacker chooses to combine social engineering with exploiting vulnerabilities carried out by e-mail, what type of attack is being performed?
spear phishing
69
Which process utilizes the knowledge of human nature to get information from people to use for executing an attack on a computer network?
social engineering
70
Which HTTP method starts a remote Application-layer loopback of the request message?
TRACE
71
What is the passive process of finding information on a company's network called?
footprinting
72
Closed ports respond to a NULL scan with what type of packet?
RST
73
Which vi command deletes the current line?
Dd
74
In a Linux script, which of the lines is important because it identifies the file as a script?
#!/bin/sc
75
To verify if all the IP addresses of a network are being used by computers that are up and running, you can use a port scanner to perform what procedure on a range of IP addresses?
ping
76
Attackers typically use ACK scans to get past a firewall or other filtering devices. TRUE or FALSE
True
77
Which of the following is an excellent GUI tool for managing Windows OSs and is capable of displaying graphical representations of several areas?
Hyena
78
Which of the following commands is a powerful enumeration tool included with Windows?
Nbtstat
79
A NetBIOS name does not need to be unique on a network.
False
80
What does the "NBT" part of "NBTscan" stand for?
NetBIOS over TCP/IP
81
What feature implemented in Windows Server 2016 allows for application isolation to protect applications from one another?
Windows Containers
82
In a Perl program, to go from one function to another, you simply call the function by entering which of the following in your source code?
name
83
Which of the following mathematical operators in the C programming language increments the unary value by 1?
++
84
In HTML, each tag has a matching closing tag that is written with which of the following characters?
forward slash (/)
85
Which of the following special characters is used with the printf() function in the C programming language to indicate a new line?
\n
86
Which of the following logical operators in the C programming language is used to compare the equality of two variables?
==
87
Which of the following is a Window's client/server technology designed to manage patching and updating systems software from the network?
WSUS
88
What is the most serious shortcoming of Microsoft's original File Allocation Table (FAT) file system?
no ACL support
89
Rootkits containing Trojan binary programs that are ready to install are more dangerous than typical Trojan programs.
True
90
Microsoft Baseline Security Analyzer has its origins in which of the following command line scanners?
HFNetChk
91
What critical component of any OS, that can be can be vulnerable to attacks, is used to store and manage information?
file system
92
When using the Common Internet File System (CIFS), which security model will require network users to have a user name and password to access a specific resource?
User-level security
93
What is the current file system that Windows utilizes that has strong security features?
NTFS
94
When using the Common Internet File System (CIFS), which security model does not require a password to be set for the file share?
Share-level security
95
A device that performs more than one function, such as printing and faxing is called which of the following?
MFD
96
Which of the following source code is now available to the public and was considered a trimmed down version of the Windows desktop OS?
Windows CE
97
Which JavaScript function is a "method" or sequence of statements that perform a routine or task?
getElementById()
98
Adobe System's ColdFusion uses its proprietary tags, which are written in which of the following languages?
CFML
99
Connecting to an MS SQL Server database with Microsoft's Object Linking and Embedding Database (OLE DB) requires using which of the following providers?
SQLOLEDB
100
Which of the following interfaces, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system (DBMS)?
OLE DB
101
To check whether a CGI program works, you can test the URL in your Web browser. Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser?
cgi-bin
102
What type of assessment performed by a penetration tester attempts to identify all the weaknesses found in an application or on a system?
vulnerability
103
What professional level security certification did the "International Information Systems Security Certification Consortium" (ISC2) develop?
Certified Information Systems Security Professional (CISSP)
104
What subject area is not one of the 22 domains tested during the CEH exam?
Trojan hijacking
105
What term best describes a person who hacks computer systems for political or social reasons?
hacktivist
106
What security certification uses the Open Source Security Testing Methodology Manual (OSSTMM) as its standardized methodology?
OPST
107
What port is typically reserved and utilized by the Secure Hypertext Transfer Protocol to create a secure connection to a Web server?
443
108
What TCP flag is responsible for delivering data directly and immediately to an application?
PSH flag
109
What connection-oriented protocol is utilized by the Transport layer?
TCP
110
What layer protocols operate as the front end to the lower-layer protocols in the TCP/IP stack?
Application
111
What port does the Simple Mail Transfer Protocol, or SMTP service use?
25
112
When a computer hacker uses multiple compromised computers to carry out a DDOS attack, the compromised computers are usually referred to as which of the following?
zombies
113
Which type of security is specifically concerned with computers or devices that are part of a network infrastructure?
Network security
114
Which term best describes malicious programmatic behaviors that antivirus software companies use to compare known viruses to every file on a computer?
heuristics
115
Malware programs cannot be detected by antivirus programs. TRUE or FALSE
False
116
Which of the following is created after an attack and usually hides within the OS tools, so it is almost impossible to detect?
rootkit
117
Which HTTP method requests that the entity is stored under the Request-URI?
PUT
118
What type of general commands allow a security tester to pull information from a Web server using a web browser?
HTTP
119
Which process enables you to see all the host computers on a network and basically give you a diagram of an organization's network?
zone transfers
120
Network attacks can often begin by gathering information from a company's Web site.
True
121
Namedroppers is a tool that can be used to capture Web server information and vulnerabilities in a Web site's pages that could allow exploits such as SQL injection and buffer overflows. TRUE or FALSE
False
122
Attackers typically use ACK scans to get past a firewall or other filtering devices. TRUE or FALSE
True
123
In an ACK scan, if the attacked port returns an RST packet the attacked port is considered to be operating in what state?
unfiltered
124
One of the limitations when using "ping sweeps" is that many network administrators configure nodes not to respond to ICMP Echo Requests. What type of ICMP Echo message is being disabled by these administrators?
reply
125
An open port allows access to specific applications and cannot be vulnerable to attack.
False
126
In a NULL scan, all packet flags are turned on.
False
127
All of the enumeration techniques that work with older Windows OSs still work with Windows Server 2012.
False
128
The open-source descendant of Nessus is called which of the following?
OpenVAS
129
What process allows a security professional to extract valuable information, such as information about users and recent login times from a network?
enumeration
130
What security feature was extended to the OS to alert the user when an application is launched on a Windows 8.1 computer?
SmartScreen
131
What enumeration tool is extremely useful when working with Windows NT, 2000, and Windows XP systems?
DumpSec
132
Carelessly reviewing your program's code might result in having which of the following in your program code?
bug
133
In the Perl programming language, comment lines begin with the which of the following character(s)?
#
134
If you want to know what the Perl print command does, you can use which of the following commands?
perldoc -f print
135
When a compiler finds errors, it usually indicates what they are so you can correct the code and compile the program again. TRUE or FALSE
True
136
In the C programming language, which statement tells the compiler to keep doing what is in the brackets over and over and over?
for(;;)
137
Microsoft Baseline Security Analyzer has its origins in which of the following command line scanners?
HFNetChk
138
What is the current file system that Windows utilizes that has strong security features?
NTFS
139
The MSBA tool can quickly identify missing patches and misconfigurations TRUE or FALSE
True
140
Which of the following Window's utilities includes a suite of tools to help administrators deploy and manage servers and even allows for administrators to control mobile devices running Android, iOS, and Windows Mobile OS?
SCCM
141
Which of the following is an open-source implementation of CIFS?
Samba
142
Which of the following if often found within an embedded OS that can cause a potential vulnerability to an attack?
Web server
143
What programming languages are vulnerable to buffer overflow attacks?
C and C++
144
Which of the following systems should be used when equipment monitoring and automation is critical?
SCADA
145
Which of the following source code is now available to the public and was considered a trimmed down version of the Windows desktop OS?
Windows CE
146
Which of the following is an SELinux OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users?
Mandatory Access Control
147
JavaScript is a server-side scripting language that is embedded in an HTML Web page.
TRUE or FALSE
False
148
Which of the following interfaces is a standard database access method, developed by SQL Access Group, that allows an application to access data stored in a database management system (DBMS)?
ODBC
149
What is the specific act of filtering, rejecting, or sanitizing a user's untrusted input before the application processes it?
input validation
150
What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?
Developer tools
151
Which of the following is a programming interface for connecting a Web application to a database and defines technologies that allow applications, such as Word or Excel, to interact with the Web?
ADO
152
What organization disseminate research documents on computer and network security worldwide at no cost?
SANS
153
What layer protocols operate as the front end to the lower layer protocols in the TCP/IP stack? 
Application
154
What IP address is used as a loop back address and is not a valid IP address that can be assigned to a network?
127 address
155
What layer, and the TCP/IP Protocol stack, is responsible for encapsulating data and two segments?
Transport layer
156
Whixh HTTP Method is used with a proxy that can dynamically switch to a tunnel connection, such as secure socket layer SSL?
CONNECT
157
which HTTP method starts a remote application layer loop back of the request message?
TRACE
