Midterm 2 Flashcards
(50 cards)
1
Q
- Which of the following password cracking methods is the fastest?
a. Dictionary attack
b. Brute force
c. Birthday attack
d. Reverse hash matching
A
a. Dictionary attack
2
Q
- __________means sniffing through a hub, on a hub the traffic is sent to all ports. involves only monitoring of the packets sent by others without sending any additional data packets in the network traffic.
A. Active sniffing
B. Passive sniffing
C. Hardware sniffing
D. None of the above
A
B. Passive sniffing
3
Q
- Which type of malware is likely the most impactful?
A. Worm
B. Dropper
C. Ransomware
D. Virus
A
C. Ransomware
4
Q
- What is a countermeasure for SNMP enumeration?
A. Remove the SNMP agent from the device.
B. Shut down ports 135 and 139 at the firewall.
C. Shut down ports 80 and 443 at the firewall.
D. Enable SNMP read-only security on the agent device.
A
A. Remove the SNMP agent from the device.
5
Q
- Which of the following is a tool to crack passwords?
a. Intercepting an SSH connection
b. Nessus
c. NMAP
D. John the Ripper
A
D. John the Ripper
6
Q
- Which of the following is used for recording key strokes at a terminal or keyboard using malicious software?
A.Spyware
B.Malware
C.Key logger
D.Recordware
A
C.Key logger
7
Q
- A user reports that they have downloaded a music file from the Internet. They inform you that when they opened the file, it seemed as though it installed an application, and then the user was prompted to send a payment of $500 to a Paypal accountto get the key to decrypt their hard drive.
The user no longer has access to their desktop. What could be the issue?
A. The user is experiencing a hoax.
B.The user downloaded and installed ransomware.
C. The user installed malware.
D.The user downloaded the wrong music file.
A
B.The user downloaded and installed ransomware.
8
Q
- Which tool can be used to conduct layer 4 scanning and enumeration?
a. Ping
b. Metasploit
c. John the Ripper
d. Nmap
A
d. Nmap
9
Q
- An attacker is conducting the following on the target workstation: nmap -sT 192.33.10.5. The attacker is in which phase?
a. Covering tracks
b. Enumeration
c. Scanning and enumeration
d. Gaining access
A
c. Scanning and enumeration
10
Q
- What is the most important part of conducting a penetration test? +
a. Receiving a formal written agreement
b. Documenting all actions and activities
C. Remediating serious threats immediately
d. Maintaining proper handoff with the information assurance team
A
a. Receiving a formal written agreement
11
Q
- Software that creates pop-up advertisement messages while visiting websites is known as what?
A. Adware
B. Malware
C. Pop-up blocker
D. Freeware
A
A. Adware
12
Q
- What technique would a malware author use to try to make it past an anti-malware solution?
A.Disassembly
B.Obfuscation
C.Reverse engineering
D.Dropper
A
B.Obfuscation
13
Q
- As a security administrator, you want to ensure every user only has the specific permissions and rights they need for the role they have. What principle are you following?
a. Role-based access control
b. Least privilege
c. Reducing availability
d. Setting up an encryption process
A
b. Least privilege
14
Q
- What is a common attack type of the Kerberos protocol that can look like legitimate traffic?
a. Kerberoasting
b. Javaroasting
C. Man in the Middle
d. Ticket granting compromise
A
a. Kerberoasting
15
Q
- To sniff, what mode must your network adapter be configured to in order to pull frames off an Ethernet or wireless network that aren’t addressed to you?
A.Active
B.Promiscuous
C.Stealth
D.CSMA/CD mode
A
B.Promiscuous
16
Q
- Why would an attacker conduct an open TCP connection scan using Nmap?
a. The attacker does not want to attack the system
b. The attacker made a mistake by not selecting a SYN scan function
c. The attacker is trying to connect to network services
d) The attacker is trying to make the scan look like normal traffic
A
d) The attacker is trying to make the scan look like normal traffic
17
Q
- As part of an assessment on an organization you working for, you decide to conduct a social engineering attack to gather credentials that you will use later. What type of attack would be the most efficient if you wanted to get credentials from an administrator?
A.Man-in-the-middle
B.Pharming
C.Spear phishing
D.Phishing
A
C.Spear phishing
18
Q
- What technique might a malware author use that would be most effective to evade detection by anti-malware software?
A. Encryption
B. Packing
C. Compression
D. Polymorphism
A
D. Polymorphism
19
Q
- What tool could you use to fully automate a social engineering attack, like sending out a phishing campaign?
A. Nmap
B. Metasploit
C. Setoolkit
D. Aircrack
A
C. Setoolkit
20
Q
- In which phase within ethical hacking framework do you alter or delete log information?
a. Scanning and enumeration
b. Gaining access
c. Reconnaissance
d. Covering tracks
A
d. Covering tracks
21
Q
- What security requirement is violated if data is corrupted by bad memory as it is being stored on a hard disk?
a. Availability - Confidentiality
c. Integrity
d. Possession
A
c. Integrity
22
Q
- What is the biggest problem with using rainbow tables for password cracking?
a. Disk space utilization
b. Processor utilization
c. Low success rate
d. Not used for password cracking
A
a. Disk space utilization
23
Q
- Which of these is an exploit that takes advantage of a vulnerability in the Server Message Block protocol to compromise systems remotely?
a. WannaCry
b. BigBlue
c. EternalBlue
d. Shadow Brokers
A
c. EternalBlue
24
Q
- How does ARP spoofing work?
A. Sending gratuitous ARP requests
B. Sending gratuitous ARP responses
C. Filling up the ARP cache
Đ. Flooding a switch
A
B. Sending gratuitous ARP responses
25
25. You have just compromised a system using Metasploit. What module would you now load to collect passwords from memory?
a. dumphash
b. autoroute
C. mimikatz
d. Siddump
C. mimikatz
26
26. Which of the following is an application that does not need a host or human interaction to disrupt and corrupt data?
A.Worm
B.Virus
C.Trojan
D.Malware
A.Worm
27
27. Which of the following is the correct way to search for a specific IP address in Wireshark using a display filter?
A. ip.addr = 192.168.1.100
B. ip == 192.168.1.100
C. ip = 192.168.1.199
D. ip.addr == 192.168.1.100
D. ip.addr == 192.168.1.100
28
28. What is one disadvantage of a single sign on strategy?
a. It offers a single point of failure for authentication
b. There is no replication for security policies
c. Passwords are stored in plain text
d. User accounts are easily accessible
a. It offers a single point of failure for authentication
29
29. What do you need to provide to Wireshark to allow it to decrypt encrypted packets?
A. License
B. Password
C. Keys
D. Hash
C. Keys
30
30. The password file of a Windows system is located in which of the following directories?
a. C:\System32\Windows\config
b. \etc\win\config
c. C:\System \Window\config
d. C:\Windows\System32\config
C:\Windows\System32\config
31
31. What utility is used to gather information about NetBIOS configuration on Windows systems?
a. netstat
b. Nmap
C. nbtstat
d. Ping
C. nbtstat
32
32. What protocol could you use to gather configuration information about a system over the network?
a. SMTP
b. SNMP
с. НТТР
d. FTP
b. SNMP
33
33. If you needed to enumerate data across multiple services and also store the data for retrieval later, what tool would you use?
A. MegaPing
B. Nmap
C. Nessus
D. Metasploit
D. Metasploit
34
34. Which password is more secure?
A. keepyourpasswordsecuretoyourself
B. pass123!!
C. P@SSworD
D. Keep YOur PasswordSafe!
D. Keep YOur PasswordSafe!
35
35. What type of social engineering attack uses SMS (text) messages to communicate with the victim?
A. Smishing
B. Vishing
C.Phishing
D.Kishing
A. Smishing
36
36. Which of these could you enumerate on a WordPress site using wpscan?
A. Plug-ins
B. Posts
C. Administrators
D. Versions
C. Administrators
37
37. An attacker is dressed as a postal worker. Holding some large boxes, he follows a group of workers to make his drop-off in the back of the facility. What is the attacker trying to conduct?
A. Phishing
B. Sliding
C Piggybacking
D. Shimming
C Piggybacking
38
38. Which of the following describes the collection of human physical attributes for use in performing electronic authentication?
a. Personal identification card
b. Hair and fingerprints
C. Biometrics
d. Type 3 control
C. Biometrics
39
39. Which operating system build provides a suite of tools for network offensive (attack your target) purposes?
a. Kali Linux
b. Windows Server 2012 R2
c. FreeBSD
d. Security Onion
a. Kali Linux
40
40. What is a major drawback of most antivirus software?
A. lt can be extremely slow.
B. lt must have the latest virus definitions.
C. It can take up a lot of host resources.
D. It requires a lot of effort to administer
B. lt must have the latest virus definitions.
41
41. Which of the following is considered a framework for penetration testing?
A. Metasploit
B. Cain & Abel
C. Nessus
D. Security Onion
A. Metasploit
42
42. Which of the following malware achieved a historical first by causing physical damage to a nuclear reactor facility?
A. Stuxnet
B. Blue's Revenge
C. LOVEYOU virus
D. BackOrifice
A. Stuxnet
43
43. Which of the following applications is used to inspect packets?
A. Wireshark
B. Cain & Abel
C. Aircrack
D. Nmap
A. Wireshark
44
44. You are the senior manager in the IT department for your company. What is the most cost-effective way to prevent social engineering attacks?
A. Install HIDS.
B. Ensure that all patches are up-to-date.
C. Monitor and control all email activity.
D.Implement security awareness training.
D.Implement security awareness training.
45
45. What operating-system-agnostic feature of Metasploit would you use to perform tasks on a compromised system, including getting keystokes?
a. Meterpreter
b. Metainpreter
c. Metasploit
d. Mimikatz
a. Meterpreter
46
46. What are two advantages of using a rootkit?
A. Installing alternate data streams and Registry keys
B. Creating Registry keys and hidden processes
C. Hiding processes and files
D. Hiding files and Registry keys
C. Hiding processes and files
47
47. Malware installed at the kernel is very difficult to detect with products such as antivirus and anti-malware programs. What is this type of malware called?
A. Ransomware
B.Rootkit
C.Vampire tap
D. Worm
B.Rootkit
48
48. As a pen tester, what content might you include in addition to your general findings?
a. List of patched systems
b. List of disabled accounts
C. List of identified vulnerabilities
d. List of revoked certificates
C. List of identified vulnerabilities
49
49. Spammers want you to:
A. Not open any links
B. Think first and act later
C. Act first and think later
D. None of the Above
C. Act first and think later
50
50. An email contains a link with the subject line "Congratulations on your cruise!" and is sent to the finance person at a company. The email instructs the reader to click a hyperlink to claim the cruise. When the link is clicked, the reader is presented with a series of questions within an online form, such as name, Social Security number, and date of birth. What type of attack would this be considered?
A. Email phishing
B. Spear phishing
C. Social engineering
D. Identity theft
B. Spear phishing
