Practice Questions Flashcards by Chris Jones

The CIA model of security consists of Confidentiality, Integrity and Availability. Which of the following is also a highly desirable security feature of a networked environment?

A Security Cleared Employees
B Connectivity
C Authenticity
D IPv6

C - Authenticity

How well did you know this?

Not at all

Perfectly

Which of the following tools would you not use for packet capturing on a IPv4 TCP/IP network?

A Tcpdump
B Wireshark
C Nikto
D SmartSniff

C - Nikto

How well did you know this?

Not at all

Perfectly

With the Domain Name System (DNS), the PTR record is used to?

A Refer to a Mail Server
B Map an name to an IP address
C Express a zone of control
D Map an IP address to a name

D - Map an IP address to a name

How well did you know this?

Not at all

Perfectly

Most ARP poisoning tools work by creating which of the following?

A A fake ARP request that is a unicast.
B A fake ARP request that is a multicast.
C A fake ARP reply that is a unicast.
D A fake ARP reply that is a broadcast.

B - A fake ARP request that is a multicast.

How well did you know this?

Not at all

Perfectly

With the Domain Name System (DNS), the MX record is used to?

A Refer to a Mail Server
B Express host information
C Express a zone of control
D To define an name server for a zone

A - Refer to a Mail Server

How well did you know this?

Not at all

Perfectly

Which of the following best describes freely available material on the internet, which may be useful to an attacker?

A Open source intelligence (OSINT)
B Available Access Data
C Human Intelligence (HUMINT)
D Signal Intelligence (SIGINT)

A - Open source intelligence (OSINT)

How well did you know this?

Not at all

Perfectly

Which of the following statements is not true for IPv4?

A The IPv4 protocol is primary concerned with routing.
B The IPv4 protocol operates at OSI level 5 of the OSI reference model.
C The IPv4 makes use of 32bit integers to for source and destination addressing.
D The IPv4 protocol contains a header checksum

B - The IPv4 protocol operates at OSI level 5 of the OSI reference model.

How well did you know this?

Not at all

Perfectly

Which of the following statements is not true for TCP?

A The TCP protocol is primary concerned reliability.
B The TCP protocol operates at OSI level 4/5 of the OSI reference model.
C The TCP protocol supports positive acknowledgement and retransmission
D The TCP protocol contains no error checking

D - The TCP protocol contains no error checking

How well did you know this?

Not at all

Perfectly

With regard to the TCP connection initialisation phase, which of the following is the TCP three way handshake that results in the TCP protocol establishing a bi-directional reliable data connection?

A Syn/Rst - Syn - Ack.
B Syn - Syn/Ack – Ack
C Ack - Ack/Syn – Syn
D Syn - Ack/Ack – Syn

B - Syn - Syn/Ack – Ack

How well did you know this?

Not at all

Perfectly

Using Domain Internet Groper command (Dig), we can achieve a zone transfer via use of the following option.

A zxtr
B xafr
C axfr
D zxta

C - axfr

How well did you know this?

Not at all

Perfectly

Which of the following statements is true for UDP?

A UDP is stateless and therefore not used where reliability is a requirement
B UDP is stateful
C UDP supports retransmission
D UDP supports security

A - UDP is stateless and therefore not used where reliability is a requirement

How well did you know this?

Not at all

Perfectly

Which of the following terms best describes a piece of malware, which travels between computer systems without human intervention?

A Virus
B Worm
C Trojan Horse
D Trapdoor

B - Worm

How well did you know this?

Not at all

Perfectly

Which of the following statements is true for the Telnet Protocol?

A It does not implement any form of data encryption inside the TCP packet.
B It was designed to support secure remote access to a computer system
C It typically runs on TCP port 22
D It supports the use of digital certificates

A - It does not implement any form of data encryption inside the TCP packet.

How well did you know this?

Not at all

Perfectly

Which of the following functions can the ICMP protocol not be used for?

A Routers sending error messages to other routers and hosts.
B Identification of the network address of a given host.
C Controlling the rate of flow of information between network interface cards.
D Identification of a hostname from an IP address.

C - Controlling the rate of flow of information between network interface cards.

How well did you know this?

Not at all

Perfectly

Best Practice for security reviews consist of 4 stages, which of the following is not one of these stages?

A Network enumeration to identify IP networks and hosts of interest
B Frequency analysis of network packet protocols
C Bulk network scanning and probing to identify potentially vulnerable hosts
D Exploitation of vulnerabilities and circumvention of security mechanisms

B - Frequency analysis of network packet protocols

How well did you know this?

Not at all

Perfectly

Which of the following statements best describes the principles underlying RIP protocol?

A It is an implementation of black hole routing for local networks
B It is an implementation of the shortest path routing for local networks
C It is an implementation of n-dimension vector matrix routing for local networks
D It is an implementation of distance vector routing for local networks

D - It is an implementation of distance vector routing for local networks

How well did you know this?

Not at all

Perfectly

Which of the following statements best describes the principles underlying security in the RIP Version 1 protocol?

A It was not designed with security
B It implements security via digital signatures
C It implements security via a shared symmetric key
D It implements security via digital signatures and IPSEC

A - It was not designed with security

How well did you know this?

Not at all

Perfectly

The OSPF supports which of the following authentication methods?

A It implements authentication via a shared asymmetric key
B It implements authentication via digital signatures
C It implements authentication via a simple password which is sent in the clear
D It implements authentication via a hash of the password

C - It implements authentication via a simple password which is sent in the clear

How well did you know this?

Not at all

Perfectly

OSPF send its authentication via which of the following message types?

A HELLO
B AUTHENT
C TOPOLOGY
D INTRO

A - HELLO

How well did you know this?

Not at all

Perfectly

Using RIPv1 how do routers communicate with each other?

A Via unicast
B Via broadcast
C Via multicast
D Via point to point secure messaging

B - Via broadcast

How well did you know this?

Not at all

Perfectly

CVE Stands for?

A Common Vulnerabilities and Exposures
B Computer Vulnerability Exposure
C Common Vulnerability Element
D Computer Vulnerability Element

A - Common Vulnerabilities and Exposures

How well did you know this?

Not at all

Perfectly

Which of the following is true for the following CIDR address: 10.0.0.0/25?

A There are 254 hosts in the address range
B There are 126 hosts in the address range
C There are 62 hosts in the address range
D There are 510 hosts in the address range

B - There are 126 hosts in the address range

How well did you know this?

Not at all

Perfectly

To use netstat to display routing tables, which of the following switches is required?

A -a
B -n
C -p
D -r

D - -r

How well did you know this?

Not at all

Perfectly

Which of the following is not a recognised security Standard?

A ISO9001
B Orange Book
C ITSEC
D Common Criteria

A - ISO9001

How well did you know this?

Not at all

Perfectly

The following command is used on a Windows NT machine: ipconfig /renew What does this do? A Releases all IP addresses B Renews the first active IP address C Renews all IP addresses D None of the above

B - Renews the first active IP address

In an IP packet, the field "type of service" defines precedence, which of these is the highest priority? A Flash B Immediate C Inter-network control D Priority

A - Flash

Which of the following TCP port numbers is normally associated with the netbios? A 11 B 139 C 43 D 88

B - 139

Which layer of the OSI network model provides an interface to protocols such as HTTP and POP3? A Application B Transport C Network D Physical

A - Application

With regard to anonymous FTP servers on a UNIX system which of the following is not a common misconfiguration? A Making the pub directory world writeable. B Making the root ftp directory owned by root C Using the real password file in etc directory D Making the password file world writeable

B - Making the root ftp directory owned by root

What does the following nmap command do? nmap -P0 -sS -p 80 192.168.204.1 A Determines if port 80 is open using a SYN scan B Determines if any port is open using a SYN Scan C Determines if any port is open using a TCP Scan D Determines if port 80 is open using a full TCP Connect Scan

A - Determines if port 80 is open using a SYN scan

On a Windows System what does the following netstat command achieve? netstat -p udp –a A Displays all UDP activity on the same subnet as the host B Displays all out-going UDP ports on the current machine C Displays all listening and active UDP ports on the current machine D Displays all Ethernet statistic for the current machine

C - Displays all listening and active UDP ports on the current machine

Which of the following tools allows Ethernet/IP pairings to be monitored? A Arptoxin B Arpwatch C Arpsniff D Arpd

B - Arpwatch

Which of the following TCP port numbers is normally associated with kerberos? A 88 B 43 C 80 D 109

A - 88

What is the p0f tool used for? A Packet Capture B SYN Flooding C Operating System fingerprinting D ARP Poisoning

C - Operating System fingerprinting

Using the netstat command under UNIX which switch displays the program identifier / Program name? A -v B -p C -l D -n

B - -p

A system on a Class B subnet has the IP address 172.16.48.196 and the subnet mask 255.255.0.0 What would be the broadcast address? A 172.255.255.255 B 172.16.255.255 C 172.16.48.255 D 255.255.255.196

B - 172.16.255.255

What does the following nmap scan achieve? nmap -P0 -sX -p 80 192.168.204.1 A Determines if a port is open using an XMAS Scan B Determines if a port is open using a TCP handshake C Determines if a port is open using an SYN Scan D Determines if a port is open using a FIN Scan

A - Determines if a port is open using an XMAS Scan

Which of the following list of protocols encrypts data over a network? A TELNET B HTTP C SNMP D TLS

D - TLS

What does the following nmap command do? nmap -P0 -sU -p 80 192.168.204.1 A Determines if port 80 is open using a SYN scan B Determines if any port is open using a FIN Scan C Determines if a standard UDP port is open D Determines if port 80 is open using a Universal Scan

C - Determines if a standard UDP port is open

Which of the following TCP port numbers is normally associated with DNS? A 53 B 109 C 80 D 23

A - 53

Which of the following is not an Information function supported by ICMP? A Flow control B Detecting unreachable destinations C Route Redirection D System reliability checking

B - Detecting unreachable destinations

The traceroute command is typically used to? A Determine if a specific port is open or closed B Identify if a computer is connected to a network C Identify the route to a host on a network D Identify all possible routes to a host on a network

C - Identify the route to a host on a network

What does the following ping command sent from a Windows system achieve? ping -r 5 www.example.co.uk -n 2 A Pings the specified address with 2 echo requests while recording 5 count hops B Pings the specified address with 5 echo requests while recording count hops C Pings the specified address with 5 echo requests while timing count hops D Pings the specified address while specifying a timeout

A - Pings the specified address with 2 echo requests while recording 5 count hops

Which of the following is not a non-routable IP address? A 10.16.48.56 B 172.16.48.10 C 192.168.254.212 D 212.58.254.252

D - 212.58.254.252

The arptoxin tool is usually associated with which Operating System? A Mac B Unix C Linux D Windows

D - Windows

A bitwise, prefix-based standard for the interpretation of IP addresses is known as? A A.B.C.D/N B N/A.B.C.D C IPv4 D CIDR

D - CIDR

Which of the following is the sending of a packet to multiple destinations using the most efficient system to produce a simultaneous delivery? A Broadcast B Multicast C Unicast D Fastcast

B - Multicast

With regard to security issues associated with TFTP, which of the following assertions is true A TFTP makes uses of biometrics for authentication B TFTP makes use of digital signature for authentication C TFTP does not require authentication D TFTP uses simple passwords authentication

C - TFTP does not require authentication

With reference to the Data Protection Act 1998 which of the following best describes a 'Data Processor': A Any system which is used to process data B Any person other than an employee of the data controller who processes the data on behalf of the data controller. C Any mechanical, manual or electronic system used to process data D Any person who processes the data on behalf of the data controller.

D - Any person who processes the data on behalf of the data controller.

Which of the following sections of the Computer Misuse Act 1990 deals with facilitating further offences? A Section 1 B Section 2 C Section 3 D Section 3A

B - Section 2

Using RIP how do routers communicate with each other? a. via Multicast. b. via Unicast. c. via Point-to-Point Secure Messaging. d. via Broadcast.

D - via Broadcast.

Which of these statements is true regarding RIP? a. It is an implementation of black hole routing for local networks b. It is an implementation of the shortest path routing for local networks. c. It is an implementation of n-dimension vector matrix routing for local networks. d. It is an implementation of distance vector routing for local networks

D - It is an implementation of distance vector routing for local networks

At which layer of the OSI model do routers sit? a. Layer 1 b. Layer 2 c. Layer 3 d. Layer 4

C - Layer 3

You have just completed a port scan and found ports 80/tcp and 9100/tcp open on a host, what is this host likely to be? a. A Switch b. A Router c. A Nintendo Wii d. A Printer

D - A Printer

What is the default SNMP read only community string? a. public b. private c. read d. limited

A - Public

How does nmap perform operating system detection? a. Nmap is unable to detect operating systems. b. Using passive sniffing techniques. c. Using odd and malformed TCP packets. d. Using standard TCP packets.

C - Using odd and malformed TCP packets

Which default SNMP community string is found in some older Cisco devices? a. ilmi b. Publix c. C1sc0 d. snmp

A - ilmi

Which of these tools passively fingerprints an OS? a. SinFP b. Nessus c. Nmap d. p0f

D - p0f

Which of these tools uses standard TCP packets to fingerprint an OS? a. SinFP b. Nessus c. Nmap d. p0f

A - SinFP

Which nmap switch enables banner grabbing? a. -bg b. -sB c. -O d. -sV

D - sV

Which of the following tools allows you to view IP and MAC addressing pairings? a. arpspoof b. arptoxin c. arpwatch d. netstat

C - arpwatch

Which command would display the ARP table on a windows machine? a. arp b. arp -a c. arp -all d. ipconfig /arp

B - arp -a

How do you enable IP forwarding on a Linux machine? a. /etc/init.d/networking forward b. ifconfig eth0 --forward c. cat /proc/sys/net/ipv4/ip_forward d. echo 1 > /proc/sys/net/ipv4/ip_forward

D - echo 1 > /proc/sys/net/ipv4/ip_forward

Which of the following is not a method of data transfer using FTP? a. Stream b. Block c. Encrypted d. Compressed

C - Encrypted

Which is the most current version of SSH? a. Version 1.0 b. Version 1.99 c. Version 2.2 d. Version 2.0

D - Version 2.0

Which tool can be used to look for SSH servers? a. sshstalker b. sshscan c. scanssh d. sshd

C - Scanssh

Which service is normally found on TCP port 23? a. Telnet b. SSH c. FTP d. SMTP

A - Telnet

Which of these is an Asymmetric Cipher? a. RSA b. DES c. 3DES d. SAFER

A - RSA

During which type of attack does a crypt-analyst have access to both the plaintext and ciphertext of a message? a. Known Plaintext b. Known Ciphertext c. Purchase Key d. Adaptive Chosen Plain Text Attack

A - Known Plaintext

Which of the following properties is not a desirable feature for a digital signature? a. Impossible to Forge b. Reusable c. Not Alterable d. Authentic

b. Reusable

Which tool can put a wireless card into promiscuous mode? a. aircrack b. airsnarf c. airmon d. airodump

C - airmon

Which tool can capture wireless traffic? a. aircrack b. airsnarf c. airmon d. airodump

D - airodump

Which wireless encryption technology uses 3-byte IV’s. a. WEP b. WPA c. TKIP d. CCMP

A - WEP

Which tool can find WEP keys? a. airodump b. aireplay c. airmon d. aircrack

D - aircrack

Which authentication technology is sometimes combined with WPA? a. RADIUS b. Kerberos c. Smart Card d. OpenID

A - RADIUS

In an operating system environment, what program is always running? a. The Control Program b. The Resource Allocator c. The Internet Daemon d. The Kernel

D - The Kernel

In Microsoft Windows what acts as a go intermediary between the hardware and the Kernel? a. MS-DOS b. The Hardware Abstraction Layer c. Process Manager d. Virtual Memory Manager

B - The Hardware Abstraction Layer

When do Microsoft normally release patches? a. Every Monday b. The Second Tuesday of the Month. c. The Second Thursday of the Month. d. As and when.

B - The Second Tuesday of the Month.

Which Windows Security Issue does Enum4Linux exploit? a. A Buffer Overflow in the Server Service. b. Weak password for the IPC User. c. Null Sessions Permitted. d. Old Version of Internet Daemon.

C - Null Sessions Permitted.

Which folder in the UNIX file system contains user command binaries? a. /bin/ b. /sbin/ c. /usr/ d. /etc/

A - /bin/

Which of the following acts as a broker for TCP/IP connections on a UNIX system? a. xinetd b. named c. httpd d. tcpd

A - xinetd

Which computer security model places object access beyond the control of an individual owner of an object? a. DAC b. Take/Grant c. Bell La-Padula d. MAC

D - MAC

What type of Organisation would typically use DAC? a. Commercial b. Military c. Intelligence Agency d. Government

A - Commercial

What type of Organisation would normally use MAC? a. Commercial b. Military c. Educational d. Government

B - Military

Which of the following is not a primitive used in the Take-Grant security model? a. Take b. Destroy c. Grant d. Create

B - Destroy

You are conducting a pen test on an organsations internal website. You receive the following error while testing the site: Microsoft OLE DB Provider for ODBC Drivers error “80040e14.” What does this mean? a. The site is vulnerable to SQL injection. b. The site has insufficient transport layer encryption. c. The site suffers from an unvalidated forward vulnerability. d. The site is vulnerable to XSS.

A - The site is vulnerable to SQL injection.

Cross site scripting allows an attacker to? a. View site source code. b. Execute system commands on an application server. c. Inject client-side scripting languages into a website application d. Crash the website.

C - Inject client-side scripting languages into a website application

What is this URL an example of – www.sillycompany.net/download.php?file=finance.xls a. XSS b. SQL Injection c. A Direct Object Reference d. CSRF

C - A Direct Object Reference

Which of these tools is a Web Application Scanner? a. Wikto b. Flipto c. Skipto d. Nikto

D - Nikto

How can SQL injection be prevented? a. It cannot, it is a risk of using SQL. b. Validating user input on the server side. c. Using javascript to validate user input. d. Using MySQL rather than Microsoft SQL.

B - Validating user input on the server side.

With reference to the 1998 Data Protection act, which of the following best describes a “data processor”? a. Any system used to process data. b. Any person other than an employee of the data controller who processes the data on behalf of the data controller. c. Any Mechanical, manual or electronic system used to process data d. Any person who processes the data on behalf of the data controller.

B - Any person other than an employee of the data controller who processes the data on behalf of the data controller.

Which section of the computer misuse act covers using a computer to facilitate further crime? a. Section 1 b. Section 1A c. Section 2 d. Section 3

C - Section 2

RIPA is a. An Act to make provision for and about the interception of communications. b. The Regulation of Interception Powers Act 2000. c. Not relevant in the context of a penetration test d. All of the above

A - An Act to make provision for and about the interception of communications.

Simply trying to guess a friends Facebook password is fine? a. Yes, there is no harm done as long as its for fun. b. As long as you don’t intend to change any data. c. Provided you are a penetration tester. d. No, without permission it violates CMA 1990 s1.

D - No, without permission it violates CMA 1990 s1.

Aggressive port scanning which may lead to issues with availability is legal? a. Yes, as long as you are conducting a penetration test and this is clearly specified in the scope of work. b. No, port scanning is always illegal. c. Yes, provided you are a penetration tester its fine. d. Yes, port scanning in this manner is acceptable.

A - Yes, as long as you are conducting a penetration test and this is clearly specified in the scope of work.

The acronym VOIP stands for: a. Video Over Internet Protocol b. Voice Over Internet Portals c. Video Over Internet Portals d. Voice Over Internet Protocol

D - Voice Over Internet Protocol

The amap tool is best described as a. an application protocol mapping tool and banner grabber b. fast password cracking tool using precomputed rainbow tables c. a banner grabbing tool d. a powerful multi purpose tool, described as the TCP/IP swiss army knife

A - An application protocol mapping tool and banner grabber

What is an MD5 hash of a file most useful for a. Checking file integrity b. Checking file size c. Checking file confidentiality d. Checking file availability

A - Checking file integrity

The temporary memory area used by a processor to store information such as pointers to variables and return addresses is best described as a. RAM b. Pile c. Stack d. Heap

C - Stack

char *strcpy(char * destination, const char * source); // if misused can give rise to which class of vulnerability a. Buffer overflow b. Double Free c. Null Pointer d. Race condition

A - Buffer overflow

Which wireless standard operates at both 2.4 & 5GHz a. 802.11a b. 802.11b c. 802.11g d. 802.11n

A - 802.11n

What command would capture a screenshot of an X11 session?

xwinifo - root -silent -display :0 > screen.wsd

What command would configure X11 functionality on a Unix host?

xorg-configure

What files store information for TCP Wrapper?

/etc/hosts.allow and /etc/host.deny

What Dsquery command would list the domain controllers?

dsquery server

What nltest command would list the domain controllers?

nltest /dclist:"

What function of FSMO manages user to group mappings?

Infrastructure master

Describe the following Linux file permissions: -rwxrw-r--

File Owner: Read, write, execute Group: Read, write World: Read

Describe the following Linux file permissions: lrwxrwxrwx

The file is a link

Describe the following Linux file permissions: -rwSrw-r-x

File Owner: read, write, execute Group: read, write World: read, write, EXECUTE AS OWNER

Describe the following Linux file permissions: -rwSrwSr-x

File Owner: read, write, execute Group: read, write, SETGID World: read, write, SETUID

Legacy versions of Nmap had a flag/function which could be exploited if the SUID bit was set. What was the flag?

--interactive

What version of Oracle mitigates TNS poisoning?

12C and above

In Windows, on netstat, what does the -b do?

Display the executable associated with the port

In Linux, using the mount command, what commands security related function can be set using the -o flag?

nosuid noexec nolock (not security related but can be useful when connecting to older NFS systems)

In Windows, using ipconfig, how would you display the DNS cache?

ipconfig /displaydns

Describe common IEEE 802.X protocols

802. 1 - Higher Lan Protocols (802.1X - PNAC) 802. 3 - Ethernet 802. 5 - Token Ring 802. 11 - Wireless LAN 802. 15.1 - Bluetooth

What HTTP Security Headers are available and what do they do?

STS - Strict Transport Controls - Ensures the connection to the server is always over a secure channel and prevents users overriding any warning. CSP - Content Security Policy - Defines where data can come from such as JavaScript, images, etc. X-Frame options - Defines whether the site can be loaded within an iFrame. X-XSS-Protection - Prevents against reflected XXS attacks. X-Content Type options - Controls MIME sniffing. nosniff CORS - Cross Origin Website Resources - This controls what data can be shared between different sites.

You see a hash which begins 0x001, what is the hash likely from and what other characteristics does it have?

It is a MS SQL hash from pre 2012. It is hashed using SHA-1. The salt is 4 bytes, the hash is 16 bytes.

What does $5$ indicate in a Linux password hash

The hash is SHA-256

When using TKIP, how large is the key per packet?

128 bit.

How would you identify the version of MS SQL?

SELECT @@version;

How would you identify the version of MySQL?

SELECT version();

How would you identify the version of PostgreSQL?

SELECT version();

How would you identify the version of Oracle DBMS?

SELECT * FROM v$version

How would you identify the version of MongoDB?

db.version()