Quiz 4 Flashcards Preview

Ethical Hacking > Quiz 4 > Flashcards

Flashcards in Quiz 4 Deck (53)
Loading flashcards...
1
Q
\_\_\_\_ is a Web tool used to gather IP and domain information. It is available for both UNIX and Window OSs.
Answer    
Samba 
   Bugnosis 
   SamSpade 
   FOCA
A

SamSpade

2
Q

What is “competitive intelligence”?

A

If you want to open a piano studio to compete against another studio that has been in your neighborhood for many years, getting as much information as possible about your competitor is wise. How could you know the studio was successful without being privy to its bank statements? First, many businesses fail after the first year, so the studio being around for years is a testament to the owner doing something right. Second, you can simply park your car across the street from the studio and count the students to get a good idea of the number of clients. You can easily find out the cost of lessons by calling the studio or looking for ads in newspapers, flyers, telephone books, billboards, and so on. Numerous resources are available to help you discover as much as is legally possible about your competition. Business people have been doing this for years. Now this information gathering, called competitive intelligence, is done on an even higher level through technology. As a security professional, you should be able to explain to the company that hired you all the methods competitors use to gather information. To limit the amount of information a company makes public, you should have a good understanding of what a competitor would do to discover confidential information.

3
Q
The HTTP \_\_\_\_ method retrieves data by URI.
Answer    
GET 
   PUT 
   POST 
   HEAD
A

PUT

4
Q

To limit the amount of information a company makes public, you should have a good understanding of what a competitor would do to discover confidential information.

A

True

5
Q
\_\_\_\_ is a Web tool used to gather IP and domain information. It is available for both UNIX and Window OSs.
Answer  
 Samba 
   Bugnosis 
   SamSpade 
   FOCA
A

SamSpade

6
Q

How can a computer criminal use HTTP methods before running an exploit on a server?

A

If you know HTTP methods, you can send a request to a Web server and, from the generated output, determine what OS the Web server is using. You can also find other information that could be used in an attack. After you determine which OS version a company is running, you can search for any exploits that might be used against that network’s systems.

7
Q
\_\_\_\_ is a tool that is used to perform DNS zone transfers.
Answer   
 Whois 
   Netcat 
   Metis 
   Dig
A

Dig

8
Q

Why is ATM shoulder surfing much easier than computer shoulder surfing?

A

ATM theft is much easier than computer shoulder surfing because a keypad has fewer characters to memorize than a computer keyboard. If the person throws away the receipt in a trash can near the ATM, the shoulder surfer can match the PIN with an account number and then create a fake ATM card. Often shoulder surfers use binoculars or high-powered telescopes to observe PINS being entered, making it difficult to protect against this attack.

9
Q

Some cookies can cause security issues because unscrupulous people might store personal information in cookies that can be used to attack a computer or server.

A

True

10
Q
\_\_\_\_ enable you to see all the host computers on a network. In other words, they give you an organization’s network diagram.
Answer   
 Web bugs 
   Footprints 
   Zone transfers 
   Namedroppers
A

Zone transfers

11
Q

The HTTP CONNECT method starts a remote application-layer loopback of the request message.

A

False

12
Q

Network attacks often begin by gathering information from a company’s Web site.

A

True

13
Q
The HTTP \_\_\_\_ method is the same as the GET method, but retrieves only the header information of an HTML document, not the document body.
Answer   
 CONNECT 
   PUT 
   POST 
   HEAD
A

HEAD

14
Q

In computer jargon, the process of finding information on a company’s network is called ____________________.

A

footprinting

15
Q

List at least five tools available for footprinting.

A

The following tools can be used for footprinting: Google groups, Whois, SamSpade, Web Data Extractor, FOCA, Necrosoft NS Scan, Google search engine, Namedroppers, White Pages, Metis, Dig, Netcat, Wget, Paros, and Maltego.

16
Q

As a security tester, should you use social-engineering tactics?

A

As a security tester, you should never use social-engineering tactics unless the person who hired you gives you permission in writing. You should also confirm on which employees you’re allowed to perform social-engineering tests, and document the tests you conduct. Your documentation should include the responses you received, and all test results should, of course, be confidential.

17
Q

What is the purpose of a Web bug? How do they relate to or differ from spyware?

A

A Web bug is a 1-pixel x 1-pixel image file referenced in an <img></img> tag, and it usually works with a cookie. Its purpose is similar to that of spyware and adware: to get information about the person visiting the Web site. Web bugs are not from the same Web site as the Web page creator. They come from third-party companies specializing in data collection. Security professionals need to be aware of cookies and Web bugs to keep these information-gathering tools off company computers.

18
Q
To help prevent \_\_\_\_ attacks, you must educate your users not to type logon names and passwords when someone is standing directly behind them—or even standing nearby.
Answer    
shoulder-surfing 
   footprinting 
   piggybacking 
   social engineering
A

shoulder-surfing

19
Q

How can computer criminals use the Whois utility for their purposes?

A

The Whois utility is a commonly used tool for gathering IP address and domain information. With just a company’s Web address, you can discover a tremendous amount of information. Unfortunately, attackers can also make use of this information. Often companies don’t realize that they’re publishing information on the Web that computer criminals can use. The Whois utility gives you information on a company’s IP addresses and any other domains the company might be part of.

20
Q
To see additional parameters that can be used with the \_\_\_\_ command, you can type nc -h at the command prompt.
Answer  
  Nslookup 
   Namedroppers 
   Netcat 
   Whois
A

Netcat

21
Q

The HTTP ____________________ method is used with a proxy that can dynamically switch to a tunnel connection, such as Secure Socket Layer (SSL).

A

CONNECT

22
Q
\_\_\_\_ can be used to read PINs entered at ATMs or to detect long-distance authorization codes that callers dial.
Answer    
Shoulder surfing 
   Footprinting 
   Zone transferring 
   Social engineering
A

Shoulder surfing

23
Q
With commands such as \_\_\_\_, you can perform zone transfers of all DNS records.
Answer  
  Dig 
   Whois 
   DNS 
   Netcat
A

Dig

24
Q
\_\_\_\_ is a tool that is used to gather IP and domain information.
Answer    
Whois 
   Netcat 
   Metis 
   Dig
A

Whois

25
Q
\_\_\_\_ is the most basic HTTP method.
Answer 
   GET 
   PUT 
   CONNECT 
   HEAD
A

GET

26
Q
The HTTP \_\_\_\_ method requests that the entity be stored under the Request-URI.
Answer   
 GET 
   PUT 
   POST 
   HEAD
A

PUT

27
Q

A(n) ____________________ is a text file generated by a Web server and stored on a user’s browser.

A

cookie

28
Q
The HTTP \_\_\_\_ allows data to be sent to a Web server.
Answer   
 GET 
   PUT 
   POST 
   HEAD
A

POST

29
Q
The HTTP \_\_\_\_ method retrieves data by URI.
Answer    
GET 
   PUT 
   POST 
   HEAD
A

GET

30
Q

Wget is a tool that can be used to retrieve HTTP, HTTPS, and FTP files over the Internet.

A

True

31
Q
A(n) \_\_\_\_ is a 1-pixel x 1-pixel image file referenced in an <img> tag, and it usually works with a cookie.
Answer    
image bug 
   zone transfer 
   Bugnosis detector 
   Web bug
A

Web bug

32
Q

A(n) ____________________ is a person skilled at reading what users enter on their keyboards, especially logon names and passwords.

A

shoulder surfer

33
Q
The \_\_\_\_ tool can generate a report that can show an attacker how a Web site is structured and lists Web pages that can be investigated for further information.
Answer 
   Netcat 
   Paros 
   Dig 
   Whois
A

Paros

34
Q

How can DNS be used for footprinting?

A

DNS uses name servers to resolve names. After you determine what name server a company is using, you can attempt to transfer all the records for which the DNS server is responsible. This process, called a zone transfer, can be done with the Dig command.

To determine a company’s primary DNS server, you can look for a DNS server containing a Start of Authority (SOA) record. An SOA record shows which zones or IP addresses the DNS server is responsible. After you determine the primary DNS server, you can perform another zone transfer to see all host computers on the company network. In other words, the zone transfer give you an organization’s network diagram. You can use this information to attack other servers or computers that are part of the network infrastructure.

35
Q
\_\_\_\_ can be used to gather information useful for computer criminals, like company phone directories, financial reports, interoffice memos, resumes of employees, etc.
Answer   
 Shoulder surfing 
   Footprinting 
   Piggybacking 
   Dumpster diving
A

Dumpster diving

36
Q
\_\_\_\_ is trailing closely behind an employee who has access to an area without the person realizing that you didn’t use a PIN or a security badge to enter the area.
Answer   
 Shoulder surfing 
   Footprinting 
   Piggybacking 
   Dumpster diving
A

Piggybacking

37
Q

What type of information is usually gathered by social engineering?

A

Social engineering means using a knowledge of human nature to get information from people. In computer attacks, the information is usually a password to a network or other information an attacker could use to compromise a network. A salesperson can get personal information about customers, such as income, hobbies, social life, drinking habits, music preferences, and the like, just by asking the customer the right questions. A salesperson uses charm and sometimes guile to relax customers. In a sense, a salesperson attempts to bond with customers by pretending to be empathetic with them. After leaving the store, customers might regret some of the information they freely gave, but if the salesperson was personable, they might not think twice about the personal information the salesperson elicited. Social engineers might also use persuasion tactics, intimidation, coercion, extortion, and even blackmail to gather the information they need. They are probably the biggest security threat to networks and the most difficult to protect against.

38
Q

Namedroppers is a tool that can be used to capture Web server information and possible vulnerabilities in a Web site’s pages that could allow exploits such as SQL injection and buffer overflows.

A

False

39
Q

What is “competitive intelligence”?

A

If you want to open a piano studio to compete against another studio that has been in your neighborhood for many years, getting as much information as possible about your competitor is wise. How could you know the studio was successful without being privy to its bank statements? First, many businesses fail after the first year, so the studio being around for years is a testament to the owner doing something right. Second, you can simply park your car across the street from the studio and count the students to get a good idea of the number of clients. You can easily find out the cost of lessons by calling the studio or looking for ads in newspapers, flyers, telephone books, billboards, and so on. Numerous resources are available to help you discover as much as is legally possible about your competition. Business people have been doing this for years. Now this information gathering, called competitive intelligence, is done on an even higher level through technology. As a security professional, you should be able to explain to the company that hired you all the methods competitors use to gather information. To limit the amount of information a company makes public, you should have a good understanding of what a competitor would do to discover confidential information.

40
Q

The ____________________ utility gives you information on a company’s IP addresses and any other domains the company might be part of.

A

Whois

41
Q
\_\_\_\_ means using a knowledge of human nature to get information from people.
Answer    
Fingerprinting 
   Footprinting 
   Zone transferring 
   Social engineering
A

Social engineering

42
Q

List the five techniques used by social engineers in their attempts to gain information from unsuspecting people.

A
  • Urgency
  • Quid pro quo
  • Status quo
  • Kindness
  • Position
43
Q

Elaborate on the following statement: “The most difficult job of a security professional is preventing social engineers from getting crucial information from company employees.”

A

No matter how thorough a security policy is or how much money is spent on firewalls and intrusion detection systems (IDSs), employees are still the weakest link in an organization. Attackers know this fact and use it. Employees must be trained and tested periodically on security practices. Just as fire drills help prepare people to evacuate during a fire, random security drills can improve a company’s security practices. For example, randomly selecting and testing employees each month to see whether they would give their passwords to someone within or outside the organization is a good way to see if your security memos are being read and followed.

44
Q
\_\_\_\_ is a tool that is used to gather competitive intelligence from Web sites.
Answer  
  Whois 
   Netcat 
   Metis 
   Dig
A

Metis

45
Q

define HTTP 400 Bad Request

A

Request not understood by server

46
Q

define HTTP 405 Method Not Allowed

A

Request not allowed for the resource

47
Q

define HTTP 408 Request Timeout

A

Request not made by client in allotted time

48
Q

define HTTP 403 Forbidden

A

Server understands request but refuses to comply

49
Q

define HTTP 404 Not Found

A

Unable to match request

50
Q

define HTTP 500 Internal Server Error

A

Request could not be fulfilled by server

51
Q

define HTTP 503 Service Unavailable

A

Server is unavailable due to maintenance or overload

52
Q

define HTTP 502 Bad Gateway

A

Server received invalid response from upstream server

53
Q

define HTTP 504 Gateway Timeout

A

Server did not receive a timely response