Chapter 4 Solutions Review Questions

Chapter 4 Solutions
Review Questions

1.

Which of the following is a fast and easy way to gather information about a company? (Choose all that apply.)

c. View the company’s Web site.

d. Look for company ads in phone directories.

2.

To find information about the

key IT personnel for a company’s domain, you might use which of the following
tools? (Choose all that apply.)

a. Whois

c. SamSpade

3.

_____ is one of the components most vulnerable to network attacks.

d. DNS

4.

Which of the following contains host records for
a domain?

a. DNS

5.

Which of the following is a good Web site for gathering information on a domain?

e. All of the above

6.

A cookie can store information about a Web site’s visitors. True or False?

True

7.

Which of the following enables you to view all host compu
ters on a network?

c. Zone transfers

8.

What’s one way to gather information about a domain?

a. View the header of an e
-
mail you send to an e
-
mail account that doesn’t exist.

9.

Which of the following is one method of gathering information about the operating sy
stems a company is using?

a. Search the Web for e
-
mail addresses of IT employees.

10.

To determine a company’s primary DNS server, you can look for a DNS server containing which of the following?

d. SOA record

11.

When conducting competitive intelligence, which
of the following is a good way to determine the size of a
company’s IT support staff?

a. Review job postings on Web sites such as
www.monster.com

or
www.dice.com.

12.

If you’re trying to find newsgroup postings by IT employees of a certain company, which of th
e following Web sites
should you visit?


a.
http://groups.google.com

13.

Which of the following tools can assist you in finding general information about an organization and its employees?
(Choose all that apply.)

a.
www.google.com

b.
http://groups.google.com

14.

What’s the first method a security tester should attempt to find a password for a computer on the network?

c. Ask the user.

15.

Many social engineers begin gathering the information they need by using which of the following?

b. The telephone

16.

Discovering a user
’s password by observing the keys he or she presses is called which of the following?

d. Shoulder surfing

17.

Shoulder surfers can use their skills to find which of the following pieces of information? (Choose all that apply.)

a. Passwords

b. ATM PINs

c. Long
-
distance access codes

18.

Entering a company’s restricted area by following closely behind an authorized person is referred to as which of the
following?

b. Piggybacking

19.

What social
-
engineering technique involves telling an employee that you’re calling from t
he CEO’s office and need
certain information ASAP? (Choose all that apply.)

a. Urgency

c. Position of authority

20.

Before conducting a security test by using social
-
engineering tactics, what should you do?

c. Get written permission from the person who hired y
ou to conduct the security test.

Chapter 5 Solutions

Review Questions

1.

Security testers and hackers use which of the following to determine
the

services running on a host and the
vulnerabilities associated with th
e
se services?

d. Port scanning

2.

What is the most
widely used

port
-
scanning tool?

c. Nmap

3.

To
find

extensive Nmap information and examples of the correct syntax to use in Linux, which of the following
commands should you type?

d.
man nmap

4.

To
see

a brief summary of Nmap commands in a Linux

shell, which of the following should you do?

a. Type
nmap
-
h
.

5.

Which of the following Nmap commands sends a SYN packet to a computer with
the

IP address 193.145.85.210?
(Choose all that apply.)

a.
nmap
-
sS 193.145.85.210

b.
nmap
-
v 193.145.85.210

6.

Which f
lags are set on a packet sent with the
nmap
-
sX 193.145.85.202

command? (Choose all that apply.)

a. FIN

b. PSH

d. URG

7.

Which Nmap command verifies whether the SSH port is open on any computers
in

the 192.168.1.0 network?
(Choose all that apply.)

a.
nmap

-
v 192.168.1.0
-
254
-
p 22

d.
nmap
-
v 192.168.1.0/24
-
p 22

8.

A closed port responds to a SYN packet with
which of the following

packet
s?

d. RST

9.

Which type of scan is usually used to bypass a firewall or packet
-
filtering device?

a. ACK scan

10.

Security testers can use Hping to bypass filtering devices. True or False?

True

11.

A FIN packet sent to a closed port responds with
which of the following

packet
s?

c. RST

12.

A(n) ________ scan sends a packet with all flags set to NULL.

a. NULL

13.

What is a potenti
al
mistake when

performing a ping sweep on a network?

a. Including a broadcast address in the ping sweep range

14.

Port scanning provides the state for all but which of the following

ports
?

d
.
Buffered

15.

A NULL scan requires setting the FIN, ACK, and URG flags.

True or False?

False

16.

Why does the
fping
-
f 193.145.85.201 193.145.85.220

command cause an error?

a. An incorrect
parameter

is used.

17.

In basic network scanning, ICMP Echo Requests (type 8) are sent to host computers from the attacker, who waits for
which t
ype of packet to confirm that the host computer is live?

d. ICMP Echo Reply (type 0)

18.

To bypass some ICMP
-
filtering devices on a network, an attacker might send which type of packets to scan the
network for vulnerable services? (Choose all that apply.)

b. S
YN packets

c. ACK packets

19.

Which of the following is a tool for creating a custom TCP/IP packet and sending it to a host computer?

c. Hping

20.

Fping doesn
’
t allow ping
ing

multiple IP addresses simultaneously. True or False?

False

Chapter 6 Solutions

Review
Questions

21.

Which of the following testing processes is the most
intrusive
?

b.
Enumeration

22.

Security testers conduct enumeration for which of the following reasons? (Choose all that apply.)

a. G
ain
ing

access to shares and network resources

b.
Obtain
ing

user l
ogon names and group memberships

23.

Which of the following tools can be used to enumerate
Windows

systems? (Choose all that apply.)

a. OpenVAS

b.
DumpSec

d.
Hyena

24.

E
numeration
of Windows systems
can be more difficult if port ____ is filtered.

d.
139/
TC
P

25.

A null session is enabled by default in all the following
Windows v
ersions except:

b. Windows Server 2008

26.

The Net view command can be used to see whether there are any shared resources on a server. True or False
?

True

27.

To identify the NetBIOS names of syste
ms on the 193.145.85.0 network, which of the following commands do you
use?

a.
nbtscan 193.145.85.0/24

28.

Which of the following is a
Windows

command
-
line utility for
seeing

NetBIOS shares on a network?

c.
Net view

29.

To view
eDirectory

information on a NetWar
e 5.1 server, which of the following tools should you use?

d.
Novell Clien
t

30.

The Nbtstat command is used to enumerate *nix systems
. True or False?

False

31.

A NetBIOS name can contain a maximum of ___ characters.

c.
15

32.

Which of the following commands connects
to
a computer
containing shared files and folders
?

b.
Net use

33.

Which

port numbers
are
most vulnerable to NetBIOS attacks?

c.
135 to 139

34.

Which of the following is the vulnerability scanner from which OpenVAS was developed?

b.
Nessus

35.

Most NetBIOS enumeration
tools connect to the target system
by
using which of the following?

c.
Null
sessions

36.

What is the best method of preventing NetBIOS attacks?

a.
Filter
ing

certain
ports
at the firewall

37.

Which of the following is a commonly used UNIX enumeration tool?

d.
Finge
r

38.

Which of the following commands should you use to determine whether there are any shared resources on a
Windows computer with
the

IP address 193.145.85.202?

c.
nbtstat
-
a 193.145.85.202

39.

The Windows Net use command is a quick way to discover any shared
resources on a computer or server
. True or
False?

False