Chapter 4 Solutions
Review Questions
1.
Which of the following is a fast and easy way to gather information about a company? (Choose all that apply.)
c. View the company’s Web site.
d. Look for company ads in phone directories.
2.
To find information about the
key IT personnel for a company’s domain, you might use which of the following
tools? (Choose all that apply.)
a. Whois
c. SamSpade
3.
_____ is one of the components most vulnerable to network attacks.
d. DNS
4.
Which of the following contains host records for
a domain?
a. DNS
5.
Which of the following is a good Web site for gathering information on a domain?
e. All of the above
6.
A cookie can store information about a Web site’s visitors. True or False?
True
7.
Which of the following enables you to view all host compu
ters on a network?
c. Zone transfers
8.
What’s one way to gather information about a domain?
a. View the header of an e
-
mail you send to an e
-
mail account that doesn’t exist.
9.
Which of the following is one method of gathering information about the operating sy
stems a company is using?
a. Search the Web for e
-
mail addresses of IT employees.
10.
To determine a company’s primary DNS server, you can look for a DNS server containing which of the following?
d. SOA record
11.
When conducting competitive intelligence, which
of the following is a good way to determine the size of a
company’s IT support staff?
a. Review job postings on Web sites such as
www.monster.com
or
www.dice.com.
12.
If you’re trying to find newsgroup postings by IT employees of a certain company, which of th
e following Web sites
should you visit?
a.
http://groups.google.com
13.
Which of the following tools can assist you in finding general information about an organization and its employees?
(Choose all that apply.)
a.
www.google.com
b.
http://groups.google.com
14.
What’s the first method a security tester should attempt to find a password for a computer on the network?
c. Ask the user.
15.
Many social engineers begin gathering the information they need by using which of the following?
b. The telephone
16.
Discovering a user
’s password by observing the keys he or she presses is called which of the following?
d. Shoulder surfing
17.
Shoulder surfers can use their skills to find which of the following pieces of information? (Choose all that apply.)
a. Passwords
b. ATM PINs
c. Long
-
distance access codes
18.
Entering a company’s restricted area by following closely behind an authorized person is referred to as which of the
following?
b. Piggybacking
19.
What social
-
engineering technique involves telling an employee that you’re calling from t
he CEO’s office and need
certain information ASAP? (Choose all that apply.)
a. Urgency
c. Position of authority
20.
Before conducting a security test by using social
-
engineering tactics, what should you do?
c. Get written permission from the person who hired y
ou to conduct the security test.
Chapter 5 Solutions
Review Questions
1.
Security testers and hackers use which of the following to determine
the
services running on a host and the
vulnerabilities associated with th
e
se services?
d. Port scanning
2.
What is the most
widely used
port
-
scanning tool?
c. Nmap
3.
To
find
extensive Nmap information and examples of the correct syntax to use in Linux, which of the following
commands should you type?
d.
man nmap
4.
To
see
a brief summary of Nmap commands in a Linux
shell, which of the following should you do?
a. Type
nmap
-
h
.
5.
Which of the following Nmap commands sends a SYN packet to a computer with
the
IP address 193.145.85.210?
(Choose all that apply.)
a.
nmap
-
sS 193.145.85.210
b.
nmap
-
v 193.145.85.210
6.
Which f
lags are set on a packet sent with the
nmap
-
sX 193.145.85.202
command? (Choose all that apply.)
a. FIN
b. PSH
d. URG
7.
Which Nmap command verifies whether the SSH port is open on any computers
in
the 192.168.1.0 network?
(Choose all that apply.)
a.
nmap
-
v 192.168.1.0
-
254
-
p 22
d.
nmap
-
v 192.168.1.0/24
-
p 22
8.
A closed port responds to a SYN packet with
which of the following
packet
s?
d. RST
9.
Which type of scan is usually used to bypass a firewall or packet
-
filtering device?
a. ACK scan
10.
Security testers can use Hping to bypass filtering devices. True or False?
True
11.
A FIN packet sent to a closed port responds with
which of the following
packet
s?
c. RST
12.
A(n) ________ scan sends a packet with all flags set to NULL.
a. NULL
13.
What is a potenti
al
mistake when
performing a ping sweep on a network?
a. Including a broadcast address in the ping sweep range
14.
Port scanning provides the state for all but which of the following
ports
?
d
.
Buffered
15.
A NULL scan requires setting the FIN, ACK, and URG flags.
True or False?
False
16.
Why does the
fping
-
f 193.145.85.201 193.145.85.220
command cause an error?
a. An incorrect
parameter
is used.
17.
In basic network scanning, ICMP Echo Requests (type 8) are sent to host computers from the attacker, who waits for
which t
ype of packet to confirm that the host computer is live?
d. ICMP Echo Reply (type 0)
18.
To bypass some ICMP
-
filtering devices on a network, an attacker might send which type of packets to scan the
network for vulnerable services? (Choose all that apply.)
b. S
YN packets
c. ACK packets
19.
Which of the following is a tool for creating a custom TCP/IP packet and sending it to a host computer?
c. Hping
20.
Fping doesn
’
t allow ping
ing
multiple IP addresses simultaneously. True or False?
False
Chapter 6 Solutions
Review
Questions
21.
Which of the following testing processes is the most
intrusive
?
b.
Enumeration
22.
Security testers conduct enumeration for which of the following reasons? (Choose all that apply.)
a. G
ain
ing
access to shares and network resources
b.
Obtain
ing
user l
ogon names and group memberships
23.
Which of the following tools can be used to enumerate
Windows
systems? (Choose all that apply.)
a. OpenVAS
b.
DumpSec
d.
Hyena
24.
E
numeration
of Windows systems
can be more difficult if port ____ is filtered.
d.
139/
TC
P
25.
A null session is enabled by default in all the following
Windows v
ersions except:
b. Windows Server 2008
26.
The Net view command can be used to see whether there are any shared resources on a server. True or False
?
True
27.
To identify the NetBIOS names of syste
ms on the 193.145.85.0 network, which of the following commands do you
use?
a.
nbtscan 193.145.85.0/24
28.
Which of the following is a
Windows
command
-
line utility for
seeing
NetBIOS shares on a network?
c.
Net view
29.
To view
eDirectory
information on a NetWar
e 5.1 server, which of the following tools should you use?
d.
Novell Clien
t
30.
The Nbtstat command is used to enumerate *nix systems
. True or False?
False
31.
A NetBIOS name can contain a maximum of ___ characters.
c.
15
32.
Which of the following commands connects
to
a computer
containing shared files and folders
?
b.
Net use
33.
Which
port numbers
are
most vulnerable to NetBIOS attacks?
c.
135 to 139
34.
Which of the following is the vulnerability scanner from which OpenVAS was developed?
b.
Nessus
35.
Most NetBIOS enumeration
tools connect to the target system
by
using which of the following?
c.
Null
sessions
36.
What is the best method of preventing NetBIOS attacks?
a.
Filter
ing
certain
ports
at the firewall
37.
Which of the following is a commonly used UNIX enumeration tool?
d.
Finge
r
38.
Which of the following commands should you use to determine whether there are any shared resources on a
Windows computer with
the
IP address 193.145.85.202?
c.
nbtstat
-
a 193.145.85.202
39.
The Windows Net use command is a quick way to discover any shared
resources on a computer or server
. True or
False?
False
Enter the password to open this PDF file:
File name:
-
File size:
-
Title:
-
Author:
-
Subject:
-
Keywords:
-
Creation Date:
-
Modification Date:
-
Creator:
-
PDF Producer:
-
PDF Version:
-
Page Count:
-
Preparing document for printing…
0%
Σχόλια 0
Συνδεθείτε για να κοινοποιήσετε σχόλιο