Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
152 Cards in this Set
- Front
- Back
|
Which of the following are used to help reveal multiple layers of defense, help reveal application layer security protocols, and help validate network layer security settings by ensuring demilitarized and other isolated zones function as expected? |
Penetration tests |
|
|
Penetration testers can help provide __________ to managers in the organization. |
security awareness |
|
|
Penetration testers: |
prioritize any findings and recommended policy and control changes. |
|
|
Penetration tests are also called: |
vulnerability scans. |
|
|
The -O switch in the Nmap commands you ran in this lab (for example, nmap -O -v 10.20.100.50) instructed Nmap to: |
detect the operating system of the machine |
|
|
The -v switch in the Nmap commands you ran in this lab (for example, nmap -O -v 10.20.100.50) instructed Nmap to: |
show a great deal of detail. |
|
|
The following command line syntax (nmap --script=smb-check-vulns -p445 10.20.100.50) was used for: |
running an SMB vulnerability scan against 10.20.100.50. |
|
|
The first full vulnerability scan you conducted (on the 10.20.100.50 machine) indicated that the server was: |
vulnerable to the MS08_067 exploit since it either doesn't have a service pack installed or is SP2 with no additional hotfixes applied to it. |
|
|
The following command line syntax (nmap --script=smb-check-vulns -p445 192.168.3.25) was used to: |
run a vulnerability check on port 445. |
|
|
The full vulnerability scan you conducted on the 192.168.3.25 machine indicated that the server is a high-risk system because it is vulnerable to SMBv2 DoS attack which will: |
allow a denial of service attack with the BSOD (Blue Screen of Death). |
|
|
Vulnerability checks can be run: |
against specific ports to find additional vulnerabilities that might need to be addressed. |
|
|
The __________ vulnerability scan allows an attacker to grab three encrypted footprint keys without generating a log entry on the Unix system and allows for future exploitation. |
ssh-hostkey.nse |
|
|
Which of the following is an encrypted footprint key that is faster at validation (but slower at signature generation) and is used for encrypting and signatures? |
RSA—Rivest, Shamir and Adelman |
|
|
Which of the following is a standalone antivirus scanner for Windows systems? |
ClamWin |
|
|
In the lab, you performed a virus scan on just the infected folders, but in a real-world situation, you would scan: |
the entire C drive. |
|
|
There is little point in hardening a system if it is already compromised. Therefore, a __________ is an important first step in locking down any system. |
virus scan |
|
|
In the lab, one of the scan results determined that the TargetWindows01 server was infected with a live virus (Trojan.Bo) that: |
allows the BOclient to control the remote system as if logged on locally. |
|
|
In the lab, the Shutdown Event alert indicated that the shutdown was related to: |
BlueScreen. |
|
|
In the lab, you configured the Windows host-based firewall to: |
reduce the attack surface on the system. |
|
|
In the lab, you enabled the Windows host-based firewall and then re-ran a previous scan in order to: |
verify that the vulnerable open ports have been eliminated. |
|
|
A message digest, or hash, algorithm takes a string of text (the contents of your file or message) and: |
produces a fixed-length set of hexadecimal characters. |
|
|
Hashes are used for ensuring the __________ of the message. |
integrity |
|
|
As long as the content within a file does not change, the hash value (or checksum) will: |
calculate the same value every time. |
|
|
Encryption is used for ensuring the __________ of the message. |
confidentiality |
|
|
Which of the following refers to the free encryption software, based on the OpenPGP standard (RFC4880), that uses both symmetric and asymmetric encryption? |
Gnu Privacy Guard (GnuPG) |
|
|
DSA (Digital Signature Algorithm) and RSA (Rivest-Shamir-Adleman) are common __________ algorithms that can be used to successfully encrypt data and decrypt data. |
asymmetric encryption |
|
|
In __________, a key pair is generated, one key is kept private and the other is shared.
|
asymmetric encryption |
|
|
MD5 (Message-Digest algorithm 5) uses a __________ hash sum. |
128-bit |
|
|
SHA1 (Secure Hash Algorithm 1) uses a __________ hash sum. |
160-bit |
|
|
The more bits in the hash sum, the: |
greater the integrity checking of each bit that is transmitted from the source to its destination. |
|
|
In the lab, the system displayed the words __________ to indicate that both the MD5sum and the SHA1sum hash had worked correctly and that the Example.txt file had not been modified. |
Example.txt: OK |
|
|
In the lab, you used __________ to encrypt messages that you then sent between two fictitious users (Instructor and Student). |
Gnu Privacy Guard (GnuPG) |
|
|
Which of the following is required before GnuPG can create an encryption key pair? |
Collecting entropy |
|
|
When creating a GnuPG key, typing on the keyboard, moving the mouse, using disk space, and playing games are all actions that: |
generate more entropy (random bytes). |
|
|
The number of bytes sufficient to generate a GnuPG key pair is: |
different each time the key is generated. |
|
|
Which of the following do you need to decrypt encrypted messages and files from a trusted sender? |
The sender's public key |
|
|
The GnuPG -e switch is used to: |
encrypt data. |
|
|
GnuPG -d is used to: |
decrypt data. |
|
|
The first phase of hacking is __________ phase, which is designed to gain as much information about a target organization and its systems as possible? |
reconnaissance |
|
|
The Internet has always provided the would-be attacker potential access; now it also provides much-welcomed: |
intelligence. |
|
|
Which of the following can a hacker derive from the IP address of a target server? |
The physical location of the server's data center |
|
|
Which of the following is a tool that combines many common network information functions into a convenient single interface? |
Sam Spade |
|
|
Sam Spade is considered a(n): |
non-intrusive tool. |
|
|
While Sam Spade provides quite a bit of information about a domain, it is merely combining __________ information from a variety of sources. |
publicly available |
|
|
Which of the following will return information about the domain owner, including contact names, numbers, addresses, and the names of associated servers? |
WHOIS |
|
|
Which of the following is primarily used to verify whether the domain name is available or whether it has been registered? |
WHOIS |
|
|
By its nature, WHOIS information must be: |
publicly available. |
|
|
Companies wishing to disguise their ownership of a domain may choose to register domains: |
through an agent. |
|
|
Which of the following is designed to perform DNS queries, allowing you to look up the IP addresses associated with particular domain names? |
nslookup |
|
|
Which of the following is used to identify the network path that must be followed to reach one system from another? |
traceroute |
|
|
Which of the following provides the names and IP addresses of all intermediate systems and can be used to identify potential intermediate attack points? |
traceroute |
|
|
Which of the following may be used to estimate the geographic location of a server? |
traceroute |
|
|
Which of the following are used by data gatherers to find a large amount of information about a company, using not only the officially released information, but also information in publications and other Web sites? |
Search engines |
|
|
In the lab, you created a report of your research findings as if you were a(n): |
ethical hacker gathering information for a client. |
|
|
When you were conducting your public domain research in the lab, you selected a target organization with a(n): |
e-commerce Web site. |
|
|
Which section of your Hacking Research Report described the tools and techniques that you used to conduct both the technical research and public domain research? |
Methodology |
|
|
Which section of your Hacking Research Report included 2 to 3 paragraphs describing the information you uncovered in the lab and how an attacker might be able to exploit this information? |
Executive Summary |
|
|
The purpose of __________ within an organization is to proactively locate vulnerabilities in an organization's defenses, and correct them to strengthen overall security. |
ethical hacking |
|
|
It is the responsibility of the organization's __________ to know their networks and remove any possible point of entry before that happens. |
security and administration team |
|
|
Which of the following statements is true regarding ethical hacking? |
Ethical hackers follow the same approach that hackers use to compromise remote systems and networks. |
|
|
What distinguishes ethical hackers from other intruders? |
Ethical hackers obtain written permission to run security tools within the organization's network. |
|
|
Zenmap is a graphical interface for __________, a port scanning tool that can quickly identify hosts and detect what operating system and services are running on them, and all without privileged access. |
Nmap |
|
|
Zenmap and similar tools are typically used during which phases of the ethical hacking process? |
The reconnaissance and scanning phases |
|
|
In the lab, the __________ indicated the number of open ports discovered by Zenmap. |
Intense Scan report |
|
|
What step in the hacking attack process identifies known vulnerabilities? |
The enumeration phase |
|
|
Which of the following tools identifies known vulnerabilities of devices, operating systems, applications, databases, and services running on those devices? |
OpenVAS |
|
|
OpenVAS is a scanning engine that runs: |
remotely on a server. |
|
|
The first page of the Full OpenVAS Report you downloaded as part of the vulnerability scan was a: |
summary showing the number of high, medium, and low severity vulnerabilities that were identified. |
|
|
Metasploit is part of the __________ security distribution for Linux. |
Kali |
|
|
A Linux __________ is a bootable virtual machine (or CD or USB stick) that comes preloaded with popular open source security software packages. |
security distribution |
|
|
In the lab, which of the following tools did you use to exploit the victim system? |
Metasploit |
|
|
The Metasploit startup splash screen: |
will be different each you start Metasploit. |
|
|
In the Intense scan report, what was the name of the vulnerable service you identified on port 21? |
vsftpd |
|
|
According to the description in the OpenVAS vulnerability report, the type of vulnerability found on port 21 could enable a hacker to: |
compromise the system through a backdoor. |
|
|
Metasploit ranked the vulnerability found in the lab as __________, indicating that the exploit is almost certain to work. |
excellent |
|
|
In the lab, Metasploit was able to connect to the victim system with __________ access, and without requiring a password. |
root-level |
|
|
The OpenVAS vulnerability report included a __________ for the vulnerability that was found in the lab. |
recommended solution |
|
|
Network and system engineers and information systems security professionals can help ensure Web application security through regular: |
penetration testing. |
|
|
If e-commerce or privacy data is entered into a Web application, the company is bound by __________ to ensure the confidentiality of customer data. |
compliance laws and standards |
|
|
The __________ contains abundant information about common software vulnerabilities and exploits. |
CVE listing database |
|
|
Penetration testing should be performed whenever the Web application or service is: |
updated or modified. |
|
|
An ethical hacker: |
recommends specific countermeasures for remediating the vulnerabilities and eliminating the exploits. |
|
|
Which of the following is a tool specifically designed with common vulnerabilities to help Web developers test their own applications prior to release? |
Damn Vulnerable Web Application (DVWA) |
|
|
Which of the following is a Damn Vulnerable Web Application (DVWA) security level that mimics a vulnerable Web application? |
Low |
|
|
A reflective cross-site scripting attack (like the one in this lab) is a __________ attack in which all input shows output on the user's/attacker's screen and does not modify data stored on the server. |
non-persistent |
|
|
The goal of a cross-site scripting (XSS) attack is usually to: |
gain administrator or some other elevated level of user privileges |
|
|
Which of the following refers to the malicious insertion of scripting code to extract data or modify a Web site's code, application, or content? |
Cross-site scripting (XSS) |
|
|
What was the expected outcome when you entered a name in the "What's your name?" box on the XSS Web form? |
Repeated it back to you in a friendly welcome |
|
|
Cross-site scripting (XSS) vulnerabilities are generally found in Web forms that: |
send and retrieve data to databases via HTML. |
|
|
The most basic method of not allowing any scripts to be run on a Web page is to: |
prohibit greater-than and less-than arrows from being submitted. |
|
|
Which of the following commands is a scripting function used to generate a pop-up window with the message "Here is proof of a vulnerability"? |
alert |
|
|
In general, which of the following is accomplished by appending a valid SQL command to the input that is being passed through a Web form into the database behind it? |
SQL injection |
|
|
Often, programmers forget to __________, which then makes an application vulnerable to SQL injection. |
include script handling for special characters like apostrophes in their data input forms |
|
|
Which of the following is a default schemata in the MySQL database software that is an easy place for SQL injection hackers to start and can return much information about the structure and content of the tables in the Web site's database? |
information_schema |
|
|
Hackers often use __________ instead of cleartext to make the scripts harder to detect. |
hexadecimal character strings |
|
|
Database administrators should monitor their SQL databases for unauthorized or abnormal SQL injections and write scripts for alarming as well as __________ alerts. |
Simple Network Management Protocol (SNMP) |
|
|
The information you gathered in the lab's tests, along with the ability to write to a file, indicates that you have found a(n): |
injectable database. |
|
|
Which of the following is true regarding antivirus programs? |
Antivirus programs are designed to stop the spread and activity of viruses. |
|
|
Which of the following is an approach to identifying viruses in which the program recognizes symptoms of a virus? |
Suspicious behavior |
|
|
Which of the following is an approach to identifying viruses in which the program uses a signatures database to identify a virus? |
Dictionary-based detection |
|
|
Which of the following terms refers to anything developed for the purpose of doing harm? |
Malware |
|
|
A slow response opening applications or browsing the Internet, applications not working as they normally would, and the operating system not booting up correctly are all symptoms of: |
a malware infection. |
|
|
Antivirus vendors usually update their antivirus signature files: |
several times per week |
|
|
AVG automatically updates the database on a regular basis, as long as the machine is: |
able to reach the Internet. |
|
|
In addition to updating the signatures database regularly, it is also important to: |
research and apply any patches to the antivirus software itself. |
|
|
Which feature of AVG enables you to remove specific files or folder from the scan? |
The Exceptions feature |
|
|
Which of the following terms is used to describe a correctly formatted document that appears to be malware to an antivirus program? |
False positive |
|
|
By default, AVG scans: |
the whole computer. |
|
|
When a virus scan is complete, AVG displays a(n) __________ showing the number of threats that were identified and removed. |
Report Summary |
|
|
Each threat identified by AVG is given a __________ of high, medium, or low. |
threat severity rating |
|
|
In the AVG Report Summary, what did the green checkmark indicate? |
Whether or not each threat was removed from your computer |
|
|
The information regarding the results of an AVG scan is saved in the: |
AVG History. |
|
|
Which AVG feature scans every single file as it is opened, saved, or copied?
|
Resident Shield |
|
|
The Virus Vault is considered a __________ where all removed files, virus infected or suspicious, are stored until you take action on them.
|
quarantine area |
|
|
All the files in the Virus Vault are: |
encrypted and cannot do the computer any harm. |
|
|
A false positive stored in the Virus Vault is: |
easily restored within the interface. |
|
|
Which of the following checkbox options would you use to ensure that a scan will run on startup if the computer were off at the scheduled time? |
Run when computer starts up if task has been missed |
|
|
Which of the following refers to an event in an organization that can include accidental actions or malicious actions that result in a problem? |
Security incident |
|
|
An organization's __________ identifies the incident response team roles, responsibilities, and processes for performing an incident response. |
security policy |
|
|
Which phase of the incident response process is used to determine what went right during the incident response, what went wrong, and how to make the process better? |
Lesson Learned |
|
|
In which phase of the incident response process is the affected system tested, restored, and returned to service? |
Recovery |
|
|
Which phase of the incident response process includes collecting evidence without destroying or altering it, as well as removing the threat? |
Eradication |
|
|
In which phase of the incident response process do you control the event as much as possible in order to stop the threat? |
Containment |
|
|
In which phase of the incident response process do you establish just what has actually occurred? |
Identification |
|
|
Which phase of the incident response process ensures that there is a plan in place for handling incidents, a team responsible for investigating, and procedures for consistency? |
Preparation |
|
|
After a security incident, an infected machine should be: |
kept in its steady state. |
|
|
After determining that the event in the lab constituted an incident, you instructed the help desk to have the user of the machine cease all activity and contain the infected machine by: |
disconnecting from the network. |
|
|
In the lab, a(n) __________ was generated that indicated that one of the Windows workstations on the network was likely infected with some type of malware. |
trouble ticket |
|
|
The __________ feature of AVG enables you to remove specific files or folders from an antivirus scan. |
Exceptions |
|
|
Which button in the Report Summary will display each threat identified by AVG, including its threat severity rating and whether or not the threat was removed from your computer? |
Detections |
|
|
Once you have the name and details for a virus, you can search the __________ or the Internet for more information about how the virus entered your network |
antivirus company's Web site |
|
|
The __________, provided by AVG Threatlabs, is a useful resource for learning about viruses. |
Virus Encyclopedia |
|
|
Which of the following refers to the quarantine area where all removed files (virus infected or suspicious) are stored until you take action on them?
|
Virus Vault |
|
|
Which button in AVG will delete all viruses, malware, and malicious software detected by the application? |
Empty Vault |
|
|
Which of the following statements is true regarding information security breaches? |
Cyber laws act as a broad deterrent but they do not secure networks from malicious activity. |
|
|
Prevention and detection are the two major categories of: |
internal controls. |
|
|
Which of the following block IP traffic based on the filtering criteria that the information systems security practitioner configures? |
Intrusion prevention systems (IPS) |
|
|
Which of the following statements is true regarding intrusion detection systems (IDS)? |
Intrusion detection systems are alert-driven, but they require the information systems security practitioner to configure them properly. |
|
|
Which of the following can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes? |
Snort |
|
|
Which of the following is an open source network intrusion prevention and detection system, capable of performing real-time traffic analysis and packet logging on IP networks? |
Snort |
|
|
When checking the status of the Snort service, a response of __________ indicates that Snort is running and is configured with the default alerts and rules (signatures). |
OK |
|
|
You need to restart the Snort service if a __________ is received. |
fail status |
|
|
Which of the following is a Web-based tool that analyzes intrusions detected by Snort? |
Snorby |
|
|
Performing a network traffic __________ provides information about what protocols and traffic behavior patterns are normal.
|
baseline definition analysis |
|
|
In the lab, you created a new user account in OpenVAS with: |
administrative privileges. |
|
|
Which of the following is a framework of several services and tools offering vulnerability scanning and management solutions? |
OpenVAS |
|
|
OpenVAS is used to run tests against client computers using a: |
database of known exploits and weaknesses |
|
|
Which of the distinct roles that OpenVAS recognizes provides only enough privileges to view resources? |
Observer |
|
|
Which of the distinct roles that OpenVAS recognizes includes extra privileges, like the ability to add users or synchronize the feed? |
Administrator |
|
|
Which of the distinct roles that OpenVAS recognizes provides only enough privileges for everyday use? |
User |
|
|
In the lab, OpenVAS identified: |
a single security issue of medium risk level. |
|
|
When Snort captures and examines IP packets, it: |
looks for specific IP packet traffic patterns and abnormal traffic attempting to enter a network. |
