Ethical Hacking Quizzes 1-10

Questions and Answers

A major difference between a hacker and an ethical hacker is the:

Level of technological proficiency each has accomplished.

Education level each has obtained.

Social position each has reached.

Code of ethics to which each subscribes. (correct)

Breaking the trust of the client has placed in the ethical hacker can lead to the:

Planning stage being deemed incomplete.

Question of other details, such as the result of the test. (correct)

Rules of engagement having to be rewritten.

Failure of the testing results to accurately portray the organization's assets.

During the planning phase of a penetration test, the aim should be to:

Determine why a penetration test and its associated tasks are necessary. (correct)

Perform the attack and measure the results.

Research applicable state and federal regulations that apply to the proposed tests.

Report the results of the attack to the organization.

Planning, discovery, attack, and reporting are considered:

Ethical hacking steps.

What type of penetration testing is most often used when an organization wants to closely simulate how an attacker views a system?

Black-box testing

Which of the following is NOT considered one of the three types of controls you can use in risk mitigation?

Distribution

Which of the following refers to a piece of software, a tool, or a technique that targets or takes advantage of a vulnerability?

Exploit

Which of the following refers to the structured and methodical means of investigating, uncovering, attacking, and reporting on a target system's strengths and vulnerabilities?

Penetration testing

Which of the following tests includes anything that targets equipment or facilities and can also include actions against people, such as social engineering-related threats?

Physical attack

Which of the following tests is designed to simulate an attack against technology from either the inside or the outside depending on the goals and intentions of the client?

Technical attack

A hierarchical system of servers and services specifically designed to translate IP addresses into domain names is called?

Domain Name Service (DNS).

Blocking everything and allowing only what is needed is known as:

The deny-all principle.

Repeaters, hubs, bridges, and switches are part of:

Physical or Network Access Layer equipment

The act of a third party covertly monitoring Internet and telephone conversations is called:

Wiretapping.

Which of the following is a connection-less protocol that offers speed and low overhead as its primary advantage?

User Datagram Protocol

Which of the following is a largely obsolete protocol that was originally designed for the use in connections established by modems?

Serial Line Interface Protocol

Which of the following is a method of separating a network into segments for better management and performance?

Subnet mask

Which of the following offers the greatest level of security for wireless networks?

Wi-Fi Protected Access 2 (WPA2)

Which of the following regulates the flow of traffic between different networks?

A firewall

Which routing protocol calculates the best path to a target network by one or more metrics such as delay, speed, or bandwidth?

Link state

A hash algorithm can be compromised with a collision, which occurs when two separate and different messages or inputs pass through the hashing process and generate:

The same value.

A one-way hashing function is designed to be:

Relatively easy to compute one way, but hard to undo or reverse.

Cryptography provides an invaluable service to security by providing all of the following except:

The ability to hack into systems and remain undetected.

Digital certificates:

Provide a form of identification on the Internet and in other areas.

In using symmetric encryption to encrypt a given piece of information, there are two different mechanisms an algorithm can use, either:

A stream cipher or a block cipher.

Message Security Protocol (MSP), Secure Shell (SSH), and Secure Hypertext Transfer Protocol (S-HTTP) are:

Common cryptographic systems.

The main function or capability of certificate authorities (CAs) is to:

Generate key pairs and bind a user's identity to the public key.

To create a digital signature, two steps take place that result in the actual signature that is sent with data. In the first step, the message or information to be sent is passed through a hashing algorithm that creates a hash to:

Verify the integrity of the message.

To create a digital signature, two steps take place that result in the actual signature that is sent with data. In the first step, the message or information to be sent is passed through a hashing algorithm that creates a hash to:

Ensure the integrity of the message.

To verify the integrity of the message when creating a digital signature, the message or information to be sent is passed through a hashing algorithm that creates a:

Hash.

What type of encryption uses the same key to encrypt and to decrypt information?

Symmetric encryption.

Which of the following asymmetric algorithms is used to establish and exchange asymmetric keys over an insecure medium?

Diffie-Hellman

Which of the following is used to bring trust, integrity, and security to electronic transactions?

Public key infrastructure

Which of the following statements is NOT true regarding asymmetric encryption?

If the holder of the private key encrypts something with the private key, only other individuals with access to the private key can decrypt.

Which of the following terms refers to functions employed in asymmetric encryption that are easy to compute in one direction, but tough to compute in the other?

Trapdoor functions

Which of the following terms refers to the ability to have definite proof that a message originated from a specific part?

Nonrepudiation

Which of the following terms refers to the ability to verify that information has not been altered and has remained in the form originally intended by the creator?

Integrity

Which of the following terms refers to the process of positively identifying a party as a user, computer, or service?

Authentication

Which password attack method tries every possible sequence of keys until the correct one is found?

Brute-force password attack

Which password attack method uses long lists of words that have been predefined and can quickly download for use to break a password that is a word or a name?

Dictionary password attack

Which of the following is NOT considered a source from which valuable information can be gleaned about an intended target?

Company logos and trademarks

Which of the following is specifically designed to passively gain information about a target?

Social engineering

A technique that has existed for more than 25 years as a footprinting tool and involves the use of modems is called: ______

Wardialing

An attacker using friendliness, trust, impersonation, and empathy to get a victim to do what they want him or her to do is participating in:

Persuasion/coercion

Attackers observing victims as they enter codes at a bank cash machine or a gas pump are participating in:

Shoulder surfing

Facebook, Twitter, and LinkedIn are examples of:

Social networking sites

Software that helps organize and track various usernames and passwords is called a:

Password manager

Tricking or coercing people into revealing information or violating normal security practices is referred to as:

Social engineering

Which of the following allows Facebook users to see how a piece of information appears to others?

Preview my profile button

Which of the following is NOT a networking mapping tool?

Conquistador

The practice of identifying the operating system of a networked device through either passive or active techniques is called:

OS identification

Which of the following excels at allowing the security professional to find services that have been redirected from standard ports?

THC-Amap

Which of the following is a form of OS fingerprinting that involves actively requesting information from the target system?

Active fingerprinting

Which of the following is a method of identifying the OS of a targeted computer or device in which no traffic or packets are injected into the network and attackers simply listen to and analyze existing traffic?

Passive fingerprinting

Which of the following is a Windows-based port scanner designed to scan TCP and UDP ports, perform ping scans, run Whois queries, and use Traceroute?

Superscan

Which of the following is the process of locating wireless access points and gaining information about the configuration of each?

Wardriving

Which of the following reveals telling information such as a version service data that will help an attacker?

Banner

Which of the following techniques is not used to locate network access points, but to reveal the presence of access points to others?

Warchalking

A form of offline attack that functions much like a dictionary attack, but with an extra level of sophistication, is a:

Hybrid attack

An attacker can deprive the system owner of the ability to detect the activities that have been carried out by:

Disabling auditing

Cain and Abel, John the Ripper, Pandora, and Pwdump3 are examples of:

Password crackers

Precomputed hashes are used in an attack type known as a:

Rainbow table

Shoulder surfing, keyboard sniffing, and social engineering are considered:

Nontechnical attacks

The database on the local Windows system that is used to store user account information is called:

The Security Account Manager (SAM)

The unique ID that is assigned to each user account in Windows that identifies the account or group is called a(n):

Security identifier (SID)

Which of the following are considered passive online attacks?

Packet sniffing or man-in-the-middle and replay attacks

Which of the following is NOT true regarding the use of a packet sniffer?

Packet sniffing involves the attacker capturing traffic from both sides of the communication between two hosts

Which of the following refers to a utility designed to detect Simple Network Management Protocol (SNMP)-enabled devices on a network and locate and identify devices that are vulnerable to SNMP attacks?

SNScan

Common database vulnerabilities include all the following EXCEPT:

Strong audit log settings

Common forms of distributed denial of service (DDoS) attacks include all of the following EXCEPT:

Buffer overflows

Exploitative behaviors against Web applications include all the following EXCEPT:

Man-in-the-middle attacks

NGSSquirrel and AppDetective are:

Pieces of software for performing audits on databases

Offloaded services from the local intranet to the Internet itself can be done by the use of:

Cloud computing

Security issues that can arise in cloud computing that are above and beyond those with standard environments include all the following EXCEPT:

Detectability

SQLPing and SQLRecon are:

Tools for locating rogue or unknown database installations

The categories of Web application vulnerabilities include all of the following EXCEPT:

End-user education

Typical categories of databases include all of the following EXCEPT:

Applied database

Web applications that require a user to log on prior to gaining access can track information relating to improper or incorrect logons; this information typically lists entries such as all of the following EXCEPT:

Entry of a valid user ID and password

What type of attack relies on a variation of the input validation attack but has the goal of going after a user instead of the application or data?

Cross-site scripting (XSS)

Which category of risk inherent with Web servers includes risks such as the ability to steal information from a server, run scripts or executables remotely, enumerate servers, and carry out denial of service (DoS) attacks?

Defects and misconfiguration risks

Which class of individuals is primarily concerned with the security of the Web server because it can provide an easy means of getting into the local network?

Server administrator

Which class of individuals works the most with the server and is primarily concerned with access to content and services?

End user

Which of the following is hierarchical, structured format for storing information for later retrieval, modification, management, and other purposes?

Database

Which of the following is NOT considered a vulnerability of Web servers?

Poor end-user training

Which of the following refers to a language used to interact with databases, making it possible to access, manipulate, and change data?

Structured Query Language (SQL)

Which of the following refers to encryption using short keys or keys that are poorly designed and implemented that can allow an attacker to decrypt data easily and gain unauthorized access to the information?

Weak ciphers or encoding algorithms

Which of the following statements is NOT true regarding SQL injections?

They are specific to only one vendor's database and cannot force the application to reveal restricted information.

Which of the following statements is NOT true regarding the protection of databases?

Very few tools are available to locate, audit, and ultimately protect databases.

A process where communications are redirected to different ports than they would normally be destined for is called:

Port redirection

Study Notes

Ethical Hacking Basics

• Ethical hackers adhere to a strict code of ethics, distinguishing them from malicious hackers.
• Breaking client trust can undermine the accuracy of testing results and lead to further complications in the engagement.
• The planning phase of a penetration test should clarify the necessity of the test and its associated tasks.

Penetration Testing Approaches

• Ethical hacking steps include planning, discovery, attack, and reporting.
• Black-box testing simulates an attacker’s perspective, assessing systems without inside knowledge.
• Physical attacks can target equipment, facilities, or involve social engineering threats.

Risk Management and Controls

• Controls in risk mitigation include administrative, technical, and physical measures; distribution is not a recognized control type.
• An exploit refers to software or techniques that target system vulnerabilities.

Cryptography and Security Measures

• Domain Name Service (DNS) translates IP addresses to domain names.
• The deny-all principle restricts access to only what is necessary.
• Digital certificates serve as a means of identification and ensure secure transactions online.

Hashing and Encryption

• A hash collision occurs when two different inputs yield the same hash value.
• Hashing functions are easy to compute one way but difficult to reverse; this is known as trapdoor functions in asymmetric encryption.
• Symmetric encryption uses the same key for encryption and decryption, while asymmetric encryption involves a key pair (public and private keys).

Certificate Authorities and Digital Signatures

• Certificate Authorities (CAs) generate key pairs and bind identities to public keys, crucial for secure communications.
• To create a digital signature, the original message is hashed to ensure integrity; this hash verifies that information is unaltered.

Password Attacks

• Common password attack methods include brute-force, which tests all possible combinations, and dictionary attacks, which utilize predefined lists of words.
• Social engineering involves manipulating individuals into divulging confidential information.

Social Networking and Information Gathering

• Social engineering sites include platforms like Facebook, LinkedIn, and Twitter, which can be leveraged for information gathering.
• Footprinting is a passive information-gathering technique about a target.

Security and Information Privacy

• A password manager helps to organize and secure usernames and passwords.
• Features like the Preview my profile button on social networks allow users to see how their information appears to others.

Summary of Networking Tools and Resources

• The Internet Assigned Numbers Authority (IANA) delegates internet resources, maintaining essential infrastructure such as domain registration and addressing.
• Footprinting techniques provide valuable insights into potential vulnerabilities and are fundamental for ethical hacking engagement.### Conquistador
• Refers to Spanish explorers and conquerors known for their expeditions in the Americas during the 16th century.
• Key figures include Hernán Cortés (who conquered the Aztecs) and Francisco Pizarro (who conquered the Inca Empire).

SolarWinds

• A software company known for providing enterprise-level IT management software.
• Its products help companies manage their networks, systems, and infrastructure.

Cheops

• Also known as Khufu, he was an ancient Egyptian pharaoh of the Fourth Dynasty.
• Credited for commissioning the Great Pyramid of Giza, one of the Seven Wonders of the Ancient World.

Harris Stat

• Refers to initiatives and methodologies used for statistical analyses in various fields.
• Commonly associated with data collection and analysis efforts.

Wardialing

• Technique used to identify phone numbers that connect to modems.
• It involves dialing a range of numbers to find vulnerable systems.

OS Identification

• Method of determining the operating system running on a networked device.
• Can be passive (observing traffic) or active (sending queries).

THC-Amap

• Tool that excels in discovering services redirected from standard ports.
• Useful for security professionals to uncover hidden services.

Active Fingerprinting

• Involves techniques that actively interact with a target system to obtain OS information.
• Contrasts with passive fingerprinting, which does not involve direct interaction.

Passive Fingerprinting

• Involves analyzing existing network traffic without injecting any packets.
• Useful for identifying the OS without alerting the target.

Superscan

• A Windows-based port scanner that scans both TCP and UDP ports.
• Capable of conducting ping scans, running Whois queries, and utilizing Traceroute.

Wardriving

• The practice of searching for Wi-Fi networks while traveling in a vehicle.
• Involves gathering information about wireless access points.

Banner

• A data string returned by a service that discloses version and configuration information.
• Often used by attackers to gather insights about systems.

Warchalking

• Technique that involves marking locations where Wi-Fi networks are available.
• Does not locate access points but rather indicates their presence.

Hybrid Attack

• An advanced form of offline attack similar to dictionary attacks but more sophisticated.
• Combines multiple techniques to crack passwords.

Disabling Auditing

• Technique that can prevent system owners from detecting unauthorized activities.
• Reduces the ability to monitor and identify breaches.

Password Crackers

• Tools like Cain and Abel, John the Ripper, and Pwdump3 that are designed to break passwords.
• Utilize various methods including dictionary and brute-force attacks.

Rainbow Table

• Attack type leveraging precomputed hashes to crack passwords.
• Uses a table of hashes to match against stored password data.

Nontechnical Attacks

• Include methods like shoulder surfing and social engineering.
• Aim to manipulate human behavior rather than exploit technical vulnerabilities.

Security Account Manager (SAM)

• Database that stores user account information on Windows systems.
• Critical for system access management.

Security Identifier (SID)

• Unique identifier assigned to each user account in Windows.
• Essential for managing permissions and access controls.

Passive Online Attacks

• Include techniques like packet sniffing or replay attacks.
• Focus on intercepting communications rather than interacting with targets.

Packet Sniffers

• Tools that capture network traffic and analyze data packets.
• Can be thwarted by network technologies that encrypt or limit visibility.

SNScan

• Utility designed to detect SNMP-enabled devices on a network.
• Useful for identifying devices that may be vulnerable to attacks.

Database Vulnerabilities

• Common issues include weak authentication methods and privilege misconfigurations.
• Strong audit logs are not considered a vulnerability.

DDoS Attack Types

• Common forms include SYN flooding, Smurf attacks, and Ping flooding.
• Buffer overflows are not typically associated with DDoS.

Web Application Exploits

• Include stealing sensitive data or destroying information.
• DNS attacks and data theft are notable methods.

Database Audit Software

• NGSSquirreL and AppDetective are tools used for database auditing.
• Help in identifying rogue installations and vulnerabilities.

Cloud Computing

• Allows offloading services from local intranets to the Internet.
• Raises unique security concerns beyond standard environments.

Web Application Vulnerabilities

• Include authorization, authentication issues, and session management.
• End-user education is not categorized as a vulnerability.

Database Categories

• Typical types include distributed, object-oriented, and relational databases.
• "Applied database" is not recognized as a category.

User Credential Log Tracking

• Logs track various login attempts including invalid entries.
• Valid user ID with valid password entries are not logged as incorrect.

Cross-Site Scripting (XSS)

• Attack that targets users rather than applications directly.
• Involves injecting scripts into web pages viewed by other users.

Web Server Risks

• Include information theft, remote script execution, and DoS attacks.
• Important for server administrators to monitor and mitigate.

Information Management Structures

• Databases serve as hierarchical structures for storing and manipulating information.
• Essential for data retrieval and management tasks.

Web Server Vulnerabilities

• Factors include improper design and susceptibility to DoS attacks.
• Poor training of end users does not count as a server vulnerability.

Structured Query Language (SQL)

• Language used for interacting with databases for data access and manipulation.
• Central to database management practices.

Weak Ciphers

• Refers to poor encryption methods that make data vulnerable to attacks.
• Essential to apply stronger encryption standards to protect data.

SQL Injection Attacks

• Execute arbitrary commands and exploit vulnerabilities in web applications.
• Not platform-dependent; they can affect multiple database systems.

Database Protection Tools

• Various tools exist for auditing and ensuring database security.
• Protection involves making database existence less obvious to potential attackers.

Port Redirection

• Process of rerouting communication to different ports.
• Can be part of a strategy to obscure network traffic patterns.

Description

Test your knowledge with these flashcards on ethical hacking. Quiz yourself on key concepts, differences between hackers, and code of ethics that define ethical hacking practices. Great study material for anyone looking to deepen their understanding of ethical hacking.