15 Jan back scanning

COM546 Advanced Penetration Testing

Module 4 Exam 2

Question 1 What tactic is being used when an attacker trailing closely behind an employee enters a restricted area without any security credentials by utilizing their proximity to another employee with security clearance?

Question 1 options:

Shoulder surfing

Footprinting

Piggybacking

Dumpster diving

Question 2 To see additional parameters that can be used with the Netcat command, what should you type at the command prompt?

Question 2 options:

nc -lookup

nc -z

nc -h

nc -up

Question 3 Which process utilizes the knowledge of human nature to get information from people to use for executing an attack on a computer network?

Question 3 options:

fingerprinting

footprinting

zone transferring

social engineering

Question 4 Walking is an automated way to discover pages of a Web site by following links.

Question 4 options:

True

False

Question 5 Which technique can be used to read PINs entered at ATMs or at other areas when a pin code is entered?

Question 5 options:

shoulder surfing

footprinting

zone transferring

piggybacking

Question 6 What social engineering tactic can be utilized to acquire old notes that may contain written passwords or other items that document important information?

Question 6 options:

shoulder-surfing

dumpster diving

piggybacking

desk surfing

Question 7 Which of the following is a text file generated by a Web server and stored on a user’s browser?

Question 7 options:

index

cookie

server index

web file

Question 8 What is the HTTP method that retrieves data by URI?

Question 8 options:

GET

PUT

CONNECT

HEAD

Question 9 Which HTTP error informs you the server understands the request but refuses to comply?

Question 9 options:

401 Unauthorized

404 Not Found

403 Forbidden

409 Conflict

Question 10 The HTTP CONNECT method starts a remote application-layer loopback of the request message.

Question 10 options:

True

False

Question 11 Which HTTP method starts a remote Application-layer loopback of the request message?

Question 11 options:

TRACE

PUT

GET

HEAD

Question 12 Wget is a *nix system command that can be used to retrieve HTTP, HTTPS, and FTP files over the Internet.

Question 12 options:

True

False

Question 13 Which utility is used to gather IP and domain information?

Question 13 options:

Whois

Netcat

Metis

Dig

Question 14 Which of the following describes a flexible program that automates a task that takes too much time to perform manually?

Question 14 options:

Nmap

open source utility

customized script

Fping

Question 15 When a TCP three-way handshake ends, both parties send what type of packet to end the connection?

Question 15 options:

SYN

ACK

FIN

RST

Question 16 When writing a script which statement allows you to avoid creating an endless loop in your script?

Question 16 options:

count

while

bin

do

Question 17 An open port allows access to specific applications and cannot be vulnerable to attack.

Question 17 options:

True

False

Question 18 Closed ports respond to a NULL scan with what type of packet?

Question 18 options:

RST

SYN

Ping

ACK

Question 19 Attackers typically use ACK scans to get past a firewall or other filtering devices.

Question 19 options:

True

False

Question 20 What type of port scan has the FIN, PSH, and URG flags set?

Question 20 options:

NULL scan

connect scan

XMAS scan

ACK scan

Question 21 What network security tool, usually included with Kali Linux, allows a user to ping multiple IP addresses?

Question 21 options:

Nmap

Fping

Tcpdump

Nessus

Question 22 In a Linux script, which of the lines is important because it identifies the file as a script?

Question 22 options:

#!/bin/sh

#!/bin/script

#!/bin/shscript

#!/bin/sc

Question 23 Which vi command deletes the current line?

Question 23 options:

D

dl

Dd

Dw

Question 24 When using a port-scanner, what procedure can be conducted to identify which IP addresses belong to active hosts?

Question 24 options:

ping sweep

ping check

network sweep

ICMP probing

Question 25 When security professionals create a packet, they may choose to specifically set which of the following fields to help initiate a response from a target computer?

Question 25 options:

box

flag

open

id

Question 26 Some attackers want to be hidden from network devices or IDSs that recognize an inordinate amount of pings or packets being sent to their networks. Which of the following attacks are more difficult to detect?

Question 26 options:

stealth

silent

planned

covert

Question 27 Windows Server 2012 introduced what protection feature to prevent pass-the-hash attacks?

Question 27 options:

Containers

Authentication Silos

Attack Surface

AppLocker

Question 28 What type of unauthenticated connection is considered to be a significant vulnerability of NetBIOS systems?

Question 28 options:

null session

exit session

null system

net session

Question 29 What boot loader will allow your computer or laptop to start in both Windows and Linux?

Question 29 options:

BASH

BIOS

X500

GRUB

Question 30 The computer names you assign to Windows systems are called which of the following?

Question 30 options:

AD Names

NetBIOS

NetDDE

IIS

Question 31 What feature implemented in Windows Server 2016 allows for application isolation to protect applications from one another?

Question 31 options:

Windows Boxes

Windows VMs

Windows NT

Windows Containers

Question 32 A well documented Window’s OS vulnerability was null sessions. What Windows operating system was the first to disable null sessions by default?

Question 32 options:

Windows Server 2012

Windows Server 2008

Windows Server 2003

Windows 8.1

Question 33 NTFS was implemented to replace FAT16 and FAT32 because of the difficulty in incorporating security in these file systems.

Question 33 options:

True

False

Question 34 Which of the following commands is a powerful enumeration tool included with Windows?

Question 34 options:

NessusWX

Nbtstat

NetDDE

Netmon Agent

Question 35 Which of the following is a Windows programming interface that allows computers to communicate across a local area network (LAN)?

Question 35 options:

NetBIOS

BIOS

NetApp

NetAPI

Question 36 What feature implemented in Windows 8.1 prevents the execution of non-trusted boot content, preventing rootkits?

Question 36 options:

Windows Defender

BIOS Check

SecureBoot

VGuard

Question 37 What does the “NBT” part of “NBTscan” stand for?

Question 37 options:

NetBIOS Transfer

NetBIOS over TCP/IP

NetBIOS Test

NetBIOS over Transport

Question 38 SNMPWalk is a tool useful in enumerating hosts running SNMP with what type of configuration?

Question 38 options:

open

administrator

advanced

default

Question 39 Which on of the following is an older network management service that is useful for network administrators that want to view system statistics, version numbers, and other detailed host information remotely?

Question 39 options:

SNMP

TFTP

FTP

SSL

Question 40 To determine what resources or shares are on a network, security testers must use port scanning and what other procedure first to determine what OS is being used?

Question 40 options:

footprinting

back scanning

mapping

port analysis