NVST quiz 3 (61- 90)

1.

1 point

The objectives of port scanning are generally to identify one or more of the following:
i. Open ports
ii. Host operating system
iii. Software or service versions
iv. Vulnerable software versions

ii, iii and iv

i, iii and iv

i, ii, iii and iv

i, ii and iii

2.

1 point

Which of the following statement is FALSE?

On Linux and Unix systems, the vast majority of log files are written in plain ASCII text

The main accounting files in Linux and Unix are utmp, wtmp and lastlog files

The .EVT files on Windows machine can be opened or edited with a standard file-editing tool

The .EVT files are “locked” on a running Windows machine, and cannot be opened or edited with a standard file-editing tool

3.

1 point

You need to allow only secure Internet traffic in and out of your company network. Which of the following ports would you open on the firewall?

443

80

53

22

4.

1 point

Each of the following is an OSI model protocol layer except ______________.

Software

Network

Physical

Transport

5.

1 point

Which of the following is FALSE?

There are five Regional Internet Registries (RIR) under Address Supporting Organization

Each RIR maintaining a whois database holding details of IP address registrations in their regions

Domain name registrations are handled by Internet Corporation for Assigned Names and Numbers (ICANN)

ICANN is responsible for coordinating the management of the technical elements of the DNS to ensure universal resolvability so that all users of the Internet can find all valid addresses

6.

1 point

Which of the following is the best way to protect against security vulnerabilities within OS software?

Install the latest service pack.

Back up the system regularly.

Reinstall the OS on a regular basis.

Shut down the system when it is not in use.

7.

1 point

Which of the following event file is the most often targeted because it contains the majority of the events that attackers wants to remove?

APPEVENT.EVT

SECEVENT.EVT

SYSEVENT.EVT

FILE.EVT

8.

1 point

The primary goal of information security is to protect ______________.

procedures

products

information

people

9.

1 point

Which of the following is the outcome of an Access Attack?

It is an attack against the integrity of information

It is an attack against the confidentiality of the information

It is an attack against the accountability of information

It causes information to be unavailable

10.

1 point

Which of the following is the best method for preventing social engineering attacks?

User education

Encryption

Security tokens

Biometric devices

11.

1 point

Which of the following statement is FALSE?

Reverse WWW Shell utilises ICMP as a tunnel to carry on interactive communications with the backdoor listener

Covert channels often rely on technique called tunnelling, which allows one protocol to be carried over another protocol

Techniques for establishing covert channels across the network require both a client (attacker system) and a server (victim system)

Loki and Reverse WWW Shell are widely exchanged within the computer underground based on tunnelling covert information techniques

12.

1 point

Which of the following statements is FALSE?

The TCP port number is a 16-bit numbers

There are 65,536 different TCP ports on each machines

TCP Packet includes two port numbers: a source port and a destination port

A TCP port with listening service is known as an reserved port

13.

1 point

A _____ is an error condition in a software program that allows malicious code to be injected and put into operation without user intervention.

buffer overflow

software overflow

syntax overflow

semantic overflow

14.

1 point

Which of the following is the correct sequence of phases of hackers attack?

Reconnaissance, Maintaining Access, Scanning, Gaining Access, Clearing Tracks

Scanning, Reconnaissance, Gaining Access, Maintaining Access, Clearing Tracks

Reconnaissance, Gaining Access, Maintaining Access, Scanning, Clearing Tracks

Reconnaissance, Scanning, Gaining Access, Maintaining Access, Clearing Tracks

15.

1 point

Which of the following is NOT a defence against Physical Break-in Attack?

Use automatic password-protected screen savers

A guard at front door or install a card reader for facility accessing

All computer users must be trained not to give sensitive information away to friendly callers

Educate employees about the dangers of letting people in the building without checking their credentials

16.

1 point

To protect the privacy of web surfing habits, which of the following should be deleted on a regular basis?

Cookies

Download history

Plug-ins

SSL certificates

17.

1 point

Which of the following is a known Kernel-Mode Rootkits software tool?

KM Rootkit for Windows

FU Rootkit for Windows

KU Rootkit for Windows

SU Rootkit for Windows

18.

1 point

When a browser surfs the Internet, which of the following is the correct order flow of data through the communication layers?

Transport -> Network -> Data -> Physical

Network -> Data -> Physical -> Transport

Network -> Transport -> Physical -> Data

Transport -> Data -> Physical -> Network

19.

1 point

Without even touching a computer, an attacker might be able to gain very sensitive information about an organisation through
i. Social Engineering;
ii. Physical Break-in;
iii. War Dialling;
iv. Dumpster Diving.

i, ii and iv

i, ii and iii

ii, iii and iv

i, ii, iii and iv

20.

1 point

In order to exploit RPC's vulnerability, the attacker would require the ability to send a specially crafted request to which three ports of the remote machine

135, 139 or 145

21, 135 or 139

21, 23 or 80

135, 139 or 445

21.

1 point

When a browser trying to contact a Web server, the client OS dynamically assigns a source port value of ______.

greater than 1023.

greater than 1024.

less than 1024.

greater than 80.

22.

1 point

The TCP/IP adheres roughly to the following protocol layers except _________.

Network (Layer 3)

Transport (Layer 4)

little interaction with Data Link (Layer 2)

Physical (Layer 1)

23.

1 point

The attacker had managed to access the target system. Identify the command execution statement of
>net use z: \\192.168.1.2\c$ */u:student

map the c drive of the target system to the z drive of the attacker.

check whether there is a network "student" which is connected to the z drive of the target system.

map the attacker system's c drive to the z drive of the target system.

check which network is connected to the Z drive of the target system.

24.

1 point

An attacker gathers the following types of reconnaissance data from company's own web site except _________.

existing technologies

hardware models

business partner

recent mergers and acquisitions

25.

1 point

Which appllication-level Trojan backdoor is able to grab keystrokes from the user and sending them back sensitive information to the attacker?

Remote Control Programs

Bots

Gaobot

Spyware

26.

1 point

Which of the following is commonly found to be a nonessential service on a web server?

DNS service

Server service

FTP service

Print spooler service

27.

1 point

For DoS (Denial-of-Service) Attack, Stopping service means:

shutting down the computer remotely

crashing or shutting off a specific program or machine that users want to access

stopping the network resource from being accessed

stopping the computer from booting up

28.

1 point

Which is NOT a countermeasure of Buffer Overflow Attacks?

implement strict control on unnecessary outgoing traffic from the network

avoid sloppy programming

configure system with executable stack

apply patches to system

29.

1 point

Which of the following protocols transmit sensitive information in clear text?

TCP and ARP

FTP and Telnet

Telnet and TCP

FTP and TCP

30.

1 point

Which of the following statement is FALSE about Covert_TCP?

The Covert_TCP’s covert channels are constructed by embedding one protocol entirely in a different protocol

Covert_TCP allows for transmitting information by entering ASCII data in TCP/IP header fields

The Covert_TCP’s covert channels are constructed by inserting data into unused or misused fields of TCP/IP headers

TCP/IP header fields used are: IP Identification, TCP sequence number and TPC acknowledgement number