CMIT 321 quiz 1 - You have been hired to perform a black-box test

University of Maryland, University College CMIT 321 quiz 1  2nd part

 

Question 10 (5 points)

You have been hired to perform a black-box test for a client. How much information will you be able to get from the client before commencing this test?

Question 10 options:

 

the IP address of the corporate web server

 

a list of employee e-mail addresses

 

the corporate name

 

system documentation only

Save

Question 11 (5 points)

 

An attacker delivers a SYN packet to a target system and receives a SYN/ACK from a listening port. The attacker responds with an RST packet to avoid completing the three-way handshake. Which of following scanning methods is the attacker using?

Question 11 options:

 

XMAS scan

 

RST scan

 

ACK scan

 

SYN scan<

Save

Question 12 (5 points)

 

If an organization has limited resources and money, which type of ethical hacking testing method might be best suited for the client?

Question 12 options:

 

black-box testing

 

blue-box testing

 

red-box testing

 

white-box testing

Save

Question 13 (5 points)

 

Which one of these attacks is considered an active attack?

Question 13 options:

 

a) 

Causing a Denial of Service (DoS).

 

b) 

Copying data from the target's website.

 

c) 

Telnetting to the target website.

 

d) 

Tracerouting to the target IP address.

Save

Question 14 (5 points)

 

________________ is the process of identifying the services running on a target system.

Question 14 options:

 

Network scanning

 

Enumeration

 

Port scanning

 

Ping sweep

Save

Question 15 (5 points)

 

Attackers can use an ACK scan to learn the type of firewall or firewall rule sets that might be guarding a target system. Based on the packet information below, which port is considered to be filtered? Packet 1: Attackers can use an ACK scan to learn the type of firewall or firewall rule sets that might be guarding a target system. Based on the packet information below, which port is considered to be filtered?

Packet 1: Server IP port 20: F: RST à TTL: 68 win:0
Packet 2: Server IP port 21: F: RST à TTL: 56 win:0
Packet 3: Server IP port 22: F: RST à TTL: 68 win:0
Packet 4: Server IP port 23: F: RST à TTL: 68 win:0

Question 15 options:

 

20

 

21

 

22

 

23

Save

Question 16 (5 points)

 

Based on the information below, identify the type of port scan and whether the port is open or closed.

CLIENT

 

SERVER

82.27.51.100:6347

--- FIN/URG/PSH ----->

10.31.64.21:25

82.27.51.100:6347

<--- NO RESPONSE ----

10.31.64.21:25

Question 16 options:

 

SYN Scan, Port is closed

 

FIN Scan, Port is closed

 

Idle Scan, Port is open

 

XMAS Scan, Port is open

Save

Question 17 (5 points)

 

Once an attacker has successfully compromised a target system, she will take one last step to avoid legal trouble while maintaining access. This phase of the attack is called ___________________.

Question 17 options:

 

patching the system

 

hiding tracks

 

covering tracks

 

concealing evidence

Save

Question 18 (5 points)

 

Identify the correct syntax command you would use to perform a SYN scan using the Nmap port scanning tool.

Question 18 options:

 

-S

 

-s

 

-SYN

 

–sS

Save

Question 19 (5 points)

 

Which of the following correctly identifies the three-way-handshake process?

Question 19 options:

 

SYN-ACK-ACK

 

SYN-ACK-SYN

 

SYN-SYN-ACK

 

SYN-SYN/ACK-ACK

Save

Question 20 (5 points)

 

When conducting penetration testing, it is important that a formal contract is drawn up to protect the ethical attacker from prosecution due to activities in the conducting phase. It is also important that the contract contains a __________________, to protect the client’s confidential data.

Question 20 options:

 

nondisclosure agreement

 

privacy clause

 

conduct agreement

 

statement of confidence

 

You receive a number of calls from customers who cannot access your corporate website. You decide to investigate by logging in to your routers, and the logs show that network traffic is unusually high. You also notice that almost all the traffic is originating from a specific address. Using several traceroute tools to find out where the suspect IP originates from, you discover that the IP is coming from somewhere in Europe. Thinking that the network is under a denial-of-service attack, you must find out more about the originating IP address. What Internet registry would you examine to find information about the IP address?

Question 1 options:

 

RIPE NCC

 

APNIC

 

ARIN

 

LACNIC

 

Which one of the following scanning tools contains an up-to-date vulnerability database and is made up of a server and client front-end?

Question 2 options:

 

NMAP

 

Nessus

 

traceroute

 

ZenMap

 

During the FootPrinting process, where is the best place to find information about a target organization’s software, hardware, and network-related information?

Question 3 options:

 

Check the organization’s public website.

 

Search Google for news-related articles about the target.

 

Examine Archive.org.

 

Look at job-related websites.

 

The following tools are used for footprining  (choose 3):

Question 6 options:

 

Recong-ng

 

Aircrack-ng

 

Maltego

 

FOCA

 

Tracert counts the number of __________ to a destination IP Address.

Question 9 options:

 

Pings

 

Lookup Requests

 

Hops

 

ICMP Echo Replies

 

Which of the following Flags will indicate that there is a new sequence number:

Question 13 options:

 

ACK

 

URG

 

SYN

 

PSH

 

Which of the following countermeasures are considered best practices for preventing unauthorized DNS zone transfers? (Select all that apply.)

Question 14 options:

 

a) 

Split DNS.

 

b) 

Filter TCP port 53 on the firewall.

 

c) 

Filter TCP port 139 and 445 on the firewall.

 

d) 

Disable reverse lookup zones.

 

footprinting tools will help gather the following information about a target (choose 3):

Question 19 options:

 

DNS Records

 

Host Names

 

IP Addresses

 

Process Lists

 

 

Once an attacker gains access to a target system, he will attempt to _____________ in order to continue exploiting the system.

Question 11 options:

 

target other systems

 

maintain access

 

port scan

 

fingerprint

 

If you want to perform active banner grabbing on a target web server, which of the following tools would be most suitable?

Question 14 options:

 

Netstat

 

Telnet

 

Nslookup

 

NbtStat

 

The following is one of the most reliable forms of TCP scanning:

Question 19 options:

 

XMAS Scan

 

Inverse TCP Flag Scan

 

Connect Scan

 

Half-open Scan

 

The Simple Service Discovery Protocol (SSDP) will  (choose 3):

Question 1 options:

 

Not work behind a firewall

 

Can be vulnerable to denial of service

 

Uses multicast addresses

 

Controls Communication for the Universal Plug and Play Service

 

_______________ is a spoofing technique that allows an attacker to choose the path a packet will take through the Internet.

Question 2 options:

 

SYN scanning

 

Tracerouting

 

Source routing

 

HTTP tunneling