Ethical Hacking Chapter 4

Card Set Information

Author:
JXN90
ID:
298985
Filename:
Ethical Hacking Chapter 4
Updated:
2015-03-23 05:28:11
Tags:
EH
Folders:

Description:
EH
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user JXN90 on FreezingBlue Flashcards. What would you like to do?


  1. As a practitioner of ethical hacking, you will not need to be concerned with physical security considerations such as ensuring network assets are protected by a secure locking mechanism.
    c. View the company’s Web site.

    • d. Look for company ads in phone
    • directories.
  2. To find information about the key IT personnel for a company’s domain, you might use which of the following tools? (Choose all that apply.)
    a. Whois

    c. SamSpade
  3. _____ is one of the components most vulnerable to network attacks.
    d. DNS
  4. Which of the following contains host records for a domain?
    a. DNS
  5. A cookie can store information about a Web site’s visitors. True or False?
    True
  6. Which of the following enables you to view all host computers on a network?
    c. Zone transfers
  7. What’s one way to gather information about a domain?
    a. View the header of an e-mail you send to an e-mail account that doesn’t exist
  8. Which of the following is one method of gathering information about the operating systems a company is using?
    • a. Search the Web for e-mail addresses of
    • IT employees.
  9. To determine a company’s primary DNS server, you can look for a DNS server containing which of the following?
    d. SOA record
  10. When conducting competitive intelligence, which of the following is a good way to determine the size of a company’s IT support staff?
    • a. Review job postings on Web sites such
    • as www.monster.com or www.dice.com.
  11. If you’re trying to find newsgroup postings by IT employees of a certain company, which of the following Web sites should you visit?
    a. http://groups.google.com
  12. Which of the following tools can assist you in finding general information about an organization and its employees? (Choose all that apply.)
    a. www.google.com

    b. http://groups.google.com
  13. What’s the first method a security tester should attempt to find a password for a computer on
    the network?
    c. Ask the user.
  14. Many social engineers begin gathering the information they need by using which of the
    following?
    b. The telephone
  15. Discovering a user’s password by observing the keys he or she presses is called which of the following?
    d. Shoulder surfing
  16. Shoulder surfers can use their skills to find which of the following pieces of information? (Choose all that apply.)
    a. Passwords

    b. ATM PINs

    c. Long-distance access codes
  17. Entering a company’s restricted area by following closely behind an authorized person is referred to as which of the following?
    b. Piggybacking
  18. What social-engineering technique involves telling an employee that you’re calling
    from the CEO’s office and need certain information ASAP? (Choose all that apply.)
    a. Urgency

    c. Position of authority
  19. Before conducting a security test by using social-engineering tactics, what should you do?
    • c. Get written permission from the person
    • who hired you to conduct the security test.
  20. Which of the following is a good Web site for gathering information on a domain?

    A. www.google.com
    B. www.dnsstuff.com
    C. www.namedroppers.com
    D. All the above
    D. All the above
  21. What’s the first method a security tester should attempt to find a password for acomputer on the network?

    A. Install a hardware or software keylogger
    B. Install a network sniffer
    C. Install a password-cracking program
    D. Ask the user
    D. Ask the user
    (this multiple choice question has been scrambled)
  22. Which social engineering technique or tool can be used to determine passwords,ATM PINs, or badge access codes?

    A. peek sneaking
    B. shoulder surfing
    C. piggy backing
    D. dumpster diving
    B. shoulder surfing
    (this multiple choice question has been scrambled)
  23. Conducting competitive intelligence is generally considered to be illegal.

    A. True
    B. False
    B. False
  24. Connecting to a web server via telnet and using the HEAD HTTP method allows you to determine:

    A. Web Server Type
    B. Operating System
    C. Server Name
    D. All of the above
    D. All of the above

What would you like to do?

Home > Flashcards > Print Preview