As a practitioner of ethical hacking, you will not need to be concerned with physical security considerations such as ensuring network assets are protected by a secure locking mechanism.
c. View the company’s Web site.
d. Look for company ads in phone
directories.
To find information about the key IT personnel for a company’s domain, you might use which of the following tools? (Choose all that apply.)
a. Whois
c. SamSpade
_____ is one of the components most vulnerable to network attacks.
d. DNS
Which of the following contains host records for a domain?
a. DNS
A cookie can store information about a Web site’s visitors. True or False?
True
Which of the following enables you to view all host computers on a network?
c. Zone transfers
What’s one way to gather information about a domain?
a. View the header of an e-mail you send to an e-mail account that doesn’t exist
Which of the following is one method of gathering information about the operating systems a company is using?
a. Search the Web for e-mail addresses of
IT employees.
To determine a company’s primary DNS server, you can look for a DNS server containing which of the following?
d. SOA record
When conducting competitive intelligence, which of the following is a good way to determine the size of a company’s IT support staff?
a. Review job postings on Web sites such
as www.monster.com or www.dice.com.
If you’re trying to find newsgroup postings by IT employees of a certain company, which of the following Web sites should you visit?
a. http://groups.google.com
Which of the following tools can assist you in finding general information about an organization and its employees? (Choose all that apply.)
a. www.google.com
b. http://groups.google.com
What’s the first method a security tester should attempt to find a password for a computer on
the network?
c. Ask the user.
Many social engineers begin gathering the information they need by using which of the
following?
b. The telephone
Discovering a user’s password by observing the keys he or she presses is called which of the following?
d. Shoulder surfing
Shoulder surfers can use their skills to find which of the following pieces of information? (Choose all that apply.)
a. Passwords
b. ATM PINs
c. Long-distance access codes
Entering a company’s restricted area by following closely behind an authorized person is referred to as which of the following?
b. Piggybacking
What social-engineering technique involves telling an employee that you’re calling
from the CEO’s office and need certain information ASAP? (Choose all that apply.)
a. Urgency
c. Position of authority
Before conducting a security test by using social-engineering tactics, what should you do?
c. Get written permission from the person
who hired you to conduct the security test.
Which of the following is a good Web site for gathering information on a domain?
D. All the above
What’s the first method a security tester should attempt to find a password for acomputer on the network?
C. Ask the user
Which social engineering technique or tool can be used to determine passwords,ATM PINs, or badge access codes?
C. shoulder surfing
Conducting competitive intelligence is generally considered to be illegal.
A. True
B. False
B. False
Connecting to a web server via telnet and using the HEAD HTTP method allows you to determine: