The flashcards below were created by user
JXN90
on FreezingBlue Flashcards.
-
As a practitioner of ethical hacking, you will not need to be concerned with physical security considerations such as ensuring network assets are protected by a secure locking mechanism.
c. View the company’s Web site.
- d. Look for company ads in phone
- directories.
-
To find information about the key IT personnel for a company’s domain, you might use which of the following tools? (Choose all that apply.)
a. Whois
c. SamSpade
-
_____ is one of the components most vulnerable to network attacks.
d. DNS
-
Which of the following contains host records for a domain?
a. DNS
-
A cookie can store information about a Web site’s visitors. True or False?
True
-
Which of the following enables you to view all host computers on a network?
c. Zone transfers
-
What’s one way to gather information about a domain?
a. View the header of an e-mail you send to an e-mail account that doesn’t exist
-
Which of the following is one method of gathering information about the operating systems a company is using?
- a. Search the Web for e-mail addresses of
- IT employees.
-
To determine a company’s primary DNS server, you can look for a DNS server containing which of the following?
d. SOA record
-
When conducting competitive intelligence, which of the following is a good way to determine the size of a company’s IT support staff?
- a. Review job postings on Web sites such
- as www.monster.com or www.dice.com.
-
If you’re trying to find newsgroup postings by IT employees of a certain company, which of the following Web sites should you visit?
a. http://groups.google.com
-
Which of the following tools can assist you in finding general information about an organization and its employees? (Choose all that apply.)
a. www.google.com
b. http://groups.google.com
-
What’s the first method a security tester should attempt to find a password for a computer on
the network?
c. Ask the user.
-
Many social engineers begin gathering the information they need by using which of the
following?
b. The telephone
-
Discovering a user’s password by observing the keys he or she presses is called which of the following?
d. Shoulder surfing
-
Shoulder surfers can use their skills to find which of the following pieces of information? (Choose all that apply.)
a. Passwords
b. ATM PINs
c. Long-distance access codes
-
Entering a company’s restricted area by following closely behind an authorized person is referred to as which of the following?
b. Piggybacking
-
What social-engineering technique involves telling an employee that you’re calling
from the CEO’s office and need certain information ASAP? (Choose all that apply.)
a. Urgency
c. Position of authority
-
Before conducting a security test by using social-engineering tactics, what should you do?
- c. Get written permission from the person
- who hired you to conduct the security test.
-
Which of the following is a good Web site for gathering information on a domain?
A. www.google.com
B. www.dnsstuff.com
C. www.namedroppers.com
D. All the above
D. All the above
-
What’s the first method a security tester should attempt to find a password for acomputer on the network?
A. Install a hardware or software keylogger
B. Install a network sniffer
C. Install a password-cracking program
D. Ask the user
D. Ask the user (this multiple choice question has been scrambled)
-
Which social engineering technique or tool can be used to determine passwords,ATM PINs, or badge access codes?
A. peek sneaking
B. shoulder surfing
C. piggy backing
D. dumpster diving
B. shoulder surfing (this multiple choice question has been scrambled)
-
Conducting competitive intelligence is generally considered to be illegal.
A. True
B. False
B. False
-
Connecting to a web server via telnet and using the HEAD HTTP method allows you to determine:
A. Web Server Type
B. Operating System
C. Server Name
D. All of the above
D. All of the above
|
|