Ethical Hacking Chapter 6

Card Set Information

Ethical Hacking Chapter 6
2015-03-23 05:48:41

Show Answers:

  1. Which of the following testing processes is the most intrusive?
    b. Enumeration
  2. Security testers conduct enumeration for which of the following reasons? (Choose all that apply.)
    a. Gaining access to shares and network resources

    • b. Obtaining user logon names and group
    • memberships
  3. Which of the following tools can be used to enumerate Windows systems? (Choose all that apply.)
    a. OpenVAS

    b. DumpSec

    d. Hyena
  4. Enumeration of Windows systems can be more difficult if port ____ is filtered.
    d. 139/TCP
  5. A null session is enabled by default in all the following Windows versions except:
    b. Windows Server 2008
  6. The Net view command can be used to see whether there are any shared resources on a server. True or False?
  7. To identify the NetBIOS names of systems on the network, which of the following commands do you use?
    a. nbtscan
  8. Which of the following is a Windows command-line utility for seeing NetBIOS shares on a network?
    c. Net view
  9. To view eDirectory information on a NetWare 5.1 server, which of the following tools should you use?
    d. Novell Client
  10. The Nbtstat command is used to enumerate *nix systems. True or False?
  11. A NetBIOS name can contain a maximum of ___ characters.
    c. 16
  12. Which of the following commands connects to a computer containing shared files and folders?
    b. Net use
  13. Which port numbers are most vulnerable to NetBIOS attacks?
    c. 135 to 139
  14. Which of the following is the vulnerability scanner from which OpenVAS was developed?
    b. Nessus
  15. Most NetBIOS enumeration tools connect to the target system by using which of the following?
    c. Null sessions
  16. What is the best method of preventing NetBIOS attacks?
    a. Filtering certain ports at the firewall
  17. Which of the following is a commonly used UNIX enumeration tool?
    d. Finger
  18. Which of the following commands should you use to determine whether there are any shared resources on a Windows computer with the IP address
    c. nbtstat -a
  19. The Windows Net use command is a quick way to discover any shared resources on a computer or server. True or False?
  20. NBTscan is a tool for enumerating Windows OSs.

    A. True
    B. False
    A. True
  21. NTFS was implemented to replace FAT16 and FAT32 because of the difficulty in incorporating security in these file systems.

    A. True
    B. False
    A. True
  22. The computer names you assign to Windows systems are called ____ names.

    A. Active Directory
    B. NetDDE
    C. IIS
    D. NetBIOS
    D. NetBIOS
    (this multiple choice question has been scrambled)
  23. One of the biggest vulnerabilities of NetBIOS systems is a(n) ____, which is an unauthenticated connection to a Windows computer using no logon and password values.

    A. open session
    B. unauthorized session
    C. void session
    D. null session
    D. null session
    (this multiple choice question has been scrambled)
  24. The open-source descendant of Nessus is called ____.

    A. WinNessus
    B. OpenVAS
    C. NWW
    D. Nessus
    B. OpenVAS
    (this multiple choice question has been scrambled)
  25. The most popular enumeration tool for security testers and hackers alike is the____ utility, which enables you to find out who is logged in to a *nix system with one simple command.

    A. Whois
    B. Finger
    C. Ping
    D. Who
    B. Finger
    (this multiple choice question has been scrambled)
  26. To determine what resources or shares are on a network, security testers must first determine what _________________________ is being used via port scanning and footprinting.
    Expected Keywords: operating system (OS)