Ethical Hacking and Countermeasures V8
Question No: 611 – (Topic 7)
What is a Trojan Horse?
A malicious program that captures your username and password
Malicious code masquerading as or replacing legitimate code
An unauthorized user who gains access to your user database and adds themselves as a user
A server that is to be sacrificed to all hacking attempts in order to log and monitor the hacking activity
Answer: B Explanation:
A Trojan Horse is an apparently useful and innocent program containing additional hidden code which allows the unauthorized collection, exploitation, falsification, or destruction of data.
Question No: 612 – (Topic 7)
You suspect that your Windows machine has been compromised with a Trojan virus. When you run anti-virus software it does not pick of the Trojan. Next you run netstat command to look for open ports and you notice a strange port 6666 open.
What is the next step you would do?
Re-install the operating system.
Re-run anti-virus software.
Install and run Trojan removal software.
Run utility fport and look for the application executable that listens on port 6666.
Explanation: Fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the #39;netstat -an#39; command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.
Question No: 613 – (Topic 7)
What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?(Choose all that apply.
Explanation: NetBIOS traffic can quickly be used to enumerate and attack Windows computers. Ports 135, 139, and 445 should be blocked.
Question No: 614 – (Topic 7)
In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration.
If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?
Explanation: A combination of Brute force and Dictionary attack is called a Hybrid attack
or Hybrid dictionary attack.
Question No: 615 – (Topic 7)
Which of the following statements about a zone transfer correct?(Choose three.
A zone transfer is accomplished with the DNS
A zone transfer is accomplished with the nslookup service
A zone transfer passes all zone information that a DNS server maintains
A zone transfer passes all zone information that a nslookup server maintains
A zone transfer can be prevented by blocking all inbound TCP port 53 connections
Zone transfers cannot occur on the Internet
Explanation: Securing DNS servers should be a priority of the organization. Hackers obtaining DNS information can discover a wealth of information about an organization. This information can be used to further exploit the network.
Question No: 616 – (Topic 7)
What is GINA?
Gateway Interface Network Application
GUI Installed Network Application CLASS
Global Internet National Authority (G-USA)
Graphical Identification and Authentication DLL
Explanation: In computing, GINA refers to the graphical identification and authentication library, a component of some Microsoft Windows operating systems that provides secure authentication and interactive logon services.
Question No: 617 – (Topic 7)
When Jason moves a file via NFS over the company#39;s network, you want to grab a copy of it by sniffing. Which of the following tool accomplishes this?
Explanation: Filesnarf – sniff files from NFS traffic OPTIONS
Specify the interface to listen on.
-v quot;Versusquot; mode. Invert thesenseofmatching, to select non-matching files.
Specify regular expression for filename matching.
Specifyatcpdump(8)filter expression to select traffic to sniff.
Question No: 618 – (Topic 7)
What is the algorithm used by LM for Windows2000 SAM?
Explanation: Okay, this is a tricky question. We say B, DES, but it could be A “MD4” depending on what their asking – Windows 2000/XP keeps users passwords not quot;apparentlyquot;, but as hashes, i.e. actually as quot;check sumquot; of the passwords. Let#39;s go into the passwords keeping at large. The most interesting structure of the complex SAM-file building is so called V-block. It#39;s size is 32 bytes and it includes hashes of the password for the local entering: NT Hash of 16-byte length, and hash used during the authentication of access to the common resources of other computers LanMan Hash, or simply LM Hash, of the same 16-byte length. Algorithms of the formation of these hashes are following:
NT Hash formation:
User password is being generated to the Unicode-line.
Hash is being generated based on this line using MD4 algorithm.
Gained hash in being encoded by the DES algorithm, RID (i.e. user identifier) had been used as a key. It was necessary for gaining variant hashes for users who have equal passwords. You remember that all users have different RIDs (RID of the Administrator#39;s built in account is 500, RID of the Guest#39;s built in account is 501, all other users get RIDs equal 1000, 1001, 1002, etc.).
LM Hash formation:
User password is being shifted to capitals and added by nulls up to 14-byte length.
Gained line is divided on halves 7 bytes each, and each of them is being encoded separately using DES, output is 8-byte hash and total 16-byte hash.
Then LM Hash is being additionally encoded the same way as it had been done in the NT Hash formation algorithm step 3.
Question No: 619 – (Topic 7)
What is the proper response for a NULL scan if the port is open?
Explanation: A NULL scan will have no response if the port is open.
Question No: 620 – (Topic 7)
In the following example, which of these is the quot;exploitquot;?
Today, Microsoft Corporation released a security notice. It detailed how a person could bring down the Windows 2003 Server operating system, by sending malformed packets to it. They detailed how this malicious process had been automated using basic scripting.
Even worse, the new automated method for bringing down the server has already been used to perform denial of service attacks on many large commercial websites.
Select the best answer.
Microsoft Corporation is the exploit.
The security quot;holequot; in the product is the exploit.
Windows 2003 Server
The exploit is the hacker that would use this vulnerability.
The documented method of how to use the vulnerability to gain unprivileged access.
Microsoft is not the exploit, but if Microsoft documents how the vulnerability can be used to gain unprivileged access, they are creating the exploit. If they just say that there is a hole in the product, then it is only a vulnerability. The security quot;holequot; in the product is called the quot;vulnerabilityquot;. It is documented in a way that shows how to use the vulnerability to gain unprivileged access, and it then becomes an quot;exploitquot;. In the example given, Windows 2003 Server is the TOE (Target of Evaluation). A TOE is an IT System, product or component that requires security evaluation or is being identified. The hacker that would use this vulnerability is exploiting it, but the hacker is not the exploit. The documented method of how to use the vulnerability to gain unprivileged access is the correct answer.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|