1 / 76

CNIT 123

CNIT 123. Review. Chapter 1 Ethical Hacking Overview. Sally wants to hack into the CCSF medical center and get student records, to prove how lousy the security is. What should she do first?. Use Tor Create a fake identity Inform the college administration in writing

duncan-shaw
Download Presentation

CNIT 123

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CNIT 123 Review

  2. Chapter 1Ethical Hacking Overview

  3. Sally wants to hack into the CCSF medical center and get student records, to prove how lousy the security is. What should she do first? • Use Tor • Create a fake identity • Inform the college administration in writing • Get permission from the college administration in writing • None of the above

  4. Sally wants to hack into the CCSF medical center and get student records, to prove how lousy the security is. What should she do first? • Use Tor • Create a fake identity • Inform the college administration in writing • Get permission from the college administration in writing • None of the above

  5. What law makes it a federal crime to access classified information without authorization? • CFAA • EPIC • PATRIOT ACT • Stored Wire and Electronic Communication and Transactional Records Act • DMCA

  6. Which of these acts is illegal? • Cracking WEP to use your neighbor's router • Using Nmap to scan google.com • Bypassing a logon password as part of a computer repair job for a customer • Searching for passwords on Google • Reading secret documents on Wikileaks

  7. Which act is not illegal? • Downloading pop music from The Pirate Bay • Connecting to your neighbor's unsecured wireless network • Using a keylogger to get your teacher's final exam • Using a booter to kick rival players off a video game • Joining Anonymous and taking down Sony with the Low Orbit Ion Cannon

  8. Chapter 2TCP/IP Concepts Review

  9. Which TCP/IP layer uses MAC addresses? • Application • Transport • Internet • Network • None of the above

  10. Which protocol is encrypted? • HTTP • Telnet • FTP • SMTP • None of the above

  11. I send a SYN to a server, and get a RST back. What state is this port in? • Open • Closed • Filtered • The answer cannot be determined from the information provided

  12. I send an ACK to a server, and get no reply. What state is this port in? • Open • Closed • Filtered • The answer cannot be determined from the information provided

  13. Which TCP header field determines how frequently ACK packets are required? • Destination port • SEQ • ACK • Data offset • Window

  14. Which protocol is the most secure? • Telnet • FTP • SSH • HTTP • SMTP

  15. Which protocol uses the GET method? • Ethernet • IP • TCP • UDP • HTTP

  16. Which protocol uses SYN and ACK? • Ethernet • IP • TCP • UDP • HTTP

  17. Which protocol uses MAC addresses? • Ethernet • IP • TCP • UDP • HTTP

  18. How many bits are there in an IPv4 address? • 8 • 32 • 48 • 128 • 256

  19. What port does Telnet use? • 20 • 21 • 23 • 80 • 443

  20. What makes UDP different from TCP? • UDP has no handshake • UDP is unreliable • UDP transfers data faster • UDP has a smaller header • All of the above

  21. Chapter 3Network and Computer Attacks

  22. Which threat must be attached to an EXE file? • Virus • Worm • Trojan • Keylogger • Rootkit

  23. Which threat is caused by lying security professionals? • Bot • FUD • DoS • DDoS • Buffer overflow

  24. Which threat is caused by a careless programmer? • Bot • Trojan • DoS • DDoS • Buffer overflow

  25. Which attack uses hundreds or thousands of machines at once? • Buffer overflow • DoS • Spoofing • Spam • DDoS

  26. Which attack defeats physical security? • Virus • Session hijacking • Keylogger • Bump key • Worm

  27. Chapter 4Footprinting and Social Engineering

  28. Which item allows you to change HTTP requests as they are sent? • Proxy • Footprinting • Whois • Cookie • Web bug

  29. Which item finds the human who owns a domain name? • HTTP status code • Footprinting • Whois • Cookie • Web bug

  30. Which item finds a list of all the computers at a company? • Extortion • Footprinting • Zone transfer • Cookie • Web bug

  31. What is the most common way to break into an email account? • Extortion • Footprinting • Piggybacking • Shoulder surfing • Phishing

  32. Which tool queries a DNS server? • Proxy • Nmap • Cain • Whois • dig

  33. Which item is a passive plaintext file? • Web bug • Cookie • Zone transfer • HTTP GET • Spam

  34. Chapter 5Port Scanning

  35. Which type of scan became far less effective after Windows XP SP2? • PING scan • SYN scan • ACK scan • UDP scan • NULL scan

  36. Which type of scan is the most common, and called a "Stealth scan"? • PING scan • SYN scan • ACK scan • UDP scan • NULL scan

  37. Chapter 6Enumeration

  38. Which OS introduced Plug and Play? • Win 95 • Win XP • Vista • Win 7 • Win 8

  39. Which OS used the FAT file system? • Win 95 • Win XP • Vista • Win 7 • Win 8

  40. Which OS introduced ASLR? • Win 95 • Win XP • Vista • Win 7 • Win 8

  41. Which OS uses null sessions? • Old Windows versions • All Windows versions • Unix • Netware • iOS

  42. Chapter 7Programming for Security Professionals

  43. Which is an object-oriented language? • C • Assembly language • Machine language • C++ • Perl

  44. Which language is most likely to cause buffer overflow errors? • C • Perl • Visual Basic • Python • Bash shell scripting

  45. Chapter 8Desktop and Server OS Vulnerabilities

  46. Which item is a Windows file-sharing protocol? • FAT • NTFS • ADS • RPC • SMB

  47. Which item has a Lockdown Wizard? • IIS • LDAP • Null sessions • SQL server • CIFS

  48. Which item hides a file inside another file? • ADS • LDAP • Null sessions • WinFS • NTFS

  49. Chapter 9Embedded Operating Systems: The Hidden Threat

  50. Which item is based on Windows 7? • RTOS • Windows embedded standard • Windows CE • VxWorks • QNX

More Related