Archives

Chapter 1 True/False Indicate whether the statement is true or false. 1. Hacking requires that the practitioner be intimately familiar with the techniques of the perpetrator or opponent. 2. The reading and techniques used by both ethical and malicious hackers […]

Chapter 10: Trojan Horses TRUE/FALSE 1. A Trojan can perform almost any task on a computer that a human can. 2. For Trojans to be a threat, they must be installed by the user and activated. ANS: T PTS: 1 […]

Chapter 11: Denial-of-Service Attacks TRUE/FALSE 1. Some vulnerabilities cannot be closed by patching because there is an inherent bandwidth limit or active connection limit on all physical equipment and all software. 2. The process table in UNIX permits a virtually […]

Chapter 12: Buffer Overflows TRUE/FALSE 1. Buffer overflow is a condition common to structured programming languages such as the “C” language. 2. Functions use variables to store values that may be stored temporarily or permanently. ANS: T PTS: 1 REF: […]

Chapter 13: Programming Exploits TRUE/FALSE 1. During the early days of the Internet, most Web pages were static HTML, so programming exploits could only be aimed at the client-side browsers. 2. The design flaw in ActiveX is that ActiveX can […]

Chapter 14: Mail Vulnerabilities TRUE/FALSE 1. SMTP, IMAP, and POP are the main protocols supporting e-mail systems all over the world. 2. Most corporate mail servers allow third-party mail relaying. ANS: F PTS: 1 REF: 300 3. An e-mail message […]

Chapter 15: Web Application Vulnerabilities TRUE/FALSE 1. The protocols upon which the Internet rest are, by nature, secure. 2. In 2007 the average time between bringing an unsecured server (or client) onto the Internet, and its being infected by one […]

Chapter 16: Windows Vulnerabilities TRUE/FALSE 1. Windows XP is a multitasking operating system based on Windows 2010. 2. There are several vulnerabilities in Windows Server 2008, XP, Vista, 7, and 8. ANS: T PTS: 1 REF: 314 3. The NTFS […]

Chapter 17: UNIX/Linux Vulnerabilities TRUE/FALSE 1. In 1973, the developers of UNIX revised it by writing it in assembly language. 2. Linux source code is available free of cost, and some Linux distributions (distros) are also free. ANS: T PTS: […]

Chapter 18: Incident Handling TRUE/FALSE 1. Organizations that handle and document incidents may be less likely to have repeat occurrences. 2. Defaced-page incidents result in loss of revenue, reputation, and morale of a company. ANS: T PTS: 1 REF: 369 […]

Chapter 2 True/False Indicate whether the statement is true or false. 1. Reconnaissance is not by definition illegal, and many reconnaissance techniques are completely legal. 2. The strongest link in any security scheme is the user. ANS: F PTS: 1 […]

Chapter 3 True/False Indicate whether the statement is true or false. 1. Scanners were originally developed to aid security professionals and system administrators in examining networks for security vulnerabilities. 2. In the early 1980s, the majority of servers ran on […]

Chapter 4 True/False Indicate whether the statement is true or false. 1. The three types of sniffer are bundled, commercial, and free. 2. Sniffers look only at the traffic passing through the network interface adapter on the machine where the […]

Chapter 5: TCP/IP Vulnerabilities TRUE/FALSE 1. TCP is responsible for safe and reliable data transfer between host computers. 2. The OSI Model and the TCP/IP Model are entirely aligned. ANS: F PTS: 1 REF: 102 3. IP packets often arrive […]

Chapter 6: Encryption and Password Cracking TRUE/FALSE 1. Transposition relies on length of password. 2. Block ciphers operate on blocks of data. ANS: T PTS: 1 REF: 124 3. As might be expected,Triple DES is almost three times faster than […]

Chapter 7: Spoofing TRUE/FALSE 1. TCP/IP has a basic flaw that allows IP spoofing. This is due to the fact that trust and authentication have an linear relationship. 2. A successful IP spoofing attack requires more than simply forging a […]

Chapter 8: Session Hijacking TRUE/FALSE 1. Hijacking differs from spoofing in that the takeover occurs during an authenticated session. 2. A TCP session can be hijacked only before the hosts have authenticated successfully. ANS: F PTS: 1 REF: 172 3. […]

Chapter 9: Hacking Network Devices TRUE/FALSE 1. Networking devices allow the computers on a network to interact with each other. 2. A proxy server is hard to use since it is usually not included in router or firewall software. ANS: […]

Computer Security and Penetration Testing, Second Edition Review Questions with Answers Chapter 1: Ethics of Hacking and Cracking 1. Using the W/B Hat model, which hacker is more likely to make up a Web site to teach new hackers how […]

Chapter 10: Trojan Horses 1. Define a Trojan horse application. 2. Explain why all attachments are possible Trojan suspects. Because of the very long list of executable files cited above and because of Microsoft’s decision to hide “known extensions” by […]

Chapter 11: Denial-of-Service Attacks 1. What is a DoS attack and what makes it different from a DDoS attack? 2. If your network is experiencing a SMURF attack, what is the best response? Set an ACL to drop pings. 3. […]

Chapter 12: Buffer Overflows 1. Does a function in C automatically limit input larger than the memory buffer? 2. Will a null terminator prevent a buffer overflow? Yes, even if the entry contains extra characters. 3. What kinds of variables […]

Chapter 13: Programming Exploits 1. What is the difference between programming languages and scripting languages? 2. What is the language upon which C++, C#, and PERL were based? • C programing language 3. Give an example of vulnerability in languages […]

Chapter 14: Mail Vulnerabilities 1. What does SMTP stand for and what does it do? 2. What does IMAP stand for and what is it for? Internet Message Access Protocol. An e-mail message that is stored on an IMAP server […]

Chapter 15: Web Application Vulnerabilities 1. Does placing a Web server in a DMZ protect it from network-borne threats? 2. What are the five classes of attack possible on a Web server? Physical vulnerabilities, network operating system vulnerabilities, server operating […]

Chapter 16: Windows Vulnerabilities 1. What Windows operating systems are supported with security patches? 2. List and describe three Windows 2000 vulnerabilities. (Short essay, no more than two pages, please.) Password security, default accounts, file sharing defaults, Windows registry security […]

Chapter 17:UNIX/Linux Vulnerabilities 1. In which language was UNIX written? 2. Did Linus Torvalds invent Linux? Yes and no. He started building Linux as a terminal emulator using Possix and UNIX system APIs. He did not foresee that he would […]

1 Chapter 18: Incident Handling 1. Why is an incident-handling policy needed? Specific policy written and practiced before the occurrence of an incident makes the identification and solution of the incident faster and more effective. 2. What are some different […]

Chapter 2: Reconnaissance 1. What are the three classifications of reconnaissance? 2. Define and discuss legal reconnaissance. All Internet research is legal. Asking questions is legal. Entering a place of business is often legal. Making friends with a person who […]

Chapter 3: Scanning Tools 1. Can you use a scanner to check open ports on a computer on another LAN? 2. What are the various phases of penetration testing that make use of scanning tools? • Discovery • Reconnaissance • […]

Chapter 4: Sniffers 1. Are there cases where a network sniffer is a legitimate application to be running? 2. What operating systems will support a packet-sniffing application? Windows, DOS, Unix, Linux, Solaris, Irix, SunOS, MacOS (any operating system that supports […]

Chapter 5: TCP/IP Vulnerabilities 1. What does TCP/IP stand for? 2. What does TCP handle on the Internet? Verified and reliable delivery and reassembly of data packets 3. What does IP handle on the Internet? Sending data from the source […]

Chapter 6: Encryption and Password Cracking 1. What is the difference between transposition and substitution in cryptography? (Short essay, no 2. Writing Exercise: Write a paragraph of 25-40 words, using a transposition or substitution code. On a separate sheet of […]

Chapter 7: Spoofing 1. What is spoofing? 2. What is IP spoofing? Accessing a target disguised as a trusted third party 3. What is the difference between active spoofing and blind spoofing? In active spoofing, the hacker can see both […]

Chapter 8: Session Hijacking 1. What is session hijacking? 2. Why is session hijacking done? Session hijacking is done to enable an attacker to send and execute commands on remote computers that cannot ordinarily be done by an outside agent. […]

Chapter 9: Hacking Network Devices 1. What are the benefits of using a firewall? 2. What are the limitations of firewall software? Firewall security solutions tend to lure their users into implementing a “hard on the outside but soft on […]