Type
Quiz
Book Title
Computer Security Fundamentals (Pearson IT Cybersecurity Curriculum (ITCC)) 3rd Edition
ISBN 13
978-0789757463

978-0789757463 Chapter 6

February 27, 2021
True / False
1. NMAP is a popular hacking tool.
2. Black hat hackers are also known as script kiddies.
3. Hacking into phone systems is also known as phreaking.
4. Checking an organization’s websites is a form of active scanning.
5. NetBIOS is an example of a port scanner.
6. Ping scanning may be stopped by blocking ICMP packets.
7. ACK scans and NULL scans work only on UNIX systems.
8. A SQL statement may begin with the word SELECT.
9. Sid2User, UserInfo, and UserDump are examples of password cracking tools.
10. Windows passwords are stored in a hash file in one of the system diretories.
Multiple Choice
1. Testing an organization’s security is known as ________ testing.
a. Penetration
b. Location
c. Virus
d. None of the above
2. Some who performs a cyberattack without actually understanding it is a _______.
a. Gray hat hacker
b. White hat hacker
c. Script kiddie
d. None of the above
3. Hacking into phone systems is called ___________.
a. Telnetting
b. Dial hacking
c. Phreaking
d. None of the above
4. Scanning bulletin boards, making phony phone calls, and visiting websites by a hacker
are examples of _________.
a. Active scanning
b. Passive scanning
c. Phreaking
d. Scouring
5. There are 1,024 well-known ________ that are usually associated with specific
services.
a. Ports
b. Processes
c. Applications
d. Programs
6. The most popular port scanner in the hacking and security community is ________.
a. Portscan
b. Nmap
c. Servport
d. NetBIOS
7. The most reliable Nmap scan is ____________ scan.
a. ping
b. Connect
c. SYN
d. FIN
8. With a(n) _________ scan, if the port is closed, the response is an RST. If the port is
open, the response is a SYN/ACK.
a. FIN
b. XMAS
c. SYN
d. ACK
9. Nmap enables you to set ________ such as sP, -sS, and -oA.
a. Parameters
b. Flags
c. Switches
d. None of the above
10. ___________ is the process to find out what is on a target system.
a. Enumeration
b. Phishing
c. Mapping
d. Scanning
11. Passing structured query language commands to a web application and getting the
website to execute it is called SQL script _________.
a. Injection
b. Processing
c. Attacking
d. Execution
12. When an attacker injects client-side scripts into web pages viewed by other users so
that those users interact with it, it is an example of _________.
a. Cross-site scripting
b. Phreaking
c. Phishing
d. None of the above
13. _________ is a popular tool for cracking Windows passwords.
a. Sid2User
b. Cheops
c. Netcat
d. OphCrack
14. The net command can be included in a ________ that will create a domain admin
account.
a. Port
b. Scan
c. Script
d. None of the above
15. To create a domain admin account, the user must be a member of the __________
group.
a. Domain admins
b. Domain users
c. Backup operators
d. Everyone
1. testing an organization’s security is known as ________ testing. a. penetration b. location c. virus d. none of the above answer a. this is also called white hat hacking. 2. some who performs a cyberattack without actually understanding it is a _______. a. gray hat hacker b. white hat hacker c. script kiddie d. none of the above answer c. 3. hacking into phone systems is called ___________. a. telnetting b. dial hacking c. phreaking d. none of the above answer c. 4. scanning bulletin boards, making phony phone calls, and visiting websites by a hacker are examples of _________. a. active scanning b. passive scanning c. phreaking d. scouring answer b. 5. there are 1,024 well-known ________ that are usually associated with specific services. a. ports b. processes c. applications d. programs answer a. 6. the most popular port scanner in the hacking and security community is ________. a. portscan b. nmap c. servport d. netbios answer b. nmap is available for free. 7. the most reliable nmap scan is ____________ scan. a. ping b. connect c. syn d. fin answer b. 8. with a(n) _________ scan, if the port is closed, the response is an rst. if the port is open, the response is a syn/ack. a. fin b. xmas c. syn d. ack answer c. 9. nmap enables you to set ________ such as –sp, -ss, and -oa. a. parameters b. flags c. switches d. none of the above answer b. 10. ___________ is the process to find out what is on a target system. a. enumeration b. phishing c. mapping d. scanning answer a. if the target is the entire network, then the attacker is trying to find out what servers, computers, and printers are on that network. 11. passing structured query language commands to a web application and getting the website to execute it is called sql script _________. a. injection b. processing c. attacking d. execution answer a. 12. when an attacker injects client-side scripts into web pages viewed by other users so that those users interact with it, it is an example of _________. a. cross-site scripting b. phreaking c. phishing d. none of the above answer a. in this type of attack, the attacker’s script is executed, rather than the intended website functionality. 13. _________ is a popular tool for cracking windows passwords. a. sid2user b. cheops c. netcat d. ophcrack answer d. ophcrack is available for download. 14. the net command can be included in a ________ that will create a domain admin account. a. port b. scan c. script d. none of the above answer c. the script would include net user and net group. 15. to create a domain admin account, the user must be a member of the __________ group. a. domain admins b. domain users c. backup operators d. everyone answer a.