978-0789757463 Chapter 6

True / False

1. NMAP is a popular hacking tool.

2. Black hat hackers are also known as script kiddies.

3. Hacking into phone systems is also known as phreaking.

4. Checking an organization’s websites is a form of active scanning.

5. NetBIOS is an example of a port scanner.

6. Ping scanning may be stopped by blocking ICMP packets.

7. ACK scans and NULL scans work only on UNIX systems.

8. A SQL statement may begin with the word SELECT.

9. Sid2User, UserInfo, and UserDump are examples of password cracking tools.

10. Windows passwords are stored in a hash file in one of the system diretories.

Multiple Choice

1. Testing an organization’s security is known as ________ testing.

a. Penetration

b. Location

c. Virus

d. None of the above

2. Some who performs a cyberattack without actually understanding it is a _______.

a. Gray hat hacker

b. White hat hacker

c. Script kiddie

d. None of the above

3. Hacking into phone systems is called ___________.

a. Telnetting

b. Dial hacking

c. Phreaking

d. None of the above

4. Scanning bulletin boards, making phony phone calls, and visiting websites by a hacker

are examples of _________.

a. Active scanning

b. Passive scanning

c. Phreaking

d. Scouring

5. There are 1,024 well-known ________ that are usually associated with specific

services.

a. Ports

b. Processes

c. Applications

d. Programs

6. The most popular port scanner in the hacking and security community is ________.

a. Portscan

b. Nmap

c. Servport

d. NetBIOS

7. The most reliable Nmap scan is ____________ scan.

a. ping

b. Connect

c. SYN

d. FIN

8. With a(n) _________ scan, if the port is closed, the response is an RST. If the port is

open, the response is a SYN/ACK.

a. FIN

b. XMAS

c. SYN

d. ACK

9. Nmap enables you to set ________ such as –sP, -sS, and -oA.

a. Parameters

b. Flags

c. Switches

d. None of the above

10. ___________ is the process to find out what is on a target system.

a. Enumeration

b. Phishing

c. Mapping

d. Scanning

11. Passing structured query language commands to a web application and getting the

website to execute it is called SQL script _________.

a. Injection

b. Processing

c. Attacking

d. Execution

12. When an attacker injects client-side scripts into web pages viewed by other users so

that those users interact with it, it is an example of _________.

a. Cross-site scripting

b. Phreaking

c. Phishing

d. None of the above

13. _________ is a popular tool for cracking Windows passwords.

a. Sid2User

b. Cheops

c. Netcat

d. OphCrack

14. The net command can be included in a ________ that will create a domain admin

account.

a. Port

b. Scan

c. Script

d. None of the above

15. To create a domain admin account, the user must be a member of the __________

group.

a. Domain admins

b. Domain users

c. Backup operators

d. Everyone