Module 6 System Hacking

Question 1

Define CEH.

Answer 1

Certified Ethical Hacker, a credential for professionals in ethical hacking.

Question 2

What is the first phase of the CEH hacking methodology?

Answer 2

The first phase is Reconnaissance, where information gathering occurs.

Question 3

True or false: Scanning identifies live hosts and services.

Answer 3

TRUE

Scanning helps in identifying vulnerabilities in the target systems.

Question 4

Fill in the blank: Gaining Access involves _______ exploiting vulnerabilities.

Answer 4

actively

Question 5

What does maintaining access mean in hacking?

Answer 5

It refers to creating a backdoor for future access to the system.

Question 6

Define covering tracks.

Answer 6

The process of erasing evidence of hacking activities to avoid detection.

Question 7

What is social engineering?

Answer 7

Manipulating individuals into divulging confidential information.

Question 8

True or false: Footprinting is part of the reconnaissance phase.

Answer 8

TRUE

Footprinting involves gathering information about a target’s network.

Question 9

What is the purpose of vulnerability assessment?

Answer 9

To identify and evaluate security weaknesses in a system.

Question 10

Fill in the blank: Denial of Service attacks aim to _______ system availability.

Answer 10

disrupt

Question 11

What is exploitation in hacking?

Answer 11

The act of taking advantage of a vulnerability to gain unauthorized access.

Question 12

Define post-exploitation.

Answer 12

Actions taken after gaining access to maintain control over the compromised system.

Question 13

What is the role of reporting in CEH?

Answer 13

To document findings and provide recommendations for improving security.

Question 14

True or false: Network sniffing captures data packets traveling over a network.

Answer 14

TRUE

Sniffers can be used to intercept sensitive information.

Question 15

What does password cracking involve?

Answer 15

Attempting to gain unauthorized access by guessing or recovering passwords.

Question 16

Fill in the blank: SQL Injection is a type of _______ attack.

Answer 16

injection

Question 17

What is malware?

Answer 17

Malicious software designed to harm or exploit any programmable device.

Question 18

Define phishing.

Answer 18

A technique to trick individuals into revealing personal information via deceptive emails.

Question 19

What is the purpose of firewalls?

Answer 19

To monitor and control incoming and outgoing network traffic based on security rules.

Question 20

True or false: Encryption secures data by converting it into a readable format.

Answer 20

FALSE

Encryption transforms data into an unreadable format to protect it.

Question 21

What is the function of intrusion detection systems (IDS)?

Answer 21

To monitor network traffic for suspicious activities and potential threats.

Question 22

Fill in the blank: Zero-day vulnerabilities are _______ known to the vendor.

Answer 22

not

Question 23

What is risk assessment?

Answer 23

The process of identifying, evaluating, and prioritizing risks to minimize impact.

Question 24

Define ethical hacking.

Answer 24

Legally testing systems for vulnerabilities to improve security.

Question 25

What does **OSINT** stand for?

Answer 25

Open Source Intelligence, information collected from publicly available sources.

Question 26

True or false: **Patch management** is crucial for maintaining system security.

Answer 26

TRUE ## Footnote Regular updates fix vulnerabilities and improve system resilience.

Question 27

Define **brute force attack**.

Answer 27

A method of cracking passwords by trying all possible combinations until the correct one is found.

Question 28

True or false: **Phishing** attacks use deceptive emails to steal passwords.

Answer 28

TRUE ## Footnote Phishing often involves fake websites to capture user credentials.

Question 29

What is a **dictionary attack**?

Answer 29

A password cracking method that uses a list of common passwords and phrases.

Question 30

Fill in the blank: **Keylogging** is a technique that records _______ typed on a keyboard.

Answer 30

keystrokes

Question 31

Define **credential stuffing**.

Answer 31

An attack where stolen username-password pairs are used to access multiple accounts.

Question 32

What is a **man-in-the-middle attack**?

Answer 32

An attack where the attacker intercepts communication between two parties to steal information.

Question 33

True or false: **Social engineering** relies on manipulating people to gain access.

Answer 33

TRUE ## Footnote Techniques include impersonation and deception to extract sensitive information.

Question 34

What does **password spraying** involve?

Answer 34

Attempting to access many accounts using a few common passwords.

Question 35

Fill in the blank: **Rainbow tables** are used to reverse _______ hashes.

Answer 35

cryptographic

Question 36

Define **session hijacking**.

Answer 36

An attack where an attacker takes control of a user session to gain unauthorized access.

Question 37

What is **shoulder surfing**?

Answer 37

Observing someone’s screen or keyboard to steal passwords or sensitive information.

Question 38

True or false: **Password reuse** increases the risk of account compromise.

Answer 38

TRUE ## Footnote Using the same password across multiple sites can lead to widespread breaches.

Question 39

What is a **password manager**?

Answer 39

A tool that securely stores and manages passwords for various accounts.

Question 40

Fill in the blank: **Two-factor authentication** adds an extra layer of _______ to password security.

Answer 40

protection

Question 41

Define **brute force attack**.

Answer 41

A method of cracking passwords by systematically checking all possible combinations.

Question 42

What is **credential harvesting**?

Answer 42

The process of collecting user credentials through various deceptive methods.

Question 43

True or false: **Malware** can be used to steal passwords.

Answer 43

TRUE ## Footnote Types of malware include keyloggers and trojans designed for credential theft.

Question 44

What is a **password policy**?

Answer 44

A set of rules designed to enhance security by enforcing strong password creation.

Question 45

Fill in the blank: **Salting** passwords adds random data to make _______ more difficult.

Answer 45

hashing

Question 46

Define **social engineering**.

Answer 46

Manipulating individuals into divulging confidential information for fraudulent purposes.

Question 47

What is a **keylogger**?

Answer 47

A type of surveillance software that records keystrokes to capture sensitive information.

Question 48

True or false: **Physical security** can prevent password attacks.

Answer 48

TRUE ## Footnote Securing devices and access points reduces the risk of unauthorized access.

Question 49

What is **password complexity**?

Answer 49

The requirement for passwords to include a mix of letters, numbers, and symbols.

Question 50

Fill in the blank: **Account lockout** policies help prevent _______ attacks.

Answer 50

brute force

Question 51

Define **password expiration**.

Answer 51

A security measure requiring users to change their passwords after a set period.

Question 52

What is a **security question**?

Answer 52

A question used to verify a user's identity, often during password recovery.

Question 53

What is a **Trojan**?

Answer 53

A program that masks itself as a benign application but steals information or harms the system ## Footnote Attackers can gain remote access and perform operations limited by user privileges on the target computer.

Question 54

Define **Spyware**.

Answer 54

A type of malware that secretly gathers information about users without their knowledge ## Footnote Spyware hides itself from the user and can be difficult to detect.

Question 55

What is the function of a **keylogger**?

Answer 55

Records all user keystrokes without the user's knowledge ## Footnote Keyloggers send logs of user keystrokes to an attacker's machine or hide them for later retrieval.

Question 56

True or false: A **keylogger** can reveal the contents of all user emails.

Answer 56

TRUE ## Footnote Keyloggers can capture sensitive information, including emails and passwords.

Question 57

What is the purpose of installing a **Trojan/spyware/keylogger** on a victim's machine?

Answer 57

To collect usernames and passwords ## Footnote These programs run in the background and send back all user credentials to the attacker.

Question 58

What is a **Hash Injection/Pass-the-Hash (PtH) Attack**?

Answer 58

An attack possible when the target system uses a hash function for authentication ## Footnote The system stores hash values of credentials in the SAM database/file on a Windows computer.

Question 59

In a **Pass-the-Hash** attack, what does the server do with the user-submitted credentials?

Answer 59

Computes the hash value or allows the user to input the hash value directly ## Footnote The server checks it against the stored hash value for authentication.

Question 60

What is the purpose of **LLMNR/NBT-NS** broadcast in ethical hacking?

Answer 60

To find out if anyone knows a specific host name ## Footnote This technique is used to discover network resources and can be exploited by attackers.

Question 61

What happens when a user sends an **incorrect host name** during an LLMNR/NBT-NS broadcast?

Answer 61

The response indicates that the host is NOT FOUND ## Footnote For example, sending 'I\DtaServr' results in '1\DtaServr- NOT FOUND'.

Question 62

In the LLMNR/NBT-NS poisoning attack, what does the **attacker** do after the user sends an incorrect host name?

Answer 62

The attacker responds claiming to know the host, accepts NTLMv2 hash, and sends an ERROR message ## Footnote This is part of the attack strategy to exploit the user's request.

Question 63

What is the **Responder** tool used for in LLMNR/NBT-NS poisoning?

Answer 63

It is an LLMNR, NBT-NS, and MDNS poisoner that responds to specific queries ## Footnote By default, it responds to File Server Service requests for SMB.

Question 64

What information can attackers extract using the **Responder** tool?

Answer 64

* Target system's OS version * Client version * NTLM client IP address * NTLM username * Password hash ## Footnote This information is critical for further exploitation of the network.

Question 65

What is Rubeus?

Answer 65

This is the tool used by attackers to perform AS-REP Roasting (Cracking TGT) attacks.

Question 66

What is Makrov-Chain Attack

Answer 66

In Makrov-Chain attack attackers gather a password database and split each password entry into two and three character syllables using these character elements. A new alphabet is developed which is then matched with the existing password database.

Question 67

What is the initial phase of the Makrov-Chain Attack?

Answer 67

Attacker set a threshold parameter for the occurrences of the elements and only their letters present in the new alphabet that occurred at least the minimum number of times are selected.

Question 68

What tools attackers use to detect hijackable DLLs and perform DLL hijacking?

Answer 68

Robber and PowerSploit