Network Intrusion Investigation Chapter 1 Solutions - Review Questions 1.
The U.S. Department of Justice defines a hacker as which of the following?
a. A person who accesses a computer or network without the owner’s permission 2.
A penetration tester is which of the following?
c. A security professional who’ who ’s hired to hack into a network to discover vulnerabilities 3.
Some experienced hackers refer to inexperienced hackers who copy or use prewritten scripts or programs as which of the following? (Choose all that apply.)
c. Packet monkeys d. Script kiddies 4.
What three models do penetration or security testers use to conduct tests?
white box, black box, gray box 5.
A team composed of people with varied skills who attempt to penetrate a network is referred to as which of the following?
d. Red team 6.
How can you find out which computer crime laws are applicable in your state?
a. Contact your local law enforcement agencies. 7.
What portion of your ISP contract might affect your ability to conduct a penetration test over the Internet?
c. Acceptable use policy 8.
If you run a pr ogram in New York City that uses network resources to the extent that a user is denied access to them, what type of law have you violated?
d. Federal 9.
Which federal law prohibits unauthorized access of classified information?
a. Computer Fra ud and Abuse Act, Title 18 10. Which federal law prohibits intercepting any communication, regardless of how it was transmitted? b. Electronic Communication Privacy Act 11. Which federal law amended Chapter 119 of Title 18, U.S. Code? d. U.S. Patriot Act, Sec. 217: Interception of Computer Trespasser Communications 12. To determine whether scanning is illegal in your area, you should do which of the following? c. Refer to state laws. 13. What organization offers the Certified Ethical Hacker (CEH) certification exam? b. EC-Council 14. What organization designates a person as a CISSP? a. International Information Systems Security Certification Consortium (ISC2) 15. What organization designates a person as an OPST? d. ISECOM 16. As a security tester, what should you do before installing hacking software on your computer? a. Check with local law enforcement agencies. 17. Before using hacking software over the Internet, you should contact which of the following? (Choose all that apply.)
a. Your ISP c. Local law enforcement authorities to check for compliance 18. Which organization issues the Top 20 list of current network vulnerabilities? a. SANS Institute 19. A written contract isn’t necessary when a friend recommends a client. True or False? False 20. A penetration tester should possess which of the follo wing attributes? (Choose all that apply.) a. Good listening skills b. Knowledge of networking and computer technology c. Good verbal and written communication skills d. An interest in securing networks and co mputer systems
Chapter 2 Solutions - Review Questions 1. The Netstat command indicates that POP3 is in use on a remote server. Which port is the remote server most likely using? b. Port 110 2. On a Windows computer, what command can you enter to show all o pen ports being used? a. Netstat 3. Which protocol uses UDP? d. TFTP 4. Which protocol offers guaranteed delivery and is connection oriented? c. TCP 5. TCP communication could be likened to which of the following? d. Phone conversation 6. Which of the following protocols is connectionless? (Choose all that apply.) a. UDP b. IP 7. Which command verifies the existence of a node on a network? a. Ping 8. FTP offers more security than TFTP. True or False? True 9. List the three components of the TCP/IP three-way handshake. SYN, SYN-ACK, and ACK 10. What protocol is used for reporting or informational purposes? c. ICMP 11. List the six flags of a TCP packet. SYN, ACK, PSH, URG, RST, FIN 12. A UDP packet is usually smaller than a TCP packet. True or False? True 13. What port, other than port 110, is used to retrieve e-mail? b. Port 143
14. What port does DNS use? d. Port 53 15. What command is used to log on to a remote server, computer, or router? c. Telnet 16. Which of the following is not a valid octal number? c. 3482 17. The initial sequence number (ISN) is set at which step of the TCP three-way handshake? d. 1 and 2 18. A Ping command initially uses which ICMP type code? b. Type 8 19. “Destination Unreachable” is designated by which ICMP type code? c. Type 3 20. What’ s the hexadecimal equivalent of the binary number 1111 1111? a. FF
Chapter 3 Solutions - Review Questions 1.
What is the main purpose of malware?
a. Doing harm to a computer system 2.
A computer _____ relies on a host to pr opagate throughout a network.
b. Virus 3.
An exploit that attacks computer systems by inserting executable code in areas of memory not protected because of poorly written code is called which of the following?
a. Buffer overflow 4.
Which of the following exploits might hide its destructive payload in a legitimate application or game?
a. Trojan program 5.
Antivirus software should be updated annually. True or False?
False 6.
Which of the following doesn’t attach itself to a host but can re plicate itself?
a. Worm 7.
Which of the following is an example of a macro programming language?
d. Visual Basic for Applications 8.
One purpose of adware is t o determine users’ purchasing habits. True or False?
True 9.
List three types of malware.
Answers can include viruses, wor ms, Trojan programs, adware, and spyware. 10. A software or hardware component that records each keystroke a user enters is called which of the following? b. Keylogger 11. List three worms or viruses that use e-mail as a form of attack. Answers can include Waledec, Nimda, Melissa, and W32/Sobig.F. 12. The Ping of Death is an exploit that sends multiple ICMP packets to a host faster than the host can handle. True or False? False
13. What type of network attack relies on multiple servers participating in an attack on one host system? d. Distributed denial-of-service attack 14. What exploit is used to elevate an attacker’s permissions by inserting executable code in the computer’s memory? b. Buffer overflow 15. What component can be used to reduce the risk of a Trojan program or rootkit sending information from an attacked computer to a remote host? d. Firewall 16. To reduce the risk of a virus attack on a network, you should do which of the following? d. All of the above 17. The base 64 numbering system uses ____ bi ts to represent a character. b. 6 18. An exploit that leaves an attacker with another way to compromise a network later is called which of the following? a. Rootkit d. Backdoor 19. Which of the following is a good place to begin your search for vulnerabilities of Microsoft products? b. Microsoft Security Bulletins 20. An exploit discovered for one OS might also be effective on a different OS. True or False? True