ITN 261 FINAL EXAM QUESTIONS
WITH ALL CORRECT ANSWERS
NEW UPDATE (ALREADY GRADED
A+)
Which type of scan is the most reliable but also the easiest to detect? - Answer- TCP
connect scan
A form of offline attack that functions much like a dictionary attack, but with an extra
level of sophistication, is a: - Answer- hybrid attack.
Active@ and Trinity Rescue Kit are examples of: - Answer- tools used to change
passwords
An attacker can deprive the system owner of the ability to detect the activities that have
been carried out by: - Answer- disabling auditing.
Attackers attempts to stop their attacks from being detected are referred to as: -
Answer- covering tracks
Cain and Abel, John the Ripper, Pandora, and Pwdump3 are examples of: - Answer-
password crackers.
Precomputed hashes are used in an attack type known as a: - Answer- rainbow table
Privilege escalation gives the attacker the ability to - Answer- perform actions on the
system with fewer restrictions and perform tasks that are potentially more damaging.
Shoulder surfing, keyboard sniffing, and social engineering are considered: - Answer-
nontechnical attacks.
The database on the local Windows system that is used to store user account
information is called: - Answer- the Security Account Manager (SAM).
The feature in the Windows operating system that is used to give access to certain
types of information across the network is the: - Answer- NULL session.
, The unique ID that is assigned to each user account in Windows that identifies the
account or group is called a(n): - Answer- security identifier (SID).
Which of the following are considered offline attacks? - Answer- Hybrid and
precomputed attacks
Which of the following are considered passive online attacks? - Answer- Packet sniffing,
or man-in-the-middle and replay attacks
Which of the following is NOT true regarding the use of a packet sniffer? - Answer-
Packet sniffing involves the attacker capturing traffic from both ends of the
communication between two hosts.
Which of the following refers to a utility designed to detect Simple Network Management
Protocol (SNMP)-enabled devices on a network and locate and identify devices that are
vulnerable to SNMP attacks? - Answer- SNScan
Which of the following refers to software designed to alter system files and utilities on a
victim's system with the intention of changing the way a system behaves? - Answer-
Rootkits
Which of the following statements is NOT true regarding enumeration - Answer- During
the enumeration phase, the attack has reached an advanced stage in which the
attacker breaks into or penetrates the system.
Which of the following tools is included with every version of the Windows operating
system and has a number of switches that can be used to perform different functions,
some of which can be useful for the ethical hacker? - Answer- nbtstat
Which of the following tools is used to perform port scanning, but can also be used to
perform enumeration by using utilities designed for extracting information from a
Windows-based host? - Answer- SuperScan
Which of the following user accounts is considered a super user-style account that gets
nearly unlimited access to the local system and can perform actions on the local system
with little or no restriction? - Answer- SYSTEM
A process where communications are redirected to different ports than they would
normally be destined for is called: - Answer- port redirection
A section of the hard drive record responsible for assisting in locating the operating
system to boot the computer is called the: - Answer- master boot records (MBRs).
A packet flagged with the FIN flag signals: - Answer- the end or clearing of a
connection.
WITH ALL CORRECT ANSWERS
NEW UPDATE (ALREADY GRADED
A+)
Which type of scan is the most reliable but also the easiest to detect? - Answer- TCP
connect scan
A form of offline attack that functions much like a dictionary attack, but with an extra
level of sophistication, is a: - Answer- hybrid attack.
Active@ and Trinity Rescue Kit are examples of: - Answer- tools used to change
passwords
An attacker can deprive the system owner of the ability to detect the activities that have
been carried out by: - Answer- disabling auditing.
Attackers attempts to stop their attacks from being detected are referred to as: -
Answer- covering tracks
Cain and Abel, John the Ripper, Pandora, and Pwdump3 are examples of: - Answer-
password crackers.
Precomputed hashes are used in an attack type known as a: - Answer- rainbow table
Privilege escalation gives the attacker the ability to - Answer- perform actions on the
system with fewer restrictions and perform tasks that are potentially more damaging.
Shoulder surfing, keyboard sniffing, and social engineering are considered: - Answer-
nontechnical attacks.
The database on the local Windows system that is used to store user account
information is called: - Answer- the Security Account Manager (SAM).
The feature in the Windows operating system that is used to give access to certain
types of information across the network is the: - Answer- NULL session.
, The unique ID that is assigned to each user account in Windows that identifies the
account or group is called a(n): - Answer- security identifier (SID).
Which of the following are considered offline attacks? - Answer- Hybrid and
precomputed attacks
Which of the following are considered passive online attacks? - Answer- Packet sniffing,
or man-in-the-middle and replay attacks
Which of the following is NOT true regarding the use of a packet sniffer? - Answer-
Packet sniffing involves the attacker capturing traffic from both ends of the
communication between two hosts.
Which of the following refers to a utility designed to detect Simple Network Management
Protocol (SNMP)-enabled devices on a network and locate and identify devices that are
vulnerable to SNMP attacks? - Answer- SNScan
Which of the following refers to software designed to alter system files and utilities on a
victim's system with the intention of changing the way a system behaves? - Answer-
Rootkits
Which of the following statements is NOT true regarding enumeration - Answer- During
the enumeration phase, the attack has reached an advanced stage in which the
attacker breaks into or penetrates the system.
Which of the following tools is included with every version of the Windows operating
system and has a number of switches that can be used to perform different functions,
some of which can be useful for the ethical hacker? - Answer- nbtstat
Which of the following tools is used to perform port scanning, but can also be used to
perform enumeration by using utilities designed for extracting information from a
Windows-based host? - Answer- SuperScan
Which of the following user accounts is considered a super user-style account that gets
nearly unlimited access to the local system and can perform actions on the local system
with little or no restriction? - Answer- SYSTEM
A process where communications are redirected to different ports than they would
normally be destined for is called: - Answer- port redirection
A section of the hard drive record responsible for assisting in locating the operating
system to boot the computer is called the: - Answer- master boot records (MBRs).
A packet flagged with the FIN flag signals: - Answer- the end or clearing of a
connection.
