1. The result of a “whois” search on a target is listed here:
Which of the following is a true statement regarding this output?
A. Anybusiness.com was registered using GoDaddy.com.
B. The technical contact for this website may have entered personal information at registration.
C. There is no information within this output useful for a zone transfer.
D. The administrative and technical contacts are the same.
2. Your client’s business is headquartered in Japan. Which regional registry would be the best place to look for footprinting information?
A. APNIC
B. RIPE
C. ASIANIC
D. ARIN
E. LACNIC
3. Which of the following are footprinting tools? (Choose all that apply.)
A. Sam Spade
B. Nslookup
C. Traceroute
D. NetCraft
E. Nessus
4. You are looking for files with the terms “Apache” and “Version” in their titles. Which Google hack is the appropriate one?
A. inurl:apacheinurl:version
B. allintitle:apache version
C. intitle:apacheinurl:version
D. allinurl:apache version
5. You’ve just kicked off a penetration test against a target organization and have decided to perform a little passive footprinting. One of the first sites you visit are job boards, where the company has listed various openings. What is the primary useful footprinting information to be gained through this particular search?
A. Insight into the HR processes of the company
B. Insight into the operating systems, hardware, and applications in use
C. Insight into corporate security policy
D. None of the above
6. Which of the following activities is not considered passive footprinting?
A. Dumpster diving
B. Reviewing financial sites for company information
C. Clicking links within the company’s public website
D. Calling the company’s help desk line
7. As fate would have it, you are contracted to pen test an organization you are already familiar with. You start your passive reconnaissance by perusing the company website. Several months ago, the public-facing website had a listing of all staff members, including phone numbers, e-mail addresses, and other useful information. Since that time, the listing has been removed from the website. Which of the following is the best option to provide access to the listing?
A. Use a tool such as BlackWidow or Wget.
B. Perform Google hack incache:staff.
C. Use whois to discover the information.
D. Use Google Cache.
E. Use www.archive.org.
8. You are footprinting information for a pen test. Social engineering is part of your reconnaissance efforts, and some of it will be active in nature. You take steps to ensure that if the social engineering efforts are discovered at this early stage, any trace efforts point to another organization. Which of the following terms best describes what you are participating in?
A. Anonymous footprinting
B. Pseudonymous footprinting
C. Passive footprinting
D. Redirective footprinting
9. You are setting up DNS for your enterprise. Server A is both a web server and an FTP server. You wish to advertise both services for this machine. Which DNS record type would you use to accomplish this?
A. CNAME
B. SOA
C. MX
D. PTR
E. NS
10. You are shoulder-surfing one of your team members. You see him type in the following:
What is being accomplished here?
A. He is attempting DNS poisoning.
B. He is attempting DNS spoofing.
C. He is attempting a zone transfer.
D. He is resetting the DNS cache.
11. Within the DNS system, a primary server (SOA) holds and maintains all records for the zone. Secondary servers will periodically ask the primary whether there have been any updates. If updates have occurred, they will ask for a zone transfer to update their own copies. Under what conditions will a secondary name server request a zone transfer from a primary?
A. When the primary SOA record serial number is higher that the secondary’s
B. When the secondary SOA record serial number is higher that the primary’s
C. Only when the secondary reboots or restarts services
D. Only when manually prompted to do so
12. Examine the following SOA record:
If a secondary server in the enterprise is unable to check in for a zone update within an hour, what happens to the zone copy on the secondary?
A. The zone copy is dumped.
B. The zone copy is unchanged.
C. The serial number of the zone copy is decremented.
D. The serial number of the zone copy is incremented.
13. Which of the following footprinting tools uses ICMP to provide information on network pathways?
A. Whois
B. Sam Spade
C. Nmap
D. Traceroute
E. AngryIP
14. Examine the following command-line entry:
Which two statements are true regarding this command sequence?
A. Nslookup is in noninteractive mode.
B. Nslookup is in interactive mode.
C. The output will show all mail servers in the zone somewhere.com.
D. The output will show all name servers in the zone somewhere.com.
15. Joe accesses the company website, www.anybusi.com, from his home computer and is presented with a defaced site containing disturbing images. He calls the IT department to report the website hack and is told they do not see any problem with the site: No files have been changed, and when the site is accessed from their terminals (inside the company) it appears normally. Joe connects over VPN into the company website and notices the site appears normally. Which of the following might explain the issue?
A. DNS poisoning
B. Route poisoning
C. SQL injection
D. ARP poisoning
16. One way to mitigate against DNS poisoning is to restrict or limit the amount of time records can stay in cache before they’re updated. Which DNS record type allows you to set this restriction?
A. NS
B. PTR
C. MX
D. CNAME
E. SOA
17. You are gathering reconnaissance on your target organization whose website has a .com extension. With no other information to go on, which regional Internet registry would be the best place to begin your search?
A. ARIN
B. APNIC
C. LACNIC
D. RIPE
E. AfriNIC
18. Which of the following is a good footprinting tool for discovering information on a company’s founding, history, and financial status?
A. SpiderFoot
B. EDGAR database
C. Sam Spade
D. Pipl.com
19. How does traceroute map the routes traveled by a packet?
A. By carrying a hello packet in the payload, forcing the host to respond
B. By using DNS queries at each hop
C. By manipulating the time to live (TTL) parameter
D. Using ICMP type 5, code 0 packets
20. You are footprinting a target headquartered in the Dominican Republic. You have gathered some competitive intelligence and have engaged in both passive and active reconnaissance. Your next step is to define the network range this organization uses. What is the best way to accomplish this?
A. Call the company help desk and ask them
B. Use the EDGAR database
C. Use LACNIC to look up the company range
D. Use ARIN to look up the company range
21. A zone file consists of which types of records? (Choose all that apply.)
A. PTR
B. MX
C. SN
D. SOA
E. DNS
F. A
G. AX
22. Examine the following SOA record:
How long will the secondary server wait before asking for an update to the zone file?
A. One hour
B. Two hours
C. Ten minutes
D. One day
23. A colleague enters the following into a Google search string:
Which of the following statements is most correct concerning this attempt?
A. The search engine will not respond with any result because you cannot combine Google hacks on one line.
B. The search engine will respond with all pages having “intranet” in their title and “human resources” in the URL.
C. The search engine will respond with all pages having “intranet” in the title and in the URL.
D. The search engine will respond with only pages having “intranet” in the title and URL and with “human resources” in the text.
24. A good footprinting method is to track e-mail messages and see what kind of information you can pull back. Which tool is useful in this scenario?
A. Nmap
B. BlackWidow
C. Snow
D. eMailTrackerPro
E. MailMan
25. You are footprinting DNS information using dig. What command syntax should be used to discover all name servers listed by DNS server 202.55.77.12 in the anybiz.com namespace?
A. dig @www.anybiz.com NS 202.55.77.12
B. dig NS @www.anybiz.com 202.55.77.12
C. dig NS @202.55.77.12 www.anybiz.com
D. dig @202.55.77.12 www.anybiz.com NS
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.