Ethical Hacking Final
Terms in this set (83)
All CFML tags begin with "____".
ColdFusion uses its own proprietary tags written in ____.
Connecting to a Microsoft Active Directory Service database with OLE DB requires using ____ as the provider.
Connecting to a MySQL database with OLE DB requires using ____ as the provider.
Connecting to a VSAM database with OLE DB requires using ____ as the provider.
Connecting to an MS SQL Server database with OLE DB requires using ____ as the provider.
In a(n) ____ flaw, a Web browser might carry out code sent from a Web site.
One of the best Web sites to find tools for hacking Web applications is ____.
SQL ____ involves the attacker supplying SQL commands when prompted to fill in a Web application field.
The ____ Search page is an excellent starting point when investigating VBScript vulnerabilities.
Microsoft Security Bulletin
The column tag in CFML is ____.
To check whether a CGI program works, you should save the program to the ____ directory of your Web server, and then enter the URL in your Web browser.
Visual Basic Script (VBScript) is a scripting language developed by ____.
Web servers use the ____ element in an HTML document to allow customers to submit information to the Web server.
____ is a standard database access method developed by the SQLAccess Group.
____ is one of the best tools for scanning the Web for systems with CGI vulnerabilities.
____ is the interface that describes how a Web server passes data to a Web browser.
____ represent(s) a comment in SQL.
Double hyphens (--)
____ was originally used primarily on UNIX systems, but is used more widely now on many platforms, such as Macintosh and Windows.
____, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system.
A(n) ____ is a transceiver that connects to a network via an Ethernet cable; it bridges the wireless LAN with the wired network.
access point (AP)
Each frequency band contains ____; if they overlap, interference could occur.
In 802.11, an addressable unit is called a ____.
In 802.1X, a(n) ____ is the wireless user attempting access to a WLAN.
In a WPAN, the maximum distance allowed between each device is usually ____ meters.
One of the default SSIDs used by D-Link is ____.
One of the default SSIDs used by Linksys is ____.
The 802.11 standard applies to the Physical layer of the OSI model, which deals with wireless connectivity issues of fixed, portable, and moving stations in a local area, and the Media Access Control (MAC) sublayer of the ____.
Data Link layer
The ____ band is used by commercial AM radio stations.
medium frequency (MF)
The ____ standard can achieve a throughput of 54 Mbps.
The ____ standard has improvements to address the problem of interference.
The ____ standard, also referred to as Wi-Fi, operates in the 2.4 GHz range with an increased throughput from 1 or 2 Mbps to 11 Mbps.
The default SSID used by Cisco is ____.
WPA improves encryption by using ____.
____ Project 802 was developed to create LAN and WAN standards.
____ defines how data is placed on a carrier signal.
____ is a freeware tool written for Windows that enables you to detect WLANs using 802.11a, 802.11b, and 802.11g.
____ is a product for conducting wardriving attacks written by Mike Kershaw. This product is free and runs on Linux, BSD, Mac OS X, and even Linux PDAs.
____ is an enhancement to PPP.
____ is the most popular type of WLAN technology.
____ is the tool most hackers wanting to access WEP-enabled WLANs use.
____ uses TLS to authenticate the server to the client but not the client to the server.
____ is a scripting language for Windows and Linux that performs repetitive tasks, such as password cracking.
____ is the original password-cracking program now used by many government agencies to test for password strength.
A certificate contains a unique serial number and must follow the ____ standard that describes the makings of a certificate.
A famous encryption device was the ____ machine developed by Arthur Scherbius and used by the Germans during World War II.
After DES was in service for many years, NIST decided that a new standard was in order: ____.
Advanced Encryption Standard (AES)
Even though DEA uses 64-bit encryption, only ____ bits are effectively being used.
In a ____ attack, after an attacker has access to a password file, he or she can run a password-cracking program that uses a dictionary of known words or passwords as an input file.
In a ____ attack, an attacker uses a password-cracking program to guess passwords by attempting every possible combination of letters.
In a ____ attack, the attacker has access to plaintext and ciphertext and the ability to choose which messages to encrypt.
In a ____ attack, the attacker has access to the ciphertext to be decrypted and to the resulting plaintext.
In a ____ attack, the attacker has messages in both encrypted form and decrypted forms.
In a ____ attack, the attacker has the ciphertext of several messages that were encrypted with the same encryption algorithm but has no access to the plaintext, so he or she must try to figure out the key used to encrypt the data.
RSA was developed by three MIT professors:Ronald L.Rivest, ____, and Leonard M. Adleman.
The Book of Jeremiah was written using a cipher, or key, known as ____.
The Purple Machine code was broken by ____, a cryptanalyst for the U.S. government and known as the "Father of U.S. Cryptanalysis."
William Frederick Friedman
The ____ algorithm does not provide encryption but is used to establish the secret key between two parties.
The program ____ is one of the best programs available today for cracking password files.
John the Ripper
____ is a hashing algorithm developed by Rivest in 1991.
____ is an asymmetrical algorithm that can be used to encrypt data, create a digital signature, and exchange secret keys.
____ is used for encryption as well as digital signatures and key exchange.
____ means that a user can't deny he or she sent a message to a recipient, and the receiver of a message can't deny ever receiving the message.
____ refers to verifying the sender or receiver (or both) is who he or she claims to be.
____ was developed by Phil Zimmerman as a free e-mail encryption program that allowed typical users to encrypt e-mail messages.
____, developed by Bruce Schneier, is a block cipher that operates on 64-bit blocks of plaintext.
____, developed by Xuejia Lai and James Massey, is a block cipher that operates on 64-bit blocks of plaintext.
International Data Encryption Algorithm (IDEA)
Please list the two main web applications
1. Static web page
2. Dynamic web page
1. please list the web application top 10 vulnerabilities come out by security professional
1. XSS (cross-site scripting) flaws
2. Injection flaws and malicious file execution
3. Unsecured direct object reference
4. Cross-site request forgery (CSRF)
5. Information leakage and incorrect error handling
6. Broken authentication and session management
7. Unsecured cryptographic storage
8. Unsecured communication
9. Failure to restrict URL access
How to assess web applications
1. Does the Web application use dynamic Web pages?
2. Does the Web application connect to a back-end database server?
3. Does the Web application require authentication of the user?
4. On what platform was the Web application developed?
Please list the 802.1X authentication standard
802.1x defines the process of authenticating and authorizing users on a WLAN
1. Point-to-Point Protocol(PPP)
2. Extensible Authenticating Protocol(EAP)
3. Wired Equivalent Privacy(WEP)
4. Wi-Fi Protected Access(WPA)
Please list at least three kinds of symmetric, three kinds of asymmetric algorithm. Please example the different ways for performing attack in encryption.
1. Data Encryption Algorithm (DES)
2. Advanced Encryption Standard (AES)
3. Elliptic Curve
1. Birthday Attack
2. Brute-Force Attack
3. Man-in-the-Middle Attack
4. Replay Attack
What is port scanning
process to determine what services a host computer offers
Why is Scripting important in the port scanning
automates time consuming tasks
What is C++
It's a portable, open ISO standerized and compiled language. A C++ program is a collection of commands.
What is HBGary
A computer security company that offers softwares and services
What is a null session in NetBIos and How can null sessions be prevented(with just 3 is fine)
Unauthenticated connection to a Windows computer
setting/modifying values in registry
in Windows 2000, RestrictAnonymous=2
What is a vulnerability assessment?
A vulnerability assessment identifies, quantifies, and ranks the vulnerabilities in a system.
What is another name for a session ID in PhP
What is windows Embedded standard based off of
Could you please explain the process of cracking a WEP with your own words
With two applications, one to capture the packets and one to generate a key/decrypt the packets
List the main components in the network protection systems (at least 5)
4. Web filtering
5. Honey pots
YOU MIGHT ALSO LIKE...
ethical hacking final exam
Ethical Hacking Week 3
BPA Computer Security
chapter 12 security risks
OTHER SETS BY THIS CREATOR
Operating Systems Final
Security and Risk Management Final
Cyber Forensics Final Participation
Cyber Forensics Final Multiple Choice
THIS SET IS OFTEN IN FOLDERS WITH...
Ethical Hacking Exam 2
CC6051 Ethical Hacking quiz 7
Ethical Hacking Midterm
ITEC 472 Chapter 12