What is GINA?
A. Gateway Interface Network Application
B. GUI Installed Network Application CLASS
C. Global Internet National Authority (G-USA)
D. Graphical Identification and Authentication DLL
In computing,GINA refers to the graphical identification and authentication library,a component of some Microsoft Windows operating systems that provides secure authentication and interactive logon services.
Fingerprinting an Operating System helps a cracker because:
A. It defines exactly what software you have installed
B. It opens a security-delayed window based on the port being scanned
C. It doesn’t depend on the patches that have been applied to fix existing security holes
D. It informs the cracker of which vulnerabilities he may be able to exploit on your system
When a cracker knows what OS and Services you use he also knows which exploits might work on your system. If he would have to try all possible exploits for all possible Operating Systems and Services it would take too long time and the possibility of being detected increases.
In the context of Windows Security, what is a ‘null’ user?
A. A user that has no skills
B. An account that has been suspended by the admin
C. A pseudo account that has no username and password
D. A pseudo account that was created for security administration purpose
NULL sessions take advantage of pfeaturesq in the SMB (Server Message Block) protocol that exist primarily for trust relationships. You can establish a NULL session with a Windows host by logging on with a NULL user name and password. Using these NULL connections allows you to gather the following information from the host:
* List of users and groups
* List of machines
* List of shares
* Users and host SID’ (Security Identifiers) NULL sessions exist in windows networking to allow:
* Trusted domains to enumerate resources
* Computers outside the domain to authenticate and enumerate users
* The SYSTEM account to authenticate and enumerate resources NetBIOS NULL sessions are enabled by default in Windows NT and 2000. Windows XP and 2003 will allow anonymous enumeration of shares,but not SAM accounts.
What does the following command in netcat do?
nc -l -u -p55555 < /etc/passwd
A. logs the incoming connections to /etc/passwd file
B. loads the /etc/passwd file to the UDP port 55555
C. grabs the /etc/passwd file when connected to UDP port 55555
D. deletes the /etc/passwd file when connected to the UDP port 55555
-l forces netcat to listen for incoming connections.
-u tells netcat to use UDP instead of TCP
-p 5555 tells netcat to use port 5555
< /etc/passwd tells netcat to grab the /etc/passwd file when connected to.
What hacking attack is challenge/response authentication used to prevent?
A. Replay attacks
B. Scanning attacks
C. Session hijacking attacks
D. Password cracking attacks
A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it. With a challenge/response authentication you ensure that captured packets canot be retransmitted without a new authentication.
What file system vulnerability does the following command take advantage of?
type c:anyfile.exe > c:winntsystem32calc.exe:anyfile.exe
D. Backdoor access
ADS (or Alternate Data Streams) is a pfeatureq in the NTFS file system that makes it possible to hide information in alternate data streams in existing files. The file can have multiple data streams and the data streams are accessed by filename:stream.
Attackers can potentially intercept and modify unsigned SMB packets, modify the traffic and forward it so that the server might perform undesirable actions. Alternatively, the attacker could pose as the server or client after a legitimate authentication and gain unauthorized access to data. Which of the following is NOT a means that can be used to minimize or protect against such an attack?
B. SMB Signing
C. File permissions
D. Sequence numbers monitoring
LM authentication is not as strong as Windows NT authentication so you may want to disable its use, because an attacker eavesdropping on network traffic will attack the weaker protocol. A successful attack can compromise the user’s password. How do you disable LM authentication in Windows XP?
A. Stop the LM service in Windows XP
B. Disable LSASS service in Windows XP
C. Disable LM authentication in the registry
D. Download and install LMSHUT.EXE tool from Microsoft website
Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?
A. Covert keylogger
B. Stealth keylogger
C. Software keylogger
D. Hardware keylogger
As the hardware keylogger never interacts with the Operating System it is undetectable by anti-virus or anti-spyware products.
_____ is the process of converting something from one representation to the simplest form. It deals with the way in which systems convert data from one form to another.
B. Character Mapping
C. Character Encoding
D. UCS transformation formats
Canonicalization (abbreviated c14n) is the process of converting data that has more than one possible representation into a “standard” canonical representation. This can be done to compare different representations for equivalence,to count the number of distinct data structures (e.g.,in combinatorics),to improve the efficiency of various algorithms by eliminating repeated calculations,or to make it possible to impose a meaningful sorting order.