• Choose a category
• All
• Classic-Fiction

Review Questions

1. Which are the four regional Internet registries?

A. APNIC, PICNIC, NANIC, RIPE NCC

B. APNIC, MOSTNIC, ARIN, RIPE NCC

C. APNIC, PICNIC, NANIC, ARIN

D. APNIC, LACNIC, ARIN, RIPE NCC

2. Which of the following is a tool for performing footprinting undetected?

A. Whois search

B. Traceroute

C. Ping sweep

D. Host scanning

3. Which of the following tools are used for footprinting? (Choose 3 answers.)

A. Whois

B. Sam Spade

C. NMAP

D. SuperScan

E. Nslookup

4. What is the next step to be performed after footprinting?

A. Scanning

B. Enumeration

C. System hacking

D. Active information gathering

5. Which are good sources of information about a company or its employees? (Choose all that apply.)

A. Newsgroups

B. Job postings

C. Company website

D. Press releases

6. How does traceroute work?

A. It uses an ICMP destination-unreachable message to elicit the name of a router.

B. It sends a specially crafted IP packet to a router to locate the number of hops from the sender to the destination network.

C. It uses a protocol that will be rejected by the gateway to determine the location.

D. It uses the TTL value in an ICMP message to determine the number of hops from the sender to the router.

7. What is footprinting?

A. Measuring the shoe size of an ethical hacker

B. Accumulation of data by gathering information on a target

C. Scanning a target network to detect operating system types

D. Mapping the physical layout of a target's network

8. Nslookup can be used to gather information regarding which of the following?

A. Host names and IP addresses

B. Whois information

C. DNS server locations

D. Name server types and operating systems

9. Which of the following is a type of social engineering?

A. Shoulder surfing

B. User identification

C. System monitoring

D. Face-to-face communication

10. Which is an example of social engineering?

A. A user who holds open the front door of an office for a potential hacker

B. Calling a help desk and convincing them to reset a password for a user account

C. Installing a hardware keylogger on a victim's system to capture passwords

D. Accessing a database with a cracked password

11. What is the best way to prevent a social-engineering attack?

A. Installing a firewall to prevent port scans

B. Configuring an IDS to detect intrusion attempts

C. Increasing the number of help-desk personnel

D. Employee training and education

12. Which of the following is the best example of reverse social engineering?

A. A hacker pretends to be a person of authority in order to get a user to give them information.

B. A help-desk employee pretends to be a person of authority.

C. A hacker tries to get a user to change their password.

D. A user changes their password.

13. Using pop-up windows to get a user to give out information is which type of social engineering attack?

A. Human-based

B. Computer-based

C. Nontechnical

D. Coercive

14. What is it called when a hacker pretends to be a valid user on the system?

A. Impersonation

B. Third-person authorization

C. Help desk

D. Valid user

15. What is the best reason to implement a security policy?

A. It increases security.

B. It makes security harder to enforce.

C. It removes the employee's responsibility to make judgments.

D. It decreases security.

16. Faking a website for the purpose of getting a user's password and username is which type of social engineering attack?

A. Human-based

B. Computer-based

C. Web-based

D. User-based

17. Dumpster diving can be considered which type of social engineering attack?

A. Human-based

B. Computer-based

C. Physical access

D. Paper-based

Answers to Review Questions

1. D. The four Internet registries are ARIN (American Registry of Internet Numbers), RIPE NCC (Europe, the Middle East, and parts of Central Asia), LACNIC (Latin American and Caribbean Internet Addresses Registry), and APNIC (Asia Pacific Network Information Centre).