Hands-On Ethical Hacking and Network Defense, 2e, 1435486099

Chapter 10 Solutions - REVIEW QUESTIONS

1. The following code is an example of what language?
c. ASP
2. Which of the following can be used to create dynamic Web pages? (Choose all that apply.)
a. ColdFusion
b. PHP
c. ASP
3. Which of the following can be used to connect a Web server to a back-end database server? (Choose all that
apply.)
a. ODBC
b. OLE
c. ADO
4. What tag is used to indicate ASP code?
<% %>
5. What’s the default Web server in Windows Vista?
d. IIS 7.0
6. Entering the URL http://www.abc.com/%55/%55/%55/%55/%55 in a Web browser is an example of what
exploit?
b. Unicode exploit
7. Entering the value ' OR 1=1 in a Web application that has an “Enter Your PIN” field is most likely an
example of which attack?
a. SQL injection
8. HTML Web pages containing connection strings are more vulnerable to attack. True or False?
True
9. The AccessFileName directive in Apache, along with a configuration file (such as .htaccess), can be used to
perform which of the following on a Web site?
c. Restrict directory access to those with authorized user credentials.
10. Which of the following is an open-source technology for creating dynamic HTML Web pages?
b. PHP
11. CGI is used in Microsoft ASP pages. True or False?
False
12. Name three Web application vulnerabilities from OWASP’s top 10 list.
Correct answers include cross-site scripting (XSS) flaws, injection flaws, malicious file execution, unsecured direct
object reference, cross-site request forgery (CSRF), information leakage and incorrect error handling, broken
authentication and session management, unsecured cryptographic storage, unsecured communication, and failure to
restrict URL access.
13. If a Web server isn’t protected, an attacker can gain access through remote administration interfaces. True or
False?
True
14. Which of the following is used to connect an ASP Web page to an Oracle database? (Choose all that apply.)
a. ADO
Hands-On Ethical Hacking and Network Defense, 2e, 1435486099

d. OLE DB
15. List an organization with online resources for learning more about Web application vulnerabilities.
Open Web Application Security Project (OWASP)
16. What tags identify ColdFusion as the scripting language?
c. the letters CF
17. What tags identify PHP as the scripting language?
c. <? ?>
18. An HTML Web page containing ASP code must be compiled before running. True or False?
False
19. Which of the following can be used to detect a new application vulnerability on a Web site?
c. Wapiti
20. IIS is used on more than twice as many Web servers as Apache Web Server. True or False?
False

Chapter 11 Solutions - REVIEW QUESTIONS

1. Which IEEE standard defines authentication and authorization in wireless networks?
d. 802.1X
2. Which EAP method requires installing digital certificates on both the server and client?
a. EAP-TLS
3. Which wireless encryption standard offers the best security?
a. WPA2
4. Name a tool that can help reduce the risk of a wardriver attacking your WLAN.
Black Alchemy Fake AP, honeypots
5. What protocol was added to 802.11i to address WEP’s encryption vulnerability?
b. TKIP
6. What IEEE standard defines wireless technology?
c. 802.11
7. What information can be gathered by wardriving? (Choose all that apply.)
a. SSIDs of wireless networks
b. Whether encryption is enabled
d. Signal strength
8. Disabling SSID broadcasts must be configured on the computer and the AP. True or False?
False
9. What TKIP enhancement addressed the WEP vulnerability of forging packets?
d. Message Integrity Check (MIC)
10. Wi-Fi Protected Access (WPA) was introduced in which IEEE 802 standard?
c. 802.11i
11. Wardriving requires expensive hardware and software. True or False?
False
Hands-On Ethical Hacking and Network Defense, 2e, 1435486099

12. What is a known weakness of wireless network SSIDs?

a. They’re broadcast in cleartext.
13. Bluetooth technology is more vulnerable to network attacks than WLANs are. True or False?
False
14. Which of the following channels is available in 802.11b for attempting to prevent overlapping? (Choose all that
apply).
a. 1
c. 6
d. 11
15. Which spread spectrum method divides bandwidth into a series of frequencies called tones?
d. Orthogonal frequency division multiplexing (OFDM)
16. An access point provides which of the following?
b. Access to the DS
17. The IEEE 802.11 standard pertains to the ___________ and ____________ layers of the OSI model.
Physical layer, MAC sublayer of the Data Link layer
18. The operating frequency range of 802.11a is 2.4 GHz. True or False?
False
19. Which of the following typically functions as the 802.1X authenticator, allowing or denying a supplicant’s
access to a WLAN?
a. AP
20. List three tools for conducting wireless security testing.
Correct answers include NetStumbler, iwScanner, Kismet, AirCrack NG, AirCrack, AirSnort, Ethereal, Tcpdump, and any
others included on the BackTrack DVD or found in an Internet search.

Chapter 12 Solutions - REVIEW QUESTIONS

1. Digital signatures are used to do which of the following?
c. Provide authentication and nonrepudiation
2. What is the standard for PKI certificates?
c. X.509
3. List the three MIT professors who developed the RSA algorithm.
Rivest, Shamir, and Adleman
4. A hash value is a fixed-length string used to verify message integrity. True or False?
True
5. OpenPGP is focused on protecting which of the following?
b. E-mail messages
6. Intruders can perform which kind of attack if they have possession of a company’s password hash file?
a. Dictionary
7. Intercepting messages destined for another computer and sending back messages while pretending to be the other
computer is an example of what type of attack?
a. Man-in-the-middle
8. A certification authority (CA) issues private keys to recipients. True or False?
Hands-On Ethical Hacking and Network Defense, 2e, 1435486099

False
9. Write the equation to calculate how many keys are needed to have 20 people communicate with symmetric keys.
n(n - 1) / 2 = number of symmetric keys, or 20(20 - 1) / 2 = 190 keys
10. Why did the NSA decide to drop support for DES?
c. The processing power of computers had increased.
11. Symmetric algorithms can be block ciphers or stream ciphers. True or False?
True
12. Which of the following describes a chosen-plaintext attack?
c. The attacker has plaintext, can choose what part of the text gets encrypted, and has access to the ciphertext.
13. Two different messages producing the same hash value results in which of the following?
c. Collision
14. Which of the following is a program for extracting Windows password hash values?
b. Fgdump
15. Advanced Encryption Standard (AES) replaced DES with which algorithm?
a. Rijndael
16. What cryptographic devices were used during World War II? (Choose all that apply.)
a. Enigma machine
c. Purple Machine
d. Bombe
17. Asymmetric cryptography systems are which of the following?
b. Slower than symmetric cryptography systems
18. Diffie-Hellman is used to encrypt e-mail messages. True or False?
False
19. Hiding data in a photograph is an example of which of the following?
a. Steganography
20. Which of the following is an asymmetric algorithm?
c. RSA

Chapter 13 Solutions - REVIEW QUESTIONS

1. Which type of routing protocol broadcasts the entire routing table when a new path is discovered?
a. Link-state routing protocol
2. A router using a distance-vector routing protocol sends only new information to other routers on the network. True
or False?
False
3. Which of the following Cisco components stores a router’s running configuration, routing tables, and buffers?
b. RAM
4. If a Cisco router’s flash memory becomes corrupted, the router can boot from which of the following components?
a. ROM
5. Which prompt is displayed if a user logs on to a Cisco router in privileged mode?
c. Router#
Hands-On Ethical Hacking and Network Defense, 2e, 1435486099

6. A standard IP access list can’t filter IP packets based on a destination address. True or False?
True
7. BASE is a Web-based tool for analyzing data from which of the following network protection systems?
d. Snort IDS
8. What’s the main purpose of a firewall? (Choose all that apply.)
a. Control traffic entering and leaving a network.
c. Protect internal network segments.
d. Prevent command-and-control data from being initiated from inside the network.
9. Firewalls are installed on a network to protect a company’s internal network from dangers on the Internet. True or
False?
True
10. Firewalls use which of the following to hide the internal network topology from outside users?
d. NAT
11. A stateful packet inspection firewall keeps track of network connections by using which of the following?
a. A state table
12. A firewall that blocks a Telnet session from leaving the network over TCP port 443 uses which of the following?
d. Application layer inspection
13. Web filters can prevent which type of malicious activity?
a. Drive-by download
14. A DMZ is also referred to as which of the following?
a. Perimeter network
15. A Cisco security appliance can include all the following functions except:
d. A honeypot
16. Where can you find information on creating a security incident response team?
b. www.cert.org
17. Which type of IDS can send an access list to a router or firewall when an intrusion is detected on a network?
a. Active system
18. A honeypot might be used in a network for which of the following reasons? (Choose all that apply.)
a. Lure or entrap hackers so that law enforcement can be informed.
b. Gather information on new attacks and threats.
c. Distract hackers from attacking legitimate network resources.
19. A benchmark is an industry consensus of best practices for writing access lists. True or False?
False
20. Anomaly detectors use a database of known attack signatures to function. True or False?
False