Exam Prep Exploiting Wired And Wireless Networks Ch.5 Santos

CompTIA® PenTest+ Cert Guide

Chapter 5 Exploiting Wired and Wireless Networks

1) Which of these is not a NetBIOS service?

A) LLMR Service

B) NetBIOS Name Service

C) Datagram Distribution Service

D) Session Service

2) Which TCP port does SMB use?

A) 135

B) 138

C) 139

D) 445

3) For greater workgroup security, what should the name of a workgroup be?

A) WORKGROUP

B) GROUP

C) Something at least 32 characters long

D) Anything but the default name

4) Why would you monitor the registry key HKLM\Software\Policies\Microsoft\Windows NT\DNSClient for changes to the EnableMulticast DWORD value?

A) Detect SMB exploits

B) Detect LLMNR poisoning attacks

C) Detect DNS cache poisoning attacks

D) Detect SNMP exploits

5) What does DNS cache poisoning do?

A) Sends the wrong IP address to the victim

B) Makes Windows registry changes

C) Enumerates DNS services

D) Leverages insecure DNS ports to send spam

6) Which of these is a way to mitigate DNS cache poisoning attacks?

A) Disable certain ports

B) Turn off NetBIOS on clients

C) Turn off DNS services on your local network

D) Configure DNS servers not to trust other DNS servers any more than necessary

7) SMTP uses port ____ for non-encrypted communications and port ____ for encrypted.

A) 143, 993

B) 110, 995

C) 25, 587

D) 80, 465

8) What is the danger in having SMTP open relays?

A) Can be abused to send email scams

B) Can be abused to redirect web requests

C) Can poison the SMTP cache

D) Can be harnessed for DDoS attacks

9) Which protocol is often targeted for attacks because it doesn't use any encryption or perform any kind of integrity validation?

A) SFTP

B) FTP

C) FTPS

D) SSH

10) An evil twin attack involves doing what?

A) ARP cache poisoning

B) Creating a rogue AP

C) Creating a rogue DHCP server

D) Pharming

11) In which hive file does Windows store passwords as hashes?

A) SAM

B) Ntuser.dat

C) Software

D) System

12) A ______ attack occurs when the attacker obtains a user’s password hash from a compromised system and uses it to log into another system.

A) Man-in-the-middle

B) Rainbow table

C) Pass-the-hash

D) Brute force

13) Modern Windows versions use _____ as an authentication protocol.

A) Kerberos

B) NetBIOS

C) NTLM

D) DNS

14) In a Kerberos _____ attack, the attacker can manipulate Kerberos tickets based on available hashes by compromising a vulnerable system and obtaining the local user credentials and password hashes.

A) Pass-the-hash

B) Black ticket

C) Silver ticket

D) Golden ticket

15) In a _______ attack, the attacker places himself or herself in-line between two devices to eavesdrop or manipulate the data being transferred

A) Kerberos

B) Golden ticket

C) MITM

D) Silver ticket

16) A common mitigation for ARP cache poisoning is to use ____ on switches to prevent spoofing of the Layer 2 addresses.

A) NetBIOS

B) DHCP

C) ARP

D) DAI

17) BGP hijacking is what type of attack?

A) Brute force

B) Route manipulation

C) DDoS

D) Spoofing

18) Which of these is not one of the three categories of DDoS attacks?

A) Deauthentication

B) Direct

C) Reflected

D) Amplification

19) The goal of a DDoS attack is to

A) Prevent the target system from operating normally

B) Misdirect addresses

C) Encrypt files

D) Gather password hashes

20) What is the purpose of a deauthentication attack?

A) Encrypt data on a victim hard drive

B) Force wireless clients to connect to a rogue AP

C) Force wireless clients to use IPv4

D) Execute a DDoS attack on a wireless router