5.3.3 Quiz – Exploiting Wired and Wireless Networks Answers
1. Which NetBIOS service is used for connection-oriented communication?
2. Match the port type and number with the respective NetBIOS protocol service.
3. What two features are present on DNS servers using BIND 9.5.0 and higher that help mitigate DNS cache poisoning attacks? (Choose two.)
- randomization of ports
- provision of cryptographically secure DNS transaction identifiers
- exclusion of any trust relationships between DNS servers
- secure DNS data authentication
- prevention of any recursive DNS queries
4. What UDP port number is used by SNMP protocol?
5. Which is a characteristic of a DNS poisoning attack?
- The DNS server forward lookup zone is cleared.
- The DNS server reverse lookup zone is cleared.
- The DNS resolver cache is manipulated.
- The DNS server IP address is changed.
6. Which Kali Linux tool or script can gather information on devices configured for SNMP?
7. Match the SMTP command with the respective description.
8. Which two best practices would help mitigate FTP server abuse and attacks? (Choose two.)
- limit anonymous logins to a select group of people
- edit the hosts file to limit the number of authorized DNS servers
- use encryption at rest
- consolidate all back-end databases on the FTP server
- require re-authentication of inactive sessions
9. Which is a characteristic of the pass-the-hash attack?
- capture of a password hash (as opposed to the password characters) and using the same hashed value for authentication and lateral access to other networked systems
- reverse engineering of the captured hash password and using the unencrypted password for authentication and lateral access to other networked systems
- compromise of a SAM file and extraction of the password characters to use for authentication and lateral access to other networked systems
- capture of the Windows password before the Kerberos hashing function and use of the unencrypted password for authentication and lateral access to other networked systems
10. What is a Kerberoasting attack?
- It is an attempt to steal the hash value of a user credential and use it to create a new user session on the same network.
- It attempts to manipulate Kerberos tickets based on available hashes by compromising a vulnerable system and obtaining the local user credentials and password hashes.
- It is a post-exploitation attempt that is used to extract service account credential hashes from Active Directory for offline cracking.
- It attempts to manipulate data being transferred by performing data corruption or modification.
11. Match the attack type with the respective description.
12. Match the attack type with the respective description.
13. Which tool can be used to perform a Disassociation attack?
14. Which is a characteristic of a Bluesnarfing attack?
- An attack that is launched using common social engineering attacks, such as phishing attacks, can be performed by impersonating a wireless AP or a captive portal to convince a user to enter the user credentials.
- An attack that can be performed using Bluetooth with vulnerable devices in range. It is commonly performed as spam over Bluetooth connections using the OBEX protocol.
- An attack that can be performed using Bluetooth with vulnerable devices in range. This attack actually steals information from the device of the victim.
- An attack involves modifying BLE messages between systems that would lead them to believe that they are communicating with legitimate systems.
15. Which Wi-Fi protocol is most vulnerable to a brute-force attack during a Wi-Fi network deployment?
16. What does the MFP feature in the 802.11w standard do to protect against wireless attacks?
- It uses a PNL to maintain a list of trusted or preferred wireless networks.
- It uses a captive portal for all wireless associations.
- It inserts the 802.1q tag to protect the wireless frame.
- It helps defend against deauthentication attacks.
17. What is a DNS resolver cache on a Windows system?
- It is a database of all WINS records.
- It is a static database entry of all forward and reverse lookup zones.
- It is a temporary database that contains records of all the recent visits and attempted visits to websites and other internet domains.
- It is a collective database of all Domain Name Service records of static and cached entries.
18. Match the TCP port number with the respective email protocol that uses it.
19. Which is the default TCP port used in SMTP for non-encrypted communications?
20. What is a characteristic of a Kerberos silver ticket attack?
- It uses forged service tickets for a given service on a particular server.
- It mimics the authentication hash on a particular server.
- It acts as the LDAP directory for authentication on a target server.
- It coverts the hashed value to the unencrypted value for an authentication attack on a particular server.
21. Which attack is a post-exploitation activity that an attacker uses to extract service account credential hashes from Active Directory for offline cracking?
- On-Path attack
- MAC spoofing
22. Which four items are needed by an attacker to create a silver ticket for a Kerberos silver ticket attack? (Choose four.)
- hash value
- system account
- target service
- DNS forward lookup zone
- DNS resolver cache
- DNS reverse lookup zone
23. Which kind of attack is an IP spoofing attack?
24. What is a common mitigation practice for ARP cache poisoning attacks on switches to prevent spoofing of Layer 2 addresses?
- DHCP snooping
- BIND 9.5
25. An attacker is launching a reflected DDoS attack in which the response traffic is made up of packets that are much larger than those that the attacker initially sent. Which type of attack is this?
- DNS cache poisoning