Question 1

____ is a tool that is used to gather IP and domain information.&#10;A)Whois&#10;B)Netcat&#10;C)Metis&#10;D)Dig

Accepted Answer

Whois is specifically designed for gathering information related to IP addresses and domain names, such as who owns them and their contact information. Netcat, Metis, and Dig are network tools with different functions.

Question 2

____ enable you to see all the host computers on a network. In other words, they give you an organization's network diagram.&#10;A)Web bugs&#10;B)Footprints&#10;C)Zone transfers&#10;D)Namedroppers

Accepted Answer

Zone transfers are a method of replicating DNS databases across DNS servers. This process allows for the transfer of all resource record sets for a specified zone from one DNS server to another. As a result, someone performing a zone transfer can see all the host computers on a network, effectively providing them with an organization's network diagram. Web bugs, footprints, and namedroppers are unrelated to network diagrams or DNS.

Question 3

The HTTP ____ allows data to be sent to a Web server.&#10;A)GET&#10;B)PUT&#10;C)POST&#10;D)HEAD

Accepted Answer

The HTTP POST method is used to submit an entity to the specified resource. It is used to send data to a server to create/update a resource.

Question 4

Namedroppers is a tool that can be used to capture Web server information and possible vulnerabilities in a Web site's pages that could allow exploits such as SQL injection and buffer overflows.

Accepted Answer

Namedroppers is a tool used for DNS enumeration, not for capturing web server information or identifying vulnerabilities like SQL injection and buffer overflows.

Question 5

The HTTP ____ method is the same as the GET method, but retrieves only the header information of an HTML document, not the document body.&#10;A)CONNECT&#10;B)PUT&#10;C)POST&#10;D)HEAD

Accepted Answer

The HEAD method is used to retrieve only the header information of an HTML document, not the document body. This can be useful when you just need to know information about the document, such as its content type, without actually downloading the whole document.

Question 6

To see additional parameters that can be used with the ____ command, you can type nc -h at the command prompt.&#10;A)Nslookup&#10;B)Namedroppers&#10;C)Netcat&#10;D)Whois

Accepted Answer

The command mentioned in the question is "nc" which refers to Netcat. Therefore, the correct answer is option C. The "-h" parameter when used with the "nc" command displays all the available options and parameters that can be used with the command.

Question 7

The HTTP ____ method retrieves data by URI.&#10;A)GET&#10;B)PUT&#10;C)POST&#10;D)HEAD

Accepted Answer

The GET method retrieves data by URI. It is commonly used to request a specific resource or retrieve a representation of a resource. PUT is used to update an existing resource, POST is used to submit an entity to a specified resource, and HEAD is used to retrieve the header information for a resource.

Question 8

____ is a tool that is used to gather competitive intelligence from Web sites.&#10;A)Whois&#10;B)Netcat&#10;C)Metis&#10;D)Dig

Accepted Answer

Metis is a web scraping tool that can be used to gather competitive intelligence from websites. It allows users to extract data such as pricing, product information, and customer reviews from competitor websites, which can be used to gain insights and develop strategies. The other options listed are not typically used for gathering competitive intelligence in this manner. Whois is primarily used to look up information about domain names and their owners, Dig is a tool for querying DNS servers, and Netcat is a network connection utility.

Question 9

Network attacks often begin by gathering information from a company's Web site.

Accepted Answer

Network attackers often start by researching a target company's Web site to gather information such as system vulnerabilities, employee names, and contact information. This information can be used to launch more targeted and effective attacks.

Question 10

The HTTP ____ method requests that the entity be stored under the Request-URI.&#10;A)GET&#10;B)PUT&#10;C)POST&#10;D)HEAD

Accepted Answer

The PUT method requests that the entity be stored under the Request-URI. This method is often used to update an existing resource or to create a new resource if it doesn't already exist.

Question 11

____ is a tool that is used to perform DNS zone transfers.&#10;A)Whois&#10;B)Netcat&#10;C)Metis&#10;D)Dig

Accepted Answer

The answer of ____ is a tool that is used...

Question 12

To limit the amount of information a company makes public, you should have a good understanding of what a competitor would do to discover confidential information.

Accepted Answer

The answer of To limit the amount of information a...

Question 13

A(n) ____ is a 1-pixel x 1-pixel image file referenced in an <img> tag, and it usually works with a cookie.&#10;A)image bug&#10;B)zone transfer&#10;C)Bugnosis detector&#10;D)Web bug

Accepted Answer

The answer of A(n) ____ is a 1-pixel x 1-pixel...

Question 14

Some cookies can cause security issues because unscrupulous people might store personal information in cookies that can be used to attack a computer or server.

Accepted Answer

The answer of Some cookies can cause security issues because...

Question 15

____ is the most basic HTTP method.&#10;A)GET&#10;B)PUT&#10;C)CONNECT&#10;D)HEAD

Accepted Answer

The answer of ____ is the most basic HTTP method.&#10;A)GET&#10;B)PUT&#10;C)CONNECT&#10;D)HEAD...

Question 16

The ____ tool can generate a report that can show an attacker how a Web site is structured and lists Web pages that can be investigated for further information.&#10;A)Netcat&#10;B)Paros&#10;C)Dig&#10;D)Whois

Accepted Answer

The answer of The ____ tool can generate a report...

Question 17

____ is a Web tool used to gather IP and domain information. It is available for both UNIX and Window OSs.&#10;A)Samba&#10;B)Bugnosis&#10;C)SamSpade&#10;D)FOCA

Accepted Answer

The answer of ____ is a Web tool used to...

Question 18

____ is a tool that is used to read and write data to ports over a network.&#10;A)Whois&#10;B)Netcat&#10;C)Metis&#10;D)Dig

Accepted Answer

The answer of ____ is a tool that is used...

Question 19

The HTTP CONNECT method starts a remote application-layer loopback of the request message.

Accepted Answer

The answer of The HTTP CONNECT method starts a remote...

Question 20

Wget is a tool that can be used to retrieve HTTP, HTTPS, and FTP files over the Internet.

Accepted Answer

The answer of Wget is a tool that can be...

Question 21

With commands such as ____, you can perform zone transfers of all DNS records.&#10;A)Dig&#10;B)Whois&#10;C)DNS&#10;D)Netcat

Accepted Answer

The answer of With commands such as ____, you can...

Question 22

____ means using a knowledge of human nature to get information from people.&#10;A)Fingerprinting&#10;B)Footprinting&#10;C)Zone transferring&#10;D)Social engineering

Accepted Answer

The answer of ____ means using a knowledge of human...

Question 23

MATCHING&#10;Match each term with the correct statement below.&#10;a.HTTP 400 Bad Request&#10;f.HTTP 500 Internal Server Error&#10;b.HTTP 403 Forbidden&#10;g.HTTP 502 Bad Gateway&#10;c.HTTP 404 Not Found&#10;h.HTTP 503 Service Unavailable&#10;d.HTTP 405 Method Not Allowed&#10;i.HTTP 504 Gateway Timeout&#10;e.HTTP 408 Request Timeout&#10;Unable to match request

Accepted Answer

The answer of MATCHING&#10;Match each term with the correct statement...

Question 24

The HTTP ____________________ method is used with a proxy that can dynamically switch to a tunnel connection, such as Secure Socket Layer (SSL).

Accepted Answer

The answer of The HTTP ____________________ method is used with...

Question 25

____ can be used to read PINs entered at ATMs or to detect long-distance authorization codes that callers dial.&#10;A)Shoulder surfing&#10;B)Footprinting&#10;C)Zone transferring&#10;D)Social engineering

Accepted Answer

The answer of ____ can be used to read PINs...

Question 26

____ is trailing closely behind an employee who has access to an area without the person realizing that you didn't use a PIN or a security badge to enter the area.&#10;A)Shoulder surfing&#10;B)Footprinting&#10;C)Piggybacking&#10;D)Dumpster diving

Accepted Answer

The answer of ____ is trailing closely behind an employee...

Question 27

____ can be used to gather information useful for computer criminals, like company phone directories, financial reports, interoffice memos, resumes of employees, etc.&#10;A)Shoulder surfing&#10;B)Footprinting&#10;C)Piggybacking&#10;D)Dumpster diving

Accepted Answer

The answer of ____ can be used to gather information...

Question 28

MATCHING&#10;Match each term with the correct statement below.&#10;a.HTTP 400 Bad Request&#10;f.HTTP 500 Internal Server Error&#10;b.HTTP 403 Forbidden&#10;g.HTTP 502 Bad Gateway&#10;c.HTTP 404 Not Found&#10;h.HTTP 503 Service Unavailable&#10;d.HTTP 405 Method Not Allowed&#10;i.HTTP 504 Gateway Timeout&#10;e.HTTP 408 Request Timeout&#10;Request not made by client in allotted time

Accepted Answer

The answer of MATCHING&#10;Match each term with the correct statement...

Question 29

MATCHING&#10;Match each term with the correct statement below.&#10;a.HTTP 400 Bad Request&#10;f.HTTP 500 Internal Server Error&#10;b.HTTP 403 Forbidden&#10;g.HTTP 502 Bad Gateway&#10;c.HTTP 404 Not Found&#10;h.HTTP 503 Service Unavailable&#10;d.HTTP 405 Method Not Allowed&#10;i.HTTP 504 Gateway Timeout&#10;e.HTTP 408 Request Timeout&#10;Server is unavailable due to maintenance or overload

Accepted Answer

The answer of MATCHING&#10;Match each term with the correct statement...

Question 30

The ____________________ utility gives you information on a company's IP addresses and any other domains the company might be part of.

Accepted Answer

The answer of The ____________________ utility gives you information on...

Question 31

A(n) ____________________ is a text file generated by a Web server and stored on a user's browser.

Accepted Answer

The answer of A(n) ____________________ is a text file generated...

Question 32

MATCHING&#10;Match each term with the correct statement below.&#10;a.HTTP 400 Bad Request&#10;f.HTTP 500 Internal Server Error&#10;b.HTTP 403 Forbidden&#10;g.HTTP 502 Bad Gateway&#10;c.HTTP 404 Not Found&#10;h.HTTP 503 Service Unavailable&#10;d.HTTP 405 Method Not Allowed&#10;i.HTTP 504 Gateway Timeout&#10;e.HTTP 408 Request Timeout&#10;Request not understood by server

Accepted Answer

The answer of MATCHING&#10;Match each term with the correct statement...

Question 33

To help prevent ____ attacks, you must educate your users not to type logon names and passwords when someone is standing directly behind them-or even standing nearby.&#10;A)shoulder-surfing&#10;B)footprinting&#10;C)piggybacking&#10;D)social engineering

Accepted Answer

The answer of To help prevent ____ attacks, you must...

Question 34

MATCHING&#10;Match each term with the correct statement below.&#10;a.HTTP 400 Bad Request&#10;f.HTTP 500 Internal Server Error&#10;b.HTTP 403 Forbidden&#10;g.HTTP 502 Bad Gateway&#10;c.HTTP 404 Not Found&#10;h.HTTP 503 Service Unavailable&#10;d.HTTP 405 Method Not Allowed&#10;i.HTTP 504 Gateway Timeout&#10;e.HTTP 408 Request Timeout&#10;Server received invalid response from upstream server

Accepted Answer

The answer of MATCHING&#10;Match each term with the correct statement...

Question 35

MATCHING&#10;Match each term with the correct statement below.&#10;a.HTTP 400 Bad Request&#10;f.HTTP 500 Internal Server Error&#10;b.HTTP 403 Forbidden&#10;g.HTTP 502 Bad Gateway&#10;c.HTTP 404 Not Found&#10;h.HTTP 503 Service Unavailable&#10;d.HTTP 405 Method Not Allowed&#10;i.HTTP 504 Gateway Timeout&#10;e.HTTP 408 Request Timeout&#10;Request not allowed for the resource

Accepted Answer

The answer of MATCHING&#10;Match each term with the correct statement...

Question 36

MATCHING&#10;Match each term with the correct statement below.&#10;a.HTTP 400 Bad Request&#10;f.HTTP 500 Internal Server Error&#10;b.HTTP 403 Forbidden&#10;g.HTTP 502 Bad Gateway&#10;c.HTTP 404 Not Found&#10;h.HTTP 503 Service Unavailable&#10;d.HTTP 405 Method Not Allowed&#10;i.HTTP 504 Gateway Timeout&#10;e.HTTP 408 Request Timeout&#10;Server understands request but refuses to comply

Accepted Answer

The answer of MATCHING&#10;Match each term with the correct statement...

Question 37

MATCHING&#10;Match each term with the correct statement below.&#10;a.HTTP 400 Bad Request&#10;f.HTTP 500 Internal Server Error&#10;b.HTTP 403 Forbidden&#10;g.HTTP 502 Bad Gateway&#10;c.HTTP 404 Not Found&#10;h.HTTP 503 Service Unavailable&#10;d.HTTP 405 Method Not Allowed&#10;i.HTTP 504 Gateway Timeout&#10;e.HTTP 408 Request Timeout&#10;Request could not be fulfilled by server

Accepted Answer

The answer of MATCHING&#10;Match each term with the correct statement...

Question 38

A(n) ____________________ is a person skilled at reading what users enter on their keyboards, especially logon names and passwords.

Accepted Answer

The answer of A(n) ____________________ is a person skilled at...

Question 39

MATCHING&#10;Match each term with the correct statement below.&#10;a.HTTP 400 Bad Request&#10;f.HTTP 500 Internal Server Error&#10;b.HTTP 403 Forbidden&#10;g.HTTP 502 Bad Gateway&#10;c.HTTP 404 Not Found&#10;h.HTTP 503 Service Unavailable&#10;d.HTTP 405 Method Not Allowed&#10;i.HTTP 504 Gateway Timeout&#10;e.HTTP 408 Request Timeout&#10;Server did not receive a timely response

Accepted Answer

The answer of MATCHING&#10;Match each term with the correct statement...

Question 40

In computer jargon, the process of finding information on a company's network is called ____________________.

Accepted Answer

The answer of In computer jargon, the process of finding...

Question 41

What is &#34;competitive intelligence&#34;?

Accepted Answer

The answer of What is &#34;competitive intelligence&#34;?...

Question 42

Why is ATM shoulder surfing much easier than computer shoulder surfing?

Accepted Answer

The answer of Why is ATM shoulder surfing much easier...

Question 43

List at least five tools available for footprinting.

Accepted Answer

The answer of List at least five tools available for...

Question 44

List the five techniques used by social engineers in their attempts to gain information from unsuspecting people.

Accepted Answer

The answer of List the five techniques used by social...

Question 45

How can DNS be used for footprinting?

Accepted Answer

The answer of How can DNS be used for footprinting?...

Question 46

What is the purpose of a Web bug? How do they relate to or differ from spyware?

Accepted Answer

The answer of What is the purpose of a Web...

Question 47

As a security tester, should you use social-engineering tactics?

Accepted Answer

The answer of As a security tester, should you use...

Question 48

Elaborate on the following statement: &#34;The most difficult job of a security professional is preventing social engineers from getting crucial information from company employees.&#34;

Accepted Answer

The answer of Elaborate on the following statement: &#34;The most...

Question 49

How can computer criminals use the Whois utility for their purposes?

Accepted Answer

The answer of How can computer criminals use the Whois...

Question 50

How can a computer criminal use HTTP methods before running an exploit on a server?

Accepted Answer

The answer of How can a computer criminal use HTTP...

Question 51

What type of information is usually gathered by social engineering?

Accepted Answer

The answer of What type of information is usually gathered...

Deck 4: Footprinting and Social Engineering