Unit 5 - Practice Quiz

INT245 50 Questions
0 Correct 0 Wrong 50 Left
0/50

1 Which cryptographic technique involves adding a random string of characters to a password before hashing it to defend against rainbow table attacks?

A. Stretching
B. Salting
C. Peppering
D. Padding

2 In the context of Windows password cracking, why is the LM (LAN Manager) hash considered significantly weaker than NTLM?

A. It uses AES encryption.
B. It is salted by default.
C. It supports passwords up to 128 characters.
D. It splits the password into two 7-character chunks.

3 What is the primary purpose of a 'Rainbow Table' in password cracking?

A. To salt hashes automatically.
B. To perform an online brute force attack.
C. To offer a time-memory trade-off for faster hash lookup.
D. To encrypt passwords using a reversible algorithm.

4 Which command is used in Linux to list all users currently on the system?

A. net user
B. cat /etc/shadow
C. cat /etc/passwd
D. ls /home

5 During a system hacking engagement, an attacker gains access to a machine but has limited privileges. The attacker uses a kernel vulnerability to gain root access. What is this process called?

A. Pivoting
B. Vertical Privilege Escalation
C. Lateral Movement
D. Horizontal Privilege Escalation

6 Which of the following is a specific type of attack where a hacker hides malicious code inside a legitimate file or program?

A. Wrappers/Binders
B. Polymorphism
C. Steganography
D. Rootkit

7 In the context of Reverse Engineering, what is the function of a Disassembler?

A. It converts high-level code to machine code.
B. It executes the code step-by-step.
C. It modifies the source code dynamically.
D. It converts machine code into assembly language.

8 Which hexadecimal value represents the NOP (No Operation) instruction in x86 architecture, often used in buffer overflow exploits?

A. 0x00
B. 0xFF
C. 0x90
D. 0x80

9 What is the primary characteristic of a Reverse Shell?

A. The victim machine initiates a connection back to the attacker's machine.
B. It only works over UDP.
C. It requires the victim to have a public IP address.
D. The attacker connects to the victim's listening port.

10 Which tool is commonly used to extract passwords and hashes from memory (LSASS) on a Windows system?

A. John the Ripper
B. Wireshark
C. Mimikatz
D. Nmap

11 In Linux Privilege Escalation, what does the SUID bit allow?

A. It allows the file to run automatically at startup.
B. It makes the file hidden.
C. It prevents the file from being deleted.
D. It allows a user to execute a file with the permissions of the file owner.

12 Which Windows command is used to manipulate file attributes to hide files as part of maintaining persistence?

A. hide file.txt
B. attrib +h file.txt
C. chmod +h file.txt
D. chown hidden file.txt

13 What is DLL Hijacking?

A. Replacing a legitimate DLL with a malicious one in a directory searched by the application.
B. Injecting code into a running process.
C. Decrypting a DLL file.
D. Deleting system DLLs to cause a crash.

14 Which type of rootkit operates at the same privilege level as the Operating System kernel (Ring 0)?

A. Kernel-mode Rootkit
B. Application-level Rootkit
C. Library-level Rootkit
D. User-mode Rootkit

15 Which Python library is most frequently used for network interaction and crafting custom packets in scripting exploits?

A. Scapy
B. Pandas
C. Matplotlib
D. NumPy

16 When analyzing exploit code, what is the purpose of the payload?

A. To encrypt the connection.
B. To crash the service.
C. To find the vulnerability.
D. The code that runs on the target system after exploitation.

17 What is the specific vulnerability related to 'Unquoted Service Paths' in Windows?

A. Paths containing spaces not enclosed in quotes allow execution of arbitrary executables.
B. Services that cannot be stopped.
C. Services running without a password.
D. Services running as LocalSystem.

18 Which Linux command helps identify commands a user can run as another user (often root) without a password?

A. whoami
B. sudo -l
C. su root
D. cat /etc/sudoers

19 What does the technique Steganography entail?

A. Hiding data within another file, such as an image or audio file.
B. Flooding a server with requests.
C. Intercepting network traffic.
D. Cracking passwords using GPU.

20 Which Metasploit payload executes a payload within the memory of the compromised process without writing to the disk?

A. Meterpreter
B. Command Shell
C. VNC Inject
D. Bind Shell

21 In a brute-force attack, if the password length is and the character set size is , what is the complexity of the attack?

A.
B.
C.
D.

22 Which registry key is commonly targeted for maintaining persistence on Windows so that malware runs on user login?

A. HKCU\Control Panel\Desktop
B. HKLM\SAM\SAM
C. HKLM\Software\Microsoft\Windows\CurrentVersion\Run
D. HKLM\System\CurrentControlSet\Services

23 What is NTFS Data Hiding using Alternate Data Streams (ADS)?

A. Hiding a file inside another file's metadata stream on NTFS filesystems.
B. Deleting the file allocation table.
C. Encrypting the hard drive.
D. Moving files to a hidden partition.

24 Which of the following tools is a popular open-source reverse engineering framework developed by the NSA?

A. IDA Pro
B. Ghidra
C. Radare2
D. OllyDbg

25 What is Dirty COW (CVE-2016-5195)?

A. A Windows SMB exploit.
B. A Linux kernel privilege escalation vulnerability.
C. A password cracking tool.
D. A method for SQL injection.

26 In the context of scripting for pen-testing, what is Bash primarily used for?

A. Reverse engineering binaries.
B. Windows kernel exploitation.
C. Automating tasks in Unix/Linux environments.
D. Developing web applications.

27 Which attack involves capturing the NTLM hash of a user and using it to authenticate without cracking the password?

A. Dictionary Attack
B. Pass the Hash
C. Golden Ticket
D. Brute Force

28 What is the purpose of timestomping in post-exploitation?

A. Crashing the system time service.
B. Modifying file timestamps (access, modify, create) to hide malicious activity.
C. Scheduling tasks for the future.
D. Slowing down the CPU to evade detection.

29 Which command allows you to view the currently loaded modules and their memory addresses in a Windows debugging environment like OllyDbg?

A. CPU Registers
B. Call Stack
C. Memory Map
D. Executable Modules

30 What does the command chmod 4755 filename do in Linux?

A. Deletes the file.
B. Sets the file to read-only.
C. Sets the SUID bit on the file.
D. Hides the file.

31 Which tool is primarily designed for performing online password attacks against network services (FTP, SSH, Telnet)?

A. John the Ripper
B. Hashcat
C. Ophcrack
D. Hydra

32 In a Buffer Overflow attack, the attacker attempts to overwrite the EIP register. What does EIP stand for?

A. Extended Internal Process
B. Extended Instruction Pointer
C. Extended Immediate Pointer
D. Extended Index Pointer

33 Which of the following is a method of covering tracks on a Windows system?

A. Using wevtutil cl to clear event logs.
B. Running ipconfig.
C. Running whoami.
D. Creating a new user.

34 What is the primary function of a Keylogger?

A. To record every keystroke made by the user.
B. To encrypt user files.
C. To log network traffic.
D. To log into the system automatically.

35 Which Windows feature can be exploited by pressing the SHIFT key 5 times?

A. Mouse Keys
B. Toggle Keys
C. Sticky Keys
D. Filter Keys

36 What is the purpose of Pivoting in penetration testing?

A. Rotating the screen display.
B. Changing the password frequently.
C. Switching from Linux to Windows.
D. Using a compromised system to attack other systems in the same network.

37 Which PowerShell command is used to download a file from a remote server?

A. wget
B. Get-File
C. Download-File
D. Invoke-WebRequest

38 Which component of the Metasploit Framework stores information about targets, loot, and collected data?

A. msfconsole
B. msfvenom
C. The Database (PostgreSQL)
D. Meterpreter

39 What distinguishes Static Analysis from Dynamic Analysis in malware analysis?

A. Static analysis is for Linux; dynamic analysis is for Windows.
B. Static analysis runs the code; dynamic analysis does not.
C. Static analysis uses debuggers; dynamic analysis uses disassemblers.
D. Static analysis examines code without execution; dynamic analysis observes code behavior during execution.

40 Which script allows an attacker to automate the search for privilege escalation vectors on a Linux system?

A. BloodHound
B. WinPEAS
C. PowerView
D. LinPEAS

41 What is a Logic Bomb?

A. A script that brute forces logical ports.
B. Malware that explodes the hardware.
C. Code intentionally inserted into a software system that sets off a malicious function when specified conditions are met.
D. A DoS attack tool.

42 In the context of enumerating assets, what information does SNMP (Simple Network Management Protocol) primarily provide if misconfigured (public community string)?

A. Web application source code.
B. Firewall rules.
C. Network statistics, system information, and user accounts.
D. Encrypted passwords.

43 Which type of shellcode is typically used when the target system is behind a firewall that blocks incoming connections?

A. Loopback TCP
B. Null TCP
C. Reverse TCP
D. Bind TCP

44 What is the SAM file in Windows?

A. Secure Access Module
B. Security Account Manager
C. System Admin Manager
D. System Access Method

45 Which of the following describes a Dictionary Attack?

A. Capturing the handshake and decrypting it.
B. Using a pre-defined list of likely passwords.
C. Using a rainbow table.
D. Trying every possible combination of characters.

46 When creating a persistent backdoor using Windows Scheduled Tasks, which command is used?

A. schtasks
B. taskmgr
C. at (deprecated)
D. cron

47 What is the main purpose of Ruby in the context of the Metasploit Framework?

A. It is used for network scanning only.
B. It is used for database management.
C. It is the GUI framework.
D. It is the language used to write Metasploit modules.

48 Which vulnerability allows an attacker to escalate privileges by exploiting a program that runs with higher privileges but insecurely loads libraries from the current directory?

A. Buffer Overflow
B. SQL Injection
C. DLL Hijacking
D. XSS

49 What does the Sticky Bit do on a directory in Linux?

A. It shares files with everyone.
B. It prevents users from deleting files they do not own.
C. It makes files executable.
D. It keeps files in memory.

50 Which tool allows for the creation of custom wordlists based on the content of a target website?

A. CeWL
B. Netcat
C. Wireshark
D. Nmap