Unit 5 - Practice Quiz

INT245 50 Questions
0 Correct 0 Wrong 50 Left
0/50

1 Which cryptographic technique involves adding a random string of characters to a password before hashing it to defend against rainbow table attacks?

A. Salting
B. Padding
C. Stretching
D. Peppering

2 In the context of Windows password cracking, why is the LM (LAN Manager) hash considered significantly weaker than NTLM?

A. It supports passwords up to 128 characters.
B. It uses AES encryption.
C. It splits the password into two 7-character chunks.
D. It is salted by default.

3 What is the primary purpose of a 'Rainbow Table' in password cracking?

A. To encrypt passwords using a reversible algorithm.
B. To perform an online brute force attack.
C. To salt hashes automatically.
D. To offer a time-memory trade-off for faster hash lookup.

4 Which command is used in Linux to list all users currently on the system?

A. cat /etc/shadow
B. ls /home
C. net user
D. cat /etc/passwd

5 During a system hacking engagement, an attacker gains access to a machine but has limited privileges. The attacker uses a kernel vulnerability to gain root access. What is this process called?

A. Pivoting
B. Vertical Privilege Escalation
C. Lateral Movement
D. Horizontal Privilege Escalation

6 Which of the following is a specific type of attack where a hacker hides malicious code inside a legitimate file or program?

A. Polymorphism
B. Rootkit
C. Steganography
D. Wrappers/Binders

7 In the context of Reverse Engineering, what is the function of a Disassembler?

A. It executes the code step-by-step.
B. It converts machine code into assembly language.
C. It modifies the source code dynamically.
D. It converts high-level code to machine code.

8 Which hexadecimal value represents the NOP (No Operation) instruction in x86 architecture, often used in buffer overflow exploits?

A. 0x80
B. 0xFF
C. 0x90
D. 0x00

9 What is the primary characteristic of a Reverse Shell?

A. The victim machine initiates a connection back to the attacker's machine.
B. It only works over UDP.
C. The attacker connects to the victim's listening port.
D. It requires the victim to have a public IP address.

10 Which tool is commonly used to extract passwords and hashes from memory (LSASS) on a Windows system?

A. Nmap
B. Mimikatz
C. John the Ripper
D. Wireshark

11 In Linux Privilege Escalation, what does the SUID bit allow?

A. It makes the file hidden.
B. It allows the file to run automatically at startup.
C. It allows a user to execute a file with the permissions of the file owner.
D. It prevents the file from being deleted.

12 Which Windows command is used to manipulate file attributes to hide files as part of maintaining persistence?

A. hide file.txt
B. chmod +h file.txt
C. chown hidden file.txt
D. attrib +h file.txt

13 What is DLL Hijacking?

A. Replacing a legitimate DLL with a malicious one in a directory searched by the application.
B. Deleting system DLLs to cause a crash.
C. Decrypting a DLL file.
D. Injecting code into a running process.

14 Which type of rootkit operates at the same privilege level as the Operating System kernel (Ring 0)?

A. Application-level Rootkit
B. User-mode Rootkit
C. Kernel-mode Rootkit
D. Library-level Rootkit

15 Which Python library is most frequently used for network interaction and crafting custom packets in scripting exploits?

A. Pandas
B. NumPy
C. Scapy
D. Matplotlib

16 When analyzing exploit code, what is the purpose of the payload?

A. To find the vulnerability.
B. The code that runs on the target system after exploitation.
C. To crash the service.
D. To encrypt the connection.

17 What is the specific vulnerability related to 'Unquoted Service Paths' in Windows?

A. Services that cannot be stopped.
B. Services running as LocalSystem.
C. Paths containing spaces not enclosed in quotes allow execution of arbitrary executables.
D. Services running without a password.

18 Which Linux command helps identify commands a user can run as another user (often root) without a password?

A. whoami
B. sudo -l
C. cat /etc/sudoers
D. su root

19 What does the technique Steganography entail?

A. Hiding data within another file, such as an image or audio file.
B. Flooding a server with requests.
C. Cracking passwords using GPU.
D. Intercepting network traffic.

20 Which Metasploit payload executes a payload within the memory of the compromised process without writing to the disk?

A. VNC Inject
B. Bind Shell
C. Command Shell
D. Meterpreter

21 In a brute-force attack, if the password length is and the character set size is , what is the complexity of the attack?

A.
B.
C.
D.

22 Which registry key is commonly targeted for maintaining persistence on Windows so that malware runs on user login?

A. HKLM\Software\Microsoft\Windows\CurrentVersion\Run
B. HKLM\System\CurrentControlSet\Services
C. HKCU\Control Panel\Desktop
D. HKLM\SAM\SAM

23 What is NTFS Data Hiding using Alternate Data Streams (ADS)?

A. Deleting the file allocation table.
B. Encrypting the hard drive.
C. Hiding a file inside another file's metadata stream on NTFS filesystems.
D. Moving files to a hidden partition.

24 Which of the following tools is a popular open-source reverse engineering framework developed by the NSA?

A. Radare2
B. IDA Pro
C. Ghidra
D. OllyDbg

25 What is Dirty COW (CVE-2016-5195)?

A. A password cracking tool.
B. A Windows SMB exploit.
C. A Linux kernel privilege escalation vulnerability.
D. A method for SQL injection.

26 In the context of scripting for pen-testing, what is Bash primarily used for?

A. Automating tasks in Unix/Linux environments.
B. Developing web applications.
C. Reverse engineering binaries.
D. Windows kernel exploitation.

27 Which attack involves capturing the NTLM hash of a user and using it to authenticate without cracking the password?

A. Brute Force
B. Pass the Hash
C. Dictionary Attack
D. Golden Ticket

28 What is the purpose of timestomping in post-exploitation?

A. Slowing down the CPU to evade detection.
B. Modifying file timestamps (access, modify, create) to hide malicious activity.
C. Scheduling tasks for the future.
D. Crashing the system time service.

29 Which command allows you to view the currently loaded modules and their memory addresses in a Windows debugging environment like OllyDbg?

A. Executable Modules
B. CPU Registers
C. Memory Map
D. Call Stack

30 What does the command chmod 4755 filename do in Linux?

A. Sets the SUID bit on the file.
B. Hides the file.
C. Deletes the file.
D. Sets the file to read-only.

31 Which tool is primarily designed for performing online password attacks against network services (FTP, SSH, Telnet)?

A. Hydra
B. Hashcat
C. John the Ripper
D. Ophcrack

32 In a Buffer Overflow attack, the attacker attempts to overwrite the EIP register. What does EIP stand for?

A. Extended Instruction Pointer
B. Extended Internal Process
C. Extended Immediate Pointer
D. Extended Index Pointer

33 Which of the following is a method of covering tracks on a Windows system?

A. Running ipconfig.
B. Running whoami.
C. Using wevtutil cl to clear event logs.
D. Creating a new user.

34 What is the primary function of a Keylogger?

A. To log into the system automatically.
B. To record every keystroke made by the user.
C. To log network traffic.
D. To encrypt user files.

35 Which Windows feature can be exploited by pressing the SHIFT key 5 times?

A. Filter Keys
B. Mouse Keys
C. Sticky Keys
D. Toggle Keys

36 What is the purpose of Pivoting in penetration testing?

A. Rotating the screen display.
B. Switching from Linux to Windows.
C. Using a compromised system to attack other systems in the same network.
D. Changing the password frequently.

37 Which PowerShell command is used to download a file from a remote server?

A. wget
B. Download-File
C. Get-File
D. Invoke-WebRequest

38 Which component of the Metasploit Framework stores information about targets, loot, and collected data?

A. msfvenom
B. The Database (PostgreSQL)
C. msfconsole
D. Meterpreter

39 What distinguishes Static Analysis from Dynamic Analysis in malware analysis?

A. Static analysis is for Linux; dynamic analysis is for Windows.
B. Static analysis runs the code; dynamic analysis does not.
C. Static analysis examines code without execution; dynamic analysis observes code behavior during execution.
D. Static analysis uses debuggers; dynamic analysis uses disassemblers.

40 Which script allows an attacker to automate the search for privilege escalation vectors on a Linux system?

A. LinPEAS
B. BloodHound
C. WinPEAS
D. PowerView

41 What is a Logic Bomb?

A. A script that brute forces logical ports.
B. A DoS attack tool.
C. Code intentionally inserted into a software system that sets off a malicious function when specified conditions are met.
D. Malware that explodes the hardware.

42 In the context of enumerating assets, what information does SNMP (Simple Network Management Protocol) primarily provide if misconfigured (public community string)?

A. Encrypted passwords.
B. Network statistics, system information, and user accounts.
C. Firewall rules.
D. Web application source code.

43 Which type of shellcode is typically used when the target system is behind a firewall that blocks incoming connections?

A. Bind TCP
B. Loopback TCP
C. Null TCP
D. Reverse TCP

44 What is the SAM file in Windows?

A. System Admin Manager
B. Secure Access Module
C. Security Account Manager
D. System Access Method

45 Which of the following describes a Dictionary Attack?

A. Capturing the handshake and decrypting it.
B. Trying every possible combination of characters.
C. Using a rainbow table.
D. Using a pre-defined list of likely passwords.

46 When creating a persistent backdoor using Windows Scheduled Tasks, which command is used?

A. at (deprecated)
B. taskmgr
C. cron
D. schtasks

47 What is the main purpose of Ruby in the context of the Metasploit Framework?

A. It is the language used to write Metasploit modules.
B. It is used for database management.
C. It is the GUI framework.
D. It is used for network scanning only.

48 Which vulnerability allows an attacker to escalate privileges by exploiting a program that runs with higher privileges but insecurely loads libraries from the current directory?

A. SQL Injection
B. DLL Hijacking
C. Buffer Overflow
D. XSS

49 What does the Sticky Bit do on a directory in Linux?

A. It prevents users from deleting files they do not own.
B. It keeps files in memory.
C. It shares files with everyone.
D. It makes files executable.

50 Which tool allows for the creation of custom wordlists based on the content of a target website?

A. Wireshark
B. Nmap
C. Netcat
D. CeWL