• 1. 
    Metasploit is an exploitation tool that has multiple user interfaces. Which of the options below is a valid user interfaces for Metasploit?

  • armitage
  • msfconsole
  • crowdstrike
  • Both A & B
  • 2. 
    Injecting a malicious script into a website which will later be executed in a victim’s web browser is called what?

  • Cross site scripting
  • Malware injection
  • Command Injection
  • Java scripting
  • 3. 
    The ability to find all web pages, directories and other files that make up a web application is provided by a:

  • Response analysis tool
  • Spider
  • Proxy
  • None of these answers are correct
  • 4. 
    Your company works in the medical industry and sales people have access to confidential medical records located in spreadsheets on their laptops. What is the most important strategy to limit your company risk from a laptop getting (physically) stolen?

  • Make sure that all laptop accounts as setup as active directory domain accounts with strong passwords.
  • Use full disk encryption with strong passwords on all laptops.
  • Create a group policy that requires .xlsx files to be password protected in Excel.
  • Ensure that all laptops have up to date anti-virus scanners
  • Install tracking software like LoJack on all company laptops.
  • 5. 
    When developing SQL injection attacks, the final resulting statement must what?

  • It must end with a SQL comment ( -- )
  • It must be balanced and true
  • It must meet the ISO SQL:2008 standard
  • It must start with a single quote
  • 6. 
    What is the term for technology that restricts access to networks or services based upon the user's geographical location? (e.g. 'Only people located in Canada are allowed to connect to our VPN')

  • Geoblocking
  • TTL: Topographic Traffic Limiting
  • Domain Filtering
  • TLD Filtering
  • 7. 
    Ultimately, injection attacks are caused by what?

  • Unpatched versions of applications and operating systems
  • Operating systems not restricting memory from one process to another
  • Development languages using immutable strings
  • Developers not sanitizing application input
  • 8. 
    A tool that examines responses from web-servers and web sites in order to ‘fingerprint’ them for an analysis of what software and versions they are (and sometimes, to list vulnerabilities) is called what?

  • Response analysis tool
  • Spider
  • Proxy
  • None of these answers are correct
  • 9. 
    Which of the following tasks can be performed with the tool NTDS Audit?

  • Show the last login date/time of each administrative user
  • Show the last login date/time of each non-administrative user.
  • Identify the number of accounts with non-expiring passwords
  • Give information about domain controllers that have weak network encryption
  • 10. 
    True or False: When configuring secure password policies, it is important to set a minimum password age. (e.g. 1 day)

  • True
  • False
  • 11. 
    Ultimately, who should be responsible for security in an organization?

  • An IT staff member.
  • A non-IT staff member.
  • A person with the authority to set policy and affect change through the organization.
  • All of these answers are correct.
  • 12. 
    Which database would you typically start before running Metasploit?

  • MariaDB
  • MySQL
  • Postgresql
  • 13. 
    The ability to intercept and change requests as they leave a web browser is provided by a:

  • Response analysis tool
  • Spider
  • Proxy
  • None of these answers are correct
  • 14. 
    What is one mistake network administrators often make from a security perspective? (choose the best answer per the lecture)

  • Enforcing password security on users who do not require it.
  • Forgetting passwords on systems since they have too many passwords.
  • Not writing passwords down in a safe place, such as a sticky note on your workstation.
  • Using domain admin privileged accounts for day-to-day non-admin use.
  • 15. 
    Which of the following statements is true about Metasploit?

  • Metasploit has support for passive, as well as active, exploits
  • Broadly speaking, there are 6 types of network connections that Metasploit shells use
  • Metasploit auxiliary modules are specifically used to exploit alternative operating systems such as OpenVMS, Android, and OSX
  • Metasploit was invented by Horst Feistel, who was working for IBM at the time
Report Question