GCIH - Book 2 Test Questions And Answers Verified 100% Correct

GCIH - Book 2 Test Questions And Answers Verified 100% Correct Bishop Fox's SEarchDiggity - ANSWER a fantastic suite that includes Google Diggity, Bing Diggity, and other websearch capabilities discussed in book 2 DLP Digity - ANSWER A tool that can check data leakage from an environment. A module can decompile flash objects to see if any sensitive data (such as passwords) exists in the action script Recon-ng - ANSWER Ties together numerous different recon sources into one framework. Currently more than 60 different recon modules supported. Most modules are free, though some require a third-party access API key Some modules can tell if any target org has been compromised via third-party sites ( and Uses web interface from many services and web search engines Maltego - ANSWER An intelligence gathering tool that searches through various public information sources. gathers information about relationships between people, social networks, companies, websites, domains, IP addresses, etc and applies the concepts of transforms, which converts one piece of information (domain name) into another (such as IPs) Shodan - ANSWER an online service which crawls the Internet in much the same way Google crawls webpages. Shodan indexes service banners War Dialer - ANSWER dial a sequence of telephone numbers attempting to locate modern carriers or a secondary dial tone. Useful for attacking out of band communications, though is often used to attack voice mail systems Demon Dialers - ANSWER dial a single number to conduct a brute-force attack against passwords WarVOX - ANSWER released by HD Moore. A tool that focuses on conducting war dialing assessments of target telephone number ranges. Relies on VoIP communications and doesn't require a telephone line or modem, only wifi. SSID cloaking - ANSWER Removing an SSID from transmitted beacon frames, still present in other frame types NetStumbler - ANSWER A free war-driving tool for Windows that can be used to detect 802.11a/b/g interfaces and can tie in Global Positioning System (GPS) data. InSSIDER - ANSWER A free war-driving tool for Windows, which functions properly on Windows 7 through 10. It can detect 802.11 a/b/g/n and provide interesting visualization options for signal strength and channel usage. Kismet - ANSWER Wireless access point sniffer that has the capability to passively sniff the wireless network. It can discover access points without ever sending a beacon message. Tcpdump and Wire Shark - ANSWER Examples of traditional wireless sniffers Omnipeek - ANSWER A wireless-specific sniffer for better analysis of wireless frame data Aircrack-ng - ANSWER A sniffing tool capable of cracking WEP and WPA keys ASLEAP - ANSWER Wireless sniffer that provides a dictionary-based attack against LEAP authentication CoPatty - ANSWER a wireless dictionary-based cracking tool for pre-shared keys with WPA1 and WPA2 Easy Creds - ANSWER A tool that allows an attacker to quickly configure an evil wireless access point that the attacker has full control over Karmetasploit - ANSWER A flexible exploitation framework that contains exploits for hundreds of different vulnerabilities. Allows Metasploit to listen on a wireless interface for probe requests. Karmetasploit includes the following services - ANSWER -DHCP (provides IP address) DNS ( -POP3 -HTTP -Samba Nmap - ANSWER A network-analysis tool. Can be used for network mapping and port scanning Nmap sends the following four packets to each address in the target range... - ANSWER ICMP Echo Request TCP Syn to port 443 TCP Ack to port 80 ICMP timestamp request The -PN flag in Nmap - ANSWER tells Nmap not to ping the target Traceroute and tracert tools - ANSWER measures all routers from a given source to any destination. Determine whether to use IPv4 or IPv6 Zenmap GUI - ANSWER a component of Nmap. It can provide an interactive graphical portrayal of the network Port Scanners - ANSWER Help identify openings on a system and the type of system TCP is BLANK - ANSWER Session-oriented UDP is BLANK - ANSWER Sessionless. it is also considered "Stateless". it is useful for applications that value speed over reliable delivery, such as voice or video Ping Sweeps - ANSWER Send a variety of packet types such as ICMP echo requests ARP scans - ANSWER Identify which hosts are on the same LAN as the machine running Nmap. Does not work via a router Connect scan - ANSWER Complete the three-way handshake. Activities are often logged on the system Syn Scans - ANSWER only send the initial SYN and await the SYN-ACK response to determine if a port is open ACK scans - ANSWER useful in getting through simple router-based firewall. Useful for mapping but not for port scanning. Great for finding sensitive internal systems post exploitation FIN scans - ANSWER sends packets with the FIN control bit set in an effort to be stealthy and get through firewalls FTP PRoxy Bounce Attack Scans - ANSWER Bounce an attack off a poorly configured FTP Server Idle scans - ANSWER can be used to divert attention, obscuring the attacker's location UDP scanning - ANSWER Helps locate vulnerable UDP services, such as UDP port 53, 111 (portmapper), and 161 (SNMP)