You have gained temporary access to a remote Windows NT server you are auditing, and need to quickly copy the password file. Where is this file located>%SYSTEMROOT%\system32\configWhat password cracking utility will crack both UNIX and Windows NT passwords and supports several common hash types found on both of these systems?John The RipperAn attacker can gain repeated, unregulated, and undetected access to a compromised system by installing a backdoor process, which is the primary purpose of which type of attack?RootkitWhat statement regarding hardware keystroke loggers is not accurate?Hardware keystroke loggers can interact with the attached system to send data over the network.Which Windows utility randomly generates the key used to encrypt password hashes in the SAM database?SyskeyFor Windows 9x and Windows NT operating systems, which authentication protocol should be used that protects the authentication process through the use of a secure channel for logon purposes?NTLMv2You are attempting to automate the process of hardening workstations from attacks network wide. What tool can you use that will display program execution on multiple remote computers simultaneously?Alchemy Remote ExecutorWhich type of password attack involves a third party intercepting the communication between the two parties?Man-in-the-MiddleWhat are two general countermeasures for preventing privilege escalation?Restrict interactive logons and access to system programs that are not required by users.Performing auditing of events such as account logons, privilege use, and system events.A compromised server has been placed under your control, and your client has asked that you determine how it was compromised. After utilizing a LiveCD environment to compare file hashes to a known clean installation, you notice a file named msdirectx.sys in the System32 folder that looks out of place. From the presence of this file, what can you determine has happened?The Fu rootkit is installed on the server.What are two methods that might be used by a rootkit to avoid detection by an administrator?The rootkit may disable auditing and event logs.The rootkit may modify execution paths or system binaries.What method is typically utilized to hide data within an image?Least-significant bit insertionA client has asked you to implement software keyloggers countermeasures. They have requested that you use a utility that does not require hard disk or memory scanning. What utility should you utilize?Advanced Anti KeyloggerWhich tool tracks any LAN activity, giving the most detailed information on what users did on the System?Activity Monitor |