Ethical Hacking 면접 질문과 답변

Ques 16. What is enumeration in ethical hacking?

Enumeration is the primary phase of ethical hacking that is information gathering. In this phase, the attacker builds an active connection with the victim and tries to gain as much information as possible to find out the weaknesses or vulnerabilities in the system, and tries to exploit the system further.

Enumeration collects information about:

• Network shares
• Passwords policies lists
• IP tables
• SNMP data, if they are not secured properly
• Usernames of different systems

Ques 17. What are the different enumerations available in ethical hacking?

The different enumerations available in ethical hacking are listed below:

• DNS enumeration
• NTP enumeration
• SNMP enumeration
• Linux/Windows enumeration
• SMB enumeration

Ques 18. What is defacement?

Defacement is an attack in which the hacker changes the visual appearance of a web page or website. The attacker replaces the firm’s site with an alternate page or sometimes opposite to the text of the website.

Ques 19. What is MIB?

Management Information Base (MIB) is a virtual database of network objects. It contains all the formal descriptions of the network objects being monitored by a network management system. The MIB database of objects is used as a reference to a complete collection of management information on an entity like a computer network.

Ques 20. What is MAC flooding and how to prevent it?

MAC flooding is an attacking method that is used to compromise the security of the network switches. These switches maintain a table structure called a MAC table that consists of each MAC address of the host computer on the networks which are connected to the ports of the switch.

To prevent MAC flooding, use the following methods:

• Authentication with the AAA server
• Port security
• Implement IEEE 802.1x suites
• Employ security measures to prevent IP spoofing or ARP spoofing