Which four methods are used by hackers? (Choose four.)
A.
footprint analysis attack
B.
privilege escalation attack
C.
buffer Unicode attack
D.
front door attacks
E.
social engineering attack
F.
Trojan horse attack
Explanation:
https://learningnetwork.cisco.com/servlet/JiveServlet/download/15823-1-
57665/CCNA%20Security%20(640-554)%20Portable%20Command%20Guide_ch01.pdf
Thinking Like a Hacker
The following seven steps may be taken to compromise targets and applications:
Step 1 Perform footprint analysis
Hackers generally try to build a complete profile of a target company’s security posture using a
broad range of easily available tools and techniques. They can discover organizational domain
names, network blocks, IP addresses of systems, ports, services that are used, and more.
Step 2 Enumerate applications and operating systems
Special readily available tools are used to discover additional target information. Ping sweeps use
Internet Control Message Protocol (ICMP) to discover devices on a network. Port scans discover
TCP/UDP port status.
Other tools include Netcat, Microsoft EPDump and Remote Procedure Call (RPC) Dump, GetMAC,
and software development kits (SDKs).
Step 3 Manipulate users to gain accessSocial engineering techniques may be used to manipulate target employees to acquire passwords.
They may call or email them and try to convince them to reveal passwords without raising any
concern or suspicion.
Step 4 Escalate privileges
To escalate their privileges, a hacker may attempt to use Trojan horse programs and get target users
to unknowingly copy malicious code to their corporate system.
Step 5 Gather additional passwords and secrets
With escalated privileges, hackers may use tools such as the pwdump and LSADump applications to
gather passwords from machines running Windows.
Step 6 Install back doors
Hacker may attempt to enter through the “front door,” or they may use “back doors” into the
system. The backdoor method means bypassing normal authentication while attempting to remain
undetected. A common backdoor point is a listening port that provides remote access to the system.
Step 7 Leverage the compromised system
After hackers gain administrative access, they attempt to hack other systems.