Resolves (look up) the IP address of the specified hostname Tests connectivity between devices and shows the routers in the path between the two devices Sends an ICMP echo request/reply packet to a remote host Displays current connections and incoming and outgoing connections A few simple replies to this request from the remote host indicates that a connection exists between sender and
receiver Displays active sessions, ports, sockets and the local routing table When used with the -t option, performs a continuous connection test Ping sends an ICMP echo request/reply packet to a remote host. A response from the remote host indicates that both hosts are correctly configured and a connection exists between them. Using ping -t performs a continuous connection test (press Ctrl+C to stop sending the ping requests). nslook up resolves (looks up) the IP address of the specifies hostname. It also displays additional name resolution information, such as the DNS server used for the lookup request. netstat displays the following IP-related statistics: Home Subjects Solutions Create Log in Sign up Upgrade to remove ads Only SGD 41.99/year
How do you want to study today?
Terms in this set (174)White box test Penetration test in which the ethical hacker is given full knowledge of the target or network. This test allows for a comprehensive and thorough test, but is not very realistic. Black box test Penetration test in which the ethical hacker has no information regarding the target or network. This type of test best simulates an outside attack and ignores the insider threats. Gray box test Penetration test in which the ethical hacker is given partial information of the target or network, such as IP configurations, email lists, etc. This test simulates the insider threat. Bug bounty These unique tests are setup by organizations such as Google, Facebook, and others. Ethical hackers can receive compensation by reporting bugs and vulnerabilities they discover. Scope of work A very detailed document that defines exactly what is going to be included in the penetration test. This document is also referred to as the statement of work. Rules of engagement A document that defines exactly how the penetration test will be carried out. The ____ team members are the ethical hackers. This team is responsible for performing the penetration tests. red ____ team members are the defense of the system. This team is responsible for stopping the red team's advances. Blue Members of the ____ team work on both offense and defense. This team is a combination of the red and blue teams. purple The ____ team members are the referees of cybersecurity. This team is responsible for managing the engagement between the red and blue teams. This group typically consists of the managers or team leads. white The first phase in the pentesting process is ____, also known as footprinting. In this phase, the pentester begins gathering information on the target. This can include gathering publicly available information, using social engineering techniques, or even dumpster diving. reconnaissance Running ____ on the target is the second phase. During this phase, the ethical hacker is actively engaged with the
target. scans The third phase takes all of the information gathered in the reconnaissance and scanning phases to ____ any discovered vulnerabilities in order to gain access. exploit Once the pentester has gained access, ____ that access becomes the next priority. This can be done by installing backdoors, rootkits, or Trojans. maintaining The final phase is generating the ____ and supporting documentation. After any penetration test, a detailed report must be compiled. Documentation provides extremely important protection for both the penetration tester and the organization. test results Which step in the penetration testing life cycle is accomplished using rootkits or Trojan horse programs? Maintain access You have been hired as part of the team that manages an organization's network defense. Blue As
part of a special program, you have discovered a vulnerability in an organization's website and reported it to the organization. Because of the severity, you are paid a good amount of money. Bug bounty Which phase or step of a security assessment is a passive activity? Reconnaissance Which of the following activities are typically associated with a penetration test? Attempt social engineering. Which of the following is a very detailed document that defines exactly what is going to be included in the penetration test? Scope of work Which of the following uses hacking techniques to proactively discover internal vulnerabilities? Penetration testing What is the primary purpose of penetration testing? Test the effectiveness of your security perimeter. You have been hired to perform a penetration test for an organization. You are given full knowledge of the network before the test begins. White box You have been promoted to team lead of one of the security operations teams. White IP scanners Special tools that allow a network administrator to scan the entire network to find all connected devices and their IP addresses. Reconnaissance Also known as footprinting. This is the process of gathering information about a target before beginning any penetration test or security audit. Active reconnaissance ... Passive reconnaissance The process of gathering information by interacting with the target in some manner. Packet sniffing The act of capturing data packets transmitted across the network and analyzing them for important information.t. War driving The act of driving around with a wireless device looking for open vulnerable wireless networks. War flying The act of using drones or unmanned aerial vehicles to find open wireless networks. Eavesdropping The act of covertly listening in on a communication between other people. Open-Source Intelligence (OSINT) Any data that is collected from publicly available sources such as social media, search engines, company websites, media sources, or public government sources. ____ is a command line tool that is used to perform a connection test between two network devices. Ping The _____ tool shows the path a packet takes to reach its destination. Every device the packet passes through is known as a hop. tracert The ____ Windows command line tool combines the tracert and ping tools. pathping Use the ____ command to display a variety of network statistics in both Windows and Linux netstat The ____ command is used in both Windows and Linux to show the routing table and to make manual changes to the table. route The ____ command is used in both Windows and Linux. ARP stands for Address Resolution Protocol and is used to match IP addresses to MAC addresses arp The ____ and dig commands are used to view and modify DNS settings. These tools can be used to look up DNS server information and also give IP addresses and domain names for a network server. nslookup The ipconfig command (Windows) and the ifconfig command (Linux) are used to display the IP ____ on the local computer. configuration ____ is a security tool that can check connectivity and also analyze the target to gather information. Hping The ____ security tool can read and write data across both TCP and UDP network connections. It opens a TCP connection between two devices and can be used to send packets, scan for open ports, and listen in on connections to specific ports. netcat ____ are special tools that allow a network administrator to scan the entire network to find all connected devices and their IP addresses. IP scanners The ____ utility is a network security scanner. nmap The ____ framework is a collection of resources and tools that are separated by common categories. The OSINT Framework makes it easy to gather all sorts of information, making the initial reconnaissance process much more efficient. OSINT ____ is a passive reconnaissance tool that is used to gather information from a variety of public sources. The tool gathers emails, names, subdomains, IPs, and URLs using multiple public data sources. These sources include search engines, social media sites, and Shodan. theHarvester ____ is a popular search engines for internet-connected devices. Users are able to search for specific types of devices and locations. This information can be used to see if a target has any online devices without proper security. Shodan ____ is a program that performs DNS enumeration and can find the DNS servers and entries for an organization. This information can help find other information such as usernames, computer names, IP addresses, and more. Dnsenum ____ and ____ are two common command line programs that can be used to download or upload files. An example of using these tools is to download an entire website for offline analysis.Because these tools actively engage with the target, they are considered active reconnaissance tools. Curl, wget ____ is used for port scanning. Instead of scanning ports from the hacker machine, it uses exploitation websites to perform port scans. This means the attacker is able to maintain anonymity while scanning the target. scanless ____ is a automated scanner that can be used to enumerate and scan for vulnerabilities. It combines the functions of many tools and can be used to find information such as DNS information, open ports, running services, and more Sn1per ____ is a proprietary vulnerability scanner that is developed by Tenable. It can be used to scan the target for any known vulnerabilities, which can be exploited to gain access to the target. Nessus Which of the following tools can be used to view and modify DNS server information in Linux? dig You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use? Network mapper You need to check network connectivity from your computer to a remote computer. Which of the following tools would be the BEST option to use? ping You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tool should you use? Nessus You need to enumerate the devices on your network and display the network's configuration details. nmap Gathering as much personally identifiable information (PII) on a target as possible is a goal of which reconnaissance method? OSINT Which type of reconnaissance is dumpster diving? Passive Which passive reconnaissance tool is used to gather information from a variety of public sources? theHarvester Which of the following tools can be used to see if a target has any online IoT devices without proper security? Shodan The process of walking around an office building with an 802.11 signal detector is known as: War driving Intrusion detection system Device or software that monitors, logs, and detects security breaches, but takes no action to stop or prevent the attack. Intrusion prevention system Device that monitors, logs, detects, and can also react to stop or prevent security breaches. Sensor IDS component that passes data from the source to the analyzer. Engine IDS component that analyzes sensor data and events; generates alerts; and logs all activity Signature-based detection Also referred to as pattern matching, dictionary recognition, or misuse-detection (MD-IDS). This detection method looks for patterns in network traffic and compares them to known attack patterns called signatures. Heuristic-based detection Also referred to as behavior, anomaly, or statistical-based detection. This detection method first defines a baseline of normal network traffic and then monitors traffic looking for anything that falls outside that baseline. A ____ traffic assessment means that the system detected an attack and the appropriate alarms and notifications were generated or the correct actions were performed to prevent or stop the attack. positive A ____ traffic assessment means that the system identified harmless traffic as offensive and generated an alarm or stopped the traffic. false positive A ____ traffic assessment means that the system deemed the traffic harmless and let it pass. negative A ____ traffic assessment means that harmful traffic was allowed to pass without any alerts being generated or any actions being taken to prevent or stop it. This is the worst possible scenario. false negative An ____, also called an IPS, performs the functions of an IDS but can also react when security breaches occur. active IDS You are concerned about protecting your network from network-based attacks on
the internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. Anomaly-based IDS Which of the following describes the worst possible action by an IDS? The system identified harmful traffic as harmless and allowed it to pass without generating any alerts. Which of the following describes a false positive when using an IPS device? Legitimate traffic being flagged as malicious As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. Host-based IDS What is the most common form of host-based IDS that employs signature or pattern-matching detection methods? Antivirus software An active IDS system often performs which of the following actions? (Select two.) Performs reverse lookups to identify an intruder, Updates filters to block suspect traffic. You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In
addition, you want the system to take immediate action to stop or prevent the attack, if possible. IPS Your organization uses a web server to host an e-commerce site. Implement an application-aware IPS in front of the web server Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database? Signature-based IDS What does an IDS that uses signature recognition use to identify attacks? Comparisons to known attack patterns Threat hunting The human-based, methodical search and monitoring of the network, systems, and software in order to detect any malicious or suspicious activity that has evaded the automated tools. Threat feed A service that tracks cyber threats across the world and provides real-time updates with IP addresses, URLs, and other relevant information regarding the threats. Advisories and bulletins Advisories and bulletins provide detailed updates on cyber threats. They are usually updated weekly. Intelligence fusion The sharing of information between multiple government agencies and private security firms. Vulnerability scan The process of capturing and analyzing packets to identify any security weaknesses in a network, computer system, local applications, and even web applications. False positive Scan results that indicated a vulnerability, but there is none. False negative Scan results that indicate no vulnerability when a vulnerability exists. Common Vulnerability Scoring System A system that ranks vulnerabilities based on severity. Common Vulnerabilities and Exposures (CVE) A list of standardized identifiers for known software vulnerabilities and exposures. Security information and event management Special tools that gather network information and aggregate it into a central place. SIEM systems can actively read the network information and determine if there is a threat. Security Orchestration, Automation and Response A solution stack of compatible software programs that collect data about security threats from multiple sources and respond to low-level security events without human assistance. A ____ scan finds a potential vulnerability and then actively attempts to exploit it. This leads to more accurate results but cannot be done on a live system. intrusive A ____ scan is the more common type of scan performed. This method scans the network and lists all potential vulnerabilities but is unable to validate if the system is vulnerable. non-intrusive In a ____ scan, the scanner uses an administrator or other account's credentials to perform the scan. This method shows a deeper look at the network and is able to identify more vulnerabilities than a non-credentialed scan credentialed With a ____ scan, the security administrator does not authenticate to the system prior to running the scan. This scan shows open ports, protocols, and services that are exposed on a host system. This shows vulnerabilities that an outside attacker might be able to take advantage of. non-credentialed ____ are responsible for gathering all event logs from the configured devices and securely sending them to the SIEM system. Collectors The ____ system receives the data from the collectors and then reads, analyzes, and separates the data into different categories. SIEM The SIEM system is configured with network ____ data. As the data is analyzed and sorted, any data that exceeds the established threshold triggers an alert. baseline The Orchestration component of the ____ system is responsible for gathering the data and information from across the network. A SOAR system gathers the same data as a SIEM system, but it can also implement many different third-party tools. The SOAR system coordinates these tools, sensors, and collectors to work together. SOAR The SOAR system can be set up to ____ tasks that are routine, tedious, and time consuming. This includes tasks such as looking for and deleting phishing emails. automate SOAR systems are able to automatically take actions against threats. For example, if malware is discovered, the SOAR system can ____ identify and quarantine the threat as needed. automatically A security administrator logs onto a Windows server on her organization's network. Then she runs a vulnerability scan on that server. Credentialed scan In your role as a security analyst, you ran a vulnerability scan, and several vulnerabilities were reported. Upon
further inspection, none of the vulnerabilities actually existed. False positive A security administrator needs to run a vulnerability scan that analyzes a system from the perspective of a hacker attacking the organization from the outside. Non-credentialed scan In your role as a security analyst, you need to stay up to date on the latest
threats. You are currently reviewing the latest real-time updates on cyberthreats from across the world. Threat feeds You want to be able to identify the services running on a set of servers on your network. Which tool would BEST give you the information you need? Vulnerability scanner You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches? Run the vulnerability assessment again. Which SIEM component is responsible for gathering all event logs from configured devices and securely sending them to the SIEM system? Collectors Which of the following Security Orchestration, Automation, and Response (SOAR) system automation components is often used to document the processes and procedures that are to be used by a human during a manual intervention? Playbook You want to make sure that a set of servers only accepts traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers do not accept packets sent to those services. Port scanner Which of the following systems is able to respond to low-level security events without human assistance? SOAR Protocol analyzer Hardware or software used for monitoring and analyzing digital traffic over a network Promiscuous mode A mode in which the NIC processes every frame it sees, not just those addressed to it. Port mirroring A switch mode in which all frames sent to all other switch ports will be forwarded on the mirrored port. You are using a protocol analyzer to capture network traffic. You want to only capture the frames coming from a specific IP address. Capture filters Which of the following processes identifies an operating system based on its response to different types of network traffic? Fingerprinting You decide
to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to a switch that is connected to the router. Port mirroring You are running a packet sniffer on your
workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation. Configure the network interface to use promiscuous mode. Which of the following accurately describes what a protocol analyzer is used for? (Select two.) A passive device that is used to copy frames and allow you to view frame contents, A device that does NOT allow you to capture, modify, and retransmit frames (to perform an attack). You want to identify traffic that is generated and sent through a network by a specific application running on a device. Protocol analyzer You want to know which protocols are being used
on your network. You'd like to monitor network traffic and sort traffic by protocol. Packet sniffer You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Packet sniffer Which of the following roles would be MOST likely to use a protocol analyzer to identify frames that might cause errors? Security operations team You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use? Wireshark Man-in-the-middle (MITM) attack An attack in which the hacker intercepts communications between two devices. ARP poisoning Attack targeting the ARP protocol. The attacker changes the ARP cache by spoofing the IP address of a target. MAC spoofing Attack in which the hacker spoofs the MAC address of the gateway. This results in the spoofed address overwriting the gateway's MAC address in the switch's CAM table. MAC flooding Attack against a network switch in which the attacker sends a large number of Ethernet frames with various MAC addresses, overwhelming the switch. The switch is overloaded and sends traffic to all ports. DNS attack An attack that targets DNS services. Distributed denial of service (DDoS) An attack that is designed to bombard the target with more data than it can handle, causing it to shut down. Python A easy to read and understand programming language. Command shell A program that provides an interface to give users access to operating system functions and services. Macros Code that is used to perform a series of steps or functions inside a specific application. IP address spoofing The hacker modifies an IP address in a communication. The recipient intends to send information to the originally specified IP address, but the packets go to the hacker instead. DNS spoofing The hacker modifies a website's address in the DNS server. The user attempts to go to that website, but instead is redirected to the hacker's malicious site. HTTPS spoofing The hacker uses a website name that looks similar to a real site. For example, www.testout.com could be replaced with www.test0ut.com. SSL hijacking The hacker passes forged authentication keys to both the user and application/server. The user and application/server are talking directly to each other, but all communication is going through the hacker. Email hijacking The hacker compromises the target's email account and is able to monitor and gather information Wi-Fi eavesdropping This is also known as a evil-twin attack. The hacker tricks users into connecting to a malicious wireless network in order to monitor and manipulate the data packets flowing across the wireless network. Browser cookie theft This is also known as session hijacking. When a user logs into a website, a session cookie is generated. The hacker intercepts the session cookie and can access the user's website account. Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on a network? ARP poisoning Which of the following attacks tries to associate an incorrect MAC address with a known IP address? ARP poisoning Which type of denial-of-service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses? DNS poisoning While using the internet, you type the URL of one of your favorite sites in the browser. Instead of going
to the correct site, the browser displays a completely different website. When you use the IP address of the web server, the correct site is displayed. DNS poisoning An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information. DNS poisoning Which of the following describes a man-in-the-middle attack? A false server intercepts communications from a client by impersonating the intended server. Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which type of attack? Man-in-the-middle attack Which type of activity changes or falsifies information in order to mislead or re-direct traffic? Spoofing A router on the border of your network detects a packet with a source address that is from an internal client, but the packet was received on the internet-facing interface. This is an example of which form of attack? Spoofing Which of the following are network-sniffing tools? Cain and Abel, Ettercap, and TCPDump Social engineering Social engineering uses manipulation of people or situations to gain access to sensitive information. Dumpster diving A social engineering attack in which an attacker goes through the trash to find important documents or information that has been thrown out. Shoulder surfing A eavesdropping technique where the listener obtains passwords or other confidential information by looking over the shoulder of the target. Brute force attack Password attack in which the attacker uses a cracking tool that submits every possible letter, number, and symbol combination in a short amount of time. Password spraying Brute force password attack that uses the same password with multiple user accounts instead of different passwords for the same account. Dictionary attack Brute force password attack in which the hacker uses a list of words and phrases to try to guess the password. Rainbow attack Similar to dictionary attacks, but a rainbow attack uses special tables called rainbow tables that have common passwords and the generated hash of each password. Some common password cracking tools that can be used to carry out brute force attacks are: true Some common rainbow attack programs include: true You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using? Brute force attack A user named Bob
Smith has been assigned a new desktop workstation to complete his day-to-day work. Use Group Policy to require strong passwords on user accounts, Train users not to use passwords that are easy to guess. In a variation of the brute force attack, an attacker may use a predefined list of common usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue? A strong password policy You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled? Dumpster diving Carl received a phone call from a woman who states that she is calling from his bank. She tells him that someone has tried to access his checking account, and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password. Which of the following types of non-technical password attack has occurred? Social engineering You want to check a server for user accounts that have weak passwords. Which tool should you use? John the Ripper Which of the following password attacks uses preconfigured matrices of hashed dictionary words? Rainbow table attack Which of the following strategies can protect against a rainbow table password attack? Add random bits to the password before hashing takes place Which of the following techniques involves adding random bits of data to a password before it is stored as a hash? Password salting Which of the following best describes shoulder surfing? Someone nearby watching you enter your password on your computer and recording it. Sets found in the same folder3200 Chapter 9 - Virtualization, Cloud Security, a…184 terms Xaldinkh 3200 Chapter 10 - Securing Data and Applications82 terms Xaldinkh Other sets by this creator4.6, 4.7, 4.8, 4.913 terms Xaldinkh 4.1, 4.2, 4.3, 4,4, 4.526 terms Xaldinkh A9, A10, A1110 terms Xaldinkh A5, A7, A811 terms Xaldinkh |