Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
81 Cards in this Set
- Front
- Back
CAIN |
voip traffic decode tool, packet capture
|
|
security tokens |
represents a logical or technical control |
|
snort |
network intrusion detection system - ids |
|
static nat |
one to one mapping |
|
SOX - sarbanes oxley act |
statements verifying the completeness and accuracy of financialreports |
|
defense in depth |
security strategy, several, varying methods to protect IT systems against attacks |
|
xp_cmdshell |
sql 2000 type attack*local system account* |
|
C, C++ |
buffer overflow attacks |
|
Collision resistance |
property ensures that a hash function will not produce the same hashed value for two different messages |
|
Components of Risk Assessment |
Technical, Organizational, Physical, Administrative SAFEGUARDS |
|
Next step after Risk Assessment |
Design and implement a remediation plan |
|
trusted root that issues certificates |
CA - certification authority |
|
network attacks that takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack |
teardrop attack |
|
Blackberry Attacks |
BBProxy-blackjackking attack |
|
decodes pcf files what program? |
Cain and Abel |
|
Ethereal/Wireshark, TCPDump, and Snort uses the same packet capture utulity? true/false |
true |
|
settings of the built-in Windows firewall command line? |
Netsh firewall show config |
|
three types of authentication |
Something you: have,know,are |
|
three types of compliance that the Open Source Security Testing MethodologyManual (OSSTMM) recognizes |
Legislative,contractual,standards based |
|
trap door |
secret entry point |
|
what is IANA |
internet assigned numbers authority |
|
if SQL injection is possible, what is the first character that the testershould use to attempt breaking a valid SQL request? |
Single quote |
|
international standard that establishes a baseline level of confidence inthe security functionality of IT products by providing a set of requirements for evaluation |
common criteria |
|
server type under an N-tier architecture |
A group of servers with a unique role |
|
what is XSS |
cross site scripting |
|
The session cookies do not have the HttpOnly flag set. |
to exploit xss vuln. |
|
syslog port and protocol? |
514 udp |
|
NMAP switch, which ports have been left open on a network |
-sO |
|
NMAP switch, which IP addresses are currently active on a network |
-sP |
|
security mechanism that optimized for confidential communications, such as bidirectional voiceand video? |
RC4 |
|
............ is found in all versions of NTFS |
Alternate Data Streams (ADS) |
|
LM hashes smaller than 8 characters attention to ............. |
AAD3B435B51404EE |
|
sniff switched network? how? |
ARP spoof the default gateway |
|
Windows system tool checks integrity of critical files that has been digitally signed by Microsoft? |
sigverif.exe |
|
order |
Passive information gathering,Network level discovery,Host scanning, Analysis of host scanning. |
|
What is PKI |
Public Key Infrastructure, is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. invented in 1976 by Whitfield Diffie and Martin Hellman. |
|
responsible for domains served within North and South America |
ARIN-american registry for internet numbers |
|
repudiation ne demek? türkçe |
reddetmek |
|
NETBIOS and RPC are part of which layer? |
SESSION (5TH) |
|
IPSEC operates at what layer? |
NETWORK (3TH) |
|
4th layer at OSI? |
TRANSPORT (HOST TO HOST CONTROL, FLOW CONTROL) TCP, SPX, UDP |
|
Stack based and heap based are types of .......... |
buffer overflow |
|
Splint is a source code analyzer that is capable of detecting a _ |
buffer overflow |
|
gdb nedir açılımı |
gnu project debugger |
|
libsafeplus nedir? |
buffer overflow prevention tool |
|
ASLR açılımı nedir? |
Address Space Layout Randomisation |
|
memory segment is dynamically allocated |
heap |
|
buffer overflow prevention tool/software |
defensewall nedir? |
|
soa nedir açılım |
service oriented architecture |
|
nx bit açılı nedir |
non executable bit |
|
ollydbg is a 32 bit |
assembler level debugger |
|
machine code sometime refered as.................... |
binary code |
|
big endian and little endian systems how significant bytes stored? first! |
big endian = most significant byte |
|
smb port? |
137 |
|
bana LDAP portlarını söyle bakem? |
389 (ldap) 636 (ldap-ssl) |
|
getadmin.exe ne için kullanılıyor? |
privilage escalation |
|
privilage escalation iphone dersem hangi tool? |
jailbreaking |
|
service version detection scanning in nmap |
-sV |
|
WinFingerprint nedir söyle bakalım? |
NetBIOS enumeration tool |
|
nbtstat windowsta kullanılıyor, bunun linuxtaki karşılığı nedir? |
nmblookup |
|
netbios port? |
139 |
|
Which command is used to list local NetBIOS names? |
nbtstat.exe -n |
|
fingerprinting VPN firewalls |
ikescan |
|
snmp enumeration tools? |
snscan, snmputil, solarwinds |
|
command displays the NetBIOS sessions table and destination names? |
nbtstat.exe -s |
|
protocol scan in nmap |
-sO |
|
The Zed Attack Proxy (ZAP) i |
integrated penetration testing tool for finding vulnerabilities in web applications. |
|
Which nbstat command is used to display the contents of the NetBIOS name cache, NetBIOS names, and their resolved IP addresses? |
nbtstat.exe -c |
|
Which command is used to retrieve the NetBIOS name table of a remote computer? |
nbtstat.exe -a {NetBIOS name of target computer} |
|
snmp osi katmanı |
application 7 |
|
two types of managed objects in an MIB? |
Scalar objects and tabular objects |
|
Which command sends release packets to Windows Internet Name Service (WINS) and starts a refresh via NetBIOS? |
nbtstat.exe -RR |
|
ldapminer |
is not a graphical tool used to enumerate LDAP? |
|
Which command is used to retrieve NetBIOS client and server sessions, listing the remote computers by destination IP address only? |
nbtstat.exe -S |
|
Which command is used to list Windows Internet Name Service (WINS) names via NetBIOS? |
nbtstat.exe -r |
|
LDAP operations indicates that the client is asking to abort a previous request? |
abandon |
|
Which command purges the remote cache name table in NetBIOS? |
nbtstat.exe -R |
|
steganography tools söyle bakalım 5 adet |
Mp3Stegz |
|
wpa da PTK nedir? |
pairwise transient key (PTK) |
|
wpa da PMK nedir? |
pairwise master key (PMK) |
|
PMK olmadan PTK olur mu? |
olmaz |