Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
104 Cards in this Set
- Front
- Back
|
Which 802.11 standard covers security relating to WPA2? |
802.11i is the standard concerned with the design and implementation of WPA2 |
|
|
Which 802.11 standard specifies a data transmit rate of 11 Mbps? |
802.11b is an early wireless standard that allows for a transmission rate of only 11 Mbps in theory, but in practice it is around half this speed. |
|
|
How is a cookie best described? |
A cookie is a text file placed on a computer system by a web application or page that stores information that can be used to customize a user's experience. Cookies are used by web applications in situations where information needs to be stored for later retrieval due to stateless protocols such as HTTP being unable to store persistent information. The file can be targeted by an attacker to gain information or plant information on a host system. Methods to do this include XXS and session hijacking. |
|
|
A bot is used in which type of attack? |
A bot (also sometimes called a drone or zombie) is commonly used in the commission of a DDoS attack. During the course of this attack, thousands of these systems may be used to attack a target. |
|
|
What is the LOIC used to perform? |
The Low Orbit Ion Cannon (LOIC) is used to perform DoS or DDoS attacks against a victim system. |
|
|
On a stand-alone Windows system, where is the password and account information stored? |
In the Security Accounts Manager (SAM), which is a database on the local system that stores credential information only for the local system. The SAM is a component of the Windows registry. |
|
|
What is steganography used for? |
It is used to hide information within other information. The process is an excellent example of a covert channel, which is where something is used counter to its design. In steganography this could be when an image is used to store a PDF, not something an image is meant to do. |
|
|
What is a covert channel? |
It is a secret facility that enables you to use a system in a way counter to its design. A covert channel is particularly dangerous because using something counter to the way it was designed to be used can also mean that no security mechanisms are in place to look for it. |
|
|
What is an overt channel? |
An overt channel is a system that is used in a manner consistent with its design. |
|
|
What weakness does a Trojan exploit? |
A Trojan exploits weaknesses in human nature by enticing a victim to open and execute a file using false promises or enticing language. More specifically, a Trojan utilizes social engineering techniques to manipulate the recipient into opening and executing what looks like something of value but in reality contains a malicious payload. |
|
|
What is a host intrusion detection system (HIDS) used for? |
An HIDS is used to monitor potential or suspected intrusions on a system or host. Unlike an NIDS it cannot be used to monitor traffic or activity on a network. It looks for changes to files, misuse, privilege abuse, alterations to log files, and other activities depending on the vendor. |
|
|
What is a network intrusion detection system (NIDS) used to monitor? |
An NIDS is used to monitor potential breaches or malicious activities on a network. An NIDS can look for deviations from known or expected behavior on a network, or it can be a knowledge-based system that compares activity against a database much like an antivirus application does. |
|
|
What is a demilitarized zone (DMZ)? |
A demilitarized zone refers metaphorically to a buffer zone between intranet and internet services. In many cases the DMZ is used to host publicly accessible services in the semi-protected region between an intranet and the internet. |
|
|
What type of firewall can operate at Layer 4 of the OSI model and above? |
Stateful firewalls are designed to work at Layer 4 and above, where they can perform stateful packet inspection (SPI). These firewalls need to be able to monitor the activities that happen with a connection, including the traffic present at these layers. |
|
|
What device can direct traffic based on physical addresses? |
A switch operates at Layer 2, which is where physical or MAC addresses are assigned. A switch uses the MAC address to differentiate traffic. |
|
|
What device operates at Layer 3? |
A router works specifically at Layer 3, where routable protocols start to appear. The IP portion of the TCP/IP suite resides at Layer 3. |
|
|
Bluetooth goes by which IEEE standard number? |
802.15 |
|
|
What is the name of the directional antenna used in wireless communications? |
Yagi is an antenna used to focus and highly concentrate a wireless signal in a single direction. The result is increased range, a stronger signal, and better security from less scattering of the signal. |
|
|
Which port is used by SSL? |
Port 443 is set aside by convention to be used by the SSL and TLS protocols when combined with HTTP. |
|
|
Which part of CIA is concerned with the quality of information? |
Integrity: CIA means Confidentiality, Integrity, Availability. |
|
|
What type of attack uses a flood of half-open connections to perform a DoS? |
A SYN flood works via a three-way handshake but removes the final ACK in the handshake, thus exhausting the target party's resources. It's also known as a half-open connection. |
|
|
What type of attack uses an unusual combination of TCP flags to cause a DoS? |
A Xmas tree is a packet where legal but unusual combinations of flags are set, resulting in systems not knowing how to respond or deal with the packets. Modern systems usually ignore or drop the packets, but in old or unpatched systems a crash can result. |
|
|
What does the receipt of an RST flag indicate? |
A reset (RST) flag indicates that a port is closed. |
|
|
What tools can be used to determine the open and closed ports on a system? |
Port scanners such as Nmap and SuperScan can determine the status of ports on a system or groups of systems. |
|
|
What technique can be used to determine whether a whole subnet of hosts is up or down? |
Ping sweeps (or ICMP) can be used to determine which hosts are up or down on a given subnet. Tools like Nmap or Angry IP Scanner can be used to perform this task. |
|
|
What is the proper syntax for connecting to a system using a NULL session? |
net use \\host_name_or_IP_address\ipc$ "" "/user:" |
|
|
What protocol or service makes a system potentially vulnerable to a NULL session? |
NetBIOS can potentially open the door to NULL session exploitation. In newer Windows systems, the registry setting RestrictAnonymous can be used to control this problem. |
|
|
What is an example of a utility that uses ICMP? |
Ping |
|
|
What tool is used to determine the path of a packet? |
Tracert or Visual Traceroute |
|
|
What registry key was introduced to lessen the impact of NULL sessions? |
The RestrictAnonymous key was introduced to blunt the impact of NULL sessions. |
|
|
What is a black-box test? |
A black-box test is one in which no information is provided to the testing party. The intention is to simulate the experience an outside party would have when trying to engage a target. |
|
|
What is a gray-box test? |
A gray-box test is one in which limited information is given to the testing party for purposes of evaluation. |
|
|
What is the purpose of a white-box test? |
In a white-box test, extensive or full information is given to an evaluating party, typically in order to test the internal workings of an environment for audit purposes. |
|
|
What does a pentester need prior to beginning a test? |
A pentester must have permission from the system owner as part of the contract. Any modifications or requests to expand the scope of the test must always be added to the contract. |
|
|
What is a law pertaining to the privacy of healthcare information? |
Health Insurance Portability and Accountability Act of 1996 (HIPPA) |
|
|
What is used to manage keys and certificates in a large-scale environment? |
Public Key Infrastructure (PKI) |
|
|
Which key is restricted to being used by a small or single party? |
The private key is by definition restricted to being used by a single user or small group. |
|
|
What is the commonly used standard for digital certificates? |
X.509 |
|
|
What is PGP? |
Pretty Good Privacy (PGP) is a peer-to-peer encryption system commonly used to exchange secure email. |
|
|
What protocol is used to transfer email from client to server? |
Simple Mail Transfer Protocol (SMTP) is used to transfer email from client to server or from server to server. |
|
|
What email protocol leaves messages on the server and can maintain status information? |
Internet Message Access Protocol version 4 is commonly used in situations where a mailbox is accessed on multiple systems to coordinate which messages have been read and which ones have not. |
|
|
From a security standpoint, what is a problem with SMTP? |
The protocol is unencrypted and provides no protection against sniffing or hijacking. However, the protocol can be protected if used with a VPN or similar technology. |
|
|
Which authentication protocol uses a KDC? |
Kerberos makes use of a key distribution center (KDC). |
|
|
What mechanism uses both AH and ESP modes? |
IPsec, or IP Security uses both AH and ESP modes to protect information in transit. |
|
|
What is AH mode? |
Authentication Header (AH) mode is used to digitally sign and protect the header of a packet. |
|
|
What is ESP mode? |
Encapsulating Security Payload (ESP) mode protects the contents of a packet in IPsec. |
|
|
What command can be used to view the shares on a Windows system? |
net view or net view |
|
|
What utility can be used to view active sessions in real time on a Windows system? |
TCPView or netstat; the difference between these two utilities is that while TCPView gives a real time look at traffic, netstat gives a snapshot. |
|
|
What is the purpose of a packet crafter? |
Tools such as hping3 are designed to create custom packets to test and evade devices. |
|
|
What does a level 3 firewall do? |
A level 3 firewall filters packets by source and destination IP address and protocol. |
|
|
What is a false positive? |
A report of an attack where one does not exist. |
|
|
What is a false negative? |
A false negative is no report of an attack even thought one is actually taking place. |
|
|
What is a device used to prevent tailgating? |
Mantrap |
|
|
What mechanism uses email to entice users to provide information they shouldn't reveal? |
Phishing |
|
|
What type of NIDS uses a database of known attacks to compare traffic against? |
A signature based IDS |
|
|
What is a HIDS? |
A host-based IDS (HIDS) detects intrustions and anomalous behavior on a system. |
|
|
Snort is an example of what kind of IDS? |
Snort is an NIDS for both Linux and Windows and is highly configurable and scalable. |
|
|
Tripwire is an example of which kind of IDS? |
Tripwire is the oldest HIDS in existence. |
|
|
What task is AirPcap used to perform? |
AirPcap is a hardware dongle used to analyze Wi-Fi data frames with the assistance of a sniffer. |
|
|
If you are using Wireshark by itself, can you analyze 802.11 frames? |
Yes, but not as closely and detailed as you can with AirPcap. |
|
|
What hardware device can be used to create VLANs? |
A switch can be used to create VLANs. |
|
|
How can a keylogger be installed onto a target system? |
Either as a hardware solution or as a piece of software such as a Trojan. |
|
|
What piece of malware can alter the files and behavior of a system? |
A rootkit is designed to alter the files and behavior of a system at a low level. |
|
|
What technique is typically used to detect changes in files? |
Hashing |
|
|
What technique can be used to hide PDF files within an image? |
Steganography |
|
|
What flaw can allow an attacker to perform a SQL injection through a field on a form? |
Lack of input validation on a form can allow an attacker to attempt a SQL injection. |
|
|
What is a timing attack in SQL injections? |
It is an attack where the time used to respond to a request is observed and used to determine success (also known as a blind SQL injection). |
|
|
What is banner grabbing? |
It is a technique used to extract information from a service. Common ways include using Telnet, Netcat, and Nmap. |
|
|
What is the most common tool used to perform banner grabbing? |
Telnet is the most common tool used to perform banner grabbing. |
|
|
What is BlackWidow? |
A tool used to download content from a website for viewing offline. |
|
|
Why would you use alerts to monitor a website? |
In order to be notified of changes to web pages and have the results sent to you. |
|
|
What is Google hacking? |
A technique where specific keywords are used to customize search results from Google. |
|
|
What does the keyword allinurl do? |
It allows the searching of specific words in a URL in Google. It's often referred to as Google hacking. |
|
|
What would the search "filetype:pdf" do? |
Return only search results that are PDF files. |
|
|
What is ODBC? |
Open Database Connectivity (ODBC) is an API (application programming interface) used to connect applications to databases. |
|
|
What is JSP? |
JavaServer Pages (JSP) is a technology that allows you to dynamically generate web pages. |
|
|
What is the definition of a client-side scripting language? |
A script that is delivered by the server to the client and then processed on the client system. |
|
|
What is the definition of a server-side scripting language? |
A script that is processed by the server and the results delivered to the requesting client. |
|
|
What is SNMP? |
Simple Network Management Protocol (SNMP) is used to monitor and issue commands to network devices. |
|
|
What ports does SNMP run over by default? |
161 and 162 |
|
|
What is HTTPS? |
This is HTTP (HyperText Transfer Protocol) running with the SSL (Secure Sockets Layer) technology for encryption and integrity purposes. |
|
|
Which encryption technique is best at processing bulk data? |
Symmetric algorithms are the most efficient at processing bulk data. |
|
|
What is the purpose of a key in encryption? |
To determine the settings of specific encryption instance. |
|
|
What is AES? |
Advanced Encryption Standard (AES) is a symmetric encryption standard. AES was originally named Rijndael. |
|
|
Who are Rivest, Shamir and Adelman? |
The founders of the RSA Corporation and the creators of the RSA algorithm. |
|
|
What is an ad hoc wireless network? |
It is a peer-to-peer wireless network that doesn't use an access point. |
|
|
What technique can be used to take over a connection after two hosts have completed authentication. |
Session hijacking is used at the network level. Application-level session hijacking typically targets web applications. |
|
|
What is TCP? |
Transmission Control Protocol (TCP) is used to ensure delivery and perform flow control in the TCP/IP suite; it's also referred to as a connection-oriented service. |
|
|
Give an example of a best-effort protocol. |
User Datagram Protocol (UDP) is a best-effort protocol. |
|
|
What is OSI? |
The Open Systems Interconnection (OSI) model is a standardized model for defining the seven layers of networking services. |
|
|
What is TrueCrypt? |
TrueCrypt is software used to perform drive encryption; it is no longer recommended and is considered unsafe. |
|
|
What is TPM? |
A trusted platform module (TPM) is used to hold keys and aid in the encryption process. It binds the hard drive to the motherboard. |
|
|
What is the significance of more bits in an encryption key? |
Keys with more bits are generally stronger because they require more compute time to break. |
|
|
What is a keyspace? |
A keyspace represents the number of potential keys present in a particular encryption algorithm. |
|
|
What technique would be used to detect a change in a file? |
Hashing or creating a message digest. |
|
|
What is WEP? |
Wired Equivalent Privacy (WEP) is an encryption standard used for Wi-Fi networks. |
|
|
What is Hunt? |
It is a tool used to perform session hijacking. |
|
|
What is a Smurf Attack? |
It is a DoS attack based on TCP used to send large volumes of traffic to a victim. |
|
|
What is a Fraggle Attack? |
It is a DoS attack based on UDP used to send large volumes of traffic to a victim. |
|
|
What is a land attack? |
It is an attack in which the source and destination of a packet are the same. |
|
|
What is an offline password attack that trades performance for speed? |
Rainbow table |
|
|
What is an attack against passwords that tries every possible combination of characters? |
A brute-force attack |
|
|
What is a dictionary attack. |
This is an attack where words, phrases, or predefined combinations are used from a file. |
|
|
Does drive encryption prevent theft of data? |
No, it poses a substantial barrier against theft, but theft is not impossible. If the device is lost or stolen, it makes it more likely that the thief will choose to reset the device rather than attempt to recover the information. |
