Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
144 Cards in this Set
- Front
- Back
|
Which 802.11 standard covers security relating to WPA2? |
802.11i is the standard concerned with the design and implementation of WPA2. |
|
|
Which 802.11 standard specifies a data transmit rate of 11 Mbps? |
802.11b is an early wireless standard and allows for a transmission rate of only 11 Mbps in theory but in practice is around half this speed. |
|
|
How is a cookie best described? |
A cookie is a text file that is placed on a computer system by a web application or page that stores information that can be used to customize a user's experience. The file can be targeted by an attacker to gain information or plant information on a host system. |
|
|
A bot is used in which type of attack? |
A bot (also sometimes called a drone or zombie) is commonly used in the commission of a DDoS attack. During the course of this attack, thousands of these systems may be used to attack a target. |
|
|
What is the LOIC used to perform? |
The Low Orbit Ion Cannon (LOIC) is used to perform DoS or DDoS attacks against a victim system. |
|
|
On a standalone Windows system, where is password and account information stored? |
In the Security Accounts Manager (SAM) |
|
|
What is steganography used to perform? |
It is used to hide information within other information. |
|
|
What is a covert channel? |
A secret facility that enables you to use a system in a way counter to its design. |
|
|
What is an overt channel? |
An overt channel is the use of a system in a manner consistent with its design |
|
|
What weaknesses does a Trojan exploit? |
A Trojan exploits weaknesses in human nature by enticing a victim to open and execute a file using false promises or enticing language. |
|
|
What is a host intrusion detection system (HIDS) used to do? |
The HIDS is used to monitor potential or suspected intrusions on a monitored system. |
|
|
What is a network intrusion detection system (NIDS) used to monitor? |
The NIDS is used to monitor potential breaches or malicious activities on a monitored network. |
|
|
What is a demilitarized zone (DMZ)? |
A demilitarized zone (DMZ) refers metaphorically to a buffer zone between intranet and Internet services. |
|
|
What is a firewall that can operate at all layers of the OSI model? |
Stateful firewall |
|
|
What device can direct traffic based on physical addresses? |
A switch that is a layer 2 device |
|
|
What device operates at layer 3? |
A router |
|
|
Bluetooth goes by which IEEE standard number? |
802.15 |
|
|
What is the name of a directional antenna used in wireless communications? |
Yagi |
|
|
Which port is used by SSL? |
443 |
|
|
Which part of CIA is concerned with the quality of information? |
Integrity. CIA = corporate integrity agreement |
|
|
What type of attack uses a flood of half-open connections to perform a DoS? |
A SYN flood |
|
|
What type of attack uses an unusual combination of TCP flags to cause a DoS? |
A Xmas tree |
|
|
What does the receipt of a RST flag indicate? |
A reset (RST) flag indicates that a port is closed. |
|
|
What tools can be used to determine the open and closed ports on a system? |
Port scanners such as nmap and Superscan can determine the status of ports on a system or groups of systems. |
|
|
What technique can be used to determine whether a whole subnet of hosts is up or down? |
Ping sweeps can be used to determine which hosts are up or down on a given subnet. |
|
|
What is the proper syntax for connecting to a system using a NULL session? |
net use \\host name or IP address\ipc$ "" "/user:" |
|
|
What protocol or service makes a system potentially vulnerable to NULL sessions? |
NetBIOS |
|
|
What is an example of a utility that uses ICMP? |
Ping |
|
|
What tool is used to determine the path of a packet? |
Tracert or Visual Traceroute |
|
|
What Registry key was introduced to lessen the impact of NULL sessions? |
The RestrictAnonymous key was introduced to partially blunt the impact of NULL sessions. |
|
|
What is a black box test? |
A black box test is where little or no information is provided to the testing party. |
|
|
What is a gray box test? |
A gray box test is where limited information is given to the testing party for purposes of evaluation. |
|
|
What is the purpose of a white box test? |
In a white box test, extensive or full information is given to an evaluating party typically in order to test the internal workings of an environment for audit purposes. |
|
|
What does a pen tester need prior to beginning a test? |
Permission from the system owner |
|
|
What is a law pertaining to healthcare information? |
Health Insurance Portability and Accountability Act of 1996 (HIPAA) |
|
|
What is used to manage keys and certificates in a large-scale environment? |
Public key infrastructure (PKI) |
|
|
Which key is restricted to being used by a small or single party? |
The private key is by definition restricted to being used by a single user or small group. |
|
|
What is the commonly used standard for digital certificates? |
X.509 |
|
|
What is PGP? |
Pretty Good Privacy (PGP) is a peer-to-peer encryption system commonly used to exchange secure email. |
|
|
What protocol is used to transfer email from client to server? |
Simple Mail Transfer Protocol (SMTP) is used to transfer email from client to server or from server to server. |
|
|
What email protocol leaves messages on the server and can maintain status information? |
Internet Message Access Protocol, Version�4 |
|
|
From a security standpoint, what is a problem with SMTP? |
The protocol is unencrypted and provides no protection against sniffing or hijacking. |
|
|
Which authentication protocol uses a KDC? |
Kerberos makes use of a key distribution center (KDC). |
|
|
What mechanism uses both AH and ESP modes? |
IPSec, or IP Security, uses both AH and ESP modes to protect information in transit. |
|
|
What is AH mode? |
Authentication Header (AH) mode is used to digitally sign and protect the header of a packet. |
|
|
What is ESP mode? |
Encapsulating Security Payload (ESP) mode protects the contents of a packet in IPsec. |
|
|
What command can be used to view the shares on a Windows system? |
net view or net view ip address> |
|
|
What utility can be used to view active sessions in real time on a Windows system? |
TCPview or netstat -an |
|
|
What is the purpose of a packet crafter? |
Tools such as hping3 are designed to create custom packets to test and evade devices. |
|
|
What is a false positive? |
A report of an attack where one does not exist |
|
|
What is a false negative? |
A false negative is no report of an attack even though one is actually taking place. |
|
|
What is a device used to prevent tailgating? |
Mantrap |
|
|
What mechanism uses email to entice users to provide information they shouldn't? |
Phishing |
|
|
What type of NIDS uses a database of known attacks to compare traffic against? |
A signature-based IDS |
|
|
What is a HIDS? |
A host-based IDS (HIDS) detects intrusions and anomalous behavior on a system. |
|
|
Snort is an example of what kind of IDS? |
Snort is a NIDS for both Linux and Windows. |
|
|
Tripwire is an example of which kind of IDS? |
Tripwire is the oldest HIDS in existence. |
|
|
What task is AirPcap used to perform? |
AirPcap is a hardware dongle used to analyze Wi-Fi data frames with the assistance of a sniffer. |
|
|
If you are using Wireshark by itself, can you analyze 802.11 frames? |
No, not as closely and detailed as you can with AirPcap. |
|
|
What hardware device can be used to create VLANs? |
A switch can be used to create VLANs. |
|
|
How can a keylogger be installed onto a target system? |
Either as a hardware solution or as a piece of software |
|
|
What is a piece of malware that can alter the files and behavior of a system? |
A rootkit is designed to alter the files and behavior of a system at a low level. |
|
|
What technique is typically used to detect changes in files? |
Hashing |
|
|
What technique can be used to hide PDF files within an image? |
Steganography |
|
|
What is a flaw that can allow an attacker to perform a SQL injection through a field on a form? |
Lack of input validation on a form can allow an attacker to attempt a SQL injection. |
|
|
What is a timing attack in SQL injections? |
It is an attack where the time used to respond to a request is observed and used to determine success (also known as a blind SQL injection). |
|
|
What is banner grabbing? |
It is a technique used to extract information from a service to gather information. |
|
|
What is the most common tool used to perform banner grabbing? |
Telnet is the most common tool used to perform banner grabbing. |
|
|
What is blackwidow? |
A tool used to download content from a website for viewing offline |
|
|
Why would you use alerts to monitor a website? |
In order to be notified of changes to web pages and have the results sent to you |
|
|
What is Google hacking? |
A technique where specific keywords are used to customize search results from Google |
|
|
What does the keyword "allinurl" do? |
It allows for the searching of specific words to be present in a URL in Google. |
|
|
What would the search "filetype:pdf" do? |
Return only search results that are PDF files |
|
|
What is ODBC? |
Open Database Connectivity (ODBC) is an API used to connect applications to databases. |
|
|
What is JSP? |
JavaServer Pages (JSP) are dynamically generated web pages. |
|
|
What is the definition of a client-side scripting language? |
A script that is delivered by the server to the client and then processed on the client system |
|
|
What is the definition of a server-side scripting language? |
A script that is processed by the server and the results delivered to the requesting client |
|
|
What is SNMP? |
Simple Network Management Protocol (SNMP) is used to monitor and issue commands to network devices. |
|
|
What ports does SNMP run over by default? |
161 and 162 |
|
|
What is HTTPS? |
This is HTTP running with the SSL technology for encryption and integrity purposes. |
|
|
Which encryption technique is better at processing bulk data? |
The use of symmetric algorithms |
|
|
What is the purpose of a key in encryption? |
To determine the settings of a specific encryption instance |
|
|
What is AES? |
Advanced Encryption Standard (AES) is a symmetric encryption standard. |
|
|
Who are Rivest, Shamir, and Adelman? |
The founders of the RSA Corporation and the creators of the RSA algorithm |
|
|
What is an ad hoc wireless network? |
It is a wireless network that is peer-to-peer and that doesn't use an access point. |
|
|
What technique can be used to take over a connection after two hosts have completed authentication? |
Session hijacking |
|
|
What is TCP? |
Transmission Control Protocol (TCP) is used to ensure delivery and perform flow control in the TCP/IP suite. |
|
|
What is known as a best effort protocol? |
User Datagram Protocol (UDP) is a best effort protocol. |
|
|
What is OSI? |
The Open Systems Interconnection (OSI) model is a standardized model for defining the seven layers of networking services. |
|
|
What is TrueCrypt? |
TrueCrypt is software used to perform drive encryption. |
|
|
What is a TPM? |
A trusted platform module (TPM) is used to hold keys and aid in the encryption process. |
|
|
What is the significance of more bits in an encryption key? |
Keys with more bits are generally stronger because they require more compute time to break. |
|
|
What is a keyspace? |
A keyspace represents the number of potential keys present in a particular encryption algorithm. |
|
|
What technique would be used to detect a change in a file? |
Hashing |
|
|
What is WEP? |
Wired Equivalent Privacy (WEP) is an encryption standard used for Wi-Fi networks. |
|
|
What is Hunt? |
It is a tool used to perform session hijacking. |
|
|
What is a smurf attack? |
It is a DoS attack based on the TCP protocol; it is used to send large volumes of traffic to a victim. |
|
|
What is a fraggle attack? |
It is a DoS attack based on the UDP protocol; it is used to send large volumes of traffic to a victim. |
|
|
What is a land attack? |
It is an attack where the source and destination of a packet are the same. |
|
|
What is an offline password attack that trades performance for speed? |
Rainbow tables |
|
|
What is an attack against passwords that tries every possible combination of characters? |
A brute-force attack |
|
|
What is a dictionary attack? |
This is an attack where words, phrases, or predefined combinations are used from a file during an attack. |
|
|
Does drive encryption prevent theft of data? |
No, it poses a substantial barrier against theft, but theft is not impossible. |
|
|
What does a level 3 firewall do? |
A level 3 firewall filters packets by source and destination IP and protocol. |
|
|
At which layer of the OSI model does a proxy operate? |
Proxies operate at layer 7, the application layer of the OSI model. Proxies are capable of filtering network traffic based on content such as keywords and phrases. Because of this, a proxy digs down further than a packet’s header and reviews the data within the packet as well. |
|
|
If a device is using node MAC addresses to funnel traffic, what layer of the OSI model is this device working in? |
A network device that uses MAC addresses for directing traffic resides on layer 2 of the OSI model. Devices that direct traffic via IP addresses, such as routers, work at layer 3. |
|
|
Which OS holds 90 percent of the desktop market and is one of our largest attack surfaces? |
Windows remains king for sheer volume and presence on desktop and servers. |
|
|
Which port uses SSL to secure web traffic? |
Port 443 is used for HTTPS traffic, which is secured by SSL. |
|
|
What kind of domain resides on a single switchport? |
Each port on a switch represents a collision domain. |
|
|
Which network topology uses a token-based access methodology? |
Token ring networks use a token-based access methodology. Each node connected to the network must wait for possession of the token before it can send traffic via the ring. |
|
|
Hubs operate at what layer of the OSI model? |
Hubs operate at layer 1, the physical layer of the OSI model. Hubs simply forward the data they receive. There is no filtering or directing of traffic; thus they are categorized at layer 1. |
|
|
What is the proper sequence of the TCP three-way-handshake? |
SYN, SYN-ACK, ACK Remember this three-way handshake sequence; you will see it quite a bit in packet captures when sniffing the network. Being able to identify the handshake process allows you to quickly find the beginning of a data transfer. |
|
|
Which of these protocols is a connection-oriented protocol? |
Transmission Control Protocol (TCP) is a connection-oriented protocol that uses the three-way-handshake to confirm a connection is established. FTP and POP3 use connections, but they are not connection-oriented protocols. |
|
|
A scan of a network client shows that port 23 is open; what protocol is this aligned with? |
Port 23 is used for Telnet traffic. |
|
|
What port range is an obscure third-party application most likely to use? |
Ports 49152 to 65535 are known as the dynamic ports and are used by applications that are neither well known nor registered. The dynamic range is essentially reserved for those applications that are not what we would consider mainstream. Although obscure in terms of port usage, repeated showings of the same obscure port during pen testing or assessment may be indicative of something strange going on. |
|
|
Which category of firewall filters is based on packet header data only? |
Packet filtering firewalls inspect solely the packet header information. |
|
|
An administrator has just been notified of irregular network activity; what appliance functions in this manner? |
Intrusion detection systems (IDSs) react to irregular network activity by notifying support staff of the incident; however, unlike IPSs, they do not proactively take steps to prevent further activity from occurring. |
|
|
Which topology has built-in redundancy because of its many client connections? |
A true mesh topology creates a natural amount of redundancy due to the number of connections used to establish connectivity. |
|
|
When scanning a network via a hardline connection to a wired-switch NIC in promiscuous mode, what would be the extent of network traffic you would expect to see? |
Because each switchport is its own collision domain, only nodes that reside on the same switchport will be seen during a scan. |
|
|
What device acts as an intermediary between an internal client and a web resource? |
Proxies act as intermediaries between internal host computers and the outside world. |
|
|
Which technology allows the use of a single public address to support many internal clients while also preventing exposure of internal IP addresses to the outside world? |
Network Address Translation (NAT) is a technology that funnels all internal traffic through a single public connection. NAT is implemented for both cost savings and network security. |
|
|
What network appliance senses irregularities and plays an active role in stopping that irregular activity from continuing? |
Intrusion prevention systems (IPS) play an active role in preventing further suspicious activity after it is detected. |
|
|
You have selected the option in your IDS to notify you via email if it senses any network irregularities. Checking the logs, you notice a few incidents but you didn’t receive any alerts. What protocol needs to be configured on the IDS? |
Simple Mail Transfer Protocol (SMTP) operates on port 25 and is used for outgoing mail traffic. In this scenario, the IDS SMTP configuration needs to be updated. |
|
|
Choosing a protective network appliance, you want a device that will inspect packets at the most granular level possible while providing improved traffic efficiency. What appliance would satisfy these requirements? |
Packet filtering firewalls operate at layer 7 of the OSI model and thus filter traffic at a highly granular level. |
|
|
Symmetric cryptography is also known as _________. |
Symmetric cryptography is also known as shared key cryptography. |
|
|
Which of the following manages digital certificates? |
A certification authority is responsible for issuing and managing digital certificates as well as keys. |
|
|
Asymmetric encryption is also referred to as which of the following? |
Asymmetric encryption uses two separate keys and is referred to as public key cryptography. Symmetric algorithms use only one key that is used by both the sender and receiver. |
|
|
Which of the following best describes hashing?
An algorithm or A cipher or Nonreversible or A cryptosystem |
Hashing is referred to as a cipher or algorithm or even a cryptosystem, but it can be uniquely referred to as a nonreversible mechanism for verifying the integrity of data. Remember that hashing doesn’t enforce confidentiality. |
|
|
A message digest is a product of which kind of algorithm? |
A message digest is a product of a hashing algorithm, which may also be called a message digest function. |
|
|
A public and private key system differs from symmetric because it uses which of the following? |
A public and private key are mathematically related keys, but they are not identical. In symmetric systems only one key is used at a time. |
|
|
A public key is stored on the local computer by its owner in a _________. |
PKI System. A public key is not necessarily stored on the local system, but a private key will always be present if the user is enrolled |
|
|
Symmetric key systems have key distribution problems due to _________. |
The number of keys increases dramatically with more and more parties using symmetric encryption hence it does not scale well. |
|
|
What does hashing preserve in relation to data? |
Integrity |
|
|
Which of the following is a common hashing protocol? MD5 or AES or DES or RSA |
MD5 is the most widely used hashing algorithm, followed very closely by SHA1 and the SHA family of protocols. |
|
|
Which of the following best describes PGP? A: A symmetric algorithm, B: A type of key, C:A way of encrypting data in a reversible method, D: A key escrow system |
PGP is a method of encrypting stored data to include emails, stored data, and other similar information. It is a form of public and private key encryption. |
|
|
SSL is a mechanism for which of the following? A: Securing stored data, B: Securing transmitted data, C: Verifying data, D: Authenticating data |
SSL is used to secure data when it is being transmitted from client to server and back. The system is supported by most clients, including web browsers and email clients. |
|
|
Which system does SSL use to function? A: AES, B: DES, C: 3DES, D: PKI |
PKI is used in the process of making SSL function. While it is true that AES, DES, and 3DES can be used in SSL connections, PKI is the only one used consistently in all situations. |
|
|
In IPSec, encryption and other processes happen at which layer of the OSI model? |
IPSec operates at the Network layer, or layer 3, of the OSI model, unlike many previous techniques. |
|
|
In IPSec, what does Authentication Header (AH) provide? A: Data Security, B: Header Security: C: Authentication Services: D: Encrption |
The Authentication Header provides authentication services to data, meaning that the sender of the data can be authenticated by the receiver of the data. |
|
|
In IPSec, what does Encapsulating Security Payload (ESP) provide? A: Data Security, B: Header Security, C: Authentication Services, D: Encryption |
Data security services are provided by ESP. |
|
|
At what point can SSL be used to protect data? A: On a hard drive, B: On a flash drive. C: On Bluetooth, D: During transmission |
Data can be protected using SSL during transmission. If data is being stored on a hard drive or flash drive, SSL is not effective at proving cryptographic services. |
|
|
Which of the following does IPSec use? A: SSL, B: AES, C: DEs, D: PKI |
PKI is used with IPSec to allow it to function in environments of any size. IPSec is also capable of using Preshared Keys if desired by the system owner. |
|
|
Who first developed SSL? |
Netscape originally developed SSL, but since its introduction the technology has spread to become a standard supported by many clients such as email, web browsers, VPNs, and other systems. |
|
|
IPSec uses which two modes? A: AH/ESP, B: AES/DES, C: EH/ASP, D: AES/ESP |
IPSec uses two modes: Authentication Header (AH) and Encapsulating Security Payload (ESP). Both modes offer protection to data, but do so in different ways. |
