101 a 200 Flashcards
On performing a risk assessment, you need to determine the potential impacts when some of the critical business process of the company interrupt its service. What is the name of the process by which you can determine those critical business?
Business Impact Analysis (BIA)
Assume a business-crucial web-site of some company that is used to sell handsets to the customers worldwide. All the developed components are reviewed by the security team on a monthly basis. In order to drive business further, the web-site developers decided to add some 3rd party marketing tools on it. The tools are written in JavaScript and can track the customer’s activity on the site. These tools are located on the servers of the marketing company. What is the main security risk associated with this scenario?
External script contents could be maliciously modified without the security team knowledge
What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?
Grey-box
Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends “many” IP packets, based on the average number of packets sent by all origins and using some thresholds. In concept, the solution developed by Bob is actually:
Just a network monitoring tool
Which of the following is a low-tech way of gaining unauthorized access to systems?
Social engineering
When tuning security alerts, what is the best approach?
Tune to avoid false positives and false negatives
In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account’s confidential files and information. How can he achieve this?
Privilege escalation
Which regulation defines security and privacy controls for Federal information systems and organizations?
NIST-800-53
Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking. What should you do?
Inmediately stop work and contact the proper legal authorities
You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?
Internet Firewall/proxy log
Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?
123
It has been reported to you that someone has caused an information spillage on their computer. You go to the computer, disconnect it from the network, remove the keyboard and mouse, and power it down. What step in incident handling did you just complete?
Containment
Which of the following cryptography attack is an understatement for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by a coercion or torture?
Rubber Hose Attack
In cryptanalysis and computer security, ‘pass the hash’ is a hacking technique that allows an attacker to authenticate to a remote server/service by using the underlying NTLM and/or LanMan hash of a user’s password, instead of requiring the associated plaintext password as is normally the case. Metasploit Framework has a module for this technique: psexec. The psexec module is often used by penetration testers to obtain access to a given system whose credentials are known. It was written by sysinternals and has been integrated within the framework. The penetration testers successfully gain access to a system through some exploit, use meterpreter to grab the passwords or other methods like fgdump, pwdump, or cachedump and then utilize rainbowtables to crack those hash values. Which of the following is true hash type and sort order that is used in the psexec module’s ‘smbpass’ option?
LM:NT
You are looking for SQL injection vulnerability by sending a special character to web applications. Which of the following is the most useful for quick validation?
Single quotation
A virus that attempts to install itself inside the file it is infecting is called?
Cavity virus
Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations. Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA. In this context, what can you say?
Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations
Sam is working as a pen-tester in an organization in Houston. He performs penetration testing on IDS in order to find the different ways an attacker uses to evade the IDS. Sam sends a large amount of packets to the target IDS that generates alerts, which enable Sam to hide the real traffic. What type of method is Sam using to evade IDS?
False positive generation
Cross-site request forgery involves:
A browser making a request to a server without the user’s knowledge
Ping -* 6 192.168.0.101
output
Pinging 192.168.0.101 with 32 bytes of data:
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.0.101:
Packets: Sent=6, Received=6; Lost=0 (0% loss), Approximate round trip times in milli-seconds: Minimum=0ms, Maximum=0ms, Average=0ms
What does the option * indicate?
n
An Internet Service Provider (ISP) has a need to authenticate users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network. Which AAA protocol is the most likely able to handle this requirement?
RADIUS
What network security concept requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities? What kind of Web application vulnerability likely exists in their software?
Defense in depth
During the process of encryption and decryption, what keys are shared?
Public keys
How does the Address Resolution Protocol (ARP) work?
It sends a request packet to all the network elements, asking for the MAC address from a specific IP
Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?
ESP transport mode
What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?
Grey-box
A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server. Based on this information, what should be one of your key recommendations to the bank?
Place a front-end web server in a demilitarized zone that only handles external web traffic
You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?
hping2 -1 host.domain.com
If executives are found liable for not properly protecting their company’s assets and information systems, what type of law would apply in this situation?
Civil
The company ABC recently contract a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What is the following options can be useful to ensure the integrity of the data?
The CFO can use a hash algorithm in the document once he approved the financial statements
What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall?
Firewalking
What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?
Active
Firewalk has just completed the second phase (the scanning phase) and a technician receives the output
shown below. What conclusions can be drown based on these scan results?
TCP port 21 – no response
TCP port 22 – no response
TCP port 23 – Time-to-live exceeded
The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall
A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted. Which cryptography attack is the student attempting?
Dictionary-attack
A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering that NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8
The host is likely a printer
Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com”. Which statement below is true?
This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees
When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?
The amount of time it takes to be either accepted or rejected from when an individual provides identification and authentication information
An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim’s profile to a text file and then submit the data to the attacker’s database.
What is this type of attack (that can use either HTTP GET or HTTP POST) called?
Cross-site Request Forgery
An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?
He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer
Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems?
Single sign-on