Allen Test 1

Question 1

What does CIA stand for?

Answer 1

Confidentiality
Integrity
Availability

Question 2

In block chain: When a node finds a proof-of-work, it ________ to all nodes.

Answer 2

broadcasts

Question 3

In block chain: Each node collects new ______ into a block.

Answer 3

transactions

Question 4

In block chain: Nodes create next block in chain, using previous _____

Answer 4

hash

Question 5

In block chain: New transactions are broadcast to all ______.

Answer 5

nodes

Question 6

In block chain: Each node works on finding a difficult proof-of-work for its _____

Answer 6

block

Question 7

What is involved in the Information Security Model

Answer 7

• CIA
• Processing, storage, transmission
• Policy and Procedure, Technology, Education, training and awareness

Question 8

What should only be done with complete permission and co-operation of the organization?

Answer 8

penetration testing

Question 9

________ is the act of evaluating a system to locate weaknesses and vulnerabilities

Answer 9

Hacking

Question 10

What helps organizations and security professionals to preemptively identify and resolve security issues

Answer 10

Hacking

Question 11

A _______ hacker is typically a computer and networking expert who employ the same methods as a malicious hacker in attempts to penetrate computer systems on behalf of their owners

Answer 11

ethical (white hat)

Question 12

A ____________ Hackers is one who uses their skills for unethical reasons and engage in malicious hacking for illegal purposes

Answer 12

Black Hat also known as crackers

Question 13

A __________ hacker will pursue a hack and break the law, but does so in a non-malicious intent.

Answer 13

A grey Hat

Question 14

A _______ _______ is an individual with little to no technical skills.
They simple use download-and-run hacking tools developed by others to perform their attacks and deface systems

Answer 14

Script Kiddie

Question 15

A ______ is someone who hacks with political intentions, similar skills as White/Black hat hackers and use the same tools.The main goal is to increase public attention on a particular political matter

Answer 15

Hacktivist

Question 16

Techniques such as _______ ________ are important tools to find vulnerabilities

Answer 16

reverse engineering

Question 17

What are the three approaches to Hacking?

Answer 17

White box
Black Box Testing
Grey Box

Question 18

In what hacking methodology is certain information about the target system(s) are made available prior to the test.
•the penetration team functions as insiders to get the information about the network and analyze the loop holes in the network

Answer 18

white box model

Question 19

What hacking methodology does an ethical hacker has little to no prior knowledge of the system being attacked.
The goal of this type of attack is to simulate a malicious external or cyber warfare attack

Answer 19

Black box model

Question 20

A _________ ________ utilizes security tools (typically automated) to identify, quantify, and prioritize the vulnerabilities identified in a particular system.

Answer 20

Vulnerability Assessment

Question 21

What are the five phases of hacking?

Answer 21

• Reconnaissance
• Scanning
• Gaining access
• Maintaining access
• Covering tracks

Question 22

_______ ___________ involves probing or directly interacting with the network to discover individual hosts, IP addresses, and services on the network

Answer 22

Active reconnaissance

Question 23

What phase of hacking are hackers are trying to identify any further information, vulnerability or possible attack vector that can be used to assist to gain assess of a target
•port scanners, network mappers and vulnerability scanners.

Answer 23

Scanning

Question 24

What phase of hacking utilizes vulnerabilities that were discovered are now exploited to gain some level of control over the target.

Answer 24

gaining access

Question 25

In what phase of hacking do hackers want to ensure they retain their current access as well making it possible to come back to that machine for future exploitation and attacks?

Answer 25

Maintaining access

Question 26

What are some good methods to gain and retain access to a network?

Answer 26

hackers use backdoors, rootkits, and Trojans

Question 27

In what phase of hacking do you avoid detection by security personnel, continue using owned system, or to avoid being caught and legal action.
•Hackers must delete information from log files, deleting or hiding modified files and using other activities to try to blend in with regular user activities

Answer 27

Covering tracks

Question 28

When hacking to securely manage information related to the engagement on the network, what should be used?

Answer 28

a secure file repository, face-to-face meetings phone calls, conferences and file encryption

Question 29

The scope of a project specifically defines what is to be tested of a _____ ________.

Answer 29

penetration test

Question 30

Defining the ______ helps the Pen Tester understands what is driving the project this will assist them in determine the goals, objectives and best course of action to take

Answer 30

Defining the scope

Question 31

Whats outlines the particulars of who, what, where, why, when and the how of the Penetration Test?
This includes:
•specific dates and times of each phase
•blackout periods when the organization does not want testing to be done
•Locations being tested and when also define what type of testing is off limits.

Answer 31

“Rules of Engagement”

Question 32

What are some feature of NMAP?

Answer 32

• Create a complete computer network map
• Find remote IP of any hosts.
• Get the OS system and software details.
• Detect open ports on local and remote systems.
• Audit server security standards.
• Find vulnerabilities - remote and local hosts

Question 33

With a basic Nmap Scan you can scan against?

Answer 33

Basic Nmap Scan against IP, host, or ports

Question 34

Nmap allows us to launch ______ attacks against our network testings

Answer 34

DOS

Question 35

Using _______ can detect malware infections on remote hos

Answer 35

Nmap

Question 36

What are passive vulnerabilities and exploits?

Answer 36

• Shoulder Surfing
• Release/selling of message content
• Traffic analysis
• Data capturing

Question 37

What are Active vulnerabilities and exploits?

Answer 37

• Unauthorized login
• Wiretaps
• Denial of services
• Masquerading
• Message modifications

Question 38

What are different ways of gaining unauthorized access to a network?

Answer 38

• ARP attack
• Brute force attack
• Denial-of-service attack
• Worms/viruses/Trojan horse
• Flooding
• Sniffing
• Redirected attacks
• Social Engineering

Question 39

How can you mitigate breaches using risk management?

Answer 39

Process of establishing an acceptable level of risk for the organization by:
•Risk Analysis
•Determine likelihood that the vulnerability will risk the organization
•Seek out Threats
•Potential danger to information or data
•Assess Vulnerability
•Weakness in the system, technology, product and/or policy
•Implement Countermeasures
•Mitigate potential risk
•Risk can be mitigated, but cannot be eliminated

Question 40

What are beneficial counter measures to implement to ensure networks security?

Answer 40

• NAT
• IDS/IPS
• Firewalls
• AAA(Using encryption)
• Proxy Services
• Training and awareness
• Policies, procedures and standards

Question 41

Professional/individual must understand all aspects of computing _________ in order mitigate attacks and threats.

Answer 41

infrastructure

Question 42

Where does passive reconnaissance acquire their information?

Answer 42

searches public record, internet searches, online tools

Question 43

Does passive reconnaissance interact with the target?

Answer 43

no it does not home boy

Question 44

Once the system is owned it can be used as a base to launch _______ or as a pivot point to dig deeper into the _______.

Answer 44

attack, network

Question 45

In what phase of hacking does the real hacking begins, but this is also where the danger is

Answer 45

Gaining access

Question 46

Which of the three tools is used for Network packet generating?
n diff
n ping
n cat

Answer 46

n ping

Question 47

Which of the three tools is used to compare results of nmap scan?
n diff
n ping
n cat

Answer 47

n diff

Question 48

Which of the three tools is used concatenating and redirecting sockets?
n diff
n ping
n cat

Answer 48

n cat

Question 49

In nmap using a predefined set of scripts or by writing your own for vulnerabilty detection is called?

Answer 49

Nmap script engine (NSE)

Question 50

In hacking what servers can you exectue a brute force attack?

Answer 50

MS SQL, FTP, or Word press