CH 0 - Intro Assessment Flashcards

1
Q

Which header field is used to reassemble fragmented IP packets?

A. Destination address
B. IP identification
C. Don’t fragment bit
D. ToS field

A

B.
IP identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

If you were to see the following in a packet capture, what would you expect was happening?

’ or 1=1;

A. cross-site scripting
B. command injection
C. SQL injection
D. XML external entity injectiion

A

C.
SQL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What method might you use to successfully get malware onto a mobile device?

A. Through the Apple Store or Google Play Store
B. external storage on an Android
C. Third-party app store
D. Jailbreaking

A

C.
Third-party app store

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What protocol is used to take a destination IP address and get a packet to a destination on the local network?

A. DHCP
B. ARP
C. DNS
D. RARP

A

B.
ARP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What would be the result of sending the string AAAAAAAAAAAAAAAAA into a variable that has been allocated space for 8 bytes?

A. Heap spraying
B. SQL injection
C. Buffer overflow
D. Slowloris attack

A

C.
Buffer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

If you were to see the subnet mask 255.255.248.0, what CIDR notation (prefix) would you use to indicate the same thing?

A. /23
B. /22
C. /21
D. /20

A

B.
/22

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the primary difference between a worm and a virus?

A. a worm uses polymorphic code
B. a virus uses polymorphic code
C. a worm can self-propagate
D. a virus can self-propagate

A

C.
A worm can self-propagate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does an evil twin attack work?

A. phishing users for credentials
B. spoofing an SSID
C. changing an SSID
D. injecting 4-way handshakes

A

B.
Spoofing an SSID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What has been done to the following string?

%3Cscript%3Ealert(‘wubble’);%3C/script%3E

A. Base64 encoding
B. URL encoding
C. Encryption
D. Cryptographic hashing

A

B.
URL encoding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What would you get from running the command
dig ns domain.com ?

A. mail exchanger records for domain.com
B. name server records for domain.com
C. caching name server for domain.com
D. IP address for the hostname ns

A

B.
Name server records for domain.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What technique would you ideally use to get all of the hostnames associated with a domain?

A. DNS query
B. Zone copy
C. Zone transfer
D. Recursive request

A

C.
Zone Transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

If you were to notice operating system commands inside a DNS request while looking at a packet capture, what might you be looking at?

A. Tunneling attack
B. DNS amplification
C. DNS recursion
D. XML entity injection

A

A.
Tunneling Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What would be the purpose of running a ping sweep?

A. You want to identify responsive hosts without a port scan
B. You want to use something that is light on network traffic
C. You want to use a protocol that may be allowed through the firewall
D. All of the above

A

D.
All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How many functions are specified by NIST’s cybersecurity framework?

A. 0
B. 3
C. 5
D. 4

A

C.
5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What would be one reason not to write malware in Python?

A. The Python interpreter is slow
B. The Python interpreter may not be available
C. There is inadequate library support
D. Python is a hard language to learn

A

B.
The Python interpreter may not be available

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

If you saw the following command line, what would you be capturing?

tcpdump -i eth2 host 192.168.10.5

A. traffic just from 192.168.10.5
B. traffic to and from 192.168.10.5
C. traffic just to 192.168.10.5
D. all traffic other than from 192.168.10.5

A

B.
Traffic to and from
192.168.10.5

17
Q

What is Diffie-Hellman used for?

A. Key management
B. Key isolation
C. Key exchange
D. Key revocation

A

C.
Key Exchange

18
Q

Which social engineering principle may allow a phony call from the help desk to be effective?

A. Social proof
B. Imitation
C. Scarcity
D. Authority

A

D.
Authority

19
Q

How do you authenticate with SNMPv1?

A. username / password
B. hash
C. public string
D. community string

A

D.
Community String

20
Q

What do we call an ARP response without a corresponding ARP request?

A. Is-at response
B. Who-has ARP
C. Gratuitous ARP
D. IP response

A

C.
Gratuitous ARP

21
Q

What is the process Java programs identify themselves to if they are sharing procedures over the network?

A. RMI registry
B. RMI mapper
C. RMI database
D. RMI process

A

A.
RMI Registry

22
Q

What are the 3 times that are typically stored as part of file metadata?

A. moves, adds, changes
B. modified, accessed, deleted
C. moved, accessed, changed
D. modified, accessed, created

A

D.
Modified,
Accessed,
Created

23
Q

Which of these is a reason to use an exploit against a local vulnerability?

A. Pivoting
B. Log manipulation
C. Privilege escalation
D. Password collection

A

C.
Privilege Escalation

24
Q

What principle is used to demonstrate that a signed message came from the owner of the key that signed it?

A. Nonrepudiation
B. Nonverifiability
C. Integrity
D. Authority

A

A.
Nonrepudiation

25
Q

What is a viable approach to protecting against tailgating?

A. Biometrics
B. Badge access
C. Phone verification
D. Man traps

A

D.
Man traps

26
Q

Why is bluesnarfing potentially more dangerous than bluejacking?

A. Bluejacking sends, while bluesnarfing receives
B. Bluejacking receives, while bluesnarfing sends
C. Bluejacking installs keyloggers
D. Bluesnarfing installs keyloggers

A

B.
Bluejacking receives, while bluesnarfing sends

27
Q

Which of the security triad properties does the Biba Security Model relate to?

A. Confidentiality
B. Integrity
C. Availability
D. All of them

A

B.
Integrity