Ch9 Testing Your Infrastructure

Question 1

the ___ is great for scanning Windows systems for vulnerabilities, and making recommendations from the MS knowledge database, but won’t scan a network

Answer 1

Microsoft Baseline Security Analyzer

Question 2

the network scanner ___ looks up the Nations Vulnerability Database

Answer 2

OpenVAS

Question 3

the first thing to get before conducting a vulnerability scan on a network is ___

Answer 3

authorization

Question 4

___ is when someone follows you through a security entrance, evading procedures

Answer 4

tailgating

Question 5

___ is phishing targeting senior management

Answer 5

whaling

Question 6

a ___ attack targets a website that is commonly used by a group to access information

Answer 6

watering hole

Question 7

___ is a popular control panel tool that sends an email notification when there is suspicious activity on a network

Answer 7

cPanel

Question 8

___ is when someone tries to get you to unknowingly run a script from a trusted website

Answer 8

Cross-Site Scripting (XSS)

Question 9

___ are XML code placed on a site that shouldn’t be there

Answer 9

XML Injections

Question 10

a ___ attack causes unsuspecting code to open a command line terminal and run commands

Answer 10

Command Injection

Question 11

seeing lines of code unexpectedly containing phrases like “SELECT *” or “INNER JOIN” might indicate a ___ attack

Answer 11

SQL Injection

Question 12

seeing lines of code unexpectedly containing phrases like “cn=” or “ou=” might indicate a ___ attack

Answer 12

LADP Injection

Question 13

in the ___ attack model, the attacker knows a great deal about the systems and is likely a trusted insider

Answer 13

White Box

Question 14

in the ___ attack model, the attacker knows nothing about the systems and is an outsider

Answer 14

Black Box

Question 15

in ___ vulnerability discovery, no packets are sent to the target system

Answer 15

Passive

Question 16

in ___ vulnerability discovery, aggressive scans of the target system are used

Answer 16

Active

Question 17

___, which is included in Kali Linux, is a framework for launching exploitation commands

Answer 17

Metasploit

Question 18

the principle of ___ in vulnerability exploitation may call for repeated attempts over weeks

Answer 18

Persistence

Question 19

___ tend to become vulnerabilities in a system because users forget they exist and don’t apply security patches when called for

Answer 19

Embedded systems

Question 20

When a vendor no longer supports a device, the fix is usually to ___

Answer 20

throw it out and find another device

Question 21

identifying customer information unnecessarily stored on a company network is an example of a vulnerable ___

Answer 21

business process

Question 22

exhausting the RAM in a system through something like an integer overflow can cause the system to ___ if not handled properly

Answer 22

lock up

Question 23

a buffer ___ can cause very unexpected behavior in a system

Answer 23

overflow

Question 24

when systems and devices are added to a network but not documented, this is called ___ and can have potentially disastrous results

Answer 24

system sprawl