Ch9 Testing Your Infrastructure Flashcards

1
Q

the ___ is great for scanning Windows systems for vulnerabilities, and making recommendations from the MS knowledge database, but won’t scan a network

A

Microsoft Baseline Security Analyzer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

the network scanner ___ looks up the Nations Vulnerability Database

A

OpenVAS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

the first thing to get before conducting a vulnerability scan on a network is ___

A

authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

___ is when someone follows you through a security entrance, evading procedures

A

tailgating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

___ is phishing targeting senior management

A

whaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

a ___ attack targets a website that is commonly used by a group to access information

A

watering hole

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

___ is a popular control panel tool that sends an email notification when there is suspicious activity on a network

A

cPanel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

___ is when someone tries to get you to unknowingly run a script from a trusted website

A

Cross-Site Scripting (XSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

___ are XML code placed on a site that shouldn’t be there

A

XML Injections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

a ___ attack causes unsuspecting code to open a command line terminal and run commands

A

Command Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

seeing lines of code unexpectedly containing phrases like “SELECT *” or “INNER JOIN” might indicate a ___ attack

A

SQL Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

seeing lines of code unexpectedly containing phrases like “cn=” or “ou=” might indicate a ___ attack

A

LADP Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

in the ___ attack model, the attacker knows a great deal about the systems and is likely a trusted insider

A

White Box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

in the ___ attack model, the attacker knows nothing about the systems and is an outsider

A

Black Box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

in ___ vulnerability discovery, no packets are sent to the target system

A

Passive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

in ___ vulnerability discovery, aggressive scans of the target system are used

A

Active

17
Q

___, which is included in Kali Linux, is a framework for launching exploitation commands

A

Metasploit

18
Q

the principle of ___ in vulnerability exploitation may call for repeated attempts over weeks

A

Persistence

19
Q

___ tend to become vulnerabilities in a system because users forget they exist and don’t apply security patches when called for

A

Embedded systems

20
Q

When a vendor no longer supports a device, the fix is usually to ___

A

throw it out and find another device

21
Q

identifying customer information unnecessarily stored on a company network is an example of a vulnerable ___

A

business process

22
Q

exhausting the RAM in a system through something like an integer overflow can cause the system to ___ if not handled properly

A

lock up

23
Q

a buffer ___ can cause very unexpected behavior in a system

A

overflow

24
Q

when systems and devices are added to a network but not documented, this is called ___ and can have potentially disastrous results

A

system sprawl