Ch9 Testing Your Infrastructure Flashcards
the ___ is great for scanning Windows systems for vulnerabilities, and making recommendations from the MS knowledge database, but won’t scan a network
Microsoft Baseline Security Analyzer
the network scanner ___ looks up the Nations Vulnerability Database
OpenVAS
the first thing to get before conducting a vulnerability scan on a network is ___
authorization
___ is when someone follows you through a security entrance, evading procedures
tailgating
___ is phishing targeting senior management
whaling
a ___ attack targets a website that is commonly used by a group to access information
watering hole
___ is a popular control panel tool that sends an email notification when there is suspicious activity on a network
cPanel
___ is when someone tries to get you to unknowingly run a script from a trusted website
Cross-Site Scripting (XSS)
___ are XML code placed on a site that shouldn’t be there
XML Injections
a ___ attack causes unsuspecting code to open a command line terminal and run commands
Command Injection
seeing lines of code unexpectedly containing phrases like “SELECT *” or “INNER JOIN” might indicate a ___ attack
SQL Injection
seeing lines of code unexpectedly containing phrases like “cn=” or “ou=” might indicate a ___ attack
LADP Injection
in the ___ attack model, the attacker knows a great deal about the systems and is likely a trusted insider
White Box
in the ___ attack model, the attacker knows nothing about the systems and is an outsider
Black Box
in ___ vulnerability discovery, no packets are sent to the target system
Passive