Chap 1 Sybex Flashcards

1
Q

Authorized legal attempts to defeat an organization’s security controls and perform unauthorized activities

A

Pen test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

CIA triad

A

Confidentiality: seek to prevent unauthorized access to info or systems
Integrity: prevent unauthorized modification of info or systems
Availability: seek to ensure that legitimate use of info and systems remains possible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

DAD triad

A

Disclosure: attacks seeks to gain unauthorized access to info or systems
Alternation: seek to make unauthorized changes to info or systems
Denial: attacks seek to prevent legitimate use of info and systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Using hacking tools and techniques in a code of ethics

A

Ethical hacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When to pentest you must adopt the ____ ____

A

Hacker mindset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Benefits of pen testing

A

-provides knowledge that you can’t obtain elsewhere
-blueprint for remediation
-essential, focused information about specific targets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Uses the attacker mindset to search the organization’s tech infrastructure for the artifacts of a successful attack on “presumption of compromise”

A

Threat hunter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Incident response plan (NIST)

A

-preparation
-detection and analysis
-containment and eradication and recovery
-post incident activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

4 pen test requirements of PCI DSS

A

-perform external pen test at least annually and after any significant infrastructure or application upgrade or modifications

-perform internal penetration testing at least annually and after any significant infrastructure or application upgrade or modification

-exploitable vulnerabilities found during pen test are corrected and testing is repeated

-if segmentation is used to isolate CDE (cardholder data environment) from other networks, perform pen test at least annually and after any changes to segmentation controls/methods to verify segmentation methods are operational and effective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

2 pros and 2 cons of using internal pen test team

A

Pros:
-they have contextual knowledge of the organization that can improve effectiveness of testing by providing enhanced subject matter expertise
-less expensive

Cons:
-using internal employees who designed and implement security controls. Can create bias
-more difficult for them to detect flaws

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Tests conducted by ____ team or to tests conducted from ____ network perspective

A

Both are Internal or external

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

If possible, pen test meme era should be separate from cybersecurity team that designs and operates controls

A

Separation of duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

3 reasons to do pen testing on periodic basis

A

-tech environment changes
-attack techniques evolve and updated tests should reflect changing attack techniques
-each team member brings unique set of skills, and talents. Can discover different vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

CompTIA pen test stages

A

Planning and scoping
Information gathering and vulnerability scanning
Attacking and exploiting
Reporting and communication results

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What stage of pen test:
Outline clear rules of engagement, decide what systems, data, processes and activities are within the authorized scope of the test

A

Planning and scoping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What stage of pentest:
Gather information about target, vulnerability scans

A

Information gathering and vulnerability scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What stage of pentest:
Exploit vulnerabilities

A

Attacks and exploits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Phase of pentest:
Actionable recommendations

A

Reporting and communication

19
Q

Cyber kill chain by Lookheed Martin (7 items)

A

-reconnaissance
-weaponization
-delivery
-exploitation
-installation
-command and control (C2C)
-actions on objectives

20
Q

What stage is this in the cyber kill chain:
Information gathering (OSINT) and vulnerability scanning

A

Reconnaissance

21
Q

What stage of the kill chain is this:
Attackers develop specific tool to exploit vulnerabilities

A

Weaponization

22
Q

What stage of the kill chain is this:
Could be exploiting a network or application vulnerability, conducting a social engineering attack, distributing malware on a USB or sending an email

23
Q

What stage of the kill chain is this:
Attacker or victim takes some action that triggers the malware payload

A

Exploitation

24
Q

What stage of the kill chain is this:
The attacker uses the initial access provided by the malware to establish permanent or persistent access to the target system. Example: back door

A

Installation

25
What stage of the kill chain is this: Attacker can use a remote shell or other means to remotely control the compromised system
Command and control (C2C)
26
What stage of the kill chain is this: Theft of sensitive info, the unauthorized use of computing resources to engage in DoS attacks or to mine cryptocurrency or the unauthorized modification or deletion of information
Actions on objectives
27
What type of tools are these: WHOIS Nslookup TheHarvester Recon-ng Censys FOCA (fingerprinting organizations with collected archives) Shodan Maltego
Reconnaissance
28
What type of tools are these: Nessus OpenVAS Sqlmap Nikto, Wapiti, W3AF Security content automation protocol (SCAP)
Vulnerability scanners
29
What type of tools are these: SET (____ ____ toolkit) BeEF (browser exploration framework)
Social engineering
30
What type of tools are these: Hashcat, John the Ripper, Hydra, Medusa, Patator, Cain CeWL Mimikatz DirBuster
Credential testing tools
31
What type of tools: Immunity debugger GDB OllyDbg WinDbg IDA Brakeman Covenant TruffleHog
Debuggers and software testing tools
32
What type of tools: Wireshark Hping Aircrack-ng, WiFite, mdk4, Fern, and Kismet Rogue wireless access points EAPHammer Reaver Spooftooph WiGLE (wireless geographic logging engine) Online SSL checkers
Network testing
33
What type of tools: SSH Ncat and Netcat Proxychains
Remote access
34
What type of tools: Metasploit SearchSploit PowerSploit and Empire Responder Impacket Mitm6 CrackMapExec
Exploitation
35
What type of tools are these: Open Steg and Steghide Coagula and Sonic Visualiser Snow TinEye Metagoofil
Steganography
36
What type of tool: ScoutSuite CloudBrute Pacu Cloud Custodian
Cloud tools
37
This tool gathers information from public records about domain ownership What type of tool?
WHOIS Reconnaissance
38
This tool helps identify the IP addresses associated with an organization What type of tool?
Nslookup Reconnaissance
39
Scours search engines and other resources to find email addresses, employee names, and infrastructure details about an org What type of tool?
TheHarvester Recon.
40
Modular web reconnaissance framework that organizes and manages OSINT work
Recon-ng
41
Web based tool that probe IP addresses across the internet and then provides pen testers with info through a search engine What type of tool?
Censys Recon.
42
OSINT tool used to find metadata within Office documents, PDFs and other common file formats
FOCA (fingerprint organizations with collected archives)
43
Specialized search engine to provide discovery of vulnerable internet of things devices from public sources
Shodan Recon.
44
Commercial product that assists with the visualization of data gathered from OSINT
Maltego