Chapter 11 Flashcards

Question 1

Q

Which step in the penetration testing life cycle is accomplished using rootkits or Trojan horse programs?

Enumeration
Gain access
Reconnaissance
Maintain access

Answer

A

Maintain Access

Question 2

Q

You have been hired as part of the team that manages an organization’s network defense.

Which security team are you working on?

Red
Blue
White
Purple

Question 3

Q

As part of a special program, you have discovered a vulnerability in an organization’s website and reported it to the organization. Because of the severity, you are paid a good amount of money.

Which type of penetration test are you performing?

Gray box
Bug bounty
Black box
White box

Answer

A

Bug Bounty

Question 4

Q

Which phase or step of a security assessment is a passive activity?

Reconnaissance
Vulnerability mapping
Enumeration
Privilege escalation

Answer

A

Reconnaissance

Question 5

Q

Which of the following activities are typically associated with a penetration test?

Create a performance baseline.

Attempt social engineering.

Run a vulnerability scanner on network servers.

Interview employees to verify that the security policy is being followed.

Answer

A

Attempt social engineering.

Question 6

Q

Which of the following is a very detailed document that defines exactly what is going to be included in the penetration test?

Goals and guidelines
Scope of work
Payment terms
Rules of engagement

Answer

A

Scope of work

Question 7

Q

Which of the following uses hacking techniques to proactively discover internal vulnerabilities?

Reverse engineering
Inbound scanning
Passive reconnaissance
Penetration testing

Answer

A

Penetration testing

Question 8

Q

What is the primary purpose of penetration testing?

Infiltrate a competitor’s network.

Assess the skill level of new IT security staff.

Evaluate newly deployed firewalls.

Test the effectiveness of your security perimeter.

Answer

A

Test the effectiveness of your security perimeter.

Question 9

Q

You have been hired to perform a penetration test for an organization. You are given full knowledge of the network before the test begins.

Which type of penetration test are you performing?

Black box
Bug bounty
Gray box
White box

Answer

A

White Box

Question 10

Q

You have been promoted to team lead of one of the security operations teams.

Which security team are you now a part of?

White
Blue
Purple
Red

Question 11

Q

Which of the following tools can be used to view and modify DNS server information in Linux?

dig
netstat
route
tracert

Question 12

Q

You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use?

OVAL
Port scanner
Network mapper
Ping scanner

Answer

A

Network mapper

Question 13

Q

You need to check network connectivity from your computer to a remote computer.

Which of the following tools would be the BEST option to use?

ping
tracert
route
nmap

Question 14

Q

You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tool should you use?

LC4
Nessus
Wireshark
OVAL

Question 15

Q

You need to enumerate the devices on your network and display the network’s configuration details.

Which of the following utilities should you use?

dnsenum
scanless
nmap
nslookup

Question 16

Q

Gathering as much personally identifiable information (PII) on a target as possible is a goal of which reconnaissance method?

OSINT
Passive
Active
Packet sniffing

Question 17

Q

Which type of reconnaissance is dumpster diving?

OSINT
Packet sniffing
Active
Passive

Question 18

Q

Which passive reconnaissance tool is used to gather information from a variety of public sources?

Packet sniffing
Shodan
theHarvester
scanless

Answer

A

theHarvester

Question 19

Q

Which of the following tools can be used to see if a target has any online IoT devices without proper security?

theHarvester
Packet sniffing
Shodan
scanless

Question 20

Q

The process of walking around an office building with an 802.11 signal detector is known as:

War driving
Driver signing
War dialing
Daemon dialing

Answer

A

War driving

Question 21

Q

You are concerned about protecting your network from network-based attacks on the internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections.

Which type of device should you use?

Anomaly-based IDS
Host-based firewall
Signature-based IDS
Antivirus scanner
Network-based firewall

Answer

A

Anomaly-based IDS

Question 22

Q

Which of the following describes the worst possible action by an IDS?

The system correctly deemed harmless traffic as inoffensive and let it pass.

The system detected a valid attack and the appropriate alarms and notifications were generated.

The system identified harmless traffic as offensive and generated an alarm.

The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.

Answer

A

The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.

Question 23

Q

Which of the following describes a false positive when using an IPS device?

Malicious traffic masquerading as legitimate traffic

The source address identifying a non-existent host

The source address matching the destination address

Legitimate traffic being flagged as malicious

Malicious traffic not being identified

Answer

A

Legitimate traffic being flagged as malicious

Question 24

Q

As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices.

You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks.

Which solution should you implement?

Host-based IDS
Port scanner
Protocol analyzer
Network-based IDS
VPN concentrator

Answer

A

Host-based IDS

Question 25

Q

What is the most common form of host-based IDS that employs signature or pattern-matching detection methods?

Motion detectors
Antivirus software
Firewalls
Honeypots

Answer

A

Antivirus software

Question 26

Q

An active IDS system often performs which of the following actions? (Select two.)

Cannot be detected on the network because it takes no detectable actions.

Updates filters to block suspect traffic.

Requests a second logon test for users performing abnormal activities.

Performs reverse lookups to identify an intruder.

Traps and delays the intruder until the authorities arrive.

Answer

A

Updates filters to block suspect traffic.

Performs reverse lookups to identify an intruder.

Question 27

Q

You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible.

Which tool should you use?

Packet sniffer
IPS
Port scanner
IDS

Question 28

Q

Your organization uses a web server to host an e-commerce site.

Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that analyzes the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them.

What should you do?

Implement an application-aware IPS in front of the web server

Install an anti-malware scanner on the web server

Implement a stateful firewall in front of the web server

Implement an application-aware IDS in front of the web server

Implement a packet-filtering firewall in front of the web server

Answer

A

Implement an application-aware IPS in front of the web server

Question 29

Q

Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database?

Stateful-inspection-based IDS
Signature-based IDS
Heuristics-based IDS
Anomaly-analysis-based IDS

Answer

A

Signature-based IDS

Question 30

Q

What does an IDS that uses signature recognition use to identify attacks?

Comparison of current statistics to past statistics

Exceeding threshold values

Comparisons to known attack patterns

Statistical analysis to find unusual deviations

Answer

A

Comparisons to known attack patterns

Question 31

Q

A security administrator logs onto a Windows server on her organization’s network. Then she runs a vulnerability scan on that server.

Which type of scan was conducted in this scenario?

Non-intrusive scan
Credentialed scan
Intrusive scan
Non-credentialed scan

Answer

A

Credentialed scan

Question 32

Q

In your role as a security analyst, you ran a vulnerability scan, and several vulnerabilities were reported. Upon further inspection, none of the vulnerabilities actually existed.

Which type of result is this?

True positive
False negative
True negative
False positive

Answer

A

False positive

Question 33

Q

A security administrator needs to run a vulnerability scan that analyzes a system from the perspective of a hacker attacking the organization from the outside.

Which type of scan should he or she use?

Network-mapping scan
Non-credentialed scan
Credentialed scan
Port scan

Answer

A

Non-credentialed scan

Question 34

Q

In your role as a security analyst, you need to stay up to date on the latest threats. You are currently reviewing the latest real-time updates on cyberthreats from across the world.

Which of the following resources are you MOST likely using?

Threat hunting
Threat feeds
Intelligence fusion
Advisories and bulletins

Answer

A

Threat feeds

Question 35

Q

You want to be able to identify the services running on a set of servers on your network. Which tool would BEST give you the information you need?

Protocol analyzer
Vulnerability scanner
Network mapper
Port scanner

Answer

A

Vulnerability scanner

Question 36

Q

You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches?

Use a port scanner to check for open ports.

Update the vulnerability scanner definition files.

Run the vulnerability assessment again.

Document your actions.

Answer

A

Run the vulnerability assessment again.

Question 37

Q

Which SIEM component is responsible for gathering all event logs from configured devices and securely sending them to the SIEM system?

SIEM alerts
Collectors
Security automation
Data handling

Answer

A

Collectors

Question 38

Q

Which of the following Security Orchestration, Automation, and Response (SOAR) system automation components is often used to document the processes and procedures that are to be used by a human during a manual intervention?

Orchestration
Playbook
Response
Runbook

Question 39

Q

You want to make sure that a set of servers only accepts traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers do not accept packets sent to those services.

Which tool should you use?

Port scanner
IDS
IPS
Packet sniffer
System logs

Answer

A

Port scanner

Question 40

Q

Which of the following systems is able to respond to low-level security events without human assistance?

SIEM
SOAR
Firewall
IDS

Question 41

Q

You are using a protocol analyzer to capture network traffic. You want to only capture the frames coming from a specific IP address.

Which of the following can you use to simplify this process?

Switch
Display filters
NIC
Capture filters

Answer

A

Capture filters

Question 42

Q

Which of the following processes identifies an operating system based on its response to different types of network traffic?

Social engineering
Firewalking
Port scanning
Fingerprinting

Answer

A

Fingerprinting

Question 43

Q

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to a switch that is connected to the router.

When you run the software, you see frames addressed to the four workstations, but not to the router.

Which feature should you configure on the switch?

Port mirroring
Promiscuous mode
Bonding
Spanning Tree Protocol

Answer

A

Port mirroring

Question 44

Q

You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation.

Which of the following must you configure in order to see all of the network traffic?

Configure the network interface to use promiscuous mode.

Configure the network interface to use port mirroring mode.

Configure the network interface to use protocol analysis mode.

Configure the network interface to enable logging.

Answer

A

Configure the network interface to use promiscuous mode.

Question 45

Q

Which of the following accurately describes what a protocol analyzer is used for? (Select two.)

A device that does NOT allow you to capture, modify, and retransmit frames (to perform an attack).

A passive device that is used to copy frames and allow you to view frame contents.

A device that measures the amount of data that can be transferred through a network or processed by a device.

A device that allows you to capture, modify, and retransmit frames (to perform an attack).

A device that can simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of emails.

Answer

A

A passive device that is used to copy frames and allow you to view frame contents.

A device that does NOT allow you to capture, modify, and retransmit frames (to perform an attack).

Question 46

Q

You want to identify traffic that is generated and sent through a network by a specific application running on a device.

Which tool should you use?

Toner probe
TDR
Certifier
Protocol analyzer
Multimeter

Answer

A

Protocol analyzer

Question 47

Q

You want to know which protocols are being used on your network. You’d like to monitor network traffic and sort traffic by protocol.

Which tool should you use?

Throughput tester
IDS
Packet sniffer
Port scanner
IPS

Answer

A

Packet sniffer

Question 48

Q

You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall.

Which tool should you use?

Packet sniffer
Throughput tester
Event log
System log
Load tester

Answer

A

Packet sniffer

Question 49

Q

Which of the following roles would be MOST likely to use a protocol analyzer to identify frames that might cause errors?

Malicious hacker
Security operations team
Network administrator
Standard user

Answer

A

Security operations team

Question 50

Q

You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use?

Wireshark
Nessus
OVAL
nmap

Answer

A

Wireshark

Question 51

Q

Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on a network?

MAC flooding
Port mirroring
ARP poisoning
MAC spoofing

Answer

A

ARP poisoning

Question 52

Q

Which of the following attacks tries to associate an incorrect MAC address with a known IP address?

Null session
ARP poisoning
Hijacking
MAC flooding

Answer

A

ARP poisoning

Question 53

Q

Which type of denial-of-service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?

DNS poisoning
ARP poisoning
SYN flood
Spam

Answer

A

DNS poisoning

Question 54

Q

While using the internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, the browser displays a completely different website. When you use the IP address of the web server, the correct site is displayed.

Which type of attack has likely occurred?

Man-in-the-middle
Hijacking
DNS poisoning
Spoofing

Answer

A

DNS poisoning

Question 55

Q

An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information.

Which kind of exploit has been used in this scenario?

Man-in-the-middle
Reconnaissance
DNS poisoning
Domain name kiting

Answer

A

DNS poisoning

Question 56

Q

Which of the following describes a man-in-the-middle attack?

A person convinces an employee to reveal his or her login credentials over the phone.

A false server intercepts communications from a client by impersonating the intended server.

An IP packet is constructed that is larger than the valid size.

Malicious code is planted on a system, where it waits for a triggering event before activating.

Answer

A

A false server intercepts communications from a client by impersonating the intended server.

Question 57

Q

Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which type of attack?

Man-in-the-middle attack
DDoS
Spamming
Passive logging

Answer

A

Man-in-the-middle attack

Question 58

Q

Which type of activity changes or falsifies information in order to mislead or re-direct traffic?

Spoofing
Snooping
Spamming
Sniffing

Question 59

Q

A router on the border of your network detects a packet with a source address that is from an internal client, but the packet was received on the internet-facing interface. This is an example of which form of attack?

Spoofing
Sniffing
Spamming
Snooping

Question 60

Q

Which of the following are network-sniffing tools?

WinDump, KFSensor, and Wireshark

Ettercap, Ufasoft snif, and Shark

Cain and Abel, Ettercap, and TCPDump

Ufasoft snif, TCPDump, and Shark

Answer

A

Cain and Abel, Ettercap, and TCPDump

Question 61

Q

You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using?

Brute force attack
Password sniffing
Pass-the-hash attack
Keylogger

Answer

A

Brute force attack

Question 62

Q

A user named Bob Smith has been assigned a new desktop workstation to complete his day-to-day work.

When provisioning Bob’s user account in your organization’s domain, you assigned an account name of BSmith with an initial password of bw2Fs3d.

On first login, Bob is prompted to change his password. He changes it to the name of his dog, Fido.

What should you do to increase the security of Bob’s account? (Select two.)

Do not allow users to change their own passwords.

Require him to use the initial password, which meets the complexity requirements.

Use Group Policy to require strong passwords on user accounts.

Configure user account names that are not easy to guess.

Train users not to use passwords that are easy to guess.

Use a stronger initial password when creating user accounts.

Answer

A

Use Group Policy to require strong passwords on user accounts.

Train users not to use passwords that are easy to guess.

Question 63

Q

In a variation of the brute force attack, an attacker may use a predefined list of common usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?

3DES encryption
VLANs
AES encryption
A strong password policy

Answer

A

A strong password policy

Question 64

Q

You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?

Shoulder surfing
Social engineering
Password guessing
Dumpster diving

Answer

A

Dumpster diving

Answer 51

A

John the Ripper

Answer 52

A

Rainbow table attack

Answer 53

A

Add random bits to the password before hashing takes place

Answer 54

A

Password salting

Answer 55

A

Someone nearby watching you enter your password on your computer and recording it.

Answer 56

A

Social engineering

Brainscape's Knowledge GenomeTM

Chapter 11 Flashcards

Brainscape's Knowledge Genome^TM