Chapter 12 Testing Infrastructure Flashcards

1
Q

What are the three areas where vulnerabilities can be found in IT infrastructure?

A

The three areas where vulnerabilities can be found in IT infrastructure are:

Hardware: Vulnerabilities related to the components and devices used in the infrastructure, such as CPUs, routers, switches, cameras, etc.

Configuration: Weak configurations or misconfigurations in the infrastructure’s settings and parameters, which can leave it vulnerable to attacks or unauthorized access.

Management: Vulnerabilities arising from weaknesses in the management practices of the infrastructure, including insufficient user training, poor security awareness, and inadequate policies and controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is social engineering?

A

Social engineering is a technique used by attackers to manipulate and deceive people in order to gain unauthorized access to information or systems. It involves exploiting human psychology, trust, and helpfulness to trick individuals into revealing sensitive information, performing certain actions, or bypassing security measures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is adversarial artificial intelligence?

A

Adversarial artificial intelligence refers to the use of AI by malicious actors to launch attacks or exploit vulnerabilities. It involves leveraging AI techniques and algorithms to develop and deploy sophisticated and automated attack methods, making it challenging for traditional security measures to detect and mitigate them effectively.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a vulnerability assessment?

A

A vulnerability assessment is a systematic process of identifying and assessing vulnerabilities in an IT infrastructure. It involves using tools and techniques to scan and analyze the infrastructure for potential weaknesses, misconfigurations, or security flaws. The purpose of a vulnerability assessment is to discover and prioritize vulnerabilities so that appropriate measures can be taken to mitigate them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a penetration test (pen test)?

A

A penetration test, also known as a pen test, is a controlled and simulated attack on an IT infrastructure to identify and exploit vulnerabilities. It involves authorized security professionals, known as penetration testers, attempting to breach the system’s defenses to uncover weaknesses and provide recommendations for improvement. Pen tests are conducted from an external perspective (external pen test) or an internal perspective (internal pen test) to evaluate the security posture of an organization’s infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is social engineering?

A

Social engineering is a deceptive technique used by attackers to manipulate and trick individuals into divulging sensitive information or performing actions that can compromise security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How does social engineering work?

A

Social engineering works by exploiting human psychology, trust, and familiarity to create believable stories or pretexts that deceive victims into disclosing sensitive information or taking certain actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are some examples of social engineering attacks?

A

Examples of social engineering attacks include phishing emails, phone calls from impersonators, in-person interactions with deceptive individuals, and physical methods like dumpster diving or shoulder surfing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What factors contribute to the success of social engineering attacks?

A

The success of social engineering attacks relies on factors such as the presence of a believable pretext, trust in authority figures or organizations, and the use of blackmail or extortion tactics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How can organizations protect themselves against social engineering attacks?

A

Organizations can protect themselves against social engineering attacks by implementing security awareness training programs, establishing strict policies and procedures, conducting regular vulnerability assessments and penetration tests, and promoting a culture of skepticism and vigilance among employees.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is dumpster diving?

A

Dumpster diving is a physical form of social engineering where attackers search through discarded trash or documents to gather information about an organization for reconnaissance purposes or to exploit vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is shoulder surfing?

A

Shoulder surfing is a physical social engineering technique where attackers observe sensitive information by looking over someone’s shoulder, typically in public places or work environments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is tailgating?

A

Tailgating is a physical social engineering technique where attackers gain unauthorized access to secure areas by closely following behind authorized individuals without proper authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Who is Kevin Mitnick, and what services does he offer?

A

Kevin Mitnick is a renowned hacker turned security consultant. He offers various security consulting services, including social engineering testing, penetration testing, and vulnerability assessments to assess and improve organizations’ security posture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why is security awareness important in defending against social engineering attacks?

A

Security awareness is important because it helps individuals recognize and respond to social engineering attacks. By educating employees about the tactics used in social engineering and promoting a culture of skepticism, organizations can significantly reduce the success rate of such attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is website redirection in the context of social engineering?

A

Website redirection is a technique used by malicious actors to redirect users to a fake or malicious website that resembles a legitimate one. This is done to trick users into divulging sensitive information or performing actions that compromise security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How can attackers perform website redirection?

A

Attackers can perform website redirection by compromising DNS servers and altering the DNS records to point to a malicious website. They can also infect users’ machines with malware that redirects them when they click on certain links or ads.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a watering hole attack?

A

A watering hole attack is a social engineering attack where attackers target a website or application that is frequently visited by a specific group of users. They exploit vulnerabilities in the site to inject malicious code, which is then executed when users visit the compromised site, leading to potential compromises of their systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is adversarial artificial intelligence (AI)?

A

Adversarial artificial intelligence refers to the use of AI techniques by attackers to exploit vulnerabilities and launch malicious activities. It involves training AI models to carry out attacks or manipulate data to deceive systems that rely on AI algorithms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is spam in the context of social engineering?

A

Spam refers to unsolicited email messages that are sent to users’ mailboxes. These messages are often used to promote products or services, collect information, or deliver malicious payloads, such as malware or phishing attempts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is phishing?

A

Phishing is a social engineering technique where attackers send deceptive messages, usually via email, in an attempt to trick recipients into divulging sensitive information, such as usernames, passwords, or financial details. Phishing can also occur through other communication channels, like phone calls or text messages.

22
Q

What are some variations of phishing attacks?

A

Variations of phishing attacks include vishing (phishing over the phone), spear phishing (targeted phishing campaigns), whaling (phishing attacks targeting high-ranking individuals), and smishing (phishing via SMS text messaging).

23
Q

How can users protect themselves against phishing attacks?

A

Users can protect themselves against phishing attacks by being cautious of unsolicited messages, verifying the authenticity of websites and email senders, avoiding clicking on suspicious links or downloading attachments from unknown sources, and regularly updating and using reliable security software.q

24
Q

What is the purpose of user awareness and training in combating social engineering attacks?

A

User awareness and training are crucial in combating social engineering attacks as they educate individuals about the tactics used by attackers and teach them how to recognize and respond appropriately to suspicious messages or interactions. It helps create a culture of security vigilance and empowers users to protect themselves and their organizations.

25
Q

What is the purpose of scanning for vulnerabilities in the context of security testing?

A

Scanning for vulnerabilities involves checking systems and networks for potential security weaknesses or vulnerabilities that could be exploited by attackers. It helps identify any outdated software, misconfigurations, or other vulnerabilities that need to be addressed to improve the security posture of the target.

26
Q

What is the difference between vulnerability scanning and penetration testing?

A

Vulnerability scanning is a passive approach that focuses on identifying vulnerabilities and weaknesses without actively exploiting them. It provides a comprehensive assessment of the security posture but does not simulate real attacks. On the other hand, penetration testing is an active approach that attempts to exploit vulnerabilities to assess the effectiveness of security controls and identify potential avenues of attack.

27
Q

Why is it important to update the vulnerability scanning database?

A

The vulnerability scanning tool relies on a database of known vulnerabilities to identify security issues. Keeping the database up to date ensures that the tool can detect the latest vulnerabilities and provide accurate results. Updating the database reduces the risk of false negatives, where vulnerabilities go undetected due to outdated information.

28
Q

What are some common vulnerability scanning tools?

A

Some common vulnerability scanning tools include Nessus, OpenVAS, and GFI Vanguard. These tools have built-in vulnerability databases and provide comprehensive scanning capabilities to identify potential security vulnerabilities in systems and networks.

29
Q

What is a credential scan in vulnerability scanning?

A

A credential scan in vulnerability scanning involves providing the scanning tool with appropriate credentials (e.g., usernames and passwords) to authenticate and access devices on the network. This allows for a more thorough assessment of security by accessing internal system details. Credential scans can provide deeper insights into vulnerabilities and misconfigurations that may not be visible in uncredentialed scans.

30
Q

Why should both credential and non-credential scans be conducted in vulnerability scanning?

A

Conducting both credential and non-credential scans provides a comprehensive view of the network’s security posture. Credential scans allow for a more in-depth assessment, simulating what an attacker with insider access might find. Non-credential scans simulate external attacks and help identify vulnerabilities visible to an external attacker. Both types of scans provide valuable information for remediation efforts.

31
Q

How can vulnerability scanning help reduce security risks?

A

Vulnerability scanning helps organizations identify and prioritize security vulnerabilities, allowing them to take proactive measures to mitigate risks. By identifying weaknesses in systems and networks, organizations can patch vulnerabilities, update software, and implement security controls to strengthen their overall security posture.

32
Q

What are false negatives in vulnerability scanning?

A

: False negatives in vulnerability scanning refer to situations where the scanning tool fails to detect actual vulnerabilities, leading to a false sense of security. This can occur if the scanning tool’s database is outdated or if certain vulnerabilities are not properly identified during the scan. Regularly updating the vulnerability database and employing comprehensive scanning techniques can help reduce the occurrence of false negatives.

33
Q

How can vulnerability scanning support compliance requirements?

A

Vulnerability scanning is often required by compliance regulations to ensure the security of systems and networks. By conducting vulnerability scans and addressing identified vulnerabilities, organizations can demonstrate their commitment to maintaining a secure environment and meeting compliance requirements. Vulnerability scanning reports can be used as evidence of compliance during audits.

34
Q

What is the difference between vulnerability scanning and penetration testing?

A

Vulnerability scanning focuses on identifying vulnerabilities without exploiting them, while penetration testing actively exploits vulnerabilities to assess security controls and potential attack vectors.

35
Q

What is the purpose of a nondisclosure agreement (NDA) in penetration testing?

A

A nondisclosure agreement ensures the confidentiality of sensitive information discovered during penetration testing engagements, preventing its unauthorized disclosure.

36
Q

What are bug bounty programs in the context of penetration testing?

A

Bug bounty programs reward security researchers for responsibly disclosing vulnerabilities in software or systems, providing an incentive for vulnerability assessment and reporting.

37
Q

What do red team, blue team, and white team represent in penetration testing?

A

The red team represents attackers, the blue team represents defenders, and the white team manages and facilitates communication between them in penetration testing engagements.

38
Q

What are the steps involved in a penetration testing process?

A

The steps in a penetration testing process include rules of engagement, discovery and enumeration, vulnerability identification, exploitation, privilege escalation, persistence and lateral movement, cleanup, and reporting with recommendations.

39
Q

What is the purpose of generating reports and providing recommendations in penetration testing?

A

Generating reports and providing recommendations after penetration testing helps clients understand vulnerabilities, risks, and remediation steps to improve their security posture.

40
Q

What is the purpose of reconnaissance in security testing?

A

Reconnaissance is the initial phase of information gathering to identify potential targets and gather information about their vulnerabilities and weaknesses.

41
Q

What are some tools used for reconnaissance and information gathering?

A

Tools like Nmap, MDM tools, and network inventory tools can be used for reconnaissance to discover and inventory devices and services on a network.

42
Q

What is the difference between vulnerability scanning and penetration testing?

A

Vulnerability scanning focuses on identifying vulnerabilities, while penetration testing involves actively exploiting vulnerabilities to assess security controls.

43
Q

What is the purpose of using tools like Wireshark and tcpdump in security testing?

A

Tools like Wireshark and tcpdump are used to capture and analyze network traffic, allowing security testers to examine packets and identify potential vulnerabilities or anomalies.

44
Q

What is the role of spoofing tools like Ping3 in security testing?

A

Spoofing tools like Ping3 can be used to create and send forged network packets, helping security testers assess the effectiveness of network security controls and detect potential vulnerabilities.

45
Q

Why is it important to understand and interpret the results generated by security testing tools?

A

Interpreting the results of security testing tools helps testers identify vulnerabilities, understand their impact, and make informed recommendations for improving security measures.

46
Q

What is the Metasploit Framework used for in security testing?`

A

The Metasploit Framework is a common penetration testing tool used to exploit discovered vulnerabilities and assess the effectiveness of security controls.

47
Q

: Is the Metasploit Framework platform-specific?

A

No, the Metasploit Framework is cross-platform and can run on both Linux and Windows systems.

48
Q

How can the Metasploit Framework be used to issue a denial-of-service attack?

A

By searching for and selecting a denial-of-service (DoS) exploit within the Metasploit Framework console, setting the target IP address, and executing the exploit, it is possible to launch a DoS attack against a specific website or application.

49
Q

What precautions should be taken when using the Metasploit Framework for security testing?

A

The Metasploit Framework should only be used in controlled and authorized environments, such as during penetration testing engagements or when testing against one’s own systems. It is important to ensure that the framework and its exploit database are kept up to date to effectively target the latest vulnerabilities.

50
Q

Do you need to know the specific command syntax for using the Metasploit Framework for the Security+ exam?

A

No, you do not need to know the specific command syntax. However, it is important to understand the purpose and capabilities of the framework, including its use in exploiting vulnerabilities, to select the appropriate tool for a given security testing scenario.