Chapter 4 Tools of the Trade Flashcards

1
Q

What is the command line interface (CLI)?

A

The CLI is a text-based interface that allows users to interact with an operating system or software by typing commands.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the difference between a CLI and a graphical user interface (GUI)?

A

The CLI relies on text-based commands and responses, while the GUI uses visual elements and mouse interactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are some examples of CLI shells in different operating systems?

A

CMD and PowerShell in Windows, and Bash in Linux and macOS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the “ping” command used for?

A

The “ping” command is used to test network connectivity and measure the latency between a source and a destination.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What information does the “ipconfig” (or “ifconfig” in Linux/macOS) command provide?

A

The “ipconfig” command displays network configuration information, including IP address, subnet mask, default gateway, and other network settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How can the “ping” command be helpful in network troubleshooting?

A

It helps verify if a network device is reachable and measures the round-trip time, aiding in diagnosing network connectivity issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the purpose of the “ipconfig” (or “ifconfig”) command in troubleshooting?

A

It provides network configuration details, such as IP address and DNS cache status, which are essential for diagnosing network issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why are the “ping” and “ipconfig” commands valuable for network administrators and security professionals?

A

These commands allow for network connectivity testing, IP configuration verification, and diagnosis of DNS issues, making them fundamental tools in network management and security tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are some examples of command line interfaces (shells) in different operating systems?

A

Examples include the Windows command line (CMD and PowerShell), Linux shells (Bash, etc.), and Python shell.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the benefit of using shells and typing commands at the command line?

A

Shells allow for scripting and automation of repetitive tasks, making it easier to perform various actions or manage systems efficiently.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a reverse shell, and how does it work?

A

A reverse shell occurs when an attacker gains remote access to a victim’s machine by establishing a connection from the victim’s system to the attacker’s system. This is typically done using tools like Netcat (Ncat).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How can reverse shells be used for malicious purposes?

A

Reverse shells enable attackers to gain persistent access to a compromised system, allowing them to execute commands, install backdoors, and potentially exploit vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Are there legitimate uses for shells like PowerShell and Python?

A

Yes, shells like PowerShell and Python can be used for legitimate purposes, such as scripting, automation, and system administration tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are some penetration testing tools that utilize reverse shells?

A

Examples include Metasploit Framework and Cobalt Strike, which are commonly used by ethical hackers to test for vulnerabilities and simulate attacks. These tools often incorporate reverse shell functionality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How can you open the Windows command prompt with administrative privileges?

A

You can open the command prompt and right-click on it to select “Run as administrator” to launch it with administrative privileges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the benefit of creating scripts using batch files in the Windows command prompt?

A

Batch files allow you to automate tasks by combining multiple commands into a script, which can be executed with a single command. This makes it easier to perform repetitive tasks or create custom utilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How can you view and set environment variables in the Windows command prompt?

A

You can use the “set” command to view all currently set environment variables and their values. To set a new environment variable, use the syntax “set variable_name=value”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Can you switch from the Windows command prompt to PowerShell within the command line?

A

Yes, you can start PowerShell from within the command prompt by simply typing “powershell” and pressing Enter. You can exit PowerShell and return to the command prompt by typing “exit”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How can automation be beneficial in managing a network using command line tools?

A

Automation with command line tools allows for efficient management of networks by automating repetitive tasks, creating custom utilities, and simplifying the execution of complex commands or scripts. This saves time and improves overall network management efficiency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Why is Microsoft PowerShell now referred to as just “PowerShell”?

A

PowerShell used to be called “Windows PowerShell” because it was initially designed to run only on Windows. However, it has evolved and can now run on multiple platforms, including macOS and Linux. Hence, it is now called “PowerShell” to reflect its cross-platform capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the main purpose of PowerShell?

A

PowerShell is an object-oriented scripting language designed for host and network administrators. It allows administrators to manage and automate tasks in a more efficient manner by treating command output as objects with properties and methods, enabling greater flexibility and control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

How can administrative privileges be obtained in PowerShell?

A

Depending on the specific task you want to perform, you may need to run PowerShell with administrative privileges. To do so, you can right-click on the PowerShell icon and select “Run as administrator” or use the appropriate command to launch PowerShell with elevated privileges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

How can PowerShell modules be used to manage different platforms?

A

PowerShell modules are libraries of commands that extend PowerShell’s capabilities. They provide additional commands for managing various platforms and technologies. By loading the relevant modules, administrators can access and utilize commands specific to the platforms they are working with, such as VMware or Azure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How can PowerShell scripts be created and executed?

A

PowerShell scripts are saved as text files with a “.ps1” file extension. They can be created using any text editor and contain a series of PowerShell commands. To execute a script, you can either run it from within a PowerShell session by specifying the script’s path or execute it directly from the command line using the “powershell.exe” command followed by the script’s path.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Why are there multiple types of shells in Linux?

A

Different users and administrators have preferences and specific requirements, leading to the availability of multiple shell options.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

How can a Linux shell script be executed?

A

Mark the script as executable using the chmod command and then execute it by invoking its name.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Why is it recommended not to sign in with the root account in Linux?

A

Signing in with the root account poses security risks as it grants full access to the system. It is recommended to use a regular user account and switch to root only when necessary.

28
Q

What is public key authentication in Linux and why is it useful?

A

Public key authentication uses a key pair (public and private) to authenticate to a remote server securely without relying solely on passwords. It eliminates the need to transmit passwords over the network, enhancing security.

29
Q

What are some essential Linux commands for the Security+ exam?

A

Essential Linux commands include ssh, ls, cd, cat, sudo, mount, ifconfig/ip, and ping.

30
Q

What command is used to display the IP configuration in Windows?

A

The command used to display IP configuration in Windows is “ipconfig”.

31
Q

What does the ARP command do in Windows?

A

The ARP command is used for address resolution and mapping IP addresses to MAC addresses.

32
Q

How can you view the routing table in Windows?

A

You can view the routing table in Windows using the “route print” command.

33
Q

What is the purpose of the Traceroute command in Windows?

A

The Traceroute command is used to identify the routers in the path between your device and a target host.

34
Q

What command is used to perform DNS lookups in Windows?

A

The command used to perform DNS lookups in Windows is “nslookup”.

35
Q

How can you view and modify file system permissions in Windows using the command line?

A

File system permissions in Windows can be viewed and modified using the “icacls” command.

36
Q

What does the netstat command show in Windows?

A

The netstat command displays active network connections, listening ports, and network statistics in Windows.

37
Q

What is the purpose of the ICACLS command in Windows?

A

The ICACLS command is used to view and modify file system permissions in Windows through the command line interface.

38
Q

What is icacls command?

A

The ICACLS command in Windows is used to view and modify file and folder permissions. It stands for “Integrity Control Access Control List.” With ICACLS, you can display the current permissions of a file or folder, change permissions for specific users or groups, assign ownership, and more. It provides granular control over access rights and is typically used in command prompt or batch script environments.

39
Q

what command is used to test DNS name resolution?

A

nslookup

40
Q

what does the icacls command do

A

manages NTFS file system permissions

41
Q

Command: cat

A

Description: View the contents of a text file

42
Q

Command: grep

A

Description: Filter text output based on a pattern

43
Q

Command: head

A

Description: Display the first few lines of a file

44
Q

Command: tail

A

Description: Display the last few lines of a file

45
Q

Command: logger

A

Description: Write custom log entries into a log file

46
Q

Command: dig

A

Description: Test DNS name resolution

47
Q

Command: chmod

A

Description: Set filesystem permissions

48
Q

Network Scanners

A

Tools used for network reconnaissance to identify devices and services on a network

49
Q

Rogue Devices

A

Unauthorized devices on a network that can be detected using network scanners

50
Q

Loud Scanners

A

Network scanners that generate significant network traffic and can trigger intrusion detection systems

51
Q

Scanning Hosts and Services

A

Network scanners provide information about IP addresses, MAC addresses, operating systems, and open ports of scanned devices

52
Q

Baseline Network Scans

A

Initial network scans used as a reference to compare against future scans for identifying changes on the network

53
Q

Nmap (Network Mapper)

A

Popular open-source network scanning tool used for discovering hosts and services on a network

54
Q

Zenmap

A

Graphical user interface (GUI) for Nmap that provides a visual representation of scan results

55
Q

what is verbose mode in nmap?

A

Using the -v flag to enable verbose and obtain detailed scan results

56
Q

Zenmap

A

A graphical user interface (GUI) for Nmap that provides a user-friendly way to conduct network scans

57
Q

Centralized Logging

A

The practice of sending log information from various devices and systems to a central log server for easy monitoring, analysis, and incident response

58
Q

Simple Network Management Protocol (SNMP)

A

A protocol used to monitor and manage devices on a network, allowing for the collection of statistics, configuration settings, and triggering of SNMP traps for alerts

59
Q

SNMP Traps

A

Alerts triggered by SNMP agents on devices, indicating events such as bandwidth exceeding thresholds or system errors, which are sent to an SNMP management station for monitoring and response

60
Q

Syslog and Log Forwarding

A

The process of sending log events from devices to a centralized log host using protocols like syslog (UDP Port 514) or other log forwarding mechanisms, enabling comprehensive log analysis and retention

61
Q

Centralized Logging in Linux

A

Configuring syslog-ng (syslog next generation) or similar tools in Linux environments to forward log entries to a central log host for aggregation and analysis

62
Q

Windows Event Forwarding

A

Creating subscriptions in Windows Event Viewer to send log entries from individual Windows hosts to a centralized log host for consolidation and analysis using the Windows Remote Management (WinRM) protocol

63
Q

Security Information and Event Management (SIEM)

A

An enterprise-level solution that aggregates log data from multiple sources, including syslog, Windows Event Logs, and other data sources, to provide real-time analysis, correlation, and visualization of security events

64
Q

SIEM Data Sources

A

Various data sources that feed into a SIEM solution, including logs, alerts from intrusion detection/prevention systems, network packet captures, malware alerts, and more

65
Q

SIEM Workflow

A

The process of ingesting log data, aggregating and analyzing it using AI/ML algorithms, detecting security incidents, generating reports, and providing visual dashboards for security monitoring and incident response

66
Q

Benefits of SIEM

A

Enhanced threat detection and response capabilities, centralized visibility and analysis of security events, trend identification, compliance reporting, and faster incident investigation and resolution