Chapter 5 Tools of the trade Flashcards

1
Q

What is a GUI in the context of operating systems?

A

A GUI, or graphical user interface, allows users to interact with the system through graphical elements like windows, icons, and buttons.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why might one need to use the command line interface (CLI) instead of a GUI?

A

The CLI allows for more advanced and detailed control over the system, which may be necessary for certain tasks that GUIs cannot handle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is CMD in Windows?

A

CMD, or Command Prompt, is the classic command shell in Windows for executing commands and running scripts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is PowerShell and how is it different from CMD?

A

PowerShell is a more advanced shell in Windows that allows for more complex commands and scripting compared to CMD.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a shell in the context of operating systems?

A

A shell is a user interface for accessing an operating system’s services, typically through a command-line interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a bash shell?

A

The bash shell is a Unix shell and command language that is the default shell on many Linux distributions and macOS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is SSH used for?

A

SSH, or Secure Shell, is used to securely connect to a remote system’s shell over a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does the ping command help in network diagnostics?

A

Ping checks the connectivity to another system by sending packets and measuring the response time, verifying that the systems are physically connected and can communicate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the purpose of the ping -t command in Windows?

A

The ping -t command sends continuous ping requests to a specified address until stopped, unlike the default four pings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does the ipconfig command do in Windows?

A

ipconfig displays network configuration details such as IP addresses, subnet masks, and default gateways for all network adapters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What additional information does ipconfig /all provide?

A

ipconfig /all provides detailed network information, including the physical (MAC) address and DHCP details.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the difference between ipconfig and ifconfig?

A

ipconfig is used in Windows, while ifconfig is used in Unix-based systems like Linux and macOS to configure and display network interface parameters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How do you release and renew a DHCP lease using ipconfig?

A

Use ipconfig /release to release the current DHCP lease and ipconfig /renew to request a new lease.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does the ipconfig /flushdns command do?

A

ipconfig /flushdns clears the DNS resolver cache, which can help resolve DNS-related issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why is ping considered a fundamental networking tool?

A

Ping is simple, widely available on all systems, and provides quick verification of network connectivity and basic troubleshooting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What can cause ping to fail even if the target system is operational?

A

A firewall on the target system might block ping requests, preventing responses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What command would you use to verify that DNS resolution is working?

A

Use ping followed by a domain name to see if it resolves to an IP address, indicating that DNS resolution is functioning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a common use of the ping command for security professionals?

A

Security professionals use ping to verify connectivity and network paths, and to troubleshoot network issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the benefits of using a command line interface (CLI)?

A

The CLI allows for scripting and automation of repetitive tasks, providing more detailed control and efficiency compared to GUIs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the common types of shells in Windows?

A

CMD (Command Prompt) and PowerShell.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the primary use of PowerShell?

A

PowerShell is used for advanced system administration tasks, automation, and configuration management in Windows.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Name some shells available in Linux.

A

Bash, Zsh, and other Unix-like shells.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the Python shell used for?

A

The Python shell is used for executing Python commands and scripts directly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How can using shells benefit system administrators?

A

Shells enable system administrators to automate tasks, manage systems efficiently, and perform complex configurations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is a reverse shell?

A

A reverse shell allows an attacker to remotely access and control a victim’s machine by reversing the connection back to the attacker’s machine.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What tool is commonly used to create reverse shells?

A

Netcat (nc).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is Netcat and how is it used in reverse shells?

A

Netcat is a networking utility used for reading and writing data across network connections. In reverse shells, it can be used to listen on a port and execute commands remotely.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

How can attackers trick victims into executing a reverse shell?

A

Attackers may use phishing emails or other social engineering tactics to trick victims into downloading and running malicious scripts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What are some methods to prevent reverse shell attacks?

A

Educating users about phishing, using antivirus and anti-malware tools, implementing strong network security measures, and monitoring network traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What are advanced persistent threats (APTs)?

A

APTs are long-term targeted attacks where attackers maintain a persistent presence on a network, often using techniques like reverse shells and backdoors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What are some tools that can be used for penetration testing and exploiting vulnerabilities?

A

Metasploit Framework and Cobalt Strike.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What are legitimate uses of shells in system administration?

A

Running system commands, scripting for automation, managing network configurations, and troubleshooting issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Why is scripting important in the context of shells?

A

Scripting allows for automation of repetitive tasks, ensuring consistency and saving time for system administrators.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

How do you spawn the Windows command line interface?

A

By using cmd.exe.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

How can you open the command prompt with administrative privileges?

A

Go to the Start menu, type cmd, right-click on the command prompt, and select “Run as administrator.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What command returns the name of your computer in Windows?

A

hostname

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What command shows the current user in the command prompt?

A

whoami

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

How can you create and run a simple batch file in Windows?

A

Use Notepad to write commands (e.g., hostname and whoami), save the file with a .bat extension, and run it from the command prompt.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What command displays all the environment variables and their values?

A

set

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

How do you set a new environment variable in the command prompt?

A

set FaveColor=”Yellow”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

How can you start PowerShell from within the command prompt?

A

Type powershell and press Enter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

How do you return to the regular command prompt from PowerShell?

A

Type exit in PowerShell.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Why might you need to use the command line instead of the GUI?

A

For tasks that require elevated privileges or for scripting and automating repetitive tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What is the prefix in Windows 10 that indicates you are in a PowerShell prompt?

A

PS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is the benefit of creating batch files?

A

Batch files allow you to automate repetitive tasks and create complex scripts to manage the system more efficiently.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

How can environment variables be useful?

A

They can be used to store configuration values that applications may need to reference.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Can you run PowerShell commands from the regular command prompt?

A

Yes, by starting PowerShell from within the command prompt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What is Microsoft PowerShell?

A

An object-oriented scripting language and command-line shell designed for system and network administrators

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

On which platforms can Microsoft PowerShell run?

A

Windows, macOS, and Linux.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What is the file extension for PowerShell scripts?

A

ps1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

How do you start PowerShell with administrative privileges?

A

Type PowerShell in the Start menu, right-click, and select “Run as administrator.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What does it mean that PowerShell is object-oriented?

A

Outputs in PowerShell are objects with properties and methods, unlike text-based outputs in older shells.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

How can you list all the modules available in PowerShell?

A

Use Get-Module -ListAvailable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

How can you get a list of all physical disks in a machine using PowerShell?

A

Use the Get-PhysicalDisk cmdlet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What does piping do in PowerShell?

A

Piping (|) passes the output of one cmdlet to another for further processing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

How do you filter a list of running services in PowerShell?

A

Get-Service | Where-Object { $_.Status -eq ‘Running’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

How do you select specific properties of an object in PowerShell?

A

Use the Select-Object cmdlet, e.g., Get-PhysicalDisk | Select-Object FriendlyName, MediaType, Size.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What command retrieves the current execution policy in PowerShell?

A

Get-ExecutionPolicy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

How do you change the execution policy in PowerShell?

A

Use the Set-ExecutionPolicy cmdlet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Why is the execution policy important in PowerShell?

A

It controls whether PowerShell scripts can run, helping to prevent the execution of potentially malicious scripts.

61
Q

How do you list all services on a machine using PowerShell?

A

Use the Get-Service cmdlet.

62
Q

What is the difference between text-based output and object-based output in PowerShell?

A

Text-based output is simple text, while object-based output contains structured data with properties and methods.

63
Q

What does the cmdlet Get-AzVM do?

A

It retrieves a list of Azure virtual machines.

64
Q

What is a key difference between Linux and Windows command lines?

A

Linux is case sensitive, whereas Windows is not.

65
Q

Name three common types of Linux shells.

A

C shell, Korn shell, and Bash (Bourne Again Shell).

66
Q

What is a shell script in Linux?

A

A text file containing a series of commands to be executed by the shell.

67
Q

How do you make a shell script executable in Linux?

A

Use the chmod command to change the script’s permissions.

68
Q

Why is it a security risk to sign in as the root user in Linux?

A

The root user has unrestricted access to the system, which can lead to accidental or malicious system damage.

69
Q

What command allows you to run a command with root privileges without logging in as root?

A

sudo

70
Q

What tool is commonly used to make a remote SSH connection to a Linux host?

A

Putty

71
Q

What port does SSH typically use?

A

TCP port 22

72
Q

How do you generate a public and private key pair for SSH authentication?

A

Use the command ssh-keygen -t rsa.

73
Q

Where should the private key be stored for SSH authentication?

A

: On the device you are using to connect to the Linux host.

74
Q

Where should the public key be stored for SSH authentication?

A

On the Linux host, typically in the ~/.ssh/authorized_keys file.

75
Q

How do you change to your home directory in Linux?

A

Type cd and press Enter.

76
Q

How do you display hidden files and directories in Linux?

A

Use the ls -a command

77
Q

What command is used to display the contents of a file in Linux?

A

cat

78
Q

How do you clear the terminal screen in Linux?

A

Use the clear command.

79
Q

How do you list the current directory’s contents in Linux?

A

Use the ls command.

80
Q

What command in Linux is used to mount a disk or network share to a directory?

A

mount

81
Q

What command displays network interface configuration in Linux?

A

ifconfig

82
Q

How do you check if a network connection is working by sending ICMP echo requests?

A

Use the ping command.

83
Q

How do you stop a running command in the terminal?

A

Press Ctrl+C.

84
Q

What is the alternative command to ifconfig that also shows network interfaces and IP addresses?

A

ip a

85
Q

What file must be edited to list users who can run sudo commands?

A

The /etc/sudoers file.

86
Q

Why are log files important in network and host monitoring?

A

Log files help verify normal operations, detect indicators of compromise, and assist in reverse engineering attacks.

87
Q

What should be done to secure log files in case a device gets compromised?

A

Forward log entries to a centralized logging host on a protected network.

88
Q

Name two tools in Windows for working with logs.

A

Event Viewer and PowerShell cmdlets like Get-EventLog.

89
Q

Where are most log files stored in Linux?

A

In the /var/log directory.

90
Q

What is the standard system log file in Ubuntu Linux?

A

/var/log/syslog

91
Q

What command in Linux can write log entries, often used in scripts?

A

logger

92
Q

What command in Linux can be used to view system logs with journal control?

A

journalctl

93
Q

How can log forwarding be beneficial

A

It ensures that log data is preserved even if the original device is compromised

94
Q

How can you filter log entries in Windows Event Viewer to show only specific event IDs?

A

Use the Filter Current Log option and specify the event ID.

95
Q

What is the default log file for kernel messages in Linux?

A

/var/log/kern.log

96
Q

How can you view the first 10 lines of a log file in Linux?

A

Use the head command, e.g., head /var/log/kern.log.

97
Q

How can you view the last 10 lines of a log file in Linux?

A

Use the tail command, e.g., tail /var/log/syslog.

98
Q

How can you view the entire content of a log file in Linux?

A

Use the cat command, e.g., cat /var/log/syslog

99
Q

How can you search for specific entries in a log file in Linux?

A

Use the grep command, e.g., cat /var/log/syslog | grep “Dan”

100
Q

What type of logs can be found in the Windows Security log?

A

Logon failures, audit failures, and other security-related events

101
Q

Why might it be important to centralize log collection?

A

To ensure logs are protected and available for analysis even if individual devices are compromised.

102
Q

What Windows PowerShell cmdlet can retrieve event logs?

A

Get-EventLog

103
Q

How do you clear the screen in a Linux terminal?

A

Use the clear command.

104
Q

What is the purpose of centralized logging?

A

To collect log data from various devices and hosts on a network and store it in a protected central location for easier monitoring and analysis.

105
Q

What protocol is commonly used to acquire information about devices over the network?

A

SNMP (Simple Network Management Protocol).

106
Q

What is an MIB in SNMP?

A

MIB stands for Management Information Base, a database containing statistics and configuration settings for devices.

107
Q

What are SNMP traps?

A

Alerts triggered by specific events, such as bandwidth thresholds being exceeded, sent to an SNMP management station.

108
Q

What open-source tool can be used for log collection and often uses SNMP?

A

Nxlog.

109
Q

What is syslog forwarding in Linux?

A

A method to send log files to a centralized log host, typically over UDP port 514

110
Q

What does the wecutil qc command do in Windows?

A

It configures the Windows Event Collector utility for quick configuration, enabling WinRM traffic for log forwarding.

111
Q

How can centralized logging be enabled in Windows?

A

By creating a subscription in Event Viewer to collect logs from various Windows hosts

112
Q

What protocol is used for centralized logging in Windows?

A

WinRM (Windows Remote Management).

113
Q

What is SIEM?

A

Security Information and Event Management, a solution for centralized log collection, analysis, and visualization

114
Q

What are the main components of a SIEM solution?

A

Data inputs, log aggregation, analysis, and report/dashboard generation.

115
Q

How does a SIEM solution help in detecting security incidents?

A

By using machine learning and big data analytics to identify trends and indicators of compromise that may not be obvious through manual analysis.

116
Q

What types of data can be ingested by a SIEM solution?

A

Log files, alerts from intrusion detection/prevention systems, packet captures, and malware alerts.

117
Q

Why is it important to use both centralized logging and SIEM?

A

To ensure comprehensive monitoring, quick detection of security incidents, and intelligent analysis of security data across the enterprise.

118
Q

What type of data visualization does a SIEM solution provide?

A

Dashboards with charts, graphs, and alerts that offer insights into network security and potential incidents.

119
Q

How does centralized logging improve security?

A

By ensuring log data is preserved even if individual devices are compromised and by providing a single location for comprehensive log analysis.

120
Q

What company provides an open-source SIEM tool mentioned in the text?

A

AlienVault.

121
Q

What is benchmarking in cybersecurity?

A

It’s the process of comparing your security performance against industry standards to identify areas of improvement and ensure compliance with security requirements.

122
Q

What are benchmarks in cybersecurity?

A

Industry-leading security configuration standards that define a minimum level of security for systems to meet application security standards or regulatory requirements.

123
Q

What does NIST stand for?

A

National Institute of Standards and Technology.

124
Q

What is the purpose of the NIST cybersecurity framework?

A

To provide guidelines for improving the critical infrastructure of cybersecurity through five core functions: Identify, Protect, Detect, Respond, and Recover.

125
Q

When was the NIST cybersecurity framework originally published and recently updated?

A

Originally published in 2014 and recently updated as of October.

126
Q

: What are CIS benchmarks?

A

A set of practices for securely configuring systems, including Linux, Windows, Azure, AWS, Cisco, IBM, and Palo Alto platforms.

127
Q

What does DoD Cyber Exchange provide?

A

Security Technical Implementation Guides (STIGs) for various systems, including Microsoft Windows and Linux.

128
Q

What is SCAP?

A

Security Content Automation Protocol, a collection of standards used by organizations to automate and standardize security configurations and manage system vulnerabilities.

129
Q

What are the two types of benchmarks widely used today?

A

Agent-based and agentless.

130
Q

What are the pros of agent-based solutions?

A

They provide continuous surveillance and action, identify and handle security threats in real time, and ensure compliance with organizational security policies.

131
Q

What are the pros of agentless solutions?

A

They are less intrusive, have less impact on system performance, and can scan vulnerabilities without needing direct access to the system.

132
Q

What are the cons of agentless solutions?

A

They typically rely on network connections or flows, which may not provide as comprehensive monitoring as agent-based solutions.

133
Q

How do NIST guidelines help organizations?

A

They offer technical guidelines for federal agencies and other organizations to improve their cybersecurity posture.

134
Q

What is the purpose of security benchmarks and standards like those provided by CIS?

A

To help organizations securely configure systems and meet regulatory requirements and operational best practices.

135
Q

What is the purpose of configuring syslog forwarding in Linux?

A

To send log entries from multiple Linux hosts to a centralized logging host for secure storage and analysis.

136
Q

Which file needs to be edited on the centralized logging host to enable receiving syslog messages?

A

/etc/rsyslog.conf

137
Q

How do you save and exit the nano text editor after editing the configuration file?

A

Press Ctrl+X, then Y to confirm saving changes, and press Enter to save the file.

138
Q

What command is used to restart the rsyslog service on the centralized host?

A

sudo service rsyslog restart

139
Q

How can you verify that the rsyslog service is running and listening on UDP port 514?

A

Use the command sudo netstat -nu | grep rsyslog

140
Q

Which command shows the IP address of the centralized logging host?

A

ifconfig

141
Q

What is the key configuration change needed on a log client to forward logs to the centralized host?

A

Add the line . @<centralized_host_IP> to the bottom of /etc/rsyslog.conf, where <centralized_host_IP> is the IP address of the centralized logging host.</centralized_host_IP></centralized_host_IP>

142
Q

How do you restart the rsyslog service on the log client after making configuration changes?

A

sudo service rsyslog restart

143
Q

How can you test log forwarding by creating a custom log entry on the log client?

A

: Use the logger command, e.g., logger “Test log forwarding”

144
Q

How do you check for the custom log entry on the log client?

A

Use the command tail /var/log/syslog

145
Q

How do you verify that the custom log entry has been forwarded to the centralized logging host?

A

Use the command tail /var/log/syslog on the centralized logging host to check for the log entry.

146
Q

Why is centralized log forwarding important in cybersecurity?

A

It ensures log data is preserved and accessible even if individual devices are compromised, aiding in security monitoring and forensic analysis.

147
Q

What protocol and port does syslog typically use for log forwarding?

A

UDP port 514

148
Q

How can you clear the screen in a Linux terminal?

A

: Use the clear command.

149
Q
A