Chapter 5 Tools of the trade Flashcards
(149 cards)
1
Q
What is a GUI in the context of operating systems?
A
A GUI, or graphical user interface, allows users to interact with the system through graphical elements like windows, icons, and buttons.
2
Q
Why might one need to use the command line interface (CLI) instead of a GUI?
A
The CLI allows for more advanced and detailed control over the system, which may be necessary for certain tasks that GUIs cannot handle.
3
Q
What is CMD in Windows?
A
CMD, or Command Prompt, is the classic command shell in Windows for executing commands and running scripts.
4
Q
What is PowerShell and how is it different from CMD?
A
PowerShell is a more advanced shell in Windows that allows for more complex commands and scripting compared to CMD.
5
Q
What is a shell in the context of operating systems?
A
A shell is a user interface for accessing an operating system’s services, typically through a command-line interface.
6
Q
What is a bash shell?
A
The bash shell is a Unix shell and command language that is the default shell on many Linux distributions and macOS.
7
Q
What is SSH used for?
A
SSH, or Secure Shell, is used to securely connect to a remote system’s shell over a network.
8
Q
How does the ping command help in network diagnostics?
A
Ping checks the connectivity to another system by sending packets and measuring the response time, verifying that the systems are physically connected and can communicate.
9
Q
What is the purpose of the ping -t command in Windows?
A
The ping -t command sends continuous ping requests to a specified address until stopped, unlike the default four pings.
10
Q
What does the ipconfig command do in Windows?
A
ipconfig displays network configuration details such as IP addresses, subnet masks, and default gateways for all network adapters.
11
Q
What additional information does ipconfig /all provide?
A
ipconfig /all provides detailed network information, including the physical (MAC) address and DHCP details.
12
Q
What is the difference between ipconfig and ifconfig?
A
ipconfig is used in Windows, while ifconfig is used in Unix-based systems like Linux and macOS to configure and display network interface parameters.
13
Q
How do you release and renew a DHCP lease using ipconfig?
A
Use ipconfig /release to release the current DHCP lease and ipconfig /renew to request a new lease.
14
Q
What does the ipconfig /flushdns command do?
A
ipconfig /flushdns clears the DNS resolver cache, which can help resolve DNS-related issues.
15
Q
Why is ping considered a fundamental networking tool?
A
Ping is simple, widely available on all systems, and provides quick verification of network connectivity and basic troubleshooting.
16
Q
What can cause ping to fail even if the target system is operational?
A
A firewall on the target system might block ping requests, preventing responses.
17
Q
What command would you use to verify that DNS resolution is working?
A
Use ping followed by a domain name to see if it resolves to an IP address, indicating that DNS resolution is functioning.
18
Q
What is a common use of the ping command for security professionals?
A
Security professionals use ping to verify connectivity and network paths, and to troubleshoot network issues.
19
Q
What are the benefits of using a command line interface (CLI)?
A
The CLI allows for scripting and automation of repetitive tasks, providing more detailed control and efficiency compared to GUIs.
20
Q
What are the common types of shells in Windows?
A
CMD (Command Prompt) and PowerShell.
21
Q
What is the primary use of PowerShell?
A
PowerShell is used for advanced system administration tasks, automation, and configuration management in Windows.
22
Q
Name some shells available in Linux.
A
Bash, Zsh, and other Unix-like shells.
23
Q
What is the Python shell used for?
A
The Python shell is used for executing Python commands and scripts directly.
24
Q
How can using shells benefit system administrators?
A
Shells enable system administrators to automate tasks, manage systems efficiently, and perform complex configurations.
25
What is a reverse shell?
A reverse shell allows an attacker to remotely access and control a victim's machine by reversing the connection back to the attacker's machine.
26
What tool is commonly used to create reverse shells?
Netcat (nc).
27
What is Netcat and how is it used in reverse shells?
Netcat is a networking utility used for reading and writing data across network connections. In reverse shells, it can be used to listen on a port and execute commands remotely.
28
How can attackers trick victims into executing a reverse shell?
Attackers may use phishing emails or other social engineering tactics to trick victims into downloading and running malicious scripts.
29
What are some methods to prevent reverse shell attacks?
Educating users about phishing, using antivirus and anti-malware tools, implementing strong network security measures, and monitoring network traffic.
30
What are advanced persistent threats (APTs)?
APTs are long-term targeted attacks where attackers maintain a persistent presence on a network, often using techniques like reverse shells and backdoors.
31
What are some tools that can be used for penetration testing and exploiting vulnerabilities?
Metasploit Framework and Cobalt Strike.
32
What are legitimate uses of shells in system administration?
Running system commands, scripting for automation, managing network configurations, and troubleshooting issues.
33
Why is scripting important in the context of shells?
Scripting allows for automation of repetitive tasks, ensuring consistency and saving time for system administrators.
34
How do you spawn the Windows command line interface?
By using cmd.exe.
35
How can you open the command prompt with administrative privileges?
Go to the Start menu, type cmd, right-click on the command prompt, and select "Run as administrator."
36
What command returns the name of your computer in Windows?
hostname
37
What command shows the current user in the command prompt?
whoami
38
How can you create and run a simple batch file in Windows?
Use Notepad to write commands (e.g., hostname and whoami), save the file with a .bat extension, and run it from the command prompt.
39
What command displays all the environment variables and their values?
set
40
How do you set a new environment variable in the command prompt?
set FaveColor="Yellow"
41
How can you start PowerShell from within the command prompt?
Type powershell and press Enter.
42
How do you return to the regular command prompt from PowerShell?
Type exit in PowerShell.
43
Why might you need to use the command line instead of the GUI?
For tasks that require elevated privileges or for scripting and automating repetitive tasks.
44
What is the prefix in Windows 10 that indicates you are in a PowerShell prompt?
PS
45
What is the benefit of creating batch files?
Batch files allow you to automate repetitive tasks and create complex scripts to manage the system more efficiently.
46
How can environment variables be useful?
They can be used to store configuration values that applications may need to reference.
47
Can you run PowerShell commands from the regular command prompt?
Yes, by starting PowerShell from within the command prompt
48
What is Microsoft PowerShell?
An object-oriented scripting language and command-line shell designed for system and network administrators
49
On which platforms can Microsoft PowerShell run?
Windows, macOS, and Linux.
50
What is the file extension for PowerShell scripts?
ps1
51
How do you start PowerShell with administrative privileges?
Type PowerShell in the Start menu, right-click, and select "Run as administrator."
52
What does it mean that PowerShell is object-oriented?
Outputs in PowerShell are objects with properties and methods, unlike text-based outputs in older shells.
53
How can you list all the modules available in PowerShell?
Use Get-Module -ListAvailable.
54
How can you get a list of all physical disks in a machine using PowerShell?
Use the Get-PhysicalDisk cmdlet.
55
What does piping do in PowerShell?
Piping (|) passes the output of one cmdlet to another for further processing.
56
How do you filter a list of running services in PowerShell?
Get-Service | Where-Object { $_.Status -eq 'Running'
57
How do you select specific properties of an object in PowerShell?
Use the Select-Object cmdlet, e.g., Get-PhysicalDisk | Select-Object FriendlyName, MediaType, Size.
58
What command retrieves the current execution policy in PowerShell?
Get-ExecutionPolicy
59
How do you change the execution policy in PowerShell?
Use the Set-ExecutionPolicy cmdlet.
60
Why is the execution policy important in PowerShell?
It controls whether PowerShell scripts can run, helping to prevent the execution of potentially malicious scripts.
61
How do you list all services on a machine using PowerShell?
Use the Get-Service cmdlet.
62
What is the difference between text-based output and object-based output in PowerShell?
Text-based output is simple text, while object-based output contains structured data with properties and methods.
63
What does the cmdlet Get-AzVM do?
It retrieves a list of Azure virtual machines.
64
What is a key difference between Linux and Windows command lines?
Linux is case sensitive, whereas Windows is not.
65
Name three common types of Linux shells.
C shell, Korn shell, and Bash (Bourne Again Shell).
66
What is a shell script in Linux?
A text file containing a series of commands to be executed by the shell.
67
How do you make a shell script executable in Linux?
Use the chmod command to change the script's permissions.
68
Why is it a security risk to sign in as the root user in Linux?
The root user has unrestricted access to the system, which can lead to accidental or malicious system damage.
69
What command allows you to run a command with root privileges without logging in as root?
sudo
70
What tool is commonly used to make a remote SSH connection to a Linux host?
Putty
71
What port does SSH typically use?
TCP port 22
72
How do you generate a public and private key pair for SSH authentication?
Use the command ssh-keygen -t rsa.
73
Where should the private key be stored for SSH authentication?
: On the device you are using to connect to the Linux host.
74
Where should the public key be stored for SSH authentication?
On the Linux host, typically in the ~/.ssh/authorized_keys file.
75
How do you change to your home directory in Linux?
Type cd and press Enter.
76
How do you display hidden files and directories in Linux?
Use the ls -a command
77
What command is used to display the contents of a file in Linux?
cat
78
How do you clear the terminal screen in Linux?
Use the clear command.
79
How do you list the current directory's contents in Linux?
Use the ls command.
80
What command in Linux is used to mount a disk or network share to a directory?
mount
81
What command displays network interface configuration in Linux?
ifconfig
82
How do you check if a network connection is working by sending ICMP echo requests?
Use the ping command.
83
How do you stop a running command in the terminal?
Press Ctrl+C.
84
What is the alternative command to ifconfig that also shows network interfaces and IP addresses?
ip a
85
What file must be edited to list users who can run sudo commands?
The /etc/sudoers file.
86
Why are log files important in network and host monitoring?
Log files help verify normal operations, detect indicators of compromise, and assist in reverse engineering attacks.
87
What should be done to secure log files in case a device gets compromised?
Forward log entries to a centralized logging host on a protected network.
88
Name two tools in Windows for working with logs.
Event Viewer and PowerShell cmdlets like Get-EventLog.
89
Where are most log files stored in Linux?
In the /var/log directory.
90
What is the standard system log file in Ubuntu Linux?
/var/log/syslog
91
What command in Linux can write log entries, often used in scripts?
logger
92
What command in Linux can be used to view system logs with journal control?
journalctl
93
How can log forwarding be beneficial
It ensures that log data is preserved even if the original device is compromised
94
How can you filter log entries in Windows Event Viewer to show only specific event IDs?
Use the Filter Current Log option and specify the event ID.
95
What is the default log file for kernel messages in Linux?
/var/log/kern.log
96
How can you view the first 10 lines of a log file in Linux?
Use the head command, e.g., head /var/log/kern.log.
97
How can you view the last 10 lines of a log file in Linux?
Use the tail command, e.g., tail /var/log/syslog.
98
How can you view the entire content of a log file in Linux?
Use the cat command, e.g., cat /var/log/syslog
99
How can you search for specific entries in a log file in Linux?
Use the grep command, e.g., cat /var/log/syslog | grep "Dan"
100
What type of logs can be found in the Windows Security log?
Logon failures, audit failures, and other security-related events
101
Why might it be important to centralize log collection?
To ensure logs are protected and available for analysis even if individual devices are compromised.
102
What Windows PowerShell cmdlet can retrieve event logs?
Get-EventLog
103
How do you clear the screen in a Linux terminal?
Use the clear command.
104
What is the purpose of centralized logging?
To collect log data from various devices and hosts on a network and store it in a protected central location for easier monitoring and analysis.
105
What protocol is commonly used to acquire information about devices over the network?
SNMP (Simple Network Management Protocol).
106
What is an MIB in SNMP?
MIB stands for Management Information Base, a database containing statistics and configuration settings for devices.
107
What are SNMP traps?
Alerts triggered by specific events, such as bandwidth thresholds being exceeded, sent to an SNMP management station.
108
What open-source tool can be used for log collection and often uses SNMP?
Nxlog.
109
What is syslog forwarding in Linux?
A method to send log files to a centralized log host, typically over UDP port 514
110
What does the wecutil qc command do in Windows?
It configures the Windows Event Collector utility for quick configuration, enabling WinRM traffic for log forwarding.
111
How can centralized logging be enabled in Windows?
By creating a subscription in Event Viewer to collect logs from various Windows hosts
112
What protocol is used for centralized logging in Windows?
WinRM (Windows Remote Management).
113
What is SIEM?
Security Information and Event Management, a solution for centralized log collection, analysis, and visualization
114
What are the main components of a SIEM solution?
Data inputs, log aggregation, analysis, and report/dashboard generation.
115
How does a SIEM solution help in detecting security incidents?
By using machine learning and big data analytics to identify trends and indicators of compromise that may not be obvious through manual analysis.
116
What types of data can be ingested by a SIEM solution?
Log files, alerts from intrusion detection/prevention systems, packet captures, and malware alerts.
117
Why is it important to use both centralized logging and SIEM?
To ensure comprehensive monitoring, quick detection of security incidents, and intelligent analysis of security data across the enterprise.
118
What type of data visualization does a SIEM solution provide?
Dashboards with charts, graphs, and alerts that offer insights into network security and potential incidents.
119
How does centralized logging improve security?
By ensuring log data is preserved even if individual devices are compromised and by providing a single location for comprehensive log analysis.
120
What company provides an open-source SIEM tool mentioned in the text?
AlienVault.
121
What is benchmarking in cybersecurity?
It's the process of comparing your security performance against industry standards to identify areas of improvement and ensure compliance with security requirements.
122
What are benchmarks in cybersecurity?
Industry-leading security configuration standards that define a minimum level of security for systems to meet application security standards or regulatory requirements.
123
What does NIST stand for?
National Institute of Standards and Technology.
124
What is the purpose of the NIST cybersecurity framework?
To provide guidelines for improving the critical infrastructure of cybersecurity through five core functions: Identify, Protect, Detect, Respond, and Recover.
125
When was the NIST cybersecurity framework originally published and recently updated?
Originally published in 2014 and recently updated as of October.
126
: What are CIS benchmarks?
A set of practices for securely configuring systems, including Linux, Windows, Azure, AWS, Cisco, IBM, and Palo Alto platforms.
127
What does DoD Cyber Exchange provide?
Security Technical Implementation Guides (STIGs) for various systems, including Microsoft Windows and Linux.
128
What is SCAP?
Security Content Automation Protocol, a collection of standards used by organizations to automate and standardize security configurations and manage system vulnerabilities.
129
What are the two types of benchmarks widely used today?
Agent-based and agentless.
130
What are the pros of agent-based solutions?
They provide continuous surveillance and action, identify and handle security threats in real time, and ensure compliance with organizational security policies.
131
What are the pros of agentless solutions?
They are less intrusive, have less impact on system performance, and can scan vulnerabilities without needing direct access to the system.
132
What are the cons of agentless solutions?
They typically rely on network connections or flows, which may not provide as comprehensive monitoring as agent-based solutions.
133
How do NIST guidelines help organizations?
They offer technical guidelines for federal agencies and other organizations to improve their cybersecurity posture.
134
What is the purpose of security benchmarks and standards like those provided by CIS?
To help organizations securely configure systems and meet regulatory requirements and operational best practices.
135
What is the purpose of configuring syslog forwarding in Linux?
To send log entries from multiple Linux hosts to a centralized logging host for secure storage and analysis.
136
Which file needs to be edited on the centralized logging host to enable receiving syslog messages?
/etc/rsyslog.conf
137
How do you save and exit the nano text editor after editing the configuration file?
Press Ctrl+X, then Y to confirm saving changes, and press Enter to save the file.
138
What command is used to restart the rsyslog service on the centralized host?
sudo service rsyslog restart
139
How can you verify that the rsyslog service is running and listening on UDP port 514?
Use the command sudo netstat -nu | grep rsyslog
140
Which command shows the IP address of the centralized logging host?
ifconfig
141
What is the key configuration change needed on a log client to forward logs to the centralized host?
Add the line *.* @ to the bottom of /etc/rsyslog.conf, where is the IP address of the centralized logging host.
142
How do you restart the rsyslog service on the log client after making configuration changes?
sudo service rsyslog restart
143
How can you test log forwarding by creating a custom log entry on the log client?
: Use the logger command, e.g., logger "Test log forwarding"
144
How do you check for the custom log entry on the log client?
Use the command tail /var/log/syslog
145
How do you verify that the custom log entry has been forwarded to the centralized logging host?
Use the command tail /var/log/syslog on the centralized logging host to check for the log entry.
146
Why is centralized log forwarding important in cybersecurity?
It ensures log data is preserved and accessible even if individual devices are compromised, aiding in security monitoring and forensic analysis.
147
What protocol and port does syslog typically use for log forwarding?
UDP port 514
148
How can you clear the screen in a Linux terminal?
: Use the clear command.
149
