Commands

Question 1

netstat

Answer 1

-a all active connections
-b show binaries
-n do not resolve names (just ips)
show network status and protocol statistics. You can display the status of TCP and UDP endpoints in table format, routing table information, and interface information.

Question 2

traceroute/tracert

Answer 2

trace traffic from one destination to another

Uses ICMP and TTL

Question 3

pathping

Answer 3

combines traceroute and ping

will give more accurate latency information than traceroute

Question 4

arp -a

Answer 4

ip address and mac address for devices on the network that are in the local arp table

Question 5

dig/nslookup

Answer 5

Information on DNS server

names and IP addresses (more info with dig)

Question 6

route print/netstat -r

Answer 6

view device’s routing table
Find out which way the packets will go
allows you to make manual entries into the network routing tables with add flag

Question 7

hping

Answer 7

ping that can send almost anything
can modify the port, ip, tcp, udp, icmp values
Easy to accidentally flood a server and cause DDoS
used to send large volumes of TCP traffic at a target while spoofing the source IP address, making it appear random or even originating from a specific user-defined source.

Question 8

nmap

Answer 8

learn about network devices
port scan to id open ports
OS scan to discover without logging in
What services running on device
Can run additional scripts (NSE)

Question 9

scanless

Answer 9

runs port scan from different host (from proxy)

Question 10

dnsenum

Answer 10

finds host names in dns

FInds all hostnames that are associated with that address

Question 11

Cuckoo

Answer 11

test a file in a safe environment (sandbox)

Can evaluate the file for malware

Question 12

Nessus

Answer 12

Industry leader in vulnerability scanning
(not command code)
Provides vulnerabilities as well as suggested resolutions

Question 13

Wireshark

Answer 13

Graphical packet analyzer
Grabs network traffic and stores for offline analysis
Grabs Ethernet, Bluetooth, Wireless (IEEE. 802.11, etc.

Question 14

tcpdump

Answer 14

Displays packet on screen

command line version of wireshark

Question 15

tcpreplay

Answer 15

Allows to replay packets

Can be useful to check if security would catch particular packets

Question 16

dd

Answer 16

Linux

create a bit by bit copy of a drive or directory

Question 17

memdump

Answer 17

Takes all information in system memory and send to file

Question 18

WinHex

Answer 18

Able to view file information in hexadecimal form

Useful with disk cloning, data recovery, hardware cleaning

Question 19

FTK imager

Answer 19

REad drive as a windows executable

Question 20

Autopsy

Answer 20

view and recover data from storage devices

Question 21

MITRE

Answer 21

Framework to look at potential attacks

Gives types, causes, and potential resolution and prevention

Question 22

Diamond model

Answer 22

Developed by government

Used after an attack to identify parts of the attack as well as looking how to prevent in the future

Question 23

Cyber Kill Chain

Answer 23

Defines different phases of a cyber attack

How it is done by an attacker

Question 24

Logs

Network, System, application, security, web, DNS, Authentication, Dump files, VoIP and call managers, SIP traffic

Answer 24

Network- info from network devices (updates, auth issues, etc.)
System- auth details, monitor apps, file changes, may require filter
Application-specific to the application
Security- blocked and allowed traffic flows, exploited attempts, blocked URL, DNS sinkhole traffic, security devices
Web- Info firewall and web application attacks, IP address, Auth issues, server activity
DNS- IP address, hostname, malware sites
Authentication- who logged in or didn’t
Dump files- Read mem and DNS dump files
VOIP- inbound and outbound info, auth, audit trail
Session Initiation Protocol (SIP)- setup and teardown of VoIP, inbound and outbound calls, alerts on unusual numbers or country codes

Question 25

syslog

Answer 25

Standard for message logging
Integrated with SIEM
facility code and severity level wiht each entry
Different types of syslogs
rsyslog- fast log processing
syslog-ng- popular for linix, additional filtering and storage options
NXlog- collection from different log types

Question 26

journalctl

Answer 26

method for query system journal in linux

linux logs are stores in binary format

Question 27

NetFlow

Answer 27

Gather traffinc from all traffic flows

standard so can be used with many vendors

Question 28

IPFIX

Answer 28

Newer version of Netflow

Can customize what data is collected from network devices

Question 29

sFlow

Answer 29

only a portion of the actual network traffic

usually embedded in infrascructure

Question 30

Protocol analyzer

Answer 30

Solve complex application issues
Gathers packets on network
Can be used with wireless networks
Detailed information about each packet going through the network

Question 31

GDPR

Answer 31

Regulations set in EU

Ability for person to control what happens to their data and where it goes

Question 32

PCI DSS

Answer 32

Credit Card regulations
Secure network and systems
Protect cardholdedr data
Maintain vulnerability management program
Strong access control
monitor and test network
Information security policy

Question 33

CIS

Answer 33

CIS-CSC

Framework to improve cyber defense

Question 34

NIST RMF

Answer 34

Framework mandatory for US federal agencies

Categorize, select, implement, assess, authorize, monitor

Question 35

NIST CSF

Answer 35

Framework designed for commercial uses
Framework core- Identify, protect, detect, respond, recover
Framework Implementation Tiers- org’s understanding their cybersecurity vulnerabilities and what tools are needed
Framework Profile- policies, guidelines, and standards that are being implemented with framework core

Question 36

ISO/IEC 27001

Answer 36

Standard for Information Security Management System (ISMS)

Question 37

ISO/IEC 27002

Answer 37

Code of practice for information security controls

Question 38

ISO/IEC 27701

Answer 38

Privacy, PIMS

Question 39

ISO/IEC 31000

Answer 39

International standards for risk management practices

Question 40

SSAE SOC 2 Type I/II

Answer 40

Auditing standard for SSAE 18
SOC 2 - Trust services criteria- firewalls, intrustion detection MFA
Type I audit - Test controls in place at a particular point in time
Type II audit - Test controls over at least 6 months

Question 41

CSA

Answer 41

Security in cloud computing

CCM - Standards for security controls

Question 42

AUP

Answer 42

Acceptable Use Policy

What is acceptable use of company assets

Question 43

SLA

Answer 43

Service level agreement
Minimal terms for services provided (uptime, response time, etc.)
Between customer and service provider

Question 44

MOU

Answer 44

Memorandum of Understanding
includes statements of confidentiality
informal letter of intent not signed contract
understand what requirements are for business process

Question 45

MSA

Answer 45

Measurement system analysis
assess the measurement process
Calculate measurement uncertainty
Used with quality management systems

Question 46

BPA

Answer 46

Business Partnership Agreement