Comp 1

Question 1

Vulnerability

Answer 1

A weakness that could be triggered accidentally or exploited intentionally to cause a security breach

Question 2

Insider threat

Answer 2

Arises from an actor who has been identified by the organization and grated some sort of access

Question 3

Reputational threat intelligence

Answer 3

List of IP addresses and domains associated with malicious behavior, plus signatures of known file-base malware.

Question 4

Ipconfig

Answer 4

Show the configuration assigned to network interface(s) in Windows, including the hardware or media access gateway, and whether the address is static or assigned by DHCP. The address of the DHCP server that provided the lease is shown as well.

Question 5

Ping

Answer 5

Probe a host on a particular IP address or hostname using Internet Control Message Protocol ICMP. Can also be used to perform a sweep of all IPs in a subnet.

Question 6

The Harvester

Answer 6

A tool for gathering open-source intelligence (OSINT) for a particular domain or company
name

Question 7

Software exploitation

Answer 7

An attack that targets a vulnerability in software code

Question 8

Network vulnerability scanner

Answer 8

such as Tenable Nessus or OpenVAS, is designed to test network hosts,
including client PCs, mobile devices, servers, routers, and switches

Question 9

Scan intrusiveness

Answer 9

A measure of how much the scanner interacts with the target

Question 10

Non-intrusive (OR PASSIVE) scanning

Answer 10

Analyzing indirect evidence, such as the types of traffic generated
by a device. A passive scanner, the Zeek Network Security Monitor being one example, analyzes a
network capture and tries to identify policy deviations or CVE matches. This type of scanning has the
least impact on the network and on hosts, but is less likely to identify vulnerabilities comprehensively

Question 11

Active scanning

Answer 11

Probing he device’s configuration using some sort of network connection with the
target. Active scanning consumes more network bandwidth and runs the risk of crashing the target of
the scan or causing some other sort of outage agent-based scanning is also an active technique

Question 12

Maneuver

Answer 12

A military doctrine term relating to obtaining positional advantage

Question 13

What influenced the techniques of pen testing engagement on target systems?

Answer 13

Modern cyber-attack “kill chain” models generated through analysis of adversary TTPs.

Question 14

Open Source Intelligence (OSINT)

Answer 14

• Web search tools, social media and sites are scanned for vulnerabilities in internet-connected devices and services.
• Aggregation tools like theHarvester collect and organize this data from multiple sources.

-This is a passive technique

Question 15

Wardriving

Answer 15

Mapping the location and type of wireless networks operated by the target. Some of these
networks may be accessible from outside the building. Simply sniffing the presence of wireless network
is a passive activity, though there is the risk of being observed by security guards or cameras.

Question 16

Shoulder surfing

Answer 16

A threat actor can learn a password or PIN (or other secure information) by watching
the user type it. Despite the name, the attacker may not have to be in close proximity to the target

Question 17

Whaling

Answer 17

A spear phishing attack directed specifically against upper levels of management

Question 18

Hoaxes

Answer 18

Such as security alerts or chain emails, are another common social engineering technique, often
combined with phishing attacks

Question 19

SPIM

Answer 19

Mass mail attacks could also be perpetrated over any type of instant messaging or internet messaging
service

Question 20

Malware

Answer 20

is usually simply defined as software that does something bad, from the perspective of the
system owner

Question 21

Virus

Answer 21

A type of malware designed to replicate and spread from computer to computer, usually by
“infecting” executable applications or program code

Question 22

Non-resident/file infector

Answer 22

The virus is contained within a host executable file and runs with the host
process

Question 23

Memory resident

Answer 23

When the host file is executed, the virus creates a new process for itself in memory.
The malicious process remains in memory, even if the host process is terminated

Question 24

Boot

Answer 24

The virus code is written to the disk boot sector or the partition table of a fixed disk or USB media,
and executes as a memory resident process when the OS starts or the media is attached to the
computer

Question 25

Script and macro viruses

Answer 25

The malware uses the programing features available in local scripting engines
for the OS and/or browser such as PowerShell, Windows Management Instrumentation (WMI),
JavaScript, Microsoft Office documents with Visual Basic for Applications (VBA) code enabled, or PDF
documents with JavaScript enabled

Question 26

Plaintext

Answer 26

(or cleartext) an unencrypted message

Question 27

Ciphertext

Answer 27

An encrypted message

Question 28

Cipher

Answer 28

The process (or algorithm) used to encrypt and decrypt a message

Question 29

Cryptanalysis

Answer 29

The art of cracking cryptographic systems

Question 30

Hashing

Answer 30

Produces a fixed length string from an input plaintext that can be any length

Question 31

Symmetric algorithms do not provide message integrity or authentication. T/F?

Answer 31

True

Question 32

Cryptographic primitive

Answer 32

A single hash function, symmetric cipher

Question 33

Nonce

Answer 33

The principal characteristic of a nonce is that it is never reused (“number used once”)

Question 34

Homomorphic encryption

Answer 34

Is principally used to share privacy sensitive data sets

Question 35

Blockchain

Answer 35

Is a concept in which an expanding list of transactional records is secured using
cryptography

Question 36

Public key cryptography

Answer 36

Solves the problem, of distributing encryption keys when you want to
communicate securely with others or authenticate a message that you send to others

Question 37

Digital certificate

Answer 37

Essentially a wrapper for a subject’s public key

Question 38

Certificate Attributes:

Answer 38

• Signature algorithm
• Public key

Question 39

Signature algorithm

Answer 39

The algorithm used by the CA to sign the certificate

Question 40

Public key

Answer 40

Public key and algorithm used by the certificate holder

Question 41

Subject Alternate Name (SAN)

Answer 41

Extension field is structured to represent different types of identifiers,
including domain names

Question 42

Identity and Access Management (IAM) Usually described in terms of four main processes:

Answer 42

• Identification
• Authentication
• Accounting
• Logon
• Offline Attacks

Question 43

Describe the “Identification” process in IAM

Answer 43

Creating an account or ID that uniquely represents the user, device, or process on
the network

Question 44

Describe the “Authentication” process in IAM

Answer 44

Proving that a subject is who or what it claims to be when it attempts to access
the resource

Question 45

Describe the “Authorization” process in IAM

Answer 45

Determining what rights subjects should have on each resource, and enforcing
those right

Question 46

Describe the “Accounting” process in IAM

Answer 46

Tracking authorized usage of a resource or use of any rights by a subject and
alerting when unauthorized use is detected or attempted

Question 47

Logon

Answer 47

The typical knowledge factor, composed of a username and a password

Question 48

Offline Attacks

Answer 48

The attacker has managed to obtain a database of password hashes. In system 32 config
file

Question 49

How does adding salt to stored plaintext help slow down rainbow attacks?

Answer 49

The table cannot be created in advance and must be recreated for each combination of password and salt value.

Question 50

UNIX and LINUX password storage mechanisms use salt, but Windows does not. T/F?

Answer 50

True

Question 51

One-time password (OTP)

Answer 51

Is generated automatically, rather than being chosen by a user, and used only
once. Is generated using some sort of hash function on a secret value plus a synchronization value
(seed), such as a timestamp or counter

Question 52

Initiative for Open Authentication (OATH)

Answer 52

an industry body established with the aim of developing an open, strong authentication framework

Question 53

Secure transmission of credentials

Answer 53

Creating and sending an initial password or issuing a smart card securely

Question 54

Default account

Answer 54

One that is created by the operating system or application when it is installed

Question 55

Security identifier

Answer 55

A user is defined by a unique SID, a name, and a credential. Each account is
associated with a profile

Question 56

Group policy objects (GPOs)

Answer 56

Can be linked to network administrative boundaries in the active directory and used to configure access rights for user/group/role accounts.

Question 57

Acceptable Use Policy (AUP)

Answer 57

Important to protect the organization from the security and legal
implications of employees misusing its equipment

Question 58

Single points of failure

Answer 58

A “Pinch point” relying on a single hardware server or appliance or network
channel

Question 59

Intranet (Private network)

Answer 59

This is a network of trusted hosts owned and controlled by the organization

Question 60

Demilitarized Zones DMZs)

Answer 60

Also referred to as a perimeter or edge network. The basic principal is that
traffic cannot pass directly through it

Question 61

Zero trust

Answer 61

Based on the idea that perimeter security is unlikely to be completely robust

Question 62

MAC cloning (MAC address spoofing)

Answer 62

Changes the hardware address configured on an adapter interface
or asserts the use of an arbitrary MAC address

Question 63

ARP poisoning

Answer 63

Attack uses a packet crafter, such as Ettercap, to broadcast unsolicited ARP reply packets

Question 64

MAC flooding

Answer 64

Used to attack a switch

Question 65

Wireless Access Point (WAP) Placement:

Answer 65

An infrastructure-based wireless network comprises one or more wireless access points, each
connected to a wireless network. The Access points forward traffic to and from the wired switch
network

Question 66

What does a Switch use to determine which port to use to forward unicast traffic to its correct destination?

Answer 66

MAC address table

Question 67

What happens when you overwhelm a MAC address table?

Answer 67

The switch will stop trying to apply MAC-based forwarding and flood unicast traffic out of all ports similar to a hub.

Question 68

What protocol is used to prevent broadcast storms?

Answer 68

STP

Question 69

Site survey

Answer 69

Used to measure signal strength and channel usage throughout the area to cover

Question 70

What’s the minimum a passphrase be to mitigate risk from cracking?

Answer 70

14 characters

Question 71

Evil twin

Answer 71

A rouge WAP masquerading as a legitimate one. Might just have a similar name (SSID) to the
legitimate one, or the attacker might use some DoS technique to overcome the legitimate WAP

Question 72

SYN flood attack

Answer 72

Works by withholding the client’s ACK packet during TCP’s three-way handshake

Question 73

Embedded systems might be used as bots. T/F?

Answer 73

True

Question 74

Any type of internet-enabled device is vulnerable to compromise. T/F?

Answer 74

True

Question 75

What is an IOT botnet

Answer 75

The use of internet-enabled devices like web-enabled cameras, SOHO routers, and smart TVs are used as a bot.

Question 76

Load balancer

Answer 76

Distributes client requests across available server nodes in a farm or pool

Question 77

QoS

Answer 77

Compatible endpoint device or application uses the DiffServ field in the IP header (layer 3) and
adds an 802.1p field to the Ethernet header (layer 2) to indicate that the packet should be treated as
priority (traffic marking). It transmits the frame to the switch

Question 78

Packet filtering

Answer 78

Firewall is configured by specifying a group of rules, called an access control list (ACL)

Question 79

Stateless

Answer 79

this means that it does not preserve information about network sessions

Question 80

What command shows the content of the INPUT chain with line numbers and no name resolution?

Answer 80

–List INPUT –Line-numbers -n

Question 81

Caching engines

Answer 81

Whereby frequently requested web pages are retained on the proxy, negating the
need to re-fetch those pages for subsequent request

Question 82

Class A Private address range

Answer 82

10.0.0.0 to 10.255.255.255

Question 83

Class B Private address range

Answer 83

172.16.0.0 to 172.31.255.255

Question 84

Class C Private address range

Answer 84

192.168.0.0 to 192.168.255.255

Question 85

Port Address Translation (PAT)

Answer 85

Provides a means for multiple private IP addresses to be mapped onto a single public address

Question 86

Network Based IDS (NIDS)

Answer 86

Captures traffic via a packet sniffer, referred to as a sensor

Question 87

Behavior-based detection

Answer 87

The engine is trained to recognize baseline “normal” traffic or events. The
idea is that the software will be able to identify zero day attacks

Question 88

What is a core feature of host-based IDS (HIDS)

Answer 88

File integrity monitoring (FIM)

Question 89

What does FIM software audit?

Answer 89

key system files to make sure they match the authorized versions

Question 90

Web Application Firewall (WAF)

Answer 90

Designed specifically to protect software running on web servers and
their backend database from code injections and DoS attacks

Question 91

Security Information and Event Management (SIEM)

Answer 91

The core function of an SIEM tool is to aggregate
traffic data and logs

Question 92

Sensor

Answer 92

As well as log data, the SIEM might collect packet captures and traffic flow data from sniffers

Question 93

Sentiment Analysis

Answer 93

Analytics driven by machine learning is to identify intent

Question 94

Domain hijacking

Answer 94

An attack where an adversary acquires a domain for a company’s trading name or
trademark, or perhaps some spelling variation thereof

Question 95

DNS poisoning

Answer 95

An attack that compromises the process by which clients query name servers to locate
the IP address or FQDN

Question 96

Lightweight Directory Access Protocol (LDAP)

Answer 96

All transmissions are in plaintext, making it vulnerable to
sniffing and man-in-the-middle attacks

Question 97

Simple Network Management Protocol (SNMP)

Answer 97

A widely used framework for management and
monitoring

Question 98

HyperText Transfer Protocol (HTTP)

Answer 98

The foundation of web technology. Enables clients (typically web browsers) to request resources from an HTTP server

Question 99

What does HTTPS operate over

Answer 99

443

Question 100

File Transfer Protocol (FTP)

Answer 100

Typically configured with several public directories, hosting files, and user
accounts

Question 101

Point-to-Point Tunneling Protocol (PPTP)

Answer 101

Have been deprecated because they do not offer adequate security. Transport Layer Security (TLS) and IPSec are now the preferred options for configuring VPN
access

Question 102

Secure Sockets Tunneling Protocols (SSTP)

Answer 102

Works by tunneling Point-to-Point Protocol (PPP) layer 2
frame over a TLS session

Question 103

Internet Key Exchange (IKE) v2 vs IKE v1:

Answer 103

• Support for EAP
• Simplified connection set up
• Reliability

Question 104

Support for EAP for IKE v2

Answer 104

Authentication methods, allowing, for example, user authentication against a
RADIUS server

Question 105

Simplified connection set up for IKE v2

Answer 105

IKE v2 specifies a single 4-message setup more, reducing
bandwidth without compromising security

Question 106

Reliability and Multihoming for IKE v2

Answer 106

IKE v2 allows NAT traversal and MOBIKE multihoming. Multihoming means that a client such as a smartphone with multiple interfaces (such as Wi-Fi and cellular) can keep the IPS connection alive when switching between them.