CSCI 427 Exam 1

Question 1

What are the three principles that form the Security Triad?

Answer 1

confidentiality, integrity, availability

Question 2

What is confidentiality mean in the context of security?

Answer 2

data is only available to authorized users

Question 3

What does integrity mean in the context of security?

Answer 3

the data has not been altered between the person who originated it and the receiver

Question 4

What does availability mean in the context of security?

Answer 4

data and systems being available when needed without interruption

Question 5

What is the difference between authentication and authorization?

Answer 5

authentication: procedures to identify users are who they claim to be (the account itself)
authorization: permissions to control user access to data (permissions assigned to that particular account)

Question 6

? is the ability of a system to track the actions of users.

Answer 6

accountability

Question 7

When implemented correctly, ? provides nonrepudiation

Answer 7

accountability

Question 8

Pentesters should always have ? before starting a pentest

Answer 8

permission/contract

Question 9

List three questions pentesters should always ask clients prior to performing a penetration test

Answer 9

(1) Why do they want/need a pentest? (2) What are the rules of engagement? (3) What are the client’s expectations at the end of the test?

Question 10

Who was John Nevil Maskelyne, and why is he noteworthy in the context of hacking?

Answer 10

credited for the first known form of electronic “hacking” – disrupting a wireless telegraph (hacked the radio signal to prove insecure by turning the dial to the right frequency and overpowering the signal)

Question 11

Section 1030 of the Computer Fraud and Abuse Act defines a “protected computer” as any computer taking part in interstate and/or foreign commerce and/or communication. Why is this definition considered broad and applicable to almost any computer?

Answer 11

It sweeps up every modern computer because all are used for email, online shopping, etc.

Question 12

What is a Layer 2 (Ethernet) device that is outmoded and should never be used?

Answer 12

hubs

Question 13

How does a switch differ from a hub?

Answer 13

only send signals to their intended recipients (hubs forward signals to all connected devices)

Question 14

What is a Layer 3 (Network) device that connects networks?

Answer 14

router

Question 15

? is a critical network device that restricts traffic between networks and typically sits between a router and the Internet

Answer 15

firewall

Question 16

? are placed close to network choke points and monitor for malicious network traffic

Answer 16

Intrusion Detection Systems (IDS)

Question 17

List the 7 layers of the OSI Model

Answer 17

(in order 7 to 1): Application, Presentation, Session, Transport, Network, Data Link, Physical

Question 18

TCP takes place at which OSI layer?

Answer 18

transport (L4)

Question 19

Ethernet takes place at which OSI layer?

Answer 19

data link (L2)

Question 20

List the steps of the TCP three-way handshake

Answer 20

1. client sends a SYN data packet to a server to see if the server is open for new connections
2. the server responds and returns a SYN/ACK packet to confirm
3. the client receives the SYN/ACK from the server and responds with an ACK packet
4. the connection is created and the client and server can now communicate

Question 21

Which header includes IP addresses?

Answer 21

IP header format

Question 22

Which header can include SYN flags?

Answer 22

TCP segment header

Question 23

Which header includes MAC addresses?

Answer 23

Ethernet segment header

Question 24

List 3 common network device vulnerabilities.

Answer 24

enabled telnet, default passwords, out of date firmware

Question 25

SYN flag

Answer 25

initiates a connection between two hosts

Question 26

ACK flag

Answer 26

acknowledges the receipt of a SYN and data packets after a connection is established

Question 27

FIN flag

Answer 27

tells the remote system that no more data will be sent, gracefully closing a connection

Question 28

Encryption primarily accomplishes ? in the Security Triad.

Answer 28

confidentiality

Question 29

Digital signatures provide nonrepudiation because

Answer 29

only the public key can decrypt anything that’s been encrypted with the private key; cryptography allows authentication to positively identify data as coming from its creator

Question 30

Nonrepudiation is

Answer 30

positive, undeniable evidence of a source

Question 31

A cipher is

Answer 31

the algorithm used for encrypting plain text into cipher text (encryption algorithm)

Question 32

What is the difference between symmetric and asymmetric cryptography?

Answer 32

symmetric uses a single key to both encrypt and decrypt

asymmetric uses a key pair system – a public (internet) key and a private (you/server only) key

Question 33

Which of the following symmetric algorithms is still considered secure? RC4, DES, AES- 256

Answer 33

AES-256

Question 34

What are the two drawbacks (weaknesses) to using symmetric cryptography?

Answer 34

1. no nonrepudiation features because you only have one key

2. key management (how do both parties get the same key securely?)

Question 35

What are the six steps of the TLS handshake?

Answer 35

1. Client sends “hello” to the server, which includes the encryption algorithms the client supports
2. Server responds with “hello” that includes the encryption algorithm the server will accept and also includes the server’s certification which contains he public key
3. Client uses agreed upon encryption algorithm to generate a session key, which is then encrypted with the public key
4. Client sends the encrypted session key and a “client finished” message to the server
5. Server uses private key to decrypt the session key and responds with a “server finished” message
6. Secure symmetrically encrypted transmissions now take place using the session key

Question 36

What do certificate authorities do?

Answer 36

create & bind together private and public keys and issue them to clients

Question 37

Define hashing

Answer 37

a one-way encryption algorithm that in theory cannot be reversed

Question 38

The five steps of the RSA algorithm

Answer 38

1. Generate two large primes, p and q, such that their product is the required bit length.
2. n = p*q
3. phi(n) = (p-1)(q-1)
4. Select e such that 1 < e < phi(n) AND the GCD of e and phi(n) = 1
5. Compute d, where 1 < d < phi(n), such that d*e(mod phi(n)) = 1

Question 39

What two values constitute the RSA public key?

Answer 39

(e, n)

Question 40

What two values constitute the RSA private key?

Answer 40

(d, n)

Question 41

RSA encryption algorithm

Answer 41

t^e (mod n) = c

Question 42

RSA decryption algorithm

Answer 42

c^d (mod n) = t

Question 43

Why have the majority of mobile devices moved to elliptic curve cryptography?

Answer 43

less cpu cycles are required compared to RSA (computationally efficient)

Question 44

In ECC, what is P?

Answer 44

random generator point (starts encryption process)

Question 45

In ECC, what is T?

Answer 45

public key; some other point on the curve derived after a number of group operations

Question 46

In ECC, what is d?

Answer 46

private key; number of group operations to arrive at T

Question 47

What is the difference between a port scan and a vulnerability scan?

Answer 47

open ports vs vulnerable services running on those ports

Question 48

What is the phase of penetration testing where you build a picture of the target’s security posture?

Answer 48

footprinting

Question 49

What is the phase of penetration testing where information gathered during footprinting is built upon by finding open ports, locating more hosts, and revealing host vulnerabilities?

Answer 49

scanning

Question 50

? is a full-featured data mining tool included in Kali.

Answer 50

Maltego

Question 51

whois

Answer 51

finds domain name and name server ownership

Question 52

nslookup

Answer 52

queries DNS servers for IP addresses

Question 53

traceroute

Answer 53

how many routers b/w you and target

Question 54

perform an aggressive scan

Answer 54

nmap -A

Question 55

perform a ping scan only

Answer 55

nmap -sP

Question 56

operating system detection

Answer 56

nmap -O

Question 57

service version detection

Answer 57

nmap -sV

Question 58

Know the hping3 command to perform a DoS attack while obfuscating your IP.

Answer 58

hping3 -S –flood –rand-source [ip of target]

Question 59

A ? connection creates a listening socket on the target and requires the attacker to use an open port on the organization’s firewall.

Answer 59

forward bind

Question 60

List 3 of the most common system vulnerabilities.

Answer 60

memory, input validation, privilege escalation

Question 61

What is RHOST?

Answer 61

target IP

Question 62

What is LHOST?

Answer 62

attacker IP

Question 63

What is an exploit?

Answer 63

code that takes advantage of a vulnerability

Question 64

What is a payload?

Answer 64

code delivered via exploit that creates a connection to attacker

Question 65

What is the command to start the database Metasploit uses?

Answer 65

service postgresql start

Question 66

What is the command to initialize the database Metasploit uses?

Answer 66

msfdb init

Question 67

Why is it forensically difficult to determine if a computer has been compromised by Metasploit?

Answer 67

runs in RAM

Question 68

What is the command to search for exploits in Metasploit?

Answer 68

search

Question 69

How do you know if a payload creates a forward or reverse connection?

Answer 69

forward has bind in title, reverse is in the /reverse directory

Question 70

What is the command to view options for exploits and payloads?

Answer 70

show options

Question 71

What is the command to set options?

Answer 71

set

Question 72

What is the command to use an exploit?

Answer 72

use

Question 73

What is the command to run an exploit?

Answer 73

exploit or run

Question 74

IP goes with Layer

Answer 74

3 (network)

Question 75

MAC goes with Layer

Answer 75

2 (data link)

Question 76

Know the option and syntax to perform an nmap scan against a given target and range of ports.

Answer 76

nmap -p50-100 [target]

Question 77

What is Armitage?

Answer 77

gui interface for metasploit

Question 78

A ? connection creates a listener on the attacker’s computer and requires waiting for the target to connect to the attacker, thus bypassing inbound firewall rules at the organization

Answer 78

reverse