Deck B Prt. 2 Flashcards

1
Q

NetPass.exe

A

Is a LEGITIMATE Password Recovery tool developed by Nirsoft. It Can retrieve all passwords stored in a system for a Logged in User, as well as those kept on EXTERNAL Drives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

nmap TCP SYN PING Scan

A

Can Be Carreid out by the Command (nmap -sn-PS<Target>) Ping Scans are used for
Detecting live hosts in networks</Target>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Obfuscation

A

Is A Technique that Encodes Packets with Unicode Chacters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Outlook Scraper

A

Is a Malicious Utility that scrapes credentials from the Users Outlook Accounts and Uses this Infor to send out further PHISHING Emails

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Passive Assessment

A

External Assessment is the one in which the Penetration Tester can obtain the list of the Users who are currenty Accessing the Company Network and Identify Active Systems on the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Patch Management

A

Is A BIG Security Issue in the industry that leads to many ATTACKS. It is when the Fix was Available from the software vendor for several months prior to the INTRUSION, but the Targe Organizations take a very long time to Patch Their systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Pharming

A

Is also Called DNS Cache Poisoning and is Carried out by EXPLOITING the Vulnerabilities in the DNS server Software and Modifying the Original IP Address for the targe website to that of a fake Website to redirect the Traffic to the FAKE Site and Harvest the Credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Phishing

A

Is an Attack in Which the Attacker Redirects the Victims to Malicious Websites by sending them a Malicious LINK by Email. The link Appears Authentic but redirects the victim to a malicious web page, which allows the Attackers to Steal the Victim’s DATA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

RADIUS

A

(Remote Authentication Dial In User Service) PORT UDP 1812 Is an an example of AAA Service that can be used to secure a LDAP Service Against Anonymous Queries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

RESTful API

A

Is a WEB Service API that is Centralized and Uses HTTP Methods such as PUT, POST, GET, & Delete and can improve the overall Performance, Visibility, Scalability, Reliability and Portability of an application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SOX Compliance

A

Is Sarabanes Oxley Compliance law that was Enacted back in early 2000 to improve the accuracy and accountability of corporate disclosures and prevent accounting fraud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SMB (Server Message Block)

A

Is the Service That Hackers Enumerate to gain Information and it Runs Directly on TCP Port 445

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Special Nmap Command

A

nmap -Pn -sU -p 44818 –
Script enip-info [Target IP] is a special nmap command to IDENTIFY Ethernet/IP devices connected to the internet and further gathered information such as the vendor name, Product code and name, Device name, and IP Address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Stateful or Stateless Firewall

A

nmap -A command is used to determine whether the Firewall is stateful or Stateless. It is used for mapping firewall rulesets and distinguish between stateful and stateless firewalls, this scan type sends ACK Packets to a HOST to find out if the port is filtered or unfiltered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

TTL Value of Windows

A

The Time to Live (TTL) value of Windows OS is 128

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Time based and Boolean Based SQL Injection

A

Time Based and Boolean Based SQL Injection attacks are special type of SQL Injection Attack that is used to Test the Response of a true or false response and uses a second command to extract the details from the Database

17
Q

True Positive

A

Happens when the IDS Actually DETECTS a TRUE Intrusion. It is opposite of False Positive

18
Q

Twofish Encryption Algorithm

A

Is an Encryption Algorithm with 128 bit block size and its key size can be up to 256 bits.

19
Q

Variation

A

Is a type of SQL Injection Attack that helps the attackers to evade any comparison statement by placing characters such as 1=1 in any basic Injection Statement such as or 1=1

20
Q

WS- Address Spoofing

A

Is a Type of Attack on web services that Exploits a Vulnerability that provides Additional Routing Information in the SOAP Header to Support Asynchronous Communication. This permits the Hacker to Transmit web service Requests and Response messages using different TCP Connections

21
Q

WebBrowserPassView

A

Is a Password Recovery Tool that operates in most known Web Browsers

22
Q

webhooks

A

is a Web API that helps update Web Applications with the Latest information. It uses a user defined HTTP callback or push APIs that are raised based on trigger Events. When the Webhooks are called, it supplies DATA to other Applications so that Users can instantly receive Real-time Information. A webhook in Web Development is a method of Augmenting or Altering the behavior of a Web Page or Web Application with Custom callbacks

23
Q

Zero Trust Network

A

Is a technique that assumes by default that a user Attempting to access the network is not an Authentic Entity and Verifies every incoming connection before allowing Access to the network. Using this technique, he also imposed conditions such that employees can access only the Resources Required for Their Role

24
Q

Zigbee

A

Is a Wireless Technique for using a short Range communication Protocol based on the IEEE 802.15.4 standard. This Protocol is used in Devices that Transfer DATA Infrequently at a low rate in a restricted area within a Range of 10-100 m. Zigbee is a wireless Technology Developed as an open global Standard to address the unique needs of low cost, Low Power Wireless IoT Networks.

25
Q

[site:]

A

Operator: [site:] is an Advanced Google Operator that allows the hacker to Restrict the search to the Organizations Web Domain.