Deck C Prt. 2

Question 1

Macro Virus

Answer 1

Is Usually Targeted at Microsoft Office Products

Question 2

Nessus OR Qualys

Answer 2

Aare the Best Scan TOOLS to Discover Vulnerabilities on a Windows Based Computer

Question 3

Nikto

Answer 3

Is a Tool that can be Used to Perform Comprehensive Tests against Web Servers, Including Dangerous files on CGIs. NIKTO is a Pluggable Web Server and CGI Scanner written in PERL.

Question 4

Nmap Option

Answer 4

nmap -F is the Option that allows you to Scan Fewer Ports than the Default Scan using nmap tool

Question 5

Nslookup

Answer 5

Norecursive update.antivirus.com Is the Command that you can use to determine if the entry is present in DNS Cache.

Question 6

PKI (Public Key Infrastructure)

Answer 6

Is Designed to verify and Authenticate the Identity of INDIVIDUALS within the enterprise taking part in a DATA Exchange.

Question 7

Password Spraying

Answer 7

Is a Technique of cracking User Accounts in which the Hacker uses a list of common Passwords from the internet compiled into a list and then feeds that list as an Argument into the Password Cracking Application. Password Spraying uses a few common passwords to Target Thousands of accounts whereas Brute Force Attack Targets few Accounts with Thousands of Different Passwords Combinations

Question 8

Port 123

Answer 8

NTP (Network Time Protocol) UDP Port 123

Question 9

Presentation Layer

Answer 9

Is the Layer of the OSI 7 Layers that is Responsible for Encryption and Decryption of the Message.

Question 10

Private IP Address

Answer 10

192.168.1.0 is a Private IP Address and will now allow the computer to Reach the Internet since the Gateway is Not Routing to a Public IP Address. Any IP Address Starting with 192.168 is a Private IP Address

Question 11

Privilege Escalation

Answer 11

Is used When the White Hat Hacker Gains control over a User Account and Attempts to acquire Access to Another Account Confidential Files and information.

Question 12

RIPE NCC

Answer 12

Is the RIR( Regional Internet Registry) for France, Europe, West Asia, and former USSR. A RIR Oversees the Allocations and Registration of Internet Number Resources (IPv4 Addresses, IPv6 Addresses and autonomous Systems numbers) in a Specific Region.

Question 13

Ransomware

Answer 13

Best Control AGAINST Ransomware is to use OFFLINE Backup.

Question 14

Reconnaissance

Answer 14

Is the TIME that Hacker Spends performing RESEARCH to locate Information about a Company such as Logos, Formatting, Name of the Company, Name of the CEO, Leadership Team Etc. This is the First step in the Ethical Hacking Process.

Question 15

Residual Risk

Answer 15

Is the Risk that remains after the Vulnerabilities are Classified and the Countermeasures have been Deployed

Question 16

Secure Architecture

Answer 16

Best Practice is to place a Front End Web Server in a DMZ (Demilitarized Zone) That Only Handles External Web Traffic to Prevent Hackers from Compromising the Servers.

Question 17

Smart Card

Answer 17

Is Something you have whereas PIN is Something you KNOW. Together it makes a GOOD MFA(Multi Factor Authentication)

Question 18

Synchronization By Time

Answer 18

When The Network Devices are not Synchronized by time, The Sequence of Numerous Logged Events will not match up when Correlating Logs From Various Sources.

Question 19

Tree Based Assessment

Answer 19

Is The Approach in Which Auditor Follows Different Strategies for each Component of an Environment

Question 20

Unicode Characters

Answer 20

Using UNICODE CHARACTERS Is a Very common IDS Evasion Technique in the Internet

Question 21

Vulnerability Scanner

Answer 21

Checking If the Remote HOST is Alive is the First Step Followed by Vulnerability Scanners For Scanning a Network.

Question 22

Web Server Hardening

Answer 22

LIMITS the ADMIN or Root Level Access to the minimum number of user to secure the USER Accounts on the Web Server.

Question 23

Whitelist Validation

Answer 23

Is a Defensive Technique that Attempts to Check that a Given DATA Matches a set of Known Rules. EXAMPLE a Whitelist Validation Rule for a US State Would be a 2-Letter Code that is only one of the valid US States. It ENSURES that only a List of ENTITIES such as the Data Type, Range, Size, and Value, Which have been approved for Secured Access is Accepted.

Question 24

Wireless Network Assessment

Answer 24

Helps Identify Unusual Wireless Traffic in the Internal Network Generated by a Rouge Access Point that is aimed to cracking the Authentication Mechanism.

Question 25

Wireless Packet Sniffer

Answer 25

WHEN a Wireless Packet Sniffer SHOWS that the WAP(Wireless Access Point) is not Responding to the Association Requests being Sent by the wireless client, it means the WAP does not Recognize the Client’s MAC Address.