Domain 2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization. Flashcards

1
Q

Wireshark

A

Protocol Analyzer - essentially the only one people use.
look at the current traffic on a network and allow you to view that traffic and capture a copy of the traffic for later analysis. •

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

pwdump

A

used to crack Microsoft passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Microsoft Baseline Security Analyzer (MBSA)

A

Active scanner that will interact directly with the target network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Nessus

A

1 vulnerability scanner in the world

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

exploitation framework

A

metasploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

obfuscate

A

to hide

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

honeypot

A

a single server used to entice an attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

honeynet

A

an entire network or section of your network used to entice an attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SAN stands for

A

Storage Area Network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

iSCSI

A

Slowest (7Gbps) and least expensive backup transport method

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

FCOE

A

fiber channel over ethernet (10Gbps) (backup transport method)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Fiber Channel

A

speed greater than 16Gbps (backup transport method)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

NAS

A

Network attached storage. A drive that appears as one drive, but is composed of multiple drives. Each user has a disk quota, or space limit on the NAS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

DAS

A

Direct Attached Storage. A storage device directly connected to a server or computer. (ie. The harddrives in a server)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Grandfather

A

Monthly full backup with Taps. Stored off site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Father

A

A weekly full backup with tapes. Stored off site,

17
Q

Son

A

A Daily incremental/differential backup. Stored on site.

18
Q

Tower of Hanoi

A

Complicated backup scheme, just know it is a bbackup tape scheme.

19
Q

Incremental backup

A

backs up everything that has changed since the last incremental backup. for example. Friday you did a full backup, monday gets the changes since then. Tuesdays gets the changes since monday. Wednesdays gets the changes since tuesday. etc etc
so if you have to restore on Thursday you need every days tape (full backup(friday), Mon, Tues, and Wed)

20
Q

Differential Backup

A

backs up everything that has changed since the last FULL backup. for example: full backup Friday, Mondays backup will have anything that has changed on monday. Tuesdays will contain changes from Monday and Tuesday. Wednesdays will include Monday, Tuesday, and Wednesday. etc if you have to restore on Thursday you need only the full backup, and the night before (full backup (Friday), and Wednesday)

21
Q

Ten Tape Rotation

A

backup scheme that is exactly what it sounds like. Used by small businesses exclusively. Stores data for two weeks. one backup tape for each week day.

22
Q

Banner Grabbing

A

A technique used to glean information about a computer system on a network and the services running on its open ports.
The victim SHOULD KNOW you are acquiring data regarding their network.

23
Q

PING

A

Verifies that a path exists between to devices on a network. Used to test if a device is active on the network
Microsoft - 4 replies (if you used ‘ping -t’ it will continue to ping until cancelled)
Cisco - 5 replies
Linux - keeps pinging until you stop

24
Q

traceroute/tracert

A

Displays a list of hops between to devices on the network.
Tracert – Microsoft
Traceroute - Linux & Cisco

25
Q

netstat

A

It displays current network connections both incoming and outgoing.
Both Microsoft and Linux

26
Q

nslookup/dig

A

Used to perform manual DNS Queries
nslookup -Microsoft
dig - Linux

27
Q

ARP

A

Address Resolution Protocol

ties an FQDN to an IP address.

28
Q

ipconfig / ifconfig

A

Used to display and modify IP configuration information on your network interfaces
ipconfig - Microsoft
ifconfig - Linux

29
Q

tcpdump

A

a common packet sniffer for Linux

30
Q

nmap

A

An application that is used as a network mapper or port scanner.

There is a GUI version called Zenmap

31
Q

what are the flags used in this command?

- nmap -O -PT -T1 192.168.1.1

A

Scan to detect operating system (-O)
Scan TCP (-PT)
Scan sneeky speed (-T1)

32
Q

netcat

A

A network utility allows you to read and write to network connections using either TCP or UDP.

33
Q

what are the flags used in this command?

nc -l -p 12345

A

nc - netcat

  • l = listen
  • p = port number
34
Q

Which of the following tools would Matt, a security administrator, MOST likely use to analyze a malicious payload?

A. Vulnerability scanner
B. Fuzzer
C. Port scanner
D. Protocol analyzer

A

D. Protocol analyzer

35
Q

There have been recent cases of people connecting their own personal Wireless Access Points to the corporate network. What can you deploy to identify these Rouge Aps and stop them from accessing the network?

A. IDS
B. NAC
C. WIPS
D. Protocol Analyzer

A

C. WIPS

36
Q

Which of the following commands can be used in Linux to see what ports are being used on an interface?

A. ifconfig
B. nslookup
C. ping
D. tcpdump

A

D. tcpdump

37
Q

Fuzzing

A

a method to make a system crash, using SEMI-RANDOM DATA.

38
Q

Sandbox

A

a Test environment isolated from your production network.