Domain 2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization.

Question 1

Wireshark

Answer 1

Protocol Analyzer - essentially the only one people use.
look at the current traffic on a network and allow you to view that traffic and capture a copy of the traffic for later analysis. •

Question 2

pwdump

Answer 2

used to crack Microsoft passwords

Question 3

Microsoft Baseline Security Analyzer (MBSA)

Answer 3

Active scanner that will interact directly with the target network

Question 4

Nessus

Answer 4

1 vulnerability scanner in the world

Question 5

exploitation framework

Answer 5

metasploit

Question 6

obfuscate

Answer 6

to hide

Question 7

honeypot

Answer 7

a single server used to entice an attacker

Question 8

honeynet

Answer 8

an entire network or section of your network used to entice an attacker

Question 9

SAN stands for

Answer 9

Storage Area Network

Question 10

iSCSI

Answer 10

Slowest (7Gbps) and least expensive backup transport method

Question 11

FCOE

Answer 11

fiber channel over ethernet (10Gbps) (backup transport method)

Question 12

Fiber Channel

Answer 12

speed greater than 16Gbps (backup transport method)

Question 13

NAS

Answer 13

Network attached storage. A drive that appears as one drive, but is composed of multiple drives. Each user has a disk quota, or space limit on the NAS.

Question 14

DAS

Answer 14

Direct Attached Storage. A storage device directly connected to a server or computer. (ie. The harddrives in a server)

Question 15

Grandfather

Answer 15

Monthly full backup with Taps. Stored off site.

Question 16

Father

Answer 16

A weekly full backup with tapes. Stored off site,

Question 17

Son

Answer 17

A Daily incremental/differential backup. Stored on site.

Question 18

Tower of Hanoi

Answer 18

Complicated backup scheme, just know it is a bbackup tape scheme.

Question 19

Incremental backup

Answer 19

backs up everything that has changed since the last incremental backup. for example. Friday you did a full backup, monday gets the changes since then. Tuesdays gets the changes since monday. Wednesdays gets the changes since tuesday. etc etc
so if you have to restore on Thursday you need every days tape (full backup(friday), Mon, Tues, and Wed)

Question 20

Differential Backup

Answer 20

backs up everything that has changed since the last FULL backup. for example: full backup Friday, Mondays backup will have anything that has changed on monday. Tuesdays will contain changes from Monday and Tuesday. Wednesdays will include Monday, Tuesday, and Wednesday. etc if you have to restore on Thursday you need only the full backup, and the night before (full backup (Friday), and Wednesday)

Question 21

Ten Tape Rotation

Answer 21

backup scheme that is exactly what it sounds like. Used by small businesses exclusively. Stores data for two weeks. one backup tape for each week day.

Question 22

Banner Grabbing

Answer 22

A technique used to glean information about a computer system on a network and the services running on its open ports.
The victim SHOULD KNOW you are acquiring data regarding their network.

Question 23

PING

Answer 23

Verifies that a path exists between to devices on a network. Used to test if a device is active on the network
Microsoft - 4 replies (if you used ‘ping -t’ it will continue to ping until cancelled)
Cisco - 5 replies
Linux - keeps pinging until you stop

Question 24

traceroute/tracert

Answer 24

Displays a list of hops between to devices on the network.
Tracert – Microsoft
Traceroute - Linux & Cisco

Question 25

netstat

Answer 25

It displays current network connections both incoming and outgoing.
Both Microsoft and Linux

Question 26

nslookup/dig

Answer 26

Used to perform manual DNS Queries
nslookup -Microsoft
dig - Linux

Question 27

ARP

Answer 27

Address Resolution Protocol

ties an FQDN to an IP address.

Question 28

ipconfig / ifconfig

Answer 28

Used to display and modify IP configuration information on your network interfaces
ipconfig - Microsoft
ifconfig - Linux

Question 29

tcpdump

Answer 29

a common packet sniffer for Linux

Question 30

nmap

Answer 30

An application that is used as a network mapper or port scanner.

There is a GUI version called Zenmap

Question 31

what are the flags used in this command?

- nmap -O -PT -T1 192.168.1.1

Answer 31

Scan to detect operating system (-O)
Scan TCP (-PT)
Scan sneeky speed (-T1)

Question 32

netcat

Answer 32

A network utility allows you to read and write to network connections using either TCP or UDP.

Question 33

what are the flags used in this command?

nc -l -p 12345

Answer 33

nc - netcat

• l = listen
• p = port number

Question 34

Which of the following tools would Matt, a security administrator, MOST likely use to analyze a malicious payload?

A. Vulnerability scanner
B. Fuzzer
C. Port scanner
D. Protocol analyzer

Answer 34

D. Protocol analyzer

Question 35

There have been recent cases of people connecting their own personal Wireless Access Points to the corporate network. What can you deploy to identify these Rouge Aps and stop them from accessing the network?

A. IDS
B. NAC
C. WIPS
D. Protocol Analyzer

Answer 35

C. WIPS

Question 36

Which of the following commands can be used in Linux to see what ports are being used on an interface?

A. ifconfig
B. nslookup
C. ping
D. tcpdump

Answer 36

D. tcpdump

Question 37

Fuzzing

Answer 37

a method to make a system crash, using SEMI-RANDOM DATA.

Question 38

Sandbox

Answer 38

a Test environment isolated from your production network.