Domain 4 Flashcards
What commands display the route a packet takes to a destination, recording the number of hops along the way
These are excellent tools to use to see where a packet may get hung up during transmission
tracert and trace-route
If you want to query a DNS server, you can use this command on Windows or this command on Linux .you can Query for individual DNS record
nslookup/dig
To obtain the network information about a host, you can use this command on Windows or the same command on Linux
ipconfig/ifconfig
What is an open-source security scanner You can use it to scan hosts for vulnerabilities, scan for open ports, or fingerprint remote hosts to find out which operating systems they run
This tool is very useful for analyzing an environment
Nmap
This command is used to test connectivity between systems
This command is a multi-platform utility, originally written for UNIX, that uses ICMP to communicate with remote hosts
ping/pathping
is a TCP/IP packet creation tool that allows a user to craft raw IP, TCP, UDP, and ICMP packets from scratchThis tool provides a means of performing a wide range of network operations; anything that you can do with those protocols can be crafted into a packet
Hping
The ____ command enables you to look at the current network communications on a host You can use it to look for listening Ports and established connections
Netsat
What is the network utility designed for Linux environments. What is a network tool that can be used to perform network troubleshooting, explore networks or scan for open ports
Netcat
What scan IP networks and can report on the status of IP addresses
There are a wide range of free and commercial scanning tools
IP scanners
The ___ command is used to display the ____ table on a host
It can also be used to delete ARB entries in a table
Arp
What command works in Linux and Windows systems to provide information on current routing parameters and to manipulate these parametersIn addition to listing the current routing table, it has the ability to modify the table
Route
What is a tool designed to transfer data to or from a server, without user interaction
It works on both Linux and Windows systems
Curl
What is a Python-based program designed to assist penetration testers in the gathering of information during the reconnaissance portion of a penetration test This is a useful tool for exploring what is publicly available about your organization on the Web
theHarvester
What is a Linux-based tool used by penetration testers. What is the automated scanner designed to collect a large amount of information while scanning for vulnerabilities
Sn1per
What is a command-line utility to interface with websites that can perform port scans as part of a penetration testWhen you use this tool, the source IP address for the scan is the website, not your testing machine
Scanless
What is a Perl script designed to enumerate DNS information. This will enumerate DNS entries, including subdomains, MX records, and IP addresses
DNS enumeration can be used to collect information such as user names and IP addresses of targeted systems
Dnsenum
What is one of the leading vulnerability scanners in the marketplaceIt comes in a free version, with limited IP address capability, and fully functional commercial versions. What is designed to perform a wide range of testing on a system
Nessus
What is a sandbox used for malware analysis. What is designed to allow a means of testing a suspicious file and determining what it does It is open source, free software that can run on Linux and Windows
Cuckoo
What is a utility designed to return the first lines of a file. A common option is the number of lines one wishes to return
Head
What is a utility designed to return the last lines of a file
A common option is the number of lines one wishes to return
Tail
What is a Linux command, short for concatenate, that can be used to create and manipulate files
Cat
What is a Linux utility that can perform pattern-matching searches on file contents
Grep
What is the Linux command used to change access permissions of a file
The general form of the command ischmod<options> <permissions> <filename></filename></permissions></options>
Chmod
The Linux command loggeris how you can add log file information to /var/log/syslog
The ______ command works from the command line, from scripts, or from other files, thus providing a versatile means of making log entries
Logger
What is a cryptographically secured means of communicating and managing a network
This uses port 22 and is the secure replacement for Telnet
SSH
What is a Microsoft Windows-based task automation and configuration management framework, consisting of a command-line shell and scripting language. This is a powerful command-line scripting interface. These files use the .ps1 file extension
PowerShell
This is a computer language commonly used for scripting and data analysis tasks facing system administrators and security personnel
This is a general-purpose computer programming language that uses the file extension
Python
What is a general-purpose cryptography library that offers a wide range of cryptographic functions on Windows and Linux systems
Designed to be a full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, it provides so much more for real-world daily challenges
OpenSLL
What is the name for both a tool and a suite of tools
As a suite, this is a group of free, open source utilities for editing and replaying previously captured network trafficAs a tool, it specifically replays a PCAP file on a network
Tcpreplay
This utility is designed to analyze network packets either from a network connection or a recorded fileYou also can use this to create files of packet captures, called PCAP files, and perform filtering between input and output, making it a valuable tool to lessen data loads on other tools
Tcpdump
Whatis the gold standard for graphical analysis of network protocol
lsWith dissectors that allow the analysis of virtually any network protocol, this tool can allow you toexamine individual packets, monitor conversations, carve out files, and more
Wireshark
What is the use of specific methods to determine who did what on a system at a specific time, or some variant of this question Computers have a wide range of artifacts that can be analyzed to make these determinations
Forensics
What is a Linux command-line utility used to convert and copy files
On Linux systems, virtually everything is represented in storage as a file, and this can read and/or write from/to these files, provided that function is implemented in the respective drivers
Data Dump dd
This program dumps system memory to the standard output stream, skipping over any holes in memory maps
By default, the program dumps the contents of physical memory (/dev/mem). The output from this is in the form of a raw dump
Memedump
What is a hexadecimal file editor
This tool is very useful in forensically investigating files, and can examine specific application files without invoking the application and changing the data
WinHex
What is the company AccessData’s answer to dd. This is a commercial program, free for use, and is designed to capture an image of a hard drive (or other device) in a forensic fashion
FTK imager
This is the open source answer for digital forensic tool suites
It runs on Windows and offers a comprehensive set of tools that can enable network-basedcollaboration and automated, intuitive workflows
Autopsy
What are toolsets designed to assist hackers in the tasks associated with exploiting vulnerabilities in a system
These frameworks are important because the exploitation path typically involves multiple steps, all done in precise order on a system to gain meaningful effect
Exploitation frameworks
What is a tool that tries to obtain access credentials without authorization. These work using dictionary lists and brute force
password cracker
These tools are tools used to destroy, purge, or otherwise identify for destruction specific types of data on systems
Before a system can be retired and disposed of, you need to sanitize the data needs
Data sanitization
This the describes the steps an organization performs in response to any situation determined to be abnormal in the operation of a computer system or network
Incident response plans
What is the set of actions security personnel perform in response to a wide range of triggering events
1.Preparation2.Identification3.Containment4.Eradication5.Recovery6.Lessons learned
Incident response process
What the phase of incident response that occurs before a specific incident
This includes all the tasks needed to be organized and ready to respond to an incident
Preparation
What is the process where a team member suspects that a problem is bigger than an isolated incident and notifies the incident response team for further investigationA
n incident is defined as a situation that departs from normal, routine operations
Identification
What is the set of actions taken to constrain the incident to a minimal number of machines
This preserves as much of production as possible and ultimately makes handling the incident easier
Containment
What involves removing the problem, and in today’s complex system environment, this may mean rebuilding a clean machine
A key part of operational eradication is the prevention of reinfection
Eradication
What is the process of returning the asset into the business function and restoring normal business operationsThe recovery process includes the steps necessary to return the system and applications to operational status
Recovery
What phase serves two distinct purposes
The first is to document what went wrong and allowed the incident to occur in the first place
The second is to examine the incident response process itself
Lessons learned
What exercise is one that is designed for the participants to walk through all the steps of a process, ensuring all elements are covered and that the plan does not forget a key dataset or personThis is typically a fairly high-levelreview, designed to uncover missing or poorly covered elements
tabletop
How do you examine the actual steps that take place associated with a process, procedure, or event
What are in essence a second set of eyes, where one party either explains or demonstrates the steps to perform a task while a second person observes
Walkthroughs
what is an approximation ofthe operation of a process or system that is designed to represent the actual system operations over a period of timeThe simulation can be used in place of systems or elements that are not practical to replicate during an exercise
Simulations
What framework is a knowledgebase of various real-world observations and attack techniquesIt is often used by organizations for threat modeling
MITRE ATT&CK
What is a cognitive model used by the threat intelligence community to describe a specific event
The Diamond Model enables intrusion analysis by placing malicious activity at four points of the diamond: adversary, infrastructure, capability, and victim
The Diamond Model of Intrusion Analysis
Developed by Lockheed Martin, what is is a framework used to defend against the chain of events an attacker takes, from the beginning of an attack to the end of an attackThis model has a series of distinct steps that an attacker usesduring a cyberattack—from the early reconnaissance stages to the exfiltration of data
Cyber Kill Chain
What is Having a management process, including defined personnel roles and responsibilities, is essential for the management of the stakeholders and their relationships during incidents
Stakeholder management
as part of the incident response effort that answers the preceding questions and defines responsibilities for communication is a key element to be developed during the preparation phase
communication plan