Glossary

Question 1

Kismet/ Netstumbler

Answer 1

Detects wireless access points and analyzes network traffic. Useful for surveying a network to understand its wireless security footprint.

Question 2

INMAP

Answer 2

Scans networks to identify active hosts and open ports. Employed for initial network reconnaissance and security auditing.

Question 3

WireShark

Answer 3

A packet sniffer and protocol analyzer for realtime network monitoring. Ideal for diagnosing network issues or analyzing security incidents.

Question 4

TCPDump

Answer 4

A Unix/Linux command-line packet capture tool. Helpful for real-time network troubleshooting and capturing packets for later analysis.

Question 5

Honeypots

Answer 5

Decoy systems to lure attackers away from legitimate targets. Useful for studying attacker behaviors and tactics.

Question 6

Hping3

Answer 6

Crafts custom ICMP, UP, and TCP packets to test firewalls. Employed to identify vulnerabilities or misconfigurations in firewall rules.

Question 7

Intel Executable Disable (XD)

Answer 7

Provides hardware-level buffer overflow protection in Intel chipsets. Useful for preventing malicious code execution at the system level.

Question 8

AMD Enhanced Virus Protection

Answer 8

Offers chipset-level buffer overflow protection for AMD processors. Acts as a hardware-level security feature against certain types of attacks.

Question 9

Address Space Layout Randomization (ASLR)

Answer 9

Randomizes memory locations for process execution, offering buffer overflow protection. Effective against exploits aiming to predict memory addresses.

Question 10

Nessus

Answer 10

A Tenable product for vulnerability assessment. it scans networks to identify security risks. Ideal for regular security audits.

Question 11

Metasoloit

Answer 11

A penetration testing framework that includes tools and exploits for securitv assessments. Can be used to simulate cyber-attacks to test network resilience.

Question 12

CANVAS

Answer 12

Vulnerability assessment tool by Immunity, designed for identifying network and system weaknesses. Useful for enterprise security audits.

Question 13

Nikto and Wikto

analize what?

Answer 13

Analyzes web servers and identifies security issues like outdated software and misconfigurations. Effective for hardening web servers before deployment.

Question 14

Burp Suite

Answer 14

A web security testing platform for web application vulnerabilities. Ideal for security assessments of web-based applications.

Question 15

Fuzzers (MiniFuzz, Binscope, Regex Fuzzer)

Answer 15

Automated tools for identifying vulnerabilities by inputting unexpected data. Helpful for discovering unknown issues like crashes or security flaws in software.

Question 16

OpenVAS

Answer 16

Open-source vulnerability scanning and management software. Useful for detecting vulnerabilities in your network before they can be exploited.

Question 17

Snort

Answer 17

Intrusion Detection Svstem (IDS) that monitors network traffic in real-time for malicious activities. Employed for real-time threat detection and prevention.

Question 18

Hashcat

Answer 18

Advanced password recovery and cracking tool. Useful for assessing the strength of passwords by attempting to crack hashed password files.

Question 19

John the Ripper

Answer 19

Password cracking software designed to identify weak passwords by using various attack methods. Effective for security audits to improve password policies.

Question 20

Cuckoo Sandbox

Answer 20

Malware analysis tool that isolates suspicious files in a secure environment. Useful for understanding the behavior of unknown or potentially harmful files.

Question 21

FISMA

Answer 21

Federal Information Security Management Act:
Mandates a comprehensive framework to protect government information, operations, and assets.

Question 22

HIPAA

Answer 22

Health Insurance Portability and Accountability
Act: Regulates the use and disclosure of sensitive patient health information.

Question 23

FERPA

Answer 23

Family Educational Rights and Privacy Act:
Governs the protection of student education records and grants specific rights to students.

Question 24

SOX

Answer 24

The Sarbanes-Oxley Act: Imposes regulations on financial reporting to improve the accuracy and integrity of corporate disclosures.

Question 25

GLBA

Answer 25

The Gramm-Leach-Bliley Act: Requires financial institutions to explain their data-sharing practices and safeguard sensitive data.