INFO

Question 1

is a command that queries the Domain Name System servers for resource records.

       - Can be used on Windows and Linux OS’s

Answer 1

Nslookup

Question 2

allows a user to execute queries back-to-back without typing the entire command for each query

Answer 2

Interactive mode

Question 3

involves typing the entire command for each query. With a known domain name, nslookup will enumerate all IP’s correlated to that IP, aka DNS query.

Answer 3

Non-interactive mode

Question 4

There is a browser based version of nslookup as well

Answer 4

nslookup.io

Question 5

nslookup www.<domain>.com</domain>

Example: nslookup www.virustotal.com

Answer 5

syntax (Nslookup)

Question 6

When you just type in “___________” into your terminal you will enter the interactive mode

Answer 6

nslookup

Question 7

nslookup: this simply Translates an IP address into DNS

Answer 7

“ reverse nslookup” or a “reverse DNS”

Example: nslookup 8.8.8.8 (google)

Question 8

nslookup: This provides mail exchange records

Answer 8

nslookup -query=MX microsoft.com

Question 9

nslookup: This provides start of authority records

Answer 9

nslookup -query=SOA microsoft.com

Question 10

nslookup: This provides name server records

Answer 10

nslookup -query=NS microsoft.com

Question 11

nslookup: This provides all related records

Answer 11

nslookup -query=any microsoft.com

Question 12

True or False

When conducting a Reverse DNS lookup nslookup command, it would look like nslookup www.google.com

Answer 12

False

Question 13

What nslookup command provides mail server information?

Answer 13

-query=MX

Question 14

is a command that queries the Domain Name System servers for records relating to IP addresses, mail exchanges, and name servers

Answer 14

Dig

Question 15

The results from queries can be utilized to troubleshoot network issues.
The dig command resolves names through the resolver libraries that are located on the OS.

Answer 15

Dig

Question 16

When a DNS query is made, information is gathered from the DNS server indicated.

If the indicated server is not found then it will go through the list below until it identifies a source to query:

1. Specified DNS server
2. OS’s default resolver (I.e. resolv.conf)
3. Local host

Answer 16

more options, and more verbose answers

Question 17

dig <dns> <type></type></dns>

Example: dig virustotal.com

Answer 17

Syntax

Question 18

Dig Query Types:

Answer 18

ANY = All Pertinent Records

A = IPV4 Records

AAAA = IPv6 Records

CNAME = Canonical Name Records

MX = Mail Exchange Records

SOA = Start of Authority Records

NS = Name Server Records

PTR = pointer resource record

Question 19

The results above indicate the following:

Answer 19

1. Version of utility installed: 9.11.3-1
2. Header indicates 1 query was made and 0 errors (NOERROR) occurred; and “id” indicates this query’s identification #.
3. The DNS server replied with the results within “ANSWER SECTION,” which includes google.com.’s IPV4 address (indicated by “A” and the IPV)
4. “184” indicates the time to live (TTL) and “IN” represents internet class query
5. Multiple IP’s may represent a load balancer

Question 20

Dig Query Mod: This example provides Mail Exchange Server Record Types:

Answer 20

Example: $ dig microsoft.com MX

Question 21

Query Mod: This example provides IPV4 Record Types:

Answer 21

Example: $ dig microsoft.com A

Question 22

Dig Query Mod: This example provides Name Server Record Types

Answer 22

Example: $ dig microsoft.com NS

Question 23

Query Mod: This example provides Start of Authority Record Types:

Answer 23

Example: $ dig microsoft.com SOA

Question 24

Query Mod: This example provides IPV6 Record Types:

Answer 24

Example: $ dig microsoft.com AAAA

Question 25

Query Mod: This example provides ALL Record Types:

Answer 25

Example: $ dig microsoft.com ANY

Question 26

Dig Options: Place this behind any request will display just the desired info.

Answer 26

+short (Ex: DIG apple.com MX +short or DIG apple.com NS +short)

Question 27

Dig Options: Turn off comment lines

Answer 27

+no comments

Question 28

Dig Options: Turn off the authority section

Answer 28

+noauthority

Question 29

Dig Options: Turn off all sections

Answer 29

+noall

Question 30

Dig Options: Turn off the additional section

Answer 30

+noadditional

Question 31

Dig Options: Turn off the answer section

Answer 31

+noanswer

Question 32

Dig Options: Turn off the stats section

Answer 32

+nostats

Question 33

Dig Options: Trace the nameservers the queries are going to

Answer 33

+trace

Question 34

Dig Options: Turn on the answer section

Answer 34

+answer

Question 35

Dig Options: Perform a DNS Zone transfer (This is commonly disabled due to security concerns)

Answer 35

-Axfr

Question 36

Dig Options: Perform a reverse lookup

Answer 36

-X

Question 37

Dig Errors: no errors

Answer 37

NO ERROR

Question 38

Dig Errors: Name queried exists, but no data or invalid data for that name at the requested authority

Answer 38

SERVFAIL

Question 39

What dig command provides name server information?

Answer 39

dig domain NS

Question 40

Dig Errors: Name queried does not exist and no authoritative DNS data to be served

Answer 40

NXDOMAIN

Question 41

What option performs a reverse lookup?

Answer 41

-X

Question 42

Dig Errors: Zone does not exist at the request authority and their infrastructure is not serving things that don’t exist at all

Answer 42

REFUSED

Question 43

command is a diagnostic tool that is built into most operating systems and uses ICMP echo packets with variable time to live (TTL) values to print the trace between two points. The trace is given by reporting all of the IPs of the routers that were pinged in between the source and destination points. _________ will allow a user to see the gateways a packet passes through to reach its destination.

Answer 43

traceroute

Question 44

man traceroute Syntax: traceroute Example: traceroute www.google.com

Answer 44

For help syntax Example

Question 45

What command is used to print the trace between two point

Answer 45

traceroute

Question 46

What type of messages does traceroute use?

Answer 46

ICMP

Question 47

command is used to verify that a remote host is able to respond to network connections. While in some ways the _______ command is similar to the traceroute command, the ping command will only tell us if the server is reachable and the time that it takes to transmit and receive data. Traceroutes on the other hand, will provide detailed and precise route information, router by router, and the time it took for each hop.

Answer 47

ping

Question 48

ping Example: ping 8.8.8.8

Answer 48

syntax

Question 49

True or false: The ping command tells us if the server is reachable and the time that it takes to transmit and receive data

Answer 49

True

Question 50

True or false: Ping commands provide more accurate information that traceroutes.

Answer 50

False

Question 51

The methodology of performing penetration testing or cyber-attacks have been broken down by many organizations. One example of this is the

Answer 51

Cyber Kill Chain framework

Question 52

* Reconnaissance * Weaponization * Delivery * Exploitation * Installation * Command & Control (C2) * Action on Objectives

Answer 52

7 steps of Cyber Kill Chain framework

Question 53

____________ is a technique that establishes a numeric understanding of the target and enables the identification and collection of important information about the target devices, users, networks and network resources; among other things

Answer 53

Enumeration

Question 54

_____________ involves gathering as much data as possible pertaining to a target(s). The amount of information gathered may determine the number of attack vectors that can be exploited.

Answer 54

Information gathering

Question 55

The key term for information gathering is _________, i.e. to establish or indicate the who’s and the what’s. These factors are the building blocks that drive offensive cyber operations. Without accurate and actionable intelligence, we cannot appropriately carryout offensive attacks.

Answer 55

identify

Question 56

Information gathering can involve the following data to be enumerated

Answer 56

* IP Addresses * Protocols * Users Credentials * Scheduled Tasks / Cron Jobs * Services * Programs * Functions/dll * Files * Opportunities * Vulnerabilities

Question 57

Target development includes the following:

Answer 57

* Understanding potential vulnerabilities to develop a method to obtain access, privilege escalate, D4M (deny, degrade, destroy, disrupt, manipulate), exfiltrate, obfuscation, persistence, and etcetera. * It is critical to know WHO and WHAT your target is intimately. The more information we have on the target, the better we can plan operations and reach our end state mission requirements and goals.

Question 58

Target development includes the following 2:

Answer 58

* Understanding potential vulnerabilities in order to gain access, or perform one of the D4M’s, deny, degrade, destroy, disrupt, or manipulate. * Obtaining or developing scripts, programs, functions/dlls, tools, or other methods to exploit vulnerabilities * Planning when, where, and how to execute exploit * Testing the tools and exploit/s in a controlled environment, other than the target. As a result, minimizing potential problems that may occur with the target during mission.

Question 59

___________ is to take advantage of a flaw/s or vulnerabilities within an OS

Answer 59

Exploit

Question 60

The different types of exploitation include: _________ taking advantage of a flaw within a program’s instructions and manipulating it in a manner that was not intended by the creators

Answer 60

Code

Question 61

The different types of exploitation include: ________ a system’s setting that allows it to be manipulated by an unintended source

Answer 61

Misconfiguration

Question 62

The different types of exploitation include: poor OPSEC, cyber training, or restrictions in place?

Answer 62

Human

Question 63

True or False: Opportunities is one of the 7 phases of the Cyber Kill Chain

Answer 63

False

Question 64

What type of exploitation consists of poor cyber training?

Answer 64

Human