INFO Flashcards

Question 1

Q

is a command that queries the Domain Name System servers for resource records.

       - Can be used on Windows and Linux OS’s

Question 2

Q

allows a user to execute queries back-to-back without typing the entire command for each query

Answer

A

Interactive mode

Question 3

Q

involves typing the entire command for each query. With a known domain name, nslookup will enumerate all IP’s correlated to that IP, aka DNS query.

Answer

A

Non-interactive mode

Question 4

Q

There is a browser based version of nslookup as well

Answer

A

nslookup.io

Question 5

Q

nslookup www.<domain>.com</domain>

Example: nslookup www.virustotal.com

Answer

A

syntax (Nslookup)

Question 6

Q

When you just type in “___________” into your terminal you will enter the interactive mode

Question 7

Q

nslookup: this simply Translates an IP address into DNS

Answer

A

“ reverse nslookup” or a “reverse DNS”

Example: nslookup 8.8.8.8 (google)

Question 8

Q

nslookup: This provides mail exchange records

Answer

A

nslookup -query=MX microsoft.com

Question 9

Q

nslookup: This provides start of authority records

Answer

A

nslookup -query=SOA microsoft.com

Question 10

Q

nslookup: This provides name server records

Answer

A

nslookup -query=NS microsoft.com

Question 11

Q

nslookup: This provides all related records

Answer

A

nslookup -query=any microsoft.com

Question 12

Q

True or False

When conducting a Reverse DNS lookup nslookup command, it would look like nslookup www.google.com

Question 13

Q

What nslookup command provides mail server information?

Answer

A

-query=MX

Question 14

Q

is a command that queries the Domain Name System servers for records relating to IP addresses, mail exchanges, and name servers

Question 15

Q

The results from queries can be utilized to troubleshoot network issues.
The dig command resolves names through the resolver libraries that are located on the OS.

Question 16

Q

When a DNS query is made, information is gathered from the DNS server indicated.

If the indicated server is not found then it will go through the list below until it identifies a source to query:

Specified DNS server
OS’s default resolver (I.e. resolv.conf)
Local host

Answer

A

more options, and more verbose answers

Question 17

Q

dig <dns> <type></type></dns>

Example: dig virustotal.com

Question 18

Q

Dig Query Types:

Answer

A

ANY = All Pertinent Records

A = IPV4 Records

AAAA = IPv6 Records

CNAME = Canonical Name Records

MX = Mail Exchange Records

SOA = Start of Authority Records

NS = Name Server Records

PTR = pointer resource record

Question 19

Q

The results above indicate the following:

Answer

A

Version of utility installed: 9.11.3-1
Header indicates 1 query was made and 0 errors (NOERROR) occurred; and “id” indicates this query’s identification #.
The DNS server replied with the results within “ANSWER SECTION,” which includes google.com.’s IPV4 address (indicated by “A” and the IPV)
“184” indicates the time to live (TTL) and “IN” represents internet class query
Multiple IP’s may represent a load balancer

Question 20

Q

Dig Query Mod: This example provides Mail Exchange Server Record Types:

Answer

A

Example: $ dig microsoft.com MX

Question 21

Q

Query Mod: This example provides IPV4 Record Types:

Answer

A

Example: $ dig microsoft.com A

Question 22

Q

Dig Query Mod: This example provides Name Server Record Types

Answer

A

Example: $ dig microsoft.com NS

Question 23

Q

Query Mod: This example provides Start of Authority Record Types:

Answer

A

Example: $ dig microsoft.com SOA

Question 24

Q

Query Mod: This example provides IPV6 Record Types:

Answer

A

Example: $ dig microsoft.com AAAA

Question 25

Q

Query Mod: This example provides ALL Record Types:

Answer

A

Example: $ dig microsoft.com ANY

Question 26

Q

Dig Options: Place this behind any request will display just the desired info.

Answer

A

+short

(Ex: DIG apple.com MX +short or DIG apple.com NS +short)

Question 27

Q

Dig Options: Turn off comment lines

Answer

A

+no comments

Question 28

Q

Dig Options: Turn off the authority section

Answer

A

+noauthority

Question 29

Q

Dig Options: Turn off all sections

Question 30

Q

Dig Options: Turn off the additional section

Answer

A

+noadditional

Question 31

Q

Dig Options: Turn off the answer section

Answer

A

+noanswer

Question 32

Q

Dig Options: Turn off the stats section

Question 33

Q

Dig Options: Trace the nameservers the queries are going to

Question 34

Q

Dig Options: Turn on the answer section

Question 35

Q

Dig Options: Perform a DNS Zone transfer (This is commonly disabled due to security concerns)

Question 36

Q

Dig Options: Perform a reverse lookup

Question 37

Q

Dig Errors: no errors

Question 38

Q

Dig Errors: Name queried exists, but no data or invalid data for that name at the requested authority

Question 39

Q

What dig command provides name server information?

Answer

A

dig domain NS

Question 40

Q

Dig Errors: Name queried does not exist and no authoritative DNS data to be served

Question 41

Q

What option performs a reverse lookup?

Question 42

Q

Dig Errors: Zone does not exist at the request authority and their infrastructure is not serving things that don’t exist at all

Question 43

Q

command is a diagnostic tool that is built into most operating systems and uses ICMP echo packets with variable time to live (TTL) values to print the trace between two points.

The trace is given by reporting all of the IPs of the routers that were pinged in between the source and destination points.

_________ will allow a user to see the gateways a packet passes through to reach its destination.

Answer

A

traceroute

Question 44

Q

man traceroute

Syntax: traceroute <domain name/IP address>

Example: traceroute www.google.com

Answer

A

For help

syntax

Example

Question 45

Q

What command is used to print the trace between two point

Answer

A

traceroute

Question 46

Q

What type of messages does traceroute use?

Question 47

Q

command is used to verify that a remote host is able to respond to network connections.

While in some ways the _______ command is similar to the traceroute command, the ping command will only tell us if the server is reachable and the time that it takes to transmit and receive data.

Traceroutes on the other hand, will provide detailed and precise route information, router by router, and the time it took for each hop.

Question 48

Q

ping <IP>
Example: ping 8.8.8.8</IP>

Question 49

Q

True or false: The ping command tells us if the server is reachable and the time that it takes to transmit and receive data

Question 50

Q

True or false: Ping commands provide more accurate information that traceroutes.

Question 51

Q

The methodology of performing penetration testing or cyber-attacks have been broken down by many organizations. One example of this is the

Answer

A

Cyber Kill Chain framework

Question 52

Q

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command & Control (C2)
Action on Objectives

Answer

A

7 steps of Cyber Kill Chain framework

Question 53

Q

____________ is a technique that establishes a numeric understanding of the target and enables the identification and collection of important information about the target devices, users, networks and network resources; among other things

Answer

A

Enumeration

Question 54

Q

_____________ involves gathering as much data as possible pertaining to a target(s). The amount of information gathered may determine the number of attack vectors that can be exploited.

Answer

A

Information gathering

Question 55

Q

The key term for information gathering is _________, i.e. to establish or indicate the who’s and the what’s. These factors are the building blocks that drive offensive cyber operations. Without accurate and actionable intelligence, we cannot appropriately carryout offensive attacks.

Question 56

Q

Information gathering can involve the following data to be enumerated

Answer

A

IP Addresses
Protocols
Users Credentials
Scheduled Tasks / Cron Jobs
Services
Programs
Functions/dll
Files
Opportunities
Vulnerabilities

Question 57

Q

Target development includes the following:

Answer

A

Understanding potential vulnerabilities to develop a method to obtain access, privilege escalate, D4M (deny, degrade, destroy, disrupt, manipulate), exfiltrate, obfuscation, persistence, and etcetera.
It is critical to know WHO and WHAT your target is intimately. The more information we have on the target, the better we can plan operations and reach our end state mission requirements and goals.

Question 58

Q

Target development includes the following 2:

Answer

A

Understanding potential vulnerabilities in order to gain access, or perform one of the D4M’s, deny, degrade, destroy, disrupt, or manipulate.
Obtaining or developing scripts, programs, functions/dlls, tools, or other methods to exploit vulnerabilities
Planning when, where, and how to execute exploit
Testing the tools and exploit/s in a controlled environment, other than the target. As a result, minimizing potential problems that may occur with the target during mission.

Question 59

Q

___________ is to take advantage of a flaw/s or vulnerabilities within an OS

Question 60

Q

The different types of exploitation include: _________ taking advantage of a flaw within a program’s instructions and manipulating it in a manner that was not intended by the creators

Question 61

Q

The different types of exploitation include: ________ a system’s setting that allows it to be manipulated by an unintended source

Answer

A

Misconfiguration

Question 62

Q

The different types of exploitation include: poor OPSEC, cyber training, or restrictions in place?

Question 63

Q

True or False: Opportunities is one of the 7 phases of the Cyber Kill Chain

Question 64

Q

What type of exploitation consists of poor cyber training?

Brainscape's Knowledge GenomeTM

INFO Flashcards

Brainscape's Knowledge Genome^TM