K02 - Network Scan Enumeration Flashcards
____________ is the process of collecting information without performing any analysis to identify a host, or obtain more details on a host.
scanning
_____________ is the recording, aka sniffing, and analysis of packet streams to determine hosts and network characteristics.
passive fingerprinting
Passive OS fingerprinting is highly intrusive so there is a detection concern status of HIGH when performing this task.
- True
- False
False
SGT McGill has been using Wireshark to discover hosts on a network of interest and determine characteristics of that network. What action has SGT McGill been performing?
- Passive fingerprinting
- Weaponization
- Exploitation
- Preliminary research
?
What are the three responses a user may receive when conducting active port scans?
- Open, Closed, Filtered
- Accepted, Closed, Filtered
- Open, Closed, Blocked
- SYN/ACK, Closed, Dropped
Open, Closed, Filtered
Determine whether the technique presented is Active Fingerprinting, Passive Fingerprinting or Neither. SPC Morales used Xprobe2 to send UDP packets to all hosts within a targeted netblock to determine OS based on the system’s response.
Active Fingerprinting
Determine whether the technique presented is Active Fingerprinting, Passive Fingerprinting or Neither. SSG Smith is using Satori to analyze a network’s DHCP parameters.
Passive Fingerprinting
A particular technique that prevents alerts from occurring to the host machine
- Degrade, Deny, Destroy, Disrupting
- Disturbing, Deny, Destroy, Degrade
- Desensitize, Delegate, Demise, Deform
- Degong, Deny, Dilapidate
This could potentially alert users on the network through logs, alerts, or artifacts left behind.
- Reconnaissance Scanning
- Active Scanning
- Facebook scanning
- Passive Scanning
Active Scanning
________________ is a technique used for determining what operating system (OS) is running on a remote computer.
- Cyber printing
- Footprinting
- OS fingerprinting
- OS penetration testing
OS fingerprinting
Why do you think it is important to know which service is using which port?
- For database security
- For understanding which data is going through secured traffic and which is not
- For checking unused data traffic
- For reporting to the auditor
For understanding which data is going through secured traffic and which is not ?
Banner grabbing is a technique used to gain information about a remote server and is often used as part of a reconnaissance attack.
- True
- False
True
__________ is a tool used to discover live hosts, services, network inventory, managing service upgrade schedules, monitoring host or service uptime, filters/firewalls, or specific operating systems by analyzing the response from the raw IP packets sent to a target system.
nmap
A lot of information can be discovered during scanning enumeration. Select what is NOT part of the list.(According to information provided in the slides).
- () Protocols – OS, type of server
- () Users and passwords
- () IP address – size of network, network map
- () Binary configuration,Fetch-Decode-Execute
- () Services – exploitation, protection measures
Binary configuration, Fetch-Decode-Execute
If you are monitoring traffic through a mirrored port on a switch. By analyzing this traffic, you are able to determine the operating system of the device connected to the switch. What is this describe?
- () Active fingerprinting
- () Port Scanning
- () Vulnerability scanning
- () Passive fingerprinting
passive fingerprinting