K02 - Network Scan Enumeration Flashcards

1
Q

____________ is the process of collecting information without performing any analysis to identify a host, or obtain more details on a host.

A

scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

_____________ is the recording, aka sniffing, and analysis of packet streams to determine hosts and network characteristics.

A

passive fingerprinting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Passive OS fingerprinting is highly intrusive so there is a detection concern status of HIGH when performing this task.

  • True
  • False
A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SGT McGill has been using Wireshark to discover hosts on a network of interest and determine characteristics of that network. What action has SGT McGill been performing?

  • Passive fingerprinting
  • Weaponization
  • Exploitation
  • Preliminary research
A

?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the three responses a user may receive when conducting active port scans?

  • Open, Closed, Filtered
  • Accepted, Closed, Filtered
  • Open, Closed, Blocked
  • SYN/ACK, Closed, Dropped
A

Open, Closed, Filtered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Determine whether the technique presented is Active Fingerprinting, Passive Fingerprinting or Neither. SPC Morales used Xprobe2 to send UDP packets to all hosts within a targeted netblock to determine OS based on the system’s response.

A

Active Fingerprinting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Determine whether the technique presented is Active Fingerprinting, Passive Fingerprinting or Neither. SSG Smith is using Satori to analyze a network’s DHCP parameters.

A

Passive Fingerprinting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A particular technique that prevents alerts from occurring to the host machine

  • Degrade, Deny, Destroy, Disrupting
  • Disturbing, Deny, Destroy, Degrade
  • Desensitize, Delegate, Demise, Deform
  • Degong, Deny, Dilapidate
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

This could potentially alert users on the network through logs, alerts, or artifacts left behind.

  • Reconnaissance Scanning
  • Active Scanning
  • Facebook scanning
  • Passive Scanning
A

Active Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

________________ is a technique used for determining what operating system (OS) is running on a remote computer.

  • Cyber printing
  • Footprinting
  • OS fingerprinting
  • OS penetration testing
A

OS fingerprinting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why do you think it is important to know which service is using which port?

  • For database security
  • For understanding which data is going through secured traffic and which is not
  • For checking unused data traffic
  • For reporting to the auditor
A

For understanding which data is going through secured traffic and which is not ?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Banner grabbing is a technique used to gain information about a remote server and is often used as part of a reconnaissance attack.

  • True
  • False
A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

__________ is a tool used to discover live hosts, services, network inventory, managing service upgrade schedules, monitoring host or service uptime, filters/firewalls, or specific operating systems by analyzing the response from the raw IP packets sent to a target system.

A

nmap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A lot of information can be discovered during scanning enumeration. Select what is NOT part of the list.(According to information provided in the slides).

  • () Protocols – OS, type of server
  • () Users and passwords
  • () IP address – size of network, network map
  • () Binary configuration,Fetch-Decode-Execute
  • () Services – exploitation, protection measures
A

Binary configuration, Fetch-Decode-Execute

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

If you are monitoring traffic through a mirrored port on a switch. By analyzing this traffic, you are able to determine the operating system of the device connected to the switch. What is this describe?

  • () Active fingerprinting
  • () Port Scanning
  • () Vulnerability scanning
  • () Passive fingerprinting
A

passive fingerprinting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

All of the following can be used for passive fingerprinting EXCEPT:

  • Wireshark
  • NetSleuth
  • Xprobe2
  • Satori
A

Xprobe2

17
Q

_____________ is sending normal or malformed packets to a target, and monitoring its response.

A

Active Fingerprinting

18
Q

Determine whether the technique presented is Active Fingerprinting, Passive Fingerprinting or Neither. PFC Reyes is flooding a targeted network with internet traffic so that users on that network are unable to utilize network resources.

A

neither

19
Q

The process of gathering information without performing analysis is:

  • Scanning
  • Enumeration
  • Cyber Kill Chain
  • Port Id
A

scanning

20
Q

A method discreetly recording and performing analysis of streaming packets to determine devices and the characteristics of the network characteristics

  • Passing Fingerprinting
  • Active Fingerprinting
  • Wiresharking
  • Passive Fingerprinting
A

Passive Fingerprinting

21
Q

Which of the following is the port number for FTP data?

  • 20
  • 21
  • 22
  • 23
A

20

22
Q

Which of the following is the port number for SNMP?

160 161 164 162

A

161

23
Q

_____________ is defined as the process of extracting user names, machine names, network resources, shares and services from a system.

A

enumeration

24
Q

The third phase of the Cyber Kill Chain is to discover vulnerabilities that Cyber criminals may annotate.

  • True
  • False
A

False

25
Q

Determine whether the technique presented is Active Fingerprinting, Passive Fingerprinting or Neither. A software program is installed on a targeted device to covertly monitor online behavior.

A

passive fingerprinting

26
Q

What port state indicates that an application on the targeted network / host is listening for connections or packets on that port ?

A

open

27
Q

Determine whether the technique presented is Active Fingerprinting, Passive Fingerprinting or Neither. Mr. Wilson pings a netblock and analyzes the response in Wireshark.

A

active fingerprinting

28
Q

Determine whether the technique presented is Active Fingerprinting, Passive Fingerprinting or Neither. SFC Bryant uses Nmap to send packets to devices on a network. SFC Bryant analyzes the network and device responses and creates a map of the targeted network.

A

active fingerprinting

29
Q

Tailoring the packets to blend in with normal network traffic or spreading out the packets are methods to eliminate detection concerns when performing active scanning.

  • True
  • False
A

False

30
Q

What port state will a user see if Nmap is unable to determine whether a port is open or closed?

A

filtered