Labs Flashcards
1
Q
- According to the Critical Security Controls, which of the Critical Security Controls is considered the most important to reducing risk in an enterprise environment?
A
CIS Control 1: Inventory and Control of Hardware Assets
2
Q
- According to the Critical Security Controls, which of the Critical Security Controls is considered the least important to reducing risk in an enterprise environment?
A
CIS Control 20: Penetration Tests and Red Team Exercises
3
Q
- Which of the Critical Security Controls specifies conducting security awareness training for a company’s employees
A
CIS Control 17: Implement a Security Awareness and Training Program
4
Q
- Which of the Critical Security Controls is used when a potential security incident occurs within a
Company?
A
CIS Control 19: Incident Response and Management
5
Q
- Which of the Critical Security Controls would application developers be most interested in?
A
CIS Control 18: Application Software Security
6
Q
- The NSA ANT Catalog is a list of technological solutions available to NSA team members. What does ANT stand for?
A
Advanced Network Technology
7
Q
- What is the name of the NSA “elite hacking force”?
A
Tailored Access Operations / Computer Network Operations
8
Q
What is the name given to the NSA hacking group by outside malware companies?
A
The Equation Group
9
Q
- Who does Jack Rhysider interview for the podcast? What is the name of the interviewee’s company?
A
Jake Williams, Rendition InfoSec
10
Q
- What is the Twitter handle of the person interviewed during the podcast?
A
MalwareJake
11
Q
- Once the Shadow Brokers group stole NSA hacking tools, what did they attempt to do with the stolen tools?
A
Sell the information to the highest bidder
12
Q
- Who did the Shadow Brokers refer to as “Dirty Grandpa”?
A
Joe Biden
13
Q
- The Shadow Brokers stated that they had supported which President of the United States?
A
Donald Trump
14
Q
- What was special about the interviewee that the Shadow Brokers revealed to the world?
A
He was a former member of TAO / The Equation Group
15
Q
- What is the name of the institute that the interviewee teaches for?
A
SANS Institute
16
Q
- What is the name of the exploit created by TAO which can be used to take full control of a Microsoft Windows system over SMB?
A
Eternal Blue
17
Q
- How would an organization protect its Windows systems from the eternal blue exploit
A
Update Windows, an update came out that fixed the vulnerability a month earlier.
18
Q
- The Shadow Brokers are believed to be aligned with which country?
A
Russia
19
Q
- Why did the interviewee cancel travel to Singapore after the Shadow Brokers revelation that he was a member of TAO?
A
He may have played a part in TAO’s targeting of China. He could have been arrested.
20
Q
- What is a “Zero Day” exploit?
A
An exploit that takes advantages of a vulnerability that is not yet known by security professionals. They have had “zero days” to prepare for the exploit.
21
Q
- Chris mentions ‘d0x’ attacks or ‘d0xing’ a target. What is he describing?
A
Gathering personal information on his target
22
Q
- What is Chris’ mantra for professional social engineering engagements?
A
“Leave them feeling better having met you.”
23
Q
- What type of background noise does Chris use during his pretext phone call? (14:00)
A
Crying “sick” child
24
Q
- In this same phone call from Question #4, Chris pretends to be his target’s what?
A
Personal assistant
25
11. What is the domain name of Chris Hadnagy’s main site which teaches people about the risks associated with social engineering?
www.social-engineer.com
26
2. What is the command line (non-GUI) version of Wireshark?
Tshark
27
7. How long is an MD5 hash in bits?
128 bits
28
8. How many bytes are displayed in an MD5 hash?
16 bytes
29
9. How long is a SHA256 file hash in bits?
256 bits
30
10. How many bytes are displayed in a SHA256 hash?
32 bytes
31
11. Why would a member of law enforcement need to calculate the file hash for a file? (Minimum 25 words)
To make sure that they are downloading the file they intend to. If the file has been tampered with by a man in the middle.
32
12. Why would someone else want to calculate a file hash after downloading a file? (Minimum 25 words)
Similar reasons as above. To make sure the file has not been tampered with. They can also be used to make sure the file did not get corrupted during the download.
33
2. What is the first phase of Penetration Testing? Provide a brief overview of this phase (Minimum 25 words).
Pre-engagement: Where you discuss your plan with the organization. What is the scope of your test? What are the rules you need to follow? Once you have obtained authorization from the organization, you can begin phase 2.
34
3. What is the second phase of Penetration Testing? Provide a brief overview of this phase (Minimum 25 words).
Engagement: This is where you actually begin investigating and “attacking” the organization. You will search for vulnerabilities in devices, networks, or employees. Once you have sufficient information you attempt to gain access to the organization through exploiting those vulnerabilities.
35
4. What is the third phase of Penetration Testing? Provide a brief overview of this phase (Minimum 25 words).
Post-engagement: Creating a “findings report” consisting of the findings from penetration testing. Explain the vulnerabilities you found and suggest steps to fix them. Once those fixes have been implemented, you may want to validate that those fixes have stopped the vulnerabilities. Finally, hold a meeting with members of the organization and discuss your findings and actions taken to remedy them.
36
5. The difference between an attacker and a penetration tester is that a professional penetration tester will always have what?
Authorization from the organization being “attacked”
37
6. Using an automated scan to find security vulnerabilities is referred to as a what? How does this differ from a penetration test? (Minimum 25 words)
Vulnerability scan. A vulnerability scan usually comes before a penetration test and is, as the name suggests, a scan that detects potential vulnerabilities. A penetration test is where an ethical hacker attempts to attack and gain access to the organization’s systems.
38
7. What is the name of the penetration testing framework established by a number of thought leaders in the penetration testing community?
Penetration Testing Execution Standard (PTES)
39
8. What are the three different types of penetration tests? Describe each in enough detail for someone who is not familiar with the concept could understand. (Minimum 25 words).
The first type is Black Box, where no information about the organization is given to the tester beforehand. In the second type, White Box, any information the tester requests is given from the organization (such as IP addresses). Finally, Grey Box is a middle ground. Some information is provided to the tester, but it is limited.
40
10. What is a type of attack that is usually not conducted during a penetration test? Why? (Minimum 25 words).
Denial of Service (DoS) attacks. These are not usually performed because it can affect the availability of the organizations systems. This can prevent the organization from functioning properly during the test.
41
11. What is the final deliverable a penetration tester would provide to a client once the penetration test is complete? What are three things that this final deliverable should include? (Minimum 25 words)
Penetration Test Report. This should contain information on vulnerabilities that were found, how serious they are. and what actions can be taken to mitigate them. The report should be written so that people without technical knowledge can understand it.
42
1. Access the dnslytics.com site and run a search for the gvltec.edu domain. What type of information is displayed under “WHOIS Information”?
Information about the domains in the registry database, The registrant of the domain, administrative and technical contact information, name servers, and domain registration, updated, and expiration dates.
43
10. What version of Microsoft Windows server supports IIS 7.5?
Windows Server 2008 R2
44
11. What is the main security concern with companies running IIS 7.5 after January 14th, 2020?
Software has reached EoL (End of Life) and will no longer be supported
45
20. Before you can conduct a web app assessment against any of the web applications associated with the gvltec.edu domain, what do you need to do before conducting any active scans?
Gain authorization from the owner of the web site (Greenville Tech in this case)
46
d. Why would a port show as being filtered?
A firewall is being used to filter network traffic
47
4. Where did Cliff Stoll work when he was asked to investigate an accounting anomaly?
Computer center of Laurence Berkeley lab
48
6. What is the name of the original account that Cliff Stoll identifies initially as having some initial configuration issues related to the accounting anomaly?
Hunter
49
7. In the network attack scenario discussed with regards to “Locard’s Exchange Principle”, what were three different locations described where digital evidence could be left by a cyber attacker?
Sensor connected to a tap, Firewall, Database Activity Monitor
50
8. Cliff Stoll is contacted by an outside entity that someone at LBL attempted to hack them. What was the name of the outside entity and the name of the system that was being targeted?
DockMaster
51
9. As Cliff investigates, he tracks down a user account associated with the attack traffic described in Question #5 above. What is the name of this account?
Sventek
52
11. What protocol is used to synchronize the system clocks on computer systems?
Network Time Protocol
53
12. What was an interesting fact about the legitimate owner of the user account Sventek which makes Cliff Stoll believe there could be a cyber intruder on the network?
Sventek was in Cambridge, England at the time.
54
What are the names of the three main Windows event logs?
Application, Security, System.
55
2. Under ‘Windows Logs’, click on the ‘System’ event log. Run a search for Event ID 6013 using the ‘Find’ option. What type of information does the event display?
Total system uptime
56
Why might a security analyst want to perform a backup of an event log?
In order to record a suspicious event or series of events in order to view them later or on another system.
57
8. Search the Security event log for Event ID 4624. What is the purpose of this Event?
Logging a successful login attempt.
58
9. If you see Event ID 4740 in the Security event log, what type of attack could be happening? If the event was not generated by malicious activity from an attacker but a normal user, what could be happening?
An attacker could be trying to crack a user’s password.
A user could have forgotten their own password.
59
3. If a user is a system administrator for an organization, how many different user accounts (at a minimum) would they have? Why? (25 – 50 words)
Admins should have two accounts. The admin account should only be uses when required. The system administrator should also have a regular user account for more mundane usage.
60
4. When investigating suspicious activity today, what is one location a system administrator or security analyst might review for a record of activity on the system?
logs
61
5. Which software had vulnerability in it that allowed the attacker to overwrite another file on the affected system?
gnu emacs
62
6. What is the name of the file/command that the attacker was able to replace? What is this file/command used for?
Atrun. A program that runs “housekeeping” tasks every 5 minutes.
63
8. When installing an application, you should never give it the same permission level as what account on the system?
Admin
64
9. As explained by Chris, what is the common thread between all attackers (25 - 50 words)?
They want to steal something. Whether that be money directly from you, information that may be valuable to them or someone else, or even your time or reputation.
65
. How long did the “Shellshock” vulnerability exist before it was discovered and disclosed to the general public?
30 years
66
What software was affected by the “Shellshock” bug?
Unix Bash Shell
67
If a local user on an affected system exploits the “Shellshock” vulnerability, what type of access do they gain as a result of the local privilege escalation attack?
Root/Admin
68
1. The attacker, Sventek, “screwed up”. How so? What was the attacker trying to get users to do? (25 50 words)
He put a password logger in the wrong directory. He was trying to get people to enter their passwords into a logger that would let him see their passwords.
69
3. A cyber attack must only be as “______________” it has to be?
Sophisticated
70
4. A user account on a computer system logically represents a what? How can this be exploited by an attacker? (25 - 50 words)
User accounts represent the users that hold them. An attacker that has stolen a user’s account can impersonate them and use any privileges they had.
71
5. Where are the three places discussed that clear text passwords can exist?
In the user’s head, in transit on the network, and in limited places on the OS.
72
6. Dave Kennedy wrote a tool for conducting social engineering attacks. What is the name of the tool? What does Chris use the tool to do during his demonstration?
Social Engineering Toolkit. He uses the credential harvesting mode to create a fake login page to send to users.
73
7. What is the name of the tool Chris uses to dump clear text passwords from the operating system’s running memory?
mimikatz
74
9. According to Chris, it is extremely important for cyber security investigators to make sure to always have a what on hand? What would they use it for? (25 - 50 words)
A notebook. A notebook is important because you will need to write things down frequently. You may need old information later on in your investigations.
75
10. What tool does Chris use to decrypt password hashes?
John the Ripper
76
3. Follow the instructions in the attached document to complete the assignment. Describe each step of the system boot process (25 words minimum each) as outlined in Figure 9-1 in the Chapter.
1. The BIOS ROM chip on the motherboard receives power from the PSU. It then conducts tests of various system function in a process called the Power On Self Test (POST)
2. The BIOS accesses the Master Boot Record on the storage device, which tells the BIOS the computer’s partition table and the location of the operating system bootloader.
3. The bootloader takes over control of the PC from the BIOS. The bootloader then begins the process of loading the operating system (or selecting one if the PC has a dual-boot configuration).
4. The Operating System, now loaded, begins loading startup programs and drivers for peripherals. A login screen is usually displayed for the user to select their account.
77
How is the UEFI rootkit installed? (Minimum 25 words)
The rootkit utilizes RwDrv.sys (a legitimate, signed driver) kernel driver PC settings like PCI memory and ROMs. Another tool then dumps the settings to a text file, and another reads the SPI flash memory and makes a firmware image based on it. Finally, the UEFI malware is inserted into the firmware image and flashed onto the SPI memory.
78
How does the UEFI rootkit work? (Minimum 25 words)
It utilizes a modified version of the LoJack software that contacted the APT’s server instead of Absolute Software (the developers of LoJack) to send remote code execution to the PC.
79
How can the UEFI rootkit be removed? (Minimum 25 words)
Reinstalling Operating Systems and wiping HDDs will not remove a rootkit from your system. The only way is to flash the firmware with a known good copy of clean firmware.
80
Which attacker group is being named as the party responsible for the UEFI rootkit?
An APT group known as Fancy Bear
81
1. As part of his investigation, Cliff Stoll discovered that the attacker attempted to locate systems belong to the C.I.A. While the attacker did not find addresses for any systems, he did find information related to four different what?
Human users
82
2. Teejay described the C.I.A. network s a “__________” trust network architecture.
Zero
83
3. Cliff detected the attacker accessing the LBL network, not from a TYMNET connection, but from where else?
Livermore unclassified computers
84
4. Shortly after Cliff learns of this new connection source, the attacker can break into the computer systems of another school. Which school did the attacker break into next and how?
MIT using credentials stolen from livermore
85
5. According to Richard Bejtlich, what are the seven characteristics of defensible networks?
Monitored, inventoried, controlled, claimed, minimized, assessed, current
86
6. What type of common security control is used to implement a perimeter-based network?
How many zones of trust exist in a standard perimeter-based network? A) Firewall B) Two, untrusted and trusted
87
7. What are three security issues described with regards to the “shifting nature” of perimeter-based networks as described in the course?
Services outside of the perimeter (cloud services), location of employees can be everywhere, untrusted devices in trusted areas
88
8. What is a common security attack that Google has essentially eliminated within their network by implementing a zero trust network?
phishing
89
9. Of the three network security models described, which would be used for an ultra-secure network such as the computer network for a nuclear power plant?
Air Gapped
90
10. As a piece of malware, how was Conficker able to infect systems at ultra-secure networks? To help address this issue, what was an example described on how employees can prevent this infection vector?
Conficker spread through both the network and USB devices, nullifying the purpose of the air gap. Epoxy was put into the USB drives on classified systems, rendering them useless and protecting them from infected USBs
91
2. Describe why mobile device security is important. (Minimum 50 words)
Smartphones and mobile devices are incredibly powerful tools that contain large amount of personal data. As they are portable devices, they can be more easily lost or stolen. We often trust mobile devices with personal data like payment information or personal messages. That information could be stolen by a hacker.
92
3. What is the most important thing to do in order to secure your mobile device?
Set up a screen lock and passcode
93
4. What was the passcode for Kanye West’s iPhone as of October 11th, 2018. Let’s just hope he’s changed it since then!
000000
94
5. Describe why firmware and app updates on mobile devices is important. (25 - 50 words)
Firmware and app updates can patch security vulnerabilities present in them. Even a slightly out-of-date piece of software with a single vulnerability can be a prime target for an attacker.
95
6. Discuss the benefits and disadvantages of enabling tracking for mobile devices. (25 - 50 words)
One advantage is that if your device is lost or stolen, it can be easily tracked down or even remotely wiped. One disadvantage is that if an attacker gains access to your account they could see that information and find out where you live, work, and visit.
96
1. The attacker Cliff Stoll was tracking appeared to also be accessing systems at Stanford and had uploaded a Calculus problem. What were the two pieces of information learned from this upload?
Where did these leads go? Student name (Knute Sears) and Teacher name (Mr. Maher). Cliff got his sister to search for school records of the two names, but they ultimately came up empty handed.
97
2. If a corporate network is known to be compromised, what form of communication should employees not use?
Email
98
4. What are three different risks associated with ad networks?
Nearly indistinguishable from malware network. Could contain hidden HTML forms to exploit browser password managers.
99
5. What is one way to block the risks associated with ad networks on the systems that you manage?
Don’t participate in ad networks (use an adblocker)
100
6. For Cyber Security professionals practicing OPSEC, how should we consider browsing the Internet to ensure safety and reduce (if not eliminate) the impact of malware?
Use a hypervisor for browsing.
101
7. Why would someone want to “safify” their URL links they would embed in documents?
Replace the Ts in HTTP with Xs and enclose periods in brackets
102
8. Describe attacker pivoting. (25 - 50 words)
When a hacker makes themself more difficult to track down. This is done by connecting to several different servers on the way to your destination. This disguises the attackers IP address.
103
10. Based on the MITRE call data, Cliff updates his profile of the cyber intruder. In what two different ways does he does so?
First, he adds that the attacker is likely not a high school student because he is experienced in multiple operating systems (VMS and Unix). Second, he adds that the attacker usually logs in around midday on weekdays, but earlier on the weekend.
104
1. What are four password requirements that should be followed when creating a strong password for the Master Key? Be sure that these requirements align with those discussed throughout the course.
a. A password should… be long (at least 14 characters)
b. A password should… be unique (not used in any accounts)
c. A password should… use both lower and upper case letters, as well as numbers and special characters
d. A password should… not contain dictionary words
105
1. How does Cliff Stoll prevent the attacker from uploading malicious code to LBL systems?
he Introduces noise to the connection by dangling his keys next to the wire
106
2. What does Greg Fennel from the C.I.A. tell Cliff and why?
“Just tell me what happened. Don’t embellish, don’t interpret.” He said this because he wanted to make his own conclusion based on the raw, unbiased evidence.
107
4. Describe the meaning of the anchoring bias in Cyber Security. (25 - 50 words)
Anchoring bias is when someone get to attached (or “anchored”) to a theory that they believe is correct. This can distract them from the real cause of the problem if they turn out to be incorrect.
108
5. What are three ways in which you can overcome bias?
1. Gain a better understanding of bias and how you are affected by it
2. Make your decisions based on evidence rather than your biases
3. Think about what it would look like if you turned out to be incorrect
109
6. “It is ___________________ that your Windows Server will be compromised if you don’t patch it and don’t put it behind a firewall.”
Very likely
110
7. What is the name of the bulletin board system Cliff used to find related information to his and other breaches? What is the current home page of the infamous hacker group Cliff learned about via this bulletin board?
Usenet
111
9. Which aspect of The Diamond Model of Intrusion Analysis would be used to describe aspects of an attacker?
Adversary
112
10. What were the names of the US Keyhole satellites mentioned?
Keyhole 9 & 10
113
2. If you were assigning permissions to the ‘Accounting’ folder, which Share permissions would you give to the Accounting department? Which permissions would you give to other employees?
“Change” for accounting department. No permissions for other departments.
114
4. If you were assigning permissions to the ‘General’ folder, which Share permissions would you assign?
Change for all users/groups
115
5. When reviewing the Share permissions for the ‘Engineering’ folder, you notice that the ‘Everyone’ group has been assigned ‘Full Control’ permissions. Where could the assigned permission have come from?
It could be due to malware or a misconfiguration.
116
6. Is the use of the ‘Everyone’ group on the engineering folder a security issue? Why or why not? (25 - 50 words)
Yes, it allows people not in the engineering department to have access to the engineering folder. This is a violation of the principle of least privilege.
117
7. What specific type of malware could spread with the permissions assigned to ‘Everyone’?
Ransomware
118
10. What would be another command an attacker could use to create a local user account if they were “living off of the land”?
Netplwiz
119
11. (Optional - Extra Credit) What would be an example of a command an attacker could use to conduct a port scan of the compromised host’s network if “living off the land”?
netstat -a
120
1. During this session, Chris discusses how an attacker has broken into one of LBL’s important systems.
What is the name of the system and what is it used for? (25 - 50 words)
Bevatron. A machine for conducting research into how certain types of radiation can be focused to kill cancer cells without harming healthy ones. This is used as a treatment for cancer patients.
121
2. Name three things Cliff does to address the attacker on the compromised system. (25 - 50 words)
First, he contacts the owner of the system. Second, he tells the owner to change all of the passwords on the compromised system. Finally, he kicks the attacker off the system without the attacker realizing that he is being watched.
122
3. Provide a general overview of Industrial Control Systems (ICS). Include the names of three ICSspecific systems. (25 - 50 words)
ICS is a general term that defines a number of different systems that handle the management of systems that handle manufacturing, automation, and utilities such as power and water.
123
4. Can an attacker cause a major disaster by hacking into an ICS environment such as a power plant or petrochemical facility? Why or why not? (25 - 50 words)
There are many different ways a hacker could do this. A hacker could stop water or power supply to entire areas. A hacker could also in some cases destroy a facility. Depending on what happens, this could even result in death.
124
6. Provide a general overview of honeypots. (25 - 50 words)
Systems that are designed to be attacked. They sometimes have intentional vulnerabilities. Honeypots are usually used for research and sometimes for tracking worms. They are classified as low or high interaction based on how much the system can do. Honeypots are usually placed outside a network’s firewall.
125
7. How did Cliff come up with the idea to create a honeypot to delay the attacker? (25 - 50 words)
His girlfriend suggested making a honeypot with fake information so that the attacker would have to take time to download them all. They also decide to add a mail form that could be filled out for more information in the off chance that the attacker fills it out.
126
8. What are four characteristics of a tactical honeypot? Written in your own words.
A honeypot located in your own network (on your side of the firewall)
A honeypot that looks like the actual systems on your network
A honeypot that is low interaction so it can not do much
A honeypot that is set up to log as much as possible and alert the proper people when an incident occurs
127
9. What is the name of one of the tools that can be used to create Canarytokens?
Canarytokens.org
128
10. Where is it determined that the attacker’s calls are originating from?
Hanover
129
11. Cliff Stoll visits the NSA and meets Bob Morris. What is significant about Bob Morris’ son?
He created the Morris worm, the first computer worm on the internet.
130
1. Reviewing the default set of ‘Scan Templates’ provided, what is the name of the malware that is associated with MS17-010 vulnerability?
WannaCry
131
2. How would someone address the MS17-010 vulnerability on a vulnerable Windows host?
Update Windows
132
4. On the ‘Discovery’ selection page, what does the ‘ARP’ option do?
Sets the scan to ping hosts with Address Resolution Protocol
133
5. If you wanted to ensure you scanned all available TCP ports rather than just the default set of ports, what would you enter in the ‘Port scan range’ field?
all
134
6. On the ‘Credentials’ tab, what three options exist for supplying credentials?
SNMPv3
SSH
Windows
135
7. Of the three options for supplying ‘Credentials’, which is the one that would most likely be used by Nessus to login to a Linux-based host?
SSH
136
8. How many plugin checks exist to check for vulnerabilities in various DNS services?
202
137
9. How many plugin checks exist to check for vulnerabilities in Industrial Control Systems? HINT: As discussed in class, these would be Industrial Controls Systems deployed over long geographic distances.
3
138
10. How many total plugin checks exist to search for the presence of vulnerabilities on Windows hosts?
5008
139
1. What type of password attack is described as used by the attacker and characterized as Bob Morris as “child’s play”?
Dictionary Attack
140
3. What is the name of the persona used by the attacker to submit a request for physical files?
Laszlo J. Balogh
141
4. What are four concerns discussed with regards to evidence handling? Describe each. (25 - 50 words each)
Permission: You need permission to gather the evidence. If you do not have proper authorization such as a warrant, the evidence may be illegal and possibly not accepted in court.
Volatility; Can the data or evidence be lost under circumstances? Many types of evidence can be temporary or fragile. In these cases, care needs to be taken to gather information without damaging losing anything.
Pollution: Attempts to gather information from evidence can result in the damage or destruction of information. For example, if you install software on a computer to gather information from it, the very act of installing it could tamper with the computers memory, storage, and logs.
Chain of Custody: There needs to be a record of everyone who has had custody of the evidence. Evidence should always be held by people qualified and trustworthy. If there is not a good record or someone unqualified or untrustworthy is in possession, the evidence could be damaged or tampered with.
142
6. What is one good practice of evidence acquisition? (25 - 50 words)
Create a snapshot of the system memory. This allows the contents of the otherwise volatile RAM to be kept in a safe, nonvolatile location for analysis even if the computer loses power.
143
7. What is the name of the primary attacker?
Markus Hess
144
8. What confidential information of Cliff’s was exposed to the public and how did it occur?
Cliff’s logbook. Likely because the FBI gave a copy to the German Attaché who gave it to the German media.
145
10. What ultimately happened to Karl “Habard” Koch?
Died under unusual circumstances. His death was ruled a suicide, but there is evidence that it may not have been.
146
14. What does Pengo think is one thing wrong with the cyber security industry (that Chris agrees with)?
Cyber Security is an easy area to sell “snake oil”.
147
15. What does pengo feel that is essential knowledge for someone wanting to become a cyber security professional?
A deep understanding of how systems work is necessary for a security professional to be able to help their clients
148
3. If your company had a data center, what would be three different types of environmental controls you would expect it to have?
HVAC
Fire suppression (Class C especially)
Faraday cage or similar EM disruption protection
149
5. Provide an overview of a “hot aisle/cold aisle” configuration. (25 – 50 words)
Hot isle/cold isle is a data center layout that is designed to maximize cooling and air flow. It is accomplished by alternating the direction each row of server racks faces. This creates “cold isles” where the air is taken into the racks and “hot isles” where the air is blown out.
150
7. Provide an overview of Modbus
Modbus is an industrial control protocol for connecting industrial systems. It allows industrial systems to communicate with each other.
151
8. What is the name of at least one Nmap NSE script which could be used to perform specific testing against the service from Step #8?
modbus-discover, which enumerates Modbus slave ids and device info
152
port 123
Network time protocol
153
port 161
SNMP
