Lesson 3:Reconnaissance and Intelligence Gathering

Question 1

The process of attempting to contact each network port on the target system and see which ones are open is called as

Answer 1

port scanning.

Question 2

There are 1,024 well-known ports that are

Answer 2

usually associated with specific services.

Question 3

The Metasploit framework is a very powerful tool that can be used by cybercriminals as well as ethical hackers to

Answer 3

probe systematic vulnerabilities on networks and servers.

Question 4

Syslog is a protocol used to send

Answer 4

system log or event messages to a specific server.

Question 5

netstat

Answer 5

A command-line tool for monitoring network connections both incoming and outgoing as well as viewing routing tables, interface statistics, and so on.

Question 6

access control list (ACL)

Answer 6

A list that specifies which users or system processes have access to a specific object, such as an application or a process, in addition to what operations users can perform.

Question 7

Whois

Answer 7

provides information about a domain’s registrar and physical location. This information includes an organization’s physical address, registrar, contact information, and other details.

Question 8

netflow

Answer 8

A Cisco network protocol that collects IP traffic information, allowing network traffic monitoring.

Question 9

passive fingerprinting

Answer 9

A type of fingerprinting that relies on logs and other existing data, which may not provide information needed to fully identify targets.

Question 10

nmap

Answer 10

A command-line port scanner that provides a broad range of capabilities, such as multiple scan modes, intended to bypass firewalls and other network protection devices.

Question 11

operating system (OS) fingerprinting

Answer 11

The ability to identify an operating system based on network traffic that it sends.

Question 12

active reconnaissance

Answer 12

A type of computer attack that uses host scanning tools to gather information about systems, services, and vulnerabilities.

Question 13

According to Cisco log levels, level 4 represents

Answer 13

a warning. The example for warning is a configuration change.

Question 14

A scanning technique, like Transmission Control Protocol synchronize (TCP SYN), is the most popular scan method because it

Answer 14

uses a TCP SYN packet to verify a service response. TCP SYN is quick and unobtrusive.

Question 15

Nmap’s operating system identification flag is

Answer 15

–o and it enables the operating system (OS) detection.

–A also enables OS identification and other features.

Question 16

Domain Name System (DNS) zone transfers provide a method to replicate DNS information between DNS servers but they are also a

Answer 16

tempting target for attackers due to the amount of information that they contain.

Question 17

A heuristic analysis is used to detect threats based on

Answer 17

their behavior instead of looking for a specific package.

Question 18

The axfr flag indicates

Answer 18

a zone transfer in the dig utilities

Question 19

IANA manages

Answer 19

the global IP address space and also manages the Domain Name System (DNS) Root Zone,

Question 20

The Internet Archive helps a user to find

Answer 20

an older copy of their website. It maintains copies from across the Internet and is used to review the historical content of a site.

Question 21

Log level 0 is the most critical level because

Answer 21

it is used for emergencies in Cisco’s logging level scheme.

Question 22

Microsoft Windows security log can capture

Answer 22

login events, resources, and rights usage, and events like open, creation, and deletion of a file.

Question 23

Metadata scrubbing removes hidden content about a document, such as

Answer 23

a creator, creation time, system used to create the file, and a host of other information.

Question 24

Exif often includes location and camera data, allowing

Answer 24

images to be mapped and identified to a specific device or a type of camera.