Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Penetration Testing - D484 > Lesson 6 - Scanning Logical Vulnerabilities > Flashcards

Lesson 6 - Scanning Logical Vulnerabilities Flashcards

Apply knowledge of network topology and scan identified targets using a variety of techniques, such as stealth and TCP full connect scans. Compile data on network traffic by gathering API requests and responses and ARP traffic while using tools such as Wireshark and Nessus. Produce reports on wireless assets by using tools and techniques that include Wireless Geographic Logging Engine (WiGLE) and wardriving.

1
Q

What is another name for a discovery scan used during reconnaissance to find hosts on a network to reveal potential target also called and what tools is commonly used

A

Ping Sweep
Nmap

nmap -sn -v 192.168.1.0/24

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What flag on nMap for the following:
What Flag that foregoes Host discovery

A

-Pn

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a common vulnerability to search for in an API

A

API Key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the testing that is done early in the SDLC

A

Static Application Security Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Testing that is done after code is place into production and is able to find production vulnerabiliteis

A

Dynamic Application Security Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the NIST Framework that outlines various accpeted practices for automating vulnerability scanning

A

Security Content Automation Protocol (SCAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

During the process of packet sniffing where does the device conducting the packet capture need to sit on the LAN

A

SPAN Port
Switched Port Analysis - allows for copying ingress/egress communication from all switch ports.

Also called port mirroring

Sniffer interface must be in promiscuous mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a good protocol to examine to find details such as network hosts information. What is the attack based on that protocol

A

Netbios
NetBIOS Name Service (NBNS) - an attack where an attacker responds to a request for a name service resolution over NetBIOS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In PCI DSS you must have cardholder data segmented. What is the term for that

A

Cardholder Data Environment (CDE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Why would ARP traffice be valuable to a hacker and what are its limitations?

A

They can launch an ARP Poisoning mapping an incorrect MAC addres to a correct one. Common Spoofing techniques.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Name the common tools to search for open WAPs

A

Aircrak-ng
Kisment
Wifite

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the site that is dedicated to mapping and indexing access points and what type of tool would it be considered

A

WiGLE
OSINT Tool

Open AP’s are labeled - Free Love

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the measurement of a wireless signal level in relation to background noise and how is signal strength measures

A

Signal to Noise Ratio (SNR)

decibels per isotripic (dBi)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Penetration Testing - D484 (20 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions