Questions Flashcards
How can you tell a UDP port is closed on a target IP?
Returns ICMP_PORT_UNREACHABLE
What is a socket?
The combination of the IP address of the station and a port number
What is a packet (RFC 1594 definition)
Self contained independent entity of data
Carries sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between source/destination computer and the transporting network
What is a hash function
One way mathematical function
Can’t calculate input from the result
What does !X mean in trace route output?
Communication administratively prohibited
What is a zone?
A point of delegation in the DNS tree. Contains all the names from a certain point downward except those which are delegated to other zones
How can you tell a TCP port is open on a target IP?
The target returns SYN/ACK
Ports 135 139 and 445 are open. What’s the best guess at the OS
Windows 2000 or later (port 445 is 2k+)
What do some firewalls try to limit by enforcing rules on how long get and post requests can be
Buffer overflow attacks
What happens if you digitally sign and inject a footer on an email message in the wrong order
The footer will invalidate the signature
Does the sasser worm only attack hosts running the MSSQL server
No
MS04-011
Starts an FTP server
Generates a list of IP addresses to target based on the hosts IP addresses
Modifies the registry so it runs on system startup
What malware exploits XSS vulnerability and was developed to propagate over MySpace?
Samy
What RPC program number represents ttdbserverd
100083
What weak reversible cipher can be used by Cisco routers to encrypt passwords?
Type 7
What is RIPv1 authentication method
Does not support authentication of messages
Routing information protocol
Allowed via insecure plaintext password or an MD5 hash for version 2
Key size for DES
56
IPSec 4 main attribute classes
Encryption algorithm
Hash algorithm
Authentication method
Diffie-Hellman group
What is click jacking
An attacker tricks a user into performing actions on a website by hiding clickable elements in an invisible iframe
What command displays the group membership for the current user, type of account, SID and attributes?
Whoami /groups
Http status code 407
Proxy authentication required
WEP uses a integrity check value (ICV) what attack would an attack be trying to achieve submitting a packet without an ICV
It will allow the attacker to derive the key stream
SSH server version 1.99 supports which versions of SSH
Versions 1 and 2
What is 0x0100 in an sql server password?
Padding, the salt value is placed after this padding
RPORT 10,2,0,2,10,10
10.2.0.2 is the IP address of the client
10,10 must be converted to hex then to binary then to decimal to get the TCP port number
RealVNC 4.1.1 is vulnerable to what attack
Type 1 authentication can be specified to disable authentication
How many secret bits in a 128 bit WEP key
104
TCP ports 135 and 139 open on a server. What’s the best guess at the OS
Windows NT 4 or later
ArcServe 5.11 is vulnerable to which attack
Stack based buffer overflow causing custom code to run in the processes current context
What ports must be open on a firewall to allow IKE VPN to function
UDP 500, protocol 50 & 51
What responds to an nap fin scan -sF with FIN/ACK
Solaris
AIX
HPUX
Linux
SNMP MIB 55 and 53 meaning
53 copies from router to the server (to the device)
55 from the server to the router (from the device)
Correct sequence to send SMTP mail
Help Mail from Rcpt to Subject Data
Where does record route (ping -r) store the list of hops
In the IP header
What device has a TTL of 255
Cisco
TTL of 64
Linux kernel 2.4 and 2.6
Googles customised Linux
Free BSD
TTL of 128
Windows XP
Windows 7, vista and server 08
TCP window size 65535
Free BSD
Windows XP
TCP window size 5840
Linux kernel 2.4 and 2.6
TCP window size 5720
Googles customised Linux
TCP window size 8192
Windows 7, vista and server 08
TCP window size 4128
Cisco
Mtu max transmission unit for a PPoE point to point over Ethernet network device
1492
What is used for authentication in a Microsoft active directory domain
RADIUS
What is the purpose of LDAP
A central point for user management
What is a method of managing the flow of network traffic by allowing or denying traffic based on ports protocols and addresses
Firewall rules
What is the best choice to prevent intrusions on a individual computer
Host based firewall
An organisation has a web security gateway installed. What function is this performing
Content filtering
What can you do to ensure the WPA signal doesn’t reach outside the building it is installed in
Decrease the power level
What protocol did WEP implement incorrectly allowing it to be cracked
RC4
What authentication method can provide centralised authentication for a wireless network
RADIUS
What can you use to prevent company employees connecting their personal devices to the wireless network
MAC filtering
If you want to segment wireless users from each other on a hotspot what should you use
Isolation mode
What type of attack starts on a virtual system but can affect the physical host
VM escape
What is the difference between a worm and a virus
A worm is self replicating a virus is not
What type of malware is installed with USB drives
Trojans
A process running on a system has system level access to the OS kernel. It has modified system files. What best describes this behaviour
Root kit
Where would a security specialist look for a hooked process
RAM
What will protect against a SYN attack
Flood guard
An IDS detected a NOP sled. What does this indicate
Buffer overflow
A NOP sled makes the target address bigger so the code can jump anywhere in the sled not only at the beginning of the injected code. (No-OPeration)
What provides fault tolerance through disk mirroring
RAID 1
Or disk mirroring is the technique of writing the same data to more than one disk drive
What can remove a server as a single point of failure
Clustering
Allows computers to work together as a computer cluster to provide failover and increased availability of applications (also parallel calculating power)
Which encryption algorithm uses prime numbers to generate keys
RSA algorithm
What is CRL
Certificate revocation list
List of certificates that have been revoked/ compromised and should therefore no longer be trusted
How many bits in an IPv6 address
128
IPv6 loop back address
Ff00:0000:0000:0000:0000
Which algorithm is used to store cached windows domain credentials
MS-CACHE
What is the purpose of port 111
Portmapper
To allow the lookup of RPC services that bind to dynamic ports
What key size is recommended as minimum for a new ssl certificate
2048 bits
If nap shows a port as open/filtered what does this mean
UDP port
Has been filtered or is listening but not responding
Which part of an IP header contains the source and destination IP addresses
The next 8 bytes/ two rows of the header
After the first 12 bytes/ top 3 rows of the header
What does an ICMP smurf/packet magnification attack result in
A dos condition due to an attacker sending forged ICMP packets to vulnerable networks multicast addresses resulting in all systems on those networks sending ICMP Echo replies to the broadcast address
Ping of death is what
ICMP Echo request larger than the maximum IP packet size is sent. This results in a fragmented message that the target system is unable to reassemble causing the OS to crash
Http code 307
Address changed temporarily
What vulnerability allows an attack to take control of an IIS we server from the Internet through a firewall
Microsoft server message block vulnerability
Http code 413
Request entity too large
What layer of the osi model is IPv4 considered to be at
Layer 3 network
What osi later are TCP and udp considered to be at
Layer 4, transport
What is an any cast address
A group of addresses where packets are delivered to only one member within the any cast group
