Quiz 3 Flashcards
Which of the following is NOT considered a weak configuration?
Lack of vendor support
Network traffic logs show a large spike in traffic. When you review the logs, you see lots of TCP connection attempts from an unknown external server. The destination port of the TCP connections seems to increment by one with each new connection attempt. This is most likely an example of what kind of activity from which tool?
Active reconnaissance w/ Nmap
Which of the following Class networks is correctly matched with its equivalent CIDR notation value?
Class A = CIDR / 8
Which of the following is NOT a function of a SIEM system?
Spam filtering
Why are false negatives more concerning than false positives in vulnerability scan results?
A false negative is a missed vulnerability, whereas a false positive is reported vulnerability that may be recognized not to be an actual vulnerability later
Which of the following is a fully configured enviornment similar to the normal operating environment that can be operational immediately or within a few hours depending on its configuration & the needs of the organization?
Hot site
You want to protect your organization’s network from a certain malware that you know always reaches out to attacker.tld for command & control traffic. You push an updated hosts file to all devices in your organization so that “attacker.tld” will now only resolve to a certain IP address that you designate. This is an example of what technique?
DNS Sinkhole
Correctly implementing TLS encryption for HTTPS using only modern trusted cipher suites is an example of which of the following?
Protecting data in transit
What should a legitimate penetration tester always have?
Written permission memo including scope & rules of engagement
Purple team
Establish defenses, test defenses, repeat, & collaborate
Red team
Specialized, highly skilled, & mimic real world threat actors by focusing on offense
White team
Impartial judges if competitive scoring is involved or simply outside coordinators
Blue team
Establish defenses, then monitor & handle incident response