Random

Question 1

c:\type c:\badfile.exe > c:readme.txt:badfile.exe

Answer 1

Command to embed for NTFS streaming

Question 2

start readme.txt:badfile.exe

Answer 2

Command to use hidden ADS file

Question 3

httpd.conf

Answer 3

Sets apache web server status

Question 4

Six stages of web server attack methodology

Answer 4

Information gathering, web server foot printing, website mirroring, vulnerability scanning, session hijacking, password cracking

Question 5

server errors: 1XX

Answer 5

Informational: request recieved. processing

Question 6

server errors: 2XX

Answer 6

success. received understood accepted

Question 7

server errors: 3XX

Answer 7

Redirection. Further action must be taken to process

Question 8

server errors: 4XX

Answer 8

Client error. Contains bad syntax or cannot be fulfilled

Question 9

server errors: 5XX

Answer 9

Server error Failed to fulfuill apparently vailid request

Question 10

DNS amplification attack

Answer 10

manipulating recursive DNS to DOS a target. Use of botnet to to amplify dns answers to the target

Question 11

CSPP

Answer 11

Connection string parameter pollution injection attack that takes advantage osf web applications that use semi-colons ; to communicate with databases to separate parameters

Question 12

Web attack tools

Answer 12

Burp Suite, WebScarab, HTTPrint,

Question 13

VPN Protocol Authentication only, Whole packet. provides data integrity, data origin authentication, and an optional replay protection service. Data integrity is ensured by using a message digest that is generated by an algorithm such as HMAC-MD5 or HMAC-SHA. Data origin authentication is ensured by using a shared secret key to create the message digest. Replay protection is provided by using a sequence number field with the header. IT authenticates IP headers and their payloads, with the exception of certain header fields that can be legitimately changed in transit, such as the Time To Live (TTL) field.

Answer 13

AH (Authentication Header)

Question 14

protocol provides data confidentiality (encryption) and authentication (data integrity, data origin authentication, and replay protection). Authentication mechanism authenticates only the IP datagram portion of the IP packet.

Answer 14

ESP Encapsulating Security Payload

Question 15

Tunnel Mode

Answer 15

ESP tunnel mode encrypts the entire packet, including the original packet headers

Question 16

Transport Mode

Answer 16

ESP transport mode only encrypts the data, not the original headers; this is commonly used when the sending and receiving system can “speak” IPsec natively.

Question 17

Promiscuous Policy

Answer 17

This policy doesn’t impose any restrictions on the usage of system resources. for example, with a promiscuous net policy, there’s no restriction on net access. A user will access any web site, transfer any application, and access a laptop or a network from a foreign location. whereas this may be helpful in company businesses wherever people that travel or work branch offices need to access the structure networks, several malware, virus, and Trojan threats are present on the internet and because of free net access, this malware will return as attachments while not the data of the user. Network directors should be very alert whereas selecting this kind of policy

Question 18

Permissive Policy

Answer 18

Policy begins wide-open and only the known dangerous services/attacks or behaviors are blocked. for instance, in a very permissive net policy, the bulk of net traffic is accepted, however many proverbial dangerous services and attacks square measure blocked. as a result of solely proverbial attacks and exploits are blocked, it’s not possible for directors to stay up with current exploits. directors are perpetually enjoying catch-up with new attacks and exploits. This policy ought to be updated often to be effective.

Question 19

Prudent Policy

Answer 19

A prudent policy starts with all the services blocked. The administrator permits safe and necessary services singly. It logs everything, like system and network activities. It provides most security whereas permitting only proverbial however necessary dangers.

Question 20

paranoid policy

Answer 20

A paranoid policy forbids everything. There’s a strict restriction on all use of company computers, whether or not it’s system usage or network usage. There’s either no net association or severely restricted net usage. Because of these to a fault severe restrictions, users typically try and notice ways that around them.

Question 21

Hyena

Answer 21

Windows enumeration tool with GUI

Question 22

CRIME attack

Answer 22

Compression Ratio Info-Leak Made Easy (CRIME) is a client-side attacker that looks to exploit the vulnerabilities present in the data compression features of protocols such as SSL/TLS, SPDY, and HTTPS. By obtaining and decrypting the secret session cookies, an attacker can obtain access and hijack the session. The information they obtain from the decrypted cookie provides the authentication information required to open a new session with the web application.

Question 23

According to the EC-Council, the typical Internet of Things (IoT) architecture consists of how many layers?

Answer 23

Application Layer: Delivery of various applications to different IoT users
Middleware Layer: Device management and information management
Internet Layer: Connection between the endpoints
Access Gateway Layer: Protocol translation and messaging
Edge Technology Layer: Sensors, devices, machines, intelligent edge nodes of all types.

Question 24

IOT eco-system access control

Answer 24

The ecosystem access control controls how the IoT device environment is governed and how they are provided access to the rest of the network. Because the devices interface constantly, and mesh together, there is an implicit trust between the devices which can be attacked. There is also the potential to abuse the enrollment functionality of a new device if it is automated, which is likely for large IoT deployments. Decommissioning a device also presents an attack surface if it is not properly wiped and deprovisioned from the system. Finally, the lost access procedures cover how a user can regain access to the device, which can potentially be abused by an attacker to obtain access.

Question 25

Vulnerability Assessment Life-Cycle

Answer 25

Creating baseline, Vulnerability Assessment,Risk Assessment, Remediation, Verification, Monitor

Question 26

IOT architecture layers

Answer 26

Application Layer: Delivery of various applications to different IoT users
Middleware Layer: Device management and information management
Internet Layer: Connection between the endpoints
Access Gateway Layer: Protocol translation and messaging
Edge Technology Layer: Sensors, devices, machines, intelligent edge nodes of all types.

Question 27

4 typical IoT Communication Models

Answer 27

Device-to-Device Model: An example would be a light switch being wirelessly connected with a WiFi light bulb
Device-to-Cloud Model: An example could be a temperature sensor connected to an Application Service Provider’s cloud.
Device-to-Gateway Model: An example would be where an IoT device transfers the data to a gateway which may or may not communicate that data with a cloud for additional access
Back-end Data-Sharing Model: An example of this model would be where an IoT light sensor is connected to a readily available Application Service provider #1 who enables other service providers to access and utilize App. Service provider #1’s data.

Question 28

product based vulnerability Assessment Solutions

Answer 28

deployed within the network. Usually dedicated for internal network

Question 29

Service based vulnerability Assessment Solutions

Answer 29

third-party solutions which offers security and auditing. This can be host either inside or outside the network. This can be a security risk of being compromised.

Question 30

Tree-based Assessment

Answer 30

The approach in which auditor follows different strategies for each component of an environment

Question 31

Inference-based Assessment

Answer 31

approach to assist depending on the inventory of protocols in an environment

Question 32

CVSS system

Answer 32

None: 0.0
    Low: 0.1 - 3.9
    Medium: 4.0 - 6.9
    High: 7.0 - 8.9
    Critical: 9.0 - 10.0

Question 33

CVSS access/attack vectors

Answer 33

physical (P) The attacker must either have physical access to the vulnerable system (e.g. firewire attacks)
The vulnerable component is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either:
the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH); or
the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document).
Adjacent (A) The attacker must have access to the broadcast or collision domain of the vulnerable system (e.g. ARP spoofing, Bluetooth attacks).
Network (N= 1)The vulnerable interface is working at layer 3 or above of the OSI Network stack. These types of vulnerabilities are often described as remotely exploitable (e.g. a remote buffer overflow in a network service)

Question 34

Impact metrics (CVSS)

Answer 34

CIA measures by H=high(.660) L=LOW (.275) N=none (0.0)

Question 35

unicast

Answer 35

is used to refer to a single host

Question 36

multicast address

Answer 36

used to deliver a package to a group of destinations. Any packet sent to a multicast address, will be delivered to every host that has joined that particular group

Question 37

anycast address

Answer 37

very similar to the multicast address, but packets will be delivered to only one random host, instead of the entire group

Question 38

Broadcast

Answer 38

IP address that is used to target all systems on a specific subnet network instead of single hosts. In other words broadcast address allows information to be sent to all machines on a given subnet rather than to a specific machine.

Question 39

is used to refer to a single host

Answer 39

Unicast

Question 40

used to deliver a package to a group of destinations. Any packet sent to a multicast address, will be delivered to every host that has joined that particular group

Answer 40

Multicast

Question 41

very similar to the multicast address, but packets will be delivered to only one random host, instead of the entire group

Answer 41

Anycast

Question 42

IP address that is used to target all systems on a specific subnet network instead of single hosts. In other words broadcast address allows information to be sent to all machines on a given subnet rather than to a specific machine.

Answer 42

Broadcast

Question 43

Ping of death

Answer 43

Ping of Death (a.k.a. PoD) is a type of Denial of Service (DoS) attack in which an attacker attempts to crash, destabilize, or freeze the targeted computer or service by sending malformed or oversized packets using a simple ping command.

Question 44

POODLE Attack

Answer 44

stands for “Padding Oracle On Downgraded Legacy Encryption”) is a man-in-the-middle exploit which takes advantage of Internet and security software clients’ fallback to SSL 3.0.

Question 45

DUHK Attack

Answer 45

Don’t Use Hard-Code Keys (DUHK) is a cryptographic vulnerability that enables an attacker to ascertain encryption keys that are being implemented to secure virtual private network (VPN) communications or web sessions. ANSI X9.31 Random Number Generator (RNG). The pseudorandom number generators (PRNGs)

Question 46

chosen cipher text attacks

Answer 46

n a chosen ciphertext attack, the attacker can additionally (a chosen ciphertext attack is usually understood to subsume a chosen plaintext attack) choose some ciphertext and is handed the corresponding plaintext. In other words, the attacker may encrypt and decrypt arbitrary messages.

Question 47

Chosen Plain text

Answer 47

n a chosen plaintext attack, the attacker chooses some plaintext and is handed the corresponding ciphertext. In other words, the attacker may encrypt arbitrary messages.

Question 48

Known Plain text

Answer 48

During known-plaintext attacks, the attacker has an access to the ciphertext and its corresponding plaintext. His goal is to guess the secret key (or a number of secret keys) or to develop an algorithm which would allow him to decrypt any further messages
In a known-plaintext attack, the attacker has access to at least one example of plaintext and its corresponding ciphertext. This means the attacker is able to observe the plaintext prior to encryption and also see the corresponding encryption result.

Question 49

Bluetooth uses which digital modulation technique

Answer 49

PSK (phase-shift keying)

Question 50

data-gathering activities associated with a risk assessment

Answer 50

Threat identification, vulnerability identification, control analysis

Question 51

what layer of the OSI layer does the encryption and decryption of the message take place?

Answer 51

what layer of the OSI layer does the encryption and decryption of the message take place?resentation

Question 52

Which tool can be used to perform session splicing attacks

Answer 52

Whisker

Question 53

Cyber kill chain

Answer 53

Step 1 – Reconnaissance

In this stage, attackers are selecting their victim and researching their security vulnerabilities. They may be locating what sensitive data you have, where it’s stored, who has access to it and what the best routes are into the network.

Step 2 – Weaponization

The attackers have finished their research into your organization’s vulnerabilities and have selected their targets. In this step, they are working out how best to get inside the network. This might be through a virus or malware tailored to exploit known vulnerabilities.

Step 3 – Delivery

The attack method is delivered into the target environment. The actual method used may vary but it most commonly comes through malicious email attachments, websites, or USB devices.

Step 4 – Exploitation

In this step, the malicious code has been inserted or the vulnerability has been exploited, and the attackers are setting themselves up to execute on their mission.

Step 5 – Installation

The malware installs an access point that enables the attackers to get access to the target environment.

Step 6 – Command and Control

The attackers now have uninterrupted access to the target environment and can manipulate it at will.

Step 7 – Actions on Objective

The original goals of the attack can now be executed on command. The outcome of this could be anything from data theft to Ransomware. Whatever the objective is, if this step is completed successfully, you have been the victim of a data breach and are likely going to face severe costs to reputation and the bottom line.

Question 54

Server-side request forgery

Answer 54

Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.