SCANS

Question 1

heavily enable reconnaissance, and information gathering. This intelligence can reveal vulnerabilities that cyber threat attackers can exploit and use as attack surfaces

Answer 1

Scanning and enumeration

Question 2

is the process of collecting information without performing any analysis to identify a host, or obtain more details on a host.

Answer 2

Scanning

Question 3

is performing cursory analysis on the data collected from scanning to identify one or more hosts, or gathering more information on a host to discover additional details on the target. The goal of _______ is to establish a numeric understanding of the target and enables the identification and collection of important information about the target

Answer 3

Enumeration

Question 4

Successful enumeration and scanning can reveal possible ___________ and provide insight on the vulnerabilities that our targets attack surfaces are exposed to.

Answer 4

Attack Surfaces

Question 5

are the set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or extract data from.

Answer 5

Attack surfaces

Question 6

is any weakness that exists within a targets device, software and/or network that can be exploited in order to deliver a payload and cause harm to the target.

Answer 6

Vulnerability

Question 7

Characteristics of scanning and enumeration: is the recording, aka sniffing, and analysis of packet streams to determine hosts and network characteristics

Answer 7

Passive fingerprinting

• Passive collections will leave little to no evidence of the scans being performed by not interacting with host machines on the network.
• This technique avoids the 4 D’s (deny, degrade, destroy, disrupting) to the network and host machines, and prevents alerts from occurring

Question 8

Characteristics of scanning and enumeration: are a grouping of information that can be used to identify the software, network protocols, operating systems and the hardware that may be in use on a network

Answer 8

Fingerprints

Question 9

What process focuses on establishing a numerical understanding to collected information pertaining to a target network?

Answer 9

enumeration

Question 10

What is the process of collecting information without performing any analysis to identify or obtain more details on a host?

Answer 10

Scanning

Question 11

is the process of sending normal or malformed packets to a target, and monitoring it’s response.

involve interaction with network machines, which may alert users on the network through logs, alerts, or artifacts left behind.

Answer 11

Active fingerprinting

Question 12

Analyzing the target’s response may help fingerprint the target and determine the security measures that may have been placed. Pertaining to port scanning, 1 of 3 responses will be received:

Answer 12

• Open, Accepted – host responds and awaits further instructions
• Closed, Not Listening – port currently in use and unavailable
• Filtered, Dropped, Blocked – host does not respond

Question 13

involve interaction with network machines, which may alert users on the network through logs, alerts, or artifacts left behind.

Answer 13

Active scans/fingerprinting

Question 14

Some Active Fingerprinting tools that an attacker may use to gather information on a target network, include the following:

Answer 14

• NMAP
• Xprobe2
• CronOS

Question 15

What fingerprinting method is considered to be more overt? Active or Passive?

Answer 15

Active

Question 16

What three responses are provided when port scanning?

Answer 16

• open
• closed
• filtered

Question 17

Port and Service Identification

Answer 17

is part of the fingerprinting process. In the client-server communication relationship, the client has the ability to request one or more services from a server.

Question 18

Port and Service Identification: that are identified when analyzing network traffic between a server and client, can often reveal what services a client may be requesting from a server, and allows the client to know what services the server is sending back to the client

Answer 18

port numbers

Question 19

Port and Service Identification: caution

Answer 19

Remember, the ports may be set or modified by the administrator. An example of this would be if port 22 (ssh) was changed to port 2222 for security measures

Question 20

Analyzing what, can reveal services that a client is requesting from the server?

Answer 20

port numbers

Question 21

True or False: Port numbers are always static

Answer 21

false

Question 22

Port and Service Identification

Answer 22

These common ports are associated with certain host machines and servers

Question 23

is a tool used to discover live hosts, services, network inventory, managing service upgrade schedules, monitoring host or service uptime, filters/firewalls, or specific operating systems by analyzing the response from the raw IP packets sent to a target system

Answer 23

Nmap

Question 24

Angry IP Scanner advantages

Answer 24

• The biggest advantages to Angry IP Scanner is the ease of use and flexibility that it provides to the user as a tool. Angry IP allows for the saving of favorite IP ranges, utilizes an easy to use GUI, uses multi-threaded scanning for faster response times and provides flexibility when exporting results into a CSV, TXT or XML file format.
• This flexibility is also seen in the open source nature of the tool, which allows for easy customization of the source code, as well as the ability to use additional plug-ins to provide greater information returns.

Question 25

Nmap analyzes the response from what type of packets that are being sent to a target system?

Answer 25

TCP, UDP … depends on what you send out

Question 26

Angry IP Scanner:

is powerful tool that is capable of providing a vast array of information about a target; revealing host names, MAC addresses, NetBIOS information (such as the computer name, workgroup name, and currently logged in Windows user), favorite IP ranges, detecting web servers, and more

Answer 26

Angry IP Scanner

Question 27

True or False: NMAP is a tool that can identify and fingerprint network hosts and devices from PCAP files captured from ethernet or WiFi data.

Answer 27

false

Question 28

Angry IP Scanner: was a legacy command line port scanner dedicated to the Windows OS that utilized ICMP to conduct its scans and targeted all TCP and UDP ports. Today ScanLine no longer exists and the tools we use have a much broader scope and capability.

Answer 28

Scanline

Question 29

Angry IP Scanner: was not designed with the sole purpose of being an offensive security tool; it lacks the ability to conduct stealth-scanning methods that other scanning tools are able to utilize.

This means that targeted networks and systems may be able to easily detect scanning if using Angry IP, as opposed to Nmap

Answer 29

Angry IP Scanner

Question 30

Angry IP Scanner: is an great GUI based alternative network scanning tool, that is able to function with ease on Windows, Linux and MacOS and provides the ability to quickly scan any range of IPs (as the name suggests), and ports, as well as various other functions.

Answer 30

Angry IP Scanner

Question 31

What operating system can Angry IP Scanner run on?

Answer 31

any

Question 32

True or False: Angry IP Scanner is a cross-platform scanning tool that can uncover information about a target in an undetectable manner?

Answer 32

false

Question 33

Services like FTP servers, web servers, SSH servers and other systems expose confidential information like software names, versions and the OS it is running. All of this information is known as?

Answer 33

banner data

Question 34

If an attacker can grab this _________, it could easily lead them to vulnerabilities that they can exploit against their target.

Answer 34

banner data

Question 35

Technique banner grabbing: Within banner grabbing, there are two different techniques

Answer 35

Active banner grabbing, and Passive banner grabbing

Question 36

is the act of obtaining software banner information, either manually or using tools that perform this function automatically

Answer 36

Banner grabbing

Question 37

Technique banner grabbing: is the most widely used method of grabbing banner data.

This is active because the connection is logged in the remote system. This method can often times, be detected by intrusion detection systems, and therefore is much more overt.

Answer 37

Active Banner Grabbing

Question 38

Technique banner grabbing: provides nearly as much information, yet is able to avoid the exposure and scrutiny from the origin connection

Answer 38

Passive Banner Grabbing

Question 39

The following tools, functions or protocols can be used to perform banner grabbing

Answer 39

• cURL
• Burp Suite
• Dmitry
• Netcraft
• Netcat
• Niko
• Nmap
• Telnet
• Wikto
• Wget

Question 40

What is the act of gathering banner data either manually or through the use of tools?

Answer 40

banner grabbing

Question 41

True or False: Banner data consists of services like TP servers, web servers, SSH servers, software names, OS versions and open ports/

Answer 41

True