Security: Information Gathering PEs

Question 1

PFC Tyler is attempting to execute a dig query on a site, but he misspelled the website name and accidentally spelled a non-existent website name instead. What status will PFC Tyler see when he attempts this query? Hint: the domain name queried does not exist

Answer 1

NXDOMAIN

Question 2

A traceroute is a network command that can be run on your computer if you experience routing problems. It traces the “hops” between your computer and the final destination. For each hop, the traceroute will diagnose where the problem is.

Answer 2

True

Question 3

When in the Information Gathering/Reconnaissance phase, an attacker should gather the least amount of data possible so they can reduce the number of attack vectors, which will reduce the probability of being detected.

Answer 3

False. You want to gather as much data as possible and increase the number of attack vectors

Question 4

What phase of the Cyber kill chain would be considered the most important phase? This would be paramount to successfully continue all the other phases.

Answer 4

reconnaissance

Question 5

What are the two modes Nslookup can be used in? Format (xxx, xxx-xxx)

Answer 5

Interactive, non-interactive

Question 6

_______________ mode allows a user to execute queries back-to-back without typing the entire command for each query.

Answer 6

interactive

Question 7

_______________ mode involves typing the entire command for each query.

Answer 7

Non-interactive

Question 8

What command queries a DNS (Domain Name System) server for DNS records relating to IP addresses, mail exchanges, and name servers?

Answer 8

Dig

Question 9

What is the name of the website using the address 63.147.161.50?

Answer 9

goarmy.com (hint use nslookup)

Question 10

What is IPv4 address is the webpage text-lb.esams.wikimedia.org using?

Answer 10

91.198.174.192 (hint use nslookup)

Question 11

If there are no errors with a dig query, what status will the user see?

Answer 11

No Error

Question 12

What query status might a user see if they attempt a dig query on a site that has security settings configured so that zone transfers are not permitted or the zone does not exist at the request authority?

Answer 12

Refused

Question 13

SGT Gray wants to verify that the H&S Company printer is able to respond to network connections. The IP address of the printer is 192.168.0.105? What command will SGT Gray execute to perform this task?

Answer 13

Ping 192.168.0.105

Question 14

How many times will the remote host 192.168.1.101 be ping’d if the following command is executed? ping -c 6 192.168.1.101

Answer 14

6

Question 15

Target Development includes all of the following EXCEPT:

• Understanding potential vulnerabilities
• Obtaining or developing scripts
• Deliver brief derived from mission analysis
• Planning execution of exploit
• Testing in a controlled environment

Answer 15

Deliver brief derived from mission analysis

Question 16

It is possible to exploit a target without gathering any information on the target.

Answer 16

False

Question 17

Which of the following is NOT one of the 4 Ds:

• Deny
• Degrade
• Destroy
• Delay
• Disrupt

Answer 17

Delay

Question 18

Some information cannot be found within the IP address alone. Select the group of tools that can used in the information gathering phase:

Answer 18

ping, dig, traceroute, nslookup

Question 19

What is an example of nslookup syntax:

Answer 19

nslookup www.google.com

Question 20

These __________ packets are sent and all routers involved receives these particular packets. These determine if the information in the packets are able to transfer the data effectively.

Answer 20

ICMP

Question 21

The ____________ is a series of steps that trace stages of a cyber attack from the early reconnaissance stages to exfiltration. Understanding this process can help users understand and combat ransomware, security breaches, and advanced persistent attacks (APTs)

Answer 21

Cyber Kill Chain

Question 22

What specifies the number of pings?

Answer 22

-c

Question 23

When using the dig command, you may see multiple IP’s from your query. This could be an indication that a __________ may be present?

Answer 23

Load Balancer

Question 24

SSG Thomas needs to see the gateways that packets pass through to reach the destination amazon.com. What command can SSG Thomas use to see this?

Answer 24

traceroute www.amazon.com

Question 25

___________ is built into both Windows and UNIX operating systems, and is a universal way of testing network response time and performance.

Answer 25

ping

Question 26

What is it called when an attacker probes for weakness including harvesting login credentials or information that is useful in phishing attacks?

Answer 26

Reconnaissance

Question 27

This type of exploitation is taking advantage of a system’s setting that allows it to be manipulated by an unintended source.

Answer 27

Misconfiguration

Question 28

This type of exploitation is taking advantage of poor OPSEC, cyber training, or restrictions in place.

Answer 28

Human

Question 29

What command queries DNS servers for relating information such as name servers, mail exchanges and IP addresses.

Answer 29

Dig

Question 30

What is an example of the a Cyber Kill Chain?

Answer 30

A planned process of cyber attacks