Test Prep

Question 1

Directory Traversal

Answer 1

Aims to access files and directories stored outside the webroot folder.

Question 1

ARP Poisoning

Answer 1

This involves

Question 2

Smurf

Answer 2

Uses a single ping with a spoofed address sent to the broadcast address of a network. This causes every device in the network to receive a single ping, each device responds to the spoofed address causing the victim to be overwhelmed with the responses to the ping.

Question 3

Passive information gathering

Answer 3

penetration tester gathers publicly available info without the organization being aware that the info was accessed

Question 4

Active information gathering

Answer 4

Starts top probe the organization using port scanning, vulnerability scanning etc that the organization can recognize.

Question 5

Ping of Death

Answer 5

Involves sending a malicious ping to a computer

Question 6

MITRE ATT&CK framework

Answer 6

provides explicit examples for detecting or mitigating a given threat within a network and ties specific behaviors back to individual actors

Question 7

OpenIOC

Answer 7

Contains a depth of research on APTs but doesnt integrate the detection and mitigation strategy

Question 8

Diamond Model of Intrusion Analysis

Answer 8

Provides a graphical depiction of the attackers approach relative to kill chain

Question 9

Cain and Abel

Answer 9

Password cracking tool, also includes password decoding