Testing Your Infrastructure Flashcards

1
Q

Which vulnerability scanning tool uses a Web interface titled Greenbone Security Assistant?

A) Microsoft Baseline Security Analyzer
B) Nessus
C) Nexpose
D) OpenVAS

A

D) OpenVAS

OpenVAS is correct.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the most important step to be taken BEFORE you begin any vulnerability scanning?

A) Verify network connection
B) Obtain authorization
C) Drink lots of coffee
D) Correct misconfigurations

A

B) Obtain authorization

Obtain authorization is correct.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which social engineering principle is based on making an individual or group feel that everyone else has already agreed?

A) Familiarity
B) Urgency
C) Authority
D) Consensus

A

D) Consensus

Consensus is correct. Familiarity tries to make you think you have a close relationship. Urgency depends on portraying that the task or decision needs to be done NOW, and the goal of authority is to apply pressure because the other person thinks you are in charge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following social engineering attacks involves someone standing behind a user to watch their screen or keyboard for sensitive information?

A) Tailgaiting
B) Shoulder surfing
C) Whaling
D) Vishing

A

B) Shoulder surfing

Shoulder surfing is correct. Tailgating is when an unauthorized person follows an authorized person into a secured location. Whaling is spear phishing that targets high-level management or executives, and vishing is using the telephone system to obtain private information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What type of attack causes an application to lock up by entering a very large amount of data?

A) LDAP injection
B) Buffer overflow
C) Code injection
D) Integer overflow

A

B) Buffer overflow

Buffer overflow is correct. LDAP injection is when the attacker is attempting to enter commands to query the underlying database; code injection attempts to add additional code to an application; and integer overflow occurs when the result of a mathematic operation exceeds the maximum size allowed in the form or field.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which type of pen testing is performed by someone who has extensive information about the system(s) to be attacked?

A) White box
B) Black box
C) Gray box
D) Redbox

A

A) White box

White box is correct. Black box pen testing is done by an outsider with no knowledge of the systems or infrastructure, and gray box is performed by someone who has some but not complete knowledge. Finally, Red Box is vending machine that can rent movies and games.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which impact is likely to cause a system to stop functioning?

A) Race conditions
B) Lack of vendor support
C) Storage of non-essential information
D) Integer overflow

A

D) Integer overflow

All of these conditions are a nuisance and will affect performance, but an integer overflow will usually stop the program from functioning, in some cases actually shutting down the whole system. Race conditions are unprotected, out of order simultaneous operations that may conflic with one another or be exploited for malicious purposes. Lack of vendor support means no patches and upgrades, possibly leading to the program not functioning correctly. Storage issues affect performance and data retrieval, slowing the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly