Threat & Vulnerability Management

Question 1

cross-site request forgery

Answer 1

an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated.

Question 2

SQL injection

Answer 2

placement of malicious code in SQL statements, via web page input.

Question 3

Rootkit

Answer 3

A rootkit is a set of software tools that enable an unauthorized user to gain control of a computer system without being detected.

Question 4

Cross-site scripting

Answer 4

An XSS will allow an attacker to execute arbitrary JavaScript within the browser of a victim user (such as creating pop-ups)

Question 5

Command and control (C2) phase

Answer 5

the adversary is testing that they have control over any implants that have been installed. This can be conducted using web, DNS, and email protocols to control the target and relies on an established two-way communication infrastructure to control the target system using remote access.

Question 6

Delivery phase

Answer 6

the adversary is firing whatever exploits they have prepared during the weaponization phase. At this stage, they still do not have access to their target, though.

Question 7

Advanced Persistent Threat (APT)

Answer 7

An APT refers to the ongoing ability of an adversary to compromise network security by using a variety of tools and techniques to obtain and maintain access. Primarily focused espionage and strategic advantage, but some target companies purely for commercial gain.

Question 8

integer overflow

Answer 8

arithmetic operation results in a large number to be stored in the space allocated for it. a number greater than 0xffffffff, an integer overflow occurs

Question 9

Password spraying

Answer 9

a type of brute force attack in which multiple user accounts are tested with a dictionary of common passwords.

Question 10

Port 22

Answer 10

SSH

Question 11

Port 20,21

Answer 11

FTP

Question 12

Port 23

Answer 12

Telnet

Question 13

Port 25

Answer 13

SMTP

Question 14

Port 53

Answer 14

DNS

Question 15

Port 69

Answer 15

TFTP

Question 16

Port 80

Answer 16

HTTP

Question 17

Port 443

Answer 17

HTTPS or SSTP

Question 18

Port 88

Answer 18

Kerberos

Question 19

Port 110

Answer 19

POP3 (non -encrypted)

Question 20

Port 995

Answer 20

POP3 (encrypted)

Question 21

Port 119

Answer 21

Network News Transfer Protocol (NNTP)

Question 22

Port 123

Answer 22

Network time protocol (NTP)

Question 23

Ports 137, 138, 139.

Answer 23

NetBIOS over TCP/IP (NBT, or sometimes NetBT)

Question 24

Port 143

Answer 24

Internet Message Access Protocol (IMAP)

Question 25

Port 993

Answer 25

IMAP over SSL (IMAPS)

Question 26

Simple Network Management Protocol (SNMP)

Answer 26

161 – SNMP (Agents receive requests)

162 – SNMP (Controller receives data)

Question 27

Port 389

Answer 27

Lightweight Directory Access Protocol (LDAP)

Question 28

Port 636

Answer 28

LDAPS

Question 29

Port445

Answer 29

Server Message Block (SMB)

Question 30

Port 500

Answer 30

Internet Key Exchange (IKE)

Question 31

Port 989/990.

Answer 31

FTPS

Question 32

Port 1433

Answer 32

SQL

Question 33

Port 1723

Answer 33

Point-to-Point Tunneling Protocol (PPTP

Question 34

Port 1812,1813

Answer 34

RADIUS

Question 35

Port 3389

Answer 35

Remote Desktop Protocol (RDP)

Question 36

MITRE ATT&CK framework

Answer 36

provides explicit pseudo-code examples for detecting or mitigating a given threat within a network and ties specific behaviors back to individual actors.

Question 37

CVSS 3.1 Metrics

Answer 37

access vector (AV), access complexity (AC), privileges required (PR), user interaction (UI), scope (S), confidentiality (C), integrity (I), and availability (A).

Question 38

parameterized query

Answer 38

(also known as a prepared statement) is a means of pre-compiling a SQL statement so that all you need to supply are the “parameters” (think “variables”) that need to be inserted into the statement for it to be executed.

Question 39

Nikto

Answer 39

a web application scanner that can perform comprehensive tests against web servers for multiple items