Unit 3 Vocabulary

Question 1

home directory

Answer 1

every user has a “home directory” that bears their username. This is similar in concept to My Documents folder in Windows. (Linux default: /home/username/)

Question 2

Flags

Answer 2

(to Linux commands) - options to modify command behaviors

Question 3

Access Control

Answer 3

The selective process of allowing or restricting the availability of a recourse.

Question 4

Owner

Answer 4

The user that owns the file

Question 5

Group

Answer 5

A collection of users who have access to the file

Question 6

Other/World

Answer 6

Everyone else

Question 7

Read (r)

Answer 7

Read a file or look inside a directory, matrix # - 4

Question 8

Write (w)

Answer 8

Write or modify a file or modify a directory’s contents matrix # - 2

Question 9

Execute (e)

Answer 9

Execute or run a file, or go into a directory (using, for example, cd) matrix # - 1

Question 10

Permission Matrix (drwxrwxrwx)

Answer 10

d = directory or file, 1st rwx = owner permissions, 2nd rwx = group permissions, 3rd rwx = others permissions

Question 11

.sh

Answer 11

A script that executes commands when ran

Question 12

Hidden files in Linux (begin with a .)

Answer 12

Hidden files don’t show up for the first ls command, only for ls -a or ls -la (ex: /.hideme)

Question 13

Open source

Answer 13

Software that is freely available to anyone who wants to use it. Users can modify it and distribute it however they want

Question 14

GNU Privacy Guard (gpg)

Answer 14

A command-line tool that lets you encrypt files with a variety of encryption algorithms

Question 15

Shell

Answer 15

A program that allows a user to enter commands to interact with an operating system

Question 16

Spawned

Answer 16

The act of starting or launching a process. The new process is a child process of a parent process; in other words, a parent process “spawns” a child process.

Question 17

Background Process

Answer 17

A process in UNIX that runs without user input

Question 18

Root Directory

Answer 18

In UNIX, the top-most directory denoted as /

Question 19

Open Systems Interconnection (OSI) model

Answer 19

A collection of many network protocols. It uses abstraction at different levels of detail to define how network components see, interpret, and process network traffic.
Layers 1-7 (lowest first) acronym: Please Do Not Teach Students Pointless Acronyms
Layers 1-7 (lowest first): Physical, Data Link, Network, Transport, Session, Presentation, Application

Question 20

Security Baseline

Answer 20

A starting point for data analysis. It is the initial data set used in later comparisons

Question 21

Subnet

Answer 21

A smaller part of a larger network

Question 22

Reconnaissance

Answer 22

The first phase of ethical hacking, which involves probing the network to understand its structure and to see what services are open and running

Question 23

Scanning

Answer 23

The second phase of ethical hacking, which involves taking a closer look at the services and software running on the host

Question 24

Compromise

Answer 24

The third phase of ethical hacking, which involves launching exploits at targeted vulnerabilities to see if they are genuine exposures on the system.

Question 25

Remediation

Answer 25

The fourth and final phase of ethical hacking where the security professionals fix the system vulnerabilities uncovered in the previous phases.

Question 26

Nessus

Answer 26

A security tool used to scan a system or network for known vulnerabilities. When a vulnerability is reported or discovered anywhere in the world, the engineers at Nessus add it to their program as a "plug-in". An example of a vulnerability with a Nessus plug-in is a buggy version of MySQL that permits a DoS attack. Using its list of plug-ins, Nessus scans a system to determine whether this or other vulnerabilities are running on a system.

Question 27

Metasploit

Answer 27

A collection of tools referred to as a framework. Pen testers use the Metasploit framework to perform penetration tests to help them develop exploits and build custom tests to asses weaknesses and vulnerabilities in a system or network. The Metasploit framework is very powerful and should be used in the most disciplined manner. The framework includes a console, a command line, and a web interface.

Question 28

Security framework

Answer 28

A security framework is a series of defined processes used to test and expose the security that are in place on a system.

Question 29

Packet

Answer 29

A general term for a chunk of data

Question 30

Zenmap

Answer 30

A security tool that is the graphical version of a command-line tool that scans a network for hosts, open ports, and services.

Question 31

Address Resolution Protocol (ARP)

Answer 31

Used to determine a device's physical address (usually a MAC address) and map it to an IP address. ARP messages are implemented in layer 2, the data link layer.

Question 32

Bash format

Answer 32

[user_name]@[machine_name]:[directory]$ beta@PLTW:~/Templates$ User beta is logged in to machine PLTW and the present working directory is Templates in their home folder (~/Templates)

Question 33

UID

Answer 33

id of the user that launched the process

Question 34

PID

Answer 34

Process ID of the unique process

Question 35

PPID

Answer 35

Parent process ID that started or spawned this process

Question 36

CMD

Answer 36

process or command name, often contains directory path to the executable

Question 37

ftp port

Answer 37

21

Question 38

ssh port

Answer 38

22

Question 39

http port

Answer 39

80