Section 5

Question 1

What is business continuity planning

Answer 1

refers to the plans you put in place to ensure that critical business functions can continue in a state of emergency

Question 2

What is disaster recovery planning

Answer 2

refers to the plans you put in place to prepare for a potential disaster, including what exactly to do during and after a disaster strikes, such as evacuation routes posted on maps throughout the facility or signage indicating meeting places in the case of an evacuation.

Question 3

What are deterrent measures

Answer 3

aim to discourage those who might violate your security

Question 4

What are detective measures

Answer 4

alert you to potential intrusions

Question 5

What are preventive controls

Answer 5

physically prevent intrusions from taking place.

Question 6

What is network segmentation

Answer 6

divide it into multiple smaller networks called subnets. You can control the flow of traffic between subnets, allowing or disallowing it based on a variety of factors or even blocking the flow of traffic entirely if necessary.

Question 7

What are network chokepoints

Answer 7

locations where you can inspect, filter, and control the traffic.

Question 8

What is packet filtering

Answer 8

the firewall looks at the contents of each packet in the traffic individually and either allows or disallows it based on the source and destination IP addresses, the port number, and the protocol being used.

Question 9

What are deep packet inspection firewalls

Answer 9

they can analyze the actual content of the traffic that flows through them. deep packet inspection firewalls can reassemble the contents of the traffic to see what it will deliver to the application for which it’s destined.

Question 10

What is a demilitarized zone (DMZ)

Answer 10

a layer of protection that separates a device from the rest of a network.

Question 11

What are signature-based IDS

Answer 11

They maintain a database of the signatures that might signal an attack and compare incoming traffic to those signatures.

Question 12

What are anomaly-based IDS

Answer 12

work by determining the normal kinds of traffic and activity taking place on the network. They then measure the present traffic against this baseline in order to detect patterns that aren’t present in the traffic normally

Question 13

What are packet crafting attacks

Answer 13

use packets of traffic that carry attacks or malicious code but are designed to avoid detection by IDS, firewalls, and other similar devices.

Question 14

What are the 2 terms for client and server when talking about VPNs

Answer 14

the VPN client application and the VPN concentrator

Question 15

What are rogue access points

Answer 15

unauthorized wireless access points

Question 16

What are the 2 different types of scanners

Answer 16

port scanners and vulnerability scanners

Question 17

What are honeypots

Answer 17

look legitimate but are fake and display vulnerabilities or materials that would be attractive to an attacker. Able to see all activity

Question 18

What are honeypots

Answer 18

look legitimate but are fake and display vulnerabilities or materials that would be attractive to an attacker. Able to see all activity of attacker. networks of honeypots are called honeynets

Question 19

What are honeynets

Answer 19

networks of honeypots with some sort of centralized instrumentation for monitoring all of the honeypots

Question 20

What is Scapy

Answer 20

a tool used to map the topology of firewalls and help you locate vulnerabilities in them

Question 21

What is Scapy

Answer 21

a tool used to map the topology of firewalls and help you locate vulnerabilities in them as well as specially crafting ICMP packets to evade some of the normal measure put in place to prevent you from seeing devices behind firewalls

Question 22

What is the attack surface

Answer 22

the sum of available avenues though which your OS might be attacked

Question 23

What are the six primary means of OS hardening

Answer 23

remove unnecessary software, remove unneeded services, alter default accounts, use principles of least privilege, perform updates, implement logging and auditing

Question 24

What is executable space protection

Answer 24

a technology that prevents the OS and apps from using certain portions of the memory to execute code.

Question 25

What is address space layout randomization (ASLR)

Answer 25

a technique that shifts the contents of the memory in used around so that tampering with it is even more difficult

Question 26

What is a buffer overflow attack

Answer 26

works by inputting more data than an application is expecting and then the leftover data is put into memory which can be executed as malware

Question 27

What is an exploit framework

Answer 27

a collection of prepackaged exploits and tools, such as network mapping tools and sniffers.

Question 28

What is OpenVAS used for

Answer 28

to locate specific security flaws in your services or network-enababled software

Question 29

What is a host-based IDS

Answer 29

used to analyze the activities on or directed at the network interface of a particular asset (host).

Question 30

What are the 2 corporate owned mobile device types

Answer 30

corporate-owned business only (COBO) or corporate-owned personally enabled (COPE)

Question 31

What is a baseband operating system

Answer 31

a tiny operating system running on its own processor which is underneath the OS you can see on modern mobile devices. it handles things like USB ports, GPS, radios, etc.

Question 32

What are race conditions

Answer 32

when multiple processes (or multiple threads within a process) control or share access to a resource and the correct handling of that resource depends on the proper ordering or timing of transactions. If you were to perform 2 actions at once than there might be an error not giving the correct result.

Question 33

What happens in a format string attack

Answer 33

attackers use certain print functions within a programming language that are meant to format the output but instead allow the attacker to manipulate or view an application’s internal memory.

Question 34

What are authentication attacks

Answer 34

those that attempt to gain access to resources without the proper credentials to do so.

Question 35

What are authorization attacks

Answer 35

attacks that attempt to gain access to resources without the appropriate authorization to do so.

Question 36

What happens in a cross-site scripting (XSS) attack

Answer 36

placing code written in a scripting language into a web page, or other media like Adobe Flash animation and some types of video files, that is displayed by a client browser. When other people view the web page or media, they execute the code automatically, and the attack is carried out.

Question 37

What happens in a directory traversal attack

Answer 37

gain access to the file system outside of the web server’s structure where content is stored by using the ../ character sequence, which moves up one level of a directory to change directories

Question 38

What are privilege escalation attacks

Answer 38

those that increase your level of access above what you’re authorized to have on the system or application.

Question 39

What is “spidering”

Answer 39

indexing and mapping all files and directories on a target web server

Question 40

What are 2 tools that can find web app vulnerabilities

Answer 40

OWASP ZAP & Burp Suite

Question 41

What is fuzz testing

Answer 41

uses tools called fuzzers that work by bombarding your applications with all manner of data and inputs from a wide variety of sources, in the hope that you can cause the application to fail or to perform some unexpected behavior.

Question 42

What is bounds checking

Answer 42

setting a limit on the amount of data an app takes in to mitigate a buffer overflow attack

Question 43

Which port service needs to be removed when running a webserver

Answer 43

Port 53 is typically blocked on webservers to prevent Domain Name System (DNS) servers from divulging critical information to attackers.

Question 44

What is an industrial control system

Answer 44

any system controlling an industrial process

Question 45

What is a supervisory control and data acquisition system

Answer 45

a kind of industrial control system that specifically monitors and controls systems over long distances, often those related to utilities and other infrastructure

Question 46

What is an air-gapped network

Answer 46

a network which has no direct connections to the outsdie

Question 47

What is a controller area network bus

Answer 47

a network on which the embedded devices in a car communicate to each other

Question 48

What are 2 common vulnerability assessment tools

Answer 48

Qualys and Nessus

Question 49

What is a container

Answer 49

an entirely self-contained and ready-to-run virtualized instance, specifically designed to allow easy scaling up and down of portions of the environment seeing variable levels of load. only includes everything needed to run an application, including the code, runtime, system tools, libraries, and configurations.

Question 50

What is the pentesting process

Answer 50

scoping -> reconnaissance -> discovery -> exploitation -> reporting

Question 51

What is OWASP ZAP

Answer 51

designed to automatically find security vulnerabilities in web applications while you are developing and testing your applications.

Question 52

What is Burp Suite

Answer 52

designed to be an all-in-one solution for web application vulnerability scanning, and provides a variety of features that can help identify and exploit security issues.

Question 53

What are rules of engagement in a pentest

Answer 53

These rules may specify times of day in which testing must take place, procedures testers should follow if they uncover a severe vulnerability, and so on.

Question 54

What happens in a directory traversal attack

Answer 54

gain access to the file system outside of the web server’s structure where content is stored by using the ../ character sequence, which moves up one level of a directory to change directories

Question 54

What happens in a directory traversal attack

Answer 54

gain access to the file system outside of the web server’s structure where content is stored by using the ../ character sequence, which moves up one level of a directory to change directories

Question 55

What happens during reconnaissance in a pentest

Answer 55

the research you conduct before attempting any attacks against a target.

Question 56

What happens during exploitation in a pentest

Answer 56

attempting to exploit the vulnerabilities you detected in the earlier stages. This may include attacking vulnerabilities in the environment or even chaining multiple vulnerabilities together to penetrate deeper into the environment.

Question 56

What happens during reporting in a pentest

Answer 56

document what you discovered and what exact steps you need to reproduce the attacks you successfully carried out.

Question 56

What happens during scoping in a pentest

Answer 56

company lays out what you are testing against what is off limits, and may provide rules of engagement

Question 57

What happens during discovery in a pentest

Answer 57

you’d likely run your vulnerability assessment tools, if you didn’t already do so, and go over the results. In this step, you’d look for open ports and services on hosts to detect any running services that could be vulnerable to attack.

Question 58

What is the difference between black-box, white-box, and gray-box testing

Answer 58

in black-box testing the tester has no knowledge of the environment other than the testing scope

in white-box testing the tester has all the information about the environment available

in gray-box testing the attacker is given some inside information about the environment, but not as much as they’d get if they were conducting a white-box test.

Question 59

What is static analysis in pentesting

Answer 59

involves directly analyzing the application source code and resources. For instance, the tester might pore through the code, looking for issues such as logic errors or vulnerabilities that exist due to the specific lines of code and libraries in use

Question 60

What is dynamic analysis in pentesting

Answer 60

involves testing the application while it’s in operation—in other words, testing the compiled binary form or the running web application.

Question 61

What are file integrity monitoring (FIM) tools

Answer 61

used to monitor the integrity of the application and operating system files on a particular machine. file may automatically be reverted to its original state or alert someone.

Question 62

What is alert fatigue

Answer 62

If you send too many alerts, particularly if they’re false alarms, your blue team will start to ignore the alerts entirely. The answer to this is to carefully send actionable alerts (those that prompt a specific response) and to send as few alerts as possible.