CHAPTER 1-4

Question 1

OSI Reference model

Answer 1

Application, Presentation, Session,Transport, Network, Data Link,Physical

Question 2

TCP/IP Stack

Answer 2

Application,Transport,Internet,Network Access

Question 3

Risk Management

Answer 3

Identifying organisational assets, threats to those assets and asset vulnerabilities, allowing the company to explore which countermeasures security personnel could put in place to minimize risks as much as possible (Identification,Assessment, Treatment, Tracking and Review)

Question 4

Business impact Analysis

Answer 4

BIA - Effort to identify the systems and processes that are critical for operation.

Question 5

Maxmium Tolerable Downtime

Answer 5

Provides a mean to prirotize the recovery of assets

Question 6

IRT

Answer 6

Incident Response Team

Question 7

ALE

Answer 7

Annualised loss expectancy - ARO (annual rate of occurrence) x SLE (single loss expectancy).

Question 8

Single loss expectancy

Answer 8

Exposure factor x Value of Asset

Question 9

Security Triad

Answer 9

Confidentiality (secrecy and privacy of information), Integrity (methods and actions taken to protect the information) and availability (communication systems and data being ready for use when legitimate user needs it)

Question 10

Three main phases in a pen test

Answer 10

Preparation, Assessment and Conclusion

Question 11

Five main phases of hacking

Answer 11

Reconnaissance, Scanning and Enumeration, Gaining Access, Maintaining Access and Covering Tracks

Question 12

TOE

Answer 12

Target of evaluation

Question 13

FISMA

Answer 13

Federal Information Security Modernization Act

Question 14

HIPAA

Answer 14

Health Insurance Portability and Accountability Act

Question 15

SOX

Answer 15

The Sarbanes-Oxley Act - Created to make corporate disclosures more accurate and reliable in order to protect the public and investors from shady behavior.

Question 16

PCI-DSS

Answer 16

Payment Card Industry Data Security Standards - Security standard for organisations handling credit cards (consists of 12 requirements)

Question 17

COBIT

Answer 17

Control Objects for Information and Related Technology created by Information System Audit and Control Association (ISACA) and IT Governance Institute (ITGI)

Question 18

ISO/IEC 27001:2013

Answer 18

for creating, maintaining and improving organisations IS (Information Security)

Question 19

OSSTMM

Answer 19

Open Source Security Testing Methodology Manual

Question 20

Internet DMZ

Answer 20

Controlled buffer network between you and the uncontrolled chaos of the Internet

Question 21

Internet

Answer 21

Outside the boundary and controlled

Question 22

Production Network Zone

Answer 22

Restricted zone that strictly controls direct access from uncontrolled zones.

Question 23

Intranet

Answer 23

Controlled zone that has little to no heavy restrictions

Question 24

Management Network Zone

Answer 24

Highly secured zone with very strict policies

Question 25

Anonymous Footprinting

Answer 25

Obscure source of all this information gathering

Question 26

Pseudonymous Footprinting

Answer 26

Making someone else take the blame for actions

Question 27

Benefits of Footprinting

Answer 27

Know the Security Posture Reduce Focus Area Identify vulnerabilities Draw a network map

Question 28

Active Footprinting

Answer 28

Requires attacker to touch the device network or resources

Question 29

Passive Footprinting

Answer 29

Measures to collect information from publicly accessible sources (dumpster diving = passive)

Question 30

Competitive Intelligence

Answer 30

Information gathered by a business entity about its competitors customers products and marketing

Question 31

Website watchers

Answer 31

can be used to check web pages for changes, automatically notifying you when there is an update

Question 32

DNSSEC

Answer 32

Domain Name System Security Extension - suite of IETF specifications for securing certain kinds of information provided by DNS

Question 33

IANA

Answer 33

Internet Assigned Number Authority - Where IP management started

Question 34

ICANN

Answer 34

Internet Corporation for Assigned Names and Numbers - Manages IP address allocation and a host of other things

Question 35

whois

Answer 35

tool that queries registries and returns information, including domain ownership, addresses, locations and phone numbers.

Question 36

nslookup

Answer 36

Tool used to query DNS servers for informations

Question 37

dig

Answer 37

Dig is used to test a DNS query and report its results 1

Question 38

Traceroute

Answer 38

Command line tool which tracks a packets across the internet (linux) UDP

Question 39

Tracecert

Answer 39

Command line tool which tracks a packet across the internet (windows) ICMP

Question 40

OSRFramework

Answer 40

Open Source Research Framework in python that helps you in the task of user profiling by making use of different OSINT tools

Question 41

RIR

Answer 41

Regional Internet Registry ARIN - American Registry of Internet Numbers APNIC - Asian Pacific Network Information Centre LACNIC - Latin America and Caribbean Network Information Centre AfriNIC - African Network Information Centre RIPE NCC - Europe, West Asia and former USSR

Question 42

A Record

Answer 42

Maps host name to IPv4 Address

Question 43

CNAME

Answer 43

Maps multiple names (alias) to A record | Canonical Name

Question 44

MX

Answer 44

Mail Exchange - Maps a domain to a mail server

Question 45

NS

Answer 45

Name Server - Assigns a DNS zone to access the give authoritative name servers

Question 46

PTR

Answer 46

Pointer - Maps IP addresses to the host names for reverse look ups

Question 47

SOA

Answer 47

Start of Authority - Specifies authoritative info for a DNS zone.

Question 48

SRV

Answer 48

Service Locator - Specifies a generic service location record for newer protocols

Question 49

HINFO

Answer 49

Host Information Resource Record - Provide OS and platform info

Question 50

Scanning

Answer 50

Process of discovering systems on the network and taking a look at what open ports and applications may be running

Question 51

Frame

Answer 51

When a recipient system gets a frame, it checks the physical address to see who the message is intended for

Question 52

XOR

Answer 52

XOR compares two binary inputs and creates and output: if the two inputs are the same, the output is 0 if different the output is 1

Question 53

255.255.255.255 (Destination MAC FF:FF:FF:FF:FF:FF)

Answer 53

Limited broadcast addresses are delivered to every system inside the broadcast domain

Question 54

Scanning Methodology

Answer 54

``` Check for live system Check for open ports Scan beyond IDS Perform Banner Grabbing Scan for Vulnerabilities Draw Network Diagram Prepare Proxies ```

Question 55

netstat -an

Answer 55

Displays all connections and listening ports with addresses and port numbers in numerical form.

Question 56

HPING

Answer 56

tool for both ping sweeps and port and linux versions and runs nearly any scan nmap can put out.

Question 57

Arp -a

Answer 57

will display current ARP cache ( -d will delete cache)

Question 58

CAM

Answer 58

Content Addressable memory

Question 59

NIC

Answer 59

Network Interface Card

Question 60

protocols vulnerable to sniffing

Answer 60

SMTP v1 (plain text) FTP, TFTP NNTP IMAP POP3

Question 61

Span port (port mirroring)

Answer 61

Is one in which the switch configurations has been altered to send a copy all frames from one port or successions of ports to another.

Question 62

DHCP Starvation

Answer 62

Malicious agaent exhausts all available addresses from the server

Question 63

DHCP

Answer 63

DORA - Discover Offer Request Acknowledge

Question 64

Port Security

Answer 64

Security Feature on switches that allows admin to manually assign AMC addresses to specific ports

Question 65

IRDP

Answer 65

ICMP Router Discovery Protocol - Advertises whatever gateway he wants all the systems to start routing messages to

Question 66

TCPDUMP

Answer 66

Command line tool that simply prints out a description of the content of a packet on a network interface that match a given filter.

Question 67

IDS

Answer 67

Intrusion Detection System are hardware or software devices that examine streams of packets for unusual or malicious behavior

Question 68

Falso Positive

Answer 68

Alarm shows intrusion when in reality, no intrusion has occured

Question 69

False Negative

Answer 69

Report that the stream is fine but there is actually is an intrusion

Question 70

SNORT

Answer 70

Most widely deployed IDS in the work - Open SourceI

Question 71

Network tap

Answer 71

Any kind of connection that allows you to see all traffic passing by

Question 72

OINKMASTER

Answer 72

Used to manage and update signatures for IDS

Question 73

Explicit Firewall

Answer 73

Stating what is allowed to pass from one side of the firewall to the other

Question 74

Implicit Firewall

Answer 74

Deny Principle, which if there is not a rule defined to allow the pack to pass, it is blocked

Question 75

Firewalking

Answer 75

Walking through every port against a firewall to determine what is open is known as firewalking