Cyber Operator Flashcards by Alex Nelson

In order to execute a file in Linux the file must _____.

Be executable, contain executable code, and you must have permission to execute it

How well did you know this?

Not at all

Perfectly

With a umask of 022, which of the following permissions are assigned when creating a new file?

rwxr-xr-x

How well did you know this?

Not at all

Perfectly

In Linux this file is used to store hashed passwords and readable only by root.

shadow

How well did you know this?

Not at all

Perfectly

This is a set of standards carrying out wireless local area networks.

IEEE 802.11

How well did you know this?

Not at all

Perfectly

Which Windows 7 command can be used to perform a soft shutdown?

shutdown /s /f /t 00

How well did you know this?

Not at all

Perfectly

A system that gathers and analyzes information from within a computer or a network, to identify
possible violations of security policy, including unauthorized access, as well as misuse is known as:

IDS

How well did you know this?

Not at all

Perfectly

What is the default MIP2 firewall state prior to being connected to the network?

enabled and not allowing incoming connections

How well did you know this?

Not at all

Perfectly

(U//FOUO) What are the three sub-missions of a Cyber Protection Team (CPT)?

Survey, Secure, Protect

How well did you know this?

Not at all

Perfectly

Which Windows command can be used to configure the IP address either statically or to use Dynamic
Host Configuration Protocol (DHCP)?

netsh

How well did you know this?

Not at all

Perfectly

(U//FOUO) Which document prioritizes and outlines the options and actions available, both technical
and procedural, to provide a greater level of mission assurance for the supported commander’s
mission through the consolidation of all squad recommendations?

Risk Mitigation Plan (RMP)

How well did you know this?

Not at all

Perfectly

How can you stop a TCPdump capture?

Use Control-C

How well did you know this?

Not at all

Perfectly

Which of the following is NOT contained in the CVA/Hunter Air Force Tactics, Techniques and
Procedures (AFTTP) 3-1?

Commercial Manuals

How well did you know this?

Not at all

Perfectly

What is the purpose of crew logs?

To maintain an accurate and detailed record of all significant events

How well did you know this?

Not at all

Perfectly

_____ focus primarily on qualitative analysis of ISR employment to determine ISR contribution to
mission objectives.

Measures of Effectiveness (MOE)

How well did you know this?

Not at all

Perfectly

A program in which malicious or harmful code is contained inside apparently harmless programming
or data in such a way that it can get control and do its chosen form of damage is known as what?

Trojan

How well did you know this?

Not at all

Perfectly

It is important to review _______________ during the sortie brief because it will affect the choice of
TTPs and the accomplishment of tactical tasks during sortie execution.

Intelligence Updates, Mission Partner Activity, Rules of Engagement, Crew and Mission Risks, All of the above

How well did you know this?

Not at all

Perfectly

In Linux, how are trusted and target IP addresses added or removed?

By editing the /etc/trusted.hosts and /etc/target.hosts files

How well did you know this?

Not at all

Perfectly

Techniques are __________.

Non-prescriptive ways or methods used to perform missions, functions or tasks

How well did you know this?

Not at all

Perfectly

_____ focus on task execution and quantitative mission achievement.

Measures of Performance (MOP)

How well did you know this?

Not at all

Perfectly

Which of the following is the Linux command for securely copying a file from a remote machine to
your home directory?

scp 10.10.20.100:/ios/data/assess/file.txt /home/usr/

How well did you know this?

Not at all

Perfectly

Null sessions are __________.

an anonymous (no user, no password) connection to a freely accessible remote share called IPC$ on
Windows-based servers.

How well did you know this?

Not at all

Perfectly

Software applications that run automated tasks and can be remotely controlled, normally used in
DDoS are commonly referred to as what?

Bots

How well did you know this?

Not at all

Perfectly

When validating DIP sensor processes what command verifies that the processes are running?

/usr/local/bin/checkstatus

How well did you know this?

Not at all

Perfectly

What type of malware spreads from computer to computer and has the capability to travel without
any human action?

Worm

How well did you know this?

Not at all

Perfectly

Which bit allows execution of an application as a member of this group?

SGID

Which interceptor platform consists of a single laptop, is used by one crew member and can run limited VMs concurrently?

Mobile Interceptor Platform (MIP)

Which of the following Deployable Interceptor Platform (DIP) sub-components serves as a data Collector and VM server?

DL-160

In VMware what do you press to exit a virtual environment?

CONTROL+ALT

Which of the following Deployable Interceptor Platform (DIP) sub-components is deployed on the MPNet and primarily captures and stores network traffic?

Cywarfius sensor

Which of the following are the default ports for web traffic?

80 and 443

What is the TCPdump option that saves the packet data to a file?

-w

(U//FOUO) Which Cyber Protection Team (CPT) squad analyzes the supporter commander's identified cyberspace dependencies, essential and critical assets and cyberspace key terrain (C-KT)?

Mission Protection

A type of password cracking where a word list is used against a given encrypted password.

Dictionary Attack

Which of the following is NOT a private or non-routable IP address?

172.168.1.1

In Linux, user account information is contained in which file?

/etc/passwd

Where are the Bro sensor logs kept?

DIP2

Which vi command will bring you into insert mode?

Which of the following is NOT a tasking document used for CVA/Hunter missions?

Task Management Tool (TMT) Tasker

Which interceptor platform consists of Cywarfius sensors, Informaiton Operations Platform (IOP), and fits in a hardened case?

Deployable Interceptor Platform (DIP)

How is the encrypted partition unmounted?

Double click the "UnMount..." desktop icon

PowerShell Cmdlets follow which naming convention?

Verb-noun

A path that contains the root directory and all subdirectories of the location is called?

Absolute Path

What could you use to redirect the output of a program to the input of another program on the command line?

Pipe (|)

``` Which of the following documents contains an abbreviated version of the amplified Ops Manual Technical Order (TO-1)? ```

CVA/Hunter Cybercrew Checklists / Crew Aides

Which command will allow you to run TCPdump to monitor activity on a particular subnet?

tcpdump -w traffic net 10.10.20.0/24

Which of the following is NOT a rule for CVA/Hunter emergency procedures?

Act Immediately

Which of the following is the default port for SMTP?

What is a smurf attack?

Large amount of ICMP echo traffic to a network broadcast address with a spoofed source IP set to a victim Host

Which of the following is the default port for Telnet?

In Windows, what command will enable the firewall and block incoming connections?

> netsh firewall set opmode enable disable

What does the following nmap scan do. nmap -O 10.10.20.1

Determines the OS of the machine

Traffic capture tools such as TCPdump and Wireshark provide _____ accountability of actions performed on the weapon system.

Logical

When validating GIP functionality which of the following are operator responsibilities during initial weapon system configuration? (I) Verify connectivity to an operational VM; (II) Modify Access Control Lists (ACLs); (III) Install ArchSight Linux management console; (IV) Verify that an operational VM has the appropriate IP in accordance with SPINS

I and IV

A file has an octal value of 755 this means:

The owner can read, write and execute; the group can read and execute; others can read and execute

A coworker uses the smb_share.pl to create a share. You are on a windows machine and using the net use command to mount the share. What user do you use when attempting to mount the share?

root

Which drive letter is used for the encrypted partition?

X:\

Which of the following Deployable Interceptor Platform (DIP) sub-components primarily serves as a deployable network intrusion detection system?

IOP

What type of information in a tactical level mission tasking document describes communication requirements and reporting?

Communication Contracts

What could you use to redirect the output of a program to a file on the command line?

Greater than symbol (>)

Which of the following is the Cisco IOS command to copy the running configuration to the starting Configuration?

copy run start

What is the Unix environment variable which automatically sets file permissions on newly created Files?

UMASK

(U//FOUO) According to the AFSPC Cyberspace Operations Security Classification Guide (SCG), information and mission impact pertaining to

SECRET

Traceroute executes by ___________.

increasing the time-to-live value of each successive batch of packets sent

A software system that consists of a program or combination of several programs designed to hide or obscure the fact that a system has been compromised is known as what?

A rootkit

(U//FOUO) Which Cyber Protection Team (CPT) squad detects, illuminates and defeats previously unknown adversary activity within a specified area of responsibility?

Discovery and Counter Infiltration

What is the SAM (Security Accounts Manager) file?

A database stored as a registry file containing users' passwords in a hashed format

What does the broadcast address do?

Allows for information to be sent to all machines on a given subnet

A malfunction is designated an emergency when ___________.

individual troubleshooting efforts do not result in a weapon system fix.

What is a Tactics Improvement Proposal (TIP)?

Comprehensive idea to improve the military capability of a fielded system, overcome a tactical deficiency or meet an emerging operational need

What does the following command do: C:\> psexec \\10.10.20.1 cmd

Launches an interactive command prompt

FTP uses which of the following ports?

20 and 21

Tactics are ______.

The employment and ordered arrangement of forces in relation to each other.

Which vi command will delete one line?

Which of the following is NOT a primary purpose of a Tactics Improvement Proposal?

To request modification or acquisition of hardware or software

Which of the following items must be covered in a change over brief?

Factors of the current operational/tactical situation, Critical reports and findings from ending sortie, Active and planned mission partner activity

(U//FOUO) Which Cyber Protection Team (CPT) squad assesses an organization's security posture by closely resembling adversary offensive cyberspace activities in their processes and execution?

Cyber Threat Emulation

What are the two major DIP assembly components?

Server (DIP1) and Sensor (DIP2)

Two types of IDS are:

Network-based (NIDS) and host-based (HIDS)

What is the iptable option to clear all firewall rules?

-F

What is not a default chain for iptables?

Which of the following octal codes allow a file to execute as the owner of that file?

4777

Which iptables target denies a packet and does not send back a rejection?

DROP

What is the technique whereby the sender of a packet can specify the route that a packet should take through the network?

Source routing

Which of the following is NOT contained on the PEX sortie details report

Go/No Go Status

According to the communication contract shown, once maintenance implements a fix, who is responsible of assigning an operator to conduct an operational check to determine the weapon system Status?

cyberspace operations controller

How is the encrypted partition mounted?

Double click the "Mount X Drive" desktop icon and enter the password

The accuracy of IPs and MAC addresses are of critical safety concern because _________ .

They are used as targeting information

Which of the following is the Linux command for logging into 10.10.20.100 as assessor?

ssh assessor@10.10.20.100

Which of the following are key elements in a tactical level mission tasking document?

CVA/Hunter IP Ranges, Rules of Engagement (RoE), Cyberspace Key Terrain (C-KT), Tactical Objectives, All of the Above

Which vi command will allow you to save and quit?

:wq

You want to create a new share using the smb_share.pl script. You attempt to execute the command but is tells you the "command is not found". What might be the cause?

You did not mount the encrypted partition

Using Wireshark to follow a TCP Stream means:

You can view data from a TCP conversation

Exploitation of a valid computer session where an attacker takes over a session between two computers is known as what?

Session Hijacking

(U//FOUO) According to the AFSPC Cyberspace Operations Security Classification Guide (SCG), a report on vulnerabilities associated with a specific NIPR AF information system has what Classification?

CONFIDENTIAL

Which bit allows the execution of an application as the owner of that file?

SUID

Which of the following is the proper way to ensure you are green on your CIF Go/No Go?

complete and sign off the CIF in PEX before the sortie

Which of the following Nmap commands would perform a ping sweep of 10.10.20.0/24 subnet, without resolving IP addresses to hostnames?

nmap -n -sn 10.10.20.0/24

In Linux, which of the following represent the current directory you are in?

A single dot (.)

Which of the following is NOT a purpose of a sortie debrief?

Determine whom to attribute mission failures

You just performed a FIN scan with nmap against a target. The machine sends back no response for a particular port. This means that the port is _____.

Open

Which command can be used to perform a soft shutdown of a Linux machine?

init 0

Which directory normally holds log files?

/var/log

For Ubuntu Linux, what command is used to turn off the firewall?

fw_iptables.pl allow -i eth0

You are logged into the Linux side of the clone, which command gives you a root shell?

sudo -s

What type of information in a tactical level mission tasking document describes the agreement with the mission partner on what cybercrew actions are approved during CVA/Hunter missions?

Rules of Engagement (RoE)

Which Linux command is used to connect to a share?

mount

Which vi command will delete one character?

With a umask of 002, which of the following permissions will be assigned when creating a new Directory?

rwxrwxr-x

Writing hidden messages in such a way that no-one, apart from the sender and intended recipient, suspects the existense of the message, a form of security through obscurity is known as what?

Steganography

Procedures are __________.

Standard, detailed steps that prescribe how to perform specific tasks.

Which interceptor platform consists of Thin Clients, a BladeCenter, is use by multiple crew members and contains multiple NICs plus Lights-out Management?

Garrison Interceptor Platform (GIP)

Which of the following are NOT part of proper safety procedures?

Replace components inside the equipment to prevent mission failure.

Which of the following is NOT a purpose of a CVA/Hunter cybercrew checklist / crew aid?

Replaces the amplified TO-1

Which of the following octal codes allow a file to execute as the group of that file?

2777

The environment variable that contains a list of directories the shell will look for commands is called:

PATH

Which of the following steps come before accessing the Virtual Machines on the MIP2?

Mounting the encrypted drive

On a Cisco IOS device, which of the following symbols corresponds to Privileged EXEC (enable) Mode?

How many usable IP addresses are there in a C class network?

254

Which key do you use in vi to return to command mode?

Esc

Which is the octal value for the owner can write; the group can read and execute; others can read?

254

Which of the following is NOT a valid PowerShell command for viewing help information?

read-help

Which command in Linux, displays the default gateway?

route

Which of the following is the Linux command for securely logging into 10.10.20.100 as assessor?

ssh 10.10.20.100

In Linux, a hidden file starts with a _____.

period

A path that begins from the user’s current location is called:

Relative Path

According to the communication contract shown what does the operations controller do when a crew member notifies them via the chat program that they have a maintenance issue?

The operations controller communicates to both maintenance and the crew commander by issuing a maintenance ticket.

Admin$ serves as ____________.

the hidden share that points to the windows folder

Which of the following does not describe the clone?

A computer you can install any software you need without authorization to complete your mission

(U//FOUO) According to the AFSPC Cyberspace Operations Security Classification Guide (SCG), information pertaining to cyberspace operations functions and processes with reference to mission, capability or location has what classification?

UNCLASSIFIED//FOR OFFICIAL USE ONLY

Which Windows command is used to connect to a share?

net use

Which port should be allowed through the firewall in order to enable file sharing?

445

(U//FOUO) Which Cyber Protection Team (CPT) squad performs targeted evaluations to review the effectiveness of the current cyber security program and provides reviews of cyber assets based on DOD policies and regulations?

Cyber Readiness

A type of attack where a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system is known as what?

Distributed Denial Of Service

``` When validating DIP sensor processes what running processes must be verified? I. Bro II. Snort III. tcpdump IV. nessus ```

I, II and III

(U//FOUO) According to the AFSPC Cyberspace Operations Security Classification Guide (SCG), descriptions of cyberspace operations, functions, processes, systems and tools associated with standard commercial capabilities without reference to mission, capability or location have what Classification?

UNCLASSIFIED

(U//FOUO) Which document outlines the residual mission risks and illustrates how CPT capabilities will be integrated into and coordinated with the local cyberspace defenders to enhance the cyberspace defense of a supported commander's mission?

Mission Defense Plan (MDP)

In Windows, which command can be used to change the hostname?

wmic

Which of the following documents contains weapon system capabilities and limitations as well as threat considerations?

CVA/Hunter Air Force Tactics, Techniques and Procedures 3-1

In Red Hat Linux, what command will turn the firewall on and not allow incoming connections?

firewall

The Xmas scan with nmap means:

The FIN, PSH, URG flags are set

You press CONTROL+ALT+_____ to log into a locked Windows virtual machine.

INSERT

Which command sets a file to be executable?

chmod +x file

Which is the octal value such that the owner can read and execute;,the group can write and execute and others can execute?

531

You have just used the smb_share.pl script to create a shared directory for the team. Where is that directory created on your system?

In the working directory

A file has an octal value of 644 this means:

The owner can read and write; the group can read; others can read

What is a "NTFS Alternate Data Stream"?

A separate buffer to hold information on a per file bases found on a Windows machine

In classful network design, in which class network is 191.50.0.0 defined?

Class B

If you are unable to successfully connect to a share using a Linux machine, which file could you check to verify the share configurations?

/etc/samba/smb.conf

Which of the following describes authorities for foreign intelligence operations?

Title 50

Which of the following is the default port for DNS?

(U//FOUO) According to the AFSPC Cyberspace Operations Security Classification Guide (SCG), association of an IP address which poses a threat to national security to a foreign nation is at what Classification?

SECRET

During a debrief, determining the debrief focal point (DFP) is ___________.

a process of determining aspects of mission planning and execution impeding achievement of tactical Objectives.

In Linux, which file contains the system’s network parameters such as IP address, subnet mask and default gateway?

/etc/network/interfaces

Which of the following documents describes general CVA/Hunter equipment maintenance Procedures?

CVA/Hunter Technical Order (TO-2)

Which netstat option displays all connections and listening ports?

-a

Which of the following are default NETBIOS ports?

137, 139, and 445

Which of the following is NOT a required element of a mission/sortie brief?

Crew Information Files (CIF)

The Nmap option "-O" performs what function?

OS detection

____ is an open-source and/or licensed signature driven IDS that requires specific syntax to be followed in order for the signature to be deployed to the sensor successfully.

Snort

Which of the following is NOT a reason to review weapon system status during a sortie brief?

The operator will be primarily responsible for fixing major weapon system issues.

How is mounting to a local drive within a virtual machine accomplished using Vmware?

In the VMware GUI click 'VM Setting' then 'Shared Folders' and add the drive's file path

A type of password cracking where each possible combination of letters, numbers, and etc. are used to find the passsword.

Brute Force

On a Cisco IOS device, which of the following symbols corresponds to User EXEC mode?

Which of the following is the default port for POP3?

110

What are the responsibilities of an oncoming crew member during a crew change over brief?

Ensure change over checklists are accomplished, Ask questions as applicable to ensure mission effectiveness, Remain attentive to crew commander change over briefing, All of the above

You are traveling with your clone. While boarding the plane, a flight attendant states that the laptop must be stowed below. What should you do?

Remove the hard drive from the computer prior to handing over the laptop

In Linux, you can search for a file with which two commands?

find and locate

What is a SYN Flood?

Using up all processes on a particular system, starting a handshake but not finishing

Software for privilege users is located in which directory?

sbin

What type of virtual machine network adapter configuration creates a private network that is completely contained within the host computer?

Host-Only

``` Select the correct order of steps in a debrief. (I) Determine the Root Cause (RC) of the Debrief Focal Point (DFP); (II) Develop the Lesson Learned (LL) with and Instructional Fix (IF) to address the Root Cause (RC); (III) Determine Contributing Factors (CF) related to the Debrief Focal Point (DFP); (IV) Reconstruct an event and identify the Debrief Focal; Point (DFP) ```

IV, III, I, II

Which of the following is NOT a key element in a tactical level mission tasking document?

Tactics, Techniques and Procedures (TTPs)

Tactics, Techniques and Procedures (TTPs) are _______ in nature.

authoritative

What net command do you use to start the server service?

net start server

TCP stands for

Transmission Control Protocol

Which of the following best describes the order of precedence for iptables’ rules in Linux?

Individual reject, accept, block all

Flooding a switch with numerous requests causing the switch to lose track of which MAC address is on which port, thus causing it to reset into learning mode is known as what?

MAC Flooding

Why is it important to keep operator notes and crew logs?

It provides a record of activity that can be reviewed to deconflict issues involving the crew and the mission Partner

Which is connection-oriented protocol?

TCP

What Linux command prints the current network configuration to the screen?

ifconfig

A type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the pages viewed by others is known as:

cross-site scripting

Which of the following is NOT an element of a mission/sortie brief?

Squadron Announcements

What is a netmask?

A 32-bit number used to divide an IP address into subnets

During a debrief, determining an instructional fix is ___________ .

a process of determining how to prevent a debrief focal point from happening again.

The purpose of ___ is to serve as a network based IDS used to monitor MPNETs in a passive (nonblock) Mode.

Bro

Which properties of the Windows VM network device must be on in order to allow the creation of a mission share?

"Client for Microsoft Networks" and "File and Printer Sharing for Microsoft Networks"

In classful network design, which class is 126.0.0.0 network defined in?

Class A

Which vi command will quit?

In Linux, what is the difference between permanent and temporary IP address configuration?

A permanent IP configuration ensures the host will reboot with the same IP whereas temporary does not

Configuration files are normally located in which directory?

etc

Which of the following is NOT part of the procedures to sign a crew information file (CIF)?

Email Stan Eval that CIF has been signed off

Which of the following is the default port for SNMP?

161

(U//FOUO) According to the AFSPC Cyberspace Operations Security Classification Guide (SCG), information and mission impact pertaining to the availability of services or network outages for AF information systems has what classification?

SECRET

Which of the following IS a tasking document used for CVA/Hunter missions?

Cyber Tasking Order (CTO)

During a debrief, event reconstruction is ____________

a process of looking back at the mission and determining the facts/observations

What is a Teardrop DoS attack?

Sending mangled IP fragments with overlapping, oversized, payloads to the target machine

In Windows, what command will enable the firewall and allow exceptions?

> netsh firewall set opmode enable enable

In BASH script, which is an acceptable first line to the file?

#!/bin/bash

What is the Windows SAM?

A database stored as a registry file containing users passwords in a hashed format

Which of the following is a tool that analyzes ICMP probe responses to perform OS fingerprinting?

xprobe2

A covert channel is ______________.

the transfer of information hidden within the medium of a legitimate communications channel.

Who is responsible for the configuration management of the MIP2 clone image?

A member of the maintenance flight

Which of the following describes authorities for national guard?

Title 32

You have mounted the encrypted partition in Linux, where is the 'working directory' located?

/ios/data/assess

Which of the following commands will securely copy a file from your machine to a remote machine?

scp file user@remoteIP:/tmp

The ___ is a collection of servers and devices that provide sustainment, maintenance, and support for CVA/Hunter remote operation.

GIP

How does a hub function?

Any message that comes in one port is sent to all ports

(U//FOUO) Which Cyber Protection Team (CPT) squad conducts terrain mapping and works closely with the organic network operators and defenders to plan, train, and deploy mitigations?

Cyber Support

Linux is ____ .

case sensitive

Which directory contains virtual files with kernel information?

proc

What is Nessus?

A vulnerability scanner

UDP Stands for ________.

User Datagram Protocol

A malfunction is characterized by _____________.

Any weapon system component degradation limited to an individual’s VM or host.

Which of the following provides authority for active duty warfighting?

Title 10

A TCP Null scan with nmap means:

No flags are set

Which of the following is not a Layer 3 protocol used by Cisco IOS devices?

STP

Which of the following is a rule for CVA/Hunter emergency procedures?

Maintain Control

A special text string for describing a search pattern is known as what?

Regular Expression

What protocol is not vulnerable to sniffing?

ssh

In Ubuntu Linux, what command is used to enable the firewall?

fw_iptables.pl enable -i eth0

Broadcasting fake ARP messages with the aim is to associate the attacker's MAC address with the IP address of another node is known as what?

ARP Spoofing

An intrusion detection system that is behaving actively, meaning it can block traffic in real-time, is commonly referred to as:

Intrusion prevention system

Cyber Operator Flashcards

(222 cards)