Cybersecurity Flashcards
(21 cards)
Which of the following has an offset field that specifies the length of the header and data?
TCP Header
What is a TCP header?
Transmission Control Protocol (TCP) header is the first 24 bytes of a TCP segment that contains the parameters and state of an end-to-end TCP socket. The TCP header is used to track the state of communication between two TCP endpoints.
Which on of the following tools of trade is an automated, comprehensive penetration testing product for assessing the specific information security threats to an organization?
Canvas
Which of the following methods is used to perform server discovery?
Whois Lookup
A penetration test will show you the vulnerabilities in the target system and the risks associated with it. An educated valuation of the risk will be performed so that the vulnerabilities can be reported as High/Medium/Low risk issues. What are the two types of ‘white-box’ penetration testing?
Announced testing and unannounced testing.
What are placeholders (or markers) in an HTML document that the web server will dynamically replace with data just before sending the requested documents to a browser?
Server Side Includes
During the process of fingerprinting a web application environment, what do you need to do in order to analyze HTTP and HTTPS request headers and the HTML source code?
Check the HTTP and HTML Processing by the Browser
Which of the following pen testing reports provides detailed information about all the tasks performed during penetration testing?
Client-Side Test Report
Which one of the following scans starts, but does not complete the TCP handshake sequence for each port selected, and it works well for direct scanning and often works well through firewalls?
SYN Scan
Network scanning is used to identify the available network resources. Which one of the following is also known as a half-open scan, because a full TCP connection is never completed and it is used to determine which ports are open and listening on a target device?
SYN Scan
The first and foremost step for a penetration test is information gathering. The main objective of this test is to gather information about the target system which can be used in a malicious manner to gain access to the target systems. Which of the following information gathering terminologies refers to gathering information through social engineering on-site visits, face to fact interviews, and direct questionnaires?
Active Information Gathering
Which of the following statements is true about Multi-Layer Intrusion Detection Systems (mIDSs)?
Decreases consumed employee time and increases system uptime
You are running exploits against your network to test for possible vulnerabilities. To test the strength of you virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses. You decide to really test software by using virus code where the code rewrites itself entirely and the signature change from child to child, but the functionality stays the same. What type of virus is this that you are testing?
Metamorphic
Which of the following statements is true about the LM hash?
Disabled in Windows Vista and 7 OSs
Which of the following is NOT related to the Internal Security Assessment penetration testing strategy?
Testing focused on the servers, infrastructure, and the underlying software, including the target
A framework for security analysis is composed of a set of instructions, assumptions, and limitations to analyze and solve security concerns and develop threat free applications. Which of the following frameworks helps an organization in the evaluation of the company’s information security with that of the industrial standards?
Information System Security Assessment Framework
A framework is a fundamental structure used to support and resolve complex issues. The framework that delivers an efficient set of technologies in order to develop application which are more secure in using Internet and Intranet is:
Microsoft Internet Security Framework
Identify the framework that comprises of five levels to guide agency assessment of their security programs and assist in prioritizing efforts for improvement:
Federal Information Technology Security Assessment Framework
NTP protocol is used to synchronize the system clocks of computers with a remote time server or time source over a network. Which one of the following ports is used by NTP as its transport layer?
UDP port 123
In the context of penetration testing, what does blue teaming mean?
A penetration test performed with the knowledge and consent of the organization’s IT staff
A pentester is trying to gain access to a database by inserting exploited query statements with a WHERE clause. The pen tester wants to retrieve all the entries from the database using the WHERE clause from a particular table (e.g., StudentTable). What query does he need to write to retrieve the information?
SELECT * FROM StudentTable WHERE roll_number = “ or ‘1’ = ‘1’
