FORMATIVE 5 Flashcards
(25 cards)
Which NetBIOS service is used for connection-oriented communication?
NetBIOS-NS
NetBIOS-DGM
NetBIOS-SSN
LLMNR
NetBIOS-SSN
Match the port type and number with the respective NetBIOS protocol service.
answer choices on port:
NetBIOS Datagram Service
NetBIOS Name Service
NetBIOS Session Service
Microsoft Remote Procedure Call (MS-RPC)
SMB protocol
UDP port 138 -
UDP port 137 -
TCP port 445 -
TCP port 139 -
TCP port 135 -
UDP port 138 - NetBIOS Datagram Service
UDP port 137 - NetBIOS Name Service
TCP port 445 - SMB protocol
TCP port 139 - NetBIOS Session Service
TCP port 135 - Microsoft Remote Procedure Call (MS-RPC)
What two features are present on DNS servers using BIND 9.5.0 and higher that help mitigate DNS cache poisoning attacks? (Choose two.)
randomization of ports
provision of cryptographically secure DNS transaction identifiers
exclusion of any trust relationships between DNS servers
secure DNS data authentication
prevention of any recursive DNS queries
randomization of ports
provision of cryptographically secure DNS transaction identifiers
What UDP port number is used by SNMP protocol?
161
182
128
176
161
Which is a characteristic of a DNS poisoning attack?
The DNS server forward lookup zone is cleared.
The DNS server reverse lookup zone is cleared.
The DNS resolver cache is manipulated.
The DNS server IP address is changed.
The DNS resolver cache is manipulated
Which Kali Linux tool or script can gather information on devices configured for SNMP?
snmp-check
nslookup
snmp-brute.nse
snmp-netstat.nse
snmp-check
Match the SMTP command with the respective description.
Answer to all SMTP commands:
used to start a Transport Security connection to an email server
used to cancel an email transaction
used to initiate the transfer of the contents of an email message
used to initiate a conversation with an Extended Simple Mail Transport Protocol Server
used to denote the email address to the sender
used to initiate an SMTP conversation with an email server
MAIL -
RSET -
EHELO -
DATA -
STARTTLS -
HELO -
MAIL - used to denote the email address of the sender
RSET - used to cancel an email transaction
EHELO - used to initiate a conversation with an Extended Simple Mail Transport Protocol Server
DATA - used to initiate the transfer of the contents of an email message
STARTTLS - used to start a Transport Layer Security connection to an email server
HELO - used to initiate an SMTP conversation with an email server
Which two best practices would help mitigate FTP server abuse and attacks? (Choose two.)
limit anonymous logins to a select group of people
edit the hosts file to limit the number of authorized DNS servers
use encryption at rest
consolidate all back-end databases on the FTP server
require re-authentication of inactive sessions
use encryption at rest
require re-authentication of inactive sessions
Which is a characteristic of the pass-the-hash attack?
capture of a password hash (as opposed to the password characters) and using the same hashed value for authentication and lateral access to other networked systems
reverse engineering of the captured hash password and using the unencrypted password for authentication and lateral access to other networked systems
compromise of a SAM file and extraction of the password characters to use for authentication and lateral access to other networked systems
capture of the Windows password before the Kerberos hashing function and use of the unencrypted password for authentication and lateral access to other networked systems
capture of a password hash (as opposed to the password characters) and using the same hashed value for authentication and lateral access to other networked systems
What is a Kerberoasting attack?
It is an attempt to steal the hash value of a user credential and use it to create a new user session on the same network.
It attempts to manipulate Kerberos tickets based on available hashes by compromising a vulnerable system and obtaining the local user credentials and password hashes.
It is a post-exploitation attempt that is used to extract service account credential hashes from Active Directory for offline cracking.
It attempts to manipulate data being transferred by performing data corruption or modification.
It is a post-exploitation attempt that is used to extract service account credential hashes from Active Directory for offline cracking.
Match the attack type with the respective description
answers for the attack type:
This an attack in which
This attack in which the attacker exploits vulnerabilities in target servers to initially turn small queries into much larger payloads, which are used to bring down the servers of the victim.
This attack used botnets that can be manipulated from a command and control (CnC or C2) system.
This attack uses spoofed packets that appear to be from the victim. Then the sources become unwitting participants in the attack by sending the response traffic back to the intended victim.
This occurs when the source of the attack generates the packets, regardless of protocol, application, and so on, that are sent directly to the victim of the attack.
Reflected DOS -
DNS Amplification -
Direct DOS -
DDOS -
Reflected DOS - This attack uses spoofed packets that appear to be from the victim. Then the sources become unwitting participants in the attack by sending the response traffic back to the intended victim.
DNS Amplification - This an attack in which the attacker exploits vulnerabilities in target servers to initially turn small queries into much larger payloads, which are used to bring down the servers of the victim.
Direct DOS - This occurs when the source of the attack generates the packets, regardless of protocol, application, and so on, that are sent directly to the victim of the attack.
DDOS - This attack uses botnets that can be manipulated from a command and control (CnC, or C2) system.
Match the attack type with the respective description
Answers for the attack type:
an attacker floods a server with bogus DISCOVER packet until the server exhausts the supply of IP addresses
typically a BPG hijacking attack by configuring or compromising an edge router to announce prefixes that have not been assigned to the organization
an attacker bypass any layer 2 restrictions built to divide hosts
an attacker spoofs the physical address of the NIC device to match the address or launch a Man-in-the-Middle attack
the attacker forces a system to favor a weak encryption protocol or hashing algorithm that may be susceptible to other vulnerabilities.
Route Manipulation attacks -
Downgrade attacks -
DHCP Starvation attack -
VLAN Hopping attack -
MAC address spoofing attack -
Route Manipulation attacks - typically a BGP hijacking attack by configuring or compromising an edge router to announce prefixes that have not been assigned to the organization
Downgrade attacks - the attacker forces a system to favor a weak encryption protocol or hashing algorithm that may be susceptible to other vulnerabilities
DHCP Starvation - attack an attacker floods a server with bogus DISCOVER packets until the server exhausts the supply of IP addresses
VLAN Hopping attack - an attacker bypass any layer 2 restrictions built to divide hosts
MAC address spoofing attack - an attacker spoofs the physical address of the NIC device to match the address of another on a network in order to gain unauthorized access or launch a Man-in-the-Middle attack
Which tool can be used to perform a Disassociation attack?
Airmon-ng
nmap
POODLE
EMPIRE
Airmon-ng
Which is a characteristic of a Bluesnarfing attack?
An attack that is launched using common social engineering attacks, such as phishing attacks, can be performed by impersonating a wireless AP or a captive portal to convince a user to enter the user credentials.
An attack that can be performed using Bluetooth with vulnerable devices in range. It is commonly performed as spam over Bluetooth connections using the OBEX protocol.
An attack that can be performed using Bluetooth with vulnerable devices in range. This attack actually steals information from the device of the victim.
An attack involves modifying BLE messages between systems that would lead them to believe that they are communicating with legitimate systems.
An attack that can be performed using Bluetooth with vulnerable devices in range. This attack actually steals information from the device of the victim.
Which Wi-Fi protocol is most vulnerable to a brute-force attack during a Wi-Fi network deployment?
WPA2-EAP
WPS
WPA3
WPA2-TKIP
WPS
What does the MFP feature in the 802.11w standard do to protect against wireless attacks?
It uses a PNL to maintain a list of trusted or preferred wireless networks.
It uses a captive portal for all wireless associations.
It inserts the 802.1q tag to protect the wireless frame.
It helps defend against deauthentication attacks.
It helps defend against deauthentication attacks.
What is a DNS resolver cache on a Windows system?
It is a database of all WINS records.
It is a static database entry of all forward and reverse lookup zones.
It is a temporary database that contains records of all the recent visits and attempted visits to websites and other internet domains.
It is a collective database of all Domain Name Service records of static and cached entries.
It is a temporary database that contains records of all the recent visits attempted visits to websites and other internet domains.
Match the TCP port number with the respective email protocol that uses it.
Answer for the TCP port number:
The port registered by the Internet Assigned Numbers Authority (IANA) for SMTP over SSL (SMTPS).
The Secure SMTP (SSMTP) protocol for encrypted communications. as defined in RFC 2487, using STARTTLS.
The default port used by the IMAP protocol in encrypted (SSL/TLS) communications.
The default port used by the POP3 protocol in encrypted communications.
The default port used by the IMAP protocol in non-encrypted communications.
465 -
587 -
143 -
995 -
993 -
465 - The port registered by the Internet Assigned Numbers Authority (IANA) for SMTP over SSL (SMTPS).
587 - The Secure SMTP (SSMTP) protocol for encrypted communications, as defined in RFC 2487, using STARTTLS.
143 - The default port used by the IMAP protocol in non-encrypted communications.
995 - The default port used by the POP3 protocol in encrypted communications.
993 - The default port used by the IMAP protocol in encrypted (SSL/TLS) communications.
Which is the default TCP port used in SMTP for non-encrypted communications?
25
110
143
993
25
What is a characteristic of a Kerberos silver ticket attack?
It uses forged service tickets for a given service on a particular server.
It mimics the authentication hash on a particular server.
It acts as the LDAP directory for authentication on a target server.
It coverts the hashed value to the unencrypted value for an authentication attack on a particular server.
It uses forged service tickets for a given service on a particular server.
Which attack is a post-exploitation activity that an attacker uses to extract service account credential hashes from Active Directory for offline cracking?
MITM
On-Path attack
MAC spoofing
Kerberoasting
Kerberoasting
Which four items are needed by an attacker to create a silver ticket for a Kerberos silver ticket attack? (Choose four.)
hash value
system account
SID
FQDN
target service
DNS forward lookup zone
DNS resolver cache
DNS reverse lookup zone
system account
SID
FQDN
target service
Which kind of attack is an IP spoofing attack?
On-path
DDoS
Pass-the-Hash
Evil-Twin
On-path
What is a common mitigation practice for ARP cache poisoning attacks on switches to prevent spoofing of Layer 2 addresses?
DHCP snooping
DNSSEC
DAI
BIND 9.5
DAI
