Fundamentals

Question 1

Question: What is the main purpose of Snort?

Answer 1

Answer: To detect network intrusions.

Question 2

Question: What command is used to display the entire contents of a text

Answer 2

Answer: cat

Question 3

Question: What command is used to display the first 10 lines of

Answer 3

Answer: head

Question 4

Question: How can you display a specific number of lines using the head command?

Answer 4

Answer: head -20 /etc/snort/snort.conf

Question 5

Question: What command is used to display the last lines of a file?

Answer 5

Answer: tail

Question 6

Question: What is the purpose of the tail command?

Answer 6

Answer: Display the last lines of a file, for viewing the

Question 7

Question: What is the command used to download Snort if it is not preinstalled on the version of Kali Linux you are using?

Answer 7

Answer: apt-get install snort

Question 8

Question: In which folder is the Snort config file located?

Answer 8

Answer: /etc/snort

Question 9

Question: What is the name of the Snort config file?

Answer 9

Answer: snort.conf

Question 10

Question: What command is used to examine and interact with active network interfaces?

Answer 10

Answer: The ifconfig command.

Question 11

Question: What does the ifconfig command show when entered into the terminal?

Answer 11

Answer: Information about the active network interfaces on the system, such as the name of the interface, the type of network being used, the IP address assigned to that network interface, the broadcast address, the network mask, and other technical information.

Question 12

Question: What does the ethe in the output from ifconfig refer to?

Answer 12

Answer: The first wired network connection

Question 13

Question: What is the purpose of the MAC address in the iconfig output?

Answer 13

Answer: The globally unique address stamped on every piece of network hardware, such as the network interface card (NIC) also referred as the Media Access Control address.

Question 14

Question: What is the inet addr in the ifconfig output?

Answer 14

Answer: The IP address currently assigned to that network interface.

Question 15

Question: What is the Bcast in the ifconfig output?

Answer 15

Answer: The broadcast address, which is the address used to send out information to all IPs on the subnet.

Question 16

Question: What is the Mask in the ifconfig output?

Answer 16

Answer: The network mask, which is used to determine what part of the IP address is connected to the local network.

Question 17

Question: What is the lo in the iconfig output?

Answer 17

Answer: The Loopback address, also called localhost.

Question 18

Question: What is the purpose of the loopback address?

Answer 18

Answer: To test something on your system, such as your own web server, it is generally represented with the IP address 127.0.0.1.

Question 19

Question: What command is used to gather information on wireless adapters?

Answer 19

Answer: The iwconfig command.

Question 20

Question: What information can you glean from the iwconfig command?

Answer 20

Answer: The adapter’s IP address, its MAC address, what mode it’s in, the wireless standards it supports, and more.

Question 21

Question: What is the purpose of the promiscuous mode when using iwconfig command?

Answer 21

Answer: To enable wireless password cracking.

Question 22

Question: What is the purpose of spoofing a MAC address?

Answer 22

Answer: To neutralize security measures and bypass network access controls.

Question 23

Question: What command is used to take down the inter ace before changing the MAC address?

Answer 23

Answer: “ifconfig ethe down”

Question 24

Question: What command is used to change the MAC addre is?

Answer 24

Answer: “ifconfig ethe hw ether 00:11:22:33:44:55”

Question 25

Question: What command is used to bring the interfice back up after changing the MAC address?

Answer 25

Answer: "ifconfig etho up"

Question 26

Question: What is the DHCP server in inux and what does it do?

Answer 26

Answer: A daemon called dhed that assigns IP addresses to all systems on the subnet and keeps log files of which IP address is allocated to which machine at any one time.

Question 27

Question: What command is used to request an IP address from DHCP?

Answer 27

Answer: "dhclient etho"

Question 28

Question: What command is used to check the IP address configuration?

Answer 28

Answer: "¡fconfig*

Question 29

Question:What is the purpose of the dig command?

Answer 29

Answer: To gather DNS information about a target domain.

Question 30

Question: What type of information can you obtain by using the ns option with dig?

Answer 30

Answer: The IP address of the target's nameserver.

Question 31

Question: What type of information can you obtain by using the mx option with dig?

Answer 31

Answer: Information on the email servers connected to a domain.

Question 32

Question: What is the Berkeley Internet Name Domain (BIND)?

Answer 32

Answer: The most common Linux DNS server.

Question 33

Question: How can you change your DNS server?

Answer 33

Answer: By editing the plaintext file /etc/resolv.conf in a text editor, or by using the command line by entering "echo "nameserver 8.8.8.8"> /etc/resolv.conf"

Question 34

Question: What is the purpose of DNS?

Answer 34

Answer: Translate a domain name to the appropriate IP address; that way, your system knows how to get to it.

Question 35

Question: How does dig Command could be used in reconnaissance phase?

Answer 35

Answer: You can use dig command to gather information about target domain such as IP address of the target's nameserver, email server, and potentially any subdomains and IP addresses.

Question 36

Question: What is the default software manager for Debian-based Linux distributions, such as Kali and Ubuntu?

Answer 36

Answer: The Advanced Packaging Tool (apt)

Question 37

Question: What is the primary command of apt?

Answer 37

Answer: apt-get

Question 38

Question: What command can be used to check whether a package is available in the repository before downloading it?

Answer 38

Answer: apt-cache search keyword

Question 39

Question: How do you install a piece of software from the default repository using apt-get?

Answer 39

Answer: apt-get install packagename

Question 40

Question: How do you remove a piece of software using apt-get?

Answer 40

Answer: apt-get remove packagename

Question 41

Question: If you want to remove the configuration files of a package ¡along with the package, what option should you use with apt-get?

Answer 41

Answer: purge

Question 42

Question: What does the command apt-cache search keyword do?

Answer 42

Answer: it search the apt cache and returns package names that contain the keyword in it

Question 43

Question: What does the command apt-get install packagename do?

Answer 43

Answer: it downloads and installs the package "packagename"

Question 44

Question: What does the command apt-get remove packagename do?

Answer 44

Answer: it remove the package "packagename" from the system

Question 45

Question: What does the command apt-get purge packagename do?

Answer 45

Answer: it resoves the package "packagenane" along with its configuration files from the system.

Question 46

Question: What command do you use to update your individual system?

Answer 46

Answer: apt-get update

Question 47

Question: What is the difference between updating and upgrading?

Answer 47

Answer: Updating updates the list of packages available for download from the repository. Whereas upgrading will upgrade the package to the latest version in the repository.

Question 48

Question: What command do you use to upgrade existing packages on your system?

Answer 48

Answer: apt-get upgrade

Question 49

Question: What is the difference between repositories and sources.list file?

Answer 49

Answer: Repositories are servers that hold software for particular distributions of Linux. The sources.list file is where the repositories your system will search for software are stored.

Question 50

Question: Why is it important to add a backup repository?

Answer 50

Answer: It is important to add a backup repository because it allows your system to search through it in case it doesn't find a specific software in the main repository.

Question 51

Question: What happens when you enter the command apt-get upgrade?

Answer 51

Answer: apt-get upgrade upgrades every package on your system that apt knows about, meaning only those stored in the reposi It also estimates the amount of hard drive space necessary for the software package and prompts you to confirm whether you want to continue with the upgrade.