Lesson 3 - Security Assessments

Question 1

What is the purpose of using ipconfig?

Answer 1

It is the configuration assigned to network interface(s) in Windows and whether the address is static or assigned by DHCP.

Question 2

Which command should be used to display the local machine’s address resolution protocol cache?

Answer 2

arp (Address Resolution Protocol)

Question 3

What is the difference between tracert and traceroute?

Answer 3

Tracert uses ICMP probes to report the round trip time for hops between local host and a host on a remote network.

Traceroute performs route discovery from a Linux host; uses UDP probes by default.

Question 4

When there is a need to quickly scan ports, which is the best command to use?

Answer 4

-sS, TCP SYN

Question 5

What is the UDP scans (-sU)?

Answer 5

Scans UDP ports; can take a long time and can be combined with a TCP scan

Question 6

Identify the command that can be used to detect the presence of a host on a particular IP address?

Answer 6

Ping

Question 7

What are the appropriate methods for packet capture?

Answer 7

Wireshark and tcpdump are packet sniffers. A sniffer is a tool that captures packets or frames, moving over a network.

Question 8

What is a vulnerability that is exploited before the developer knows about it or can release a patch?

Answer 8

Zero Day

Question 9

Encryption vulnerabilities allow unauthorized access to protected data. Which component is subject to brute-force enumeration?

Answer 9

A weak cipher

Question 10

Compare and contrast vulnerability scanning and penetration testing.

Answer 10

Vulnerability scanning by eavesdropping is passive, while penetration testing with credentials is active.

Question 11

Hosts that hold the most valuable data are not normally able to access external networks directly is…?

Answer 11

Pivoting

Question 12

What are the differences between a black box, white box, and a gray box penetration test?

Answer 12

Black Box - contractor receives no privileged information so they must perform reconnaissance.

White Box - pen tester has complete access and skips reconnaissance.

Gray Box - tester has some, but not all information and requires partial reconnaissance.

Question 13

What are the different exercise types and their purpose?

Answer 13

Red Team - offense
Blue Team - defense
White Team - sets rules of engagement and monitors exercise
Purple Team - red and blue teams meet for debriefs while the exercise is ongoing

Question 14

What is persistence?

Answer 14

The tester’s ability to reconnect to the compromised host and use it as a remote access tool (RAT) or backdoor.

Question 15

Remote Access Trojan (RAT)

Answer 15

Malware that gives an adversary the means of remotely accessing the network

Question 16

What is the command line client for performing data transfers over many types of protocol?

Answer 16

curl

Question 17

What are the main types of security assessment usually classed as?

Answer 17

Vulnerability, Assessment, Threat Hunting

Question 18

What is penetration testing and what is it also referred to as?

Answer 18

Also referred to as Ethical Hacking.

Authorized hacking to discover exploitable weaknesses in the target’s security systems.

Question 19

Methods and tools by which an attacker transfers data without authorization from the victim’s systems to an external network or media.

Answer 19

Data exfiltration

Question 20

The command that shows state of TCP / UDP ports on the local machine.

Answer 20

netstat