Módulo 06 - Resiliency and Site Security

Question 1

Define:
Environmental Design (Physical Security)

Answer 1

Security approach that uses the built environment to enhance security

Question 2

List:
Environmental Design options

Answer 2

1. Barricades and Entry/Exit point
2. Fencing
3. Lights
4. Bollards (Coisa de ferro ou cimento controlado remotamente que impede a passagem de veículos)

Question 3

List:
Lock types

Answer 3

1. Physical
2. Electronic
3. Biometric

Question 4

Define:
PACS - Physical Access Control System

Answer 4

Designed to control who can access specific locations within a building, essential to protect access badges (NFC cards)

Question 5

List:
The use of AI and camera systems

Answer 5

1. Motion Recognition
2. Object Detection
3. Drones/UAV

Question 6

List:
Type of alarms

Answer 6

1. Circuit
2. Motion Detection
3. Noise Detection
4. Proximity
5. Duress

Question 7

List:
Types of sensors

Answer 7

1. Infrared
2. Pressure
3. Microwave
4. Ultrasonic

Question 8

Acronym:
RFID

Answer 8

Radio Frequency ID

Question 9

List:
Common Physical Attacks

Answer 9

1. Brute Force
2. Environmental
3. RFID Cloning

Question 10

What’s the fundamental concept in network monitoring?

Answer 10

Know which computer are the big receivers and senders of information in the network.

Question 11

List
Network Monitoring Tools

Answer 11

ping
tracert/traceroute
pathping
netstat
route
arp
nslookup/dig
ipconfig/ifconfig
hping
netcat
IP scanners
nmap

Question 12

Define:
Passive reconnaissance

Answer 12

Gathering information on the target with no direct interaction

Question 13

List:
Passive reconnaissance methods

Answer 13

1. Packet sniffing
2. Eavesdropping
3. OSINT - Open Source Intelligence
4. Network Traffic analysis

Question 14

Acronym:
OSINT

Answer 14

Open Source Intelligence

Question 15

Define:
OSINT - Open Source Intelligence

Answer 15

Collecting data from public sources

Question 16

Define:
Active reconnaissance

Answer 16

Gathering information on a target by probing and interacting

Question 17

List:
Active reconnaissance techniques

Answer 17

1. Port scanning
2. Service enumeration
3. OS fingerprinting
4. DNS enumeration
5. Web Application Crawling

Question 18

List:
Type of reconnaissance

Answer 18

1. Passive
2. Active

Question 19

List:
Target information to extract

Answer 19

1. Security posture (Physical and network)
2. Narrow the focus for attack
3. Potential vulnerabilities
4. Create a network map

Question 20

List:
Reconnaissance tools

Answer 20

1. OSINT framework
2. theHarvester
3. Shodan
4. DNSenum
5. curl and wget
6. Scanless
7. Nessus

Question 21

Acronym:
IPS

Answer 21

Intrusion Prevention System

Question 22

Acronym:
IDS

Answer 22

Intrusion Detective System

Question 23

Define:
Intrusion Prevention System

Answer 23

Detects attacks and suspicious activity and automates responses to the malicious actitivity

Question 24

Define:
Intrusion Detection System

Answer 24

Detect attacks and suspicious activity

Question 25

List: Threat traffic label

Answer 25

1. Positive 2. False positive 3. Negative 4. False negative

Question 26

List: Detection methods

Answer 26

1. Signature-based 2. Heuristic-based

Question 27

List: IDS/IPS implementation types

Answer 27

1. Host-based H(IDS) 2. Network-based (NIDS)

Question 28

Acronym: HIDS

Answer 28

Host-based IDS

Question 29

Acronym: NIDS

Answer 29

Network-based IDS

Question 30

Define: Trend Analysis

Answer 30

Consists on understanding an environment over time, identifying patterns. Easily identifying false positives or unnecessary alerts.

Question 31

Define: Q: Protocol analyzer

Answer 31

A tool (hardware or software) used to monitor and analyze network traffic, also known as packet sniffer or network analyzer.

Question 32

List: Q: Common protocol analyzer tools

Answer 32

1. Wireshark. 2. Tcpdump. 3. Ettercap. 4. Dsniff. 5. Cain and Abel. 6. Windump.

Question 33

Define: Q: SecOps protocol analyzer usage

Answer 33

Identifies network vulnerabilities, such as malformed packets, open ports, or sensitive data sent in cleartext.

Question 34

Define: Q: System fingerprinting

Answer 34

Identifying a system's operating system by analyzing how it responds to different types of network traffic.

Question 35

Define: Q: TCP handshake flags

Answer 35

Indicators within TCP packets that help identify the state of a connection during the handshake process.

Question 36

Define: Q: Packet sniffing

Answer 36

Using a protocol analyzer to capture and analyze network packets.

Question 37

Acronym: NIC

Answer 37

Network Interface Card

Question 38

True or false: A protocol analyzer is always capable of listening to every packet on the collision domain

Answer 38

False. Except when the NIC is on p-mode (Promiscous mode)

Question 39

Define: Q: Network attack

Answer 39

A: A strategy or technique used by threat actors to disrupt or gain unauthorized access to systems via a network.

Question 40

List: Q: Stages of the cyberattack lifecycle

Answer 40

1. Reconnaissance. 2. Credential harvesting. 3. Denial-of-service (DoS). 4. Weaponization, delivery, and breach. 5. Command and control (C2). 6. Lateral movement and privilege escalation. 7. Data exfiltration.

Question 41

Define: Q: Reconnaissance

Answer 41

A: The stage where threat actors gather information about the network, including host discovery, service discovery, and fingerprinting.

Question 42

Define: Q: Credential harvesting

Answer 42

A: Reconnaissance activity where attackers attempt to learn passwords or cryptographic secrets for authenticated access.

Question 43

Define: Q: Denial-of-service (DoS)

Answer 43

A: An attack that reduces the availability of a resource by overwhelming it with excessive requests or exploiting vulnerabilities.

Question 44

Define: Q: Distributed Denial-of-Service (DDoS)

Answer 44

A: A type of DoS attack launched from multiple hosts, often using a botnet to overwhelm the target.

Question 45

Define: Q: Command and control (C2)

Answer 45

A: Techniques and malicious code enabling attackers to remotely operate and maintain access to compromised systems.

Question 46

Define: Q: Lateral movement

Answer 46

A: The process where attackers move from host to host or network segment to escalate privileges and expand access.

Question 47

Define: Q: Data exfiltration

Answer 47

A: The unauthorized transfer of sensitive data from a system to an attacker's remote machine.

Question 48

Define: Q: SYN flood attack

Answer 48

A: A DoS attack exploiting the TCP handshake by withholding the ACK packet, causing resource exhaustion on the victim

Question 49

Define: Distributed reflected DoS (DRDoS)

Answer 49

A DDoS attack where the attacker spoofs the victim's IP, causing third-party servers to overwhelm the victim with responses.

Question 50

Define: Amplification attack

Answer 50

A reflected attack exploiting application protocols to force targets to respond with large amounts of data, consuming bandwidth.

Question 51

List: Protocols commonly targeted in amplification attacks

Answer 51

1. DNS (Domain Name System). 2. NTP (Network Time Protocol). 3. CLDAP (Connectionless Lightweight Directory Access Protocol). 4. Memcached.

Question 52

Define: Asymmetric threat

Answer 52

A situation where attackers achieve effective attacks despite having fewer resources than the victim.

Question 53

Define: Botnet

Answer 53

A network of compromised devices used by attackers to launch DDoS attacks or other malicious activities.

Question 54

Define: DDoS indicators

Answer 54

Traffic spikes without legitimate explanation, often mitigated with high-availability services like load balancing or cluster services.

Question 55

Define: On-path attack

Answer 55

A threat actor intercepts, monitors, relays, and potentially modifies communication between two hosts. MITM - Man In The Middle

Question 56

Define: ARP poisoning

Answer 56

An attack using unsolicited ARP replies to associate the attacker’s MAC address with a target IP, redirecting network traffic.

Question 57

Define: DNS poisoning

Answer 57

A technique to compromise DNS name resolution by inserting false domain-to-IP mappings.

Question 58

Define: DNS client cache poisoning

Answer 58

Modifying a client’s HOSTS file to redirect traffic by placing false name-to-IP address mappings.

Question 59

Define: DNS server cache poisoning

Answer 59

Corrupting records held by a DNS server, often via spoofed responses to recursive queries or DoS attacks.

Question 60

Define: DNS-based on-path attack

Answer 60

A combination of ARP poisoning and spoofed DNS responses to redirect victim traffic to malicious servers.

Question 61

Define: Typosquatting

Answer 61

A technique where attackers create malicious sites mimicking legitimate ones to exploit users’ typographical errors.

Question 62

Define: Amplification attack (DNS)

Answer 62

An attack exploiting DNS protocol weaknesses to force a target to respond with a large amount of data, consuming bandwidth.

Question 63

Define: DNS attack indicators

Answer 63

Anomalies in DNS logs, such as spikes in lookup failures or communication with suspicious domains.

Question 64

List: Examples of DNS attack indicators

Answer 64

1. Unusual DNS queries. 2. Suspicious IPs or domains. 3. DNS lookup failure anomalies.

Question 65

Define: Recursive DNS query

Answer 65

A query where a DNS server retrieves an answer from an authoritative server on behalf of a client.

Question 66

Define: Memcached attack in amplification

Answer 66

Exploiting the Memcached database caching system to perform large-scale DDoS attacks.

Question 67

List: Common DNS attack methods

Answer 67

1. DNS poisoning (client and server). 2. DNS-based on-path attacks. 3. DRDoS attacks using DNS. 4. Typosquatting.

Question 68

Define: Shellcode

Answer 68

A minimal program designed to exploit OS vulnerabilities to gain privileges or drop backdoors.

Question 69

Define: Credential dumping

Answer 69

Malware extracting credentials from files like SAM or processes like lsass.exe, or using DCSync to replicate domain credentials

Question 70

Define: Persistence

Answer 70

A: A technique ensuring malware restarts after a reboot or logoff, often using registry keys, scheduled tasks, or WMI events

Question 71

Define: Bash

Answer 71

A: A command shell and scripting language used in Linux and pre-Catalina macOS

Question 72

Define: Macros

Answer 72

A: Scripts used in applications like Microsoft Office, often written in VBA, potentially opening shells for malicious attacks.

Question 73

Acronym: VBA

Answer 73

A: Visual Basic for Applications.

Question 74

Acronym: RAT

Answer 74

Remote Access Trojan.

Question 75

True or False: Python is unsuitable for developing malware because it cannot run on non-Windows systems.

Answer 75

False Python can run on multiple operating systems, including Linux, macOS, and Android.

Question 76

True or False: PowerShell scripts require an executable to run, making them easy to detect.

Answer 76

False PowerShell scripts can run directly in system memory, making them fileless and harder to detect.

Question 77

True or False: Macros are always disabled by default in all Microsoft Office versions.

Answer 77

False Macros are disabled by default only in newer versions; users must manually enable them.

Question 78

Define: Shellshock

Answer 78

A malware exploiting a flaw in Bash to inject malicious commands on Linux and macOS systems.

Question 79

Define: Cmdlets

Answer 79

Tiny PowerShell scripts performing specific functions, often used to automate tasks in Windows.

Question 80

Define: Python's use in malware

Answer 80

A: Python is used to develop malware like RATs, allowing functions such as screenshots, remote webcam access, and web requests.

Question 81

Q: Acronym: SAM

Answer 81

A: Security Account Manager.

Question 82

Q: Acronym: WMI

Answer 82

A: Windows Management Instrumentation.

Question 83

Define: Rainbow table

Answer 83

A: A precomputed table of passwords and their hashes used to quickly crack hashed passwords without brute-forcing.

Question 84

Define: Salting

Answer 84

A: Adding random characters to the beginning or end of a password before hashing to create unique hashes and defend against rainbow attacks.

Question 85

Define: Password spraying

Answer 85

A: A brute-force method where the attacker tries the same password across multiple accounts to avoid lockout policies.

Question 86

Define: Dictionary attack

Answer 86

A: A password attack using a predefined list of common words and phrases to guess passwords.

Question 87

Define: Social engineering

Answer 87

A: A manipulation technique where attackers exploit human behavior to obtain sensitive information, such as passwords

Question 88

Define: Shoulder surfing

Answer 88

A: An attack where an attacker observes a user typing passwords or other sensitive information.

Question 89

Q: Acronym: NTDS.DIT

Answer 89

A: Active Directory credential store.

Question 90

True or False: Password spraying targets one account with many passwords to avoid lockout policies.

Answer 90

A: False: Password spraying uses the same password across many accounts to bypass lockout policies.

Question 91

True or False: Salting hashes prevents rainbow table attacks.

Answer 91

A: True: Salting adds unique characters to hashes, making them immune to precomputed rainbow tables.

Question 92

True or False: Dictionary attacks are ineffective against strong, complex passwords.

Answer 92

A: True: Dictionary attacks are only effective against weak, common passwords.

Question 93

True or False: Online brute-force attacks are faster than offline brute-force attacks.

Answer 93

A: False: Offline attacks are faster since they do not interact with authentication systems or lockout policies.

Question 94

True or False: A rainbow table must be generated for each specific hashing algorithm.

Answer 94

A: True: Different hash algorithms require distinct rainbow tables due to variations in hashing processes.

Question 95

Define: Dumpster diving

Answer 95

A: A social engineering technique where attackers search through discarded items for sensitive information.

Question 96

Q: Define: Offline password attack

Answer 96

A: An attack where password hashes are obtained and cracked without interacting with the authentication system.

Question 97

Define: rcrack

Answer 97

A: A tool used to crack password hashes using rainbow tables

Question 98

True or False: Strong passwords are the best defense against brute-force and dictionary attacks.

Answer 98

A: True: Complex, long passwords with mixed character types reduce the effectiveness of these attacks.

Question 99

True or False: Salting ensures two identical passwords produce different hashes.

Answer 99

A: True: Salting adds unique values, making hashes distinct even for identical passwords.

Question 100

True or False: Lockout policies prevent all brute-force attacks.

Answer 100

A: False: Password spraying and offline attacks can bypass lockout policies.

Question 101

Acronym: Rtgen

Answer 101

Rainbow table generator

Question 102

Acronym: Rtsort

Answer 102

A program that sorts rainbow tables for binary search.