Test Out 2.0

Question 1

GRC stands for

Answer 1

governance, risk and compliance

Question 2

SLO stands for

Answer 2

service level objective

Question 3

COPPA stands for

Answer 3

children’s online Privacy Protection Act

Question 4

CERT stands for

Answer 4

Computer emergency response team

Question 5

CSIRT stands for

Answer 5

Computer security incident response team

Question 6

IDP stands for

Answer 6

identity provider

Question 7

nmap -sT

Answer 7

scans TPC

Question 8

nmap -sU

Answer 8

sancs UPD

Question 9

nmap -A

Answer 9

OS scanning

Question 10

nmap –top-ports <num></num>

Answer 10

scans the number of top ports

Question 11

nmap -T<0-5>

Answer 11

sacn speed 5 is the fastest

Question 12

nmap -S<IP></IP>

Answer 12

spoofs the IP address

Question 13

nmap -p<port></port>

Answer 13

scan port range

Question 14

EDR Stands for

Answer 14

Endpoint Detection and Respones

Question 15

What is Maltego?

Answer 15

Maltego is a visualization tool that gathers public information and presents it connected in a graph. It can research and map entities quicker than other tools.

Question 16

What is Recon-ng?

Answer 16

Recon-ng uses the Metasploit framework but focuses primarily on web-based reconnaissance to reveal an organization’s subdomains, and software versions, to name a few. This may also involve taking longer to find large amounts of information.

Question 17

What is Nikto?

Answer 17

is a web server scanner. It tests for outdated versions of more than 1,250 servers.

Question 18

What is OWASP ZAP?

Answer 18

is an open-source web application security scanner designed specifically for testing web applications. It is both flexible and extensible

Question 19

NIDS stands for

Answer 19

network intrusion detection system

Question 20

What is a network tap?

Answer 20

Network taps are a rogue device type (not a method). A physical device might be attached to cabling to record packets passing over that segment. Once attached, taps cannot usually be detected from other devices inline with the network, so physical inspection of the cabled infrastructure is necessary.

Question 21

Server-side request forgery (SSRF) is a security vulnerability

Answer 21

where an attacker tricks a web application into sending malicious HTTP requests to an internal or external network resource that trusts the web application. It could lead to data theft or system compromise.

Question 22

Cross-site scripting (XSS) is a web application vulnerability

Answer 22

that allows attackers to inject malicious scripts into web pages viewed by other users, often leading to the theft of user data or control of their browser.

Question 23

IoC stands for

Answer 23

Indicator of Compromise

Question 24

Preloading is

Answer 24

influencing a target’s thoughts, opinions, and emotions before something happens.

Question 25

MDA stands for

Answer 25

mail delivery agent

Question 26

MTA stands for

Answer 26

message transfer agent

Question 27

A fraggle attack is a DoS attack that targets

Answer 27

UDP protocol weaknesses.

Question 28

A smurf attack is a DoS attack that targets

Answer 28

ICMP protocol weaknesses.

Question 29

A teardrop attack prevents

Answer 29

TCP/IP packets from being reassembled.

Question 30

the mail user agent (MUA) creates

Answer 30

an initial header and forwards the message to a mail delivery agent (MDA).

Question 31

CSIRT stands for

Answer 31

computer security incident response

Question 32

CERT stands for

Answer 32

computer emergency response team

Question 33

Metasploit is on port

Answer 33

4444

Question 34

SAML is a based on

Answer 34

XML

Question 35

CWE stands for

Answer 35

(Common Weakness Enumeration) is a community-developed list of common software security weaknesses.

Question 36

CVSS stand for

Answer 36

(Common Vulnerability Scoring System) is a scoring system that creates a way to organize and prioritize vulnerabilities that you look for and discover in your work as an ethical hacker.

Question 37

NVD stand for

Answer 37

(National Vulnerability Database) was created in 2000. You can find it at nvd.nist.gov. The NVD list includes more specific information for each entry than the CVE list, such as fix information, severity scores, and impact rating. It is searchable by product name or version number, vendor, operating system, impact, severity, and related exploit range.

Question 38

SOA stands for

Answer 38

Service-Oriented Architecture (SOA) does well is make maintenance easier, which also brings down production costs. It's much simpler to look over small batches of code than having to review huge chunks of it.

Question 39

What do you need to carry out a DNS hijacking attack?

Answer 39

DNS records

Question 40

What does SCAP stand for?

Answer 40

Security content automation Protocol

Question 41

What is REST?

Answer 41

is an architectural style that provides simple communication standards on the internet between computer platforms. Systems that use REST are often known as RESTful systems.

Question 42

What is UEBA

Answer 42

user and entity behavior analysis, which is the practice of gathering insight about network events based on users' daily behaviors. The data is used to create a baseline of behaviors that can help security teams recognize any anomalies.

Question 43

What is ETDR

Answer 43

Endpoint Threat Detection and Response, which is a tool that monitors endpoints and network events.