Test Out Domain 2 Flashcards
(22 cards)
What does Nikto software do?
is a web server scanner.
What does OpenVAS do?
is a vulnerability scanner that has more than 50,000 vulnerability tests with daily updates.
What does Nessus do?
- allows for customized scans that are scheduled as convenient. It also recommends steps to remediate found vulnerabilities.
- offers scanning on mobile devices and lets you know which devices are unauthorized or non-compliant.
What does NetScan do?
is a tool that provides discovery through network and port scanning. It can find vulnerabilities, security flaws, and open ports on your network.
What does Scout Suite do?
an open-source multi-cloud security auditing tool that supports AWS, Azure, and GCP environments. It assesses the security posture of cloud environments and provides a concise view of potential security risks and misconfigurations.
What does IDA Pro do?
is a disassembler tool
What does PEStudio do?
is a debugger tool
What does 010 Editor do?
is a hex editor
What does Haxinator do?
is a hex editor
What is Prowler?
Prowler is an open-source security tool that helps organizations evaluate their Amazon Web Services (AWS) infrastructure and ensure it adheres to industry best practices and compliance standards.
What is Suricata?
is an open-source network threat detection engine that provides intrusion detection (IDS), intrusion prevention (IPS), and network security monitoring (NSM) functionalities.
CVSS uses which metrics?
base, temporal, and environmental
Waht is OWASP ZAP?
(Zed Attack Proxy) uses an on-path design to scan and inspect the data transmitted between a web server and a web browser.
What is Arachni?
is an open-source, feature-rich, modular web application security testing framework. It is specifically to identify security vulnerabilities in web applications and provide support for automated testing.
What is Colasoft?
is a packet crafting software program that can be used to modify flags and adjust other packet content.
Where is OpenVAS from?
is an open-source (free) software developed from the Nessus codebase before Nessus became commercial software. Greenbone manages the scanner and is also available as a commercial product.
What is the nmap command to generate a decoy?
-D
Corrective controls
act to eliminate or reduce the impact of an intrusion event. The company should use corrective controls after the data breach to reduce the attack’s impact. Specifically, they must stop displaying customer information on the website.
Responsive controls
serve to direct corrective actions enacted after an incident occurs. Responsive controls must exist before an incident occurs to be useful, making corrective controls the appropriate mitigation.
Currports lists all open
UDP and TCP ports on your computer. It also provides information about which process opened the port, which user created the process, and what time it was created.
What is Maltego?
is a very sophisticated visualization tool that helps investigators quickly identify relationships among entities of many types. As a result, Maltego can help in many investigations, from people and social engineering to malware analysis.
What is Pacu?
is an exploitation framework and would be useful for the consultants to evaluate the security of an Amazon Web Services (AWS) environment, including attempts to gain access.
