Network Administration
ipconfig
(internet protocol configuration) in Microsoft Windows is a console application that displays all current TCP/IP network configuration values and can modify Dynamic Host Configuration Protocol DHCP and Domain Name System DNS settings.[1]
WiFi Networks - protecting
- Migrate from WEP > WPA > WPA2 - Use Strong Authentication mechanism like PEAP (Protected Extensible Authentication Protocol) or TTLS (Tunnelled Transport Layer Security) - Mutual authentication to mitigate MITM and masquerading attacks - Always require mutual authentication - Audit network installations for consistency in deployment and config - Delete default admin passwords, community strings, or HTTP-enabled config pages - Educate users on how to spot suspect activity on WiFi network
BGP
..., Border Gateway Protocol, a dynamic routing protocol. RFC 1267.
Which file contains IP and host information in Linux?
/etc/hosts
In Linux, you set the /proc/sys/net/ipv4/ip_forward file to control bridging. Setting it to (what) will disable bridging?
0
In Linux, you set the /proc/sys/net/ipv4/ip_forward file to control bridging. Setting it to (what) will enable bridging?
1
What frequency does 802.11n operate on?
2.4/5 GHz
Which HTTP Status Code indicates a successful connection (no issues)?
200
Which HTTP Status Code class indicates a redirect?
300
Which HTTP Status Code class indicates a Client Error (like requesting an unknown file)?
400
Which HTTP Status Code class indicates a Server Error (like a bad gateway)?
500
When using a local proxy, what is the common port used?
8080
What is the difference between a DoS and a DDoS attack?
A DDoS attack is a type of DoS attack using multiple distributed attackers to amplify the denial of service
What is the main difference between a Web Application Firewall and an Intrusion Prevention System?
A WAF is usually more focused on web specific attacks
What is a load balancer?
A bandwidth control mechanism that allows multiple servers to act in conjunction
tracert
A command that determines the route data takes to get to a particular destination.
What is a multi-homed computer?
A computer with NICs on different LAN segments
UDP flood attack
A denial-of-service attack based on sending a huge number of UDP packets.
PCAP - Packet Capture
A file that contains packets captured from a protocol analyzer or sniffer.
OSPF (Open Shortest Path First)
A link-state routing protocol used on IP networks.
What is Address Resolution Protocol (ARP)?
A mapping from a MAC address to an IP address
Hashing
A means of validating data integrity through the use of mathematical algorithm. Eg: MD5
Nmap
A network utility designed to scan a network and create a map. Frequently used as a vulnerability scanner.
Metasploit
A penetration-testing tool that combines known scanning techniques and exploits to explore potentially new types of exploits.
SCP (Secure Copy Protocol)
A protocol that uses SSH to securely copy files between a local and a remote host, or between two remote hosts.
What is the main difference between a Proxy and a NAT server?
A proxy server sends internet requests as itself and then returns the results to the original requester, a NAT switches the IP/ports on the traffic from the requester
Teardrop Attack
A type of DoS that sends mangled IP fragments with overlapping and oversized payloads to the target machine.
Signature-based detection
A type of intrusion detection that compares traffic against preconfigured attack patterns known as signatures.
WPS (Wi-Fi Protected Setup)
A user-friendly—but not very secure—security setting available on some consumer-grade APs. Part of the security involves requiring a PIN in order to access the AP's settings or to associate a new device with the network. The PIN can be easily cracked through a brute force attack, so this PIN feature should be disabled if possible.
What is a WiFi heat map?
A visual representation of usage and signal strength of the WiFi network
3-Way Handshake (TCP)
A: SYN B: SYN ACK A: ACK
\n
ASCII LineFeed (LF) - Goes to next line -newline escape
LAMP stack
Acronym for Linux, Apache Web server software, MySQL database, and Perl/Python/PHP
A WiFi Access Point is getting poor reception. Upon investigation, the security analyst determines there are many WiFi Access Points using the same frequency. What can be done to possible fix this problem?
Add an additional Access Point Use a different channel on the Access Point Change the DNS settings on the Access Point Change the IP address of the on the Access Point
What is ARP?
Address Resolution Protocol - resolves IPV4 address to MAC addresses
ARP
Address Resolution Protocol. Resolves IP addresses to MAC addresses. ARP poisoning attacks can redirect traffic through an attacker's system by sending false MAC address updates. VLAN segregation helps prevent the scope of ARP poisoning attacks within a network.
Which of these are a danger of an SQL injection attack?
All of these Read confidential information from the database Modify the content of a database Delete data from the database
What is the basic functionality of a Firewall?
Allow or block traffic based on the port or other filter information
What is Port Knocking?
Allowing access to a specific port once a pattern of port scans is detected from a single IP
Which of these is not an advantage of a proxy server?
Allows for content filtering Masks the identity of internal machines Caches web pages so subsequent requests are faster Correct! Eliminates the need for routers
Why do corporations use VPNs?
Allows remote users to use corporate network resources using the private IP address
What does a load balancer do?
Allows the load on a single public IP address to get balanced among multiple servers, each with it's own IP address
What is the main difference between an IDS and an IPS?
An IDS can only alert if there is malicious traffic, while an IPS can actively block traffic
NIPS (network-based intrusion prevention system)
An IPS that monitors the network. An IPS can actively monitor data streams, detect malicious content, and stop attacks in progress.
IPS (Intrusion Prevention System)
An active, inline security device that monitors suspicious network and/ or system traffic and reacts in real time to block it Also called a Network Intrusion Prevention System (NIPS).
TCP hijacking attack
An attack in which the abuser records data packets from the network, modifies them, and inserts them back into the network.
Smurf Attack
An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.
What is a Man-in-the-Middle attack?
An attacker intercepting messages from the sender and relaying them to the recipient
What is a DoS attack?
An attempt to overwhelm a resource to make it unavailable
What is credential stuffing in an application proxy?
An automated approach using a list of compromised passwords and accounts to gain access to an authentication server
A VPN can also be called what?
An encrypted tunnel
SSL/TLS
An encryption layer of HTTP that uses public key cryptography to establish a secure connection.
Perfect Forward Secrecy (PFS)
An encryption method that ensures that a session key derived from a set of long-term keys cannot be compromised if one of the long-term keys is compromised in the future. To work properly, PFS requires two conditions: Keys must not be reused, and new keys must not be derived from previously used keys.
What is XSRF (CSRF)Cross Site Request Forgery?
Attacker using the session data from the victim to make a request to the server
How does OSPF prevent rogue nodes?
Authentication
What is the purpose of the SSH keys?
Authentication
CSS
Cascading Style Sheets contain hierarchical information about how the content of a web page will be rendered in a browser.
In a client-server connection, which device normally initiates the communication?
Client
What is XSS? [Cross Site Scripting]
Code (like javascript) that gets injected into a web page that appears to come from the server but runs on the client
Which leg of the C-I-A Triad does a MitM attack break?
Confidentiality
CIA
Confidentiality, integrity, and availability. These three form the security triad. Confidentiality helps prevent the unauthorized disclosure of data. Integrity provides assurances that data has not been modified, tampered with, or corrupted. Availability indicates that data and services are available when needed.
What does it mean that HTML is a markup language?
Content editors can mark the text for updating, like they would for written material Users can add content to web pages directly from their browser, like Wikipedia Correct! The tags tell the browser how to display or work with the text or object Coders can embed specific code that will run on the webpage
What is a SQL injection?
Database input that changes the meaning of the SQL statements
DoS attack
Denial of service attack
What does the -C do in a hexdump command?
Displays the ASCII characters as well as the hex.
DDoS Attack
Distributed Denial of Service Attack. Typically a virus installed on many computers (thousands) activate at the same time and flood a target with traffic to the point the server becomes overwhelmed.
Port 53 (TCP/UDP)
Domain Name Server (DNS)
What does the following iptables rule do? iptables -A INPUT -s 13.14.0.0/16 -j DROP
Drop all incoming traffic on the 13.14.0.0/16 address range
Which of these is not an advantage of a proxy server?
Eliminates the need for routers
What is another name for a VPN connection?
Encrypted Tunnel
What does Port Forwarding allow us to do?
Expose an internal IP/Port by redirecting external communication requests on one address and port combination to the internal IP/Port
Port 20/21
FTP File Transfer Protocol (TCP/UDP) 21(SCTP)
A VPN allows you to surf the web without leaving a trace
False
A VPN makes you completely invisible on the internet
False
All DoS and DDoS attacks are motivated by money.
False
An application proxy, like Burp Suite or ZAP, cannot be used for HTTPS requests.
False
Hashing algorithms can be reversed to find the original passwords.
False
Incorrectly configured border devices (NGFW, Proxy Servers, IDS/IPS, etc.) are a nuisance only and don't cause a real security concern?
False
The sqlmap tool can be used against all databases
False
There are no legitimate uses for an application proxy, like Burp Suite or ZAP.
False
Using a pcap file can help us spot an adversary in real time.
False
And IDS/IPS is a plug-n-play device that works 100% as soon as you set it up.
False IDS and IPS devices require additional tuning and should be retuned periodically.
Web pages can only be downloaded through a graphical based browser.
False While some tools, like netcat or curl, may be able to download the web page, displaying the web page, correctly at least, may require a graphical interface.
Wireshark can be used to view network traffic on any network in the world.
False Wireshark can only view traffic on a local NIC or from a saved pcap file. We cannot view traffic beyond our network.
Telnet is considered a best practice.
False: Telnet does not provide any level of encryption
In an SQL database, data is stored in tables, comprised of rows and columns. Look at this example:What is another name for a column?
Field
What does the -f argument do in the Linux ssh command?
Forks the process to run in the background
If a router has port forwarding set up, what does this do?
Forward traffic coming in on that port to an internal machine
What is network bridging in a Linux machine?
Forwarding data from one NIC to another
What is TCP hijacking?
Guessing TCP Sequence numbers
Which of these are considered a programming language?
HTML Correct! javascript Webkit CSS
Port 443 (TCP)
HTTPS
In a Linux system, iptables is an example of what type of firewall?
Host Based Firewall
Port 80 (TCP)
Hypertext Transfer Protocol (HTTP)
ICMP flood attack
ICMP requests require the server to process the request and respond, thus consuming CPU resources
Why are technologies like NAT (Network Address Translation) necessary?
IPv4 has run out of public addresses
What functions can a Proxy Server or Application provide?
Intercept all browser traffic to allow granular view of HTTP traffic Blocking access to specific public websites (ex: porn, gambling, etc) from an internal IP address Caching external web content to speed up subsequent searches, even for other users
ICMP
Internet Control Message Protocol. Used by a router to exchange information with other routers
IDS
Intrusion detection system. A detective control used to detect attacks after they occur. A signature-based IDS (also called definition-based) uses a database of predefined traffic patterns. An anomaly-based IDS (also called behavior-based) starts with a performance baseline of normal behavior and compares network traffic against this baseline. An IDS can be either host-based (HIDS) or network-based (NIDS). In contrast, a firewall is a preventative control that attempts to prevent the attacks before they occur. An IPS is a preventative control that will stop an attack in progress.
What is true of a Dual-Homed Server?
It has two different NICs on different LAN segments
What is the \n character in an HTTP GET request?
Line Feed
Security Onion
Linux distro intended to support security analysts with tools for: - Network security monitoring - Intrusion detection - Log management Based on Ubuntu
What is the LAMP stack?
Linux-Apache-MySQL-PHP
LAN
Local Area Network
127.0.0.1
Loopback address for IPv4 local loopback
MITM
Man in the middle. A MITM attack is a form of active interception allowing an attacker to intercept traffic and insert malicious code sent to other clients. Kerberos provides mutual authentication and helps prevent MITM attacks.
What is the name of the attack where an adversary relays communication between two parties who believe they are communicating with each other?
Man-in-the-middle
What is the basic functionality provided by NAT (Network Address Translation)?
Map a private, internal IPv4 address to a public address for routing outside the internal network.
What does MAC stand for?
Media Access Control
ARP spoofing
More commonly known as ARP poisoning, this involves the MAC (Media Access Control) address of the data being faked.
We have ran out of IPv4 addresses. Which technology allows us to minimize the use of public IP addresses in our network?
NAT
We have run out of IPv4 addresses. Which technology allows us to minimize the use of public IP addresses in our network?
NAT
How should passwords be stored in a database, if necessary?
Only the hash value of the password should be stored
OSPF
Open Shortest Path First
OWASP
Open Web Application Security Project
What is "forward secrecy?"
Periodically changing encryption keys so that a compromised key is of limited value
PSK
Pre-Shared Key
Port Forwarding
Preventing the passage of any IP packets through any ports other than the ones prescribed by the system administrator.
In Windows, if you are using PuTTY and you have no applications running on the connection, what may eventually happen?
PuTTY will automatically close the connectionex
In an SQL database, data is stored in tables, comprised of rows and columns. Look at this example:What is another name for a row?
Record
Which of these could be considered a DoS attack?
Redirecting traffic so that users cannot reach a company's webpage Hacking into a web server and removing the login page of a website Putting glue in a door lock so the key cannot be inserted
RPKI
Resource Public Key Infrastructure- security solution
What is ARP poisoning?
Responding with fake ARP packets so a sender's ARP table gets wrong information
When moving the ovpn file from one server the other, why do we use scp instead of ftp?
SCP is a secure copy using ssh
Port 22 TCP & UDP
SSH (Secure Shell)
SYN cookies
SYN cookie is a technique used to resist SYN flood attacks. In particular, the use of SYN cookies allows a server to avoid dropping connections when the SYN queue fills up. Instead, the server behaves as if the SYN queue had been enlarged. The server sends back the appropriate SYN+ACK response to the client but discards the SYN queue entry. If the server then receives a subsequent ACK response from the client, the server is able to reconstruct the SYN queue entry using information encoded in the TCP sequence number.
webkit
Safari and Chrome browser extension
SSID
Service Set Identifier. Identifies the name of a wireless network. Disabling SSID broadcast can hide the network from casual users but an attacker can easily discover it with a wireless sniffer. It's recommended to change the SSID from the default name.
What allows us to maintain secure communications with a server without having to constantly re-authenticate?
Session Data
What does the command nc or netcat with no parameters do?
Shows the usage (options) for the command
Port 25
Simple Mail Transfer Protocol (SMTP)
If a VPN has been established between two endpoints with multiple routers between. One of the routers is monitoring traffic going across it (sniffing). What can it see?
Source and Destination and encrypted payload
STP
Spanning Tree Protocol. Protocol enabled on most switches that protects against switching loops. A switching loop can be caused if two ports of a switch are connected together, such as those caused when two ports of a switch are connected together.
Which would prevent possible ARP Cache Poisoning?
Static ARP entries
NAT table in router
Store pairs of the host's IP address and the port number
half-open
TCP SYN Flood attack uses the three-way handshake mechanism. 1. An attacker at system A sends a SYN packet to victim at system B. 2. System B sends a SYN/ACK packet to victim A. 3. As a normal three-way handshake mechanism system A should send an ACK packet to system B, however, system A does not send an ACK packet to system B. In this case client B is waiting for an ACK packet from client A. This status of client B is called _________________
What is Hyper Text Markup Language?
Tags that tell browsers how to display text or other objects
What allows control over how objects display, for example fonts or colors, for the entire document?
The body tag The title tag HTML master table Correct! Cascading Style Sheets
What is a reverse shell?
The compromised device establishes a connection out to the attacker machine
Rendering engine
The part of the browser responsible for reading the Web page and presenting it to an end user.
Stateful Protocol Analysis
The process of maintaining a table of current connections so that abnormal traffic can be identified based on previous packets associated with the same transmission.
ARP table
The table in memory that stores IP address to MAC address entries.
Why do different browsers display web pages differently?
They use different rendering engines
Why would a hacker deliberately inject SQL code that would generate errors? Select all that apply.
They would never do that. Correct! Test whether the server is susceptible to an SQL injection Correct Answer Gain information about which SQL server is running Correct! Test how the code is handling errors
TCP
Transmission Control Protocol - provides reliable, ordered, and error-checked delivery of a stream of packets on the internet. TCP is tightly linked with IP and usually seen as TCP/IP in writing.
TSL
Transport Layer Security
A Corporate VPN being used by a remote employee, this could allow access to the private internal IP space.
True
A local proxy application, like burp suite, can allow the user to intercept, and possibly modify, HTML requests.
True
A private VPN set up directly from a host machine to an endpoint on the internet could potentially bypass the protections of an IDS/IPS.
True
Encryption, like TLS/SSL, could potentially thwart an NGFW firewall.
True
If a user on our network is surfing to an HTTP page and we can capture the network traffic, we can potentially view the entire page as the user would see it?
True
The order of the firewall rules can affect performance.
True
A company can have the same IPv4 private address, say 192.168.10.4, on two different devices.
True Realize that the two devices would need to be on different legs of the network and will need to be behind different NAT or other device to track this.
A department has set up a new database server for handling customer orders. The IDS/IPS report an increased number of events, which the cyber security analysts are reporting as false positives. What should be the next step?
Tune the IDS/IPS to take into account the new database server
What is two factor authentication?
Two different methods from: What you know, What you have, What you are (biometrics), Where you are
SYN flood attack
Type of DoS attack in which the attacker sends multiple SYN messages initializing TCP connections with a target host
You show up to an office environment where the management has asked you to review and recommend security improvements to their Wi-Fi infrastructure. Upon investigation, you see that the company is using Active Directory to manage their users and devices, their Wi-Fi network is authenticating over WEP, and their access points are using WPS (Wi-Fi Protected Setup) connection technology for new devices. Which of these would best secure their network?
Upgrade WEP to WPA2 and authenticate against the Active Directory
If I need to ensure secure traffic between my remote workers and the internal corporate network, which would be the best solution?
VPN tunnel
Which of these are available for IDS rules? Choose the best answer.
Variables Actions Protocols
What is data sanitization for SQL queries?
Verifying data on the server and either rejecting bad input or removing specific characters from the user input
Which of these has the weakest security?
WEP WPA3 WPA2 WPA
What is the differenec between WPA2-Personal and WPA2-Enterprise?
WPA2-Enterprise uses AES encryption and 802.1X EAP and a Radius Server
What is the difference between a Proxy and a VPN?
What is the difference between a Proxy and a VPN? A VPN encrypts traffic between the user's machine and another end point. This can be used to allow mobile workers access to internal private networks
Man-in-the-middle
What is the name of the attack where an adversary relays communication between two parties who believe they are communicating with each other?
What does the source section indicate?
Where the traffic originates
What is a WLAN?
WiFi Local Area Network
WPS
WiFi Protected Setup
The MitM attack called Karma exploits what?
Wifi SSIDs
WIPS
Wireless Intrusion Prevention System. A network device that monitors radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. In addition to intrusion detection, a WIPS also includes features that prevent against the threat automatically.
WPA 1,2&3
Wireless Protected Access 2. Wireless network encryption system.
WPA2
Wireless Protected Access 2. Wireless network encryption system.
WEP (Wired Equivalent Privacy)
Wireless security protocol that uses a standard 40-bit encryption to scramble data packets. Does not provide complete end-to-end encryption and is vulnerable to attack.
Nmapterm-98
You suspect an issue with one of the ports on the firewall. You decide to scan the ports. Which of the following is the appropriate tool to use?
You use the cat command on an /etc/hosts files and see the following entry: 127.0.0.1 google.com What will happen if you ping google.com?
You will get a successful result, but it will be coming from the local computer
Encryption
a process of encoding messages to keep them secret, so only "authorized" parties can read it. Sometimes requiring a "key". Eg: RSA
Responsive Design
allows you to create one website that provides an optimal viewing experience across a range of devices
SMPT server
an email server used for outgoing mail
Group Objects
are logical collections of users primarily for assigning security permissions to resources.
Encoding
converting data into a specific format, usually for ease of transmittal Eg:Base 64
Firewalls
hardware, software, or both designed to prevent unauthorized persons from accessing electronic information
Availability
indicates that data and services are available when needed.
nmtui =
network manager text user interface
Which of these tools allows you to modify IP addresses in an Ubuntu Linux system?
nmtui
Which tool allows you to modify IP addresses in an Ubuntu Linux system?
nmtui
Which of the following would give 1 ping only to the specified address?
ping 1 192.168.10.50 ping 192.168.10.50 ping -1 192.168.10.50 Correct! ping -c 1 192.168.10.50
Integrity
provides assurances that data has not been modified, tampered with, or corrupted.
Which of these protocols is the most secure?
scp
What is the Signature hash algorithm?
sha256 SHA256 with RSA Encryption SHA-256 with RSA Encryption sha256RSA
Which of these is considered the most secure?
ssh
Obfuscation
the action of making something obscure, unclear, or unintelligible, especially to prevent clear text transmission
Confidentiality
the assurance that messages and information are available only to those who are authorized to view them
Identify the table name from this SQL statement: SELECT username FROM users WHERE email='[email protected]';
users
Authentication
verifying the identity of the person or device attempting to access the system
What is port mirroring?
when a packet analyzer captures ethernet frames and forwards them to a "sniffer" computer to be analyzed. Frames are also forwarded to the destination as usual.