Cyber Exam 1, HS 235 Exam 2, HS 235 exam 4 Ch. 8,9,11,13
Static Web Pages
Web Pages that display the same information whenever they're accessed
Dynamic Web Pages
Web pages that can change on the fly depending on variables such as the date or time of day
HTML****
A markup language used mainly for indicating the formatting and layout of a web page
Function
A mini program within a main program that performs a particular task
Initial Sequence Number
A number that keeps track of what packets a node has received
Visual Directory
A pointer to a physical directory on a Web server
Compiler
A program that converts a text-based program called source code into executable or binary code
ActiveX Data Objects
A programming interface for connecting a Web application to a database
Transport Layer
Responsible for getting data packets to and from the application layer by using port numbers; TCP also verifies packet delivery by using acknowledgement
Internet Layer
Responsible for routing packets using IP address
Connection-Oriented Protocol
A protocol for transferring data over a network that requires a session connection before data is sent. In TCP/IP this step is accomplished by sending a SYN packet
SYN-ACK
A reply to a SYN packet sent by a host
Active Server Pages
A scripting language for creating dynamic Web Pages
ColdFusion
A server-side scripting language for creating dynamic Web pages; supports a wide variety of databases and uses a proprietary markup language known as CFML
Algorithm
A set of directions used to solve a problem
Script
A set of instructions that run in sequence to preform a task
Object Linking and Embedding Data Base
A set of interfaces enabling Web applications to access diverse database management system
TCP/IP
A suite of communication protocols used to interconnect network devices on the internet; contains four different layers
Machine Code****
A term for code executed directly by a computer central processing unit. The most basic computer language
WIN API****
An interface to the Windows OS that programmers can use to access information about a computer running Windows such as the computer name, OS name, and so forth
Security Test
Analyzes company's security policy and procedures
Application Layer
Concerned with physically moving bits across a medium; usually includes network services and client software • HTTP • FTP • SMTP • SNMP • SSH • IRC • Telent
PERL****
A high-level general purpose programming language used especially for developing Web applications developed by Larry Wall in 1987
ACK
A TCP Flag that acknowledges a TCP packet with SYN-ACK flags set
SYN
A TCP flag that signifies the beginning of a session
Asynchronous JavaScript and XML (AJAX)
A Web development technique used for interactive Web sites like Facebook and Google Apps; this development technique makes it possible to create the sophisticate interface found on desktop programs
Assembly Language
A combination of hexadecimal numbers and expressions such as mov, add, and sub so writing programs intros language is easier than in machine language
True
A common use for base-64 is encoding and transportation of binary files through email
User Datagram Protocol
A fast, unreliable Transport layer protocol that's connectionless
RUBY****
A flexible, object-oriented programming language similar to PERL
SQL Injection
A type of exploit that takes advantage of poorly written applications; an attacker can issue statements by using a Web browser to retrieve data, changing server settings or possibly gain control of the server
WebGoat
A web-based application designed to teach security professionals about Web application vulnerabilities
False
Acceptable use policy does not limit your ability to penetrate
Hacker
Accesses a computer system or network without the authorization of the system's owner
Documentation****
Adds comments to the code that explains what you're doing
File Transfer Protocol
Allows different OSs to transfer files between one another
US PATRIOT Act Sec 217
Amended Chapter 119 of Title 18 U.S. Code
Pseudocode
An English-like language you can use to help create the structure of your program
Offensive Security Certified Professional
An advanced certification that requires students to demonstrate hands-on abilities to earn their certificates; covers network and application exploits
Session Hijacking
An attack on a network that requires guessing ISNs
Syntax Error****
An error that results when an instruction does not follow the syntax rules or grammar of the programming language
Common Gateway Interface
An interface that passes data between a web server and a web browser
Base-64
Attackers can use this to obfuscate their actions
Ethical Hacker/Penetration Test
Attempts to break into a company's network or applications to find weak links within the permission
False
Bad Hackers aren't always looking for ways to exploit vulnerabilities
True
Both penetration and security testers need technical skills to perform their duties effectively
Institute for Security and Open Methodologies
Nonprofit organization that provide security training and certification programs for security professionals
True
Contact your local law enforcement agencies to find out about laws in your state
0-7
Octal numbering system uses 8 as its base and supports values...
SANS Institute
Offers training and IT security certifications through Global Information Assurance Certification; Popular document is the Top 25 software errors list
Open Source Security Testing Methodology Manual Professional Security Tester
Designed by the Institute for Security and Open Methodologies; Covers Professionalism; Enumeration; Assessments; Application; Verification
Certified Ethical Hacker
Developed by International Council of Electronic Commerce Consultants; exam based on 22 domains
Certification Programs for Network Security Personnnel
Covers applicable applications uses COMPTIA
Static Web Pages
Created using HTML; Display the same info regardless of time
Internet Relay Chat (IRC)
Enables multiple users to communicate over the internet in discussion forums
Telnet
Enables users to insecurely log on to a remote server and issue commands interactively
Secure Shell
Enables users to securely log onto a remote server and issue command interactively
True
Federal laws are applicable to all states including hacking so if you commit a crime in one state Federal laws will apply
True
File permissions are represented by bits
True
HTML is mainly used for the web
Gray Box Model
Hybrid of the white and black box model gives the tester only partial information
True
IPV4 is still widely used
DOJ definition of a hacker
Illegal access to a computer or network systems
Class
In object-oriented programming the structure that holds pieces of data and functions
Transport Layer
Is concerned with controlling flow of data
Testing
Is conducted on a variable and returns a value of true or false
Certified Information System Professional
Issued by the International Information System Security Certification Consortium; Became one of the standards for many security professionals; doesn't require prior IT knowledge; Concerned with policies and procedures than tools for conducting security tests
False
It is possible to write a program without bugs
While Loop
Repeats an action a certain number of times; checks whether a condition is true and then continues looping until the condition becomes false
Penetration Testers
Reports problems to the company
The Computer Fraud and Abuse Act Title. 18
Makes it a federal crime to access classified information or financial information without authorization
Electronic Communication Privacy Act. Title 18
Makes it illegal to intercept any communication regardless of how it was transmitted
Black Box Model
Management doesn't divulge to staff that penetration testing is being conducted nor does it I've the tester any diagrams or describe what technologies that company is using
Security Tester
Might be required to offer solutions for securing or protecting a network
Variable****
Represents a numeric or string value
Hacktivists
People who hack computer systems for political or social reasons
For Loop
Performs a test on a variable and then exits the block when a certain condition is met
Do Loop
Performs an action first and then tests to see whether the actions should continue to occur
False
Perl is not interceptive
Network Layer
Physically moves bits across a medium
True
Some states consider port scanning a noninvasive or nondestructive act and deem it legal
True
TCP is open thus allowing anyone to develop applications and services
Branching
Takes you from one area of a program to another area
Conversion Specifiers
Tells the compiler how to convert the value in a function
Vulnerability Assessment
Tester attempts to enumerate all the vulnerabilities found in an application or on a system
Looping
The act of performing a task over and over
Protocol
The language computers use to communicate with one another; most widely used is Transmission Control Protocol/ Internet Protocol (TCP/IP)
Protocol
The language used by computers to communicate with one another over the internet
Port
The logical component of a connection that identifies the service running on a network device. Ex: Port 110 is the POP3 mail service
Simple Mail Transfer Protocol
The main protocol for transmitting e-mail across the internet
Transmission Control Protocol/Internet Protocol
The main protocol used to connect computers over the internet
Three-Way Handshake
The method the Transport layer uses to create a connection-oriented session
Internet Assigned Numbers
The organization responsible for assigning IP addresses
Hypertext Transfer Protocol
The primary protocol used to communicate over the Web
Internet Control Message Protocol
The protocol used to send informational messages and test network connectivity
TCP Flag
The six flags in a TCP header are switches that can be sent to on or off to indicate the status of a port or service
White Box Model
The tester is told what network topology and technology the company is using and is given permission to interview IT personnel and company employees
Crackers
Those who break into systems to steal or destroy data; no distinction between hackers and crackers
Application Layer
Where applications and protocols such a HTTP and Telnet operate
Connectionless
With a connectionless protocol no session connection is required before data is transmitted. UDP and IP are examples of connectionless protocols