ITN 261 final review
The __________ contains abundant information about common software vulnerabilities and exploits
CVE listing database
In which phase of the incident response process do you control the event as much as possible in order to stop the threat
Containment
Which of the following refers to the malicious insertion of scripting code to extract data or modify a Web site's code, application, or content?
Cross-site scripting (XSS)
Which of the following statements is true regarding information security breaches?
Cyber laws act as a broad deterrent but they do not secure networks from malicious activity
Which of the following is an approach to identifying viruses in which the program uses a signatures database to identify a virus?
Dictionary-based detection
Which phase of the incident response process includes collecting evidence without destroying or altering it, as well as removing the threat?
Eradication
Which of the following statements is true regarding ethical hacking?
Ethical hackers follow the same approach that hackers use to compromise remote systems and networks
What distinguishes ethical hackers from other intruders?
Ethical hackers obtain written permission to run security tools within the organization's network
Which of the following terms is used to describe a correctly formatted document that appears to be malware to an antivirus program?
False positive
Which of the following statements is true regarding security countermeasures on your wireless access point (WAP)?
Hashing should be used for data transmissions and e-mails through WLANs.
In which phase of the incident response process do you establish just what has actually occurred
Identification
Which of the following statements is true regarding intrusion detection systems (IDS)?
Intrusion detection systems are alert-driven, but they require the information systems security practitioner to configure them properly
Which of the following block IP traffic based on the filtering criteria that the information systems security practitioner configures?
Intrusion prevention systems (IPS)
Metasploit is part of the __________ security distribution for Linux
Kali
Which phase of the incident response process is used to determine what went right during the incident response, what went wrong, and how to make the process better?
Lesson Learned
Which of the following terms refers to anything developed for the purpose of doing harm?
Malware
Which of the following statements is true regarding building a baseline definition?
Network engineers use baseline analysis to identify anomalies that could indicate problems
Zenmap is a graphical interface for __________, a port scanning tool that can quickly identify hosts and detect what operating system and services are running on them, and all without privileged access.
Nmap
Which of the following statements is true regarding external intrusion detection system (IDS) and intrusion prevention system (IPS) devices?
Normal hacking applications and tools that generate ICMP, IP, UDP, and TCP should be identified and blocked on these devices.
In Wireshark, which statistical feature can identify the packet size distribution of the capture
Packet Lengths
Which of the following are used to help reveal multiple layers of defense, help reveal application layer security protocols, and help validate network layer security settings by ensuring demilitarized and other isolated zones function as expected?
Penetration tests
Which phase of the incident response process ensures that there is a plan in place for handling incidents, a team responsible for investigating, and procedures for consistency?
Preparation
In Wireshark, which statistical feature identifies what protocols were on the LAN segment and which ones were permitted to be on the LAN segment?
Protocol Hierarchy
Which of the following is an encrypted footprint key that is faster at validation (but slower at signature generation) and is used for encrypting and signatures?
RSA—Rivest, Shamir and Adelman
In which phase of the incident response process is the affected system tested, restored, and returned to service?
Recovery
Which of the following checkbox options would you use to ensure that a scan will run on startup if the computer were off at the scheduled time?
Run when computer starts up if task has been missed
In general, which of the following is accomplished by appending a valid SQL command to the input that is being passed through a Web form into the database behind it?
SQL injection
Which of the following are used by data gatherers to find a large amount of information about a company, using not only the officially released information, but also information in publications and other Web sites?
Search engines
Which of the following refers to an event in an organization that can include accidental actions or malicious actions that result in a problem?
Security incident
Database administrators should monitor their SQL databases for unauthorized or abnormal SQL injections and write scripts for alarming as well as __________ alerts
Simple Network Management Protocol (SNMP)
Which of the following can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes?
Snort
Which of the following is a connection-oriented protocol that is used by applications that require this type of behavior?
TCP
What step in the hacking attack process identifies known vulnerabilities?
The enumeration phase
Which of the following can a hacker derive from the IP address of a target server?
The physical location of the server's data center
Which of the following do you need to decrypt encrypted messages and files from a trusted sender?
The sender's public key
Which of the following is an encryption method that has only 40-bits of encryption?
WEP (Wired Equivalent Privacy)
Which of the following is an encryption method that has 128-bits of encryption and is a subset of IEEE 802.11i?
WPA (WiFi Protected Access)
Which of the following is an encryption method that has 256-bits of encryption and is the full implementation of IEEE 802.11i?
WPA2 (WiFi Protected Access 2)
Which of the following statements is true regarding wireless networks (WLANs)?
Wireless networks open the company to risks not found in a wired network
Which of the following tools does not have a limitation on the size of the capture file, which makes it better suited to protocol capture?
Wireshark
A slow response opening applications or browsing the Internet, applications not working as they normally would, and the operating system not booting up correctly are all symptoms of:
a malware infection
Vulnerability checks can be run
against specific ports to find additional vulnerabilities that might need to be addressed
Which of the following commands is a scripting function used to generate a pop-up window with the message "Here is proof of a vulnerability"?
alert
Creating a baseline definition is done by
analyzing network traffic
During the XSS test, the fact that the Web form was able to correctly process the simple alert script indicated that there was a good chance that
any type of malicious script could be run
It is critical to use encryption techniques on a wireless LAN because the data payload within IP packets, including logons, passwords, and privacy data, would otherwise
appear in cleartext
DSA (Digital Signature Algorithm) and RSA (Rivest-Shamir-Adleman) are common __________ algorithms that can be used to successfully encrypt data and decrypt data
asymmetric encryption
In __________, a key pair is generated, one key is kept private and the other is shared
asymmetric encryption
Knowing and understanding what protocols and what size of Ethernet frames are being used for the transmission on the LAN segment is an important
baseline definition
As long as the content within a file does not change, the hash value (or checksum) will
calculate the same value every time
If e-commerce or privacy data is entered into a Web application, the company is bound by __________ to ensure the confidentiality of customer data
compliance laws and standards
Encryption is used for ensuring the __________ of the message
confidentiality
The -O switch in the Nmap commands you ran in this lab (for example, nmap -O -v 10.20.100.50) instructed Nmap to
detect the operating system of the machine
The purpose of __________ within an organization is to proactively locate vulnerabilities in an organization's defenses, and correct them to strengthen overall security
ethical hacking
Monitoring __________ allows information systems security practitioners to see who and what is attempting to infiltrate the IP network
external network traffic
The goal of a cross-site scripting (XSS) attack is usually to:
gain administrator or some other elevated level of user privileges
The more bits in the hash sum, the
greater the integrity checking of each bit that is transmitted from the source to its destination
For security reasons, it is important to __________ and to conduct regular site surveys and audits
have a wireless access policy
Hackers often use __________ instead of cleartext to make the scripts harder to detect
hexadecimal character strings
Often, programmers forget to __________, which then makes an application vulnerable to SQL injection
include script handling for special characters like apostrophes in their data input forms
The information you gathered in the lab's tests, along with the ability to write to a file, indicates that you have found a(n)
injectable database
Hashes are used for ensuring the __________ of the message
integrity
Prevention and detection are the two major categories of
internal controls
Monitoring __________ allows network analysts to see exactly which hosts may be compromised and what destination IP addresses employees are accessing
internal network traffic
When Snort captures and examines IP packets, it
looks for specific IP packet traffic patterns and abnormal traffic attempting to enter a network
A network baseline definition is a record of
normal network performance
Network and system engineers and information systems security professionals can help ensure Web application security through regular
penetration testing
Penetration testers
prioritize any findings and recommended policy and control changes.
A message digest, or hash, algorithm takes a string of text (the contents of your file or message) and:
produces a fixed-length set of hexadecimal characters
By its nature, WHOIS information must be
publicly available
An ethical hacker
recommends specific countermeasures for remediating the vulnerabilities and eliminating the exploits
The first phase of hacking is __________ phase, which is designed to gain as much information about a target organization and its systems as possible
reconnaissance
In the lab, Metasploit was able to connect to the victim system with __________ access, and without requiring a password
root-level
The following command line syntax (nmap --script=smb-check-vulns -p445 192.168.3.25) was used to
run a vulnerability check on port 445
The following command line syntax (nmap --script=smb-check-vulns -p445 10.20.100.50) was used for
running an SMB vulnerability scan against 10.20.100.50
It is the responsibility of the organization's __________ to know their networks and remove any possible point of entry before that happens
security and administration team
At the end of the lab, you drafted a WLAN __________ to mitigate the risk, threats, and vulnerabilities identified by the lab.
security implementation plan
An organization's __________ identifies the incident response team roles, responsibilities, and processes for performing an incident response
security policy
Cross-site scripting (XSS) vulnerabilities are generally found in Web forms that
send and retrieve data to databases via HTML
Antivirus vendors usually update their antivirus signature files
several times per week
Isolation, firewalls, and even IDS/IPS devices
should be considered as part of a WLAN layered security strategy
The -v switch in the Nmap commands you ran in this lab (for example, nmap -O -v 10.20.100.50) instructed Nmap to
show a great deal of detail
To establish a connection-oriented connection, a(n) __________ (SYN > SYN-ACK > ACK) is performed between the IP source and IP destination
three-way handshake
Which of the following is used to identify the network path that must be followed to reach one system from another?
traceroute
Penetration testing should be performed whenever the Web application or service is:
updated or modified
There is little point in hardening a system if it is already compromised. Therefore, a __________ is an important first step in locking down any system
virus scan
Penetration tests are also called
vulnerability scans
