testout cyberdefense pro chapter 10

Fill in the missing piece of the command: Nmap has the ability to generate decoys that make the detection of the actual scanning system become much more difficult. The nmap command to generate decoys is nmap ____ RND:10 target_IP_address

-D

Your company has decided to use a Pentbox honeypot to learn which types of attacks may be targeting your site. They have asked you to install and configure the honeypot. You have already installed Pentbox. Which menu allows you to configure the honeypot?

2- Network tools

You are in the process of configuring pfSense Snort as your intrusion detection and prevention system (IDS/IPS). You have configured the options shown in the image, but when you try to save your changes, pfSense won't let you continue. What did you forget to configure?

A Snort Oinkmaster Code was not entered.

You are the security analyst working for CorpNet (198.28.1.1). You are trying to see if you can discover weaknesses in your network. You have just run the nmap command shown in the image.

A compromise was found while scanning port 8080.

Which of the following BEST describes a network policy?

A set of conditions, constraints, and settings used to authorize which remote users and computers can or cannot connect to a network.

Which type of processor chip is designed to perform a single function and is typically custom-designed?

ASIC

You are the security administrator for your organization. You need to provide Mary with the needed access to make changes to the finances.xlsx file located in the Accounting directory. Which of the following permissions should you set for Mary?

Allow Write permission on the finances.xlsx file.

Which of the following web server technologies does Linux typically use?

Apache

Which of the following types of devices use sensors to gather data and send that data back to specialized controllers to make decisions and changes in the systems?

Automated systems

You are configuring a new email server for your organization and need to implement a firewall solution. The firewall will be designed to handle connections to the email server. Which of the following would be the BEST firewall solution?

Bastion host

Which web application architecture layer includes the physical devices that are used to access the web application?

Client/Presentation

Which of the following firewall evasion techniques is used to redirect a user to a malicious website?

DNS poisoning

Which of the following should be implemented as protection against malware attacks?

DNS sinkhole

Which of the following firewall evasion countermeasures should be implemented to mitigate firewall evasion? (Select two.)

Defense in Depth Filtering an intruder's IP address

Which of the following permissions would take precedence over the others?

Deny Read

Which of the following attacks would use the following syntax?

Directory traversal

Which processor chip can be configured by the end user to perform the tasks he or she needs it to?

FPGA

Which of the following firewall identification methods uses a TCP packet with a TTL value set to expire one hop past the firewall?

Firewalking

Which of the following works together by calling on each other, passing data to each other, and returning values in a program?

Function

Which of the following attack types takes advantage of user input fields on a website?

HTTP response splitting

Which of the following NAC policies is MOST commonly implemented?

Health

Which of the following is a popular honeypot that can be used to create thousands of other honeypots?

Honeyd

Which of the following should be designed to look and function like a real resource in order attract attackers?

Honeypot

You are the security analyst for your organization. During a vulnerability analysis, you have noticed the following: File attributes being altered Unknown .ozd files Files that do not match the existing naming scheme Changes to the log files Which of the following do these signs indicate has occurred?

Host-based intrusion

Which of the following uses the TCP/IP stack and is effectively employed to slow down the spread of worms, backdoors, and similar malware?

Layer 4 tarpit

Which of the following honeypot interaction levels simulates a real OS, its applications, and its services?

Medium

As part of a push by IT to create consistent policies on Windows machines, you are working in PowerShell and have created a binary policy file that covers applications and virus scanning policies. You have another binary policy file called MyPolicy.bin, which you want to use as well. It covers other portions of your company's new Windows policy. What do you need to do to implement both binary files?

Merge the two policies into a single policy file.

Which type of web application is designed to work on Android or iOS?

Mobile

Which of the following is used to define minimum security requirements a device must meet before it can connect to a network?

NAC

Which of the following Windows permissions apply to local files and directories?

NTFS

You are the security technician for your organization. You need to perform diagnostics on a vehicle's subsystems for security purposes. Which of the following would you use to access the vehicle's subsystems?

ODB-II

Which of the following best describes the components of an ICS network?

Operational technology

Which of the following types of attacks are IoT devices most vulnerable to?

Overflow

Which of the following HTTP request/response types is used to request that the web server send data using HTML forms?

POST

Which of the following BEST describes the process of verifying that a device meets the minimum health requirements?

Posture assessment

The network IDS has sent alerts regarding malformed messages and sequencing errors. Which of the following IDS detection methods is most likely being used?

Protocol

Which of the following attacks is a SYN flood attack an example of?

Protocol DDoS

You discover that your network is under a DDoS SYN flood attack. Which of the following DDoS attack methods does this fall under?

Protocol DDoS

Which of the following blackhole implementations sends traffic going to a specific destination to the blackhole?

Remote blackhole filtering

Which type of honeypot is a high-interaction honeypot that is deployed by research institutes, governments, or military organizations to gain detailed knowledge about the actions of intruders?

Research honeypot

Using the Group Policy Management tool on your Windows server, you are going to create a new group policy using a binary policy file you recently created. What do you do next?

Right-click on the domain name CorpNet.xyz and click Create a GPO in this domain.

Which of the following needs to be configured so a firewall knows which traffic to allow or block?

Rules

Drag the vulnerability to the appropriate mitigation technique.

Run all processes using the least privileged account. Use secure web permissions and access control mechanisms. *Unused User Accounts and Services Disable the directory listing option and remove the ability to load non-web files from a URL. *File and Directory Management Use scripts and systems to compare file hash values with the master value to detect possible changes. *Website Changes Remove user input fields when possible. *HTTP Response Splitting Attacks

Which of the following is used to monitor and control PLC systems?

SCADA

Which of the following types of attacks involves constructing malicious commands with the goal of modifying a database?

SQL injection

Which of the following are characteristics of embedded systems?

Sealed system Handle processes in a deterministic manner Designed to perform a single function

You have just finished creating several network polices using the Network Policy Server (NPS) as shown in the image. Vera belongs to the Sales, Marketing, and Research groups. What kind of access will Vera have?

She will be granted access because she belongs to the Sales group, and that group is evaluated first.

Which of the following attacks involves modifying the IP packet header and source address to make it look like they are coming from a trusted source?

Spoofing

You created a honeypot server using Pentbox. After a while, you go back to the honeypot server to see what it has been capturing. Which of the following can be gleaned from the results shown?

The operating system used by the attacker

You are using Burpsuite to evaluate a new employee portal that will be put into production soon. Based on the highlighted POST traffic and the information in the bottom pane, what can you conclude?

The portal is using HTTP and login information is probably being transmitted in cleartext.

What does the HTTP response message 5xx indicate?

The server did not complete the request.

While configuring a perimeter firewall on your network using pfSense, you created the rule shown in the image. The intent of the rule is to allow secure traffic coming from the internet through the firewall and to the web server (172.16.1.5) in the DMZ. What have you configured incorrectly?

The source and destination ports should be HTTPs.

Drag the possible detection state to the matching description:

The system accurately detected a threat. True-Positive The system accurately detected legitimate traffic and did not flag it. True-Negative The system flagged harmless traffic as a potential threat. False-Positive Malicious traffic is flagged as harmless. False-Negative

You are working with ACLs on your Windows machine and have created some complex permissions with many users and groups defined. Now you want to back up those permissions so that they can be restored in the event of a system failure. What is missing from the below command?

There has been no file name specified.

In what order are rules in an ACL processed?

Top to bottom

After having downloaded and installed pfblockerng for your pfsense firewall, you are configuring what sites to block. How do you block lists of websites you don't want the employees to access?

Use lists found on the internet that are formatted for pfblockerng.

Match each attack to the appropriate defense:

Use rigid specifications to validate all headers, cookie query strings, hidden fields, and form fields. *XSS Attack Perform input validation. Do not permit dangerous characters in the input. Injection Attack Log off immediately after using a web application. Clear History after using a web application, and don't allow your browser to save your login details. CSRF Attack Secure remote administration and connectivity testing. Perform extensive input validation. Configure the firewall to deny ICMP traffic. Stop data processed by the attacker from being executed. Injection Attack DoS Attack Update web servers with security patches on a regular basis. Limit access to the secure areas of the website. Directory Traversal

You have just run the nmap command shown below. Which vulnerabilities were found on the target firewall?

VPN

Which of the following BEST describes the role of a remediation server?

Works to bring devices up to a minimum security level.

Which of the following Linux permissions allows files to be added or deleted from a directory?

Write

Which of the following attacks exploit vulnerabilities in the web application and allows the attacker to compromise a user's interactions with the app?

XSS

You are the security analyst for your organization. During a vulnerability analysis, you have discovered what looks to be malware, but it does not match any signatures or identifiable patterns. Which of the following BEST describes the threat you have discovered?

Zero-day

You have just used OWASP ZAP to run a vulnerability scan on your company's site.

alerts

You are in the process of configuring pfSense Snort as your intrusion detection and prevention system (IDS/IPS). You want to ensure that it includes the anti-malware IDS/IPS rule set that enables users with cost constraints to enhance their existing network-based malware detection. Select the option that would add these rule sets

emerging threats (ET) Rules Click to enable download of emerging threats open rules

Which Windows command line tool can be used to show and modify a file's permissions?

icacls

You are the security analyst for a small corporate network. You are concerned that several employees may still be using the unsecured FTP protocol against company policy. You have been capturing data for a while using Wireshark and are now examining the filtered FTP results. You see that several employees are still using FTP.

jsmith

Cisco devices have a special interface called _____, which is designed to act as a blackhole.

null0

You are in the process of configuring pfSense Suricata as your intrusion detection and prevention system (IDS/IPS). You have just finished configuring the Global Settings and have enable the installation of the ETOpen Emerging Threats rules. To get these rules, select the option tab you must use next.

updates