TestOut Security Pro 11.1-11.3 and 11.7 Key Terms

Reconnaissance

Also known as footprinting. This is the process of gathering information about a target before beginning any penetration test or security audit.

Heuristic-based detection

Also referred to as behavior, anomaly, or statistical-based detection. This detection method first defines a baseline of normal network traffic and then monitors traffic looking for anything that falls outside that baseline.

Signature-based detection

Also referred to as pattern matching, dictionary recognition, or misuse-detection (MD-IDS). This detection method looks for patterns in network traffic and compares them to known attack patterns called signatures.

You are concerned about protecting your network from network-based attacks on the internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. Which type of device should you use? Network-based firewall Anomaly-based IDS Antivirus scanner Host-based firewall Signature-based IDS

Anomaly-based IDS

What is the most common form of host-based IDS that employs signature or pattern-matching detection methods? Antivirus software Honeypots Motion detectors Firewalls

Antivirus software

Which of the following activities are typically associated with a penetration test? -Interview employees to verify that the security policy is being followed. -Attempt social engineering. -Create a performance baseline. -Run a vulnerability scanner on network servers.

Attempt social engineering.

You have been hired as part of the team that manages an organization's network defense. Which security team are you working on? Purple Red Blue White

Blue

Dictionary attack

Brute force password attack in which the hacker uses a list of words and phrases to try to guess the password.

Password spraying

Brute force password attack that uses the same password with multiple user accounts instead of different passwords for the same account.

As part of a special program, you have discovered a vulnerability in an organization's website and reported it to the organization. Because of the severity, you are paid a good amount of money. Which type of penetration test are you performing? Gray box Bug bounty White box Black box

Bug bounty

What does an IDS that uses signature recognition use to identify attacks? -Comparisons to known attack patterns -Exceeding threshold values -Statistical analysis to find unusual deviations -Comparison of current statistics to past statistics

Comparisons to known attack patterns

As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement? Protocol analyzer VPN concentrator Port scanner Host-based IDS Network-based IDS

Host-based IDS

You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use? Packet sniffer IPS IDS Port scanner

IPS

Your organization uses a web server to host an e-commerce site. Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that analyzes the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them. What should you do? -Install an anti-malware scanner on the web server -Implement a packet-filtering firewall in front of the web server -Implement a stateful firewall in front of the web server -Implement an application-aware IDS in front of the web server -Implement an application-aware IPS in front of the web server

Implement an application-aware IPS in front of the web server

Which of the following describes a false positive when using an IPS device? -Legitimate traffic being flagged as malicious -Malicious traffic not being identified -The source address identifying a non-existent host -The source address matching the destination address -Malicious traffic masquerading as legitimate traffic

Legitimate traffic being flagged as malicious

Which step in the penetration testing life cycle is accomplished using rootkits or Trojan horse programs? -Maintain access -Reconnaissance -Gain access -Enumeration

Maintain access

You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tool should you use? OVAL LC4 Nessus Wireshark

Nessus

You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use? Network mapper Ping scanner OVAL Port scanner

Network mapper

Gathering as much personally identifiable information (PII) on a target as possible is a goal of which reconnaissance method? Packet sniffing OSINT Passive Active

OSINT

Which type of reconnaissance is dumpster diving? OSINT Passive Active Packet sniffing

Passive

Brute force attack

Password attack in which the attacker uses a cracking tool that submits every possible letter, number, and symbol combination in a short amount of time.

Which of the following uses hacking techniques to proactively discover internal vulnerabilities? -Inbound scanning -Passive reconnaissance -Penetration testing -Reverse engineering

Penetration testing

An active IDS system often performs which of the following actions? (Select two.) -Requests a second logon test for users performing abnormal activities. -Cannot be detected on the network because it takes no detectable actions. -Traps and delays the intruder until the authorities arrive. -Performs reverse lookups to identify an intruder. -Updates filters to block suspect traffic.

Performs reverse lookups to identify an intruder AND updates filters to block suspect traffic.

Which phase or step of a security assessment is a passive activity? Reconnaissance Enumeration Vulnerability mapping Privilege escalation

Reconnaissance

Which of the following is a very detailed document that defines exactly what is going to be included in the penetration test? Rules of engagement Goals and guidelines Payment terms Scope of work

Scope of work

Which of the following tools can be used to see if a target has any online IoT devices without proper security? scanless Packet sniffing Shodan theHarvester

Shodan

Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database? Signature-based IDS Heuristics-based IDS Anomaly-analysis-based IDS Stateful-inspection-based IDS

Signature-based IDS

IP scanners

Special tools that allow a network administrator to scan the entire network to find all connected devices and their IP addresses.

What is the primary purpose of penetration testing? -Assess the skill level of new IT security staff. -Infiltrate a competitor's network. -Evaluate newly deployed firewalls. -Test the effectiveness of your security perimeter.

Test the effectiveness of your security perimeter.

Packet sniffing

The act of capturing data packets transmitted across the network and analyzing them for important information.

Eavesdropping

The act of covertly listening in on a communication between other people.

Black box

The ethical hacker has no information regarding the threat or network. This type of test best simulates an outside attack and ignores insider threats.

White box

The ethical hacker is given full knowledge of the target or network. This test allows for a comprehensive and thorough test, but is not very realistic.

Gray box

The ethical hacker is given partial information of the target or network, such as IP configurations, email lists, etc. This type of test simulates the insider threat.

Passive reconnaissance

The process of gathering information about a target with no direct interaction with the target.

Active reconnaissance

The process of gathering information by interacting with the target in some manner.

Which of the following describes the worst possible action by an IDS? -The system identified harmful traffic as harmless and allowed it to pass without generating any alerts. -The system identified harmless traffic as offensive and generated an alarm. -The system correctly deemed harmless traffic as inoffensive and let it pass. -The system detected a valid attack and the appropriate alarms and notifications were generated.

The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.

Red team

These are the ethical hackers. This team is responsible for performing the penetration tests.

Blue team

These are the members in charge of the defense of a system. This team is responsible for stopping the other team's advances.

Bug bounties

These unique tests are programs that are setup my organizations such as Google, Facebook, and many others. The organization sets strict guidelines and boundaries for ethical hackers to operate within. Any discovered vulnerabilities are reported and the ethical hacker is paid based on the severity of the vulnerability.

ping

This is a command line tool that is used to perform a connection test between two network devices.

Social engineering

This uses manipulation or people or situations to gain access to sensitive information.

nmap

This utility is a network security scanner. Use it to scan an entire network or specific IP addresses to discover information such as open ports, running services, or operating systems.

The process of walking around an office building with an 802.11 signal detector is known as: War driving War dialing Daemon dialing Driver signing

War driving

You have been promoted to team lead of one of the security operations teams. Which security team are you now a part of? Red Purple Blue White

White

You have been hired to perform a penetration test for an organization. You are given full knowledge of the network before the test begins. Which type of penetration test are you performing? -Bug bounty -White box -Gray box -Black box

White box

Which of the following tools can be used to view and modify DNS server information in Linux? dig route netstat tracert

dig

You need to enumerate the devices on your network and display the network's configuration details. Which of the following utilities should you use? scanless dnsenum nmap nslookup

nmap

You need to check network connectivity from your computer to a remote computer. Which of the following tools would be the BEST option to use? nmap tracert ping route

ping

Which passive reconnaissance tool is used to gather information from a variety of public sources? scanless theHarvester Packet sniffing Shodan

theHarvester