Module 04 Cloud Computing and Assessment Tools
Which of the following options are features of the tool previously known oclHashcat?
- It is an open-source tool under the MIT License. - It supports various operating systems, such as Linux, Windows, and macOS - It can also work with different platforms, such as CPU, GPU, DSP, and FPGA. It can work with any platform with the OpenCL runtime. - It can crack multiple hashes simultaneously.
By default, how many attempts does Nmap make to detect the name and version of an OS when performing an operating system scan?
5
Platform as a Service (PaaS)
A cloud computing model of a software platform on which the enterprise or users can build their own applications and then host them.
Software as a Service (SaaS)
A cloud computing model of hosted software environment.
Infrastructure as a Service (IaaS)
A cloud computing model that provides unlimited "raw" computing, storage, and network resources that the enterprise can use to build its own virtual infrastructure in the cloud.
serverless infrastructure
A cloud infrastructure in which the capacity planning, installation, setup, and management are all invisible to the user because they are handled by the cloud provider.
hybrid cloud
A combination of public and private clouds.
Prowler
A command-line tool for diagnosing vulnerabilities in services using the AWS cloud.
OpenVAS
A full-featured vulnerability scanner that currently includes more than 50,000 vulnerability tests.
Logging and monitoring invisibility
A limited or complete lack of visibility into the security mechanisms of a cloud provider.
Nessus
A popular and highly regarded infrastructure vulnerability scanning tool.
Infrastructure as Code (IaC)
A process that enables software developers to order the needed infrastructure from the cloud service provider by executing a script.
Qualys
A scanner that can detect vulnerabilities on virtually any networked assets, including servers; network devices such as routers, switches, and firewalls; peripherals, and endpoints.
Function as a Service (FaaS)
A serverless approach to executing modular pieces of code.
responder
A third-party network tool that can manipulate name resolution services to uncover sensitive information.
hping
A third-party network tool that is a command-line TCP/IP packet assembler and analyzer.
Aircrack-ng
A tool for capturing wireless packets and attacking wireless networks.
Reaver
A tool for cracking Wi-Fi Protected Setup (WPS) PINs.
Hashcat
A tool that can be used to crack password hashes.
public cloud
A type of cloud in which the services and infrastructure are offered to all users with access provided remotely through the Internet.
private cloud
A type of cloud that is created and maintained on a private network.
community cloud
A type of cloud that is open only to specific organizations that have common concerns.
Nikto
A web application vulnerability diagnostic tool that is a command-line open source tool.
Arachni
A web application vulnerability diagnostic tool that is a modular open source tool.
Burp Suite
A web application vulnerability diagnostic tool that performs both a static and dynamic analysis.
Passive
Actions that watch and listen but are not performing any overt actions against the network.
Pacu
An exploitation framework for AWS.
cloud computing
An on-demand infrastructure to a shared pool of configurable computing resources that can be rapidly provisioned and released.
Scout Suite
An open source multi-cloud security-auditing tool.
nmap
An open source utility for network discovery and security auditing.
Which of the following is NOT a cloud computing security issue?
Bandwidth utilization
Fai is the company HR manager and wants to create a type of cloud that would only be accessible to other HR managers. Which type of cloud would best fit Fai's need?
Community Cloud
OWASP Zed Attack Proxy (ZAP)
Considered the premiere open source tool for diagnosing web applications.
reverse engineering
Disassembling and analyzing a product
Which of the following is a serverless approach to executing modular pieces of code?
FaaS
True or False: "Serverless" means that an application is running on a virtual machine.
False
True or False: OpenVAS is a wireless vulnerability scanner.
False
True or false: Hping3 can perform Layer 2 and Layer 3 scanning.
False
Which of the following is NOT correct about fuzzing?
Fuzzing is used with static analysis
Which tool is used to crack password hashes?
Hashcat
oclHashcat is merged with which tool?
Hashcat
Which of the following questions correctly defines "lack of key management"?
How should authentication credentials be passed or accessed securely in a cloud environment?
Unprotected storage
Improper cloud security configurations that can result in data being left exposed in a cloud environment.
enumeration
In cybersecurity, the process of extracting a list of usernames, machine names, network resources, shares, and services from a network system.
Which cloud model requires the highest level of IT responsibilities?
Laas
Aircrack-ng is available on which of the following platforms?
Linux Solaris Windows FreeBSD OpenBSD OS X
dynamic analysis
Looking for vulnerabilities after the source code is compiled.
static analysis
Looking for vulnerabilities in software before the source code is compiled.
Which of the following tools is NOT native to an OS?
NMAP
What is Nmap also known as?
Network Mapper
fuzzing
Providing random input to a program to attempt to trigger exceptions, such as memory corruption, program crashes, or security breaches.
Which infrastructure diagnostic tool is a cloud-based Software-as-a-Service (SaaS) delivery model, allowing users to access it from any web browser?
Qualys
Which of the following is NOT a means of analysis that web application vulnerability scanners use?
Recursive scanning
Qiang is creating a report for his supervisor about the cost savings associated with cloud computing. Which of the following would he NOT include on the report on the cost savings?
Reduction in broadband costs
What does the term "serverless" mean in cloud computing?
Server resources of the cloud are inconspicuous to the end user.
What type of analysis occurs before source code has been compiled?
Static analysis
Active
Taking some type of action against the network or network server.
Which of the following is true about the CVSS Temporal Score?
The Temporal Score reflects the current characteristics of a vulnerability that may have changed over time.
lack of key management
The inability to manage authentication credentials in the cloud.
Chen is frustrated that there are so many different cloud services that his company is using that span multiple cloud provider accounts and even from different cloud providers. He wants to implement a technology to give full control and visibility over all the cloud resources, including network routing and security. What product does Chen need?
Transit gateway
True or False: Invisible resource pooling is an advantage of cloud computing.
True
True or False: There are two types of software analysis for vulnerabilities and malware: static analysis and dynamic analysis.
True
True or false: Aircrack-ng is a wireless network monitoring and password cracking tool.
True
True or false: Reaver is a wireless User ID cracking tool.
True
True or false: The -sP parameter is used for ping scanning.
True or False
Which of these is NOT created and managed by a microservices API?
User experience (UX)
Which of the following is NOT a characteristic of cloud computing?
Visible resource pooling
Insecure application program interfaces (APIs)
Vulnerable APIs that can be exploited by threat actors in a cloud environment.
Which of the following options are types of enumeration tasks?
Windows Enumeration Linux Enumeration LDAP Enumeration
Which tool can be used for network mapping?
Zenmap
Which of the following is NOT true about Nessus?
only runs on the Linux/Unix OS.
Which third-party network tool can manipulate name resolution services to uncover sensitive information?
responder