Network Administration

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

ipconfig

(internet protocol configuration) in Microsoft Windows is a console application that displays all current TCP/IP network configuration values and can modify Dynamic Host Configuration Protocol DHCP and Domain Name System DNS settings.[1]

WiFi Networks - protecting

- Migrate from WEP > WPA > WPA2 - Use Strong Authentication mechanism like PEAP (Protected Extensible Authentication Protocol) or TTLS (Tunnelled Transport Layer Security) - Mutual authentication to mitigate MITM and masquerading attacks - Always require mutual authentication - Audit network installations for consistency in deployment and config - Delete default admin passwords, community strings, or HTTP-enabled config pages - Educate users on how to spot suspect activity on WiFi network

BGP

..., Border Gateway Protocol, a dynamic routing protocol. RFC 1267.

Which file contains IP and host information in Linux?

/etc/hosts

In Linux, you set the /proc/sys/net/ipv4/ip_forward file to control bridging. Setting it to (what) will disable bridging?

0

In Linux, you set the /proc/sys/net/ipv4/ip_forward file to control bridging. Setting it to (what) will enable bridging?

1

What frequency does 802.11n operate on?

2.4/5 GHz

Which HTTP Status Code indicates a successful connection (no issues)?

200

Which HTTP Status Code class indicates a redirect?

300

Which HTTP Status Code class indicates a Client Error (like requesting an unknown file)?

400

Which HTTP Status Code class indicates a Server Error (like a bad gateway)?

500

When using a local proxy, what is the common port used?

8080

What is the difference between a DoS and a DDoS attack?

A DDoS attack is a type of DoS attack using multiple distributed attackers to amplify the denial of service

What is the main difference between a Web Application Firewall and an Intrusion Prevention System?

A WAF is usually more focused on web specific attacks

What is a load balancer?

A bandwidth control mechanism that allows multiple servers to act in conjunction

tracert

A command that determines the route data takes to get to a particular destination.

What is a multi-homed computer?

A computer with NICs on different LAN segments

UDP flood attack

A denial-of-service attack based on sending a huge number of UDP packets.

PCAP - Packet Capture

A file that contains packets captured from a protocol analyzer or sniffer.

OSPF (Open Shortest Path First)

A link-state routing protocol used on IP networks.

What is Address Resolution Protocol (ARP)?

A mapping from a MAC address to an IP address

Hashing

A means of validating data integrity through the use of mathematical algorithm. Eg: MD5

Nmap

A network utility designed to scan a network and create a map. Frequently used as a vulnerability scanner.

Metasploit

A penetration-testing tool that combines known scanning techniques and exploits to explore potentially new types of exploits.

SCP (Secure Copy Protocol)

A protocol that uses SSH to securely copy files between a local and a remote host, or between two remote hosts.

What is the main difference between a Proxy and a NAT server?

A proxy server sends internet requests as itself and then returns the results to the original requester, a NAT switches the IP/ports on the traffic from the requester

Teardrop Attack

A type of DoS that sends mangled IP fragments with overlapping and oversized payloads to the target machine.

Signature-based detection

A type of intrusion detection that compares traffic against preconfigured attack patterns known as signatures.

WPS (Wi-Fi Protected Setup)

A user-friendly—but not very secure—security setting available on some consumer-grade APs. Part of the security involves requiring a PIN in order to access the AP's settings or to associate a new device with the network. The PIN can be easily cracked through a brute force attack, so this PIN feature should be disabled if possible.

What is a WiFi heat map?

A visual representation of usage and signal strength of the WiFi network

3-Way Handshake (TCP)

A: SYN B: SYN ACK A: ACK

\n

ASCII LineFeed (LF) - Goes to next line -newline escape

LAMP stack

Acronym for Linux, Apache Web server software, MySQL database, and Perl/Python/PHP

A WiFi Access Point is getting poor reception. Upon investigation, the security analyst determines there are many WiFi Access Points using the same frequency. What can be done to possible fix this problem?

Add an additional Access Point Use a different channel on the Access Point Change the DNS settings on the Access Point Change the IP address of the on the Access Point

What is ARP?

Address Resolution Protocol - resolves IPV4 address to MAC addresses

ARP

Address Resolution Protocol. Resolves IP addresses to MAC addresses. ARP poisoning attacks can redirect traffic through an attacker's system by sending false MAC address updates. VLAN segregation helps prevent the scope of ARP poisoning attacks within a network.

Which of these are a danger of an SQL injection attack?

All of these Read confidential information from the database Modify the content of a database Delete data from the database

What is the basic functionality of a Firewall?

Allow or block traffic based on the port or other filter information

What is Port Knocking?

Allowing access to a specific port once a pattern of port scans is detected from a single IP

Which of these is not an advantage of a proxy server?

Allows for content filtering Masks the identity of internal machines Caches web pages so subsequent requests are faster Correct! Eliminates the need for routers

Why do corporations use VPNs?

Allows remote users to use corporate network resources using the private IP address

What does a load balancer do?

Allows the load on a single public IP address to get balanced among multiple servers, each with it's own IP address

What is the main difference between an IDS and an IPS?

An IDS can only alert if there is malicious traffic, while an IPS can actively block traffic

NIPS (network-based intrusion prevention system)

An IPS that monitors the network. An IPS can actively monitor data streams, detect malicious content, and stop attacks in progress.

IPS (Intrusion Prevention System)

An active, inline security device that monitors suspicious network and/ or system traffic and reacts in real time to block it Also called a Network Intrusion Prevention System (NIPS).

TCP hijacking attack

An attack in which the abuser records data packets from the network, modifies them, and inserts them back into the network.

Smurf Attack

An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

What is a Man-in-the-Middle attack?

An attacker intercepting messages from the sender and relaying them to the recipient

What is a DoS attack?

An attempt to overwhelm a resource to make it unavailable

What is credential stuffing in an application proxy?

An automated approach using a list of compromised passwords and accounts to gain access to an authentication server

A VPN can also be called what?

An encrypted tunnel

SSL/TLS

An encryption layer of HTTP that uses public key cryptography to establish a secure connection.

Perfect Forward Secrecy (PFS)

An encryption method that ensures that a session key derived from a set of long-term keys cannot be compromised if one of the long-term keys is compromised in the future. To work properly, PFS requires two conditions: Keys must not be reused, and new keys must not be derived from previously used keys.

What is XSRF (CSRF)Cross Site Request Forgery?

Attacker using the session data from the victim to make a request to the server

How does OSPF prevent rogue nodes?

Authentication

What is the purpose of the SSH keys?

Authentication

CSS

Cascading Style Sheets contain hierarchical information about how the content of a web page will be rendered in a browser.

In a client-server connection, which device normally initiates the communication?

Client

What is XSS? [Cross Site Scripting]

Code (like javascript) that gets injected into a web page that appears to come from the server but runs on the client

Which leg of the C-I-A Triad does a MitM attack break?

Confidentiality

CIA

Confidentiality, integrity, and availability. These three form the security triad. Confidentiality helps prevent the unauthorized disclosure of data. Integrity provides assurances that data has not been modified, tampered with, or corrupted. Availability indicates that data and services are available when needed.

What does it mean that HTML is a markup language?

Content editors can mark the text for updating, like they would for written material Users can add content to web pages directly from their browser, like Wikipedia Correct! The tags tell the browser how to display or work with the text or object Coders can embed specific code that will run on the webpage

What is a SQL injection?

Database input that changes the meaning of the SQL statements

DoS attack

Denial of service attack

What does the -C do in a hexdump command?

Displays the ASCII characters as well as the hex.

DDoS Attack

Distributed Denial of Service Attack. Typically a virus installed on many computers (thousands) activate at the same time and flood a target with traffic to the point the server becomes overwhelmed.

Port 53 (TCP/UDP)

Domain Name Server (DNS)

What does the following iptables rule do? iptables -A INPUT -s 13.14.0.0/16 -j DROP

Drop all incoming traffic on the 13.14.0.0/16 address range

Which of these is not an advantage of a proxy server?

Eliminates the need for routers

What is another name for a VPN connection?

Encrypted Tunnel

What does Port Forwarding allow us to do?

Expose an internal IP/Port by redirecting external communication requests on one address and port combination to the internal IP/Port

Port 20/21

FTP File Transfer Protocol (TCP/UDP) 21(SCTP)

A VPN allows you to surf the web without leaving a trace

False

A VPN makes you completely invisible on the internet

False

All DoS and DDoS attacks are motivated by money.

False

An application proxy, like Burp Suite or ZAP, cannot be used for HTTPS requests.

False

Hashing algorithms can be reversed to find the original passwords.

False

Incorrectly configured border devices (NGFW, Proxy Servers, IDS/IPS, etc.) are a nuisance only and don't cause a real security concern?

False

The sqlmap tool can be used against all databases

False

There are no legitimate uses for an application proxy, like Burp Suite or ZAP.

False

Using a pcap file can help us spot an adversary in real time.

False

And IDS/IPS is a plug-n-play device that works 100% as soon as you set it up.

False IDS and IPS devices require additional tuning and should be retuned periodically.

Web pages can only be downloaded through a graphical based browser.

False While some tools, like netcat or curl, may be able to download the web page, displaying the web page, correctly at least, may require a graphical interface.

Wireshark can be used to view network traffic on any network in the world.

False Wireshark can only view traffic on a local NIC or from a saved pcap file. We cannot view traffic beyond our network.

Telnet is considered a best practice.

False: Telnet does not provide any level of encryption

In an SQL database, data is stored in tables, comprised of rows and columns. Look at this example:What is another name for a column?

Field

What does the -f argument do in the Linux ssh command?

Forks the process to run in the background

If a router has port forwarding set up, what does this do?

Forward traffic coming in on that port to an internal machine

What is network bridging in a Linux machine?

Forwarding data from one NIC to another

What is TCP hijacking?

Guessing TCP Sequence numbers

Which of these are considered a programming language?

HTML Correct! javascript Webkit CSS

Port 443 (TCP)

HTTPS

In a Linux system, iptables is an example of what type of firewall?

Host Based Firewall

Port 80 (TCP)

Hypertext Transfer Protocol (HTTP)

ICMP flood attack

ICMP requests require the server to process the request and respond, thus consuming CPU resources

Why are technologies like NAT (Network Address Translation) necessary?

IPv4 has run out of public addresses

What functions can a Proxy Server or Application provide?

Intercept all browser traffic to allow granular view of HTTP traffic Blocking access to specific public websites (ex: porn, gambling, etc) from an internal IP address Caching external web content to speed up subsequent searches, even for other users

ICMP

Internet Control Message Protocol. Used by a router to exchange information with other routers

IDS

Intrusion detection system. A detective control used to detect attacks after they occur. A signature-based IDS (also called definition-based) uses a database of predefined traffic patterns. An anomaly-based IDS (also called behavior-based) starts with a performance baseline of normal behavior and compares network traffic against this baseline. An IDS can be either host-based (HIDS) or network-based (NIDS). In contrast, a firewall is a preventative control that attempts to prevent the attacks before they occur. An IPS is a preventative control that will stop an attack in progress.

What is true of a Dual-Homed Server?

It has two different NICs on different LAN segments

What is the \n character in an HTTP GET request?

Line Feed

Security Onion

Linux distro intended to support security analysts with tools for: - Network security monitoring - Intrusion detection - Log management Based on Ubuntu

What is the LAMP stack?

Linux-Apache-MySQL-PHP

LAN

Local Area Network

127.0.0.1

Loopback address for IPv4 local loopback

MITM

Man in the middle. A MITM attack is a form of active interception allowing an attacker to intercept traffic and insert malicious code sent to other clients. Kerberos provides mutual authentication and helps prevent MITM attacks.

What is the name of the attack where an adversary relays communication between two parties who believe they are communicating with each other?

Man-in-the-middle

What is the basic functionality provided by NAT (Network Address Translation)?

Map a private, internal IPv4 address to a public address for routing outside the internal network.

What does MAC stand for?

Media Access Control

ARP spoofing

More commonly known as ARP poisoning, this involves the MAC (Media Access Control) address of the data being faked.

We have ran out of IPv4 addresses. Which technology allows us to minimize the use of public IP addresses in our network?

NAT

We have run out of IPv4 addresses. Which technology allows us to minimize the use of public IP addresses in our network?

NAT

How should passwords be stored in a database, if necessary?

Only the hash value of the password should be stored

OSPF

Open Shortest Path First

OWASP

Open Web Application Security Project

What is "forward secrecy?"

Periodically changing encryption keys so that a compromised key is of limited value

PSK

Pre-Shared Key

Port Forwarding

Preventing the passage of any IP packets through any ports other than the ones prescribed by the system administrator.

In Windows, if you are using PuTTY and you have no applications running on the connection, what may eventually happen?

PuTTY will automatically close the connectionex

In an SQL database, data is stored in tables, comprised of rows and columns. Look at this example:What is another name for a row?

Record

Which of these could be considered a DoS attack?

Redirecting traffic so that users cannot reach a company's webpage Hacking into a web server and removing the login page of a website Putting glue in a door lock so the key cannot be inserted

RPKI

Resource Public Key Infrastructure- security solution

What is ARP poisoning?

Responding with fake ARP packets so a sender's ARP table gets wrong information

When moving the ovpn file from one server the other, why do we use scp instead of ftp?

SCP is a secure copy using ssh

Port 22 TCP & UDP

SSH (Secure Shell)

SYN cookies

SYN cookie is a technique used to resist SYN flood attacks. In particular, the use of SYN cookies allows a server to avoid dropping connections when the SYN queue fills up. Instead, the server behaves as if the SYN queue had been enlarged. The server sends back the appropriate SYN+ACK response to the client but discards the SYN queue entry. If the server then receives a subsequent ACK response from the client, the server is able to reconstruct the SYN queue entry using information encoded in the TCP sequence number.

webkit

Safari and Chrome browser extension

SSID

Service Set Identifier. Identifies the name of a wireless network. Disabling SSID broadcast can hide the network from casual users but an attacker can easily discover it with a wireless sniffer. It's recommended to change the SSID from the default name.

What allows us to maintain secure communications with a server without having to constantly re-authenticate?

Session Data

What does the command nc or netcat with no parameters do?

Shows the usage (options) for the command

Port 25

Simple Mail Transfer Protocol (SMTP)

If a VPN has been established between two endpoints with multiple routers between. One of the routers is monitoring traffic going across it (sniffing). What can it see?

Source and Destination and encrypted payload

STP

Spanning Tree Protocol. Protocol enabled on most switches that protects against switching loops. A switching loop can be caused if two ports of a switch are connected together, such as those caused when two ports of a switch are connected together.

Which would prevent possible ARP Cache Poisoning?

Static ARP entries

NAT table in router

Store pairs of the host's IP address and the port number

half-open

TCP SYN Flood attack uses the three-way handshake mechanism. 1. An attacker at system A sends a SYN packet to victim at system B. 2. System B sends a SYN/ACK packet to victim A. 3. As a normal three-way handshake mechanism system A should send an ACK packet to system B, however, system A does not send an ACK packet to system B. In this case client B is waiting for an ACK packet from client A. This status of client B is called _________________

What is Hyper Text Markup Language?

Tags that tell browsers how to display text or other objects

What allows control over how objects display, for example fonts or colors, for the entire document?

The body tag The title tag HTML master table Correct! Cascading Style Sheets

What is a reverse shell?

The compromised device establishes a connection out to the attacker machine

Rendering engine

The part of the browser responsible for reading the Web page and presenting it to an end user.

Stateful Protocol Analysis

The process of maintaining a table of current connections so that abnormal traffic can be identified based on previous packets associated with the same transmission.

ARP table

The table in memory that stores IP address to MAC address entries.

Why do different browsers display web pages differently?

They use different rendering engines

Why would a hacker deliberately inject SQL code that would generate errors? Select all that apply.

They would never do that. Correct! Test whether the server is susceptible to an SQL injection Correct Answer Gain information about which SQL server is running Correct! Test how the code is handling errors

TCP

Transmission Control Protocol - provides reliable, ordered, and error-checked delivery of a stream of packets on the internet. TCP is tightly linked with IP and usually seen as TCP/IP in writing.

TSL

Transport Layer Security

A Corporate VPN being used by a remote employee, this could allow access to the private internal IP space.

True

A local proxy application, like burp suite, can allow the user to intercept, and possibly modify, HTML requests.

True

A private VPN set up directly from a host machine to an endpoint on the internet could potentially bypass the protections of an IDS/IPS.

True

Encryption, like TLS/SSL, could potentially thwart an NGFW firewall.

True

If a user on our network is surfing to an HTTP page and we can capture the network traffic, we can potentially view the entire page as the user would see it?

True

The order of the firewall rules can affect performance.

True

A company can have the same IPv4 private address, say 192.168.10.4, on two different devices.

True Realize that the two devices would need to be on different legs of the network and will need to be behind different NAT or other device to track this.

A department has set up a new database server for handling customer orders. The IDS/IPS report an increased number of events, which the cyber security analysts are reporting as false positives. What should be the next step?

Tune the IDS/IPS to take into account the new database server

What is two factor authentication?

Two different methods from: What you know, What you have, What you are (biometrics), Where you are

SYN flood attack

Type of DoS attack in which the attacker sends multiple SYN messages initializing TCP connections with a target host

You show up to an office environment where the management has asked you to review and recommend security improvements to their Wi-Fi infrastructure. Upon investigation, you see that the company is using Active Directory to manage their users and devices, their Wi-Fi network is authenticating over WEP, and their access points are using WPS (Wi-Fi Protected Setup) connection technology for new devices. Which of these would best secure their network?

Upgrade WEP to WPA2 and authenticate against the Active Directory

If I need to ensure secure traffic between my remote workers and the internal corporate network, which would be the best solution?

VPN tunnel

Which of these are available for IDS rules? Choose the best answer.

Variables Actions Protocols

What is data sanitization for SQL queries?

Verifying data on the server and either rejecting bad input or removing specific characters from the user input

Which of these has the weakest security?

WEP WPA3 WPA2 WPA

What is the differenec between WPA2-Personal and WPA2-Enterprise?

WPA2-Enterprise uses AES encryption and 802.1X EAP and a Radius Server

What is the difference between a Proxy and a VPN?

What is the difference between a Proxy and a VPN? A VPN encrypts traffic between the user's machine and another end point. This can be used to allow mobile workers access to internal private networks

Man-in-the-middle

What is the name of the attack where an adversary relays communication between two parties who believe they are communicating with each other?

What does the source section indicate?

Where the traffic originates

What is a WLAN?

WiFi Local Area Network

WPS

WiFi Protected Setup

The MitM attack called Karma exploits what?

Wifi SSIDs

WIPS

Wireless Intrusion Prevention System. A network device that monitors radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. In addition to intrusion detection, a WIPS also includes features that prevent against the threat automatically.

WPA 1,2&3

Wireless Protected Access 2. Wireless network encryption system.

WPA2

Wireless Protected Access 2. Wireless network encryption system.

WEP (Wired Equivalent Privacy)

Wireless security protocol that uses a standard 40-bit encryption to scramble data packets. Does not provide complete end-to-end encryption and is vulnerable to attack.

Nmapterm-98

You suspect an issue with one of the ports on the firewall. You decide to scan the ports. Which of the following is the appropriate tool to use?

You use the cat command on an /etc/hosts files and see the following entry: 127.0.0.1 google.com What will happen if you ping google.com?

You will get a successful result, but it will be coming from the local computer

Encryption

a process of encoding messages to keep them secret, so only "authorized" parties can read it. Sometimes requiring a "key". Eg: RSA

Responsive Design

allows you to create one website that provides an optimal viewing experience across a range of devices

SMPT server

an email server used for outgoing mail

Group Objects

are logical collections of users primarily for assigning security permissions to resources.

Encoding

converting data into a specific format, usually for ease of transmittal Eg:Base 64

Firewalls

hardware, software, or both designed to prevent unauthorized persons from accessing electronic information

Availability

indicates that data and services are available when needed.

nmtui =

network manager text user interface

Which of these tools allows you to modify IP addresses in an Ubuntu Linux system?

nmtui

Which tool allows you to modify IP addresses in an Ubuntu Linux system?

nmtui

Which of the following would give 1 ping only to the specified address?

ping 1 192.168.10.50 ping 192.168.10.50 ping -1 192.168.10.50 Correct! ping -c 1 192.168.10.50

Integrity

provides assurances that data has not been modified, tampered with, or corrupted.

Which of these protocols is the most secure?

scp

What is the Signature hash algorithm?

sha256 SHA256 with RSA Encryption SHA-256 with RSA Encryption sha256RSA

Which of these is considered the most secure?

ssh

Obfuscation

the action of making something obscure, unclear, or unintelligible, especially to prevent clear text transmission

Confidentiality

the assurance that messages and information are available only to those who are authorized to view them

Identify the table name from this SQL statement: SELECT username FROM users WHERE email='[email protected]';

users

Authentication

verifying the identity of the person or device attempting to access the system

What is port mirroring?

when a packet analyzer captures ethernet frames and forwards them to a "sniffer" computer to be analyzed. Frames are also forwarded to the destination as usual.


Ensembles d'études connexes

Ch 2 - Foundations of Quality Management

View Set

ECON 200 Midterm 1 (Canvas Quizzes)

View Set

Point of view, Author's Purpose, Main Idea

View Set