NS CH 11 Questions

A security administrator needs to run a vulnerability scan that analyzes a system from the perspective of a hacker attacking the organization from the outside. Which type of scan should he or she use?

Non-credentialed scan

Gathering as much personally identifiable information (PII) on a target as possible is a goal of which reconnaissance method?

OSINT

You are the IT security administrator for a small corporate network. You believe a hacker has penetrated your network and is using ARP poisoning to infiltrate it. In this lab, your task is to discover whether ARP poisoning is taking place as follows: Use Wireshark to capture packets on the enp2s0 interface for five seconds. Analyze the Wireshark packets to determine whether ARP poisoning is taking place. Use the 192.168.0.2 IP address to help make your determination. Answer the questions.

00:00:1B:11:22:33 00:00:1B:33:22:11 Complete this lab as follows: Use Wireshark to capture packets on enp2s0.From the Favorites bar, select Wireshark. Maximize the window for easier viewing. Under Capture, select enp2s0. From the menu bar, select the blue fin to begin a Wireshark capture. After capturing packets for five seconds, select the red box to stop the Wireshark capture. Filter for only ARP packets. In the Apply a display filter field, type arp and press Enter to only show ARP packets. In the Info column, look for the lines containing the 192.168.0.2 IP address. Answer the questions. In the top right, select Answer Questions. Answer the questions. Select Score Lab.

A recent breach of a popular 3rd party service has exposed a password database. The security team is evaluating the risk of the exposed passwords for the company. The password hashes are saved in the root user's home directory, /root/captured_hashes.txt. You want to attempt to hack these passwords using a rainbow table. The password requirements for your company are as follows: The password must be 12 or more characters in length. The password must include at least one uppercase and one lowercase letter. The password must have at least one of these special characters: !, ", #, $, %, &, _, ', *, or @. All passwords are encrypted using a hash algorithm of either md5 or sha1. In this lab, your task is to: Create md5 and sha1 rainbow tables using rtgen. Sort the rainbow tables using the rtsort command. Crack the hashes using rcrack command. You can run rcrack on an individual hash or run it on the hash file (/root/captured_hashes.txt). Answer the questions.

123 MaryHad_A_Sm@ll_Lamb DisneyL@nd3 1 Complete this lab as follows: Create and sort an md5 and sha1 rainbow crack table. From the Favorites bar, select Terminal. At the prompt, type rtgen md5 ascii-32-95 1 20 0 1000 1000 0 and press Enter to create a md5 rainbow crack table. Type rtgen sha1 ascii-32-95 1 20 0 1000 1000 0 and press Enter to create a sha1 rainbow crack table. Type rtsort . and press Enter to sort the rainbow table. Crack the password hashes using -l or -h. To crack the password contained in a hash file, type rcrack . -l /root/captured_hashes.txt and press Enter. This command lists the hashes continued in the hash file and shows the passwords. To crack the password contained in a hash, type ./rcrack . -h hash_value and press Enter. This command only shows the password for the specified hash. Repeat step 2b for the remaining hashes. Answer the questions. In the top right, select Answer Questions. Answer the questions. Select Score Lab.

You are the IT security administrator for a small corporate network. You've received a zip file that contains sensitive password-protected files. You need to access these files. The zip file is located in the home directory. In this lab, your task is to use John the Ripper to: Crack the root password on the Linux computer named Support. Crack the password of the protected.zip file located in the home directory on IT-Laptop.

1worm4b8 p@ssw0rd Complete this lab as follows: View the current John the Ripper password file. From the Favorites bar, select Terminal. At the prompt, type cd /usr/share/john and press Enter. Type ls and press Enter. Type cat password.lst and press Enter to view the password list. Type cd and press Enter to go back to the root. Crack the root password on the Support computer. Type john /etc/shadow and press Enter. The password is shown. Can you find it? Type john /etc/shadow and press Enter to attempt to crack the Linux passwords again. Notice that it does not attempt to crack the password again. The cracked password is already stored in the john.pot file. Use alternate methods of viewing the previously cracked password. Type john /etc/shadow --show and press Enter. Type cat ./.john/john.pot and press Enter to view the contents of the john.pot file. In the top right, select Answer Questions and then answer question 1. Open a terminal on the IT-Laptop. From the top navigation tabs, select Floor 1 Overview. Under IT Administration, select IT-Laptop. From the Favorites bar, select Terminal. Export the contents of the protected.zip file to a text file. At the prompt, type ls and press Enter. Notice the protected.zip file you wish to crack. Type zip2john protected.zip > ziphash.txt and press Enter. Type cat ziphash.txt and press Enter to confirm that the hashes have been copied. Using the text file, crack the password of the protected.zip file. Type john --format=pkzip ziphash.txt and press Enter to crack the password. The password is shown. Can you find it? Type john ziphash.txt --show and press Enter to show the previously cracked password. In the top right, select Answer Questions. In the top right, select Answer Questions and then answer Question 2. Select Score Lab.

Which of the following describes a man-in-the-middle attack?

A false server intercepts communications from a client by impersonating the intended server.

Which of the following accurately describes what a protocol analyzer is used for? (Select two.)

A passive device that is used to copy frames and allow you to view frame contents. A device that does NOT allow you to capture, modify, and retransmit frames (to perform an attack).

In a variation of the brute force attack, an attacker may use a predefined list of common usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?

A strong password policy

Which of the following attacks tries to associate an incorrect MAC address with a known IP address?

ARP poisoning

Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on a network?

ARP poisoning

Which of the following strategies can protect against a rainbow table password attack?

Add random bits to the password before hashing takes place

You are concerned about protecting your network from network-based attacks on the internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. Which type of device should you use?

Anomaly-based IDS

What is the most common form of host-based IDS that employs signature or pattern-matching detection methods?

Antivirus software

You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use?

Network mapper

Which of the following activities are typically associated with a penetration test?

Attempt social engineering

You have been hired as part of the team that manages an organization's network defense. Which security team are you working on?

Blue

You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using?

Brute force attack

As part of a special program, you have discovered a vulnerability in an organization's website and reported it to the organization. Because of the severity, you are paid a good amount of money. Which type of penetration test are you performing?

Bug bounty

Which of the following are network-sniffing tools?

Cain and abel, Ettercap, TCPDump

You are using a protocol analyzer to capture network traffic. You want to only capture the frames coming from a specific IP address. Which of the following can you use to simplify this process?

Capture filters

Which SIEM component is responsible for gathering all event logs from configured devices and securely sending them to the SIEM system?

Collectors

What does an IDS that uses signature recognition use to identify attacks?

Comparisons to known attack patterns

You are the IT security administrator for a small corporate network. You are performing vulnerability scans on your network. Mary is the primary administrator for the network and the only person authorized to perform local administrative actions. The company network security policy requires complex passwords for all users. It is also required that Windows Firewall is enabled on all workstations. Sharing personal files is not allowed. In this lab, your task is to: Run a vulnerability scan for the Office2 workstation using the Security Evaluator. A shortcut is located on the taskbar. Remediate the vulnerabilities found in the vulnerability report for Office2. Re-run a vulnerability scan to make sure all of the issues are resolved.

Complete this lab as follows. Run a Security Evaluator report. From the taskbar, open Security Evaluator. Next to Target Local Machine, select the Target icon to select a new target. Select Workstation. From the Workstation drop-down list, select Office2 as the target. Select OK. Next to Status, select the Run/Rerun Security Evaluation icon. Review the results to determine which issues you need to resolve on Office2. Access local users using Office2's Computer Management console. From the top navigation tabs, select Floor 1. Under Office 2, select Office2. From Office2, right-click Start and select Computer Management. Expand and select Local Users and Groups > Users. Rename a user account. Right-click Administrator and select Rename. Enter a new name of your choice and press Enter. Disable the Guest account. Right-click Guest and select Properties. Select Account is disabled and then select OK. Set a new password for Mary. Right-click Mary and select Set Password. Select Proceed. Enter a new password of your choice (12 characters or more). Confirm the new password and then select OK. Select OK Configure Mary's password to expire and to change at next logon. Right-click Mary and select Properties. Clear Password never expires. Select User must change password at next logon and then select OK. Unlock Susan's account and remove her from the Administrators group. Right-click Susan and select Properties. Clear Account is locked out and then select Apply. Select the Member of tab. Select Administrators. Select Remove. Select OK. Close Computer Management. Enable Windows Firewall for all profiles. Right-click Start and then select Settings. Select Network & Internet. From the right pane, scroll down and select Windows Firewall. Under Domain network, select Turn on. Under Private network, select Turn on. Under Public network, select Turn on. Close all open Windows. Remove a file share. From the taskbar, select File Explorer. From the left pane, select This PC. From the right pane, double-click Local Disk (C:). Right-click MyMusic and select Properties. Select the Sharing tab. Select Advanced Sharing. Clear Share this folder. Select OK. Select OK. Use the Security Evaluator feature to verify that all of the issues on the ITAdmin computer were resolved. From the top navigation tabs, select Floor 1. Under IT Administration, select ITAdmin. From Security Evaluator, select the Run/Rerun Security Evaluation icon to rerun the security evaluation. If you still see unresolved issues, select Floor 1, navigate to the Office2 workstation and remediate any remaining issues.

Which of the following password attacks uses preconfigured matrices of hashed dictionary words?

Rainbow table attack

In your role as a security analyst, you ran a vulnerability scan, and several vulnerabilities were reported. Upon further inspection, none of the vulnerabilities actually existed. Which type of result is this?

False positive

You are the IT security administrator for a small corporate network. You want to spoof the DNS to redirect traffic as part of a man-in-the-middle attack. In this lab, your task is to: (Optional) From the Exec computer, access rmksupplies.com and verify that site can be accessed. From the Linux Support computer, use Ettercap to begin sniffing and scanning for hosts. Configure the Exec computer (192.168.0.30) as the target 1 machine. Initiate DNS spoofing. From the Exec computer, access rmksupplies.com and verify that it has been redirected to a different site

Complete this lab as follows: From the Support computer, use Ettercap to begin sniffing and scanning for hosts. From the Favorites bar, select Ettercap. Select Sniff > Unified sniffing. From the Network Interface drop-down menu, select enp2s0. Select OK. Select Hosts >Scan for hosts. Configure the Exec computer (192.168.0.30) as the target 1 machine. Select Hosts > Host list. Under IP Address, select 192.168.0.30. Select Add to Target 1 to assign it as the target. Initiate DNS spoofing. Select Plugins > Manage the plugins. Select the Plugins tab. Double-click dns_spoof to activate it. Select Mitm > ARP poisoning. Select Sniff remote connections and then select OK. From the Exec computer, access rmksupplies.com. From the top navigation tabs, select Floor 1 Overview. Under Executive Office, select Exec. From the taskbar, select Google Chrome. In the URL field, type rmksupplies.com and then press Enter. Notice that the page was redirected to RUS Office Supplies despite the web address staying the same.

Which of the following processes identifies an operating system based on its response to different types of network traffic?

Fingerprinting

You are the IT security administrator for a small corporate network. You need to use a vulnerability scanner to check for security issues on your Linux computers. In this lab, your task is to: Use the Security Evaluator to check the security:On the Linux computer with the 192.168.0.45 IP address.On the Linux computers in the IP address range of 192.168.0.60 through 192.168.0.69 Answer the questions.

Complete this lab as follows: Run a Security Evaluator report for 192.168.0.45. From the taskbar, open Security Evaluator. Next to Target: Local Machine, select the Target icon. Select IPv4 Address. Enter 192.168.0.45 Select OK. Next to Status: No Results, select the Status Run/Rerun Security Evaluation icon. Review the results. In the top right, select Answer Questions. Answer Question 1. root Password Does Not Expire Run a Security Evaluator report for the IP address range of 192.168.0.60 through 192.168.0.69. From Security Evaluator, select the Target icon to select a new target. Select IPv4 Range. In the left field, type 192.168.0.60 In the right field, type 192.168.0.69 Select OK. Select the Status Run/Rerun Security Evaluation icon. Review the results. Answer Questions 2 and 3. 192.168.0.65, 192.168.0.68 backup Password Does Not Expire Select Score Lab.

You are the IT security administrator for a small corporate network. You are performing vulnerability scans on your network. Use the Security Evaluator tool to run a vulnerability scan on the CorpDC domain controller. In this lab, your task is to: Run a vulnerability scan for the CorpDC domain controller using the Security Evaluator on the taskbar. Remediate the vulnerabilities in the Default Domain Policy using Group Policy Management on CorpDC. Re-run a vulnerability scan to make sure all of the issues are resolved.

Complete this lab as follows: Run a Security Evaluator report. From the taskbar, open Security Evaluator. Next to Target: Local Machine, select the Target icon to select a target. Select Domain Controller. Using the Domain Controller drop-down list, select CorpDC as the target. Select OK. Next to Status: No Results, select the Status Run/Rerun Security Evaluation icon. Review the results to determine which issues you need to resolve on CorpDC. Access the CorpDC server. From the top navigation tabs, select Floor 1. Under Networking Closet, select CorpDC. Access and edit the CorpNet.local Default Domain Policy. From Server Manager, select Tools > Group Policy Management. Maximize the window for easier viewing. Expand Forest: CorpNet.local > Domains >CorpNet.local. Right-click Default Domain Policy and then select Edit. Maximize the window for easier viewing. Remediate the password policy issues in Account Policies. Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Account Policies. From the left pane, select Password Policy. From the right pane, double-click the policy. Select Define this policy setting. Enter the password setting and then select OK. Repeat steps 4c-4e for each additional password policy. password history min 24 pws min age 1 day length 14 chars Remediate the reset account lockout counter issue in Account Policies. From the left pane, select Account Lockout Policy. From the right pane, double-click Reset account lockout counter after. Select Define this policy setting. Enter 60 minutes and then select OK. Remediate the Event Log issues. From the left pane, select Event Log. From the right pane, double-click the policy. Select Define this policy setting. Select Do not overwrite events (clear log manually) and then select OK. Repeat steps 6b-6d for each additional Event Log policy. retention for application, security, system Remediate System Services issues. From the left pane, select System Services. From the right pane, double-click the policy. Select Define this policy setting. Make sure Disabled is selected and then select OK. Repeat steps 7b-7d for the remaining System Services policy. DCOM Server process disabled task scheduler disabled Verify that all the issues were resolved using the Security Evaluator feature on the ITAdmin computer. From the top navigation tabs, select Floor 1. Under IT Administration, select ITAdmin. From Security Evaluator, select the Status Run/Rerun Security Evaluation icon to rerun the security evaluation. If you still see unresolved issues, select Floor 1, navigate to CorpDC, and remediate any remaining issues.

You are the IT security administrator for a small corporate network. You perform vulnerability scans on your network. You need to verify the security of your wireless network and your Ruckus wireless access controller. In this lab, your task is to: Run a vulnerability scan for the wireless access controller 192.168.0.6 using Security Evaluator, which is accessible from the taskbar. Remediate the vulnerabilities found in the vulnerability report for the wireless access controller. New admin name: your choice New password: your choice Enable reporting of rogue devices for intrusion prevention. Rerun a vulnerability scan to make sure all of the issues are resolved.

Complete this lab as follows: Run a Security Evaluator report. From the taskbar, select Security Evaluator. Next to Target: Local Machine, select the Target icon to select a new target. Select IPv4 Address. Enter 192.168.0.6 for the wireless access controller. Select OK. Next to Status No Results, select the Status Run/Rerun Security Evaluation icon to run the security evaluation. Review the results to determine which issues you need to resolve on the wireless access controller. Use Google Chrome to go into the Ruckus wireless access controller. From the taskbar, open Google Chrome. Maximize Google Chrome for easier viewing. In the address bar, type 192.168.0.6 and press Enter. For Admin name, enter admin (case-sensitive).For Password, enter password. Select Login. Change the admin username and password for the Ruckus wireless access controller. Select the Administer tab. Make sure Authenticate using the admin name and password is selected. In the Admin Name field, replace admin with a username of your choice. In the Current Password field, enter password. In the New Password field, enter a password of you choice. In the Confirm New Password field, enter the new password. On the right, select Apply. Enable intrusion detection and prevention. Select the Configure tab. On the left, select WIPS. Under Intrusion Detection and Prevention, select Enable report rogue devices. On the right, select Apply. Verify that all the issues were resolved using the Security Evaluator. From the taskbar, select Security Evaluator. Next to Status Needs Attention, select the Status Run/Rerun Security Evaluation icon to re-run the security evaluation. Remediate any remaining issues.

You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tool should you use?

Nessus

You work as the IT security administrator for a small corporate network. In an effort to protect your network against security threats and hackers, you have added Snort to pfSense. With Snort already installed, you need to configure rules and settings and then assign Snort to the desired interface. In this lab, your task is to use pfSense's Snort to complete the following: Sign into pfSense using the following: Username: admin Password: P@ssw0rd (zero) Enable the downloading of the following: Snort free registered User rules Oinkmaster Code: 359d00c0e75a37a4dbd70757745c5c5dg85aaSnort GPLv2 Community rules Emerging Threats Open rules Sourcefire OpenAppID detectors APPID Open rules Configure rule updates to happen once a day at 1:00 a.m. Hide any deprecated rules. Block offending hosts for 1 hour. Send all alerts to the system log when the Snort starts and stops. Assign Snort to the WAN interface using a description of WANSnort. Include: Sending alerts to the system log Automatically blocking hosts that generate a Snort alert Start Snort on the WAN interface.

Complete this lab as follows: Sign into the pfSense management console. In the Username field, enter admin. In the Password field, enter P@ssw0rd (zero).Select SIGN IN or press Enter. Access the Snort Global Settings. From the pfSense menu bar, select Services > Snort. Under the Services breadcrumb, select Global Settings. Configure the required rules to be downloaded. Select Enable Snort VRT. In the Sort Oinkmaster Code field, enter 359d00c0e75a37a4dbd70757745c5c5dg85aa. You can copy and paste this from the scenario. Select Enable Snort GPLv2. Select Enable ET Open. Configure the Sourcefire OpenAppID Detectors to be downloaded. Under Sourcefire OpenAppID Detectors, select Enable OpenAppID. Select Enable RULES OpenAppID. Configure when and how often the rules will be updated. Under Rules Update Settings, use the Update Interval drop-down menu to select 1 Day. For Update Start Time, change to 01:00. Select Hide Deprecated Rules Categories. Configure Snort General Settings. Under General Settings, use the Remove Blocked Hosts Interval drop-down menu to select 1 HOUR. Select Startup/Shutdown Logging. Select Save. Configure the Snort Interface settings for the WAN interface. Under the Services breadcrumb, select Snort Interfaces and then select Add. Under General Settings, make sure Enable interface is selected. For Interface, use the drop-down menu to select WAN (PFSense port 1). For Description, use WANSnort. Under Alert Settings, select Send Alerts to System Log. Select Block Offenders. Scroll to the bottom and select Save. Start Snort on the WAN interface. Under the Snort Status column, select the arrow. Wait for a checkmark to appear, indicating that Snort was started successfully.

Which phase or step of a security assessment is a passive activity?

Reconnaissance

You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?

Dumpster diving

You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation. Which of the following must you configure in order to see all of the network traffic?

Configure the network interface to use promiscuous mode

A security administrator logs onto a Windows server on her organization's network. Then she runs a vulnerability scan on that server. Which type of scan was conducted in this scenario?

Credentialed scan

An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information. Which kind of exploit has been used in this scenario?

DNS poisoning

Which type of denial-of-service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?

DNS poisoning

While using the internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, the browser displays a completely different website. When you use the IP address of the web server, the correct site is displayed. Which type of attack has likely occurred?

DNS poisoning

As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?

Host-based IDS

You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use?

IPS

Your organization uses a web server to host an e-commerce site. Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that analyzes the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them. What should you do?

Implement an application-aware IPS in front of the web server

You want to check a server for user accounts that have weak passwords. Which tool should you use?

John the Ripper

Which of the following describes a false positive when using an IPS device?

Legitimate traffic being flagged as malicious

Which step in the penetration testing life cycle is accomplished using rootkits or Trojan horse programs?

Maintain access

Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which type of attack?

Man-in-the-middle-attack

You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Which tool should you use?

Packet sniffer

You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol. Which tool should you use?

Packet sniffer

Which type of reconnaissance is dumpster diving?

Passive

Which of the following techniques involves adding random bits of data to a password before it is stored as a hash?

Password salting

Which of the following uses hacking techniques to proactively discover internal vulnerabilities?

Penetration testing

An active IDS system often performs which of the following actions? (Select two.)

Performs reverse lookups to identify an intruder. Updates filters to block suspect traffic

Which of the following Security Orchestration, Automation, and Response (SOAR) system automation components is often used to document the processes and procedures that are to be used by a human during a manual intervention?

Playbook

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to a switch that is connected to the router. When you run the software, you see frames addressed to the four workstations, but not to the router. Which feature should you configure on the switch?

Port mirroring

You want to make sure that a set of servers only accepts traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers do not accept packets sent to those services. Which tool should you use?

Port scanner

You want to identify traffic that is generated and sent through a network by a specific application running on a device. Which tool should you use?

Protocol analyzer

Carl received a phone call from a woman who states that she is calling from his bank. She tells him that someone has tried to access his checking account, and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password. Which of the following types of non-technical password attack has occurred?

Social engineering

You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches?

Run the vulnerability assessment again

Which of the following systems is able to respond to low-level security events without human assistance?

SOAR

Which of the following is a very detailed document that defines exactly what is going to be included in the penetration test?

Scope of work

Which of the following roles would be MOST likely to use a protocol analyzer to identify frames that might cause errors?

Security operations team

Which of the following tools can be used to see if a target has any online IoT devices without proper security?

Shodan

Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database?

Signature-based IDS

Which of the following best describes shoulder surfing?

Someone nearby watching you enter your password on your computer and recording it.

A router on the border of your network detects a packet with a source address that is from an internal client, but the packet was received on the internet-facing interface. This is an example of which form of attack?

Spoofing

Which type of activity changes or falsifies information in order to mislead or re-direct traffic?

Spoofing

What is the primary purpose of penetration testing?

Test the effectiveness of your security perimeter

Which of the following describes the worst possible action by an IDS?

The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.

You are the CorpNet IT administrator. Your support team says that CorpNet's customers are unable to browse to the public-facing web server. You suspect that it might be under some sort of denial-of-service attack, possibly a TCP-SYN flood attack. Your www_stage computer is on the same network segment as your web server, so you should use this computer to investigate the problem. In this lab, your task is to: Capture packets from the network segment on www_stage using Wireshark. Use the enp2s0 interface. Analyze the attack using the following filters:tcp.flags.syn==1 and tcp.flags.ack==1tcp.flags.syn==1 and tcp.flags.ack==0 Answer the question.

There are multiple source addresses for the SYN packets with the destination address 128.28.1.1. Complete this lab as follows: Using Wireshark, only capture packets containing both the SYN flag and ACK flags. From the Favorites bar, select Wireshark. Under Capture, select enp2s0. From the menu, select the blue fin to begin the capture. In the Apply a display filter field, type tcp.flags.syn==1 and tcp.flags.ack==1 and press Enter to filter Wireshark to display only those packets with both the SYN flag and ACK flag. You may have to wait up to a minute before any SYN-ACK packets are captured and displayed. Select the red square to stop the capture. Change the filter to only display packets with the SYN flag. In the Apply a display filter field, change the tcp.flags.ack ending from the number 1 to the number 0 and press Enter. Notice that there are a flood of SYN packets being sent to 198.28.1.1 (www.corpnet.xyz) that are not being acknowledged. In the top right, select Answer Questions. Answer the question. Select Score Lab.

In your role as a security analyst, you need to stay up to date on the latest threats. You are currently reviewing the latest real-time updates on cyberthreats from across the world. Which of the following resources are you MOST likely using?

Threat feeds

A user named Bob Smith has been assigned a new desktop workstation to complete his day-to-day work. When provisioning Bob's user account in your organization's domain, you assigned an account name of BSmith with an initial password of bw2Fs3d. On first login, Bob is prompted to change his password. He changes it to the name of his dog, Fido. What should you do to increase the security of Bob's account? (Select two.)

Train users to use passwords that are easy to guess Use group Policy to require strong passwords on user accounts

You want to be able to identify the services running on a set of servers on your network. Which tool would BEST give you the information you need?

Vulnerability scanner

The process of walking around an office building with an 802.11 signal detector is known as:

War driving

You have been promoted to team lead of one of the security operations teams. Which security team are you now a part of?

White

You have been hired to perform a penetration test for an organization. You are given full knowledge of the network before the test begins. Which type of penetration test are you performing?

White box

You are the IT security administrator for a small corporate network. You have some security issues on a few Internet of Things (IoT) devices. You have decided to use the Security Evaluator to find these problems. In this lab, your task is to use the Security Evaluator to: Find a device using the IP address of 192.168.0.54. Find all devices using an IP address in the range of 192.168.0.60 through 192.168.0.69. Answer the questions.

Wireless Thermostat 3 192.168.0.66 Complete this lab as follows: Run a Security Evaluator report for 192.168.0.54.From the taskbar, open Security Evaluator. Next to Target Local Machine, select the Target icon. Select IPv4 Address. Enter 192.168.0.54 as the IP address. Select OK. Next to Status No Results, select the Run/Rerun Security Evaluation icon to run a security evaluation. In the top right, select Answer Questions. Answer Questions 1 and 2. Run a Security Evaluator report for an IP range of 192.168.0.60 through 192.168.0.69.From the Security Evaluator, select the Target icon to select a new target. Select IPv4 Range. In the left field, type 192.168.0.60 as the beginning IP address. In the right field, type 192.168.0.69 as the ending IP address. Select OK. Next to Status No Results, select the Run/Rerun Security Evaluation icon to run a security evaluation. Answer Question 3. Select Score Lab.

You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use?

Wireshark

Which of the following tools can be used to view and modify DNS server information in Linux?

dig

You need to enumerate the devices on your network and display the network's configuration details. Which of the following utilities should you use?

nmap

You need to check network connectivity from your computer to a remote computer. Which of the following tools would be the BEST option to use?

ping

Which passive reconnaissance tool is used to gather information from a variety of public sources?

theHarvester