Cyber 262 - Quiz C

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

key insights and situational awareness can visualized with creation of what SIEM tools

dashboard

key insights and situational awareness can be visualized with

dashboards

gcc stack.c ‐o stack_gdb ‐g ‐z execstack ‐fno‐stack‐protector

debug mode for compiler c

name servers

dns

The value of $2 in our GDB command represented?

ebp - stack pointer

temporary storage area in system memory

exploiting

The program "exploit.py" has a buffer overflow vulnerability. When it is compiled the resulting binary can have it's stack overflowed.

false

VM sprawl is a security concern because it involves artificially intelligent hypervisors that split off new hosts causing a sprawl effect

false

a SIEM is not intended to be used for monitoring and analysis of log data from applications, databases, and middleware

false

buffer overflows are no longer an issue, in facts a search of the CISA site for current buffer overflow vulnerabilities would yield little or no results

false

heap overflows are easier to preform than stack overflows

false

in class we focused on stack based buffer overflows because heap based overflows cannot perform code injection

false

machine data is only generated by network equipment

false

one of the 7 essential capabilities of an analytical driven SIEM is endpoint management

false

pointer tracking of function calls makes it hard to use stack memory for overflows

false

the top 3 cloud providers are amazons web service (AWS), Microsoft (azure), and sales force

false

/bin/program is the shell in linux for our exploit

false (correct answer is /bin/sh)

Gathering as much information about the target

footprinting

sending malformed data as input and testing code for unexpected results

fuzzing

sending malformed data as input trying to get programs to crash

fuzzing

intitle:"SpeedStream Router Management Interface"

google syntax

Data Loss or Data Leakage in the cloud can occur in many ways. Choose ALL that apply.

- weak authentication - lack of audit controls - failure to properly dispose of hard drives

Shell that we are injecting into the malicious code

/bin/sh

kernel.randomize_va_space=0

ASLR

way to prevent buffer overflows but randomizing memory allocation

ASLR

base pointer (active stack frame)

EBP - base or frame pointer

a segmentation fault can be caused by a program trying to access an off limits memory location

true

buffer overflows are still a threat

true

compress and archive is not a main component of spluk

true

data loss in the cloud can occur due to weak authentication or lack of audit controls

true

digital footprints or forensic data in logs are IOCs

true

overwriting a programs return address with some random address can point to invalid instructions and eventually malicious code

true

push and pop are part of the LIFO stack memory activities

true

roles define what users can do in splunk

true

the EBP points to the function callers stack

true

What value does the exploit.py program put into badfile to make part of the buffer fill with null values?

0x90`

How many bytes need to be added to the offset that we gathered when running the GDB debugs? This offset is required to take into account the gap with the Return Address and the EBP pointer.

4

100 in HEX

64

NOP or null bye in hex is

90

c compiler debugger

GDB

After the Capital One AWS cloud breach by Paige Thompson, Amazon added ________________ to act as a defense in depth mechanism to improve session authentication? This is also referred to as a new version of the Metadata Services.

IMDSv2

null values placed into the buffer

NOPs

return address field on the stack

RT

machine data is almost always ____

unstructured

technology that automates incident response, threat intel, and automation using workflows

SOAR

a vulnerability with a certain hypervisor that allows direct interaction from a guest to that hypervisor

VM escape

vulnerability with a hypervisor that allows direct interaction from a guest to that hypervisor

VM escape

attack that flooded buffer with N's repeadelty

code red

memory allocation like alloc and malloc are part of what memory segment

heap

capability of SIEM that helps manage potential breaches and their aftermath to reduce recovery times

incident response

which essential capability of analytics-driven siem requires managing a potential breach and the aftermath to limit damage and reduce recovery time

incident response

A recent breach at ABC Corp revealed information in log files consistent with that found in other attacks. In this case, information such as domain names, IP addresses and malware signatures are considered ?

indicators of compromise - IOC

Which cloud computing attack risk is concerned with the security of a set of functions used for connection to cloud services?

insecure APIs

cloud attack risk dealing with the security of functions used for connection to cloud services

insecure APIs

which cloud computing attack risk is considered with the security of a set of functions used for connection to cloud services

insecure APIs

allows users to visualize their elastic search data

kibana

allows users to visualize their elasticsearch data

kibana

________ data makes up for more then 90% of the data accumulated by organizations

machine

Which cloud computing attack risk resides in organizations and can cause significant losses because of the potential knowledge and access the attacker has?

malicious insiders

which cloud computing attack risks resides in organizations and can cause significant losses because of the potential knowledge and can access the attacker has

malicious insiders

a top osint tool that runs on kali

maltego

Option when on C program compile to disable stack protection

no stack protecter

term that means our organizations data center assets reside in our own data center and not in the cloud

on premise

searching for public information about people or organizations

osint

Indirect recon approach and does not engage the victim

passive

what are the 3 main default roles in splunk

power user admin

Address in our Buffer Overflow Lab we want to replace

return address

in our less and lab we focused on overwriting the _________ to point malicious code

return pointer

a segmentation fault can be caused by a program trying to access an off limit memory location

true

google maps

satellite imagery

splunk _____ strings are sent from the search head

search

what is at the heart of cloud services and considered a key requirement to managing soruces

self service

what is at the heart of cloud services and considered a key requirement. this feature is often not feasible for companies who try to manage their own environments on premise

self service

Allow user to run a program with the program owner's privilege

set uid

search engine optimized for finding connected devices

shodan

Splunk knows where to break the event, where the time stamp is located and how to automatically create field value pairs using these.

source types

Splunk uses ____________ to categorize the type of data being indexed.

source types

Program we used in the lab that had a buffer overflow vulnerability

stack

buffer overflows that are easier and deal with memory used for functions

stack

buffer overflows that are easier to perform than heap

stack

the ______ can dynamically allocate local variables used in functions. it can pass values and parameters to the functions

stack

stack fills from

top down

in splunk, the creating of visualizations and statistics is done by ________ commands

transforming

One of the reasons that organizations would move to the cloud is to focus on their core business and basically outsource the running of the Data Center and systems to a third party

true

One of the reasons that organizations would move to the cloud is to focus on their core business and basically outsource the running of the Data Center and systems to a third party?

true

Recon-NG is an OSINT tool that is part of Kali and has an interface similar to Metasploit.

true

SPLUNK and QRadar are considered SIEM tools

true

The program "stack.c", when compiled has a Buffer Overflow Vulnerability.

true

VM sprawl is a security concern because servers are easily created and often un managed

true


Set pelajaran terkait

Head, Neck, & Neurological Test - ATI

View Set

Med Surg 2 --Chapter 62: Management of Patients with Cerebrovascular Disorders

View Set

Algebra 1: Unit 3: Chapter 7: Exponents and Exponential Functions

View Set

Chapter 16 cardiovascular emergencies

View Set

HR MANAGEMENT/MULTIPLE CHOIE & T/F

View Set