Cyber Exam 1, HS 235 Exam 2, HS 235 exam 4 Ch. 8,9,11,13

Static Web Pages

Web Pages that display the same information whenever they're accessed

Dynamic Web Pages

Web pages that can change on the fly depending on variables such as the date or time of day

HTML****

A markup language used mainly for indicating the formatting and layout of a web page

Function

A mini program within a main program that performs a particular task

Initial Sequence Number

A number that keeps track of what packets a node has received

Visual Directory

A pointer to a physical directory on a Web server

Compiler

A program that converts a text-based program called source code into executable or binary code

ActiveX Data Objects

A programming interface for connecting a Web application to a database

Transport Layer

Responsible for getting data packets to and from the application layer by using port numbers; TCP also verifies packet delivery by using acknowledgement

Internet Layer

Responsible for routing packets using IP address

Connection-Oriented Protocol

A protocol for transferring data over a network that requires a session connection before data is sent. In TCP/IP this step is accomplished by sending a SYN packet

SYN-ACK

A reply to a SYN packet sent by a host

Active Server Pages

A scripting language for creating dynamic Web Pages

ColdFusion

A server-side scripting language for creating dynamic Web pages; supports a wide variety of databases and uses a proprietary markup language known as CFML

Algorithm

A set of directions used to solve a problem

Script

A set of instructions that run in sequence to preform a task

Object Linking and Embedding Data Base

A set of interfaces enabling Web applications to access diverse database management system

TCP/IP

A suite of communication protocols used to interconnect network devices on the internet; contains four different layers

Machine Code****

A term for code executed directly by a computer central processing unit. The most basic computer language

WIN API****

An interface to the Windows OS that programmers can use to access information about a computer running Windows such as the computer name, OS name, and so forth

Security Test

Analyzes company's security policy and procedures

Application Layer

Concerned with physically moving bits across a medium; usually includes network services and client software • HTTP • FTP • SMTP • SNMP • SSH • IRC • Telent

PERL****

A high-level general purpose programming language used especially for developing Web applications developed by Larry Wall in 1987

ACK

A TCP Flag that acknowledges a TCP packet with SYN-ACK flags set

SYN

A TCP flag that signifies the beginning of a session

Asynchronous JavaScript and XML (AJAX)

A Web development technique used for interactive Web sites like Facebook and Google Apps; this development technique makes it possible to create the sophisticate interface found on desktop programs

Assembly Language

A combination of hexadecimal numbers and expressions such as mov, add, and sub so writing programs intros language is easier than in machine language

True

A common use for base-64 is encoding and transportation of binary files through email

User Datagram Protocol

A fast, unreliable Transport layer protocol that's connectionless

RUBY****

A flexible, object-oriented programming language similar to PERL

SQL Injection

A type of exploit that takes advantage of poorly written applications; an attacker can issue statements by using a Web browser to retrieve data, changing server settings or possibly gain control of the server

WebGoat

A web-based application designed to teach security professionals about Web application vulnerabilities

False

Acceptable use policy does not limit your ability to penetrate

Hacker

Accesses a computer system or network without the authorization of the system's owner

Documentation****

Adds comments to the code that explains what you're doing

File Transfer Protocol

Allows different OSs to transfer files between one another

US PATRIOT Act Sec 217

Amended Chapter 119 of Title 18 U.S. Code

Pseudocode

An English-like language you can use to help create the structure of your program

Offensive Security Certified Professional

An advanced certification that requires students to demonstrate hands-on abilities to earn their certificates; covers network and application exploits

Session Hijacking

An attack on a network that requires guessing ISNs

Syntax Error****

An error that results when an instruction does not follow the syntax rules or grammar of the programming language

Common Gateway Interface

An interface that passes data between a web server and a web browser

Base-64

Attackers can use this to obfuscate their actions

Ethical Hacker/Penetration Test

Attempts to break into a company's network or applications to find weak links within the permission

False

Bad Hackers aren't always looking for ways to exploit vulnerabilities

True

Both penetration and security testers need technical skills to perform their duties effectively

Institute for Security and Open Methodologies

Nonprofit organization that provide security training and certification programs for security professionals

True

Contact your local law enforcement agencies to find out about laws in your state

0-7

Octal numbering system uses 8 as its base and supports values...

SANS Institute

Offers training and IT security certifications through Global Information Assurance Certification; Popular document is the Top 25 software errors list

Open Source Security Testing Methodology Manual Professional Security Tester

Designed by the Institute for Security and Open Methodologies; Covers Professionalism; Enumeration; Assessments; Application; Verification

Certified Ethical Hacker

Developed by International Council of Electronic Commerce Consultants; exam based on 22 domains

Certification Programs for Network Security Personnnel

Covers applicable applications uses COMPTIA

Static Web Pages

Created using HTML; Display the same info regardless of time

Internet Relay Chat (IRC)

Enables multiple users to communicate over the internet in discussion forums

Telnet

Enables users to insecurely log on to a remote server and issue commands interactively

Secure Shell

Enables users to securely log onto a remote server and issue command interactively

True

Federal laws are applicable to all states including hacking so if you commit a crime in one state Federal laws will apply

True

File permissions are represented by bits

True

HTML is mainly used for the web

Gray Box Model

Hybrid of the white and black box model gives the tester only partial information

True

IPV4 is still widely used

DOJ definition of a hacker

Illegal access to a computer or network systems

Class

In object-oriented programming the structure that holds pieces of data and functions

Transport Layer

Is concerned with controlling flow of data

Testing

Is conducted on a variable and returns a value of true or false

Certified Information System Professional

Issued by the International Information System Security Certification Consortium; Became one of the standards for many security professionals; doesn't require prior IT knowledge; Concerned with policies and procedures than tools for conducting security tests

False

It is possible to write a program without bugs

While Loop

Repeats an action a certain number of times; checks whether a condition is true and then continues looping until the condition becomes false

Penetration Testers

Reports problems to the company

The Computer Fraud and Abuse Act Title. 18

Makes it a federal crime to access classified information or financial information without authorization

Electronic Communication Privacy Act. Title 18

Makes it illegal to intercept any communication regardless of how it was transmitted

Black Box Model

Management doesn't divulge to staff that penetration testing is being conducted nor does it I've the tester any diagrams or describe what technologies that company is using

Security Tester

Might be required to offer solutions for securing or protecting a network

Variable****

Represents a numeric or string value

Hacktivists

People who hack computer systems for political or social reasons

For Loop

Performs a test on a variable and then exits the block when a certain condition is met

Do Loop

Performs an action first and then tests to see whether the actions should continue to occur

False

Perl is not interceptive

Network Layer

Physically moves bits across a medium

True

Some states consider port scanning a noninvasive or nondestructive act and deem it legal

True

TCP is open thus allowing anyone to develop applications and services

Branching

Takes you from one area of a program to another area

Conversion Specifiers

Tells the compiler how to convert the value in a function

Vulnerability Assessment

Tester attempts to enumerate all the vulnerabilities found in an application or on a system

Looping

The act of performing a task over and over

Protocol

The language computers use to communicate with one another; most widely used is Transmission Control Protocol/ Internet Protocol (TCP/IP)

Protocol

The language used by computers to communicate with one another over the internet

Port

The logical component of a connection that identifies the service running on a network device. Ex: Port 110 is the POP3 mail service

Simple Mail Transfer Protocol

The main protocol for transmitting e-mail across the internet

Transmission Control Protocol/Internet Protocol

The main protocol used to connect computers over the internet

Three-Way Handshake

The method the Transport layer uses to create a connection-oriented session

Internet Assigned Numbers

The organization responsible for assigning IP addresses

Hypertext Transfer Protocol

The primary protocol used to communicate over the Web

Internet Control Message Protocol

The protocol used to send informational messages and test network connectivity

TCP Flag

The six flags in a TCP header are switches that can be sent to on or off to indicate the status of a port or service

White Box Model

The tester is told what network topology and technology the company is using and is given permission to interview IT personnel and company employees

Crackers

Those who break into systems to steal or destroy data; no distinction between hackers and crackers

Application Layer

Where applications and protocols such a HTTP and Telnet operate

Connectionless

With a connectionless protocol no session connection is required before data is transmitted. UDP and IP are examples of connectionless protocols