CYSEC Exam Review
What is Elk Cloner and when was it released?
- 1st known virus to have spread - launched in 1982 -Stored on a floppy disk - Once computer booted up the virus would start and copy itself to an uninfected floppy disk
How many components does an IP address have and what are they?
- 2 components -Network and host part -One identifying the network and one identifying the node (host)
What is a Switch?
- A network that allows computers to communicated on dedicated connections - A network device designed to forward packets based on their MAC address - Keeps track of MAC addresses and which port to send it to
What is the purpose of the DMZ?
- A safe zone to let a network communicate w/o being on the internet - A layer of the network that can expose company services - An area on a network that makes a company's service externally accessible (exposed to the internet)
What is a Packet?
- A unit of data that is routed b/w an origin and a destination on the internet or any other packet-switched network -sends information reliably so data does not have to be sent in a single, large file -small amounts of data - Pieces of information (Data sent across a network)
What is encoding?
- Converting data into a new format - transforming the data to be viewed safely and on another system -Does not require a key -Base64
Name a popular DDOS tool
- LOIC (Low Orbit Ion Cannon) - Stressthem.com
What is the difference b/w a IP & MAC address?
- MAC ensure the physical address of the computer is unique -MAC is in hexidecimal format -IP is a logical address used to locate the computer connected to a network -IP is in decimal format
What is the difference b/w Phishing and Spear phishing attack?
- Phishing is not targeted to any specific individual - Spear Phishing is targeted to a specific individual
What is the main concept of a MitM attack?
- When an attacker intercepts info and eavesdrops b/w to users communicating - An attacker intercepting communications b/w 2 communicating devices
What is a MD5 Hash?
-A one-way cryptographic hashing algorithm that accepts a message of any length - Produces a 128-bit hash value
What is the difference b/w an exploit and a vulnerability
-A vulnerability is a weakness in a software system -An Exploit is an attack that takes advantage of a vulnerability or weakness (Trojan horse)
Who is Kevin Mitnick?
-Computer security consultant -in the mid 90s was "World's most wanted hacker"
IP addresses are in which format?
-Decimal format - The groups of #s are called Octets in IPV4
What is the purpose of a server OS, such as Windows Server?
-Designed to share service w/ multiple users -Provides control over data storage - controls services and device sharing across a network
What is IPV4?
-Identifies the IP address -Is indicated with classes
What is a IPV6?
-Internet protocol version 6 -provides identification and location system for computers on networks and routes traffic across the internet
What does ifconfig cmd do?
-It enables an ARP to detect the physical addresses of hosts attached to the network - used to configure the system's kernel-resident network interfaces -displays the status of the system's active interfaces
What is a MAC address?
-It identifies the physical computer or electronic device -Has 6 letters & numbers - separated by colons --> 1st 3 identifiers represent the vendor --> last 3 identify the device
What is the Morris Worm and when was it released?
-It was the worlds 1st computer worm -Caused massive damage to computers and networks -Main intent was to gauge the size of the internet -launched in 1998
Who is John Thomas Draper?
-Known as Captain Crunch -Legendary phone and computer hacker - Built the multifrequency tone generator, bluebox that emits audio tones used to control a phone network
What is Hashing?
-One way summary (Function) of data that validates integrity of the data -the process of converting a key into another value -Ensures integrity take a string of text and converted it into a hash -Does not use a key but uses a algorithm
What is a server?
-Powerful computers designed to provide services to one or more computers - services --> email, web or file servers
What are the advantages of using virtualization?
-Shared resources and a safe environment - higher server availability -greater IT efficiency -good for doing investigations
What do computers need to communicate with each other?
-TCP (Transmission Control Protocol - IP (Internet Protocol) address
What is Encryption?
-The process of converting info or data into a code to prevent unauthorized access -requires a key
What is a network?
-Two or more computers connected and grouped together in a specific framework -Sharing info from the same source -Exchange of communication b/w 2 or more entities
What is a ARP?
-it enables network communications to reach a specific device on a network -A communication protocol used for discovering the link layer address
What is Salt?
-random data that is used as an additional input to a one-way function that hashes data, pw or passphrase -Are used to safeguard pw in storage -defends against a pre-computed hash attack
What are the layers of the OSI model?
1. Application 2. Presentation 3. Session 4. Transport 5. Network 6. Data Link 7. Physical 8. User(s)
What is an example of a valid IP address?
192.168.1.254 192.168.1.10
What is an example of a Subnet Mask Class C?
255.255.255.0
What is a Subnet mask?
A 32-bit number created by setting host bits to all 0s and setting network bits to all 1s It separates the IP address into the network and host addresses
If someone hacked into Facebook manager account and demanded payment or they released sensitive info to the public, what type of hacker would conduct such an attack?
A Black Hat hacker
What is a DoS attack?
A Denial of Service attack stops access to the website -Is conducted by a single attacker -Is meant to shut down a machine or network making it inaccessible to its intended users
What is the difference b/w a Worm and a Virus?
A Worm is a malicious standalone program that can self-replicate and propagate A Virus requires user interaction
What is a Hybrid-Analysis ?
A controlled and tested machine environment -An advanced security tool that provides a user with detailed info about files
What is the Windows Registry?
A database of info, settings, options, and other values for software and hardware installed on all versions of Microsoft Windows OS
What is a DDoS attack?
A distributed denial of Service attack -Conducted by multiple attackers - A malicious attempt to disrupt the normal traffic of a targeted server, service or network by flooding it with internet traffic
What is Ettercap?
A free open-source network security tool for MitM attacks
What is the difference between a hub and a router?
A hub is in layer 1 A router is in layer 3 of the OSI model
What is a Firewall?
A network security device that monitors incoming and outgoing network traffic -Acts like a mote around a castle
What does a keygen do?
A software key generator that generates a product licensing key (serial #) in order to use the software
What is Antivirus software?
A software that is designed to prevent attacks -Checks for signatures -Like a dictionary that scans viruses
What is the difference b/w a virus and a worm?
A virus requires user interaction (needs execution) A Worm is self-propagating
What is the difference b/w APT and Script Kiddies?
APT is typically sponsored by a nation or state and uses difficult code Script Kiddies are not well funded or smart with code
What does ARP stand for?
Address Resolution Protocol
Name a Windows account with the strongest permission/access?
Admin
What does APT stand for?
Advanced Persistent Threat - A nation or state funded group of hackers - build cyberware to attack other high-level entities (Gov. or Company)
What is MAC flooding?
An attack method that overflows a switch (flooding a switch)
Name something that is not a physical control?
Antivirus
What 2 types of network configurations would allow a VM machine to reach the internet from its host computer?
Bridged and NAT
You open Google Chrome and search for ur mouse, The computer reacts slowly, What is affected?
CPU RAM Motherboard
What class is the largest subnet mask in?
Class A 255.255.255.255.252/30
What are the IPV4 classes of networks?
Class A,B, C
Hash 24 is part of which network class?
Class C
What does CVE stand for?
Common Vulnerability & Exposures - A archive of vulnerabilities
What are the 3 terms that make up CIA triad?
Confidentiality Integrity Availability
What is the CIA triad?
Confidentiality, Integrity, Availability
When a web server that conducts online transactions crashes by a single attacker, what type of network attack occurred?
DOS Denial of Service attack
Ping of Death is an example of what type of attack?
DOS attack
What does DiD stand for?
Defense in Depth
What is the purpose of DiD?
Defense in Depth provides multiple layers of security
What are the 3 main cyber defense phases?
Detection Prevention Recovery
What is true about threads and processes?
Each process has a separate memory space, unlike threads that use the same memory space of their parent process
What is the most common LAN?
Ethernet
What is a name of a tool that can be used in order to initiate a MitM attack?
Ettercap
Name a wireless attack that involves impersonation of a WiFi access point?
Evil twin - Attacker sets up a fake WiFi network that looks legitimate
TF: MAC addresses change according to the network, while IP addresses are fixed per computer and have a unique identifier
False MAC addresses cannot be changed
What does FUD stand for?
Fully Undetectable malware (virus)
Name a Windows account with the weakest permission/access?
Guest
Name a tool that can be used to flood a host w/ Traffic?
Hping3
What is a good example of UDP protocol usage?
Hulu Video streaming Netflix Disney+
What does HTTP stand for?
Hypertext Transfer Protocol
What does HTTPS stand for?
Hypertext Transfer Protocol Secure
What is an example of Integrity being compromised?
If a hacker changes the images of a website -A hacker changes the data on a website
What does IOC stand for?
Indicator of compromise - Always assume that a network can be compromised
What are the 2 differences b/w InfoSec and CyberSec?
InfoSec: -primary concern is protecting the confidentiality, integrity and availability of the data CySec: primary concern is protecting from unauthorized electronic access to the data
What is the purpose of a DHCP server?
It assigns a IP address to each device on a network
what is the purpose of the kernel in the OS?
It connects and communicates software applications and hardware
Name 2 aspects of the CIA triad does evidence preservation help ensure?
It helps preserve integrity and confidentiality
What is the purpose of the ping command?
It is a network diagnostic tool that checks network connectivity
What is the role of a DNS server?
It translates domain names to IP addresses
Which layer in the OSI model does the Switch operate on?
Layer 2 --> Data Link
What is the difference b/w an IP address and a MAC address?
MAC address identifies network devices on a local level IP address identifies devices on the global internet
Define a computer
Machines that perform calculations, accomplish complicated operations and programs based on sequence of commands and inserted input
Integrity (CIA)
Maintaining and assuring the accuracy and completeness of data -Preventing data from being modified or misused by unauthorized parties
Define MAC
Media Access Control address
Name an attack that is not a DDoS attack?
MitM
Which network adapter setting assigns an IP address for the VM client machine from the physical host machine?
NAT
Does IPV6 use ARP?
No, it uses neighborhood discovery protocol
What does OSI stand for?
Open System Interconnection
What is Social Engineering?
People hacking using deceptive tactics to draw out sensitive information or allow access to something
What does PII stand for?
Personally Identifiable Information
Information Security (InfoSec) protects what?
Protects Physical and digital assets in a computer -Refers to the processes and tools designed and deployed to protect sensitive business info
If someone downloads a malicious program that encrypts data and demands payment for its restoration, What type of malware is used?
Ransomware
What is Ethernet?
Refers to the most common type of Local Area Network (LAN)
Confidentiality (CIA)
Refers to the protecting info from being accessed by unauthorized parties -Accessing the data of the customers and selling it on the dark web
Availability (CIA)
Refers to the unauthorized user that is able to freely access the systems, networks and data needed to perform important tasks
The gateway is the _______________ ID.
Router
What service runs on port 22?
SSH (Secure Shell)
Which type of attack exploits a vulnerability in the TCP/IP 3-way handshake process?
SYN flood
What is SQL?
Structured Query Language -enables access and manipulation of databases -used to communicated with a database
What is the correct order of a TCP 3-way handshake?
Syn, Syn-Ack, Ack
What is the difference b/w TCP and UDP?
TCP is connection-based UDP is connection-less
Who is David Kennedy
The creator of the Social Engineering Toolkit (SET)
What is threat hunting?
The process of proactively and iteratively searching thru networks to detect and isolate advanced threats that evade security solutions
What is Enumeration?
The process that estab. an active connection to the target host to discover potential attack vectors in a system -Can be used to find usernames, hostnames, network shares and services, IP tables and routing tables
When hacker want to bypass a scan what will they need to do?
They would need to change their signatures to bypass the scan by the antivirus
What does TCP stand for?
Transmission Control Protocol
What does URL mean?
Uniform Resource Locator
What does URL stand for?
Uniform Resource Locator
What is a UDP?
User Datagram Protocol
Which wireless protocol should not be used when setting up a wireless network b/c it is the weakest?
WEP
What is an example of a breach of availability?
Website is no longer available
Which network tool cannot be used for flooding a host w/ network traffic?
Wireshark
Name the command to display files in a directory under the Windows OS
dir