Module 04 Cloud Computing and Assessment Tools

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Which of the following options are features of the tool previously known oclHashcat?

- It is an open-source tool under the MIT License. - It supports various operating systems, such as Linux, Windows, and macOS - It can also work with different platforms, such as CPU, GPU, DSP, and FPGA. It can work with any platform with the OpenCL runtime. - It can crack multiple hashes simultaneously.

By default, how many attempts does Nmap make to detect the name and version of an OS when performing an operating system scan?

5

Platform as a Service (PaaS)

A cloud computing model of a software platform on which the enterprise or users can build their own applications and then host them.

Software as a Service (SaaS)

A cloud computing model of hosted software environment.

Infrastructure as a Service (IaaS)

A cloud computing model that provides unlimited "raw" computing, storage, and network resources that the enterprise can use to build its own virtual infrastructure in the cloud.

serverless infrastructure

A cloud infrastructure in which the capacity planning, installation, setup, and management are all invisible to the user because they are handled by the cloud provider.

hybrid cloud

A combination of public and private clouds.

Prowler

A command-line tool for diagnosing vulnerabilities in services using the AWS cloud.

OpenVAS

A full-featured vulnerability scanner that currently includes more than 50,000 vulnerability tests.

Logging and monitoring invisibility

A limited or complete lack of visibility into the security mechanisms of a cloud provider.

Nessus

A popular and highly regarded infrastructure vulnerability scanning tool.

Infrastructure as Code (IaC)

A process that enables software developers to order the needed infrastructure from the cloud service provider by executing a script.

Qualys

A scanner that can detect vulnerabilities on virtually any networked assets, including servers; network devices such as routers, switches, and firewalls; peripherals, and endpoints.

Function as a Service (FaaS)

A serverless approach to executing modular pieces of code.

responder

A third-party network tool that can manipulate name resolution services to uncover sensitive information.

hping

A third-party network tool that is a command-line TCP/IP packet assembler and analyzer.

Aircrack-ng

A tool for capturing wireless packets and attacking wireless networks.

Reaver

A tool for cracking Wi-Fi Protected Setup (WPS) PINs.

Hashcat

A tool that can be used to crack password hashes.

public cloud

A type of cloud in which the services and infrastructure are offered to all users with access provided remotely through the Internet.

private cloud

A type of cloud that is created and maintained on a private network.

community cloud

A type of cloud that is open only to specific organizations that have common concerns.

Nikto

A web application vulnerability diagnostic tool that is a command-line open source tool.

Arachni

A web application vulnerability diagnostic tool that is a modular open source tool.

Burp Suite

A web application vulnerability diagnostic tool that performs both a static and dynamic analysis.

Passive

Actions that watch and listen but are not performing any overt actions against the network.

Pacu

An exploitation framework for AWS.

cloud computing

An on-demand infrastructure to a shared pool of configurable computing resources that can be rapidly provisioned and released.

Scout Suite

An open source multi-cloud security-auditing tool.

nmap

An open source utility for network discovery and security auditing.

Which of the following is NOT a cloud computing security issue?

Bandwidth utilization

Fai is the company HR manager and wants to create a type of cloud that would only be accessible to other HR managers. Which type of cloud would best fit Fai's need?

Community Cloud

OWASP Zed Attack Proxy (ZAP)

Considered the premiere open source tool for diagnosing web applications.

reverse engineering

Disassembling and analyzing a product

Which of the following is a serverless approach to executing modular pieces of code?

FaaS

True or False: "Serverless" means that an application is running on a virtual machine.

False

True or False: OpenVAS is a wireless vulnerability scanner.

False

True or false: Hping3 can perform Layer 2 and Layer 3 scanning.

False

Which of the following is NOT correct about fuzzing?

Fuzzing is used with static analysis

Which tool is used to crack password hashes?

Hashcat

oclHashcat is merged with which tool?

Hashcat

Which of the following questions correctly defines "lack of key management"?

How should authentication credentials be passed or accessed securely in a cloud environment?

Unprotected storage

Improper cloud security configurations that can result in data being left exposed in a cloud environment.

enumeration

In cybersecurity, the process of extracting a list of usernames, machine names, network resources, shares, and services from a network system.

Which cloud model requires the highest level of IT responsibilities?

Laas

Aircrack-ng is available on which of the following platforms?

Linux Solaris Windows FreeBSD OpenBSD OS X

dynamic analysis

Looking for vulnerabilities after the source code is compiled.

static analysis

Looking for vulnerabilities in software before the source code is compiled.

Which of the following tools is NOT native to an OS?

NMAP

What is Nmap also known as?

Network Mapper

fuzzing

Providing random input to a program to attempt to trigger exceptions, such as memory corruption, program crashes, or security breaches.

Which infrastructure diagnostic tool is a cloud-based Software-as-a-Service (SaaS) delivery model, allowing users to access it from any web browser?

Qualys

Which of the following is NOT a means of analysis that web application vulnerability scanners use?

Recursive scanning

Qiang is creating a report for his supervisor about the cost savings associated with cloud computing. Which of the following would he NOT include on the report on the cost savings?

Reduction in broadband costs

What does the term "serverless" mean in cloud computing?

Server resources of the cloud are inconspicuous to the end user.

What type of analysis occurs before source code has been compiled?

Static analysis

Active

Taking some type of action against the network or network server.

Which of the following is true about the CVSS Temporal Score?

The Temporal Score reflects the current characteristics of a vulnerability that may have changed over time.

lack of key management

The inability to manage authentication credentials in the cloud.

Chen is frustrated that there are so many different cloud services that his company is using that span multiple cloud provider accounts and even from different cloud providers. He wants to implement a technology to give full control and visibility over all the cloud resources, including network routing and security. What product does Chen need?

Transit gateway

True or False: Invisible resource pooling is an advantage of cloud computing.

True

True or False: There are two types of software analysis for vulnerabilities and malware: static analysis and dynamic analysis.

True

True or false: Aircrack-ng is a wireless network monitoring and password cracking tool.

True

True or false: Reaver is a wireless User ID cracking tool.

True

True or false: The -sP parameter is used for ping scanning.

True or False

Which of these is NOT created and managed by a microservices API?

User experience (UX)

Which of the following is NOT a characteristic of cloud computing?

Visible resource pooling

Insecure application program interfaces (APIs)

Vulnerable APIs that can be exploited by threat actors in a cloud environment.

Which of the following options are types of enumeration tasks?

Windows Enumeration Linux Enumeration LDAP Enumeration

Which tool can be used for network mapping?

Zenmap

Which of the following is NOT true about Nessus?

only runs on the Linux/Unix OS.

Which third-party network tool can manipulate name resolution services to uncover sensitive information?

responder


Set pelajaran terkait

Writing a Compare-and-Contrast Essay about Presentation of Ideas

View Set

Unit 1 - Overview of the Restaurant and Foodservice Industry

View Set

Chapter 34: Nursing Care of the High Risk Newborn

View Set

spread of infection & vital signs

View Set

2-3.1 Compliance Management System

View Set

The Appendicular Skeleton Exercise 10

View Set

Chapter 31: The Child with Endocrine Dysfunction

View Set

4.2: The First Global Economic Systems

View Set