Unit 10 & 11 Assessment
Fill in the missing piece of the command: Nmap has the ability to generate decoys that make the detection of the actual scanning system become much more difficult. The nmap command to generate decoys is nmap ____ RND:10 target_IP_address
-D
You are in the process of configuring pfSense Snort as your intrusion detection and prevention system (IDS/IPS). You have configured the options shown in the image, but when you try to save your changes, pfSense won't let you continue. What did you forget to configure?
A Snort Oinkmaster Code was not entered
You are the security analyst working for CorpNet (198.28.1.1). You are trying to see if you can discover weaknesses in your network. You have just run the nmap command shown in the image. Which weakness, if any, was found?
A compromise was found while scanning port 8080.
Which of the following BEST describes a network policy?
A set of conditions, constraints, and settings used to authorize which remote users and computers can or cannot connect to a network.
You have just used OWASP ZAP to run a vulnerability scan on your company's site. From the Information window, select the tab that lets you view the vulnerabilities found
Alerts
You are the security administrator for your organization. You need to provide Mary with the needed access to make changes to the finances.xlsx file located in the Accounting directory. Which of the following permissions should you set for Mary?
Allow write permission on the finances.xlsx file
Which of the following web server technologies does Linux typically use?
Apache
You are configuring a new email server for your organization and need to implement a firewall solution. The firewall will be designed to handle connections to the email server. Which of the following would be the BEST firewall solution?
Bastion host
You are in the process of configuring pfSense Snort as your intrusion detection and prevention system (IDS/IPS). You want to ensure that it includes the anti-malware IDS/IPS rule set that enables users with cost constraints to enhance their existing network-based malware detection. Select the option that would add these rule sets.
Click to enable download of Emerging Threats Open rules
Which of the following should be implemented as protection against malware attacks?
DNA sinkhole
Which of the following firewall evasion techniques is used to redirect a user to a malicious website?
DNS poisoning
Which of the following permissions would take precedence over the others?
Deny Read
Which of the following attacks would use the following syntax? http://www.testout.com.br/../../../../ some_dir/ some_file
Directory traversal
Which of the following firewall evasion countermeasures should be implemented to mitigate firewall evasion? (Select two.)
Filtering an intruder's IP address Defense in Depth
Which of the following firewall identification methods uses a TCP packet with a TTL value set to expire one hop past the firewall?
Firewalking
Which of the following works together by calling on each other, passing data to each other, and returning values in a program?
Function
Which of the following attack types takes advantage of user input fields on a website?
HTTP response splitting
Which of the following NAC policies is MOST commonly implemented?
Health
Which of the following is a popular honeypot that can be used to create thousands of other honeypots?
Honeyd
Which of the following should be designed to look and function like a real resource in order attract attackers?
Honeypot
You are the security analyst for your organization. During a vulnerability analysis, you have noticed the following: File attributes being altered Unknown .ozd files Files that do not match the existing naming scheme Changes to the log files Which of the following do these signs indicate has occurred? Correct Answer:
Host-based intrusion
Which of the following uses the TCP/IP stack and is effectively employed to slow down the spread of worms, backdoors, and similar malware?
Layer 4 tarpit
Which of the following honeypot interaction levels simulates a real OS, its applications, and its services?
Medium
Which type of web application is designed to work on Android or iOS?
Mobile
Which of the following is used to define minimum security requirements a device must meet before it can connect to a network?
NAC
Which of the following Windows permissions apply to local files and directories?
NTFS
Your company has decided to use a Pentbox honeypot to learn which types of attacks may be targeting your site. They have asked you to install and configure the honeypot. You have already installed Pentbox. Which menu allows you to configure the honeypot?
Network tools
Which of the following HTTP request/response types is used to request that the web server send data using HTML forms?
POST
Which of the following BEST describes the process of verifying that a device meets the minimum health requirements?
Posture assessment
The network IDS has sent alerts regarding malformed messages and sequencing errors. Which of the following IDS detection methods is most likely being used?
Protocol
Which of the following attacks is a SYN flood attack an example of?
Protocol DDoS
You discover that your network is under a DDoS SYN flood attack. Which of the following DDoS attack methods does this fall under?
Protocol DDoS
Which of the following blackhole implementations sends traffic going to a specific destination to the blackhole?
Remote blackhole filtering
Which type of honeypot is a high-interaction honeypot that is deployed by research institutes, governments, or military organizations to gain detailed knowledge about the actions of intruders?
Research honeypot
Which of the following needs to be configured so a firewall knows which traffic to allow or block?
Rules
Which of the following types of attacks involves constructing malicious commands with the goal of modifying a database?
SQL injection
You have just finished creating several network polices using the Network Policy Server (NPS) as shown in the image. Vera belongs to the Sales, Marketing, and Research groups. What kind of access will Vera have?
She will be granted access because she belongs to the Sales group, and that group is evaluated first.
Which of the following attacks involves modifying the IP packet header and source address to make it look like they are coming from a trusted source?
Spoofing
You created a honeypot server using Pentbox. After a while, you go back to the honeypot server to see what it has been capturing. Which of the following can be gleaned from the results shown?
The operating system used by the attacker
You are using Burpsuite to evaluate a new employee portal that will be put into production soon. Based on the highlighted POST traffic and the information in the bottom pane, what can you conclude?
The portal is using HTTP and login information is probably being transmitted in cleartext.
What does the HTTP response message 5xx indicate?
The server did not complete the request
While configuring a perimeter firewall on your network using pfSense, you created the rule shown in the image. The intent of the rule is to allow secure traffic coming from the internet through the firewall and to the web server (172.16.1.5) in the DMZ. What have you configured incorrectly?
The source and destination ports should be HTTPs.
Drag the possible detection state to the matching description:
The system accurately detected a threat. True-Positive The system accurately detected legitimate traffic and did not flag it. True-Negative The system flagged harmless traffic as a potential threat. False-Positive Malicious traffic is flagged as harmless. False-Negative
You are working with ACLs on your Windows machine and have created some complex permissions with many users and groups defined. Now you want to back up those permissions so that they can be restored in the event of a system failure. What is missing from the below command?
There has been no file name specified
In what order are rules in an ACL processed?
Top to bottom
Drag the vulnerability to the appropriate mitigation technique.
Unused User Accounts and services file and directory management website changes HTTP response splitting attacks
You are in the process of configuring pfSense Suricata as your intrusion detection and prevention system (IDS/IPS). You have just finished configuring the Global Settings and have enable the installation of the ETOpen Emerging Threats rules. To get these rules, select the option tab you must use next.
Updates
You have just run the nmap command shown below. Which vulnerabilities were found on the target firewall?
VPN
Which of the following BEST describes the role of a remediation server?
Works to bring devices up to a minimum security level.
Which of the following Linux permissions allows files to be added or deleted from a directory? Correct Answer:
Write
Which of the following attacks exploit vulnerabilities in the web application and allows the attacker to compromise a user's interactions with the app?
XSS
You are the security analyst for your organization. During a vulnerability analysis, you have discovered what looks to be malware, but it does not match any signatures or identifiable patterns. Which of the following BEST describes the threat you have discovered?
Zero-day
Which web application architecture layer includes the physical devices that are used to access the web application?
client/presentation
Which Windows command line tool can be used to show and modify a file's permissions?
icacls
You are the security analyst for a small corporate network. You are concerned that several employees may still be using the unsecured FTP protocol against company policy. You have been capturing data for a while using Wireshark and are now examining the filtered FTP results. You see that several employees are still using FTP. Which user account used the password of lsie*$11?
jsmith
Cisco devices have a special interface called _____, which is designed to act as a blackhole.
null0
Which command is used to allow a string to be copied in the code, but can be exploited to carry out overflow attacks?
strcpy