CNT 4403 Quiz 5-1 Review
While reviewing security on your intrusion detection box, which runs Linux, you note the following in your .bash_history file. You are the only person with access to this machine, yet someone has performed some enumeration on this Linux box. Which file or command contains a list of users?
/etc/passwd
When a host initiates a connection to a server via the TCP Protocol, a three-way handshake is used. What is the host's final reply?
ACK
A managed security service provider (MSSP) is deploying a sensor on a new client's network. The service level objectives (SLOs) discussed between the two parties would need to perform vulnerability scans that perform enumerating services and banner grabbing. These services directly interact with the devices/software to identify vulnerabilities. Which method of vulnerability scanning would BEST meet the goals arranged in the SLOs?
Active
A network security engineer provided a report to the operations manager with a large amount of public information that is accessible solely from the company's website. For example, the report shows email addresses and other company phone numbers on a graph that would otherwise be known internally. What tool did the network security engineer most likely use to gather this information with little effort?
Maltego
An information security project manager has an important stakeholder meeting for the security operations center's (SOC's) future projections. Most executives will require visualizers of critical systems across the network and how they correlate to simulated attacks, which the SOC has built controls around. Which tool can help stakeholders understand how the mapped network prevents mock attacks?
Maltego
A security engineer is looking to improve the security posture of their organization. One of the issues the security engineer finds is that they need to know what devices are on the network. What kind of scan can help the engineer get visibility into what is on the network?
Map scan
A security analyst validates a vulnerability by exploiting it. Which tool can best accomplish this task?
Metasploit Framework (MSF)
You would like to extend the functionality of the Nmap tool to let you perform tasks such as basic vulnerability detection performance and Windows user account discovery. Which of the following would allow you to extend that functionality?
NSE Scripts
As a security analyst, you are looking for a vulnerability scanning tool for internal company use that is an industry-standard tool. Which of the following tools BEST fits this requirement?
Nessus
John, a security analyst, needs a network mapping tool that will diagram network configurations. Which of the following tools BEST meets John's requirements?
NetAuditor
As a security analyst for a large financial institution, you want to discover information available through the open ports in your network that could provide hackers with details that could result in guessing software and software versions available in the network. Which of the following would you MOST likely use to discover that information?
Nmap fingerprinting
The businesses security operations center (SOC) is currently re-evaluating the yearly budget. They want to use different alternatives, including reduced overhead spending and less intensive resources on the company's current systems. The SOC's final decision is to use a different scanning method that monitors and inspects the network traffic more thoroughly. What method of scanning best matches what the SOC has decided?
Passive
The security operations center (SOC) manager has ordered an analyst to fingerprint some of a new client's systems. Which of the following aligns most with performing fingerprinting as the SOC manager requested?
Perform a scan looking to focus attention on individual devices to understand their purpose better.
The Security Operations (SecOps) completed a rollout of a next-generation antivirus solution to better protect the company from known viruses and provide heuristic scanning for unknown viruses. After the implementation, the team received a flood of tickets complaining about computer sluggishness. What did the SecOps team fail to consider with the new antivirus and its effects on potential settings?
Performance
A company has hired a security analyst to perform a comprehensive information gathering and reconnaissance phase of a penetration testing engagement. The analyst needs to use a tool that can automate gathering information about a target and performing reconnaissance on the target network. Which of the following tools is best suited for this task?
Recon-ng
TCP is a connection-oriented protocol that uses a three-way handshake to establish a connection to a system port. Computer 1 sends a SYN packet to Computer 2. Which packet does Computer 2 send back?
SYN/ACK
A new IT professional is responsible for performing vulnerability scans on a web application. The professional wants to understand the differences between static and dynamic analysis methods before deciding which scan to use. Which of the following is a key difference between these two options?
Static analysis involves manually inspecting source code or reviewing configuration files, while dynamic analysis involves using vulnerability scanning software to identify vulnerabilities.
A network administrator is using Nmap to scan a target host for open ports. Which Nmap scan type is known for being a fast and stealthy technique?
TCP SYN
An attacker may poison the DNS by making changes to an organization's DNS table. Why might an attacker take this action?
The attacker can redirect users to a malicious website.
A recently patched Windows machine on your network no longer responds to ping, but you have confirmed it is otherwise functioning normally and servicing incoming connections to other machines on the network. No other changes were made to the machine or its connection to the network. When you use hping3, you get the following output. Which of the following BEST explains that behavior?
The machine's firewall is blocking ICMP.
SNMP uses agents that communicate with network devices using which of the following?
The public community that provides read-only access to device configuration.
A company's login page needs testing after their cyber security engineer implemented hardening techniques. As a result, its penetration testing team assigned the website specialist to perform some tests to ensure the changes were stable. What precisely is the specialist attempting when using fuzzing tools to perform the tests?
Using tools to identify problems and issues with the webpage by purposely inputting or injecting malformed data.
An attacker needs the following information about his target: domain ownership, domain names, IP addresses, and server types. Which tool is BEST matched for this operation?
Whois
Iggy, a penetration tester, is conducting an unknown penetration test. She wants to do reconnaissance by gathering information about ownership, IP addresses, domain name, locations, and server types. Which of the following tools would be MOST helpful?
Whois
When performing an authorized security audit of a website, you are given only the website address and asked to find other hosts on that network that might be vulnerable to attack. Which of the following tools might be used to lead you to the following Nmap output? (Select two.)
whois.org nslookup
An analyst reviews an alert detecting a rogue backend server deployed behind the company's load balancer. After the analyst attempts to identify the possible threat, the DMZ firewall blocks the action. What process was the analyst using to identify where the connection of the device was on the network?
Discovery scan
Xavier is doing reconnaissance using a tool that pulls information from social media postings that were made using location services. He is gathering information about a company and its employees by going through their social media content. What tool is MOST likely being used?
Echosec
A company is planning to conduct a vulnerability scan on its systems. Before starting the scan, what should the security administrator consider regarding data sensitivity levels?
Ensure that sensitive data is appropriately scanned and protected.
While investigating a potential security breach on a Windows machine, you list the commands that have recently been executed from the command line and find the following: arp -a, set username, set computername, net localgroup administrators, and tasklist. There are other commands as well. You then check the running processes and see the output below in Task Manager. It is clear that someone has compromised the Windows machine. What would you call the phase of the attack that you have found?
Enumeration
What information will be returned from the following Google search? -site:.gov -site:.gov.uk filetype:xlsx intitle:password
Excel documents with the word "password" in the title, but not from .gov and .gov.uk websites.
