testout pt2 midterm practice

Which of the following government resources is a dictionary of known patterns of cyberattacks used by hackers?

CAPEC CAPEC is a dictionary of known patterns of cyberattack used by hackers. Its website is capec.mitre.org. You can search this list by mechanisms of attack or domains of attack, as well as by key terms and CAPEC ID numbers. This resource is valuable because you can browse through it to see common attacks used by hackers, and you can search for specific patterns of attack.

The results section of an assessment report contains four sub-topics. Which of the following sub-sections contains the origin of the scan?

Classification Classification contains the origin of the scan.

Which of the following best describes the rules of engagement document?

Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data. explanation: The rules of engagement define if the test will be a white box, gray box, or black box test. It should also explicitly state how to handle sensitive data and outline a process for communicating with the IT department about any issues that may arise during the test.

United States Code Title 18, Chapter 47, Section 1029 deals with which of the following?

Fraud and related activity involving access devices. explanation: Section 1029 refers to fraud and related activity involving access devices. An access device is defined as any application or hardware that is created specifically to generate any type of access credentials.

Which of the following best describes the scan with ACK evasion method?

Helps determine whether the firewall is stateful or stateless and whether or not the ports are open. The Scan with ACK method helps you determine whether the firewall is stateful or stateless and whether or not the ports are open. In an ACK scan, the ACK flag is set. If a port is unfiltered, both open and closed ports return an RST packet. If the port is filtered, it returns either an error message or no response at all.

Roger, a security analyst, wants to tighten up privileges to make sure each user has only the privileges they need to do their work. Which of the following additional countermeasure could he take to help protect privelige?

Instigate multi-factor authentication and authorization. explanation: Instigating multi-factor authentication and authorization is important for preventing escalation because it adds more layers to protect unauthorized access.

Which type of attack involves changing the boot order on a PC so that the hacker can gain access to the computer by bypassing the install operating system?

Physical attack Physical security is the protection of corporate assets including property, facilities, equipment, and personnel from damage, theft, or harm. Physical attacks include items such as cold boot attacks, badge cloning, and BIOS access attacks.

Important aspects of physical security include which of the following?

Preventing interruptions of computer services caused by problems such as fire. Important aspects of physical security include: Restricting physical access to facilities and computer systems. Preventing interruptions of computer services caused by problems such as loss of power or fire. Preventing unauthorized disclosure of information. Disposing of sensitive material. Protecting the interior and exterior of your facility.

What port does a DNS zone transfer use?

TCP 53 Port 53 is used for DNS zone transfers

Which of the following solutions creates the risk that a hacker might gain access to the system?

Service-based A service-based solution is when a professional like yourself is hired to provide a solution. This would involve the vulnerability management life cycle. You would conduct the testing and solutions from outside the network. The risk of this approach is that, because it is from the outside, there is some potential for a hacker to gain access to the system.

What does an organization do to identify areas of vulnerability within their network and security systems?

Risk assessment Explanation The purpose of a risk assessment is to identify areas of vulnerability within the organization's network. The risk assessment should look at all areas, including high value data, network systems, web applications, online information, and physical security, including operating systems and web servers. This is done before beginning a penetration test.

Robby, a security specialist, is taking countermeasures for SNMP. Which of the following utilities would he most likely use to detect SNMP devices on the network that are vulnerable to attacks?

SNscan SNscan is a utility that is used to detect SNMP devices that are vulnerable to attacks.

Hannah is working on the scope of work with her client. During the planning, she discovers that some of the servers are cloud-based servers. Which of the following should she do?

Add the cloud host to the scope of work. Since Hannah is in the planning stage, she will need to add the cloud host to the scope of work. Cloud-based systems require some extra steps before penetration testing can begin. The issue is that the systems aren't owned by the client, but by the cloud hosting provider. An organization might be required to conduct penetration tests to meet regulations. But, in this case, the cloud provider must also authorize the penetration test and will need to be involved and approve the scope of work.

The list of cybersecurity resources below are provided by which of the following government sites? Information exchange Training and exercises Risk and vulnerability assessments Data synthesis and analysis Operational planning and coordination Watch operations Incident response and recovery

CISA Cybersecurity and Infrastructure Security Agency (CISA) is a large government-sponsored organization that provides many resources for cyber security. This government site provides: Information exchange Training and exercises Risk and vulnerability assessments Data synthesis and analysis Operational planning and coordination Watch operations Incident response and recovery

This government resource is a community-developed list of common software security weaknesses. They strive to create commonality in the descriptions of weaknesses of software security. Which of the following government resources is described?

CWE CWE is a community-developed list of common software security weaknesses. This creates a reference for identification, mitigation, and prevention of vulnerabilities. This list provides a standardization for evaluating assessment tools. This site combines the diverse ideas and perspectives from professionals, academics, and government sources to create a unified standard on cybersecurity.

Jessica, an employee, has come to you with a new software package she would like to use. Before you purchase and install the software, you would like to know if there are any known security-related flaws or if it is commonly misconfigured in a way that would make it vulnerable to attack. You only know the name and version of the software package. Which of the following government resources would you consider using to find an answer to your question?

NVD NVD, or the National Vulnerability Database, was originally created in 2000. You can find it at nvd.nist.gov. The NVD list includes more specific information for each entry than the CVE list, such as fix information, severity scores, and impact ratings. It is searchable by product name or version number, vendor, operating system, impact, severity, and related exploit range.

A ping sweep is used to scan a range of IP addresses to look for live systems. A ping sweep can also alert a security system, which could result in an alarm being triggered or an attempt being blocked. Which type of scan is being used?

Network scan A network scan is designed to locate all the live hosts on a network. This type of scan will identify the systems that may be attacked later or those that may be scanned a little more closely.

Which of the following would be the best open-source tool to use if you are looking for a web server scanner?

Nikto Nikto is a web server scanner. It tests for outdated versions of more than 1,250 servers, scans for more than 6,000 files and programs that can be exploited, and checks for version-specific problems on more than 270 servers. It is important to note that this tool creates a large footprint by leaving a high volume of entries in the web server's log files.

Nmap can be used for banner grabbing. Nmap connects to an open TCP port and returns anything sent in a five-second period. Which of the following is the proper nmap command?

nmap -sV --script=banner ip_address Nmap attempts to determine the version of the service running on a port using nmap -sV -script=banner ip_address.

Which of the following scans is used to actively engage a target in an attempt to gather information about it?

port scan A port scan is the process of sending carefully crafted messages or packets to a target computer with the intent of learning more about it using a tool such as nmap.

Which type of threat actor only uses skills and knowledge for defensive purposes?

white hat A white hat is a skilled hacker who uses their skills and knowledge for defensive purposes only. Many organizations and companies now employ these security analysts, who understand the hacker's mindset.

Which of the following is a benefit of using a proxy when you find that your scanning attempts are being blocked?

It filters incoming and outgoing traffic, provides you with anonymity, and shields you from detection. Explanation A proxy serves as a less vulnerable access point to a network. Typically, proxies are placed in networks to keep external users from accessing the internal network. Proxies filter incoming and outgoing traffic, provide hackers with anonymity, and shield them from detection.