Chat with AI
Deck 9: Network Vulnerability Assessment
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/49
Play
Full screen (f)
Deck 9: Network Vulnerability Assessment
1
A ____ (sometimes called a network protocol analyzer) is a network tool that collects copies of packets from the network and analyzes them or stores the packets for later analysis.
A) fuzzer
C) packet sniffer
B) trapper
D) war dialer
A) fuzzer
C) packet sniffer
B) trapper
D) war dialer
C
2
____ verify that an organization's security policies are prudent (cover the right issues) and are being implemented correctly.
A) Fuzzers
C) Audits
B) Standards
D) Attack methodologies
A) Fuzzers
C) Audits
B) Standards
D) Attack methodologies
C
3
Wired networks are just as vulnerable to sniffing as wireless networks.
True
4
A(n) ____ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software.
A) stealth
C) passive
B) silent
D) encapsulated
A) stealth
C) passive
B) silent
D) encapsulated
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
5
Probably the most popular port scanner is ____, which runs on both UNIX and Windows systems.
A) nmap
C) wireshark
B) hping
D) nipper
A) nmap
C) wireshark
B) hping
D) nipper
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
6
Protocol analyzers are commonly referred to as ____.
A) sniffers
C) tappers
B) fuzzers
D) trappers
A) sniffers
C) tappers
B) fuzzers
D) trappers
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
7
Implementing applications that verify the true communication destination during execution help prevent vulnerabilities associated with ____.
A) trusting network name resolution
C) directory traversal attacks
B) Google hacks
D) race conditions
A) trusting network name resolution
C) directory traversal attacks
B) Google hacks
D) race conditions
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
8
One of the preparatory parts of the attack methodology is the collection of publicly available information about a potential target, a process known as ____.
A) sniffing
C) auditing
B) reconnaissance
D) trapping
A) sniffing
C) auditing
B) reconnaissance
D) trapping
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
9
Which vulnerability can occur if a programmer does not properly validate user input and allows an attacker to include unintended SQL input that can be passed to a database?
A) Rainbow attack
C) Command injection
B) Cross-site request forgery
D) Buffer overflow
A) Rainbow attack
C) Command injection
B) Cross-site request forgery
D) Buffer overflow
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
10
If Web software can access parts of the underlying operating system's file system through normal URL mappings, a(n) ____ may occur.
A) DNS resolution error
C) active network tap
B) integer overflow error
D) directory traversal attack
A) DNS resolution error
C) active network tap
B) integer overflow error
D) directory traversal attack
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
11
Organizations are safe from sniffer attacks when their computing environment is primarily a switched network environment.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
12
Passive scanners are advantageous in that they do not require vulnerability analysts to get prior approval for testing.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
13
Most C++ catastrophe vulnerabilities rely on uninitialized function pointers in a class.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
14
Requirements for a complex password system include using a ____ value, implementing strong encryption, requiring periodic password changes, and generally implementing a system where guessing a password or its hash is very difficult.
A) hex
C) zero
B) salt
D) known
A) hex
C) zero
B) salt
D) known
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
15
Allowing users to decide which mobile code to run is the best way to resolve weaknesses introduced with mobile code.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
16
The printf (user_input); command in C has the potential to cause a(n) ____ vulnerability.
A) buffer overrun
C) integer overflow
B) format string problem
D) C++ catastrophe
A) buffer overrun
C) integer overflow
B) format string problem
D) C++ catastrophe
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
17
The ____ command, available on most popular Web browsers, allows users to see the source code behind the page.
A) View Code
C) View Source
B) Show Code
D) Show Source
A) View Code
C) View Source
B) Show Code
D) Show Source
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
18
A(n) ____ uses all the techniques and tools available to an attacker in an attempt to compromise or penetrate an organization's defenses.
A) audit
C) ruleset review
B) penetration test
D) hash
A) audit
C) ruleset review
B) penetration test
D) hash
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
19
SPIKE can fuzz any protocol that utilizes ____.
A) TCP/IP
C) SNMP
B) FTP
D) Telnet
A) TCP/IP
C) SNMP
B) FTP
D) Telnet
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
20
The ____ stage of the attack methodology is a systematic survey of the target organization's Internet addresses, conducted to identify the network services offered by the hosts in that range.
A) auditing
C) activating
B) fingerprinting
D) validating
A) auditing
C) activating
B) fingerprinting
D) validating
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
21
The most realistic type of penetration test is a ____ box test.
A) black
C) red
B) gray
D) white
A) black
C) red
B) gray
D) white
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
22
Match each item with a statement below.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
A free, client-based network protocol analyzer.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
A free, client-based network protocol analyzer.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
23
A(n) ____________________ vulnerability scanner initiates traffic on the network in order to identify security holes.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
24
Match each item with a statement below.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
When run with the -sI switch, it allows you to bounce your scan across a firewall by using one of the idle DMZ hosts as the initiator of the scan.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
When run with the -sI switch, it allows you to bounce your scan across a firewall by using one of the idle DMZ hosts as the initiator of the scan.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
25
Match each item with a statement below.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
A freeware tool that applies packet sniffing to wireless networks.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
A freeware tool that applies packet sniffing to wireless networks.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
26
____________________, also known as "fuzzing," is a straight-forward technique that looks for vulnerabilities in a program or protocol by feeding random input into the program or the network running the protocol.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
27
A(n) ____________________ is a network channel or connection point in a data communications system.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
28
Match each item with a statement below.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
Monitors the airwaves for any new devices or access points.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
Monitors the airwaves for any new devices or access points.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
29
When considered as part of the attack methodology, "____________________" refers to the tools and techniques for breaking into more systems, gaining further network access, or gaining access to more resources.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
30
Match each item with a statement below.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
A UNIX or Linux systems support tool that allows a remote individual to "mirror" entire Web sites.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
A UNIX or Linux systems support tool that allows a remote individual to "mirror" entire Web sites.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
31
____ is a vulnerability scoring system designed to provide an open and standardized method for rating IT vulnerabilities.
A) OVAL
C) CVE
B) COBIT
D) CVSS
A) OVAL
C) CVE
B) COBIT
D) CVSS
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
32
The process of exploring the Internet presence of a target is sometimes called ____________________.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
33
Compare integer overflows to stack and heap overflows.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
34
Match each item with a statement below.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
Uses ICMP to determine the remote OS.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
Uses ICMP to determine the remote OS.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
35
The CVSS ____ Score is set by the organization using the software.
A) Base
C) Environmental
B) Temporal
D) Ergonomic
A) Base
C) Environmental
B) Temporal
D) Ergonomic
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
36
Because it accepts firewall and intrusion logs from many sources, ____ is often one of the first organizations to spot network anomalies, and it often traces them to specific malware or vulnerability exploits.
A) Microsoft
C) Mitre
B) the ISC
D) ISACs
A) Microsoft
C) Mitre
B) the ISC
D) ISACs
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
37
Match each item with a statement below.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
Designed to crack WEP and WPA-PSK keys to allow packet sniffing and wireless network auditing.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
Designed to crack WEP and WPA-PSK keys to allow packet sniffing and wireless network auditing.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
38
The ____ mailing list is a widely known, major source of public vulnerability announcements.
A) NetStumbler
C) Bugtraq
B) Wireshark
D) OVAL
A) NetStumbler
C) Bugtraq
B) Wireshark
D) OVAL
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
39
Match each item with a statement below.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
Uses incrementing Time-to-Live (TTL) packets to determine the path into a network as well as the default firewall policy.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
Uses incrementing Time-to-Live (TTL) packets to determine the path into a network as well as the default firewall policy.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
40
Match each item with a statement below.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
An enhanced Web scanner that, among other things, scans an entire Web site for valuable pieces of information, such as server names and e-mail addresses.
a.Sam Spade
f.NetStumbler
b.Wget
g.AirSnare
c.Nmap "Idle scanning" option
h.Aircrack-ng
d.Firewalk
i.Wireshark
e.XProbe2
An enhanced Web scanner that, among other things, scans an entire Web site for valuable pieces of information, such as server names and e-mail addresses.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
41
Describe how the criticality of the affected assets must be taken into account when conducting a risk assessment for a vulnerability.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
42
Describe four common mistakes that may occur when attempting to protect data that is at rest.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
43
Describe Google hacking and provide an example.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
44
How can an organization ensure that its security policies are implemented?
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
45
What are "race conditions"?
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
46
Explain the two points administrators should remember if they are wary of using the same tools that attackers use.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
47
Why should you secure open ports?
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
48
Why can the failure to validate how user input is handled result in a cross-site scripting attack?
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
49
Describe three philosophical approaches to handling the disclosure of vulnerabilities.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
