Ethical Hacking Review

A set of flashcards based on the lecture notes covering key concepts in Ethical Hacking.

What is the essential purpose of a port scan?

To identify open ports and services running on a target machine, helping in assessing network security by detecting vulnerabilities.

What is a ping sweep used for?

To determine which hosts are active on a network by sending ICMP Echo requests and analyzing the responses.

How does a SYN scan differ from a full connect scan?

A SYN scan only sends SYN packets to check if a port is open without completing the TCP handshake, while a full connect scan completes the TCP handshake.

What does Nmap mean when it shows open|filtered?

It indicates that Nmap cannot determine if a port is open or filtered due to no response to its probes.

What is a common downside of running a vulnerability scan?

It may cause network disruptions or crashes, as some scans can be intrusive and overwhelm network resources.

What does HMAC stand for?

Hashed Message Authentication Code, which uses a cryptographic hash function combined with a secret key to generate a MAC.

What are the main components required to generate a MAC?

A message, a secret key, and a MAC algorithm (e.g., HMAC, CBC-MAC).

What security properties does a MAC provide?

Integrity, ensuring the message hasn't been altered; and authentication, confirming the sender is legitimate.

What is a digital signature?

A cryptographic scheme for verifying the authenticity of a message using asymmetric cryptography.

What are the three primary security services provided by digital signatures?

Integrity, Authentication, Non-repudiation.

Why is a hash function used in digital signatures?

To reduce the message size and improve security against attacks.

What is the primary difference between MACs and digital signatures?

MACs use symmetric keys (shared between sender and receiver), while digital signatures use asymmetric keys (different keys for signing and verifying).

What happens if the hash function used in digital signatures is weak?

An attacker can create collisions, forging signatures.

What are the advantages of using ECDSA over RSA for digital signatures?

Stronger security with smaller keys and faster computations.

What is the purpose of a Certificate Authority (CA) in digital signature systems?

A CA issues and verifies digital certificates, ensuring the legitimacy of public keys.

What is the role of ARP in networking?

ARP resolves IP addresses to MAC addresses within a local network.

What is the function of a firewall?

To block unauthorized transmissions from coming in or going out of a network system.

What are the five layers in the Internet protocol stack?

Application, Transport, Network, Link, and Physical.

What is the purpose of Google hacking?

Using advanced search operators to find specific types of information or vulnerabilities on websites.

What could be a disadvantage of using hash functions for MAC generation?

Hash functions can be susceptible to collision attacks if they lack strong collision resistance.

What is a characteristic of a bus network in communication?

A bus network travels in a single communication line, allowing data to travel in one direction at a time.

What is the structure of a star network?

In a star network, all devices are connected to a central hub.

What device did the black hat hacker install at the unattended workstation to recover sensitive information?

A keylogger.

What is an advantage of using masscan over nmap?

Masscan can scan more addresses faster than nmap.

What is the CIDR notation for the subnet mask 255.255.252.0?

/22

What subnet mask corresponds to the bit pattern 11111111 11111111 10000000 00000000?

255.255.128.0

What type of port scan has the FIN, PSH, and URG flags set?

XMAS scan

Which tool can an attacker use to find servers, webcams, printers, routers, and other devices connected to the Internet?

Shodan

Which commands can be used to view the contents of a file?

Cat command, More command, and Disp command

Which tool should John, a security analyst, use to monitor network activity and identify packets containing malicious content?

Snort

What is the Protocol Data Unit (PDU) used in TCP communications?

A segment

What does the command $* represent in shell scripting?

$* shows all parameter values passed to the shell script.

If Joseph, a security analyst, sees that the SYN flag is set on a packet, which protocol is in use?

TCP

Which layer manages communication between endpoints for maintaining application communication (client or server)?

Network layer

What tool provides free information about a website, including the phone number, administrator's email, and the domain registration authority?

whois

Which RIR would you consult for additional IP address allocation in North America?

ARIN

What should Jordan use to remediate vulnerabilities after a breach of customer personal information?

Data leak prevention

Which tool helps in identifying unusual behavior to secure resources after a data breach?

Behavioral analytics

What tool can Jordan use to analyze the traffic on the network for security vulnerabilities?

Protocol analyzer

If you needed to generate alerts based on anomalous traffic in your network, what security device would you be most likely to use? 

IDS

A hacker is conducting the following on the target workstation: 

nmap -sT 192.33.10.5

The attacker is in which phase?

Scanning and enumeration

Which one of the following types of information is NOT available via Whois?

Passwords

In the methodology used to secure an organization, which step includes the process of ethical hacking?

Assessment

Which protocol is necessary to enable the functionality of traceroute?

ICMP

The packet indicates the physical destination address as ff.ff.ff.ff.ff.ff. What type of MAC address is this?

Broadcast

What is the purpose of a security policy?

To provide high-level guidance on the role of security