vuln assesment final study

Purpose of a DMZ

B. To isolate public services from internal systems

Symmetric Encryption

A method of encryption where the same key is used for both encryption and decryption, ensuring data confidentiality.

What feature of NTFS can be abused to hide data

The Alternate Data Streams (ADS) feature allows files to contain hidden data that is not visible in standard file listings.

Alternate Data Stream

A feature of the NTFS file system that allows files to have multiple data streams, enabling hidden data storage that is not visible in typical directory views.

Which component of a wireless network is responsible for forwarding traffic between
wireless and wired segments?

the access point.

A poorly secured printer poses risk because:

it can be accessed by unauthorized users, potentially exposing sensitive documents or enabling network attacks.

A monolithic kernel OS is characterized by:

a single large program that manages all system resources, including device drivers and system calls.

Which wireless security feature protects against brute-force PIN cracking

WPS Lockout

QoS Scheduling

the process in networks and operating systems of prioritizing data traffic to ensure critical applications get the performance (bandwidth, low latency) they need

Which protocol is commonly abused for covert data exfiltration due to its

permissiveness

DNS

FAT32

an older, widely compatible file system for drives. up to 4 gigs per file size

NTFS

the default file system for modern Windows operating systems used to organize and store files on hard drives and SSDs

Null session

Windows based attack that attempts to login to a network without a username or a password

ICS (Industrial Control Systems)

broad category of systems controlling industrial processes,

SCADA (Supervisory Control and Data Acquisition)

specific type of ICS focused on monitoring and controlling large, geographically dispersed operations like utilities, acting as the "eyes" and "brain" for big-picture management

Dynamic web content

generate content on the fly, often based on user input, real-time data, time of day, user location, or other factors

Static web content

deliver the exact same content to every user, every time, unless a developer manually modifies the source files.

WEP (Wired Equivalent Privacy)

Obsolete, insecure, easily hackable and uses RC4 with key reuse.

WPA (Wi-Fi Protected Access)

Introduced TKIP (Temporal Key Integrity Protocol) with RC4, improving key management.

WPA2 (Wi-Fi Protected Access 2)

Still a strong, widely used standard.has known vulnerabilities (like KRACK). Uses strong AES (Advanced Encryption Standard) with CCMP

WPA3 (Wi-Fi Protected Access 3)

Features stronger authentication (SAE - Simultaneous Authentication of Equals) and individualized data encryption for enhanced privacy, even on open networks (WPA3-Enhanced Open).

Rogue access point

unauthorized wireless device connected to a secure network, creating a dangerous security hole where attackers can intercept data, inject malware, or spy on users, often by mimicking legitimate network names

Evil twin

hacker sets up a fake Wi-Fi access point that perfectly mimics a legitimate or public network to trick users into connecting.

Kismet

powerful, open-source wireless network detector, sniffer, and intrusion detection system (IDS) that passively analyzes 802.11 (Wi-Fi) traffic, identifying networks, capturing packets, and finding hidden SSIDs

Air Crack

assess WiFi network security including: monitoring, attacking, testing, and cracking. The suite tests the strength of

PKI

a system of hardware, software, policies, and procedures for managing digital certificates and public keys to secure digital communications. It enables the secure exchange of data over networks by creating a trusted system that uses a pair of public and private keys to authenticate identities

Standard ACL

filter traffic based only on the source IP address

Extended ACL

Filters based on Source/Destination IP, Protocol (TCP, UDP, ICMP), Source/Destination Ports, etc..

UTM (Unified Threat Management)

an all-in-one security solution that consolidates multiple security functions, like firewalls, antivirus, VPN, and intrusion prevention (IPS), into a single appliance or platform

Repeated beaconing

malware's tactic of sending regular, small signals (beacons) to a malicious Command & Control (C2) server, acting as a "heartbeat" to show the infected system is active and ready for instructions

tcp.flags.syn 1 and tcp.flags.ack 0

initiating a new connection (SYN) but are not acknowledging any previous data (ACK=0)

tcp.len > 0

display filter used to show only TCP packets that contain actual application data (payload), excluding control packets like SYN, FIN, or pure ACKs that have a zero-length payload,

A SCADA environment is typically designed with

Air-gapping or strict isolation. 

Air-gapping

a security measure that physically or logically isolates a computer system or network from all other networks, such as the internet, to prevent remote access and cyberattacks

In a wireless environment, a hidden SSID:

only removes the network name from the Access Point's (AP) beacon frames. The network and its name are still present in other management frames and data frames, such as probe response frames, once a device attempts to connect.the purpose of a hidden ssid attack

the purpose of a hidden ssid attack

discover the name (SSID) of a Wi-Fi network that is not openly broadcasting its name, or to trick a user's device into connecting to a rogue network

Which web application weakness allows unauthorized retrieval of confidential files?

Insecure direct object reference

Insecure direct object reference

occurs when an application provides a direct reference to an internal implementation object (like a file path or database key) and uses user-supplied input to access that object without sufficient authorization