CIS 245 Final Exam Review

studied byStudied by 10 people
get a hint

OSI Model Layers

1 / 187

188 Terms


OSI Model Layers

  • 7: Application

  • 6: Presentation

  • 5: Session

  • 4: Transport

  • 3: Network

  • 2: Data Link

  • 1: Physical

New cards

OSI Layer 7: Application

Human-computer interaction layer, where applications can access the network services.

New cards

OSI Layer 6: Presentation

Ensures that data is in a usable format and is where data encryption occurs.

New cards

OSI Layer 5: Session

Maintains connections and is responsible for controlling ports and sessions.

New cards

OSI Layer 4: Transport

Transmits data using transmission protocols including TCP and UDP.

New cards

OSI Layer 3: Network

Decides which physical path the data will take.

New cards

OSI Layer 2: Data Link

Defines the format of data on the network.

New cards

OSI Layer 1: Physical

Transmits raw bit stream over the physical medium.

New cards


The first open, affordable and easy-to-deploy 802.11 packet capture solution for Windows.

New cards

Black hat

Individuals who use their extraordinary computing skills for illegal or malicious purposes.

New cards


A huge network of compromised systems and can be used by an attacker to launch denial-of-service attacks.

New cards


A malicious code that breaches the system security via software vulnerabilities to access information or install malware.

New cards


The disclosure of private data, financial loss, and discontinuation of operations.

New cards


Hardware and/or software designed to prevent unauthorized access to or from a private network.

New cards

Grey hat

The individuals who work both offensively and defensively at various times.

New cards


An intrusion detection system (IDS) is a software system or hardware device that inspects all inbound and outbound network traffic for suspicious patterns that may indicate a network or system security breach.

New cards


Intrusion prevention systems (IPS) are continuous monitoring systems that often sit behind firewalls as an additional layer of protection.

New cards

Penetration test

A method of evaluating the security of an information system or network by simulating an attack to find out vulnerabilities that an attacker could exploit.

New cards


An open-source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis and content searching/matching and is used to detect a variety of attacks and probes such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and OS fingerprinting attempts. It uses a flexible rules language to describe traffic to collect or pass, as well as a detection engine that utilizes a modular plug-in architecture.

New cards


Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

New cards


A weakness in an IT system that can be exploited by an attacker to deliver a successful attack.

New cards

Vulnerability assessment

An in-depth examination of the ability of a system or application, including current security procedures and controls, to withstand the exploitation.

New cards

Vulnerability researcher

The process of analyzing protocols, services, and configurations to discover the vulnerabilities and design flaws that will expose an operating system and its applications to exploit, attack, or misuse.

New cards


Symbols are drawn in public places to advertise open Wi-Fi networks.

New cards


Attackers drive around with Wi-Fi-enabled laptops installed with a wireless discovery tool to map out open wireless networks.

New cards

White hat

Individuals who use their hacking skills for defensive purposes.

New cards

Cyber Kill Chain

  1. Reconnaissance: Gather data on the target to probe for weak points.

  2. Weaponization: Create a deliverable malicious payload using an exploit and a backdoor.

  3. Delivery: Send weaponized bundle to the victim using email, USB, etc.

  4. Exploitation: Exploit a vulnerability by executing code on the victim’s system.

  5. Installation: Install malware on the target system.

  6. Command and Control: Create a command and control channel to communicate and pass data back and forth.

  7. Actions on Objectives: Perform actions to achieve intended objectives/goals.

New cards


A law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.

New cards

Digital Millenium Copyright Act (DMCA)

An American copyright law that implements two 1996 treaties from the World Intellectual Property Organization (WIPO): the WIPO Copyright Treaty and the WIPO Performances and Phonograms Treaty. In order to implement US treaty obligations, the DMCA defines legal prohibitions against circumvention of the technological protection measures employed by copyright owners to protect their works, and against the removal or alteration of copyright management information. It contains five different titles:






New cards

Sarbanes Oxley Act (SOX)

Enacted in 2002, the Sarbanes-Oxley Act aims to protect the public and investors by increasing the accuracy and reliability of corporate disclosures. This act does not explain how an organization must store records but describes the records that organizations must store and the duration of their storage. The Act mandated several reforms to enhance corporate responsibility, enhance financial disclosures, and combat corporate and accounting fraud. It contains eleven different titles:

  • Title I: Public Company Accounting Oversight Board (PCAOB)

  • Title II: Auditor Independence

  • Title III: Corporate Responsibility

  • Title IV: Enhanced Financial Disclosures

  • Title V: Analyst Conflicts of Interest

  • Title VI: Commission Resources and Authority

  • Title VII: Studies and Reports

  • Title VIII: Corporate and Criminal Fraud Accountability

  • Title IX: White-Collar-Crime Penalty Enhancement

  • Title X: Corporate Tax Returns

  • Title XI: Corporate Fraud Accountability

New cards

Gramm-Leach-Bliley Act (GLBA)

Requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.

New cards

Health Insurance Portability and Accountability Act (HIPAA)

The HIPAA Privacy Rule provides federal protections for the individually identifiable health information held by covered entities and their business associates and gives patients an array of rights to that information. At the same time, the Privacy Rule permits the disclosure of health information needed for patient care and other necessary purposes.

The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to ensure the confidentiality, integrity, and availability of electronically protected health information.

New cards

Family Educational Rights and Privacy Act (FERPA)

The foundational federal law on the privacy of students’ educational records, FERPA safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.

New cards


The Federal Information Security Management Act of 2002 was enacted to produce several key security standards and guidelines required by Congressional legislation. The FISMA provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support federal operations and assets. It requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or another source.

New cards

Domain Name System (DNS)

A hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol networks. It associates various information with domain names assigned to each of the associated entities.

New cards

DNS Zone transfers

The process of transferring a copy of the DNS zone file from the primary DNS server to a secondary DNS server. In most cases, the primary DNS server maintains a backup or secondary server for redundancy, which holds all the information stored in the primary server. The DNS server uses zone transfer to distribute changes made to the main server to the secondary server(s). An attacker performs DNS zone transfer enumeration to locate the DNS server and access records of the target organization. If the DNS server of the target organization allows zone transfers, then attackers can perform DNS zone transfer to obtain DNS server names, hostnames, machine names, usernames, IP addresses, aliases, etc. assigned within a target domain.

New cards

DNS Zone poisoning

A hacker technique that manipulates known vulnerabilities within the domain name system (DNS). When it's completed, a hacker can reroute traffic from one site to a fake version. And the contagion can spread due to the way the DNS works.

New cards

DNS Cache Poisoning

Refers to altering or adding forged DNS records into the DNS resolver cache so that a DNS query is redirected to a malicious site.

New cards

DNS reflection/amplification distributed denial-of-service (DDoS)

A common two-step DDoS attack in which the attacker manipulates open DNS servers. The cybercriminal first uses a spoofed IP address to send massive requests to DNS servers. The DNS server then replies to the request, creating an attack on the target victim. The size of these attacks is larger than the spoofed request, resulting in large amounts of traffic going to the victim server. The attack often results in complete inaccessibility of data for a company or organization.

New cards

Regional Internet Registrars (location)

The RIRs include the following:

  • American Registry for Internet Numbers (ARIN) (

  • African Network Information Center (AFRINIC) (

  • Asia Pacific Network Information Center (APNIC) (

  • Réseaux IP Européens Network Coordination Centre (RIPE) (

  • Latin American and Caribbean Network Information Center (LACNIC) (

New cards


American Registry for Internet Numbers

New cards


Asia Pacific Network Information Center

New cards


Latin American and Caribbean Network Information Center

New cards


Réseaux IP Européens Network Coordination Centre

New cards


African Network Information Center

New cards

Google Hacking

Refers to the use of advanced Google search operators for creating complex search queries to extract sensitive or hidden information. The accessed information is then used by attackers to find vulnerable targets. Footprinting using advanced Google hacking techniques involves locating specific strings of text within search results using advanced operators in the Google search engine.

New cards

Google Hacking Advanced Operators

  • Site

  • Ext

  • Loc

  • Intitle

  • Allintitle

  • Inurl

  • Allinurl

  • Incache

New cards


This operator restricts search results to the specified site or domain.

  • For example, the [games site:] query gives information on games from the certifiedhacker site.

New cards


This operator allows you to search for results based on a file extension.

  • For Example, [jasmine:jpg] will provide jpg files based on jasmine.

New cards


This operator finds information for a specific location.

  • For example, [location: 4 seasons restaurant] will give you results based on the term “4 seasons restaurant.”

New cards


This operator restricts results to only the pages containing the specified term in the title.

  • For example, the [malware detection intitle:help] query returns only pages that have the term “help” in the title, and the terms “malware” and “detection” anywhere within the page.

New cards


This operator restricts results to only the pages containing all the query terms specified in the title.

  • For example, the [allintitle: detect malware] query returns only pages containing the words “detect” and “malware” in the title.

New cards


This operator restricts the results to only the pages containing the specified word in the URL.

  • For example, the [inurl: copy] query returns only Google pages in which the URL has the word “copy.”

New cards


This operator restricts results to only the pages containing all the query terms specified in the URL.

  • For example, the [allinurl: google career] query returns only pages containing the words “google” and “career” in the URL.

New cards

Nmap scans

A security scanner for network exploration and hacking. It allows you to discover hosts, ports, and services on a computer network, thus creating a "map" of the network. It sends specially crafted packets to the target host and then analyzes the responses to accomplish its goal. It scans vast networks of literally hundreds of thousands of machines. Nmap includes many mechanisms for port scanning (TCP and UDP), OS detection, version detection, ping sweeps, and so on.

New cards

NMAP discovery scans

  • -sP

  • -sL

  • -sO

  • -sV

New cards


Perform a ping scan only

New cards


Create a host list

New cards


OS detection

New cards


Service version detectioon

New cards

Important nmap options

  • -A

  • -n

  • -v

  • -P0

New cards


Aggressive scan

New cards


Disable reverse DNS resolution

New cards


Version detection

New cards


Disable ICMP scan type

New cards


  • FTP

  • SSH

  • Telnet

  • SMTP

  • WIND

  • DNS

  • HTTP

  • Kerberos

  • POP3

  • NNTP

  • SMB

  • IMAP

  • LDAP

  • RDP

New cards

FTP (File Transfer Protocol)

Ports 20 (data) and 21 (control): A connection-oriented protocol used for transferring files over the Internet and private networks. FTP is controlled on TCP port 21, and for data transmission, FTP uses TCP port 20 or some dynamic port numbers depending on the server configuration. If attackers identify that FTP server ports are open, then they perform enumeration on FTP to find information such as the software version and state of existing vulnerabilities to perform further exploitations such as the sniffing of FTP traffic and FTP brute-force attacks

New cards

SSH (Secure Shell)

Port 22: A command-level protocol mainly used for managing various networked devices securely. It is generally used as an alternative protocol to the unsecure Telnet protocol. SSH uses the client/server communication model, and the SSH server, by default, listens to its client on TCP port 22. Attackers may exploit the SSH protocol by brute-forcing SSH login credentials.

New cards


Port 23: Used for managing various networked devices remotely. It is an unsecure protocol because it transmits login credentials in the cleartext format. Therefore, it is mostly used in private networks. The Telnet server listens to its clients on port 23. Attackers can take advantage of the Telnet protocol to perform banner grabbing on other protocols such as SSH and SMTP, brute-forcing attacks on login credentials, port-forwarding attacks, etc.

New cards

SMTP (Simple Mail Transfer Protocol)

Port 25: A TCP/IP mail delivery protocol. It transfers email across the Internet and across local networks. It runs on the connection-oriented service provided by TCP and uses the well-known port number 25. Below table lists some commands used by SMTP and their respective syntaxes.

New cards

HTTP (HyperText Transfer Protocol)

Port 80:  A method for encoding and transporting information between a client (such as a web browser) and a web server. It is the primary protocol for transmission of information across the Internet.

New cards


Port 88: A network authentication protocol that provides strong authentication for client/server applications through secret-key cryptography, which provides mutual authentication. Both the server and the user verify each other’s identity. Messages sent through this protocol are protected against replay attacks and eavesdropping.

New cards

POP3 (Post Office Protocol)

Port 110: An application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. POP version 3 is the version in common use, and along with IMAP the most common protocols for email retrieval.

New cards

NNTP (Network News Transfer Protocol)

Port 119: Used to relay Usenet news articles from discussions over the newsgroup. Usenet newsgroups can be a useful source of valuable information about a target. Many professionals seek help on Usenet newsgroups by posting questions and asking for solutions. To obtain solutions to these issues, they sometimes post more detailed information about the target than needed.

New cards

SMB (Server Message Block)

Port 445: A transport protocol that is generally used by Windows systems for providing shared access to files, printers, and serial ports as well as remote access to Windows services. By default, SMB runs directly on TCP port 445 or via the NetBIOS API on UDP ports 137 and 138 and TCP ports 137 and 139.

New cards

IMAP (Internet Message Access Protocol)

Port 143: Allows a client to access and manipulate electronic mail messages on a server. This protocol offers inadequate security, which allows attackers to obtain data and user credentials in cleartext.

New cards

LDAP (Lightweight Directory Access Protocol)

Port 389: An Internet protocol for accessing distributed directory services. LDAP accesses directory listings within Active Directory or from other directory services.

New cards

RDP (Remote Desktop Protocol)

Port 3389:  A proprietary protocol developed by Microsoft Corporation which provides a user with a graphical interface to connect to another computer over a network connection.

New cards

Password Cracking Tools

  • John the Ripper

  • L0phtcrack

  • 0phtcrack

  • Cain and Abel

New cards

John the Ripper

A free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms.

New cards


A tool designed to audit passwords and recover applications. It recovers lost Microsoft Windows passwords with the help of a dictionary, hybrid, rainbow table, and brute-force attacks. It can also be used to check the strength of a password.

New cards


A free open-source program that cracks Windows log-in passwords by using LM hashes through rainbow tables. The program includes the ability to import the hashes from a variety of formats, including dumping directly from the SAM files of Windows

New cards

Cain and Abel

A password recovery tool that allows the recovery of passwords by sniffing the network and cracking encrypted passwords. The ARP poisoning feature of the Cain & Abel tool involves sending free spoofed ARPs to the network’s host victims. This spoofed ARP can make it easier to attack a middleman.

New cards

Trojans and Malware

  • Wrapper or binder

  • Rootkit

  • HTTP trojan

  • Netcat

  • Hoax

  • Keylogger

New cards

Wrapper or binder

A wrapping attack is performed during the translation of the SOAP message in the TLS layer where attackers duplicate the body of the message and sends it to the server as a legitimate user.

New cards


Programs that hide their presence as well as attacker’s malicious activities, granting them full access to the server or host at that time, and in the future.

New cards

HTTP trojan

HTTP/HTTPS Trojans can bypass any firewall and work in reverse, as opposed to a straight HTTP tunnel. They use web-based interfaces and port 80. The execution of these Trojans takes place on the internal host and spawns a child program at a predetermined time. The child program is a user to the firewall; hence, the firewall allows the program to access the Internet. However, this child program executes a local shell, connects to the webserver that the attacker owns on the Internet through an apparently legitimate HTTP request, and sends it a ready signal. The apparently legitimate answer from the attacker’s web server is, in fact, a series of commands that the child can execute on the machine’s local shell. The attacker converts all the traffic into a Base64-like structure and gives it as a value for a cgi-string to avoid detection.

New cards


You can use the following Netcat command to establish a connection with the target vulnerable server and identify the services or functions provided by the server.

* nc -nv
New cards


Messages that issue fake warnings to the user about new viruses, Trojans, or worms that may harm the user’s system.

New cards


Keystroke loggers are programs or hardware devices that monitor each keystroke as the user types on a keyboard, logs onto a file, or transmits them to a remote location.

New cards

Famous Trojans

  • Tini

  • Loki

  • Netbus

  • Back Orifice

  • Beast

  • Nuclear RAT

New cards


Tiny Banker Trojan, also called Tinba, is a malware program that targets financial institution websites. It is a modified form of an older form of viruses known as Banker Trojans, yet it is much smaller in size and more powerful. It works by establishing man-in-the-browser attacks and network sniffing.

New cards


A trojan that is often distributed as an attachment to phishing emails and other messages. Anti-phishing solutions that can identify and block malicious content in attachments from reaching the user can protect against infections by Lokibot.

New cards


A software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a trojan horse. NetBus was written in Delphi by Carl-Fredrik Neikter, a Swedish programmer in March 1998.

New cards

Back Orifice

A computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location. The name is a play on words on Microsoft BackOffice Server software.

New cards


A Windows-based backdoor trojan horse, more commonly known in the hacking community as a Remote Administration Tool or a "RAT". It is capable of infecting versions of Windows from 95 to XP. Written in Delphi and released first by its author Tataye in 2002, it became quite popular due to its unique features.

New cards

Nuclear RAT

Nuclear R.A.T is a trojan horse, first appearing in 2000. Nuclear R.A.T stands for Nuclear Remote Administration Tool. Nuclear is added on to the name because it's more powerful than other R.A.T malware.

New cards

Tools to detect trojans

  • Netstat / fport

  • Tcpview

  • Process viewer

  • Autoruns

  • Hijack This

  • Spybot S&D

New cards

Netstat / fport

It displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). When used without parameters, netstat displays only active TCP connections.

New cards


A Windows program that shows detailed listings of all TCP and UDP endpoints on the system, including the local and remote addresses, and the state of the TCP connections. It provides a subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality. When TCPView runs, it enumerates all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions.

New cards

Explore top notes

note Note
studied byStudied by 10 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 9 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 19 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 6 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 60 people
Updated ... ago
4.0 Stars(1)
note Note
studied byStudied by 3 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 9 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 8 people
Updated ... ago
5.0 Stars(1)

Explore top flashcards

flashcards Flashcard31 terms
studied byStudied by 4 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard133 terms
studied byStudied by 3 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard55 terms
studied byStudied by 16 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard48 terms
studied byStudied by 6 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard71 terms
studied byStudied by 155 people
Updated ... ago
5.0 Stars(4)
flashcards Flashcard185 terms
studied byStudied by 35 people
Updated ... ago
5.0 Stars(2)
flashcards Flashcard26 terms
studied byStudied by 155 people
Updated ... ago
4.5 Stars(2)
flashcards Flashcard27 terms
studied byStudied by 3 people
Updated ... ago
5.0 Stars(1)