GSEC 401.3 Internet Security Technology Exam Questions All Correctly Answered

GSEC 401.3 Internet Security Technology Exam Questions All Correctly Answered Reconnaissance Tools - Answer -1) Who Is - DNS Servers 2) NSLookup - ip Address 3) ARIN - IP Address Range Scanning Tools - Answer -1) Hping2 - visable IP 2) NMap - Open Ports 3) Vulnerability Scanner - Services and exposures Exploitation Tools - Answer -1) Pivot points 2) internal recon 3) internal scanning 4) data exploits Creating backdoors - Answer -1) Create an unauthorized entry point in a system or network Covering Tracks - Answer -1) remove all traces of entries 2) erase and alter logs 3) remove backdoor Mitnick vs. Shimomura (Attack) - Answer -1) Confidentiality, integrity and availability attack 2) Reconnaissance probing to determine trust relationship ("R utilities") 3) IP Spoofing to act as one side of trust relationship 4) Lack of site or secure network design 5) Minimal configuration management Detection and Prevention Technique questions - Answer -1) What common techniques (prevention and detection) coul have prevented the attack? 2) What risk management techniques could have detected the attack? **** Ensure you FIX the Problem and NOT address the Symptoms **** Patching Systems - Answer -1) Fix know Vulnerabilities 2) Apply patch in timely manner 3) Reduce attack surface Hardening the System - Answer -1) Disable unused systems 2) Network vulnerability scans 3) Host-Based IDS 4) Network Intrusion Detection 5) Firewalls Malicious Code Types - Answer -1) Logic Bombs 2) Trojan Horse 3) Trap Door Malicious Code: Logic Bombs - Answer -1) Most commonly inserted by a trusted insider Malicious Code: Trojan Horses - Answer -1) Any program that has an unintended purpose Malicious Code: Trap Doors - Answer -1) Inserted for "maintenance" purposes, Sendmail and DNS have both of these Remote Maintenance - Answer -1) Allows adminstrators and vendors into a system, to troubleshoot a problem remotely Denial of Service - Answer -1) Resource exhaustion DOS: (SMURF, SYN Flood) Very difficult to defend against. Overwhelms resources on system 2) Take advantage of vulnerabilities in a system Brute Force - Answer -1) Bombarding a system with guess to gain access Browsing - Answer -1) Simplest attack 2) Open source search to reveal sensitive information 3) Social Media is a great tool for browsing Race Conditions - Answer -1) Timing is everything 2) TOC/TOU (Time of check/time of use) 2a) TOC/TOU Attack: Exploiting the difference in between when a security control is applied and the time of service was used 3) TOC/TOU should equal zero Alteration of Code - Answer -1) Attack against the integrity of a system, program and data RootKit - Answer -1) Hides the back doors and root access to a system 2) Subvert kernel, process management, file access, security and memory management funcgtions Types of RootKits - Answer -1) NARK 2) ADORE 3) KISS