CySA 003 Tools Identification Review Jeopardy Template

Log Ingestion

Networking CLI Apps

Networking GUI Apps

Security Apps

Vulnerability apps

100

This is the kind of server in the log above

What is an HTTP server?

100

This is the pictured command

What is tracert? This is the Windows command

100

The app pictured above

What is Wireshark? Packet capture tool

100

This is the kinds of attacks Hydra is performing above.

What is a Dictionary attack and/or Brute force password attack? Hydra is a password attack tool available in Linux

100

It's the tool that looks like this!

What is Tenable Nessus? Vulnerability scanner

200

The most likely attack underway in the above log

What is DoS or DDoS? Notice the contiguous sockets from the same IP

200

That's the name of the tool displayed

What is nmap?

200

The application pictured above

What is InSSIDer? Wireless network detector

200

The pictured app

What is Graylog Open? SIEM/log aggregator

200

The app pictured

What is Greenbone Security OpenVAS? Vulnerability scanner

300

This IPS has been configured to do this to the highlighted connection

What is drop? This is due to previous DDoS attempts from the IP address

300

The command pictured above.

What is traceroute? This is the Linux command

300

The application pictured above.

What is AngryIPScanner? Think of it as a very light version of nmap

300

The app pictured above

What is Splunk (SIEM)?

300

The name of this tool

What is Nikto? Vulnerability scanner

400

This device/application produced this log file

What is a Firewall?

400

The pictured command

What is netstat?

400

The app pictured above

What is Zenmap? GUI version of nmap for Windows/Mac

400

The app pictured above

What is Splunk Phantom (SOAR)?

400

The pictured app

What is Burp Suite? Web app vulnerability scanner

500

The appliance that generated this table

What is an Intrusion Detection System IDS? This is a counter log that is correlating actions from remote hosts to the local hosts they are attempting to intrude.

500

The command pictured above

What is tcpdump?

500

The app pictured above

What is Elastic or ELK (SIEM)?

500

The OS pictured above (Distribution specific)

What is Kali Linux?

500

The name of this application

What is OWASP ZAP (ZED Attack Proxy)? Web app attack platform