01 I FIND YOU
02 SHHHHH
03 Network Based Security
04 Network Based Signature
05 social Engineering
100

Nmap sends out probes and classifies the responses (or lack thereof) to determine the status of ports...
What are the possible port states?

What are Open, Closed, Filtered

100

PGP stands for what?

What is Pretty Good Privacy.

100

This concept describes layering multiple assets/technologies/methods to secure a network and creates multiple "tripping hazards" to slow or stop an attacker.

What is Defense in Depth (DiD)

100

What are the three modes that snort can operate in?

Sniffer Mode / Packet Logger Mode / NIDS Mode

100

What is a form of extortion where an individual or entity threatens to reveal embarrassing?

Blackmail

200

This command line tool will utilize Twofish encryption to conduct: port scanning, file transfers, remote administration, banner grabbing, proxying, or listening...

What is Cryptcat
200

Base 64, UTF-8, ASCII, UTF-16, Hexadeimal, URL, JSON, and XML are all forms of what?

What is Encoding

200

These two different devices can either warn you of threats or actively stop those threats, what are they and where would you place each on a network?

IDS - behind firewall off to the side

IPS - behind firewall in-line

200

IDS and IPS operate to warn or prevent threats to systems. They typically do this by monitoring for _____________ which are snippets of data or code that indicate a known threat. 

What are Signatures

200

What two terms are used to describe when an attacker assumes a false identity to manipulate individuals into giving up confidential information?

Pretexting, Role playing

300

Make this statement true...
NMAP will scan the first 1,500 unused ports for the one conducting the scan

NMAP will scan the 1,000 most used ports of the target being scanned.

300

ITS A RACE!!!!


In your downloaded file: Practical_Hash_03, what file hash ends with "b9c8991bc5b88c2ac"?

300.66.jpeg

300

We discussed firewalls, what are the two packet filtering TYPES and what are the key differences.

Stateless - operates on individual packets in isolation without considering the bigger picture of network connections

Dynamic - adds a layer of context awareness by keeping track of established connections, making it more sophisticated and secure.

300

What are the four event classifications of IPS/IDS?
Also, which one identifies a threat that DID occur on a system and DID trigger an alert. 

True Negative / False Negative / False Positive / True Positive

TRUE POSITIVE

300

DAILY DOUBLE!!!

What 3 branches of the military have never had an "insider threat"?

400

ITS A RACE!!!!

In your hostdiscovery.pcap, at what time did the 10442 packet take place using the format: UTC time of day (XX:XX:XX.XXXXXX)?

15:34:27.917381

400

The mailman sends a message to your mom stating he is your real father, however he doesn't want this to be read by anyone else, therefore he utilizes asymmetric encryption. Which key is used to encrypt the email and which key is used to decrypt the email? 

What is You'r mom's public key and your mom's private key

400

Those threat stoppers/alerters we talked about, what are their key components?

IDS/IPS Components:

Sensors/Data Processor

Detection Engine

Event Management System/Decision Engine

Policy Management/Configuration

Console/User Interface

400

My IDS triggered an alert and found a signature that matches 24 x90's in a row. What did it find?

NOOP Sled

400

Surveillance cameras, locks, or access controls are all examples of what?

Physical security measures

500

IPV6 has multiple vulnerabilities, such as NDP, specifically _______ creates a host's IP based on their MAC. (FULL PROPER NAME)

What is Stateless Address Auto-configuration (SLAAC)

500

TLS/SSL are utilized for security online. They run on layer 4, the transport layer. However, these need to be factored in when building an application that will specifically utilize them. Another method of securing data in transit is what and which layer of the OSI model does it operate on?

IPSEC, OSI layer 3 Network

500

What technique can be used by network administrators to contain and prevent the spread of a current threat in the network?

Network Segmentation and Isolation

500

What are TWO operating system baseline configurations to consider in network security?

User Accounts, File System Permissions, Service Configuration, Patch Management

500

What is ONE mitigation strategy for drive-by downloads?

Patch management, Web filtering, Endpoint security