CENT 330 Midterm Exam Questions And All Correct Answers.
4 views 0 purchase
Course
GFACT Certification
Institution
GFACT Certification
Describe the difference between the four hacker hat categories - Answer White-hat hackers - "Ethical hacker" good guy hacking systems to help and ID vulnerabilities to fix
Gray-hat hacker falls somewhere between a black hat and a white hat. A gray hat doesn't work for their own personal gain o...
CENT 330 Midterm Exam Questions And
All Correct Answers.
Describe the difference between the four hacker hat categories - Answer White-hat hackers - "Ethical
hacker" good guy hacking systems to help and ID vulnerabilities to fix
Gray-hat hacker falls somewhere between a black hat and a white hat. A gray hat doesn't work for their
own personal gain or to cause carnage, but they may technically commit crimes and do arguably
unethical things
Black-hat hackers violate computer security for personal gain or for pure maliciousness
Blue hat- security professionals invited to find vulnerabilities
Describe the 6 stages of an attack and be able to apply the 6 stages to a given scenario - Answer Recon
- Gather info
footprint - identify target(s)
scanning - learn and understand
Attack - Implement attack
Backdoor - escape route
cover tracks - remove tracks
Describe the different types of vulnerabilities - Answer software - buffer overflow, invalid input
Social - disgruntled employee
Access control problems - OS - unpatched systems, misconfigured settings, default settings
What is the CVE database and the NVD database - Answer Common Vulnerabilities and Exposures
(CVE)- reference-method for publicly known information-security vulnerabilities and exposures.
National Vulnerability Database - government repository of standards-based vulnerability management
What are the stages of the author's pen-testing steps and apply to a scenario - Answer intelligence
gathering
, initial foothold
local network enumeration
Local privilege escalation
persistence
lateral movement
domain priv escalation
dumping hash
data identification/ exfiltration
reporting
Describe how you would build your pentesting arsenal - Answer Have VMS that used to attack (kali)
Have a few different types of pentesting tools in each of the stages of an attack
Recon - Recon-ng, discover script, Maltego
Footprint - banner grabbing
Scanning - NMAP, OPENVAS
Attack - Metasploit , MSFVENOM
Escalation - Responder.py, hashcat, john the ripper, psexec
Describe activities you can perform in active and passive pentesting and be able to apply to a given
scenario - Answer In active pentesting you can actually touch the user to find information such as
NMAP scans and openvas.
In passive the attacker does not touch the target, OSINT, such as discover script to obtain sub domains of
a website and email addresses of users
Know things such as ICMP error codes, DNS scanning, banner grabbing. TCP, TCP flags - Answer ICMP
Error code
type 0 - echo reply
type 3 destination unreachable
type 8 echo
DNS scanning
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller TestSolver9. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.
