Untitled Quiz

Questions and Answers

Which command is used to print all process information in Linux?

• ls -d
• su
• ps -ef (correct)
• ls -l

What does the number '4' signify in the command 'chmod 741'?

• Read-only permission
• Write permission
• Execute permission (correct)
• All permissions

Which command is used to view the last 100 lines of a file log in Linux?

• grep -100 log
• tail -100 log (correct)
• cat -100 log
• mv -100 log

In Oracle, which user has the highest default privileges?

sys (A)

What does HTTP status code 403 indicate?

Access to the requested resource is forbidden (A)

Which SQL command is used to add a column to an existing table?

update (D)

Which header allows a response to redirect to a new location?

Location (D)

How can a file be uploaded to a server with no internet access due to a command execution vulnerability?

FTP (B)

What attack method involves inputting an excessively long string into a limited space?

Buffer Overflow (D)

Which command shows the Linux kernel version?

uname -a (D)

What is the approximate time required to brute force a 56-bit key using an exhaustive method at a speed of $10^6$ attempts per second?

5.4x10^24 years (A)

Which group was established in February 2014, with Xi Jinping as its leader?

Central Network Security and Informatization Leading Group (C)

What date did the Cybersecurity Law come into effect?

June 1, 2017 (C)

What kind of attack can be performed using XXE vulnerabilities?

Read server files (A)

Which of the following is considered an active defense technology?

Honeypot Technology (A)

Which status code is returned when a user does not have permission to access a given page?

403 (C)

In a Linux system, where are the operational logs stored?

/var/log (C)

Which tool is typically used for SQL injection attacks?

sqlmap (C)

What information can be directly obtained by conducting a port scan on a target host?

Services running on open ports of the target host (A)

What cannot effectively defend against XSS attacks?

Data encryption (D)

Which of the following statements about phishing is incorrect?

Phishing is unrelated to web services (D)

Which of the following statements about server-side request forgery (SSRF) vulnerabilities is correct?

SSRF vulnerabilities are server-based attacks (C)

What is the primary purpose of APT attacks?

Persistent intrusion for strategic control (C)

Which command can be used to retrieve DNS records?

dig (D)

Which command in SQL is used to completely remove a table?

drop (C)

Which of the following configurations is NOT included in Apache's default parsed suffixes?

.pht (C)

Which is not a characteristic of APT attacks?

Rare occurrence (A)

In a network, what happens if a switch receives a packet with a destination MAC address not in its MAC address table?

The packet is broadcasted to all interfaces (C)

What is the default port for Redis databases?

6379 (A)

Which command would NOT reveal the hostname of a Windows system?

set (B)

Which version of MySQL is necessary to use the base64() function?

5.5 version (A)

Which type of algorithm is RSA classified as?

Asymmetric algorithm (B)

What does data integrity ensure?

Users receive exactly what was sent (A)

Which command is used to view the /var/log/wtmp log?

last (C)

What is the incorrect statement regarding SUID permissions?

SUID permissions are universally applicable to all files (D)

Which policy can potentially impact normal production business if enabled?

Limit security audit recording (B)

Which of these tools is commonly used for web vulnerability scanning?

IBM APPSCAN (B)

What is the purpose of setting IP-MAC binding?

Prevent unauthorized access (D)

Which command enables a user to view currently logged-in users on a Windows server?

query user (D)

What data structure is formed when high-level protocols pass data to the network layer?

Data packet (C)

Which method can be used to prevent replay attacks effectively?

Implement one-time encryption methods (A)

What action cannot be performed by a CSRF attack?

Steal user credentials (A)

Which of the following describes the characteristics of an SQL killer worm virus?

Consumes large amounts of network bandwidth (C)

The strongest credential authentication method among the following is?

MS-CHAP (A)

Which attack is characterized by impersonating someone by using their information in messages?

Social engineering attack (C)

What is NOT included in the purpose of digital signatures?

Receiver identity confirmation (A)

What is the essence of ARP spoofing?

Provide a virtual combination of MAC and IP addresses (B)

What is not a typical security monitoring mechanism for upload functionalities?

Client-side JavaScript validation (B)

Which technology can provide real-time protection against internal, external attacks, and misoperations?

Intrusion detection (C)

Which network attack is characterized by the TCP three-way handshake process?

SYN Flood attack (C)

Which SQL command requires the least permissions for reading operating system files?

LoadFile (D)

Which statement about CC attacks is incorrect?

CC attacks can easily gain control of target machines (A)

Which OSI security architecture layer provides data integrity services?

Data Link Layer (A)

What describes the trend in network attack methods?

Increasing sophistication of attack tools (D)

What command can be used with nmap to skip host discovery for the known active host 192.168.20.20?

nmap -Pn 192.168.20.20 (B)

Which PHP function is used to prevent SQL injection?

mysql_real_escape_string (C)

Which command is used in sqlmap to retrieve all database names?

dbs (A)

What is incorrect about the description of IIS short file name vulnerabilities?

Short-named files do not have corresponding short file names. (B)

Which command can be used to check Linux password expiration?

passwd (D)

What command is used for a SYN scan with nmap?

-sS (A)

Which method allows IP address to domain name resolution?

Reverse (C)

What incorrect pairing of Linux file permissions is displayed?

rwx-r--r-- 622 (D)

In HTTP status codes, which one indicates redirection?

302 (A)

Which of the following tools is commonly used for web vulnerability scanning?

Acunetix WVS (AWVS) (A)

Flashcards

XXE (XML External Entity Injection) vulnerability

An XXE vulnerability allows attackers to read server files and potentially gain unauthorized access.

WebLogic default credentials

The default username and password used by WebLogic, used by attackers for unauthorized access.

Apache access log path

The configuration directive in Apache that defines the location of access logs, crucial for auditing web traffic.

HTTP 403 error

A HTTP status code indicating that the server has forbidden access to a resource.

File inclusion vulnerability

Vulnerability that enables an attacker to execute malicious files through a web application.

SSRF (Server-Side Request Forgery) vulnerability

A vulnerability that allows attackers to make arbitrary requests to internal or external services from the server.

SQL injection attack

A technique used to inject SQL statements into an application to retrieve sensitive data from a database.

HTTPS certificate issues

Problems with HTTPS certificates that could lead to warnings or security issues, such as expired or invalid certificates.

XSS (Cross-Site Scripting) vulnerability

A vulnerability that enables attackers to inject malicious scripts into a web application.

Redis default port

Redis uses the default port for communication, making it accessible during attacks.

SQL injection vulnerability

A vulnerability where malicious SQL code is inserted into an application's input fields, potentially allowing attackers to execute unauthorized SQL commands and gain access to or modify database data.

Cross-Site Scripting (XSS)

A vulnerability where malicious scripts are injected into a website viewed by other users, potentially allowing attackers to steal cookies, redirect users, or perform other malicious activities.

Cross-site request forgery (CSRF)

An attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.

Denial-of-service (DoS) attack

An attack designed to make a machine or network resource unavailable to its intended users by temporarily or permanently disrupting services.

SQL Server Authentication

A method of authenticating users to a SQL Server database by using Windows or SQL-based credentials.

TCP SYN flood attack

A denial-of-service attack that overwhelms a server by sending a large number of TCP connection requests without completing the three-way handshake.

ARP spoofing

A man-in-the-middle attack where a malicious actor sends falsified ARP messages to a network, causing target devices to redirect network traffic to the attacker's device.

Social engineering attack

Manipulating individuals to reveal sensitive information or perform actions that compromise security.

Google Hacking

Using specific search queries to identify vulnerabilities and sensitive information on websites.

Firewall

A network security system that controls the incoming and outgoing network traffic based on predefined security rules.

Digital Signature

A cryptographic technique that authenticates the origin of a message and ensures that it hasn't been altered or tampered with.

Data Encryption

The process of transforming data into an unintelligible format to protect it from unauthorized access.

Network Security

The protection of computer networks and the data they contain from unauthorized access, use, disclosure, disruption, modification, or destruction.

Default user with highest privileges in Oracle

The sys user in Oracle has the highest privileges and is used for administrative tasks.

Linux command to display last 100 lines of a file

The tail -100 log command displays the last 100 lines of a file called 'log'.

SQL injection vulnerable code

Code that allows attackers to manipulate SQL queries by inserting malicious code, leading to data breaches.

HTTP 302 status code meaning

A 302 status code means the requested resource has been temporarily moved to a new URL.

What is the first line of database security?

The first line of database security is proper management and security of the operating system where the database resides.

Linux command to list all processes with full information

The ps -ef command lists all processes with extensive information, including process IDs, user names, and command arguments

How to add a column to an existing table in Oracle

Use the ALTER TABLE command followed by the table name and the ADD clause to add a new column to an existing table.

Which SQL injection technique is NOT recommended?

Using ?id=1 and 1=1 is not recommended, as it is too obvious and can be easily detected by security systems.

Weblogic default account

Weblogic has multiple default accounts, including admin, weblogic, and system. These accounts have default passwords that should be changed for security.

Which attack exploits buffer overflow?

Buffer overflow attacks exploit vulnerabilities in programs where data exceeding the allocated memory space can overwrite critical data, potentially leading to code execution.

56-bit Key Cracking Time

If you try every possible combination of a 56-bit key at a rate of 1 million attempts per second, it would take roughly 5.4 x 10^24 years to find the correct key.

Central Network Security and Informationization Leading Group

Established in February 2014, this key group in China aims to guide and oversee the nation's cybersecurity and informationization efforts.

When did China's Cybersecurity Law Come into Effect?

The Cybersecurity Law of China, passed on November 7, 2016, officially went into effect on June 1, 2017.

Cybersecurity Central Authority

The State Cyberspace Administration of China (CAC) is tasked with coordinating and supervising cybersecurity activities in the country.

Active Defense Technique Example

Honey Pot technology acts as a decoy, attracting attackers to a seemingly vulnerable system, allowing security personnel to observe and analyze their actions.

Linux Log Location

Linux system logs are typically found in the '/var/log' directory. This directory contains various system events and activity logs.

Port Scanning Reveals?

By scanning a target host's open ports, attackers can discover which services are running on that host and potentially identify vulnerabilities.

What is NOT true about Phishing?

Phishing is a type of social engineering attack that does not necessarily involve web services. It can be deployed through various channels like email or phone calls.

Lateral Movement in APT Attacks

Once attackers gain a foothold in a network, they attempt to move horizontally, gaining access to more systems and expanding their control within the target organization.

SQL Injection Result

Beyond testing for SQL Server, a successful SQL injection attack can reveal the username associated with the database connection. Careful crafting of the injection is required.

BASE64 Function in MySQL

The base64() function in MySQL is used to encode data into a base64-encoded string. It is a common method for representing binary data as text, often used for transferring data over HTTP.

MySQL Comment Syntax

MySQL supports various syntax for comments in SQL statements to explain or disable code portions. Common syntax includes --, #, and /* ... */.

HTTP Header: X-Forwarded-For

The X-Forwarded-For header is used in web servers to track the original client IP address when a request is forwarded through multiple proxies.

Asymmetric Encryption Algorithm

Asymmetric encryption algorithms use two keys: a public key for encryption and a private key for decryption. Encrypting with the public key can only be decrypted with the private key, and vice versa.

PDR Model in Information Security

The PDR (People, Process, and Technology) model is a framework for information security that emphasizes the importance of all three components in achieving effective security.

Data Integrity

Data integrity ensures that data remains accurate, complete, and consistent over its lifecycle. It prevents unauthorized modifications, ensures data authenticity, and maintains data consistency.

Half-Open Scan

A half-open scan (SYN scan) sends a SYN packet (start of a TCP connection) to a target port. The server responds with a SYN-ACK packet, but the client does not complete the handshake by sending an ACK packet. This allows information gathering without establishing a full connection.

Buffer Overflow Vulnerability

A buffer overflow occurs when a program writes more data into a buffer than its allocated memory space. This can overwrite adjacent memory locations, potentially executing malicious code.

NMAP

NMAP (Network Mapper) is a powerful network scanning tool used to discover hosts and services on a network. It identifies open ports, operating systems, and potential vulnerabilities.

WebLogic Default Port

WebLogic, a Java application server, typically listens on port 7001 for HTTP requests by default. This port is often targeted by attackers trying to access the server.

Nmap -sF

Nmap FIN scan is a stealthy method of scanning that does not send full TCP segments, making it harder to detect. It sends a FIN packet to the target port and awaits a TCP RST (reset) response. If the RST packet is received, it indicates a live host and an open port.

Nmap -sX

Nmap Xmas scan sends several TCP flags simultaneously: FIN, URG (Urgent), and PUSH. This combination is unusual and allows detection of open ports by the response. However, it is not very stealthy as it stands out.

Nmap -sN

Nmap Null scan sends a TCP packet with all flags set to zero. It is a stealthy method of scanning because it doesn't generate any traffic that is typical of a full TCP connection. However, it is less reliable than other scans.

Telnet/FTP Security

Telnet and FTP transfer data in plain text, making them vulnerable to eavesdropping, as passwords and usernames can be intercepted during transmission.

nmap -Pn

The -Pn option tells nmap to skip the host discovery phase when scanning. It is used when you already know the target host is up and active.

MySQL load_file() Injection

In MySQL, the load_file() function allows reading the content of a file on the server's file system. An attacker could exploit this function by injecting malicious SQL code to gain access to sensitive files.

HTTP 302

HTTP 302 is a redirect status code. It indicates that the requested resource has moved temporarily to a different URL.

Nmap -sV

Nmap -sV performs a version scan to identify the versions of applications running on discovered open ports.

SQL Injection: dbs

In SQLmap, the 'dbs' command is used to enumerate (list) all databases on a vulnerable MySQL server.

Burp Suite

Burp Suite is a powerful web application security testing tool used by security professionals to find and exploit vulnerabilities in web applications.

Study Notes

Question Selection

• Questions cover various security topics, including vulnerabilities, network protocols, and web applications.
• Questions are multiple choice format, testing knowledge of specific commands, attack types, and system configurations.
• Question sets include different levels of difficulty, assessing different areas of security expertise.
• Topics include: XXE (XML External Entity Injection), WebLogic vulnerabilities, Apache configuration, SQL injection, SSRF (Server-Side Request Forgery), security protocols, and more.
• Question sets evaluate knowledge base of security concepts and their practical application.

Question Details

• Question 1: Vulnerability types, focusing on various attack vectors and their consequences.
• Question 2: Network security, identifying correct commands for network analysis and potential attacks.
• Question 3: Web application security, determining appropriate actions to protect against vulnerabilities.
• Question 4: Understanding of specific tools and their intended use in security testing.
• Question 5: Various security topics, covering general security concepts and best practices to avoid breaches.
• Question 6: Multiple-choice questions testing the knowledge of different aspects of security.

Database Security

• Question 10: SQLSERVER database authentication modes, specifically focusing on which modes are incorrect.
• Question 11: Exploiting vulnerabilities in SQLSERVER database authentication.
• Question 12: Understanding SQL Server authentication mechanisms.
• Question 13: Discussing common issues with web script programming.

Network security vulnerabilities

• Question 13: Exploiting various network vulnerabilities, focusing on specific types of attacks and their effects.
• Question 14: Identifying specific attacks based on malicious activities and the characteristics of those activities.
• Question 15-16: General overview and characteristics of server-side attacks and their effects on web applications.

General Network Attacks

• Question 18: Different attack vectors and their characteristics.
• Question 19: Different aspects of attack methods to exploit system vulnerabilities.

WEB Application Security

• Question 20: Identifying security threats by examining web application behavior.
• Question 24: Examines specific vulnerabilities in different attack types.
• Question 25: Exploring techniques and strategies used to mitigate vulnerabilities.
• Question 26: Reviewing types of attacks and methods/protocols used.

General Security Concepts

• Question 27: Reviewing types of attacks (e.g., SQL injection).
• Question 28-29: Covering different attacks and vulnerabilities.