PLTW Cybersercurity EOC Study Guide .docx
Transcript
**CYBER SECURITY PLTW EOC STUDY GUIDE 23-24** **Semester 1 - Units 1 and 2** **UNIT Components** Â Network Topology ------------------- -- Services Vulnerabilities Virus Worm Backdoor Spyware Trojan Horse...
**CYBER SECURITY PLTW EOC STUDY GUIDE 23-24** **Semester 1 - Units 1 and 2** **UNIT Components**  Network Topology ------------------- -- Services Vulnerabilities Virus Worm Backdoor Spyware Trojan Horse Adware Popup Operating System LAN Updates Firewall  Server  Router Protocol **CyberSecurity Unit 1 Study Guide** 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. a. b. c. d. e. f. g. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. **2.1.2 TERMS** Define the following terms: Work through the following scenario: suppose you are the victim of a malware attack and you suspect a spoofed website is the problem. Summarize how each tool could help you in your investigation of the website. 15.Whois - 16.Nslookup - 17.Tracert - 18.Netstat - **UNIT 2.1 AND 2.2 STUDY GUIDE** **Black Hat Sophistication Levels** 1. Script Kiddie -- Insider -- Hacktivist -- Cyber Syndicate -- Warfare/Espionage - 2\. What type of malware was used in the "ILOVEYOU" worm. Describe how it worked. 3\. What is a DDoS attack and how does it work? 4\. Define the following motivation/goals of white hack and black hat hackers 5\. What are some actions that would increase your chances of malware (list at least 4)? 6\. Define each of the types of malware and how they work 7\. Where are IIS files stored by default (which folder and location)? 8\. What subfolder is the email stored in? 9\. What subfolder is the file transfer protocol stored in? 10\. What subfolder are the log files stored in? 11\. What is forceful browsing and how do hackers use it? 12\. Write a forceful browsing attempt to a certain directory to see if you would get a hit. Describe the components of the syntax of this. 13\. Describe the difference between the client and the server. What does each do? 14\. What types of information do log files provide to a potential hacker? 15\. Where should log files be stored? 16\. Can browsers display log files? If not, what do you have to do to read them? 17\. What should be done to protect sensitive data stored in default folders? 18\. What is Filezilla used for? How could hackers use this for a malicious purpose? 19\. What should be done to prevent anonymous FTP access? 20\. When should FTP access be allowed? 21\. What is the IIS Manager used for? 22\. Where in the IIS Manager can you disable directory browsing? 23\. How do you move the log file location in IIS? 24\. How do you remove FTP server and verify that it is no longer present? 25\. What is SMTP used for? Should it be on the same server as sensitive data? 26\. How can hackers use error messages to assist them? 27\. What ports are used for...? a. FTP  b. HTTP  c. SMTP **2.3 UNIT TEST STUDY GUIDE** Know the following vocabulary:  Abstraction  Exploit -  Cross Site Scripting - LAN -  Packet Filtering -  Packet Sniffing --  Pcap file -  Front end and back end processes -- 1\. Where do most exploits occur? 2\. Know the functions of each of the following: a\. HTML, CSS, XML -- b\. JavaScript -- c\. Python -- d\. SQL - 3\. To complete the XSS exploit, where do you type in the script? 1. 2. a. b. c.  3. 4. 5.  6.  7.  8.  9.  10.  11. 12.  13.  14.  15. 16.  17.  18.  19.  20. 21. 22. **3.1 STUDY GUIDE** 3.1 Study Guide 1. Know what the following Linux line commands are used for and the proper syntax of the command: a. cd  b. cd.. c. ls d. Cat e. gpg f. Grep g. More h. ls -a i. ls -l j. Mv. k. Mkdir l. Touch m. pwd n. Ps o. ps -ef p. Sleep 2\. What are the parts of the permissions matrix? Also, what goes in the first slot before the different categories? 3\. What are the different actions that can be performed in the permissions matrix? 4\. How many owners/groups can own a file? 5\. Can the file type be changed in Linux? Do the file extensions always match the file types? 6\. What directory are users files stored in Linux? 7\. What is bash and what is it used for? 8\. What happens if you move a file into a directory with the same name? 9\. What kind of files does the etc folder contain? 10\. What does PID and PPID stand for? 11\. What order should you kill processes? 12\. What command do you need to kill a userid? (hint there are two) 13\. What command can you use to sort all of the users processes together? 14\. What is the admin account called? 15\. How long should you stay in the admin account while you are working? 16\. What does spawning a process mean? 17\. What is required to use the admin account? **UNIT 3.2 TEST STUDY GUIDE** **Unit 3.2 Test Study Guide **  Define the following: 1. Reconnaissance -- -- 2. Compromise -- -- 3. TCP Handshake 4. Ethical Hacking  -- -- 5\. Scanning -- -- 6\. Remediation -- -- 7\. Services 8\. Abstraction - 9\. What are some other security measures that could be put into place to monitor suspicious activity? 10\. When is it appropriate to hack into a computer? 11\. How would an unethical hacker use the information from the Quick Scan to develop an attack? 12\. Why would a hacker use a ZenMap scan on a network?  13\. What does the lynx command do?  14.What type of mode did we use to transfer your files to another server?  15\. What are baseline files used for?  16\. Describe each layer of the OSI model and know what protocols go with each.  Presentation -  17\. What command would you use to retrieve a file from a server?  18\. What command do you use to copy a file from one server to another?  19\. What format are pcap files stored in?  20\. What command can you use to verify that the files have been transferred successfully?  21\. What server do files have to be copied to so that you can download your files to your school computer?  22\. If you are using the approve everything by default method when setting up your iptables rules, your last rule should be \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_  23\. What command do you use to make sure your rules are saved?  24\. What are the drawbacks of using the accept everything by default and deny everything by default.  25\. Describe the differences between the two types of firewalls(Network firewalls and Host Level Firewalls). 26\.   What does a ZenMap scan tell a hacker?  27\. What does the --F do in the following rule?  **\>sudo iptables --A INPUT --p tcp --dport ssh --j ACCEPT** 28\. In the line command listed above what does the --A stand for? 29\. In the line command listed above, what does the --p stand for? 30\. In the line command listed above, what does the --j stand for? 31\. What would be one case in which you would DROP the packet instead of REJECT(ing) it?  32\. Why do pen testers use Tenable Nessus Scans? 33\. Why do pen testers use Metasploit? 34\. What command do you use to start a Metasploit database? 35\. What command is need to start the Metasploit console?  36. What command could you use to search for existing exploits? 37\. When you set the RHOST what are your setting:  38\. What is a payload?  49\. What command can you use to determine the identity of the machine? whoami  40\. What does the ipconfig command do? **3.3 REVIEW GUIDE** 1. What does ARP stand for and what is its purpose? 2. What type of attack is it that the malicious user changes and corrupts the MAC-IP address information on the target? 3. What are the traits of an ARP Poisoning attack? What can be used to help prevent ARP poisoning?   4. How does packet switched work? 5. How often do routers and servers recreate tables of binding?  6\. What can you do to reduce the risk of ARP spoofing? 7\. What does ICMP stand for? 8\. What is the purpose of the ICMP Protocol? 9\. How can traceroute help a network administrator? 10\. How are routers configured to receive ICMP Messages? 11\. What happens when a router denies the receipt of a packet? 12\. What does TTL mean and what does it mean if you get TTL exceeded error? 13\. What is a smurf attack? What is it similar to? 14\. How can you configure your firewall to do to prevent smurf attacks? 15\. Why do packets need to be broken up and put back together when received? 16\. How many bytes are in the IP Header? 20 bytes 17\. What criteria is used to put packets back together? 18\. What is the main purpose of the fragment offset field? 19\. Figure out how to calculate packet size. Hint do something with the header 20\. What could cause an error in the reconstruction process? 21\. What causes a tear drop attack? 22\. What protection measures should be used to prevent a tear drop attack? 23\. What does MTU stand for? Does it include a frame header or the frame check sequence? 24\. What type of attack is a smurf attack and how does it work? 25\. Know the following vocab: a. Spectrum Analyzer b\. Channels - a. WAP - b. WEP - c. MTU -. d. Ethernet - e. Dos Attack - f. Packet switched - g. MAC address.- h. Hexidecimal -. i. ARP - j. ICMP -- **4.1 UNIT TEST STUDY GUIDE WITH ANSWERS** Vocabulary +-----------------------------------+-----------------------------------+ | **Term** | **Definition** | +===================================+===================================+ | **ciphers** | | +-----------------------------------+-----------------------------------+ | **Cryptography** | | +-----------------------------------+-----------------------------------+ | **plaintext** | | +-----------------------------------+-----------------------------------+ | ciphertext | | | ========== | | | | | |  | | +-----------------------------------+-----------------------------------+ | Substitution cipher | | | =================== | | +-----------------------------------+-----------------------------------+ | Encryption key | | | ============== | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | **Term** | **Definition** | +===================================+===================================+ | Private key encryption | | | ====================== | | +-----------------------------------+-----------------------------------+ | Symmetric key encryption | | | ======================== | | +-----------------------------------+-----------------------------------+ | RSA Algorithm | | | ============= | | +-----------------------------------+-----------------------------------+ | Asymmetric encryption | | | ===================== | | +-----------------------------------+-----------------------------------+ **States of Data** **Definition ** **Examples** -------------------- ----------------- ------------------------------------------------------------------------------------- Data at rest A term paper, a bank account Data in transit An email on its way to a recipient, the results coming back from a internet search. Data in process A website calculating the tax of an item, a user searching for a word in a file +-----------------------------------+-----------------------------------+ | **Term** | **Definition** | +===================================+===================================+ | TPM (Trusted Platform Module) | | | ============================= | | +-----------------------------------+-----------------------------------+ | Disks | | | ===== | | +-----------------------------------+-----------------------------------+ | volumes | | | ======= | | +-----------------------------------+-----------------------------------+ | partitions | | | ========== | | +-----------------------------------+-----------------------------------+ | Container | | | ========= | | +-----------------------------------+-----------------------------------+ | Hash | | | ==== | | +-----------------------------------+-----------------------------------+ | Cryto-currency | | | ============== | | +-----------------------------------+-----------------------------------+ 1. ### 7\. How does the pigpen cipher work? What type of cipher is it? 8\. What did the Enigma machine do? What was the name of the person that led the effort to break the code of the Enigma machine? 9\. How does symmetric key encryption work? 11\. What formula can you use to calculate the unique number of keys for a given number of people? 12\. Is a key with Alice and Bob listed the same and Bob and Alice for symmetric keys? 13\. What are the advantages of symmetric encryption? 14\. What are the disadvantages of symmetric encryption? 15\. How does asymmetric encryption work? 16\. What are the advantages of asymmetric encryption? 17\. What are the disadvantages of asymmetric encryption? 18\. What do users need to encrypt a hard drive using TPM full encryption? What is the benefit of this? 19\. Why is it important to recognize the default filename of a BitLocker recovery key? 21\. What has to happen for the encryption to take place? 22\. How do you know that the disk is encrypted? 23\. If you lost the password to your encrypted drive, what could you do to recover it? 24\. What do you have to do to the container before you can use it? 25\. What tool can you use to crack container passwords? 26\. What command is used to show the contents of the file? 27\. What command is used to use the brute force dictionary method? 28\. What file shows all of the successfully hacked passwords? 29.How do recovery files and hash files differ? 30\. What is the difference between cryptocurrency and a traditional bank? **4.2 STUDY GUIDE** **[Key Terms]:** **Term** **Definition** ------------------------- ---------------- Digital Forensics Teams [Questions:] 1. 2\. What are the four steps to handling digital evidence at the scene? 3\. What is a good guiding rule if something might be considered digital evidence? 4\. What are some examples of things that might be digital evidence but not appear to be traditional electronics? 5\. It is important for the digital forensics team to document the scene by considering the following: a. Is wireless installed and active on the computer or device? b. How many devices are involved? c. Is a removable media (smart card, storage card) present? d. What is the position of the mouse (left side/right side)? e. What are the locations of various computer components? f. Is the computer or device on? g. If the computer or device is on: 6\. Describe what a live response is and when it would be used. 7\. All digital forensics teams have a toolkit to collect and preserve evidence. What are at least 5 items in the tool kit? 8\. What two items need to be checked prior to leaving the scene? 9\. What should be considered during transport to protect and preserve evidence? **[Key Terms]:** **Term** **Definition** ---------------- ---------------- Hash functions Message digest Brute force Algorithms **[Questions:]** 1. What are the two characteristics of a hashing algorithm? a. -------------------------------------------------------------------------------- The quick brown fox \* \-\-- Hash function \-\--\> * 48E195AB ---------------------------------- ---------------------------------- ---------- The quick brown fox jumped over \* \-\-- Hash function \-\--\> * 844F9A82 The quick brown fox jumped over\ \* \-\-- Hash function \-\--\> * D9432A67 the lazy dog's back -------------------------------------------------------------------------------- b. 2\. What are the two most popular hash algorithms? 3\. Which of these two methods if faster? 4\. Which of these two methods is more secure? 5\. How can you prove validation of data? **[Questions:]** 1. How can you identify a FTL file listAre there additional entries in the FTK File List? 2\. Where do temporarily deleted files appear? 3\. Are permanently deleted files located in the recycle bin? 4\. Why is taking an image of a drive or device important to an investigation? 5\. How would you verify that the cloned image is the same as when you collected it? With what degree of accuracy can you state that? 6\. What features of FTK Imager can be used to conduct an investigation? **[Key Terms]:** **Term** **Definition** -------------------------------------------- ---------------- Network Address Translations (NAT) Dynamic Host Configuration Protocol (DHCP) Domain Name Subnet Subpoena **[Questions:]** 1. What does it mean when a computer uses a "static" IP address? 2\. What tools can you use to investigate the email sender\'s identity? 3.What are the primary difficulties in establishing identity in cyberspace? 4\. At what point must you engage outside help (Law Enforcement) during an investigation?
