Kali Linux Commands and Concepts, Exams of Nursing

Various kali linux commands and cybersecurity concepts, including subdomain enumeration, password cracking, privilege escalation, and common web application vulnerabilities. It provides explanations and examples of commands used for tasks like searching for subdomains, checking user accounts, and running system configuration checks. The document also delves into security principles like encryption, hashing, and mitigation techniques for threats like command injection and buffer overflow. By studying this document, users can gain a deeper understanding of kali linux tools and their applications, as well as fundamental cybersecurity knowledge that can be applied across different platforms and scenarios.

Typology: Exams

2023/2024

Available from 07/29/2024

Toperthetop
Toperthetop 🇬🇧

3

(6)

27K documents

1 / 40

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
GFACT Certification Exam
(B2, Pg122) What does it mean when a computer program is "multi-threaded"?
A) It calls multiple external libraries
B) It has multiple serial number for different users
C) It can run multiple chunks of code concurrently
D) It has multiple functions defined in the program - correct answer ✔✔It can run multiple chunks of
code concurrently
(B3, Pg162) Which of the following is a common result of a reflected cross-site scripting attack?
A)Tricking a user into making an authenticated transaction
B)Sending a website user's session cookie to an attacker
C) Embedding the attacker's malware in web application source code
D) Stealing password hashes from a website's back end database
*HINT* It may be under the session guessing section, but if you read further into it, you will see where it
mentions XSS attack. - correct answer ✔✔Sending a website user's session cookie to an attacker
(B3, Pg90) What tool can be used to fingerprint the operating system of a host?
A)netstat
B)dig
C)nslookup
D)nmap - correct answer ✔✔Nmap
(B3, Pg151) What type of vulnerability is illustrated where there is code in the web page?
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28

Partial preview of the text

Download Kali Linux Commands and Concepts and more Exams Nursing in PDF only on Docsity!

GFACT Certification Exam

(B2, Pg122) What does it mean when a computer program is "multi-threaded"? A) It calls multiple external libraries B) It has multiple serial number for different users C) It can run multiple chunks of code concurrently D) It has multiple functions defined in the program - correct answer ✔✔It can run multiple chunks of code concurrently (B3, Pg162) Which of the following is a common result of a reflected cross-site scripting attack? A)Tricking a user into making an authenticated transaction B)Sending a website user's session cookie to an attacker C) Embedding the attacker's malware in web application source code D) Stealing password hashes from a website's back end database HINT It may be under the session guessing section, but if you read further into it, you will see where it mentions XSS attack. - correct answer ✔✔Sending a website user's session cookie to an attacker (B3, Pg90) What tool can be used to fingerprint the operating system of a host? A)netstat B)dig C)nslookup D)nmap - correct answer ✔✔Nmap (B3, Pg151) What type of vulnerability is illustrated where there is code in the web page?

A)File Inclusion B) Clickjacking C)Cross-Site Scripting D) SQL injection HINT While it doesn't exactly say "code in the web page", it mentions how you can sometimes view a page that looks like PHP code and how that code can gain you access to the access logs of the server. - correct answer ✔✔File Inclusion (B3, Pg88-89) An alert indicates that a compromised host was used by an attacker to run the command below. What was the attacker attempting to do? $ nmap -sS 192.168.10.0/ A)Map a network drive to a remote host B)Identify services running on network hosts C)Execute a script on a remote host D)Send Spoofed packets to network hosts - correct answer ✔✔Identify services running on network hosts What type of artifact can a blue team member use to identify the name that is associated to the file? A)Metadata B)Windows security logs C)Prefetch D)File Ownership - correct answer ✔✔Metadata (B3, Pg307-308) What is HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run considered to be?

A)2nd_phone_number B)LASTNAM_ C)streetAddress D)_firstname HINT You can start a variable name with a letter or an underscore, but NOT WITH A NUMBER! - correct answer ✔✔2nd_phone_number What is the following command attempting to accomplish in Kali Linux? dnsmap myfakedomain.local -w /usr/share/wordlists/dnsmap.txt A)Search for subdomains based upon the wordlist provided B) Check for users based on the wordlist provided C)Run checks on the applications based on the wordlist provided D)Call yo mama - correct answer ✔✔Search for subdomains based upon the wordlist provided (B3, Pg121) How do you remove data from a Solid State Drive? A) Destroy it B) Place Magnets upon it C) Snap it D) Yo mama sit on it - correct answer ✔✔Destroy it (B3, Pg56) Where are the wordlists located in Kali? A)/var/opt/wordlists B)/etc/default/wordlists

C)/etc/security/wordlists D)/var/adm/wordlists E)/usr/share/wordlists - correct answer ✔✔/usr/share/wordlists (B1, Pg174) What is the outcome of the command below? ps aux | grep -i sshd | grep root A) Enabling logging for all root logins for the ssh service B)Terminating the secure shell service C)List of secure shell processes running under the root user D)Starting up the ssh service as the root user - correct answer ✔✔List of secure shell processes running under the root user When would a security analyst create a "TCP Socket" in a Python Program? A) When scanning the host computer for malicious software B) When creating a script to run against a network service C) When collecting information about the host computer's hardware D) When the host is running network services in the background during Python program execution - correct answer ✔✔When creating a script to run against a network service (B2, Pg180) What is used to access the address of a variable in the C Programming Language? A) &stuff B) *stuff C) {stuff} D) [stuff] - correct answer ✔✔&stuff

(B1, Pg211-212) What command will generate a makefile that is tuned to the system that it is installed to? A)source makefile.am B)source configure.in C) ./install-sh D) ./configure - correct answer ✔✔./configure (B3, Pg179-180) What might a captcha do to a scanner? A) Redirect the scanner to the same page in a loop B) Proceed to the website as per normal C) Shut the scanner down D) Lock you out of the website - correct answer ✔✔Redirect the scanner to the same page in a loop (B1, Pg100) The user starts Microsoft Word and clicks File | Open. What does word do as a result? A) Generates a software interrupt B) Loads the kernel C) Opens the appropriate output HID D) Yo Mama - correct answer ✔✔Generates a software interrupt (B3, Pg84) What attack is being attempted by the command shown below? root@kali: ~/target# dirb https:www.sans.org /usr/share/wordlists/dirb/small.txt A) Dictionary attack against known user accounts on a website B) Dictionary attack against unknown user accounts on a website

C) Search for valid accounts using a wordlist against a website D) Search for directories not linked to public areas of a website - correct answer ✔✔Search for directories not linked to public areas of a website Where is the data from the GDB output shown in the image stored on the host? A) Master Boot Record B) BIOS C) CPU D) Random Access Memory - correct answer ✔✔CPU (B2, Pg369) What command is used to generate lists of images that are stored locally and provides arguments for handling them? A) docker images B) docker pull C) docker run D) vi Dockerfile E) docker ps - correct answer ✔✔docker images What is the significance of the items listed in pwbdbg's backtrace? A) They are all of the functions called up to this point B) They are functions currently loaded in the CPU cache C) It is a list of functions that are about to be called D) They are pointed to by the GLOBAL_OFFSET_TABLE - correct answer ✔✔They are all of the functions called up to this point (B3, Pg340) Which packet header field characteristic is a strong indicator of data exfiltration?

A) Access this computer from the network B) Full control C) Run as Administrator D) Always notify - correct answer ✔✔Always notify (B1, Pg236) What HTTP protocol request asks a web server to retrieve metadata without the data? A) PUT B) HEAD C) GET D) POST - correct answer ✔✔HEAD (B1, Pg132) What command will change your directory to the current home folder? A) cd ~ B) cd .. C) cd // D) cd Yo Mama - correct answer ✔✔cd ~ What does the home folder contain? A) The user directories for every user other than the root B) All directories under the Windows machine C) The specific user's directory D) Yo Mama - correct answer ✔✔The user directories for every user other than the root Examine the list from a Python program below. Which statement will display Oregon? PNW_states = [ 'Washington' , 'Oregon' , 'Idaho' , 'Montana' , 'Wyoming' ]

A) print(PNW_states[2]) B) print(PNW_states(2)) C) print(PNW_states[1]) D) print(PNW_states[0][2]) - correct answer ✔✔print(PNW_states[1]) If you run the command "Python" on a Linux system where it is installed, what will happen? A)Python will list all currently installed libraries and modules B) The computer will run Python in the background upon reboot C) The operating system will prompt you for a Python code file to open D) An interactive console will open for writing simple Python code - correct answer ✔✔An interactive console will open for writing simple Python code A Web application is configured to validate a unique token value for each submitted user request. What threat is being mitigated? A) Local file inclusion B) Cross site request forgery C) Drive-by downloads D) Command injection - correct answer ✔✔Cross site request forgery (B2, Pg40) In the Python programming language, case_stats, shown below, is which of the following? Imagine a picture here OR go to B2, Pg40 for reference A) Dictionary B) Tuple C) Array

B) Two bytes C) One byte D) Three bytes - correct answer ✔✔Zero bytes (B1, Pg340-341) What can an Apache server administrator do to prevent version information from leaking? A) Run Apache as a non-root user B) Enable HTTPS C) Set permission on /var/www/html to 700 D) Disable the banner - correct answer ✔✔Disable the banner (B2, Pg351) When debugging a program with pwngdb what is the significance of the s in x/s 0x80484ef command shown in the command below: pwndbg> x/s 0x80484ef 0x80484ef <main+4>: A) Tells the command to step into the address 0x80484ef B) Identifies the output format for data at address 0x80484ef C) Tells the command to stop after the address 0x80484ef D) Identifies the next breakpoint is address 0x80484ef HINT For debugging with pwngdb, x = hexadecimal, s = string - correct answer ✔✔Identifies the output format for data at address ox80484ef (B2, Pg11) What is it called when a user makes a change to the master code in a Git repository? A) Pull B) Clone

C) Branch D) Commit - correct answer ✔✔Commit (B3, Pg168) A GIAC administrator has configured their company's web server to send an X-Frame-Options header in every request to an HTTP page. The admin has configured the option to use the values DENY,SAMEORGIN, or ALLOW-FROM. What attack is the administrator addressing with the techniques described above? A) SQL injection B) Cross-Site request forgery C) Cross-Site scripting D) Directory traversal E) Clickjacking - correct answer ✔✔Clickjacking (B3, Pg158) How do prepared statements help prevent SQL injection attacks? A) Query parameters are sent in the body of a POST request B) Queries are appended with an authorization token C) Query language is kept separate from user supplied data D) Queries submitted by users are HTML entity encoded - correct answer ✔✔Query language is kept separate from user supplied data (B1, Pg 236) If the user agent is used, where would it be found in the HTTP protocol? A) In the response body B)In the response header C) Delimited by an h1 tag D) In a GET Request - correct answer ✔✔In a GET Request

(B1, Pg100) When is a software interrupt issued by a computer? A) When a user switches from one visible program to another in the GUI B) When power is suddenly cut off the CPU C) When a user has not taken action in a pre-specified amount of time D) When a new event occurs that requires attention from the processor - correct answer ✔✔When a new event occurs that requires attention from the processor (B2, Pg368) Which of the following can best be described as a recipe for building Docker containers? A) Operating System B) Daemon C) Hub D) Image - correct answer ✔✔Image What is interesting to be an attacker about the program below? -rwsr-xr-x 1 root root 44k May 7th 2014 /bin/ping A)The program will be run with root permissions B) The program can only be saved by the root user C)The program will create a tunnel to the remote host D) Yo mama - correct answer ✔✔The program will be run with root permissions (B1, Pg128) What is the result of the following Linux command? sudo find /etc -exec sh -i /;

A)Updating files in /etc with sh B)Listing executable file in /etc C) Gaining a shell with root access - correct answer ✔✔Gaining a shell with root access Consider the TCP communication between two computers shown below. What will computer A do following Computer B's response? Computer A sends 20 bytes of data Computer B responds with Computer A's acknowledgment number + 15 A)Send a FIN packet to close the connection B) Send the missing five bytes C)Resend the entire packet D)Ask computer B what bytes are missing - correct answer ✔✔Resend the entire packet A user adds a new directory to a Linux system's $PATH environment variable, #export $PATH=$PATH:new_dir. What action will cause the updated $PATH variable change back to the original value? A)Closing and re-opening the terminal B)Running the command "rm $PATH" C) Echoing the $PATH to /dev/null - correct answer ✔✔Closing and reopening the terminal When a program runs on a computer, it temporaily loads code into memory that contains information about the program. The code is deleted when the program is closed. What is the instance of this code called? A) Process B) Kernel C) BIOS

D)mnt HINT The "blank" folder contains system files that tend to increase in size over time (hence it's a "blank" size folder). Things like log files, the mail directory, and so on, go here. - correct answer ✔✔var What type of exploit is described below? CVE-2019-9874: Deserialization of Untrusted Data in the Sitecore.Security.AnitCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN. A) RCE B) Heap corruption C) Information disclosure D) Buffer over-read E) File Inclusion F)SQLi HINT "Blank" bugs allow an attacker to achieve "arbitrary code execution." This, in effect, allows them to assume control of a target system. They can come in many flavors but are often seen as the most high- risk category of attack. - correct answer ✔✔RCE (B3, Pg202) Which buffer overflow mitigation places a value before the return pointer in the stack? A) Canary B) Parameterized query C) Random session token D) Format String HINT The stack "blank" is a value that sits before the return pointer in the stack. When the program's execution hits the return instruction, before the return pointer is loaded into EIP, the value of the stack

"blank" is checked. If it has been overwritten, then the program terminates because the CPU then knows that something dodgy was going on, since the value of the stack "blank" which shouldn't have changed has changed. The stack "blank" can usually be bypassed by finding out the value the "blank" is expected to be and overwriting it with the same value. Sometimes this is made harder by a stack "blank" that contains null byte values since many functions which read user input in C will stop reading more data as soon as they see a null byte - correct answer ✔✔Canary (B1, Pg128) Which Linux command will allow a user to run a command with escalated privileges using their own password? A)sudo B)bash C)su D)which HINT The "blank" program will allow a user to temporarily take on the privileges of the root account to run a command and then it will drop user privilege level back down to your normal account levels after the command runs. The way "blank" works is there is a configuration file called "sudoers" file, which basically a list of which accounts are allowed to do what with superuser privileges (and only root can edit it). When a user wants to run a command with privileges, they append "blank" before the command. They will then be prompted for their normal account password (not the root password), and then the command will run with super user privileges. - correct answer ✔✔sudo (B3, Pg22) Which of the following is a form of one-way encryption? A) Hashing B)Symmetric C)Substitution D)Asymmetric HINT "Blank" is a third form of encryption, but its uses are a bit more niche. The third form of encryption is called hashing: a form of one-way encryption. That means, once data is encrypted, the process can not be reversed to go from the encrypted data back to the plaintext.