Wireless Network Protocols and Security Vulnerabilities, Exams of Nursing

An overview of various wireless network protocols, including wi-fi, and their associated security vulnerabilities. It covers topics such as wi-fi frequency bands, wireless security protocols like wep, tkip, and wpa/wpa2, as well as other network protocols like telnet, http, ftp, and snmp. The document also discusses security issues related to these protocols, such as clear-text transmission, denial of service attacks, and vulnerabilities in specific protocol implementations. Additionally, it covers network scanning techniques, including nmap options, and legal considerations around penetration testing. This comprehensive information could be useful for network administrators, security professionals, and students studying computer networking and cybersecurity.

Typology: Exams

2023/2024

Available from 07/27/2024

lazarus-njoki
lazarus-njoki 🇬🇧

531 documents

1 / 28

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CREST CPSA 4, CPSA 5 Questions and
Answers Study Guide 2023
100 -
✔️Continue
101 -
✔️Switching Protocols
102 -
✔️Processing
Internet Protocol Security (IPsec) -
✔️a secure network protocol suite that authenticates and encrypts the packets of
data sent over an Internet Protocol network
Internet Protocol Security (IPsec) -
✔️used in virtual private networks (VPNs)
number of possible TCP ports -
✔️65535
number of possible UDP ports -
✔️65535
RFC1918 24-bit block -
✔️10.0.0.0/8
RFC1918 20-bit block -
✔️172.16.0.0/12
RFC1918 16-bit block -
✔️192.168.0.0/16
Common Vulnerabilities and Exposures (CVE) -
✔️provides a reference-method for publicly known information-security
vulnerabilities and exposures
Common Vulnerability Scoring System (CVSS) -
✔️an open industry standard for assessing the severity of computer system security
vulnerabilities
DREAD -
✔️part of a system for risk-assessing computer security threats
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c

Partial preview of the text

Download Wireless Network Protocols and Security Vulnerabilities and more Exams Nursing in PDF only on Docsity!

CREST CPSA 4, CPSA 5 Questions and

Answers Study Guide 2023

✔️ Continue

101 - ✔️ Switching Protocols

102 - ✔️ Processing

Internet Protocol Security (IPsec) - ✔️ a secure network protocol suite that authenticates and encrypts the packets of data sent over an Internet Protocol network

Internet Protocol Security (IPsec) - ✔️ used in virtual private networks (VPNs)

number of possible TCP ports - ✔️ 65535

number of possible UDP ports - ✔️ 65535

RFC1918 24-bit block - ✔️ 10.0.0.0/

RFC1918 20-bit block - ✔️ 172.16.0.0/

RFC1918 16-bit block - ✔️ 192.168.0.0/

Common Vulnerabilities and Exposures (CVE) - ✔️ provides a reference-method for publicly known information-security vulnerabilities and exposures

Common Vulnerability Scoring System (CVSS) - ✔️ an open industry standard for assessing the severity of computer system security vulnerabilities

DREAD - ✔️ part of a system for risk-assessing computer security threats

Common Weakness Enumeration (CWE) - ✔️ a category system for software weaknesses and vulnerabilities

National Vulnerability Database (NVD) - ✔️ the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP)

500 - ✔️ Internal Server Error

501 - ✔️ Not Implemented

502 - ✔️ Bad Gateway

503 - ✔️ Service Unavailable

504 - ✔️ Gateway Timeout

505 - ✔️ HTTP Version Not Supported

511 - ✔️ Network Authentication Required

CHANGE_ON_INSTALL - ✔️ SYS

MANAGER - ✔️ SYSTEM

TIGER - ✔️ SCOTT

WOOD - ✔️ ADAMS

STEEL - ✔️ JONES

CLOTH - ✔️ CLARK

PAPER - ✔️ BLAKE

✔️ Upgrade Required

429 - ✔️ Too Many Requests

threat - ✔️ a source of potential disruption, which has the potential to cause a risk

risk - ✔️ the combination of consequences of a threat occurring and the likelihood of it doing so

inherent risk - ✔️ the risk that an event will occur which may negatively affect the achievement of organisation's objectives, assuming there are no controls in place

residual risk - ✔️ the risk which remains after taking controls in to account

Session Initiation Protocol (SIP) - ✔️ a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications

SIP requests - ✔️ REGISTER; INVITE; ACK; BYE; CANCEL; UPDATE; REFER; PRACK; SUBSCRIBE; NOTIFY; PUBLISH; MESSAGE; INFO; OPTIONS

IPsec security architecture - ✔️ Authentication Headers (AH) Encapsulating Security Payloads (ESP) Security Associations (SA) - Internet Security Association and Key Management Protocol (ISAKMP); Internet Key Exchange (IKE and IKEv2)

LM - ✔️ all passwords are converted into uppercase before generating the hash value

LM - ✔️ password length is limited to maximum of 14 characters

LM - ✔️ a 14-character password is broken into 7+7 characters and the hash is calculated for the two halves separately

LM - ✔️ if the password is 7 characters or less, then the second half of hash will always produce same constant value (AAD3B435B51404EE)

LM -

✔️ the hash value is sent to network servers without salting

LM - ✔️ uses DES

128 bits - ✔️ LAN Manager (LM) hash size:

Net-NTLM - ✔️ used for network authentication

Net-NTLM - ✔️ get these hashes when using tools like Responder or Inveigh

Net-NTLMv1 - ✔️ uses DES

Net-NTLMv2 - ✔️ uses HMAC-MD 5

128 bits - ✔️ Network New Technology LAN Manager (Net-NTLM) hashes size:

NTLM - ✔️ get these hashes when dumping the SAM database of any Windows OS, a Domain Controller's Ntds.dit database or from Mimikatz

NTLM - ✔️ uses MD 4

128 bits - ✔️ New Technology LAN Manager (NTLM) hash size:

NTLM - ✔️ You CAN perform Pass-The-Hash attacks with these hashes

Net-NTLM - ✔️ You CANNOT perform Pass-The-Hash attacks with these hashes

nbtstat; nbtscan - ✔️ NetBIOS scanning tools:

nbtstat - ✔️ a command line utility that is integrated in windows systems and it can unveil information about the NetBIOS names and the remote machine name table or local but only for one host

✔️ a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the applications response - this attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection

Link-Local Multicast Name Resolution (LLMNR) - ✔️ a Microsoft Windows protocol based on the Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link

Network Basic Input/Output System (NetBIOS) name service - ✔️ identifies systems on a local network by their NetBIOS name

LLMNR spoofing - ✔️ Adversaries can spoof an authoritative source for name resolution on a victim network by responding to LLMNR (UDP 5355)/NBT-NS (UDP 137) traffic as if they know the identity of the requested host, effectively poisoning the service so that the victims will communicate with the adversary controlled system. If the requested host belongs to a resource that requires identification/authentication, the username and NTLMv2 hash will then be sent to the adversary controlled system.

FTP bounce attack - ✔️ an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request

Ntds.dit file - ✔️ a database that stores Active Directory data, including information about user objects, groups, and group membership - it includes the password hashes for all users in the domain

computer worm - ✔️ What is Code Red?

Internet Information Services (IIS) 5.0 - ✔️ MS 01 - 033 basis

Code Red - ✔️ The MS 01 - 033 vulnerability was used by which malware?

computer worm - ✔️ What is Conficker?

Conficker - ✔️ The MS 08 - 067 vulnerability was used by which malware?

computer worm - ✔️ What is Blaster?

Distributed Component Object Model (DCOM) - ✔️ MS 03 - 026 basis

Blaster - ✔️ The MS 03 - 026 vulnerability was used by which malware?

computer worm - ✔️ What is Nimda?

Local Security Authority Subsystem Service (LSASS) - ✔️ MS 04 - 011 basis

Internet Explorer - ✔️ MS 10 - 002 basis

Aurora - ✔️ MS 10 - 002 name

KiTrap0D - ✔️ MS 10 - 015 name

Print Spooler Service - ✔️ MS 10 - 061 basis

OK - ✔️ 200

Created - ✔️ 201

Accepted - ✔️ 202

Non-Authoritative Information - ✔️ 203

No Content - ✔️ 204

Reset Content - ✔️ 205

300 - ✔️ Multiple Choices

301 - ✔️ Moved Permanently

Dynamic Host Configuration Protocol (DHCP) - ✔️ a network management protocol used on UDP/IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks

Hot Standby Router Protocol (HSRP) - ✔️ a Cisco proprietary redundancy protocol for establishing a fault-tolerant default gateway

Virtual Router Redundancy Protocol (VRRP) - ✔️ a computer networking protocol that provides for automatic assignment of available Internet Protocol (IP) routers to participating hosts

VLAN Trunking Protocol (VTP) - ✔️ a Cisco proprietary protocol that propagates the definition of Virtual Local Area Networks (VLAN) on the whole local area network

Spanning Tree Protocol (STP) - ✔️ a network protocol that builds a loop-free logical topology for Ethernet networks

Terminal Access Controller Access-Control System Plus (TACACS+) - ✔️ a protocol developed by Cisco that handles authentication, authorisation, and accounting (AAA) services

Voice over Internet Protocol (VoIP) - ✔️ a methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet

Session Initiation Protocol (SIP) - ✔️ a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications

IEEE 802.11 - ✔️ part of the IEEE 802 set of LAN protocols, and specifies the set of media access control (MAC) and physical layer protocols for implementing wireless local area network (WLAN) Wi-Fi computer communication in various frequencies, including but not limited to 2, 4, 5, and 60 GHz frequency bands

Kismet - ✔️ passive scanner on Linux

Wired Equivalent Privacy (WEP) - ✔️ both XXX- 40 and XXX- 104 were deprecated in 2004

Temporal Key Integrity Protocol (TKIP) - ✔️ deprecated in 2012

Wi-Fi Protected Access / Wi-Fi Protected Access II (WPA/WPA2) - ✔️ defined in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP)

Extensible Authentication Protocol (EAP) - ✔️ an authentication framework frequently used in wireless networks and point-to- point connections

Lightweight Extensible Authentication Protocol (LEAP) - ✔️ a proprietary wireless LAN authentication method developed by Cisco

Protected Extensible Authentication Protocol (PEAP) - ✔️ a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel

Teletype Network (Telnet) - ✔️ a protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection

Teletype Network (Telnet) - ✔️ does not encrypt any traffic sent over the connection by default

Hypertext Transfer Protocol (HTTP) - ✔️ an application protocol for distributed, collaborative, hypermedia information systems

Hypertext Transfer Protocol (HTTP) - ✔️ does not encrypt any traffic sent over the connection

Hypertext Transfer Protocol Secure (HTTPS) - ✔️ used for secure communication over a computer network, and widely used on the Internet

File Transfer Protocol (FTP) - ✔️ a standard network protocol used for the transfer of computer files between a client and server on a computer network

File Transfer Protocol (FTP) - ✔️ does not encrypt any traffic sent over the connection

Secure Shell (SSH) - ✔️ a cryptographic network protocol for operating network services securely over an unsecured network

Simple Network Management Protocol (SNMP) -

netstat, ss - ✔️ command line tools are used to list established sockets and related information

C:\windows\system32\config\SAM - ✔️ password hashes (Windows):

/etc/shadow - ✔️ password hashes (Unix):

domain information, registrant contact, administrative contact, technical contact - ✔️ information contained within IP and domain registries (WHOIS)

DNS zone transfer - ✔️ one of many mechanisms available for administrators to replicate DNS databases across a set of DNS servers

zone - ✔️ the portion of the database that is replicated

Start Of [a zone of] Authority (SOA) - ✔️ specifies authoritative information about a DNS zone

Mail eXchange (MX) - ✔️ domain to mail server

Text (TXT) - ✔️ more often carries machine-readable data, opportunistic encryption, etc.

Address (A) - ✔️ domain to IP

Name Server (NS) - ✔️ domain to a set of name servers

Pointer (PTR) - ✔️ IP to a domain

HINFO - ✔️ intended to provide information about host CPU type and operating system

Canonical Name (CNAME) - ✔️ subdomain to a domain's A record

Usenet newsgroup - ✔️ a repository usually within the Usenet system, for messages posted from many users in different locations using Internet

  • rwxr-xr-x - ✔️ a regular file whose user class has full permissions and whose group and others classes have only the read and execute permissions

0740 - ✔️ - rwxr-----

archive, hidden, system, read-only - ✔️ traditionally, in Microsoft Windows, files and folders accepted four attributes:

filesystem Access Control List (ACL) - ✔️ a data structure (usually a table) containing entries that specify individual user or group rights to specific system objects such as programmes, processes, or files

encryption - ✔️ transforms data into another format in such a way that only specific individual(s) can reverse the transformation

encoding - ✔️ transforms data into another format using a scheme that is publicly available so that it can easily be reversed

symmetric encryption - ✔️ uses the same cryptographic keys for both encryption of plaintext and decryption of ciphertext

asymmetric encryption - ✔️ uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner

symmetric-key block cipher - ✔️ DES - Data Encryption Standard

64 bits - ✔️ DES block sizes:

56 bits - ✔️ DES key sizes:

symmetric-key block cipher - ✔️ 3 DES - Triple Data Encryption Standard

64 bits - ✔️ 3 DES block sizes:

168, 112, or 56 bits - ✔️ 3 DES key sizes:

router - ✔️ a networking device that forwards data packets between computer networks

switch - ✔️ a computer networking device that connects devices on a computer network by using packet switching to receive, process, and forward data to the destination device

Secure Sockets Layer (SSL) - ✔️ a set of cryptographic protocols designed to provide communications security over a computer network

Internet Protocol Security (IPsec) - ✔️ a secure network protocol suite that authenticates and encrypts the packets of data sent over an Internet protocol network which is used in Virtual Private Networks (VPNs)

Secure Shell (SSH) - ✔️ a cryptographic network protocol for operating network services securely over an unsecured network

Secure Shell (SSH) - ✔️ typical applications include remote command-line login and remote command execution, but any network service can be secured with SSH

Pretty Good Privacy (PGP) - ✔️ an encryption programme that provides cryptographic privacy and authentication for data communication

Pretty Good Privacy (PGP) - ✔️ used or signing, encrypting, and decrypting texts, emails, files, directories, and whole disk partitions and to increase the security of email communications

Wired Equivalent Privacy (WEP) - ✔️ standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-bit initialisation vector (IV) to form the RC4 key

Temporal Key Integrity Protocol (TKIP) - ✔️ designed as an interim solution to replace WEP without requiring the replacement of legacy hardware

Wi-Fi Protected Access (WPA) - ✔️ defined in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP)

egress filtering -

✔️ the practice of monitoring and potentially restricting the flow of information outbound from one network to another

egress filtering - ✔️ TCP/IP packets that are being sent out of the internal network are examined via a router, firewall, or similar edge device

ingress filtering - ✔️ a technique used to ensure that incoming packets are actually from the networks from which they claim to originate

banner grabbing - ✔️ a technique used to gain information about a computer system on a network and the services running on its open ports

examples of ports used for banner grabbing - ✔️ Hyper Text Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP); ports 80, 21, and 25 respectively

active fingerprinting - ✔️ works by sending packets to a target and analysing the packets that are sent back

Nmap - ✔️ almost all active fingerprinting is done with:

passive fingerprinting - ✔️ sniffs TCP/IP ports, rather than generating network traffic by sending packets to them

application layer - ✔️ 7

presentation layer - ✔️ 6

session layer - ✔️ 5

transport layer - ✔️ 4

network layer - ✔️ 3

data link layer - ✔️ 2

✔️ scan the target using the IPv 6 protocol

network sniffer - ✔️ computer programme or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network

ping - ✔️ measures the round-trip time for messages sent from the originating host to a destination computer that are echoed back to the source

ping - ✔️ operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP echo reply

  • s - ✔️ specifies the number of data bytes to be sent
  • c - ✔️ stop after sending count ECHO_REQUEST packets
  • w - ✔️ specify a timeout, in seconds, before ping exits regardless of how many packets have been sent or received
  • t - ✔️ set the IP Time To Live (TTL)
  • i - ✔️ wait interval seconds between sending each packet
  • R - ✔️ record route

ping sweep - ✔️ a method that can establish a range of IP addresses which map to live hosts

fping - ✔️ a tool used for ping sweeps

Internet Protocol version 4 (IPv4) - ✔️ uses 32-bit addresses (represented as 4 groups of 4 decimal numbers with the groups being separated by full stop)

Internet Protocol version 6 (IPv6) - ✔️ uses 128-bit addresses (represented as 8 groups of 4 hexadecimal digits with the groups being separated by colons)

Transmission Control Protocol (TCP) - ✔️ provides reliable, ordered, and error-checked delivery of a stream of octets between applications running on hosts communicating via an IP network

User Datagram Protocol (UDP) - ✔️ has no handshaking dialogues, and thus exposes the user's programme to any unreliability of the underlying network; there is no guarantee of delivery, ordering, or duplicate protection

Internet Control Message Protocol (ICMP) - ✔️ used by network devices, including routers, to send error messages and operational information

8 bits - ✔️ 1 byte

8 bits - ✔️ 1 octet

Category 5 cable (CAT 5) - ✔️ a twisted pair cable for computer networks

Category 5 cable (CAT 5) - ✔️ suitable for most varieties of Ethernet over twisted pair

fibre-optic communication - ✔️ a method of transmitting information from one place to another by sending pulses of light through an optical fibre

10/100/1000baseT - ✔️ standards of twisted-pair cables for the physical layer of an Ethernet computer network

Token Ring - ✔️ a communications protocol for local area networks

Token Ring - ✔️ uses a special three-byte frame called a 'token' that travels around a logical 'ring' of workstations or servers

wireless (802.11) - ✔️ part of the IEEE 802 set of LAN protocols, and specifies the set of media access control (MAC) and physical layer protocols for implementing wireless local area network (WLAN) Wi-Fi computer communication in various frequencies, including but not limited to 2.4, 5, and 60 GHz frequency bands

shared media -