CYSE 101 FINAL REVIEW | with COMPLETE
SOLUTION
What Kismet used for? Correct Answer: Finding wireless access points even when attempts
have made it difficult to do so.
What is the concept of network segmentation and why do it? Correct Answer: Divide networks
into subnets.
Do this for controlling network traffic.
Boost Performance.
Troubleshooting network issues.
Why is a BYOD policy bad for an enterprise network? Correct Answer: Potential for malware to
be brought into the network from outside sources is high. Rogue access points.
Three main protocols of wire encryption? Correct Answer: WEP, WPA, WPA2
What application might we use to scan for devices on a network, fingerprint operating systems,
and detecting versions of services on open ports? Correct Answer: Nmap
Why use a honeypot? Correct Answer: Giving attackers a vulnerable target to direct attacks at
instead of the client network, analyze malware in the wild to better protect our client network.
Different between signature and anomaly IDSes? Correct Answer: Signature based IDSes used a
database of signatures generated from already encountered malware.
Anomaly base IDSes track abnormal network traffic to detect attacks. (better at detecting newer
attacks)
What technology may use to send sensitive data over an untrusted network? Correct Answer:
VPN
Difference between a stateful firewall and a deep packet inspection firewall? Correct Answer:
Stateful firewalls can only look at the structure of the packet.
Deep packet inspection firewalls can reassemble the contents of the packet to see where and
what will be delivered.
What would use a DMZ to protect? Correct Answer: Protect mail servers, segmenting the mail
server and only letting certain traffic to reach the server.
What is an exploit framework? Correct Answer: Category of tools used to find exploits.
What is the difference between a port scanner and a vulnerability assessment tool? Correct
Answer: Port scanners show us how hosts interact.
, Vulnerability assessment tools show us which areas we are open to attack.
What is the concept of an attack surface? Correct Answer: If we leave a path for an attack open
in our operating system, the attack surface is all the vulnerabilities that can take advantage of this
opening.
What might we want a software firewall is one already exists on the network? Correct Answer:
To add another layer of defense. It could also be installed on a clients machine to monitor traffic
from each client and can be configured to allow only the traffic the client needs to get there job
done.
What is operating system hardening? Correct Answer: Decreasing the attack surface or overall
avenues that attackers can use to gain entry to the system.
What is the XD bit and why is it used? Correct Answer: Used by intel chipsets to support
executable space protection. Used to prevent buffer overflow attacks.
What does executable space protection do for us? Correct Answer: Protects the memory in the
OS from being used to execute code. Protects against buffer overflows.
How does the principle of least privilege apply to operating system hardening. Correct Answer:
Allowing only the rights the clients account needs to accomplish there daily tasks. Done so that
if a common account is compromised, the level of damage is minimal.
Are nmap results always accurate? Correct Answer: Nmap is not always accurate, results should
be verified with another tool.
What is the purpose of hash checking? Correct Answer: Verify download and file are the same
one that was published. Extra code could have been inserted into the file for malicious reasons
and this would in turn change the hash.
Difference between symmetric and asymmetric algorithm? Correct Answer: In symmetric the
same private key is used for encryption and decryption.
In asymmetric a public key is used for encryption and private keys are used for decryption client
side.
What does a fuzzing tool do? Correct Answer: Attacks an application by sending a lot of data
and inputs so it can analyze how it fails.
Example of a race condition? Correct Answer: Two users trying to withdraw money from a bank
account causing it to not record the proper balances in both accounts. (both users "racing")
Why is it important to remove extraneous files from a Web server? Correct Answer: So we do
not leave behind documentation that could aid attackers in penetrating the system.
SOLUTION
What Kismet used for? Correct Answer: Finding wireless access points even when attempts
have made it difficult to do so.
What is the concept of network segmentation and why do it? Correct Answer: Divide networks
into subnets.
Do this for controlling network traffic.
Boost Performance.
Troubleshooting network issues.
Why is a BYOD policy bad for an enterprise network? Correct Answer: Potential for malware to
be brought into the network from outside sources is high. Rogue access points.
Three main protocols of wire encryption? Correct Answer: WEP, WPA, WPA2
What application might we use to scan for devices on a network, fingerprint operating systems,
and detecting versions of services on open ports? Correct Answer: Nmap
Why use a honeypot? Correct Answer: Giving attackers a vulnerable target to direct attacks at
instead of the client network, analyze malware in the wild to better protect our client network.
Different between signature and anomaly IDSes? Correct Answer: Signature based IDSes used a
database of signatures generated from already encountered malware.
Anomaly base IDSes track abnormal network traffic to detect attacks. (better at detecting newer
attacks)
What technology may use to send sensitive data over an untrusted network? Correct Answer:
VPN
Difference between a stateful firewall and a deep packet inspection firewall? Correct Answer:
Stateful firewalls can only look at the structure of the packet.
Deep packet inspection firewalls can reassemble the contents of the packet to see where and
what will be delivered.
What would use a DMZ to protect? Correct Answer: Protect mail servers, segmenting the mail
server and only letting certain traffic to reach the server.
What is an exploit framework? Correct Answer: Category of tools used to find exploits.
What is the difference between a port scanner and a vulnerability assessment tool? Correct
Answer: Port scanners show us how hosts interact.
, Vulnerability assessment tools show us which areas we are open to attack.
What is the concept of an attack surface? Correct Answer: If we leave a path for an attack open
in our operating system, the attack surface is all the vulnerabilities that can take advantage of this
opening.
What might we want a software firewall is one already exists on the network? Correct Answer:
To add another layer of defense. It could also be installed on a clients machine to monitor traffic
from each client and can be configured to allow only the traffic the client needs to get there job
done.
What is operating system hardening? Correct Answer: Decreasing the attack surface or overall
avenues that attackers can use to gain entry to the system.
What is the XD bit and why is it used? Correct Answer: Used by intel chipsets to support
executable space protection. Used to prevent buffer overflow attacks.
What does executable space protection do for us? Correct Answer: Protects the memory in the
OS from being used to execute code. Protects against buffer overflows.
How does the principle of least privilege apply to operating system hardening. Correct Answer:
Allowing only the rights the clients account needs to accomplish there daily tasks. Done so that
if a common account is compromised, the level of damage is minimal.
Are nmap results always accurate? Correct Answer: Nmap is not always accurate, results should
be verified with another tool.
What is the purpose of hash checking? Correct Answer: Verify download and file are the same
one that was published. Extra code could have been inserted into the file for malicious reasons
and this would in turn change the hash.
Difference between symmetric and asymmetric algorithm? Correct Answer: In symmetric the
same private key is used for encryption and decryption.
In asymmetric a public key is used for encryption and private keys are used for decryption client
side.
What does a fuzzing tool do? Correct Answer: Attacks an application by sending a lot of data
and inputs so it can analyze how it fails.
Example of a race condition? Correct Answer: Two users trying to withdraw money from a bank
account causing it to not record the proper balances in both accounts. (both users "racing")
Why is it important to remove extraneous files from a Web server? Correct Answer: So we do
not leave behind documentation that could aid attackers in penetrating the system.
