CPSA updated 2022 Questions and Answers

Document Content and Description Below

CPSA updated 2022 Questions and Answers TNS + port - ANSWER Transparent Network Substate. TCP port 1521. Brokers client connections to Oracle Database instances via the TNS listener. SID - ANSWER Sys... tem ID. E.g. Oracle Database SID. MS Exchange port - ANSWER 102 Nano flag for safe scripts? - ANSWER -sC In ASP, how would you turn on input validation? - ANSWER Validate Request=true Port 179? - ANSWER BGP (Border Gateway Protocol) TCP Nmap flag for TCP FTP Bounce scan? - ANSWER -b Oracle default port - ANSWER 1521 Nmap flag for SCTP INIT PING - ANSWER -PY Port for Oracle XDB - ANSWER 2100 Port for SMB - ANSWER 445 IIS 7.5 - ANSWER 7 & 2008R2 Port for SIP - ANSWER 5060 Nmap flag that disables host discovery, e.g. no ping scan - ANSWER -Pn Tool to get information about the domain and trustS - ANSWER Netdom IIS 8.5 - ANSWER 2012R2 & 8.1 Nmap flag for TCP Connect Scan - ANSWER -sT Port 546? - ANSWER DHCPv6 Client Port 1433, 1434 - ANSWER Microsoft SQL Server Port 443 - ANSWER HTTPS OSI layer of SNMP - ANSWER Application DES key size - ANSWER 56-bit key Port for RTP - ANSWER 5004 Port 1494 - ANSWER CITRIX Port 8500 - ANSWER Cold Fusion IPv6 Multicast Address to find all routers in link-local - ANSWER ff02::2 Nmap normal output flag - ANSWER -oN SFTP port (simple FTP) - ANSWER 115 IIS 5.0 - ANSWER Windows 2000 Port for SunRPC - ANSWER 111 Port 3389 - ANSWER RDP (Remote Desktop Protocol) Port for Secure FTP (FTPS) - ANSWER 989 (for data connection), 990 (data control) Nmap flag for IP protocol ping? - ANSWER -PO How many bytes in an IPv4 address - ANSWER 4 Tool for snmp enumeration? - ANSWER Snmpwalk Port 1723 - ANSWER PPTP (Point-to-Point Tunneling Protocol) SNMP - ANSWER Simple Network Management Protocol SMTP - ANSWER Simple Mail Transfer Protocol Tool for IPsec enumeration - ANSWER Ike-scan Secure NFS version? - ANSWER 4 Port 70 - ANSWER gopher Which is not a component of a SIP message? - ANSWER Codec replacement Tool to query NetBIOS names and map them to IP addresses - ANSWER Nmblookup Port 520 - ANSWER RIP (Routing Information Protocol) Port 587 - ANSWER SMTP Sending an ICMP type 8 to a non-firewalled host. What do you get back? - ANSWER Type 0 Should register_globals be set or disabled in PHP? - ANSWER Disabled IIS 8.0 - ANSWER Win 8/server 2012 Port for NTP - ANSWER 123 Nmap UDP port scan - ANSWER -sU Nmap IP protocol scan - ANSWER -sO Port 500 - ANSWER ISAKMP Port for Echo - ANSWER 7 Port for L2TP - ANSWER 1701 Nmap flag for null scan? - ANSWER -sN Port for RDS - ANSWER 1541 Port 37 - ANSWER Time Protocol IIS 4.0 - ANSWER NT 4.0 Option Pack IIS 7.0 - ANSWER Vista & Server 2008 Port 6000 - ANSWER X11 Port 2433 - ANSWER MS SQL hidden XML output Nmap - ANSWER -oX Nmap TCP SYN PING - ANSWER -PS IIS 5.1 - ANSWER Windows XP IIS 6.0 - ANSWER 2003 & Xp (64-bit) Port 135 - ANSWER Remote Procedure Call (RPC) Port 53 - ANSWER DNS Which of these is not a priv esc technique - ANSWER Regexec Nmap flag to perform OS, version, safe scripts and trace root - ANSWER -A Port 389 - ANSWER LDAP (Lightweight Directory Access Protocol) Nmap flag for TCP ACK ping - ANSWER -PA Port 513 - ANSWER rlogin and rwho FIN scan? - ANSWER -sF MS exchange port - ANSWER 102 Formulae for calculating number of hosts - ANSWER 2^(32-netmask length)-2 Port for SMTP (submit outgoing email) - ANSWER 465 and 587 Nmap Xmas scan - ANSWER -sX Port for SOCKS proxy? - ANSWER 1080 Port for WebDAV - ANSWER 443 IIS 2.0 - ANSWER NT 4.0 Port 135 - ANSWER Remote Procedure Call (RPC) Nmap flag that prevents DNS resolution - ANSWER -n Nmap flag to output in all formats - ANSWER -oA Port 520 - ANSWER RIP (Routing Information Protocol) UDP Nmap UDP host discovery - ANSWER -PU IIS 7.5 - ANSWER 7 & 2008R2 Port 1701 - ANSWER L2TP (Layer 2 Tunneling Protocol) SIP port - ANSWER 5060/5061 Port 993 - ANSWER IMAP4 over SSL What does Windows AD DS stand for? - ANSWER Windows Active Directory Domain Services Which service is not used by AD - ANSWER DHCP IIS 1.0 - ANSWER NT 3.51 Where are the registry hives located? - ANSWER System32/config Port for PostgreSQL - ANSWER 5432 TCP SYN scan Nmap flag - ANSWER -sS How many bytes in an IPv4 address - ANSWER 4 Nmap idle scan - ANSWER -sI Name an invalid ICMP control message - ANSWER Address length request tool for LDAP enumeration? - ANSWER Enum4linux rexec uses which authentication method? - ANSWER Credentials Port 1813 - ANSWER RADIUS Port for Kerberos password change - ANSWER 464 Port 5900 - ANSWER VNC Port for POP3 over SSL - ANSWER 995 Nmap flag for ARP discovery - ANSWER -PR Ethernet OSI layer? - ANSWER 2 (DLL) Port 42 - ANSWER Nameserver What TCP/IP layer is NTP in? - ANSWER Application RDS port - ANSWER 1541 Nmap -F flag? - ANSWER Scans top 100 popular ports (fast scan) FTP ports? - ANSWER 20, 21 MS14-068 is a vuln for what service? - ANSWER Kerberos vulnerability Best way to escalate to a logged in domain admin account from a domain computer with local admin privs? - ANSWER Steal access token Port for Media Gateway Control Protocol - ANSWER 2427 Port 749 - ANSWER Kerberos administration What authentication is used for rlogin? - ANSWER Rhosts and Port 49 - ANSWER TACACS+ Nmap version discovery flag? - ANSWER -sV IIS 4.0 - ANSWER NT4 Option Pack IIS 8.0 - ANSWER Win 8/server 2012 Ports for NetBIOS? - ANSWER UDP 137 UDP 138 TCP 139 IIS 3.0 - ANSWER NT4 SP2 Port 3306 - ANSWER MySQL IIS 8.5 - ANSWER 2012R2 & 8.1 Latest version of OpenSSL vulnerable to heart bleed? - ANSWER 1.0.1.f Port 587 - ANSWER SMTP What OSI layer does SNMP belong to? - ANSWER Application Port 69 - ANSWER TFTP What kind of authentication does SIP use? - ANSWER Digest Port 443 - ANSWER HTTPS Nmap firewall evasion flag? - ANSWER -f Port for DHCP - ANSWER UDP 67 Which of these is not a reserved IP address? - ANSWER 81.98.0.0/12 Nmap flag to send scans from spoofed IP - ANSWER -D Port for IMAP4 - ANSWER 143 port for rexec - ANSWER 512 Tool to scan for NetBIOS NameServers? - ANSWER Nbtscan using Nmap FIN scan, you received a FIN/ACK. What is the likely host? - ANSWER Windows IIS 6.0 - ANSWER 2003 & Xp (64-bit) issue that affects SNMPv1 - ANSWER Clear text community string IIS 10 - ANSWER Windows server 2016 and windows 10 How does rsh work - ANSWER Execute one command at a time how many bits in a MAC address - ANSWER 48 bits Port 1723 - ANSWER PPTP (Point-to-Point Tunneling Protocol) User enumeration on Solaris? - ANSWER Finger-user-enum Port 19 - ANSWER Chargen rwho port - ANSWER UDP 513 Nmap grepable output - ANSWER -oG port for H.323 - ANSWER 1720 Port 1604 - ANSWER CITRIX BROWSER Port for NNTP? - ANSWER 119 and 563 over TLS (NNTPS) HSRP (Hot Standby Router Protocol) Port? - ANSWER UDP 1985 OR 2029 for IPv6 rwho port - ANSWER UDP port 513/550 rusers port? - ANSWER RPC Portmapper on port 111 SMTP port? - ANSWER TCP 25 and 587 Finger port? - ANSWER TCP 79 Check patch levels for Solaris - ANSWER Cat /etc/release = shows current release and update level Uname -a = lists current kernel patch level Showrev -p = shows all patches installed Patchadd -p = shows all installed patches Pkginfo = provides detailed info about packages installed on a system Check patches for Debian - ANSWER Lsb_release -a = displays info about the Linux distro installed Dpkg -L/—list = displays packages Apt list = lists all packages it knows about locally or remotely Check patches for RedHat - ANSWER Uname -a Cat /etc/redhat-release Rpm -qa/qf Derive list of missing security patches on Solaris - ANSWER pca -L -f . missingrs | tee missing_ Derive list of missing security patches on Debian - ANSWER apt list —u [Show More]

Last updated: 2 years ago

Preview 1 out of 26 pages