CPSA FINAL EXAM WITH REVISED QUESTIONS AND 100% CORRECT ANSWERS RATED A+.

CPSA FINAL EXAM WITH REVISED QUESTIONS AND 100% CORRECT ANSWERS RATED A+. A1) Benefits of pen testing - Manage risk. Increase business continuity. Minimize clientside attacks. Protect clients, partners and third-parties. Comply with regulation. A1) Pentest structure - Reconnaissance (i.e., find live hosts, sweeping, find services, scanning, banner matching, find vulnerabilities). Target prioritization (e.g., assess servers rather than printers). Testing of services and exploitation if applicable. Consult/Confirm with customer if ok to exploit. Inform customer of any high-risk issues that need addressing immediately. A1) Project Lifecycle - Data Gathering / Scoping / Briefing. Testing. Report Writing. Debriefing A2) Computer Misuse Act 1990 - The Act defines 3 specific offences: 1. Unauthorized access to computer material (that is, a program or data). 6 months or Level 5 fine (£5000 currently). 2. Unauthorized access to a computer system with intent to commit or facilitate the commission of a serious crime. 5 years, max fine. 3. Unauthorized modification of computer material. 5 years, max fine. In general: You must not test a system without prior authorization (e.g., as agreed in written scope/contract). You should never test without informing the client beforehand. Amended by Part 5 of Police and Justice Act 2006. A2) Police and Justice Act 2006 - An amendment and update to the Computer Misuse Act 1990 in Part 5 of the Police and Justice Act 2006 are: Section 35. Unauthorized access to computer material. Section 36. Unauthorized acts with intent to impair operation of computer, etc. Section 37. Making, supplying or obtaining articles for use in computer misuse offences. Section 38. Transitional and saving provision. In general: Part V includes a few sections on Computer Misuse Act 1990. Provision for DoS as an offence. Increased penalties. Making available tools to the Internet. Dual-use tools liable. A2) Human Rights Act 1998 - Lots of general human rights involved such as right to marry, discrimination, privacy, slavery, guilty etc. Human Rights Act 1998 is relevant to Computer usage as: "Protects the right of individuals against unreasonable disruption of and intrusion into their lives, while balancing this individual right with those of others." In general: Article 8: Right to respect for private and family life. Right to privacy. With Acceptable Usage Policy (AUP), you waive the right to privacy on network. A2) Data Protection Act 1998 - In general: Deals with PII (Personal Information ID). Data about identifiable users should only be used for the purpose intended. Should not make a local copy (e.g. HR Database) A2) Handling Data (6 catergories) - Data classification set by . Important for CHECK member to know the protective marking of test/report. 1. NPM — Non Protective Marking. 2. PROTECT — Not sensitive enough to make classification. Sensitive but not high risk. 3. RESTRICTED — Pentests are usually RESTRICTED as a minimum 4. CONFIDENTIAL — (Prejudical). 5. SECRET — (Serious Injuries). 6. TOP SECRET (EGD). A4) 5 Principles of Risk Management - Assess risk and determine needs. Establish a central management focus. Implement appropriate policies and related controls. Promote awareness. Monitor and evaluate policy and control effectiveness. A3) Sensible scoping questions (7) - 1. What technologies are being used? 2. Can we get access to the application (Web Application)? 3. How many users are there? 4. How many pages are there? Are they dynamic or static? 5. What are you expecting us to find? 6. Will this be a white box or black box test? 7. Will the testing be onsite or remote? B1) OSI - Open Standards Interconnection (OSI) developped by International Standards Organisation (ISO) B1) OSI Model. What and stages? - Model is set of 7 layers that define the different stages that data must go through to travel from one device to another over a network. {7} Application, {6} Presentation, {5} Session, {4} Transport, {3} Network, {2} Data Link, {1} Physical. Higher layers more specific, lower layers more generic. Please Do Not Tell Sales People Anything. B1) Physical Layer - Physical layer defines electrical and physical specifications for devices, i.e. relationship between a device and a transmission medium (e.g. copper or fibre optical cable, Shielded/unshielded twisted pair, 10Base-2, 10Base-T, 100Base-TX, 1000B-T, RJ45, Coaxial, Fibre-optical cables, Copper cables) B1) Data Link Layer - Data Link layer provides means to transfer data between network entities using a common addressing format. Data Link layer has Logical Link Control (LLC) sublayer for multiplexing several network protocols (e.g. IP, IPX, Decnet and Appletalk) to coexist in multipoint network. Data Link layer has Media Access Control (MAC) sublayer for addressing and terminal/network nodes to communicate within a multiple access network. MAC address, PPP, HDLC, ADCCP. B1) Network Layer - Network layer provides means of transferring data from a source host on one network to a destination host on a different network. IP Address, ARP, IPv4, IPv6, ICMP, IPX, RIP, IKE. B1) Transport Layer - Transport layer provides transparent transfer of data using connection-oriented data stream support, reliability, flow control, and multiplexing. Port Number, TCP, UDP, SCTP. B1) Session Layer - Session layer provides mechanism for opening, closing and managing a session between end-user application processes, i.e., a semi-permanent dialogue. SOCKS, TLS-PSK, TLS-SRP. B1) Presentation Layer - Presentation layer is responsible for the delivery and formatting of information to the application layer for further processing or display. MIME, Netware Core Protocol, XML. B1) Application Layer - Application layer is outermost layer where user interact directly with the software application. FTP, SSH, Telnet, SMTP, IMAP, POP, HTTP, HTTPS, RTP, BOOTP, SNMP, NTP. B1) TCP/IP Model Layers - TCP/IP model is basically a shorter version of the OSI model. Consists of four instead of seven layers. Application, Transport, Network and Link. TCP Application layer is like Application, Presentation and Session of OSI. TCP Transport aka 'Host-to-host transport' is Transport in OSI. TCP Network aka 'Internet Layer' is Network OSI. TCP Link aka 'Network Access' is Data Link and Physical OSI. B1) TCP/IP Transport and Application Layer - Transport Layer is a convenient application programming interface to internet hosts. Application Layer contains all protocols and methods that fall into the realm of process-to-process communications across an IP network. B1) IPv4 - IPv4 uses a 32-bit address for its Internet addresses. That means it can provide support for 2^32 IP addresses in total â around 4.29 billion B1) IPv6 Size and Advantages - IPv6 utilizes 128-bit Internet addresses. No more NAT. No more private address collisions. More efficient, many other benefits. Leading zeros can be omitted. The double colon (::) can be used once in the text form of an address, to designate any number of 0 bits. B1) TCP Characteristics (3) - 1) Transmission Control Protocol/Internet Protocol. 2) It is specifically designed as a model to offer highly reliable and end-to-end byte stream over an unreliable network. 3) A TCP connection is established with the help of three-way handshake. It is a process of initiating and acknowledging a connection. Once the connection is established, data transfer begins, and when the transmission process is finished, the connection is terminated by the closing of an established virtual circuit. The connection is full duplex, and both sides synchronize (SYN) and acknowledge (ACK) each other. The exchange of these four flags is performed in three steps—SYN, SYNACK, and ACK B1) UDP Characteristics - 1) User Datagram Protocol (A datagram is a transfer unit associated with a packet-switched network.) 2) Datagram oriented protocol. It is used for broadcast and multicast type of network transmission. 3) The UDP protocol works almost similar to TCP, but it throws all the error-checking stuff out, all the back-and-forth communication and deliverability. UDP uses a simple transmission method without implied hand-shaking dialogues for ordering, reliability, or data integrity. B1) TCP vs UDP (6) - 1) TCP is a connection-oriented protocol, whereas UDP is a connectionless protocol. 2) The speed for TCP is slower while the speed of UDP is faster. 3) TCP uses handshake protocol like SYN, SYN-ACK, ACK while UDP uses no handshake protocols. 4) TCP does error checking and also makes error recovery, on the other hand, UDP performs error checking, but it discards erroneous packets. 5) TCP has acknowledgment segments, but UDP does not have any acknowledgment segment. 6) TCP is heavy-weight, and UDP is lightweight. B1) ICMP - 1) The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues. 2) The primary purpose of ICMP is for error reporting. ICMP is mainly used to determine whether or not data is reaching its intended destination in a timely manner. 3) Unlike the Internet Protocol (IP), ICMP is not associated with a transport layer protocol such as TCP or UDP. This makes ICMP a connectionless protocol: one device does not need to open a connection with another device before sending an ICMP message. Normal IP traffic is sent using TCP, which means any two devices that exchange data will first carry out a TCP handshake to ensure both devices are ready to receive data. ICMP does not open a connection in this way. The ICMP protocol also does not allow for targeting a specific port on a device. B1) ICMP Probing/Ping sweep - Type 8 (Echo Request) - used to perform ping sweeping in order to determine whether hosts are accessible: root@kali:~# ping 192.168.51.29. Can use Nmap to perform ping sweep across a whole network IP range: nmap -sP 192.168.51.0/24 B1) ICMP Types - Type 8 (echo request) = Ping packets. Type 13 (timestamp request) = Used to obtain system time from the target host. Type 15 (information request) = Rarely used, intended to support self-configuring systems to allow then to discover their network addresses. Type 17 (subnet address mask request) = Reveals the subnet mask used by the target host, used when mapping networks B1) ICMP Probing tools - Sing (works like Ping but with enhancements as you can send diff types of ICMP). Works like "sing -echo" "sing -tstamp" "sing -mask". nmap -sP. ICMPscan, can do all of the ICMP types with flags -T (timestamp) -N (Netmask) -I (info) -E (echo) B1) ICMP OS Fingerprinting - Ofir Arkin's Xprobe2 utility performs OS fingerprinting by primarily analyzing responses to ICMP probes B1) Microsoft PPTP - 1. The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. A PPTP tunnel is started by communication to the peer on TCP port 1723. This TCP connection is then used to initiate and manage a GRE tunnel to the same peer. Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links or point-to-multipoint links over an Internet Protocol network. Microsoft PPTP uses TCP port 1723 to negotiate and establish connection and IP protocol 47 (GRE) for data communication. 2. Uses MS-CHAP for authentication which PPTPv1 and PPTPv2 and vulnerable to bruteforce attacks. B2) Cat 5/Fibre - Coaxial/Cat 5/Fiber Optics is pyhsical part of the physical layer. Coax cable is an older technology used in connecting networks. Cat 5 is made from copper and is twister pairs. B2) Cat 5 Characteristics - 1) Performance up to 100MHz 2) Suitable for 10BASE-T, 100BASE-TX (Fast Ethernet), 1000BASE-T (Gigabit Ethernet). 3) Category 5 enhanced (Cat 5e) supersedes Cat 5. Category 6 cable (Cat 6) is a cable standard for Gigabit Ethernet. 4) Normally use RJ45 connectors. B2) What are 10/100/1000baseT (Ethernet) - 1) They are standards that carry traffic on physical layers. B2) 10base - T characteristics - 1) Also known as ethernet over twisted pair or IEEE 802.3i 2)10base-T transmits at speed of 10Mbit/s using baseband transmission using twisted pair cables B2) 100base - TX characteristics - 1) 100base-TX (IEEE 802.3u) is most common of the Fast Ethernet standard. Fast Ethernet covers copper (100base-TX, 100base-T4, 100base-T2) and fibre-optic (100base-FX, 100base - SX, 100base-BX, 100base-LX10) technologies. B2) 1000base - T characteristics - 1000base-T (IEEE 802.3ab) is a standard for gigabit Ethernet over copper wiring. B2) Token Ring. Where? How fast? Describe? Cabling? - 1) LAN technology which resides in the Data Link Layer (DLL) of the OSI, similar to ethernet. 2) Token Ring Network operates at 4mbps and 16mbps. 16mbps Token Ring a.k.a. Fast Token Ring. 3) Token is passed along the cyclic network. No collision. Each node has timeslice to perform processing. Special token frame circles the network when no station transmitting. Station converts token into data frame for transmission. Token Priority has 8 levels to assign to stations. Token Ring standardised with IEEE 802.5. 4) Token Ring cabling uses IBM "Type-1" shielded twisted pair with unique genderless connector (a.k.a. Boy George connector) B2) What is a WLAN? What OSI layer? - 1) A wireless local area network (WLAN) links two or more devices using some wireless distribution method (typically spread-spectrum or OFDM radio). WLAN usually provides a connection through an access point to the wider Internet. 2) WLAN is a data link layer protocol. WIFI Data Link similar to ethernet.