CCT 131: Practice CISSP Questions - Mastering Vulnerability Assessments and Network Scanning (D6.2.1)

Cybersecurity's battleground is evolving with AI and quantum computing at the forefront. Are you prepared for the oncoming digital storm? Join me, Shon Gerber, as we reinforce crucial skills for vulnerability assessments and network scanning, and delve into the promising yet perilous world where artificial intelligence meets digital defense. With insights gleaned from a recent Google survey, we discuss the bright future of AI in enhancing security protocols and its darker potential to empower hackers. Furthermore, I shed light on the NSA's forewarning of practical quantum computing's arrival, its implications for today's encryption, and the strategic importance of planning for a quantum future. This conversation will arm you with the foresight to ensure your networks are ready to weather tomorrow's challenges.

Draw back the curtain on the arcane workings of network protocols and enhance your CISSP exam readiness with our comprehensive Cyber Training Overview. We begin by dissecting the intricacies of TCP network protocol identification and scanning techniques, illuminating the critical function of CVE identifiers, and unraveling the role of XML in automated vulnerability assessments. Then, transition to an examination blueprint with our CISSP Cyber Training, where we offer a wealth of resources - from podcasts to mobile-friendly audio materials - to streamline your study process. Whether you're in search of strategies to pass your certification or insights to fortify your organization's security posture, this episode provides the guidance and tactics you need to excel.

Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

TRANSCRIPT

Speaker 1: 0:00 

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started. Let's go.

Speaker 2: 0:22 

Cybersecurity knowledge All right, let's get started. Hey, I'm Sean Gerber with CISSP, cyber Training, and I hope you guys are having a wonderful day today. Today is exam question Thursday, so our practice question is Thursday, depending on how you see it online, but today is practice question Thursday and we are going to be going over vulnerability assessments and network scanning, some questions that were tied to the podcast that occurred on Monday. Just as you all are aware, we do the things on Thursday to the questions on Thursday to actually reaffirm or what do they call it, basically make Monday better. I guess I can't think of the word. It's 5 30 in the morning when I'm recording this. So life is good.

Speaker 2: 1:01 

But before we get started, I wanted to talk to you about a couple different articles I saw and wanted to get your opinion. If you guys feel free to chime in on, just go ahead and reach out to me, send me an email or go ahead and, as you see these getting posted on LinkedIn, let me know what you think about this article. But they said Google survey said 63% of IT and security pros believe AI will improve corporate cybersecurity, and I don't know what you all think about that, but one of the aspects they said is. They believe that most people will have some level of change within the old AI space and within corporate America. They said that the survey found that 21% of IT decision makers think AI will help them create security rules and 19% say attack simulation and compliance could prove valuable. I don't know what you all think about that. In regards to the overall helping them with security rules, I would say it most likely will definitely have some value in there. If we can use AI for creating code, then I don't see how they couldn't be used to make security rules and also make rules in a much quicker pace, especially if it can evaluate the current rule sets that are in place and then maybe even have it look for areas that you could do some work in and make them better. I think that would, at a minimum, would be very valuable. Just to have it affirm, or to look at all the rules that are currently in place and then find out which ones could be changed to be more or less streamlined or if there's potentially any security issues that are falling within that. Also they said about 25 of the respondents said that they believed AI would ultimately benefit hackers or bad actors with malintent, and it's like anything else, that that tool could be used for good and for bad, but bottom line is it.

Speaker 2: 2:48 

I feel, that you're going to have to embrace this technology because if you don't embrace it, as I mentioned in that last paragraph that the bad guys and gals are going to take advantage of it as well. We're already seeing this with business email communications or BECs, and because of that, because they're crafting these letters in a much better format than they did in the past you can only imagine that it's going to be used once they get more and more capability. It's just a matter of time. So it's important that, as protectors of the networks, we embrace this new technology and try to figure out ways to use it for our benefit because, like I said, the bad guys and gals are going to be using it for their benefit. Another one I saw was around.

Speaker 2: 3:29 

Practical quantum computing is coming in the next five years three to five years and this comes from the NSA. We've talked about quantum computing for a while now, and one of the things that I feel is it has been limited is the fact that people are thinking well, it may or may not happen, it will or it won't happen, it's going to come. It's coming, no matter whether you like it or not, people will change. People are designed to change and because of that design, this new journey into quantum is going to occur. One of the things that the NSA has been pushing hard is the save now, decrypt later, kind of aspect that many countries are taking I include probably most likely the US as well is that any data that is encrypted currently, that is uncrackable, they are copying and putting in locations so that they can decrypt it at a future state. And that's happening. You know it is. Whether we like it or not, those kind of aspects are going on.

Speaker 2: 4:25 

Now, one thing they said that they're expecting with this in the next three to five years is this quantum computing is going to be utilizing more or less a mesh of online resources versus having your own quantum computer in your own location, which makes sense, right? You wouldn't? I mean I shouldn't say you wouldn't. There are probably some companies that would buy a quantum computer and put it within their environment, but most would. If I was owning a company, I would go out and reach out to the cloud, utilize massive resources across the cloud, versus trying to invest in that in my own internal network. There may be situations where governments may do that because they don't want to have that data potentially shared, but in the most cases that's going to be across different avenues and different platforms as we look at quantum. So if you're a business, you need to really consider how are you going to handle quantum computing Now if it's going to be available to the users in the next three to five years, just anticipate that a business probably won't be able to utilize it to its full potential for another seven to ten years because it takes time businesses, especially large size businesses they don't turn on a dime and to be able to make those level of changes it's going to take time, but we see it coming right now.

Speaker 2: 5:38 

Just with Microsoft's co-pilot, with how they've embedded co-pilot into the office suite of, there is just a huge amount of opportunity and you know it's going to happen in the next 10 years. It's going to be extremely incredible for the world. Now, could it be incredibly bad for the world? That's a possibility too. You know, who knows how this is going to play out, but I would say the way the technology is changing so rapidly, it is just a matter of seeing what's going to occur in the next three to five years and 10. So I'm pretty excited about it. I'm not a doomer, doomer and gloomer person, because if reality is the case, it doesn't matter anyway, right? No matter what we do is not going to change the fact, the fact that technology is there, it's coming, so you might as well try to embrace the positive in it versus the negative. Okay, so let's roll into our questions for today.

Speaker 2: 6:33 

Question one what is the primary purpose of a TCP SIN scan? Again, what is the primary purpose of a TCP SIN scan? A to establish a full TCP connection. B to identify open ports without competing or completing the TCP handshake. C to complete this connection or to prioritize an urgent data. So what is the primary purpose of a TCP SIN scan? And the answer is B to identify open ports without completing the TCP handshake. A TCP SYN scan is used to identify open ports by initiating the connection with, obviously, the SYN packets and then waiting for the SYN act. We talked about that in the podcast. This obviously will then complete the three-way handshake, but because it doesn't complete the SYN scan or the SYN handshake, it cuts it off. It's just basically doing a scan.

Speaker 2: 7:24 

Question two which TCP flag is set by an attacker to conduct a Christmas or Xmas scan? Which TCP flag is set by the attacker to conduct a Christmas scan? A SINFLUT or SIN? B, ack, a-c-k, c, reset, r-s-t, sin, b, ac, a, c, k, c, reset, rst or d? The urg, p, a, p, s, h or f? I? N, right, the urgent push or fin? Again, which tcp flag is set by attacker to conduct a christmas scan? And it is the urge push and fin flags that they're set that basically lights up the christmas, basically to infer what is the state of the port. Again, a lack of response would be that the target system can help the attacker infer the state of the port. So that's the point.

Speaker 2: 8:13 

Question three what does a CVE identifier provide? Again, the CVE is your Charlie Victor Echo. What does the Charlie Victor Echo identifier provide? A a unique identifier for publicly known vulnerabilities. B a severity score for the vulnerability. C a configuration system setting for the system, security. Or D a language for writing security checklists. Again, what does the CVE identifier provide? And it's A a unique identifier for publicly known vulnerabilities, and it's set up, a unique identifier for publicly known vulnerabilities and it's set up specifically for that. It allows professionals as yourselves that are listening to this to quickly and accurately share the information about the vulnerability and ensure that everyone is speaking in the same language. Again, it's just a common way of knowing it, because if you had a CVE and a CDE and a CGE and they all were different, well then you wouldn't be understanding what each other is saying and then your, your standardization, would be all over the place.

Speaker 2: 9:09 

Which of the following is not a metric used in cvss scoring a base b temporal, c, urgent, d, environmental? So which of the following is not a metric used in cvss scoring a base b, temporal, c, urgent or d environmental? And when you're dealing with cvss scoring, the one that's not involved is urgency. Right, urgent is not a metric used in the cvss scoring. It's obviously base, temporal, environmental are the main metrics that are part of the CVSS.

Speaker 2: 9:46 

Question five which or what does the Common Platform Enumeration, cpe Charlie, papa, echo naming scheme identify? So what does the CPE naming scheme identify? A security vulnerabilities. B IT systems software and the packages associated. C security configuration issues. Or D compliance and security checklists. So what does the Common Platform Enumeration Scheme identify? And the answer is B IT systems software and the associated packages. If you remember, we talked about on the podcast. There's basically it's all separated by colons and it walks through. This is Microsoft, this is PAC, version 1907. Blankety, blankety, blank, blank. So it basically breaks down the systems, the software and the associated packages.

Speaker 2: 10:34 

Question six which protocol is used by OVAL O-V-A-L, oscar Victor Alpha Lima to determine the presence of vulnerabilities? A, tcp, b, udp, c, icmp or D XML? So which protocol is used by Oval to determine the presence of the vulnerabilities? And the answer is D XML. Xml is used to determine the presence of the vulnerabilities and the configurations on those specific computer systems, and then Oval definitions are used by the various security tools to automate that vulnerability assessment process.

Speaker 2: 11:09 

Question seven what is the result of a TCP-AX scan if the port is unfiltered? Okay, what is the result of a TCP-AX scan if the port is considered unfiltered? A the port sends a reset response. B the port sends a SYNAC response. C the port sends a FIN response. Or D there is no response from the port. Okay, so a TCP-AC scan unfiltered, and that would be. A the port sends a reset response. So when it sends that reset response, this scan is used to understand the filtering rules applied by the ports and rather than determining if the port is open. Question 8. Which TCP flag indicates the data should be processed immediately by receiving the application? Which TCP flag indicates that the data should be processed immediately by receiving applications A Push, b, syn, c, reset, d, ack. Immediately by receiving applications a push.

Speaker 1: 12:08 

B sin C.

Speaker 2: 12:08 

Reset D act so which TCP flag indicates that the data should be processed immediately by receiving the application? And the answer is a push, the psh flag, the proper Sierra Hotel. This indicates that the data should be processed immediately by receiving the application. When the push flag is set, the receiving end instructed to push the data to the application as soon as possible without waiting for a buffer to fill up. That's the point of the push.

Speaker 2: 12:35 

Question nine which is the purpose of an urgent pointer in TCP? A to reset the connection. B to synchronize the sequence numbers. C to prioritize certain data within the segment. Or D to indicate the end of the data transmission? Again, what is the purpose of the urgent pointer in TCP? And the answer is C to prioritize certain data within the segment. So the urgent pointer in the TCP is used in conjunction with the urgent flag to indicate there are certain data within the segment that should be prioritized. Obviously, it uses the data to immediately get attention. Bypassing data can be processed later. So that's the purpose of the urgent pointer in the TCP stack.

Speaker 2: 13:17 

Question 10, which scanning method completes the full TCP three-way handshake? It completes the full TCP three-way handshake. So which scanning method completes it? So it's basically the SYN, the SYN-AC, right? So you have all of that. Which one does that? The TCP SYN scan? B the TCP Connect scan, c the TCP-AC scan or D, the UDP scan. Okay, so if you break these down, we know the UDP scan won't do that because it's just a barrage type scan, right? So that would break you down into three different questions you can answer. So again, which one completes the full three-way TCP handshake? And the answer is B, the TCP connect scan. It completes the full three-way handshake, whereas the scanner will send the SYN and then the expects the SYN ACK and then it will send the ACK packet to establish the full connection. Okay, this is obviously more detectable when you're dealing with trying to scan a specific box. Therefore, it is not used unless you are targeting one very specific device.

Speaker 2: 14:20 

Question 11. What does the extensible configuration checklist description format that's that really long, nasty one ECCDF, right? The ECCDF specify? So it's called the extensible configuration checklist description format. B system security configuration issues. C IT systems and software identification. Or D security checklists and benchmarks. So what does the extendable? Let's just go with the XCCDF. What does it specify? And it specifies D the security checklists and benchmarks. It's a language and data model for expressing security checklists, benchmarks and related documentation. We talked about that in the podcast and how it's specifically for that and it's used primarily. You'll see this in some of the governmental aspects around this product, but it does allow for creation, maintenance and dissemination of security configuration information and it's consistent with machine readable format.

Speaker 2: 15:20 

Question 12 what is the typical response from a port during a UDP scan if the port is closed? So what is a typical response from a port during a UDP scan if the port is specifically closed? A a SYNAC response. B a reset response. C an ICMP port unreachable error. Or D no response whatsoever. So a UDP scan if the port is closed and remember we talked about that with ICMP is tied to the ping, it would be C port unreachable error. This UDP scan, the target, will typically respond with an ICMP port unreachable error. So basically, the port is not listening for any UDP packets. Therefore, no response and the port is presumed open or filtered. Question 13 which of the following is not part of the initial TCP process?

Speaker 2: 16:13 

handshake process a sin be sin act, see act or D urge Right Urgent and we've talked about this as you went through with this process on the podcast it would most likely be D urgent. You are correct. So the SIN, sinac and ACK are all part of the TCP. Handshake Urgent is not part of it. That's the flag that's tied into the TCP overall process but it is not part of the handshake process.

Speaker 2: 16:43 

Question 14. What does a high CVSS score indicate about a vulnerability? A high CVSS score indicate about a vulnerability? A high CVSS score indicate about a vulnerability? A it has been fully mitigated. B it is difficult to exploit. C it is significant impact and easy to exploit. Or D it is only present in a specific user environment. High CVSS score what CVSS score? Not CVS? The pharmacy CVSS score? What CVSS score? Not CVS? The pharmacy CVSS score? How? What does that mean? And it is C a significant impact and is easily to exploit? Again, the base score is determined by analyzing exploitability and impact of the vulnerability. So therefore, the higher the score, that's bigger the impact and potentially easier to exploit.

Speaker 2: 17:24 

Question 15 which of the following is true regarding this cve 2021? Three, four, five, two, seven vulnerability? We kind of talked about that a little bit online or on the podcast a bit, but what does that mean? What is it tied to? Some of you may know what this is because we ran into a problem with this back in 2021. A it's also known as a print nightmare. B it's a udp related vulnerability. C it's assigned a low cvss. B it's a UDP-related vulnerability. C it's assigned a low CVSS score. Or D it affects the Linux kernel. Well, we know it's in 2021, right, we know that that vulnerability exists and it is part of the. A it's known as the print nightmare. This vulnerability hit the Windows print spooler right and it happened back in 2021, and they assigned a very high CVSS score due to the impact. And a very high CVSS score due to the impact and which was extremely easy to exploit and caused a lot of drama in 2021.

Speaker 2: 18:11 

Okay, that's all I have for you today. Go out to CISSP Cyber Training and check out all of this information. It's all there for you. It's all free. There's a lot of this. I should say not all free. A big chunk of it is free for you all. You'll be able to get all these videos that are out there. You'll have access to that If you really want to get access and make sure you're studying for the CISSP and you need help with that.

Speaker 2: 18:34 

Check out all the paid products that I have available for you. I have a blueprint which will give you everything you need to pass the CISSP exam. It'll walk you through the book step by step by step, telling you what, what you should study, what you shouldn't study, or what we should study today, what you should study tomorrow. And then it'll also give you access to all the podcasts, all the audio. All of that is going to be there and available to you in a mobile format even so, that while you're driving to and from work, listening to it, while you're watching your children, and then don't fall asleep when you're listening to it, when you're watching, watching your kids okay, Don't do that, that would be bad, but all that's going to be available to you if you go out to cisspcybertrainingcom. Go check it out. Also, leave me a review in iTunes. I would appreciate it. Anything positive is always awesome. If it's negative, send me an email, see if I can fix it, because I really would.

OUTLINE

1. What is the primary purpose of a TCP SYN scan?

• A) To establish a full TCP connection
• B) To identify open ports without completing the TCP handshake
• C) To reset the connection
• D) To prioritize urgent data
• Correct Answer: B - A TCP SYN scan is used to identify open ports by initiating a connection with a SYN packet and waiting for a SYN-ACK response, without completing the three-way handshake. This method is stealthy, as it does not establish a full TCP connection, and is less likely to be logged by the target system.

2. Which TCP flag is set by an attacker to conduct an Xmas scan?

• A) SYN
• B) ACK
• C) RST
• D) URG, PSH, and FIN
• Correct Answer: D - An Xmas scan sets the URG, PSH, and FIN flags to create a packet that is “lit up” like a Christmas tree, used to infer the state of a port. The response, or lack thereof, from the target system can help the attacker infer the state of the port.

3. What does a CVE identifier provide?

• A) A severity score for a vulnerability
• B) A unique identifier for a publicly known vulnerability
• C) A configuration setting for system security
• D) A language for writing security checklists
• Correct Answer: B - A CVE identifier provides a unique identifier for a publicly known cybersecurity vulnerability. This allows security professionals to quickly and accurately share information about vulnerabilities and ensure that everyone is speaking the same language when referring to the same issue.

4. Which of the following is not a metric used in CVSS scoring?

• A) Base
• B) Temporal
• C) Environmental
• D) Urgent
• Correct Answer: D - Urgent is not a metric used in CVSS scoring. CVSS uses Base, Temporal, and Environmental metrics. The Base metrics evaluate the intrinsic qualities of a vulnerability, the Temporal metrics reflect the characteristics of a vulnerability that change over time, and the Environmental metrics capture the characteristics of a vulnerability that are unique to a user’s environment.

5. What does the Common Platform Enumeration (CPE) naming scheme identify?

• A) Security vulnerabilities
• B) IT systems, software, and packages
• C) Security configuration issues
• D) Compliance with security checklists
• Correct Answer: B - CPE is a structured naming scheme for identifying IT systems, software, and packages. It provides a standard method for identifying classes of applications, operating systems, and hardware devices, which is essential for vulnerability management and communication.

6. Which protocol is used by OVAL to determine the presence of vulnerabilities?

• A) TCP
• B) UDP
• C) ICMP
• D) XML
• Correct Answer: D - OVAL definitions are written in XML and are used to determine the presence of vulnerabilities and configuration issues on computer systems. OVAL definitions are used by various security tools to automate the vulnerability assessment process.

7. What is the result of a TCP ACK scan if a port is unfiltered?

• A) The port sends a SYN-ACK response.
• B) The port sends an RST response.
• C) The port sends a FIN response.
• D) There is no response from the port.
• Correct Answer: B - If a port is unfiltered, it will send an RST response to a TCP ACK scan. This type of scan is used to understand the filtering rules applied to the ports by a firewall, rather than to determine if a port is open.

8. Which TCP flag indicates that the data should be processed immediately by the receiving application?

• A) SYN
• B) PSH
• C) RST
• D) ACK
• Correct Answer: B - The PSH flag in TCP indicates that the data should be processed immediately by the receiving application. When the PSH flag is set, the receiving end is instructed to push the data to the application as soon as possible, without waiting for the buffer to fill up.

9. What is the purpose of the Urgent Pointer in TCP?

• A) To reset the connection
• B) To synchronize sequence numbers
• C) To indicate the end of data transmission
• D) To prioritize certain data within a segment
• Correct Answer: D - The Urgent Pointer in TCP is used in conjunction with the URG flag to indicate that certain data within a segment should be prioritized and processed immediately by the receiving application. This is used for data that needs immediate attention, bypassing data that can be processed later.

10. Which scanning method completes a full TCP three-way handshake?

• A) TCP SYN Scan
• B) TCP Connect Scan
• C) TCP ACK Scan
• D) UDP Scan
• Correct Answer: B - TCP Connect Scan completes a full TCP three-way handshake. The scanner sends a SYN packet and expects a SYN-ACK response; if received, it sends an ACK packet, establishing a full connection. This method is more detectable because it completes the connection and can be logged by the target system.

11. What does the Extensible Configuration Checklist Description Format (XCCDF) specify?

• A) Vulnerability severity scores
• B) Security checklists and benchmarks
• C) System security configuration issues
• D) IT system and software identification
• Correct Answer: B - XCCDF is a language and data model for expressing security checklists, benchmarks, and related documentation. It allows for the creation, maintenance, and dissemination of security configuration information in a consistent and machine-readable format.

12. What is the typical response from a port during a UDP scan if the port is closed?

• A) SYN-ACK
• B) RST
• C) ICMP port unreachable error
• D) No response
• Correct Answer: C - If a port is closed during a UDP scan, the target system will typically respond with an ICMP port unreachable error. This indicates that the port is not listening for incoming UDP packets. If there is no response, the port is presumed open or filtered.

13. Which of the following is not a part of the initial TCP handshake process?

• A) SYN
• B) SYN-ACK
• C) ACK
• D) URG
• Correct Answer: D - The URG flag is not part of the initial TCP handshake process. The handshake involves the SYN, SYN-ACK, and ACK flags. The URG flag is used during an established TCP session to indicate that certain data within a segment should be treated as urgent.

14. What does a high CVSS Base score indicate about a vulnerability?

• A) It has been fully mitigated.
• B) It is difficult to exploit.
• C) It has a significant impact and is easy to exploit.
• D) It is only present in a specific user environment.
• Correct Answer: C - A high CVSS Base score indicates that a vulnerability has a significant impact on the confidentiality, integrity, or availability of a system and is relatively easy to exploit. The Base score is determined by analyzing the exploitability and impact of the vulnerability.

15. Which of the following is true about the CVE-2021-34527 vulnerability?

• A) It is a UDP-related vulnerability.
• B) It is also known as “PrintNightmare.”
• C) It was assigned a low CVSS score.
• D) It affects the Linux kernel.
• Correct Answer: B - CVE-2021-34527 is also known as “PrintNightmare,” a vulnerability in the Windows Print Spooler service that allows for remote code execution with SYSTEM privileges. It was assigned a high CVSS score due to its significant impact and the ease with which it could be exploited.