Welp, I’m finally almost caught up on bogging which means that its back to going through test prep questions. Man, this thing is a monster and I cannot stress that enough. I have been taking it slow though. Which has curved burn out and what I’m calling shoe shine head. Not great at memorizing without reason, again, so its hard to just go through this many things and know all the answers. The other part of that is that the questions on the pretest most likely will not be on the actual test which means, shocking, you have to know the material.
Anyway, this was my score going through the pretest completely and as you can see I have a ways to go. I’ve been through about half the questions I missed and realized towards the back end (the questions I didn’t blog before going through them) that I needed to blog those bad boys haha
Anyway, lets get into this lot of questions. It seems I marked some more for review so possibly get ready for some more stuff (no one reads this lol) that I’ve covered before!
This is the type of question that gets me nervous because it says a configuration has not been entered on the firewall and then seems to state that there is an implicit deny rule. This leads me to think that I should be looking to set a configuration. However, when thinking back on it now ACL is kind of weird thing to put on a new firewall and inbound/outbound rules are not. The wording is a little off putting on this but I for sure see where they are going with it and it should be something that I’m able to catch on to.
I cant seem to find anything about this anywhere online. The only example info about buffer overflow is red team type definitions rather than ‘what blue team should look for’ type of things. Anyway, I’m not sure how a ping is a indicator of a buffer overflow. I guessed at the answer though. Again, this is the type of question that worries me and I’m pretty sure I’m not going to pass the first time based on stuff like that.
This one was pretty straight forward, as noted by Certfication Kits/Cisco:
A Root Bridge is a reference point for all switches in a spanning-tree topology. Across all connected switches a process of election occurs and the Bridge with the Lowest Bridge ID is elected as the Root Bridge. Bridge ID is an 8-byte Value that consists of 2-Byte Bridge Priority and 6-Byte System ID which is the burned in MAC address of the Switch. Initially all switches began advertising them selves as the Root Bride in BPDUs but once they receive a superior BPDU, one which has a lower Bridge ID, they cease the messages and starts forwarding the superior BPDUs. In the above Figure all switches began with advertising themselves as the Root Bridge. When Switch B receives the BPDU from Switch A it compares the Bridge ID of itself with that of Switch A. Since the Priorities are same, the MAC address is used as the tie breaker and thus Switch A wins due to lower MAC Address. Switch B stops sending its BPDU and forwards the BPDU from A. This Process repeats on Switch C as well and it ceases the generation of BPDU and instead forwards BPDUs from A. Now a single reference point for the network is elected which is Switch A, all other switches now forward STP BPDUs received from Root Bridge.
I didn’t include the diagram but its still legable and the important part is this: of 2-Byte Bridge Priority and 6-Byte System ID which is the burned in MAC address of the Switch and once they receive a superior BPDU, one which has a lower Bridge ID, they cease the messages and starts forwarding the superior BPDUs
Again, this is one of those authentication/hashing/encryption things that I feel like I should have a very clear idea of every single thing about each one of them for some reason but don’t
Lets make a list:
- XOR – a basic cypher
- PBKDF2 – Password-Based Key Derivation Function 2 – are key derivation functions with a sliding computational cost, used to reduce vulnerabilities to brute force attacks. PBKDF2 applies a pseudorandom function, such as hash-based message authentication code (HMAC), to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more difficult, and is known as key stretching.
- bcrypt – Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.
- HMAC – sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message. Any cryptographic hash function, such as SHA-256 or SHA-3, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-X, where X is the hash function used (e.g. HMAC-SHA256 or HMAC-SHA3). The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output, and the size and quality of the key. does not mention salt directly on the wiki
- RIPEMD – RIPEMD, as well as RIPEMD-128, is not considered secure because 128-bit result is too small and also (for the original RIPEMD) because of design weaknesses. The 256- and 320-bit versions of RIPEMD provide the same level of security as RIPEMD-128 and RIPEMD-160, respectively; they are designed for applications where the security level is sufficient but longer hash result is necessary.
- salt – Salts also make dictionary attacks and brute-force attacks for cracking large numbers of passwords much slower (but not in the case of cracking just one password). Without salts, an attacker who is cracking many passwords at the same time only needs to hash each password guess once, and compare it to all the hashes. However, with salts, each password will likely have a different salt; so each guess would have to be hashed separately and compared for each salt, which is considerably slower than comparing the same single hash to every password. Thought this was work mentioning
Not sure why I picked a packet analyzer if they noticed the connections, which im not sure how they did without using netset, netstat would be the choice.
A seems like the normal choice here but what really happens is a massive amount of data causes the system to possible allow you to perform arbitrary actions or execute programs. However this very specific scenario is possible, as noted here. Again, this type of question is my nightmare.
Honestly not exactly sure what a SYN packet is, so lets check these two things out: some firewalls start triggering their own alerts when this rate is reached and may start dropping or refusing connections. and the half-open connections created by the malicious client bind resources on the server and may eventually exceed the resources available on the server. At that point, the server cannot connect to any clients, whether legitimate or otherwise. This effectively denies service to legitimate clients
From that info its pretty clear that it uses up the memory and then the server crashes.
For some reason this post took a while and actually exhausted me. Cant wait to hit the hay tonight. Listened to some interesting music tonight along with the fan on my laptop spinning up more than usual for some reason. Reminds me of my ex-wife for some reason. Always the same cycle hun? Anyway, new Taylor Swift video in a few hours that apparently she directed her self so, I guess I’m excited for that. Not a person I remember listening to a bunch of her stuff but was vaguely familiar with as I lived in Nashville for along time and was fairly social. Not that any of that information is any not completely random.