Question

1. You want to test your current security configuration. Which method would you use to avoid detection?

1. Active reconnaissance
2. Passive reconnaissance
3. Credentialed vulnerability scan
4. All of these

2. You are formulating a vulnerability assessment to be performed by security analysis. Nmap is one of the tools to be used, what information will you expect the program provide about the target host(S)?

1. Device
2. Topology
3. Service
4. All of these

Answer 1

Answer1:
B: Passive reconnaissance
Explanation-
Passive reconnaissance is the process of collecting information about the target without even entering into the target's system environment. The target gets no knowledge of what is occurring to its system. Typical passive reconnaissance can include physical observation of an enterprise's building, sorting through discarded computer equipment in an attempt to find equipment that contains data or discarded paper with usernames and passwords, eavesdropping on employee conversations, researching the target through common Internet tools, impersonating an employee in an attempt to collect information, packet sniffing, etc.

Hence it is a way in which the attacker can get valuable information about the target without even letting the target know about the attack and so passive reconnaissance is a better option than active reconnaissance for testing the security configuration without letting the system know about it.

In active reconnaissance, the target gets to know that it is being accessed/ attacked by some other system.

Credentialed vulnerability scans are scans in which the scanning computer has an account on the computer being scanned that allows the scanner to do a more thorough check looking for problems that can not be seen from the network. In this method also the target has knowledge about the attacker system as it has got the account in that system. Hence this method is also not suitable to check the security configuration without letting the system know about it.

ANSWER2:
D All of these
Explanation-
DEVICE: One of Nmap's best-known features is remote OS detection using TCP/IP stack fingerprinting. Nmap sends a series of TCP and UDP packets to the remote host and examines practically every bit in the responses. After performing dozens of tests such as TCP ISN sampling, TCP options support and ordering, IP ID sampling, and the initial window size check, Nmap compares the results to its nmap-os-db database having a large database of known OS fingerprints and prints out the OS details if there is a match. Each fingerprint includes a freeform textual description of the OS, and a classification which provides the vendor name (e.g. Sun), underlying OS (e.g. Solaris), OS generation (e.g. 10), and device type (general purpose, router, switch, game console, etc).

TOPOLOGY: Nmap provides an interactive, animated visualization of the connections between hosts on a network. Hosts are shown as nodes on a graph that extends radially from the centre. Clicking on any node makes it as the centre and automatically rearranges all the nodes.

SERVICE: Nmap is a utility tool for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.