Download NSA CNT Exam with precise detailed answers and more Exams Information and Computer Technology in PDF only on Docsity!
1 |! / |! 40
NSA|! CNT|! Exam|! with|! precise |! detailed |!
answers
- Computer |! Concepts |! - |! Endianness: |! Endianness |! means |! that |! the |! bytes |! in |! com- |! puter |! memory |! are |! read |! in |! a |! certain |! order
- If|! my|! computer|! reads|! bytes|! from|! left|! to|! right|! and|! your|! computer|! reads|! from|! right|! to |! left |! were |! going |! to |! have |! issues |! communicating
- Endianness |! is |! represented |! in |! two |! ways |! what |! are |! they?: |! Big-endian |! (BE) |! and |! Little |! Endian |! (LE)
- Big-Endian |! (BE) |! vs |! Little-Endian |! (LE): |! BE |! stores |! the |! big |! end |! first |! and |! then |! proceeds |! to |! the |! lowest, |! from |! left |! to |! right
2 |! / |! 40 LE |! stores |! the |! little |! end |! first.|! from |! right |! to |! left
- What |! are |! the |! different |! types |! of |! CPU |! architectures?: |! ia32 |! - |! 32-bit |! intel |! Archi- |! tecture mipsel |! - |! 64 |! bit |! Microprocessor 32 |! and |! 64 |! bit |! systems
- What |! is |! Virtualization: |! is |! a |! process |! that |! allows |! for |! more |! efficient |! utilization |! of |! physical |! computer |! hardware |! and |! is |! the |! foundation |! of |! cloud |! computing
- What |! are |! some |! benefits |! of|! Virtualization?: |! Resource |! Efficiency Easier|! Management |!
4 |! / |! 40 User|! Space:|! User|! applications|! operate|! in|! a|! less|! privileged|! mode,|! typically|! at|! a|! lower |! privilege |! level |! then |! the |! kernel
5 |! / |! 40
- Access|! to|! Resources |! Kernel |! Space: User |! Space:: |! Kernel |! Space |! - |! the |! kernel |! has |! direct |! access |! to |! all |! hardware |! and |! system |! resources User |! Space:|! user |! applications |! do |! not |! have |! direct |! access |! to |! hardware |! resources. |! They |! interact |! with |! the |! system |! through |! system |! calls |! provided |! by |! the |! kernel
- Execution |! Context |! Kernel |! Space: User |! Space:: |! Kernel |! Space:|! the |! kernel |! runs |! in |! a |! global |! and |! shared |! context, |! and |! its |! code |! is |! typically |! loaded |! into |! a |! fixed |! location |! in |! memory |! during |! system |!
7 |! / |! 40
- Viruses |! and |! there |! Key |! Features:|! - |! Infects |! other |! executable|! files |! or |! documents
- Spreads |! when |! infected |! files |! are |! shared |! or |! executed
- Often |! requires |! user |! interaction |! to |! propagate
- Worms |! and |! there |! Key|! Features:|! - |! Self|! replicates|! and|! spreads|! across|! networks |! without |! user |! intervention -Exploits |! vulnerabilities |! in |! network |! protocols |! or |! operating |! systems
- Can |! consume |! network |! bandwidth |! and |! system |! resources
- Trojan |! Horses |! and |! there |! Key |! Features:|! - |! Disguises |! itself |! as |! a |! legitimate |! or |! benign |! program
- Tricks |! users |! into |! executing|! or |! installing |! it
8 |! / |! 40
- Can |! create |! backdoors |! for |! remote |! access
- Spyware |! and |! there |! Key |! Features:|! - |! Secretly |! monitors |! user |! activities |! without |! their |! knowledge
- Collects |! sensitive |! information |! such |! as |! login |! credentials |! or |! browsing |! habits
- Often |! used |! for |! identity |! theft |! or |! espionage
- Adware |! and |! there |! Key|! Features:|! - |! Displays|! unwanted|! advertisements|! to|! users
- May |! come |! bundled |! with |! legitimate |! software
10 |! / |! 40 normal |! behavior |! making |! it |! possible |! to |! detect |! and |! mitigate |! malware
- What |! is |! Signature |! based |! detection |! for |! malware?: |! uses |! a |! unique |! signature |! or |! digital |! footprint |! from |! software |! programs |! running |! on |! a |! protected |! system.|! Antivirus |! programs|! scan|! the|! software|! and|! compare|! the|! signature|! to|! know|! malware|! signatures
- What |! are |! the |! different |! types |! of |! rootkits: |! User |! Mode |! Rootkits |! Kernel |! Mode |! Rootkits Bootkits Memory-Resident |! or |! RAM-based |! rootkits
- **What |! is |! a |! User |! Mode |! Rootkit
- |! Privilege |! Level**
11 |! / |! 40 2, |! Infection |! Method
3. |! Detection |! Method: |! Privilege |! Level:|! Operate |! at |! the |! user |! level Infection |! method |! - |! typically |! infiltrate |! user-space |! processes |! and |! applications Detection |! Method |! - |! may |! be |! detected |! using |! rootkit |! scanners, |! behavioral |! analysis, |! or |! by |! monitoring |! changes |! in |! system |! files |! and |! registry |! entries
- **What |! is |! a |! Kernel |! Mode |! Rootkit?
- |! Privilege |! Level 2, |! Infection |! Method
- |! Detection |! Method: |!** 1.|! Privilege |! Level:|! Operate |! at |! the |! kernel |! or |! ring |! 0 |! level 2.|! Infection|! Method:|! invade|! the|! core|! of|! the|! operating|! system,|! replacing|! or|! modifying |! kernel |! components
13 |! / |! 40
- **What |! is |! a |! Bootkits |! Rootkit?
- |! Privilege |! Level 2, |! Infection |! Method 3.|! Detection |! Method: |!** 1.|! Privilege|! Level|! - |! Operate|! at|! the|! bootloader|! level,|! before|! the |! operating |! system |! loads 2, |! Infection|! Method|! - |! Modify|! the|! master|! boot|! record|! (MBR)|! or|! other|! boot|! components |! to |! gain |! control |! during |! the |! boot |! process 3.|! Detection |! Method |! - |! Bootkit |! detection |! often |! requires |! specialized |! tools |! that |! can |! analyze |! the |! boot |! process
- What |! is |! a |! Memory-Resident |! or |! RAM-Based |! Rootkit?
14 |! / |! 40
**1. |! Privilege |! Level 2, |! Infection |! Method
- |! Detection |! Method: |!** 1.|! Privilege |! Level |! - |! Operate |! in |! the |! system's |! memory 2, |! Infection |! Method |! - |! Load |! directly |! into |! RAM, |! making |! detection |! more |! challenging 3.|! Detection |! Method |! - |! Memory |! analysis |! tools |! and |! behavioral |! monitoring |! can |! help |! identify |! anomalies |! in |! system |! memory.
- Which|! type|! of|! virtualization|! allows|! a|! computer's|! operating|! system|! kernel|! to |! run |! multiple |! isolated |! instances |! of |! a |! guest |! virtual |! machine, |! with |! each |! guest |! sharing |! the |! kernel?: |! Container |! Virtualization
- What |! is |! SSH? |! What |! port |! does |! it |! use?: |! Secure |! Shell |! (SSH) |! can |! be |! used |! to |!
16 |! / |! 40
- What|!is|!HTTP|!and|!what|!port|!does|!it|!use?:|! HTTP|!is|!HyperText|!Transfer|!Proto-|! col |!and|!it|!is|!responsible|!for|!web|!content.|!Many|!web|!pages|!use|!HTTP|!to|!transmit|!the |! web |! content |! and |! allow |! the |! display |! and |! navigation |! of |! HyperText. TCP |! Port:|! 80
- What |! is |! Telnet |! and |! what |! port |! does |! it |! use?:|! TCP |! Port:|! 23 Command|! line|! tool|! to|! access|! a|! remote|! system.|! Used|! to|! configure|! a|! router|! or|! switch. |! Can |! be |! also |! used |! to |! check |! if |! ports |! are |! open |! or |! closed Not |! secure, |! don't |! use |! over |! the |! internet
- What|! is|! FTP|! and|! what|! port|! does|! it|! use:|! File|!Transfer|!Protocol|!is|!used|!to|!upload
17 |! / |! 40 |! and |! download |! files |! from |! an |! FTP |! server. FTP |! uses |! ports|! TCP |! 20 |! & |! 21
- What |! is |! DNS |! and |! what |! port |! does |! it |! use: |! Domain |! Name |! System |! is |! used |! to |! resolve|! host|! names|! to|! IP|! addresses.|! DNS|! servers|! host|! the|! DNS|! service|! and|! respond |! to |! DNS |! queries. DNS |! uses |! UDP |! port |! 53.
- What |! is |! DHCP |! and |! what |! port |! does |! it |! use?:|! Dynamic |! Host |! Configuration |! Protocol Automatically |! sets |! IP |! addresses |! and |! other |! attributes |! to |! an |! IP |! host |! to |! enable |! infor- |! mation |! transfer |! between |! network |! nodes
19 |! / |! 40
- netstat |! -a |! what |! does |! it |! show: |! Shows |! all |! active |! ports |! open
- TCP/IP |! 3-way |! handshake: |! SYN |! - |! Host |! A |! sends |! request |! to |! Host |! B |! SYN/ACK |! - |! Host |! B |! sends |! back |! a |! ACK |! of |! Host |! A's |! SYN |! and |! its |! on |! SYN |! as |! well ACK |! - |! Host |! A |! ACK
- By|! default, |! what |! is |! the|! MTU|! size |! on |! a|! typical |! Ethernet |! network?: |! 1500 |! bytes
- ARP |! Tables |! might |! contain |! two |! different |! types |! of|! entries. |! What |! are|! they, |! and |! how |! are |! they |! created?: |! They |! contain |! dynamic |! and |! static |! entries. Dynamic |! ARP |! table |! entries |! are |! created |! when |! a |! client |! makes |! an |! ARP |! request |! for |! information |! that |! could |! not |! be |! satisfied |! by |! data |! already |! in |! the |! ARP |! table,
20 |! / |! 40 Static |! ARP |! table |! entries |! are |! those |! that |! someone |! has |! entered |! manually |! using |! the |! ARP |! utility
- How|! is |! TTL|! field |! utilized |! in|! IPv4: |! the|! TTL|! field|! indicates|! the|! maximum|! duration |! that |! the |! packet |! can |! remain |! on |! the |! network |! before |! it |! is |! discarded. it |! represents |! the |! number |! of |! times |! a |! packet |! can |! still |! be |! forwarded |! by |! a |! router, |! or |! the |! maximum |! number |! of |! router |! hops |! it |! has |! remaining.The |! TTL |! for |! packets |! varies |! and |! can |! be |! configured;|! it |! is |! usually |! set |! at |! 32 |! or |! 64.|! Each |! time |! a |! packet |! passes |! through |! a |! router, |! its|! TTL |! is |! reduced |! by |! 1.|! When |! a |! router |! receives |! a |! packet |! with |! a|! TTL |! equal |! to|! 0,|! it|! discards|! that|! packet|! and|! sends|! a|! TTL |! expired|! message|! via|! ICMP|! back|! to|! the |! source |! host.
- IP |! is |! an |! unreliable, |! connectionless |! protocol, |! as |! it |! does |! not |! establish |! a |!