CompTIA CSA+ Study Guide. Mike Chapple
Чтение книги онлайн.
Читать онлайн книгу CompTIA CSA+ Study Guide - Mike Chapple страница 5
The Metasploitable virtual machine username is msfadmin, and the password is msfadmin.
If either system will ever be exposed to a live network, or you don’t know if they will be, you should change the passwords immediately after booting the virtual machines for the first time.
Setting Up Your Environment
Setting up VirtualBox is quite simple. First, install the VirtualBox application. Once it is installed and you select your language, you should see a VirtualBox window like the one shown in Figure E.1.
FIGURE E.1 The VirtualBox main screen
To add the Kali Linux virtual machine, click File ➢ Import Appliance. Navigate to the directory where you downloaded the Kali VM, and import the virtual machine. Follow the wizard as it guides you through the import process. When it is complete, you can continue with these instructions.
The Metasploitable virtual machine comes as a .zip file, so you’ll need to extract it first. Inside, you’ll see a VMDK instead of the .ova file that VirtualBox uses for its native virtual machines. This means you’ll have to do a little more work.
1. Click New in the VirtualBox main window.
2. Click Expert Mode, name your system, and then select Linux for the type. You can leave the default alone for Version, and you can leave the memory default alone as well. (See Figure E.2.)
FIGURE E.2 Adding the Metasploitable VM
3. Select Use An Existing Virtual Hard Disk File, navigate to the location where you unzipped the Metasploitable.vmdk file, select it, and then click Create.
2. Now that both virtual machines are set up, you should verify their network settings. VirtualBox allows multiple types of networks. Table E.1 shows the critical types of network connections you are likely to want to use with this environment.
Table E.1 Virtual Machine Network Options
You may want to have Internet connectivity for some exercises or to update software packages. If you are reasonably certain you know what you are doing, using a NAT network can be very helpful. To do so, you will need to go to the File ➢ Preferences menu of VirtualBox, click on Network, and then set up a NAT network by clicking the network card with a + icon, as shown in Figure E.3.
FIGURE E.3 Adding the a NAT network
Warning: Dangerous Traffic!
If you are not comfortable with your virtual machines having outbound network access, think you might do something dangerous with them, or just want to avoid any other potential issues, you should set up both virtual machines to use Internal Network instead.
5. Once your NAT network exists, you can set both machines to use it by clicking on them, and then clicking the Settings gear icon in the VirtualBox interface. From there, click Network, and set the network adapter to be attached to the NAT network you just set up. (See Figure E.4.)
FIGURE E.4 Configuring VMs for the NAT network
6. Now you’re all set! You can start both machines and test to verify that they can see each other. To do this, simply log into the Metasploitable box and run ifconfig to find its IP address. Use ssh [ip address] ‐l msfadmin to SSH from the Kali Linux system to the Metasploitable system. If you connect and can log in, you’re ready to run exercises between the two systems!
Objectives Map for CompTIA Cybersecurity Analyst (CSA+) Exam CS0-001
The following objective map for the CompTIA Cybersecurity Analyst (CSA+) certification exam will enable you to find the chapter in this book, which covers each objective for the exam.
Objectives Map
Assessment Test
If you’re considering taking the Cybersecurity Analyst+ exam, you should have already taken and passed the CompTIA Security+ and Network+ exams and should have 3–4 years of experience in the field. You may also already hold other equivalent certifications. The following assessment test help to make sure that you have the knowledge that you should have before you tackle the Cybersecurity Analyst+ certification and will help you determine where you may want to spend the most time with this book.
1 After running an nmap scan of a system, you receive scan data that indicates the following three ports are open:
22/TCP
443/TCP
1521/TCP
What services commonly run on these ports?
A. SMTP, NetBIOS, MySQL
B. SSH, Microsoft DS, WINS
C. SSH, HTTPS, Oracle
D. FTP, HTTPS, MS-SQL
2 Which of the following tools is best suited to querying data provided by organizations like the American Registry for Internet Numbers (ARIN) as part of a footprinting or reconnaissance exercise?
A. nmap
B. traceroute
C. regmon
D. whois
3 What type of system allows attackers to believe they have succeeded with their attack, thus providing defenders with information about their attack methods and tools?
A. A honeypot
B. A sinkhole
C. A crackpot
D. A darknet
4 What cybersecurity objective could be achieved by running your organization’s web servers in redundant, geographically separate datacenters?
A. Confidentiality
B. Integrity
C. Immutability
D. Availability
5 Which of the following vulnerability scanning methods will provide the most accurate detail during a scan?
A. Black box
2
D. Regional Internet registries like ARIN are best queried either via their websites or using tools like Whois. Nmap is a useful port scanning utility, traceroute is used for testing the path packets take to a remote system, and regmon is an outdated Windows Registry tool that has been supplanted by Process Monitor.
3
A. Honeypots are systems that are designed to look like attractive targets. When they are attacked, they simulate a compromise, providing defenders with a chance to see how attackers operate and what tools they use. DNS sinkholes provide false information to malicious software, redirecting queries about command and control systems to allow remediation. Darknets are segments of unused network space that are monitored to detect traffic – since legitimate traffic should never be aimed at the darknet, this can be used to detect attacks and other unwanted traffic. Crackpots are eccentric people – not a system you’ll run into on a network.
4
D. Redundant systems, particularly when run in multiple locations and with other protections to ensure uptime, can help provide availability.
5
B. An authenticated, or credentialed, scan provides the most detailed view of the system. Black-box assessments presume no knowledge of a system and would not have credentials or an agent to work with on the system. Internal views typically provide more detail than external views, but neither provides the same level of detail that credentials can allow.