12.1.10 Security Concepts
Which of the following is an example of an internal threat? - A water pipe in the server room breaks. - A delivery man is able to walk into a controlled area and steal a laptop. - A user accidentally deletes the new product designs. - A server backdoor allows an attacker on the internet to gain access to the intranet site.
A user accidentally deletes the new product designs. Internal threats are intentional or accidental acts by employees, including: Malicious acts such as theft, fraud, or sabotage. Intentional or unintentional actions that destroy or alter data. Disclosing sensitive information through snooping or espionage. External threats are the events that originate outside of the organization and typically focus on compromising the organization's information assets. Examples are hackers, fraud perpetrators, and viruses. Natural events are events that may reasonably be expected to occur over time. Examples are a fire or a broken water pipe.
Which of the following BEST describes an inside attacker? - An unintentional threat actor (the most common threat). - A good individual who tries to help a company see their vulnerabilities. - An agent who uses their technical knowledge to bypass security. - An attacker with lots of resources and money at their disposal.
An unintentional threat actor (the most common threat). An insider could be a customer, a janitor, or even a security guard. But most of the time, it's an employee. Employees pose one of the biggest threats to any organization, as an unintentional threat actor is the most common insider threat. A hacker is any threat agent who uses their technical knowledge to bypass security, exploit a vulnerability, or gain access to protected information. An authorized hacker is a good individual who tries to help a company see the vulnerabilities that exist in their security infrastructure. Attacks from nation states are generally extremely well-supported and funded.
Which of the following intrusion detection and prevention systems uses fake resources to entice intruders by displaying a vulnerability, configuration flaw, or valuable data? - Zombie - Honeypot - Botnet - Trojan horse
Honeypot A honeypot is a device or virtual machine that entices intruders by displaying a vulnerability, displaying a configuration flaw, or appearing to contain valuable data. A Trojan horse is a malicious program that is disguised as legitimate or desirable software. A zombie is a computer that's infected with malware and that allows remote software updates and control by a command and control center (called a zombie master). A botnet refers to a group of zombie computers that are commanded from a central control infrastructure.
Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless antivirus software and the latest operating system patches have been installed. Which solution should you use? - VLAN - NAT - Screened subnet - NAC - NIDS
NAC Network Access Control (NAC) controls access to a network by not allowing computers to access network resources unless they meet certain predefined security requirements. Conditions that can be part of the connection requirements include requiring that computers have: Antivirus software with up-to-date definition files An active personal firewall Specific, critical operating system updates and patches A client that is determined by the NAC agent to be healthy is given access to the network. An unhealthy client who has not met all the checklist requirements is either denied access or can be given restricted access to a remediation network, where remediation servers can be contacted to help the client to become compliant. A screened subnet is a buffer network that sits between a private network and an untrusted network (such as the internet). A virtual LAN (VLAN) is a logical grouping of computers based on switch port. VLAN membership is configured by assigning a switch port to a VLAN. An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. A network-based IDS (NIDS) scans network traffic to look for intrusion attempts. Network Address Translation (NAT) modifies the IP addresses in packets as they travel from one network (such as a private network) to another (such as the internet). NAT allows you to connect a private network to the internet without obtaining registered addresses for every host. Hosts on the private network share the registered IP addresses.
Telnet is inherently unsecure because its communication is in plaintext and is easily intercepted. Which of the following is an acceptable alternative to Telnet? - PPP - SSH - SLIP - Remote Desktop
SSH SSH (Secure Shell) is a secure and acceptable alternative to Telnet. SSH allows secure interactive control of remote systems. SSH uses RSA public key cryptography for both connection and authentication. SSH also uses the IDEA algorithm for encryption by default but is able to use Blowfish and DES as well. Remote Desktop, while a remote control mechanism, is limited to a few versions of Windows and is not very secure. Point-to-Point Protocol (PPP) and Serial Line Interface Protocol (SLIP) are not remote access authentication protocols. They are used to establish a connection, not provide authentication.
Which of the following protocols can you use to securely manage a network device from a remote connection? - Telnet - SFTP - SSH - TLS
SSH SSH allows secure interactive control of remote systems. It is a secure and acceptable alternative to Telnet. SFTP (Secure File Transfer Protocol) uses Secure Shell (SSH) to secure data transfers. TLS (Transport Layer Security) ensures that messages being transmitted on the internet are private and tamper-proof. TLS is often used to add security to other protocols.
Which protocol does HTTPS use to offer greater security for web transactions? - CHAP - PAP - IPsec - SSL
SSL HTTPS (HyperText Transfer Protocol Secure) uses Secure Sockets Layer (SSL) to offer greater security for web transactions. IPsec uses HMAC (Hash-Based Message Authentication Code) to provide message integrity checks. Password Authentication Protocol (PAP) transmits login credentials in cleartext. Challenge Handshake Authentication Protocol (CHAP) protects login credentials using a hash and allows periodic re-authentication.
You want to allow traveling users to connect to your private network through the internet. Users will connect from various locations, including airports, hotels, and public access points (like coffee shops and libraries). As such, you won't be able to configure the firewalls that might be controlling access to the internet in these locations. Which of the following protocols is MOST likely to be allowed through the widest number of firewalls? - SSL - IPsec - PPTP - L2TP
SSL Ports must be open on firewalls to allow VPN protocols. For this reason, using SSL (Secure Sockets Layer) for a VPN often works through firewalls when other solutions do not because SSL uses port 443, which is a port that's often already open to allow HTTPS traffic. In addition, some NAT (Network Address Translation) solutions do not work well with VPN connections. PPTP (Point-to-Point Tunneling Protocol) uses port 1723. L2TP (Layer 2 Tunneling Protocol) uses ports 1701 and 500. IPsec uses UDP port 500 for IKE (Internet Key Exchange).
Which of the following protocols are often added to other protocols to provide secure data transmission? (Select two.) - SNMP - TLS - SMTP - HTTPS - SSL
TLS SSL Both Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are protocols that are used with other protocols to add security. In addition, you can use Secure Shell (SSH) to add security when using unsecure protocols. HTTPS (HyperText Transfer Protocol Secure) is the secure form of HTTP that uses SSL. SMTP (Simple Mail Transfer Protocol) is used for sending email. SNMP (Simple Network Management Protocol) is for network management tasks.
Creating fake resources such as honeypots, honeynets, and tarpits fulfills which of the following main intrusion detection and prevention goals? (Select two.) - Offers attackers a target that occupies their time and attention while distracting them from valid resources. - Detects attacks that are unique to the services on valid system resources and monitors application activity. - Reveals information about an attacker's methods and gathers evidence for identification or prosecution purposes. - Lures attackers into a non-critical network segment where their actions are passively monitored and logged, after which their connection is simply dropped. - Entices attackers to reveal their IDS signatures, which can then be matched to known attack patterns. - Detects anomalous behavior that varies from standard activity patterns, also referred to as heuristic recognition.
Offers attackers a target that occupies their time and attention while distracting them from valid resources. Reveals information about an attacker's methods and gathers evidence for identification or prosecution purposes. By using honeypots, honeynets, and tarpits, you can fulfill the following intrusion detection and protection goals: Attackers are offered targets that will occupy their time and attention, distracting them from valid resources. You can observe attackers and gather information about their attack methods or gather evidence for identification or prosecution purposes.
