CENT 275 Practice Exam
16. Describe the usage and vulnerabilities between WEP, WPA, and WPA2.
*** need to elaborate on this WEP - wireless equivalent privacy - cryptographic vulnerabilities WEP used static keys. easier to crack. should not be used. WPA - WPA2 Wi-Pi Protected Access - TKIP provides the keys and WPA is built on TKIP. every packet gets a unique encryption key. WPA2 - introduced AES algorithm, CCMP
38. What is patch hotfix, and a service pack?
- patch- a temporary fix - hotfix- a single vulnerability issue and does not require a computer reboot. - service pack- a collection of tested fixes and enhancements to an OS.
18. Describe the functionality of EAP, PEAP, EAP-TLS
-EAP- Extensible Authentication Protocol - provides 2 systems to create secure encryption key EAP - an authentication framework. -PEAP- Protected EAP- Encapsulates and encrypts EAP - in TLS tunnel - requires one certificate on the server -EAP-TLS- most secure EAP standard. Requires certificates on 802.1x server and on each wireless network. Mutual Authentication/Server & Client certificates.
41. What is PaaS, SaaS, IaaS?
-PaaS-an internet service which provides end user access to OS. -SaaS-an internet service which provides end user access to network of devices. -IaaS- an internet service which provides end user access to applications.
92. Describe methods for securing your information from environmental monitoring.
-Shielding - prevents EMI and RFI cable protection - run through troughs -faraday cage - a room that prevents signals from leaving/entering.
90. Name 5 components of a DR plan
-activate plan -implement contingencies -recover critical system -test recovered systems -document and review
3. Describe a deployment of HTTPS.
-client requests a HTTPS session to server -server responds to client with its certificate that includes public key -client creates symmetric key and encrypts it with the servers public key -client sends encrypted symmetric key to server -server receives encrypted symmetric key and decrypts with private key -all session data is encrypted/decrypted with symmetric key using symmetric encryption.
91. Describe 3 concerns of implementing environmental controls
-temperature and humidity controls operating correctly -proper procedures used when running cables -fire suppression systems in place
31. Describe three things you would perform in hardening a system.
1- Change default system configuration settings 2- Make passwords complex 3- Disable unnecessary or unused settings.
74. Name any three security incidents.
1- Data Breach 2- Fire 3 - Physical Breach 4-Misconfiguration fault or can be an actual incident. such as - Sony PlayStation Network breach, Target breach, Home Depot breach
84. Describe 5 solutions for redundancy
1- Disk Redundancy - RAID 2- Alternate power - UPS 3- site redundancy - cold, warm, hot sites 4- server redundancy - failover clusters 5-Backups
36. Describe 3 benefits of virtualization.
1- Less physical footprint 2- Saves electrical cost 3- Easy to backup and transport VMs to another system.
37. What are three concerns of virtualization.
1- VMs that aren't patched and maintained 2- Managing Oversight and Responsibility 3- Stolen VM files.
86. Describe 3 backup best practices
1- separate data partitions from system/programs partitions 2 - test backups regularly 3 - have an offsite copy
73. Name and describe any 6 data security policies.
1-Information classification- shows value importance of data. 2-Data Labeling- used to label sensitive data 3-Storage & Retention- Identify where data is stored and for how long. 4-Personal Identifiable Information -PII- Identifies personnel. 5-Data Wiping and Disposing- Clearing sensitive info from devices before disposing. 6-Privacy Policy- Identifies how a website collects uses and discloses information
72. Describe 4 interoperability agreements.
1-Interconnection Security Agreement - technical and security requirements for planning, establishing, maintaining secure connections between two or more entities. 2-Service level agreement - agreement between company and vendor, like minimum uptime and maximum downtime, includes monetary penalty if vendor is unable to meet expectations. 3-Memorandum of understanding - exp 4- Business Partners agreement -
82. Name any 4 sources of digital evidence.
1-Social Media 2 - browsing history 3 - surveillance camera 4 - texting/chat logs
68. Define an acceptable use policy.
A policy which describes the acceptable usage of a computer system and network. How users can access the, and the responsibilities of users when accessing the system.
34. What is an image and what is the benefit of an image.
An image is a copy of an OS. A benefit is you can quickly recover using the image
9. Describe the components of an 802.1x network.
Authentication, Authorization, and Accounting. 802.1x is layer 2 port authentication. PNAC - Port based Network Access Control need to authenticated before allowed access
67. What is another word for Portable Device Policy?
BYOD
22. Define bluesnarfing and bluejacking.
Bluesnarfing is the process of hacking into a Bluetooth session to view information. Bluejacking is the process of sending illegitimate text messages through a bluetooth session.
28. Define RAS authentication protocols such as CHAP, PAP, MSCHAP v2
CHAP is a challenge handshake RAS authentication protocol. RAP is a RAS authentication protocol which sends the username and password in clear text.
7. Describe the purpose and ports for the following DNS, Kerberos, SNMP, Netbios, LDAP
DNS - port 53 - resolves FQDNS Kerberos is used for Active Directory authentication (port 88) SNMP - ports 161, 162 monitors and manages network devices NetBIOS - 137, 138, UDP and TCP 139 name resolution service for names on internal networks. LDAP-provides single location for object management. (port 389 or 636-secure)
57. What is the best way to protect against social engineering ?
Education Awareness training
42. Describe 4 best best practices in securing your mobile devices.
Encryption Storage Segmentation Disable unused features Screen Lock
83. Define Business Continuity
Ensuring an organization's critical business functions will continue to operate regardless of what happens.
5. What ports does FTP, SFTP, and FTPS run over?
FTP- TCP 20-data, 21 - control signals FTPS-TCP - 989, 990 SFTP- TCP 22
87. Describe a full-differential and full-Incremental backup plan
Full differential - A full backup plus all changes since full backup. Full Incremental - A full backup plus backup of changes that occur with a day.
12. Describe the advantages between a HIDS and a NIDS
HIDS - host based IDS - provides protection to host and can detect potential attacks. NIDS - Network Based IDS - Monitors traffic in plaintext. Can't detect anomalies and unable to decrypt traffic.
43. What are the concerns with BYOB
Hard to manage patches and update on all devices Hard to support all devices Legal issues - since items is a personal item to user and not company - hard to implement rules
15. Define honeypot and zero day attack.
Honeypot - a fake server used to attract attackers. A zero day attack is a vulnerability with no known patches. - it isn't known by vendor, it is un-patched.
89. Describe the differences between a hot, warm, and cold site
Hot site- fully operational and ready to go - mirror site - expensive. Warm site- has some services ready to go, but will take a little work to get them up and running. Cold site- contains just a facility power and connectivity. Need to bring most resources. Least cost.
23. Define IPSEc, PPTP, L2TP & SSTP
IPSEC- Internet protocol security. Used to encrypt data in transit and can operate in both Tunnel mode and Transit mode. PPTP- Point-to-Point Tunneling Protocol is a protocol used with VPNs. L2TP- Layer 2 Tunneling Protocol. Commonly used with IPSEC. SSTP- Secure socket Tunneling Protocol. A tunneling protocol that encrypts VPN traffic using SSL.
24. Which ports does each use - IPSEC L2TP; PPTP; SSTP
IPSEC-500 L2TP- 1701(UDP) PPTP-1723 SSTP-443(TCP)
78. Before analyzing information in RAM or on a hard disk what should be captured?
Image should be captured
35. How does virtualization help with imaging?
Improves disaster recovery Safer patch management.
53. A ____________ can help detect changes to key system files.
Integrity Checker
75. Four Basic Steps of IR
Isolate - Contain/Prevent further damage Examine - Examine Incident Recover - Return system to operational point Review - Lessons learned
39. What is the best method to deploy patches?
Make a snapshot/image of the system before applying the patch Test the patch on a mirrored system or VM
10. Describe the difference between PAT and NAT
NAT (Network Address Translation) uses one set of IP address for internal traffic and 2nd set for external traffic. PAT(Port Address Translation) - same IP address, different ports ---uses the outside interface IP address for all outside correspondence and distinguishes traffic by assigning different TCP source port numbers.
70. What does separation of duties protect against?
One person performing the entire process. Protects against fraud.
14. What is the difference between active and passive?
Passive tests system in no-intrusive manner, little possibility of compromising system Active uses intrusive and invasive methods and can affect operations of systems.
66. Describe a change management policy
Planning for change, including the implementin design, scheduling, communication plan, testing plan, and roll-back plan.
27. What is meant by full tunnel VPN
Private virtual network allow users to access internet through virtual network that ensures security - uses IPSec Protocol - Remote Access VPN
88. What is the difference between RTO and RPT?
RTO (Recovery Time Objective) -refers to the amount of time the systems data is unavailable - amount of down time. RPO -(Recovery Point Objective)-amount of data a company is willing to lose between backups and disasters.
4. Describe the usage of SSL and TLS.
SSL-encrpyts traffic -HTTP & HTTPS using TCP port 443 TLS designed replacement for SSL
76. Who is part of an IR team?
Senior management Network Admin/ Engineer Security Expert Communications Expert
13. What are the two IDS detection methods?
Signature Based - Specific packet that uses database or predefined traffic patterns. Anomaly Based - compares/measures to a baseline.
55. Describe two methods anti-virus software uses to detect malicious behavior.
Signature-based - looks for specific packets or series of packets. Heuristic-based looks for anomalies.
45. Name two symptoms that malware has been installed on your computer.
Sluggish performance Unintended changes to system settings
6. Describe TFTP and the port it uses.
TFTP transfers smaller amounts of data such as upload configurations into network devices and uses UDP port 69.
40. Define TPM and HSM
TPM- a hardware chip on a motherboard which encrypts all information on a disk. - Bit Locker HSM- hardware which can be added to a system to provide security.
59. Define tailgating, dumpster diving and shoulder surfing
Tailgating- the process of waiting to follow someone into a building or classified area. Dumpster diving- the process of harvesting information from someones trash. Shoulder surfing- the process of obtaining information by looking over someone's shoulder
2. What are the differences between telnet and SSH(ports)
Telnet is not secured, data sent in clear text. uses port 23. SSH encrypts traffic, runs over port 22.
77. Define the order of volatility
The order in which you should collect evidence starting with the most volatile.
56. Define Social engineering
The practice of using social tactics to gain personal information.
29. Describe the purpose of RADIUS and TACACS
They can be used to centralize RAS authentication for multiple network device.
44. What are the three states information needs to be secured in?
Transport Usage Storage
25. What are the two modes of IPSEC?
Transport and Mainmode/Key Exchange + Transport
1. What is the biggest difference between UDP and TCP?
UDP connectionless, unreliable, no acknowledgments that datagram was received. TCP connection oriented more reliable. ensures datagram is sent.
81. What is record time offset ?
When capturing files and data during an investigation the time on local system should be matched against known time standard.
79. What is a write-blocker?
a device that allows read-only access to a drive without the risk of damaging the contents.
60. Define a security policy
a high level statement which identifies a company's security goals.
47. Define a worm
a malware which is self-replicable - to spread to other computers throughout the network.
32. Define a baseline.
a measurement of system resources at a standard or predefined time and provides a references for later system analysis.
61. What is a Security Procedure?
a procedure employed for the purpose of verifying a person.
80. What does chain of custody define?
a process that provides assurance that data has been properly handled after collection.
11. What is a proxy server used for ?
acts on behalf of the client and forward request from client. Can improve performance by caching content.
52. What does a root kit do?
alters system files using system-level or kernel-level access
21. Define evil twin
an attack where a rogue access point spoofs a legitimate AP.
85. Describe the importance of backup from a security point of view
backups provide a way to recover data from physical threats and malicious attacks like Crypto-locker.
65. What is the purpose of an Account Disablement Policy?
can help against ex-employees accessing company resources.
19. Describe other security practices such as MAC filtering and SSID non broadcasting.
change default admin password enable mac filtering - disable SSID broadcasting
33. What is a security template and what does it contain ?
defines basic security settings and is normally determined by upper level management working with your CIO.
17. What is wireless enterprise mode.
forces users to authenticate with credentials before granting access to wireless network
71. What does job rotation help with?
learning different process and procedures for a job.
69. What does mandatory vacations protect against?
malicious activity, such as fraud or embezzlement
51. What is a logic bomb?
malware triggered by an event
50. What is a Trojan?
malware which disguises itself as a legitimate program.
62. Define a clean desk policy
prevents accidental data theft or inadvertent disclosure of information from a person's surroundings.
63. Describe a account management policy
provides direction for administrators to manage user account creations, deletions and usage.
48. Define ransomware
restricts access to the computer unless the user pays the ransom.
46. Define a virus
set of malicious code that attaches itself to a host application
58. Define spear phishing, whaling
spear phishing- an e-mail spoofing fraud attempt that targets a groups/organizations. whaling- a targeted phishing attack at high ranking officials/officers in company.
54. Define spyware, adware, and backdoor
spyware-malware which monitors user behavior. adware- advertising support software. Advertisements are generate to make revenue for its author. backdoor- can be created by malware. Allows continued access to a compromised victim- by having an open access to system.
20. Define wardrive
the process of driving around looking for un-secure access points. used as a wireless audit
49. How is malware most commonly delivered?
through email visiting malicious websites that seem legitimate then downloading untrusted software
64. Why is it important to have two accounts ?
to prevent an attacker from gaining escalated privilege of the admin if the account has been compromised. SHOULD HAVE- 1- normal users and 1 administrator account.
30. Describe the purpose of NAC
to provide continuous security monitoring by inspecting computers and preventing them from accessing the network if they don't pass the inspection.