All notes and questions from class
*POP3 (Post Office Protocol)
110 handles incoming mail
Remote Access VPN
A user-to-LAN virtual private network connection used by remote users.
ACE
Access control entry (entry into an ACL (access control list))
State-sponsored attacker
Attacker commissioned by governments to attack enemies' information systems. Example: Stuxnet worm attacked Iran's nuclear enrichment facility in 2010
Network Attacks
Attacker targets a network or a process that relies on a network May expose a single device or thousands Types of Network attacks Denial of service Interception Poisoning Access rights
*Detects abnormal actions by processes or programs and Alerts user who decides whether to allow or block activity; more reactive, no signature file needed
Behavior-based monitoring
*What ensures that only authorized parties CAN VIEW the information?
Confidentiality
Cloud Platform as a Service (PaaS)
Deploy customer-created applications to a cloud
*Client-side attacks: Cookie Types (FP, TP, S, P, S, F)
First-party cookie Cookie created by Web site user is currently visiting Third-party cookie Site advertisers place a cookie to record user preferences Session cookie Stored in RAM and expires when browser is closed Persistent cookie Recorded on computer's hard drive Does not expire when browser closes Secure cookie Used only when browser visits server over secure connection Always encrypted Flash cookie Uses more memory than traditional cookie Cannot be deleted through browser configuration settings
Proprietary information
Information a company wishes to keep confidential. Also called a trade secret.
*Integrity
Information is correct and UNALTERED
Risk Control Types
Management, Operational (physical deterrents) & Technical (antivirus, firewalls, encryption).
DNS (Domain Name System)
The Internet's system for converting alphabetic names into numeric IP addresses. Port 53
*Zombie
a program that secretly takes over another computer for the purpose of launching attacks on other computers. Can occur during off hours.
Which of these is considered the weakest cryptographic transport protocol? a. SSL v2.0 b. TLS v1.0 c. TLS v1.1 d. TLS v1.3
a. SSL v2.0
Which device is easiest for an attacker to take advantage of in order to capture and analyze packets? a. hub b. switch c. router d. load balancer
a. hub
Mobile devices using _____ are at increased risk of targeted physical attacks. a. GPS b. captive portals c. location services d. Internet filters
c. location services
What type of attack intercepts legitimate communication and forges a fictitious response to the sender? a. SIDS b. interceptor c. man-in-the-middle d. SQL intrusion
c. man-in-the-middle
What should you do to completely remove a rootkit from a computer? a. Flash the ROM BIOS b. Erase and reinstall all files in the WINDOWS folder c. Expand the Master Boot Record d. Reformat the hard drive and reinstall the operating system
d. Reformat the hard drive and reinstall the operating system
Which of these would NOT be a valid Internet Control Message Protocol (ICMP) error message? a. Host Unreachable b. Network Unreachable c. Destination Network Unknown d. Router Delay
d. Router Delay
A multipurpose security device is known as . a. Cohesive Attack Management System (Co-AMS) b. Proxy Security System (PSS) c. Intrusion Detection/Prevention (ID/P) d. Unified Threat Management (UTM)
d. Unified Threat Management (UTM)
Which markup language is designed to carry data? a. ICMP b. HTTP c. HTML d. XML
d. XML
A security analyst has detected malware on a client workstation. The malware appears to be launching web browser processes, visiting news websites, and regularly refreshing the content. In which of the following categories does this piece of malware likely belong? a. ransomware b. rootkit c. backdoor d. adware
d. adware
Which of these items retrieved through dumpster diving would not provide useful information. a. calendars b. memos c. organizational charts d. books
d. books
The ______ is primarily responsible for assessing managing and implementing security. a. security admin b. security manager c. security tech d. chief information security officer (CISO)
d. chief information security officer
Which of these is not an HTTP header attack? a. accept-language b. referer c. response splitting d. content-length
d. content-length part of the header not an attack
A lock that extends a solid metal bar into the door frame for extra security is the . a. triple bar lock b. deadman's lock c. full bar lock d. deadbolt lock
d. deadbolt lock
What type of attack involves an attacker accessing files in directories other than the root directory? a. SQL injection b. command injection c. XML injection d. directory traversal
d. directory traversal
A _______ addresses a specific customer situation and often may not be distributed outside that customer's organization. a. rollup b. service pack c. patch d. hotfix
d. hotfix
An attacker who manipulates the maximum size of an integer type would be performing what kind of attack? a. buffer overflow b. real number c. heap size d. integer overflow
d. integer overflow
Each of the following is a goal of information security except: a. avoid legal consequences b. foil cyberterrorism c. prevent data theft d. limit access control
d. limit access control limiting access control is a tool used to accomplish the goals of information security but it is not a goal of information security itself
What prevents a mobile device from being used until the user enters the correct passcode? a. swipe identifier (SW-ID) b. keyboard c. touch pad d. lock screen
d. lock screen
A __________ watches for attacks and sounds an alert only when one occurs. a. firewall b. network intrusion prevention system (NIPS) c. proxy intrusion device d. network intrusion detection system (NIDS)
d. network intrusion detection system (NIDS)
TACACS+ communication is _____.
encrypted
Quantitative Risk Assessment
hard numbers associated with the risk based on historical data
How to reduce single point of failure
implement redundancy and fault tolerance
The areas of a file in which steganography can hide data include all of the following except
in the directory structure of the file system
*Dormant
inactive; in a state of suspension; sleeping; CONCEALED; payload not yet activated
Plaintext
normal text that has not been encrypted that is to be encrypted by inputting it into a cryptographic algorithm
Reverse Proxy Server
placed in front of web servers, reverse proxy servers protect, hide, offload, and distribute access to web servers Internal server's IP address is hidden
Cloud Infrastructure as a Service (IaaS)
rent processing, storage, network capacity, and other fundamental computing resources
a type of ad hoc computer network consisting of two or more piconets. The terms 'scatternet' and 'piconet' are typically applied to Bluetooth wireless technology.
scatternet
Cryptography
the art of protecting information by transforming it into an unreadable format, called cipher text provides 5 basic information protections: 1. Confidentiality 2. Integrity 3. Availability 4. Authenticity of sender 5. Nonrepudiation
The two elements of Mandatory Access Control (MAC)
● Labels. In a system using MAC, every entity is an object (laptops, files, projects, and so on) and is assigned a classification label. These labels represent the relative importance of the object, such as confidential, secret, and top secret. Subjects (users, processes, and so on) are assigned a privilege label (sometimes called a clearance). ● Levels. A hierarchy based on the labels is also used, both for objects and subjects. Top secret has a higher level than secret, which has a higher level than confidential.
*Sub-types of technical and administrative controls (DPDC)
*DETERRENT- discourage security violations before they occur PREVENTATIVE - prevent threat from coming into contact with vulnerability DETECTIVE - identify threats that have reached the system COMPENSATING - provide alternative to normal controls *CORRECTIVE - mitigate the damage caused by an incident
*Laws protecting electronic data privacy (HIPAA)
*The HEALTH INSURANCE PORTABILITY and ACCOUNTABILITY Act of 1996 (HIPAA)* The Sarbanes-Oxley Act of 2002 (Sarbox) The Gramm-Leach-Bliley Act (GLBA) California's Database Security Breach Notification Act (2003) Payment Card Industry Data Security Standard (PCI DSS)
What are the two types of security controls?
1. Administrative Processes for developing and ensuring that polices and procedures are carried out (may do, must do, cannot do) 2. Technical Those that are carried out or managed by devices
*Five step process for protecting the operating system. (DPCDI)
1. Develop the security policy (SOP) 2. Perform host software baselining (standard used for comparisons) 3. Configure operating system security and settings 4. Deploy the settings 5. Implement patch management
*Three categories of cryptographic algorithms
1. Hash (basic, provides INTEGRITY, ATM card access) 2. Symmetric (uses *SAME PRIVATE KEY to encrypt and decrypt, provides CONFIDENTIALITY, INTEGRITY, AND AVAILABILITY) 3. Asymmetric (uses PUBLIC KEY and PRIVATE KEY, provides CONFIDENTIALITY, INTEGRITY, AVAILABILITY, AUTHENTICITY, AND NONREPUDIATION)
FTP ports
20, 21 Fun to party at 20 but you have more control at 21
*SMTP (Simple Mail Transfer Protocol)
25 handles outgoing mail
*What's the difference between AES and 3DES?
3DES encrypts a message three times. AES breaks up a message into three pieces and encrypts each piece separately.
Role-Based Access Control (RBAC)
A "real-world" access control model in which access is based on a user's job function within the organization.
IEEE 802.11a
A 1999 standard with a maximum rated speed of 54 Mbps using the 5-Ghz spectrum.
Diffie-Hellman Ephemeral (DHE)
A Diffie-Hellman key exchange that uses different keys.
Elliptic Curve Diffie-Hellman (ECDH)
A Diffie-Hellman key exchange that uses elliptic curve cryptography instead of prime numbers in its computation.
*Secure Shell (SSH)
A Linux/UNIX-based command interface and protocol for securely accessing a remote computer.
*Secure Sockets Layer (SSL)
A Protocol developed by Netscape for securely transmitting documents over the Internet that uses a private key to encrypt data.
Trusted Platform Module (TPM)
A chip on the motherboard of the computer that provides cryptographic services.
TPM (Trusted Platform Module)
A chip on the motherboard used with software applications for security. It can be used with Windows BitLocker Drive Encryption to provide full-disk encryption and to monitor for system tampering.
ICMP (Internet Control Message Protocol)
A core protocol in the TCP/IP suite that notifies the sender that something has gone wrong in the transmission process and that packets were not delivered. message fields: type, code, and checksum
*Grey hat hackers
A cross between black and white—they will often illegally break into systems merely to flaunt their expertise to the administrator of the system they penetrated or to attempt to sell their services in repairing security breaches.
*Service pack
A cumulative package of all security updates plus additional features.
disaster recovery plan (DRP)
A detailed process for recovering information or an IT system in the event of a catastrophic disaster such as a fire or flood KNOW FIVE FEATURES OF MOST DRPs 1. purpose and scope 2. recovery team and their responsibilities 3. procedures and safeguards that reduce risk 4. emergency procedures 5. restoration procedures
wireless probe
A device that can monitor the airwaves for traffic.
Uninterrupted Power Supply (UPS)
A device that provides battery backup when the electrical power fails or drops to an unacceptable voltage level. REPEATEDLY GOES OFF IN SGT FIELD'S CLASS
WPS (Wi-Fi Protected Setup)
A feature with many wireless devices that allows users to configure wireless security with a push button or a PIN. When enabled, it is vulnerable to attacks using free open source software.
host-based firewall
A firewall that only protects the computer on which it's installed.
*Man-in-the-middle attack
A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently. Passive or active
*Public Key Infrastructure (PKI)
A framework for managing all of the entities involved in creating, storing, distributing, and revoking digital certificates.
Extensible Authentication Protocol (EAP)
A framework for transporting authentication protocols that defines the format of the messages.
*Brokers
A hacker may be PAID TO UNCOVER VULNERABILITIES in vendor software and then privately report it back to the vendors so that the weaknesses can be addressed A BROKER WILL INSTEAD SELL INFORMATION ON THE VULNERABILITY to other attackers, governments, or the highest bidder
Diffie-Hellman (DH)
A key exchange that requires all parties to agree upon a large prime number and related integer so that the same key can be separately created.
Watering Hole Attack
A malicious attack that is directed toward a small group of specific individuals who visit the same website.
*cipher suite
A named combination of the encryption, authentication, and message authentication code (MAC) algorithms that are used with SSL and TLS.
Virtual Private Network (VPN)
A private data network that creates secure connections, or "tunnels," over regular Internet lines
*Cyber Kill Chain
A process through which an attacker attempts to target and break into a web server or computer network Based upon the military term (Kill Chain) to describe the systematic process to target and engage an enemy
*Lightweight EAP (LEAP)
A proprietary EAP method developed by Cisco Systems requiring mutual authentication used for WLAN encryption using Cisco client software.
EAP (Extensible Authentication Protocol)
A protocol that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication.
Online Certificate Status Protocol (OCSP)
A protocol that performs a real-time lookup of a certificate's status.
SCP (Secure Copy Protocol)
A protocol that uses SSH to securely copy files between a local and a remote host, or between two remote hosts. TCP 22
*What's the difference between a revoked certificate and an expired certificate?
A revoked certificate is no longer valid and an expired certificate can no longer be used.
Hardware Security Module (HSM)
A secure cryptographic processor.
proxy server
A server that acts as an intermediary between a user and the Internet. Hides IP address Uses cache for frequently visited sites
Near Field Communication (NFC)
A set of standards primarily for smartphones and smart cards that can be used to establish communication between devices in close proximity.
fuzz testing (fuzzing)
A software testing technique that deliberately provides invalid, unexpected, or random data as inputs to a computer program.
*Host Intrusion Detection System (HIDS)
A software-based application that runs on a local host computer that can DETECT an attack as it occurs.
Web Application Firewall
A special type of firewall that looks more deeply into packets that carry HTTP traffic. Can block specific sites or specific known attacks Can block XSS and SQL injection attacks
*Application aware IDS
A specialized intrusion detection system (IDS) that is capable of using "contextual knowledge" in real time.
Certificate Signing Request (CSR)
A specially formatted encrypted message that validates the information the CA requires to issue a digital certificate.
Mean Time Between Failures (MTBF)
A statistical value that is the average time until a component fails, cannot be repaired, and must be replaced.
Ciphertext
A string of text that has been converted to a secure form using encryption.
RAID 0 (striping)
A stripe set breaks data into units and stores the units across a series of disks by reading and writing to all disks simultaneously. NO FAULT TOLERANCE
*Registration Authority (RA)
A subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users. Verifies identity of an individual.
protected distribution system (PDS)
A system of cable conduits that is used to protect classified information being transmitted between two secure areas. Two types: hardened carrier PDS and alarmed carrier PDS
*Data Loss Prevention (DLP)
A system that can identify critical data, monitor how it is being accessed, and protect it from unauthorized users. *Typically examines: Data in use Data in transit Data at rest
asymmetric server cluster
A technology in which a standby server exists only to take over for another server in the event of its failure. ONE SERVER WORKING, OTHER SERVERS ON STANDBY JUST IN CASE THE FIRST SERVER STOPS WORKING
symmetric server cluster
A technology in which every server in the cluster performs useful work and if one server fails, the remaining servers continue to perform their normal work as well as that of the failed server. MULTIPLE SERVERS WORKING, IF ONE SERVER FAILS, REMAINING SERVERS TAKE ON ITS WORK
*Network intrusion prevention system (NIPS)
A technology that monitors network traffic to immediately REACT to block a malicious attack. NIPS sensors located in line on firewall itself
hierarchical trust model
A trust model that has a single hierarchy with one master CA.
distributed trust model
A trust model that has multiple CAs that sign digital certificates.
bridge trust model
A trust model with one CA that acts as a facilitator to interconnect all other CAs. facilitator CA does not issue digital certificates
*Certificate Authority (CA)
A trusted third-party agency that is responsible for issuing, distributing, revoking, and maintaining digital certificates.
*Replay Attack
A type of network attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network.
*Port Address Translation (PAT)
A variation of network address translation (NAT) that assigns a different TCP port number to each packet.
*An organization relies heavily on an application that has a high frequency of security updates. At present, the security team only updates the application on the first Monday of each month, even though the security updates are released as often as twice a week. Which of the following would be the BEST method of updating this application? A. Configure testing and AUTOMATE patch management for the application. B. Configure security control testing for the application. C. Manually apply updates for the application when they are released. D. Configure a sandbox for testing patches before the scheduled monthly update.
A. Configure testing and AUTOMATE PATCH MANAGEMENT for the application.
If ______ and ______ match, then wireless device is authenticated
AP SSID, actual SSID of network
ARP Poisoning Attack
ARP poisoning attack, some Ethernet switches flood the directed traffic to all ports of the switch, which could allow an attacker to monitor traffic not normally visible to the port where the attacker was connected, and thereby eavesdrop on VOIP traffic. An attack that corrupts the ARP cache. Information goes to both user and attacker because a spoofed mac address was added to the ARP table
ACL
Access Control List
What are privileges that are granted to users to access hardware and software resources?
Access Rights
Threat
Actions or events that have potential to cause harm Example: Someone could steal your wallet
APT
Advanced Persistent Threat Well-resourced and trained cybercriminals that launch multiyear intrusion campaigns targeting highly sensitive economic, proprietary, or national security information Use advanced tools and techniques that defeat many conventional computer defenses Organized gangs of young attackers Eastern European, Asian, and third-world regions
*VLANs
Allow scattered users to be logically grouped together even if attached to different switches Can isolate sensitive data to VLAN members If connected to same switch, switch handles packet transfer Special "tagging" protocol used for communicating between switches
SNMP (Simple Network Management Protocol)
An Application-layer protocol used to exchange information between network devices. UDP 161
*Protected EAP (PEAP)
An EAP method designed to simplify the deployment of 802.1x by using Microsoft Windows logins and passwords. *PEAP is more flexible/better than LEAP
Rule Based Access Control (RBAC)
An access control model that can dynamically assign roles to subjects based on a set of rules defined by a custodian.
*SHTTP (Secure Hypertext Transfer Protocol)
An alternative to HTTPS. Infrequently used. Supports encryption.
*Session Hijacking
An attack in which an attacker attempts to impersonate the user by using his session token. Session tokens are random strings assigned to sessions verifying the identity of the user until logged out.
*Smurf Attack
An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim. Appears as if target computer is asking for response from all computers on the network (spoofing)
Server-side web application attack: XML injection
An attack that injects XML tags and data into a database.
Integer overflow attack
An attack that is the result of an attacker changing the value of a variable (a number) to something outside the range that the programmer had intended.
*Server-side web application attack: Directory Traversal
An attack that takes advantage of a vulnerability so that a user can MOVE FROM the ROOT DIRECTORY TO RESTRICTED DIRECTORIES. Users may be able to access sub-directories but not parallel or high level directories.
*SYN flood attack
An attack that takes advantage of the procedures for initiating a TCP/IP session. A Denial of Service attack that floods the target system with connection requests that are not finalized. uses an invalid return address so the synchronization feature of TCP cannot be completed, thereby disabling the system. form of denial of service attack in which synchronization packets are repeatedly sent to every port on the server
Server-side web application attack: SQL Injection
An attack that targets SQL servers by injecting commands to be manipulated by the database.
*HTTPS (Hypertext Transfer Protocol Secure)
An encrypted version of HTTP. It uses port 443. Uses SSL.
*Application aware IPS
An intrusion prevention system (IPS) that knows information such as the applications that are running as well as the underlying operating systems.
*rogue access point (rogue AP)
An unauthorized wireless access point (WAP) installed in a computer network.
Business Impact Analysis (BIA)
Analyzes most important business functions and quantifies impact of their loss Identifies threats through risk assessment Determines impact if threats are realized
*Compares current detected behavior with baseline
Anomaly-based monitoring
*Monitoring methodologies
Anomaly-based monitoring (needs to know what is normal, alerts if there is an anomaly) Signature-based monitoring (matches signatures) Behavior-based monitoring (alerts user if abnormal behavior occurs) Heuristic monitoring (attempts to ask the question will this do something harmful? Best option) P286-287
*Asymmetric encryption with and without data signature
Asymmetric encryption: sender uses receiver's public key and receiver uses receiver's private key to unlock. Asymmetric encryption with digital signature: sender uses sender's private key (because digital signature is included which is private) and receiver uses public key to unlock. It's as if they flipped the key order because they realized they can add additional security if they start with a private key.
*Zero-day attack
Attack between the time a software vulnerability is discovered and a patch to fix the problem is released. ATTACK PREVIOUSLY UNKNOWN OR NEW VULNERABILITY VICTIMS HAVE NO TIME TO DEFEND
Distributed attacks
Attackers use thousands of computers in an attack against a single computer or network
Impartial Overflow Attacks
Attacks designed to "overflow" areas of memory with instructions from the attacker
*What ensures that data is ACCESSIBLE to authorized users?
Availability
Mean Time To Recovery (MTTR)
Average amount of time a device will take to recover after a non terminal failure
*Options to deal with risk (AAMDT)
Avoidance (do not engage), acceptance (of potential loss), mitigation (take precautions), deterrence (warn attacker), transference (insurance).
What's the difference between bluejacking and bluesnarfing?
Bluejacking is an annoyance because it usually involves sending text messages, sounds, or images. Bluesnarfing involves an attacker accessing unauthorized information.
*BYOD
Bring Your Own Device Common with startup companies to avoid high costs of purchasing devices for employees Makes company's network vulnerable
*Who will SELL corporate network vulnerabilities to other attackers, governments, or the highest bidder for profit?
Brokers
A ____ occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.
Buffer overflow
*Disadvantages of HIDS
Cannot monitor network traffic that does not reach local system All log data is stored locally Resource-intensive and can slow system
Primary traits of malware
Circulation (spreads rapidly to impact a large number of users) Infection (Ends circulation phase by infecting the system it has attached itself to) Concealment (conceals its presence from malware scanners; dormant) Payload (begins performing its primary function)
*Defenses against attacks - diversity
Closely related to layering Layers must be different (diverse) If attackers penetrate one layer: Same techniques unsuccessful in breaking through other layers Breaching one security layer does not compromise the whole system Example of diversity: Using security products from different manufacturers
no computational capabilities but only provides remote storage (stores only)
Cloud storage
RAID 10 (stripe of mirrors)
Combination of RaID 1 and RaID 0 Stripe file blocks across mirrored drives High disk space utilization High redundancy Minimum of 4 drives
*Logic bomb
Computer code that lies dormant until it is triggered by a specific logical event. Difficult to detect before it is triggered Can be a form of data deletion Can be set to dates or even number of keystrokes
*Rootkit
Concealment Software tools used by an attacker to hide actions or presence of other types of malicious software Hide or remove traces of log-in records, log entries May alter or replace operating system files with modified versions: Specifically designed to ignore malicious activity Rootkits can be detected using programs that compare file contents with original files Rootkits that operate at operating system's lower levels: May be difficult to detect Removal of a rootkit can be difficult Rootkit must be erased Original operating system files must be restored Reformat hard drive and reinstall operating system DIFFICULT TO GET RID OF; WILL LIKELY NEED TO REINSTALL ENTIRE OPERATING SYSTEM
MAC address impersonation defense
Configure the switch so that only one port can be assigned per MAC address
What is a file on a local computer in which a server stores user-specific information?
Cookie
*The motivation of ____ may be defined as IDEOLOGY, or attacking for the sake of their PRINCIPLES or BELIEFS.
Cyberterrorists
SAN (storage area network)
Dedicated network storage facility that provides access to data over high speed networks
IEEE 802.11g
Defines a WLAN that operates up to 54 Mbps in the 2.4 GHz frequency
elements of secure network design
Demilitarized Zone (DMZ) Subnetting Virtual LANs Remote access
*Port Security
Disabling unused ports Turn off ports not required on a network Often overlooked security technique Switch without port security allows attackers to connect to unused ports and attack network All ports should be secured before switch is deployed Network administrator should issue shutdown command to each unused port MAC limiting and filtering Filters and limits number of media access control (MAC) addresses allowed on a port Port can be set to limit of 1 Specific MAC address can be assigned to a port Enables only single authorized host to connect IEEE 802.1x Standard that provides the highest degree of port security Implements port-based authentication Blocks all traffic on a port-by-port basis: Until client is authenticated
*DDoS Attack
Distributed Denial of Service Attack. Typically a virus installed on many computers (thousands) activate at the same time and flood a target with traffic to the point the server becomes overwhelmed.
*Insider
Employees, contractors, and business partners 48 percent of breaches attributed to insiders OFTEN A DISGRUNTLED EMPLOYEE
Malicious software (malware)
Enters a computer system without the owner's knowledge or consent Damaging or annoying software Primary objectives of malware: Infecting systems Concealing its purpose Making profit
Client-side attacks: header manipulation
Examples: Referer - To hide users being redirected to attacker's site Accept language - Used to generate a directory traversal attack Response splitting - Provides control over the HTTP header commands
Single Loss Expectancy (SLE)
Expected monetary loss every time a risk occurs
Annualized Loss Expectancy (ALE)
Expected monetary loss for an asset over a one year period
Hoaxes
FALSE WARNING OR CLAIM
True or False. Man-in-the-middle attacks cannot be conducted on networks.
False
True or False. RADIUS can authenticate network devices.
False
True or False. RADIUS interacts with Kerberos.
False
Vulnerability
Flaw or weakness Threat agent can bypass security Example: Boxer is cut over left eye so his left side is vulnerable to punches
Types of Backups
Full, Differential (changes since last full), and Incremental (changes since last full OR last incremental)
*Authorization
GRANT ability to access information Example: Security guard allows soldier through the gate
*Security patch
General software update to cover discovered vulnerabilities goes to everyone
*Black hat hackers
Goal is MALICIOUS and DESTRUCTIVE (unauthorized)
*White hat hackers
Goal to EXPOSE SECURITY FLAWS Not to steal or corrupt data (PAID to do this)
*Script Kiddies
Goal: break into computers to create damage UNSKILLED users (amateurs) Download automated hacking software (scripts) Use them to perform malicious acts Attack software today has menu systems 40 percent of attacks performed by script kiddies
Which of the following was used to describe attackers who would break into a computer system without the owner's permission and publicly disclose the vulnerability? a. white hat hacker b. black hat hacker c. blue hat hacker d. gray hat hacker
Gray hat hacker because their motivation is to make a scene or flaunt their hack. Black and white hackers would not want their hack to be public.
*Difference between NIPS and HIDS
HIDS only DETECTS an attack but NIPS will also REACT to an attack
Categories of attackers (careful not to mistake one for another) (HSSICC)
Hackers Script kiddies Spies Insiders Cybercriminals Cyberterrorists
Has an onboard key generator and key storage facility as well as accelerated symmetric and asymmetric encryption and can back up sensitive material in encrypted form?
Hardware Security Module (HSM)
*Protocol Analyzer (Sniffer)
Hardware or software that captures packets to decode and analyze the contents.
*Uses experience-based techniques
Heuristic monitoring
Annualized Rate of Occurrence (ARO)
Historical data used to determine the likelihood of a risk occurring within a year
Backup sites - Hot, Cold, Warm
Hot - all equipment ready to go Warm - some equipment Cold - nothing is set up
Current version of IP protocol is version
IPv4
public key exchange
In asymmetric cryptography, two keys are required: the public key and the private key. The public key used to encrypt the message is shared freely. The private key used to decrypt the message is kept secret.
*Authentication
Individual is WHO they claim to be Example: Security guard at gate VERIFIES CACs
Access control terms - Custodian
Individual to whom day to day actions have been assigned by the owner periodically reviews security settings and maintains record of access by end users
*Availability
Information is ACCESSIBLE to authorized users UP-TIME: amount of time something is available
Server-side web application attack: Cross-Site Scripting (XSS)
Injects scripts into a WEB APPLICATION SERVER
*Buffer overflow attack
Inputting so much data that the input buffer overflows. The overflow contains code that takes control of the computer.
Stateful firewall
Inspects incoming packet and permits or denies based on CONDITIONS set by administrator
site-to-site VPN
Interconnects two sites, as an alternative to a leased line, at a reduced cost.
What happens to metamorphic malware code when executed?
It is rewritten
What happens to oligomorphic malware code when executed?
It mutates
What happens to polymorphic malware code when executed?
It unscrambles
Asset
Item of value Example: Wallet
Network tap defense
Keep network connections secure by restricting physical access
Stateless firewall
Keeps record of state of connection Makes decisions based on CONNECTION and CONDITIONS
Common types of authentication and AAA servers
Kerberos, RADIUS, TACACS, LDAP
WEP (Wired Equivalent Privacy)
Key encryption technique for wireless networks that uses keys both to authenticate network clients and to encrypt data in transit. IEEE 802.11 WEP is weak, so it needs an IV (initialization vector) 64-bit or 128-bit number to encrypt plaintext into ciphertext Initialization vector (IV) is only 24 of those bits Short length makes it easier to break
Two major implementations of MAC
Lattice model Subjects and objects are assigned a "rung" on the lattice Multiple lattices can be placed beside each other Bell-LaPadula Similar to lattice model Subjects may not create a new object or perform specific functions on lower level objects
Hackivists
Launch attacks based upon ideologies that are not well-defined May attack in order to make a political statement May attack due to a personal grudge Examples of a hackivism: May leave a highly visible message on the home page of a Web site that gets a lot of traffic or which embodies a point-of-view that is being opposed May launch a denial-of-service attack to disrupt traffic to a particular site
*Defenses against attacks (LLDOS)
Layering Limiting Diversity Obscurity Simplicity
OS hardening techniques
Least privilege Reduce capabilities Read only file system Kernel pruning
Salt
Linux and Apple Mac password hashing technique
DoS (Denial of Service) defense
Load balancer
What type of virus executes a script?
Macro
Virus
Malicious computer code that reproduces itself on the same computer Virus infection methods: Appender infection Swiss cheese infection Split infection When infected program is launched: Virus replicates itself by spreading to another file on same computer Virus activates its malicious payload Viruses may display an annoying message: Or be much more harmful Examples of virus actions: Cause a computer to repeatedly crash Erase files from or reformat hard drive Turn off computer's security settings Virus cannot automatically spread to another computer Relies on user action to spread Viruses are attached to files Viruses are spread by transferring infected files
*Worm
Malicious program Exploits application or operating system vulnerability Sends copies of itself to other network devices Worms may: Consume resources or Leave behind a payload to harm infected systems Examples of worm actions Deleting computer files Allowing remote control of a computer by an attacker DOESN'T NEED HELP/SELF-SUFFICIENT, SELF-REPLICATING
Botnet
Malware that "calls home" to a command and control center for further instructions after it infects a computer. Computer is infected with program that allows it to be remotely controlled by attacker often payload of Trojan, worms, and viruses group of zombie computers HTTP is often used Botnets' advantages for attackers Operate in the background: Often with no visible evidence of existence Provide means for concealing actions of attacker Can remain active for years Large percentage of zombies are accessible at a given time Due to growth of always-on Internet services
Four major access control models
Mandatory Access Control (MAC) Discretionary Access Control (DAC) Role Based Access Control (RBAC) Rule Based Access Control (RBAC)
Weak patch distribution/Delays in patching
Many software products lack a means to distribute security patches in a timely fashion/Vendors are overwhelmed trying to keep pace by updating their products against attacks
*Advantages of NAT
Masks IP addresses of internal devices Allows multiple devices to share smaller number of public IP addresses
Proxies
Mediates communication between un-trusted hosts on behalf of the hosts that it protects.
Unified Threat Management (UTM)
Network hardware that provides multiple security functions.
*VLAN management
Network may be segmented into logical groups of physical devices through VLAN Scattered users may be logically grouped together regardless of which switch they are attached to General principles for managing VLANs A VLAN should not communicate with another VLAN unless they are both connected to a router Configure empty switch ports to connect to an unused VLAN Different VLANs should be connected to different switches Change any default VLAN names Configure switch ports that pass tagged VLAN packets to explicitly forward specific tags Configure VLANs so that public devices are not on a private VLAN
*Cybercriminals
Network of attackers, identity thieves, spammers, financial fraudsters Difference from ordinary attackers: More highly motivated Willing to take more risk Better funded More tenacious GOAL: FINANCIAL GAIN
Failure In Time (FIT)
Number of expected failures per hours of operation
*Defenses against attacks - limiting
Number of people with information is limited or the amount of data given is limited Methods of limiting access: File permissions Prohibiting document removal from premises
The two types of UPS
OFFLINE (runs off main power supply) OR ONLINE (runs off battery and servers as surge protector)
All of the following can be broken mathematically except a. AES b. 3DES c. OTP d.
OTP One time pass
Access control terms
Object (file), Subject (person), Operation (doing something to a file)
*Defenses against attacks - obscurity
Obscuring or not revealing inside details to outsiders
Telnet
Older TCP/IP protocol for text based communication Application used to send remote commands Recommended that SSH be used instead of Telnet Port 23
*Types of Malware (3)
Oligomorphic malware: Malware that MUTATES its computer code whenever executed in order to avoid detection Polymorphic malware: Malware whose code is scrambled It UNSCRAMBLES upon execution of code Metamorphic malware: Malware that REWRITES its own code whenever executed to appear like a different code each time
*Confidentiality
Only APPROVED INDIVIDUALS may access information
IEEE 802.11ac
Operates in the 5 GHz frequency band providing data rates ranging from 450 Mb/s to 1.3 Gb/s (1300 Mb/s.) It is backward compatible with 802.11a/n devices.
accounts are user accounts that remain active after an employee has left an organization
Orphaned accounts
6 items on a digital certificate
Owner's name or alias Owner's public key Issuer's name Issuer's digital signature Digital certificate's serial number Expiration date of the public key
*Computer spies
Person hired to break into a computer to steal information Hired to attack a specific computer or system containing sensitive information Goal: STEAL INFORMATION WITHOUT DRAWING ATTENTION to their actions Possess excellent computer skills to attack and cover their tracks
Threat agent
Person or element with power to carry out a threat Example: Thief that steals your wallet
Access control terms - Owner
Person responsible for the information Determines the level of security needed for the data and delegates security duties as required
*Hacker
Person who uses computer skills to attack computers
Ping Flood Attack
Ping utility used to send large number of echo request messages and overwhelms server
Cyberterrorism and potential targets
Premeditated, POLITICALLY MOTIVATED attacks Target: information, computer systems, data Spread misinformation and propaganda Cause panic Provoke violence Result in financial catastrophe, critical infrastructure outages, or corruption of vital data Potential targets (AFFECTS LARGE # of PEOPLE) Banking Military Municipal (water, energy) Transportation (air traffic control centers)
*Types of computer viruses
Program - infects executable files Macro - a series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or repeated series of tasks Resident - loaded into RAM and infects files opened by user or operating system Boot virus - Infects the Master Boot Record (MBR) which contains the program necessary for the computer to start up Companion virus - adds a program to the operating system that is a malicious copycat version to a legitimate program NEEDS HELP
*Trojans
Program that does something OTHER THAN ADVERTISED Typically executable programs Contain hidden code that launches an attack Sometimes made to appear as data file Example User downloads "free calendar program" Program scans system for credit card numbers and passwords Transmits information to attacker through network
Client-side attacks: drive-by download
Program which automatically downloads when a user visits a web page, usually without their knowledge or consent.
What firewall action will ask what to do with a packet?
Prompt
Exposure Factor (EF)
Proportion of an asset's value that is likely to be destroyed by a particular risk. EF is expressed as a percent
*Nonrepudiation
Proves that a user performed an action
*Accounting
Provides TRACKING of events Example: Drill Sergeant signs soldier in and out of the barracks
*Authenticity
Provides proof of the genuineness of the user
perfect forward secrecy
Public key systems that generate random public keys that are different for each session.
*RSA Encryption
RSA (Rivest-Shamir-Adleman) is the most common internet encryption and authentication system. The system used an algorithm that involves multiplying two large prime numbers to generate a public key, used to encrypt data and decrypt an authentication, and a private key, used to decrypt the data and encrypt an authentication. Most secure asymmetric cryptographic algorithm.
Typo squatting
Redirecting a user to a fictitious website based on a misspelling of the URL. Also called URL hijacking.
Discretionary Access Control (DAC) problems
Relies on decisions by end user to set proper security level Incorrect permissions may be granted Subject's permissions will be "inherited" by any programs the subject executes Trojans are a particular problem with DAC
What is a way to allow remote users to access the local internal network?
Remote Access
*Transmissions are routed through networks not managed by the organization
Remote access
A device that routes incoming requests to the correct server is an ________.
Reverse Proxy
*What's the difference between a rogue access point and an evil twin?
Rogue access point is just another access point in the network that's not authorized. The evil twin is actually trying to look like a legitimate access point/wifi connection.
What device forwards packets across computer networks and operates at Layer 3?
Router
What is the latest version of Secure Hash Algorithm?
SHA-3
In a __________, the attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond.
SYN flood attack
Port mirroring defense
Secure the switch in a locked room
Denial of Service (DoS)
Security problem in which users are not able to access an information system; can be caused by human errors, natural disaster, or malicious activity.
Best Practices for access control
Separation of duties Job rotation Least privilege Implicit deny Mandatory vacations
*Defenses against attacks - simplicity
Should be: Simple from the inside Complex from the outside
*Looks for well-known attack signature patterns
Signature-based monitoring
An attacker is flirting with an user to gain information. This is a form of what?
Social Engineering
Phishing
Social engineering Phishing Tries to trick user into giving private information Variations of phishing Pharming-Automatically redirects user to fraudulent Web site Spear phishing - Email messages target specific users Whaling - Going after the "big fish" Targeting wealthy individuals Vishing (voice phishing) - Attacker calls victim with recorded "bank" message with callback number Victim calls attacker's number and enters private information
Backdoor
Software code that gives access to a program or a service that circumvents normal security protections. Intent is to remove backdoors in final application Software code that circumvents normal security to give program access Common practice by developers to remove backdoors in final application unknown to network administrators ,a way into the system with an administrative rights that bypasses security System setting modification
*Keylogger
Software or hardware used to capture user's keystrokes Information later retrieved by attacker Attacker searches for useful information: Passwords Credit card numbers Personal information Looks like a flash drive that goes in between USB port and USB cord
*Hotfix
Software that addresses a SPECIFIC CUSTOMER situation and often MAY NOT BE DISTRIBUTED TO OTHERS outside that customer's organization.
*Spyware
Software that gathers information without user consent Usually used for: Advertising Collecting personal information Changing computer configurations Spyware's negative effects Slows computer performance Causes system instability May install new browser menus or toolbars May place new shortcuts May hijack home page Causes increased pop-ups
*Spam vs Spim
Spam Primary vehicles for distribution of malware EMAILS Spim: targets instant messaging users INSTANT MESSAGES
Types of malware designed to profit attackers
Spyware Keyloggers Adware Ransomware Data Deletion Backdoor Zombie / Botnets / Command and Control
HIDS monitor
System calls File system access System registry settings Host input/output communications
TACACS+ transport protocol
TCP
Temporal Key Integrity Protocol (TKIP)
TKIP features include: Boosting encryption strength Preventing collision attacks without hardware replacement Serving as a WEP code wrapper and also adding per-packet mixing of media access control (MAC) base keys and serial numbers Assigning a unique 48-bit sequencing number to each packet Utilizing the RC4 stream cipher - 128-bit encryption keys and 64-bit authentication keys
*DNS poisoning
Technique used by criminals to alter DNS records and drive users to fake sites, to committing phishing.
*Cyber Kill Chain - Weaponization
The attacker creates an exploit (virus) and packages it to be used against target
*Cyber Kill Chain - Reconnaissance
The attacker probes the network for any system information that can be a viable target
Discretionary Access Control (DAC)
The least restrictive access control model in which the owner of the object has total control over it.
RTO - Recovery Time Objective
The length of time it will take to recover the data that has been backed up.
Risk
The likelihood that a threat agent will exploit the vulnerability. Cannot be eliminated completely. Example: Likelihood that a boxer will get hit by his opponent.
Mandatory Access Control (MAC)
The most restrictive access control model, typically found in military settings in which security is of supreme importance.
What is the difference between a cyberterrorist and a cybercriminal?
The motivation of a cyberterrorist is political or religious in nature and the motivation of a cybercriminal is financial gain.
*X.509 Digital Certificates
The standard for the most widely accepted format for digital certificates
*Service Set Identifier (SSID)
The user-supplied network name of a WLAN; it can generally be alphanumeric from *2 to 32* characters.
FTPS (File Transfer Protocol Secure) vs (SFTP) Secure FTP
There are several differences between SFTP and FTPS. First, FTPS is a combination of two technologies (FTP and SSL/TLS); SFTP is an entire protocol itself and is not pieced together with multiple parts. Second, SFTP only uses a single TCP port instead of two ports like FTPS. Finally, SFTP encrypts and compresses all data and commands (FTPS may not encrypt data).
Why do cyberterrorists target power plants, air traffic control centers, and water systems?
They can cause significant disruption by destroying only a few targets.
*AAA
Three PROTECTIONS implemented TO SECURE INFORMATION: Authentication Authorization Accounting
*CIA
Three types of security protection: confidentiality integrity availability
OS hardening
Tightening security during the design and coding of the OS.
*Network Address Translation (NAT)
Translates the private IP address to a public address for routing over the Internet
3DES
Triple Digital Encryption Standard. A symmetric algorithm used to encrypt data and provide confidentiality. It was originally designed as a replacement for DES. It uses multiple keys and multiple passes and is not as efficient as AES, but is still used in some applications, such as when hardware doesn't support AES.
True of False. Archive bit set to 0 in file properties
True
True or False. Encrypting hardware is better than encrypting software.
True
True or False. TACACS+ can authenticate network devices.
True
True or False. TACACS+ interacts with Kerberos.
True
THREE approaches to trust
Trust everyone all of the time Trust no one at any time Trust some people some of the time
RADIUS transport protocol
UDP
Cleartext
Unencrypted data.
*Defenses against attacks - layering
Unlikely that attacker can break through all defense layers Can be useful in resisting a variety of attacks Provides the most comprehensive protection
Defense against MAC flooding
Use a switch that can close ports with too many MAC addresses
ARP poisoning defense
Use an ARP detection appliance (Wireshark)
Cloud Software as a Service (SaaS)
Use provider's applications over a network
Spanning Tree Algorithm (STA)
Uses IEEE 802.1d standard to determine that switch has multiple ways to communicate with host and then determine best path while blocking out other paths
Thwarting identity theft
Using another person's personal information in unauthorized manner for financial gain.
Appender Infection
Virus appends itself to end of a file Moves first three bytes of original file to virus code Replaces them with a jump instruction pointing to the virus code
Split infection
Virus splits into several parts Parts placed at random positions in host program Head of virus code starts at beginning of file Gives control to next piece of virus code
Preshared Key (PSK) Authentication
WPA-PSK works by configuring a WLAN passphrase or password of eight to 63 characters. Based on the password, access point (router) and connecting node credentials, a 256-character key is generated, shared and used by both devices for network traffic encryption and decryption. A connected user that provides correct credentials receives WLAN access. If implemented with Temporal Key Integrity Protocol (TKIP), WPA-PSK dynamically generates a 128-bit encryption key for each packet. Additionally, the Advanced Encryption Standard (AES) may be used instead of TKIP. WPA-PSK does not require an authentication server and manual user configuration. Thus, it is considered simpler and leaner than WPA Enterprise, a WPA variant.
*Cyber Kill Chain - Exploitation
Weapon is initiated or executed (NO LONGER DORMANT)
*Cyber Kill Chain - Delivery
Weapon is transmitted to target via email or infected web server (HOW YOU WANT TO USE IT)
Questions to ask when creating a data backup
What information? How often? What media? Where to store? What hardware/software to use?
Tailgating
When an UNAUTHORIZED individual enters a restricted-access building by FOLLOWING an AUTHORIZED user.
IEEE 802.11
Wireless Ethernet standard more commonly known as Wi-Fi.
Types of wireless probes
Wireless device probe Desktop probe Access point probe Dedicated probe
What type of malware can spread across networks without user interaction?
Worm
*TCP/IP uses
a four layer architecture: Network interface, internet, transport, application
*Evil Twin Attack
a rogue wireless access posing as a legitimate wireless service provider to intercept information that users transmit
*Demilitarized Zone (DMZ)
a separate network located outside the organization's internal information system that permits controlled access from the internet. Untrusted users can access the DMZ but not the network.
A preshared key (PSK) of fewer than ____ characters may be subject to an attack if that key is a common dictionary word. a. 20 b. 32 c. 48 d. 64
a. 20 32 characters is for the SSID
How does heuristic detection detect a virus? a. A virtualized environment is created and the code is executed in it. b. A string of bytes from the virus is compared against the suspected file. c. The bytes of a virus are placed in different "piles" and then used to create a profile. d. The virus signature file is placed in a suspended chamber before streaming to the CPU.
a. A virtualized environment is created and the code is executed in it.
An entity that issues digital certificates is a ____________. a. Certificate Authority (CA) b. Signature Authority (SA) c. Certificate Signatory (CS) d. Digital Signer (DS)
a. Certificate Authority (CA)
Blank ensures that only authorized parties can view the information. a. confidentiality b. availability c. authorization d. integrity
a. Confidentiality
Which is the first step in securing an operating system? a. Develop the security policy. b. Implement patch management. c. Configure operating system security and settings. d. Perform host software baselining.
a. Develop the security policy.
An administrator is implementing a security control that only permits the execution of allowed programs. Which two of the following are cryptography concepts that should be used to identify the allowed programs? a. digital signatures b. hashing c. asymmetric encryption d. open ID e. key escrow
a. Digital signatures and c. asymmetric encyrption
Which Fibre Channel zone is the most restrictive? a. FC hard zone b. FC soft zone c. FC port zone d. FC interface zone
a. FC hard zone
Internet Control Message Protocol (ICMP) is used by each of these attacks EXCEPT . a. ICMP poisoning b. smurf DoS attack c. ICMP redirect attack d. ping of death
a. ICMP poisoning
Which statement about data loss prevention (DLP) is NOT true? a. It can only protect data while it is on the user's personal computer. b. It can scan data on a DVD. c. It can read inside compressed files. d. A policy violation can generate a report or block the data.
a. It can only protect data while it is on the user's personal computer.
How does network address translation (NAT) improve security? a. It discards unsolicited packets. b. It filters based on protocol. c. It masks the IP address of the NAT device. d. NATs do not improve security.
a. It discards unsolicited packets.
What does MAC limiting and filtering do? a. It limits devices that can connect to a switch. b. It allows only approved wireless devices to connect to a network. c. It prevents Address Resolution Protocol spoofing. d. It provides security for a router.
a. It limits devices that can connect to a switch.
refers to a situation in which keys are managed by a third party, such as a trusted CA. a. Key escrow b. Remote key administration c. Trusted key authority d. Key authorization
a. Key escrow
Which of these Wi-Fi Protected Setup (WPS) methods is vulnerable? a. PIN method b. push-button method c. piconet method d. NFC method
a. PIN method Because there are unlimited attempts to entering a PIN
Malicious files were identified on a system and sent to the company's antivirus vendor for analysis. A new antivirus signature file was released and installed on the company's systems where it was able to remove several of tech malicious files. However, several days later the malicious activities resumed on some of the previously cleaned systems and new systems. Which of the following has the company most likely experienced? a. Polymorphic malware b. Trojans c. Worm d. Armored virus
a. Polymorphic malware
is a protocol for securely accessing a remote computer. a. Secure Shell (SSH) b. Secure Sockets Layer (SSL) c. Secure Hypertext Transport Protocol (SHTTP) d. Transport Layer Security (TLS)
a. Secure Shell (SSH)
Attackers use techniques when sending tailored emails to engage their targets and make htem feel personally involved. Which of the following social engineering techniques best describes this type of attack? a. Spear phishing b. Whaling c. SMiShing d. Pharming
a. Spear Phishing
Which of these is NOT an advantage of a load balancer? a. The risk of overloading a desktop client is reduced. b. Network hosts can benefit from having optimized bandwidth. c. Network downtime can be reduced. d. DoS attacks can be detected and stopped.
a. The risk of overloading a desktop client is reduced.
Which of these is NOT a limitation of turning off the SSID broadcast from an AP? a. Users can more easily roam from one WLAN to another. b. The SSID can easily be discovered, even when it is not contained in beacon frames, because it still is transmitted in other management frames sent by the AP. c. Turning off the SSID broadcast may prevent users from being able to freely roam from one AP coverage area to another. d. Some versions of operating systems favor a network that broadcasts an SSID over one that does not.
a. Users can more easily roam from one WLAN to another.
Anne, the CEO has reported that she is getting multiple telephone calls from someone claiming to be from the helpdesk. The caller is asking to verify her network authentication credentials because her computer is broadcasting across the network. This is MOST likely which of the following types of attacks? a. Vishing b. Impersonation c. Spim d. Scareware
a. Vishing
What is the Extensible Authentication Protocol (EAP)? a. a framework for transporting authentication protocols b. a subset of WPA2 c. the protocol used in TCP/IP for authentication d. a technology used by IEEE 802.11 for encryption
a. a framework for transporting authentication protocols
Each of these can be used to hide information about the internal network EXCEPT . a. a protocol analyzer b. subnetting c. a proxy server d. network address translation (NAT)
a. a protocol analyzer
A(n) can identify the application that send packets and then make decisions about filtering based on it. a. application-aware firewall b. reverse proxy c. Internet content filter d. web security gateway
a. application-aware firewall
Public Key Cryptography Standards (PKCS) . a. are widely accepted in the industry b. are used to create public keys only c. define how hashing algorithms are created d. have been replaced by PKI
a. are widely accepted in the industry
Which of the following is NOT designed to prevent individuals from entering sensitive areas but instead is intended to direct traffic flow? a. barricade b. fencing c. roller barrier d. type V controls
a. barricade (metal gates on streets that are flooded in Charleston)
What are attackers called who belong to a network of identity thieves and financial fraudsters? a. cybercriminals b. script kiddies c. hackers d. brokers
a. cybercriminals Cybercriminals includes both identity thieves and financial fraudsters. Script kiddies are not skilled enough. Hackers may not be out for identities or money
What is another name for a locally shared object? a. flash cookie b. session cookie c. RAM cookie d. secure cookie
a. flash cookie
A WEP key that is 128 bits in length ______. a. has an initialization vector (IV) that is the same length as a WEP key of 64 bits b. cannot be cracked because it is too long c. cannot be used on access points that use passphrases d. is less secure than a WEP key of 64 bits because shorter keys are stronger
a. has an initialization vector (IV) that is the same length as a WEP key of 64 bits
Which high-speed storage network protocols used by a SAN is IP-based? a. iSCSI b. FC c. FCoE d. XSAN
a. iSCSI
Which of these can a QR code NOT contain? a. image b. URL c. email address d. phone number
a. image
Each of these is a reason why adware is scorned except _____. a. it displays the attacker's programming skills b. it can interfere with a user's productivity c. it displays objectionable content d. it can cause a computer to crash or slow down
a. it displays the attacker's programming skills
One of the first mobile devices was a _______. a. personal digital assistant (PDA) b. tablet c. smartphone
a. personal digital assistant (PDA)
Which statement is correct regarding why traditional network security devices cannot be used to bock web application attacks? a. traditional network security devices ignore the content of HTTP traffic, which is the vehicle of web application attacks b. web application attacks use web browsers that cannot be controlled on a local computer c. network security devices cannot prevent attacks from web resources d. the complex nature of TCP/IP allows for too many ping sweeps to be blocked.
a. traditional network security devices ignore thr content of HTTP traffic, which is the vehicle of web application attacks
Which of these is not an action that a virus can take? a. transport itself through the network to another device b. cause a computer to crash c. erase files from a hard drive d. reformat the hard disk drive
a. transport itself through the network to another device
Which of the following cannot be used along with fencing as a security perimeter? a. vapor barrier b. rotating spikes c. roller barrier d. anticlimb paint
a. vapor barrier
Which of these technologies is NOT found in a wireless broadband router? a. wireless probe b. firewall c. router d. access point
a. wireless probe
*Firewall actions on a packet
allow, block, prompt (ask what action to take)
What is the difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS)? a. There is no difference; a NIDS and a NIPS are equal. b. A NIPS can take actions more quickly to combat an attack. c. A NIDS provides more valuable information about attacks. d. A NIPS is much slower because it uses protocol analysis.
b. A NIPS can take actions more quickly to combat an attack.
What is one reason Android devices are considered to be at a higher security risk than iOS devices? a. iOS has been available longer and has more of its vulnerabilities worked out. b. Android apps can be side-loaded. c. All Android apps are free. d. Apple apps are written in a more secure binary language.
b. Android apps can be side-loaded. side-loaded means that apps are downloaded from a third party
A centralized directory of digital certificates is called a(n) . a. Digital Signature Approval List (DSAP) b. Certificate Repository (CR) c. Authorized Digital Signature (ADS) d. Digital Signature Permitted Authorization (D
b. Certificate Repository (CR)
If a group of users must be separated from other users, which is the most secure network design? a. Use a VLAN. b. Connect them to different switches and routers. c. Use a subnet mask. d. It is impossible to separate users on a network.
b. Connect them to different switches and routers.
________ allows for a single configuration to be set and then deployed to many or all users. a. Active Directory b. Group Policy c. Snap-In Replication (SIR) d. Command Configuration
b. Group Policy
Why is a rogue AP a security vulnerability? a. It uses the weaker IEEE 802.15.ax protocol. b. It allows an attacker to bypass many of the network security configurations. c. It requires the use of vulnerable wireless probes on all mobile devices. d. It conflicts with other network firewalls and can cause them to become disabled.
b. It allows an attacker to bypass many of the network security configurations.
Which statement about a mantrap is true? a. It is illegal in the U.S. b. It monitors and controls two interlocking doors to a room. c. It is a special keyed lock. d. It requires the use of a cipher lock.
b. It monitors and controls two interlocking doors to a room.
Which statement about a flood guard is true? a. It is a separate hardware appliance that is located inside the DMZ. b. It prevents DoS or DDoS attacks. c. It can be used on either local host systems or network devices. d. It protects a router from password intrusions.
b. It prevents DoS or DDoS attacks.
What is the primary weakness of wired equivalent privacy (WEP)? a. It functions only on specific brands of APs. b. Its usage creates a detectable pattern. c. It slows down a WLAN from 104 Mbps to 16 Mbps. d. Initialization vectors (IVs) are difficult for users to manage.
b. Its usage creates a detectable pattern.
Which of these is a vulnerability of MAC address filtering? a. The user must enter the MAC. b. MAC addresses are initially exchanged between wireless devices and the AP in an unencrypted format. c. APs use IP addresses instead of MACs. d. Not all operating systems support MACs.
b. MAC addresses are initially exchanged between wireless devices and the AP in an unencrypted format.
Which technology should be used instead of LEAP? a. STREAK b. PEAP c. LEAP-2 d. REAP
b. PEAP
Which of these is the most secure protocol for transferring files? a. SCP b. SFTP c. FTPS d. FTP
b. SFTP
Which version of Simple Network Management Protocol (SNMP) is considered the most secure? a. SNMPv2 b. SNMPv3 c. SNMPv4 d. SNMPv5
b. SNMPv3
WPA replaces WEP with _______. a. WPA2 b. Temporal Key Integrity Protocol (TKIP) c. Cyclic Redundancy Check (CRC) d. Message Integrity Check (MIC)
b. Temporal Key Integrity Protocol (TKIP)
Which of these is NOT a type of wireless AP probe? a. wireless device probe b. WNIC probe c. dedicated probe d. AP probe
b. WNIC probe
AES-CCMP is the encryption protocol standard used in . a. Bluetooth b. WPA2 c. IEEE 802.11 d. WPA
b. WPA2
How can an attacker use a hoax? a. by sending out a hoax, an attacker can convince a user to read his email more often b. a hoax could convince a user that a bad Trojan is in circulation and that he should change his security settings c. a user who receives multiple hoaxes could contact his supervisor for help. d. hoaxes are not sued by attackers today
b. a hoax could convince a user that a bad Trojan is in circulation and that he should change his security settings
What is a session token? a. XML code used in an XML injection attack b. a random string assigned by a web server c. another name for a third-party cookie d. a unique identifier that includes the user's email address
b. a random string assigned by a web server
Which type of log can provide details regarding requests for specific files on a system? a. event log b. access log c. audit log d. SysFile log
b. access log
Which is the preferred location for installation of a spam filter? a. on the POP3 server b. with the SMTP server c. on the local host client d. on the proxy server
b. with the SMTP server
If a device is determined to have an out-of-date virus signature file, then Network Access Control (NAC) can redirect that device to a network by _________. a. a Trojan horse b. TCP/IP hijacking c. Address Resolution Protocol (ARP) poisoning d. DHCP man-in-the-middle
c. Address Resolution Protocol (ARP) poisoning
Which Domain Name System (DNS) attack replaces a fraudulent IP address for a symbolic name? a. DNS replay b. DNS masking c. DNS poisoning d. DNS forwarding
c. DNS poisoning
The preferred method today of bot herders for command and control of zombies is _____. a. internet relay chat (IRC) b. botnets c. HTTP d. spam
c. HTTP
Which statement is NOT true regarding hierarchical trust models? a. The root signs all digital certificate authorities with a single key. b. It assigns a single hierarchy with one master CA. c. It is designed for use on a large scale. d. The master CA is called the root.
c. It is designed for use on a large scale.
Why is loop protection necessary? a. It makes a DMZ more secure. b. It denies attackers from launching DDoS attacks. c. It prevents a broadcast storm that can cripple a network. d. It must be installed before IEEE 802.1d can be implemented.
c. It prevents a broadcast storm that can cripple a network.
Which statement about network address translation (NAT) is true? a. It can be stateful or stateless. b. It substitutes MAC addresses for IP addresses. c. It removes private addresses when the packet leaves the network. d. It can be found only on core routers.
c. It removes private addresses when the packet leaves the network.
Which of the following is NOT a Microsoft Windows setting that can be configured through a security template? a. Account Policies b. User Rights c. Keyboard Mapping d. System Service
c. Keyboard Mapping
Which of these is NOT a type of SD card? a. Standard-Capacity b. High-Capacity c. Low-Capacity d. eXtended-Capacity
c. Low-Capacity Secure digital input output (SDIO) is also a type of SD card
Which of these is NOT a risk when a home wireless router is not securely configured? a. An attacker can steal data from any folder with file sharing enabled. b. Usernames, passwords, credit card numbers, and other information sent over the WLAN could be captured by an attacker. c. Only 50 percent of the packets will be encrypted. d. Malware can be injected into a computer connected to the WLAN.
c. Only 50 percent of the packets will be encrypted.
Which of these is NOT a risk of connecting a mobile device to a public network? a. Public networks are beyond the control of the employee's organization. b. Public networks may be susceptible to man-in-the-middle attacks. c. Public networks are faster than local networks and can spread malware more quickly to mobile devices. d. Replay attacks can occur on public networks.
c. Public networks are faster than local networks and can spread malware more quickly to mobile devices.
A malicious individual is attempting to insert special characters into a data entry field. Which of hte following attacks would this be? a. Session hijacking b. integer overflow c. SQL injection d. cross-site scripting
c. SQL injection
A user who installs a program that prints out coupons but in the background silently collects her passwords has installed a _____. a. virus b. worm c. Trojan d. logic bomb
c. Trojan
Which of the following describes the key difference between vishing and phishing attacks? a. Phishing is used by attackers to steal a person's identity b. Vishing attacks require some knowledge of the target of attack c. Vishing attacks are accomplished using telephony services d. Phishing is a category of social engineering attack
c. Vishing attacks are accomplished using telephony services
Which type of computer most closely resembles a desktop computer? a. notebook b. subnotebook c. laptop d. netbook
c. laptop
An attacker can use NetBIOS to determine each of the following EXCEPT . a. computer names b. contents of the remote name cache c. list of remote NetBIOS names d. list of resolved names
c. list of remote NetBIOS names because NetBIOS uses local, not remote
Which technology is predominately used for contactless payment systems? a. wireless local area network (WLAN) b. Bluetooth c. near field communication (NFC) d. Temporal Key Integrity Protocol (TKIP)
c. near field communication (NFC)
RADIUS authentication and authorization are ____.
combined
Which of these IEEE WLANs has the highest data rate? a. 802.11b b. 802.11n c. 802.11g d. 802.11ac
d. 802.11ac
Which of these is NOT an attack against a switch? a. MAC address impersonation b. ARP poisoning c. MAC flooding d. ARP address impersonation
d. ARP address impersonation
A digital certificate that turns the address bar green is a(n) . a. Personal Web-Client Certificate b. Advanced Web Server Certificate (AWSC) c. X.509 Certificate d. Extended Validation SSL Certificate
d. Extended Validation SSL Certificate
What of these could NOT be defined as a logic bomb? a. Erase all data if John's name is removed from the list of employees b. Reformat the hard drive three months after Susan left the company c. send span email to all users in the company on Tuesday d. If the company's stock price drops below $10 then credit Jeff Brown with 10 additional years of retirement credit.
d. If the company's stock price drops below $10 then credit Jeff Brown with 10 additional years of retirement credit.
Which statement regarding a demilitarized zone (DMZ) is NOT true? a. It can be configured to have one or two firewalls. b. It provides an extra degree of security. c. It typically includes an email or web server. d. It contains servers that are used only by internal network users.
d. It contains servers that are used only by internal network users.
What does containerization do? a. It splits operating system functions only on specific brands of mobile devices. b. It places all keys in a special vault. c. It slows down a mobile device to half speed. d. It separates personal data from corporate data.
d. It separates personal data from corporate data. Helps companies avoid data ownership privacy issues and legal concerns regarding a user's personal data stored in a BYOD setting.
Which statement is true regarding security for a computer that boots to Apple Mac OS X and then runs a Windows virtual machine? a. The security of the Apple Mac OS X completely protects the Windows virtual machine. b. The hypervisor protects both the Apple Mac OS X and Windows operating systems. c. The security of the Windows virtual machine completely protects the Apple Mac OS X. d. The Windows virtual machine needs its own security.
d. The Windows virtual machine needs its own security.
Which function does an Internet content filter NOT perform? a. URL filtering b. malware inspection c. content inspection d. intrusion detection
d. intrusion detection
Which of the following is NOT a characteristic of APT? a. can span several years b. targets sensitive proprietary information c. uses advanced tools and techniques d. is only used by hackivists against foreign enemies
d. is only used by hackivists against foreign enemies it is possibly used by others although is most common for hackivists
The residential lock most often used for keeping out intruders is the . a. encrypted key lock b. privacy lock c. passage lock d. keyed entry lock
d. keyed entry lock
A typical configuration baseline would include each of the following EXCEPT . a. changing any default settings that are insecure b. eliminating any unnecessary software c. enabling operating system security features d. performing a security risk assessment
d. performing a security risk assessment
Bluetooth falls under the category of . a. local area network (LAN) b. short area network (SAN) c. paired-device network (PDN) d. personal area network (PAN)
d. personal area network (PAN)
Which of these is NOT a DoS attack? a. SYN flood b. ping flood c. smurf d. push flood
d. push flood
A reverse proxy _________. a. only handles outgoing requests b. is the same as a proxy server c. must be used together with a firewall d. routes incoming requests to the correct server
d. routes incoming requests to the correct server
account is one that has not been accessed for a lengthy period of time.
dormant accounts
Qualitative Risk Assessment
educated guess
What makes it not difficult to defend
educated user
*IP operates at what layer
layer 3 (network layer or internet layer
*TCP operates at what layer
layer 4 (Transport layer)
Need a _____ image backup of hard drive when collecting evidence.
mirror also known as system image or bit stream backup
Spear Phishing Attack
phishing attacks that use specific personal information
*The best method for configuring the router
physically through the console cable (as opposed to remotely)
network that is created using a wireless Bluetooth connection. Some examples of piconets include a cell phone connected to a computer, a laptop and connected to Bluetooth-enabled digital camera, or several PDAs that are connected to each other.
piconet
Block cipher
random cipher
Ping of Death
really long ping packet that crashes the reciever.
TACACS+ authentication and authorization are ____.
separated
Adware
software that automatically displays or downloads advertising material (often unwanted) when a user is online.
IEEE 802.11n (or Wireless-N)
standard for wireless networking. Compared with earlier standards such as 802.11b, Wireless-N offers faster speeds, more flexibility, and greater range.
*IPSec (Internet Protocol Security)
supports two encryption modes: tunnel and transport
Steganography
the art and science of hiding information by embedding messages within other, seemingly harmless messages
Impersonation (spoofing)
type of social engineering where Attacker pretends to be someone else Help desk support technician Repairperson Trusted third party Individuals in roles of authority
RADIUS communication is ____.
unencrypted
Access control terms - end user
user who accesses information in the course of routine job responsibilities
WiFi Protected Access (WPA)
uses 128-bit key TKIP improvements over WEP support EPA
pharming attack
uses a zombie farm, often by an organized crime association, to launch a massive phishing attack
Social Engineering
using deception to obtain unauthorized access to information resources directly from individuals Relies on the trusting nature of individuals
*helps ensure that commands are given to the correct router for virtual teletype
using meaningful router name
RAID 1 (mirroring)
• File blocks are duplicated between physical drives • High disk space utilization • High redundancy • Minimum of 2 drives MIRRORING WITH FAULT TOLERANCE
RAID 5 - Striping with Parity
• File blocks are striped along with a parity block • Efficient use of disk space • High redundancy • Minimum of 3 drives
*Steps of an attack (in order)
1. Reconnaissance (looks for target/weakness in network) 2. Weaponization (creates an exploit/virus) 3. Delivery (transmits exploit/virus to target) 4. Exploitation (exploit/virus is initiated)
heuristic detection
Creating a virtualized environment to simulate the central processing unit (CPU) and memory of the computer to check for the presence of a virus. Used by anti-virus software.
*Ransomware
Malware that prevents/BLOCKS users from operating their computer or browser via ENCRYPTION One of the newest and fastest-growing types of malware Messages may use icons similar to Windows messages to trick users into paying for fake services Messages may purport that they come from a Law enforcement agency May state that user is performing an illegal action May state that a fine is necessary to unlock computer
*Flood guard
Protects against denial of service attacks Controls device's tolerance for unanswered service requests Set maximum number of "developing" connections Commonly found on firewalls, IDSs, and IPSs
NetBIOS (Network Basic Input/Output System)
Protocol that operates at the Session layer of the OSI seven-layer model. This protocol creates and manages connections based on the names of the computers involved.
What is it called when a federal message appears on your screen and states that a fine is necessary to unlock your computer?
Ransomware
RPO (Recovery Point Objective)
The maximum length of time that an organization can tolerate between backups.
Hashing
Used to ensure message has not been changed (INTEGRITY)
Swiss cheese infection
Viruses inject themselves into executable code Original code transferred and stored inside virus code Host code executes properly after the infection
*Transport Layer Security (TLS)
a cryptographic protocol that ensures privacy and data integrity over public networks, such as the Internet
*Digital Signature
a means of electronically signing a document with data that cannot be forged like in an email for example
Each of these is a technique for securing a router EXCEPT . a. making all configuration changes remotely b. securing all ports c. setting a strong administrator password d. using a meaningful router name
a. making all configuration changes remotely
What allows a device to be managed remotely? a. mobile device management (MDM) b. mobile application management (MAM) c. mobile resource management (MRM) d. mobile wrapper management (MWM)
a. mobile device management (MDM)
Which of the following is NOT a characteristic of an alarmed carrier PDS? a. periodic visual inspections b. continuous monitoring c. carrier can be hidden below a floor d. eliminates the need to seal connections
a. periodic visual inspections Because if something happens, it will alert you
Which technology is NOT a characteristic of a mobile device? a. physical keyboard b. small form factor c. local nonremovable data storage d. data synchronization capabilities
a. physical keyboard
Which cannot be performed through a successful SQL injection attacks? a. reformat the web application server's hard drive b. display a list of customer telephone numbers c. discover the names of different fields in a table d. erase a database table
a. reformat the web application server's hard drive
Bob has attempted to enter the passcode for his mobile device but keeps entering the wrong code. Now he is asked to enter a special phrase to continue. This means that Bob's mobile device is configured to _____. a. reset to factory settings b. extend the lockout period c. use PIN codes as passcodes d. double the amount of time he is prevented from accessing his device
a. reset to factory settings
Which of these is NOT a size of SD cards? a. smallSD b. miniSD c. microSD d. full SD
a. smallSD
What is unsolicited instant messaging called? a. spim b. spam c. vishing d. SMS phishing
a. spim
A firewall using is the most secure type of firewall. a. stateful packet filtering b. network intrusion detection system replay c. stateless packet filtering d. reverse proxy analysis
a. stateful packet filtering
Which mobile device is the smallest? a. subnotebook b. laptop c. notebook d. desktop
a. subnotebook
What is a person or element that has the power to carry out a threat? a. threat agent b. exploiter c. risk agent d. vulnerability
a. threat agent
*Set strong ______ _______ to ensure only authorized access
administrator passwords
*AES
advanced encryption standard, a symmetric 128-bit block data encryption technique used by the US government. Three steps, used by US government.
Which of these is NOT part of the certificate life cycle? a. revocation b. authorization c. creation d. expiration
b. authorization
What is the unauthorized access of information from a wireless device through a Bluetooth connection called? a. bluejacking b. bluesnarfing c. Bluetooth snatching d. Bluetooth spoofing
b. bluesnarfing
Ann, a member of the incident response team, is investigating anomalies in activity from a single user. Audit logs indicate that the affected users credentials have been used to access the computer and system files after hours. Upon initial forensic capture, Ann identifies an unknown and unauthorized service running. Assuming this software package is malware, which of the following types of malware would Ann MOST likely identify it as a. logic bomb b. botnet trojan c. keylogger d. ransomware
b. botnet trojan
A ______ can be used to secure a mobile device. a. mobile connector b. cable lock c. mobile chain d. security tab
b. cable lock
Browser plug-ins ______. a. only function on web servers b. can be embedded inside a webpage but add-ons cannot c. have additional functionality to the entire browser d. have been replaced by browser extensions
b. can be embedded inside a webpage but add-ons cannot
If Cora tries to access a free public Wi-Fi at a local coffee shop that requires her to first agree to an Acceptable Use Policy (AUP) before continuing, what type of AP has she encountered? a. web-based b. captive portal c. rogue d. Internet content filter
b. captive portal
Which of these is NOT an advantage of BYOD for an organization? a. flexibility b. cost increases c. increased employee performance d. reduced internal service
b. cost increases
Which of these is NOT a state of data that DLP examines? a. data in-use b. data in-process c. data in-transit d. data at-rest
b. data in-process
Which of these would NOT be a filtering mechanism found in a firewall rule? a. source address b. date c. protocol d. direction
b. date
An organization that purchased security products from different vendors is demonstrating which security principle? a. obscurity b. diversity c. limiting d. layering
b. diversity
Tablet computers are designed for _____. a. processing capabilities b. ease of use c. wireless connection speed d. hardware upgrades
b. ease of use
The hashed message authentication code (HMAC) a. encrypts only the key b. encrypts the key and the message c. encrypts only the message d. encrypts the DHE key only
b. encrypts the key and the message
What enforces the location in which an app can function by tracking the location of the mobile device? a. location resource management b. geo-fencing c. geo-tagging d. Graphical Management Tracking (GMT)
b. geo-fencing
Michelle pretends to be the help desk manager and calls Steve to trick him into giving her his password. What social engineering attack has Michelle performed? a. aliasing b. impersonation c. luring d. duplicity
b. impersonation
Which of these is NOT where keys can be stored? a. in tokens b. in digests c. on the user's local system d. embedded in digital certificates P. 246
b. in digests
Public key infrastructure (PKI) . a. creates private key cryptography b. is the management of digital certificates c. requires the use of an RA instead of a CA d. generates public/private keys automatically P. 253
b. is the management of digital certificates
Which of these is NOT a security feature for locating a lost or stolen mobile device? a. remote lockout b. last known good configuration c. alarm d. thief picture
b. last known good configuration last known LOCATION is a security feature Locate is also a security feature
How does a virtual LAN (VLAN) allow devices to be grouped? a. based on subnets b. logically c. directly to hubs d. only around core switches
b. logically
A replay attack ___________. a. is considered to be a type of DoS attack b. makes a copy of the transmission for use at a later time c. can be prevented by patching the web browser d. replays the attack over and over to flood the server
b. makes a copy of the transmission for use at a later time
In a network using IEEE 802.1x, a supplicant . a. must use IEEE 802.11d to connect to the network b. makes a request to the authenticator c. contacts the authentication server directly d. can only be a wireless device
b. makes a request to the authenticator
Which of the following is NOT a motion detection method? a. radio frequency b. moisture c. magnetism d. infrared
b. moisture
Where does a web-based computer store user files? a. on its hard disk drive b. on the Internet c. on a microSD card d. on a Type II PC card
b. on the Internet
*Each of the following is a successive layer in which information security is achieved except ______? a. products b. purposes c. procedures d. people
b. purposes Procedures tell people how to use products
Which malware locks up a user's computer and then displays a message that purports to come from a law enforcement agency? a. virus b. ransomware c. worm d. Trojan
b. ransomware
Which statement regarding keylogger is not true? a. hardware keyloggers are installed between the keyboard connector and computer keyboard USB port b. software keyloggers are easy to detect c. keyloggers can be used to capture passwords, credit card numbers, etc. d. software keyloggers can be designed to send captured information automatically to the attacker through the internet
b. software keyloggers are easy to detect
Which of these is a general term used for describing software that gathers information without the user's consent? a. adware b. spyware c. scrapeware d. pullware
b. spyware
Each of these is an entry in a firewall log that should be investigated EXCEPT . a. IP addresses that are being rejected and dropped b. successful logins c. suspicious outbound connections d. IP addresses that are being rejected and dropped
b. successful logins
Which of these is NOT a reason why securing server-side web application is difficult? a. although traditional network security devices can block traditional network attacks, they cannot always block web application attacks. b. the processors on clients are smaller than on web servers and thus they are easier to defend. c. many web application attacks exploit previously unknown vulnerabilities. d. by design dynamic server-side web applications accept user input that can contain malicious code.
b. the processors on clients are smaller than on web servers and thus they are easier to defend.
What is the basis of an SQL injection attack? a. to have the SQL server attack client web browsers b. to inject SQL statements through unfiltered user input c. to expose SQL code so that it can be examined d. to link SQL servers into a botnet
b. to inject SQL statements through unfiltered user input
What is an objective of state sponsored attackers? a. to right a perceived wrong b. to spy on citizens c. sell vulnerabilities to highest bidder d. fortune and fame
b. to spy on citizens
What is it called when a user makes a typing error when entering a URL that takes him to an imposter website? a. URL variance b. typo squatting c. spell scraping d. work hijacking
b. typo squatting
Which of these is a list of approved email senders? a. blacklist b. whitelist c. greylist d. greenlist
b. whitelist
Which of the following is NOT an advantage to an automated patch update service? a. Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs. b. Downloading patches from a local server instead of using the vendor's online update service can save bandwidth and time because each computer does not have to connect to an external server. c. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service. d. Specific types of updates that the organization does not test, such as hotfixes, can be automatically installed whenever they become available.
c. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service.
Which of the following is NOT a security concern of virtualized environments? a. Virtual machines must be protected from both the outside world and also from other virtual machines on the same physical computer. b. Physical security appliances are not always designed to protect virtual systems. c. Virtual servers are less expensive than their physical counterparts. d. Live migration can immediately move one virtualized server to another hypervisor.
c. Virtual servers are less expensive than their physical counterparts.
What is unique about a cross-site scripting (XSS) attack compared to other injection attacks? a. SQL code is used in an XSS attack b. XSS required the use of a browser c. XSS does not attack the web application server to steal or corrupt its information d. XSS attacks are rarely used anymore compared to other injection attacks
c. XSS does not attack the web application server to steal or corrupt its information Cross Site Scripting (XSS) is the process of addition of malicious code to a genuine website to gather user's information with a malicious intent. XSS attacks are possible through security vulnerabilities found in Web applications and are commonly exploited by injecting a client-side script.
What type of controls are the proce4sses for developing and ensuring that policies and procedures are carried out? a. technical controls b. active controls c. administrative controls d. policy controls
c. administrative controls
______ ensures that individuals are who they say they claim to be. a. demonstration b. accounting c. authentication d. certification
c. authentication
While creating the requirements for an upcoming project, the data owner classifies the data as: Critical to the success of the project Publicly available Available 85% of the time Full backups each day Which of the following security goals is MOST important for this project? a. confidentiality b. integrity c. availability d. redundancy
c. availability
A(n) is a published set of rules that govern the operation of a PKI. a. enforcement certificate (EF) b. certificate practice statement (CPS) c. certificate policy (CP) d. signature resource guide (SRG) P.244
c. certificate policy (CP)
The strongest technology that would assure Alice that Bob is the sender of a message is a(n) . a. digital signature b. encrypted signature c. digital certificate d. digest
c. digital certificate
The primary design of a(n) ______ is to capture the transmissions from legitimate users. a. rogue access point b. WEP c. evil twin d. Bluetooth grabber
c. evil twin
What is the highest degree of Port SecurityWhich secure feature does a load balancer NOT provide? a. hide HTTP error pages b. remove server identification headers from HTTP responses c. filter packets based on protocol settings d. block denial-of-service (DoS) attacks
c. filter packets based on protocol settings
Which type of device log contains the most beneficial security data? a. email log b. switch log c. firewall log d. router log
c. firewall log
Which of the following is an attempt to influence a user by coercion? a. authority b. social proof c. intimidation d. familiarity
c. intimidation
An example of blank is not revealing the type of computer, operating system, software, and network connection a computer uses. a. layering b. diversity c. obscurity d. limiting
c. obscurity Nobody is being informed. Limiting would be used if only certain people were being told or certain information was given but if nothing is being revealed then it's obscurity.
Each optional feature is found on most mobile devices EXCEPT . a. digital camera b. microphone c. operating system d. removable storage media
c. operating system
What do attackers use buffer overflows to do? a. erase buffer overflow signatures files b. corrupt the kernel so the computer cannot reboot c. point to another area in data memory that contains the attacker's malware code d. place a virus into the kernel
c. point to another area in data memory that contains the attacker's malware code
A(n) ___________ intercepts internal user requests and then processes those requests on behalf of the users. a. content filter b. host detection server c. proxy server d. intrusion prevention device
c. proxy server
Which type of cloud is offered to all users? a. hybrid cloud b. private cloud c. public cloud d. community cloud
c. public cloud
Which of the following is NOT an activity phase control? a. compensating control b. detective control c. resource control d. deterrent control
c. resource control
In order to ensure a secure cryptographic connection between a web browser and a web server, a(n) would be used. a. web digital certificate b. email web certificate c. server digital certificate d. personal digital certificate
c. server digital certificate
Each of the following can be classified as an insider except? a. business partners b. contractors c. stockholders d. employees
c. stockholders
DNS poisoning _________. a. floods a DNS server with requests until it can no longer respond b. is rarely found today due to the use of host tables c. substitutes DNS addresses so that the computer is automatically redirected to another device d. is the same as ARP poisoning
c. substitutes DNS addresses so that the computer is automatically redirected to another device
_______ is following an authorized person through a secure door. a. tagging b. backpacking c. tailgating d. caboosing
c. tailgating
What is the difference between a hactivist and a cyberterrorist? a. a hactivist is motivated by ideology while a cyberterrorist is not b. cyberterrorists always work in groups while hactivists work alone c. the aim of a hactivist is not to incite panic like cyberterrorists d. cyberterrorists are better funded than hactivists
c. the aim of a hactivists is not to incite panic like cyberterrorists
Why can brokers command a high price for what they sell? a. brokers are licensed professionals b. the attack targets are always wealthy corporations c. the vulnerability was previously unknown and is unlikely to be patched quickly d. brokers work in teams and all the members must be compensated
c. the vulnerability was previously unknown and unlikely to be patched quickly
The _____-party trust model supports CA. a. first b. second c. third d. fourth
c. third
What is a cookie that was not created by the website being viewed called? a. first-party cookie b. second-party cookie c. third-party cookie d. fourth-party cookie
c. third-party cookie
Digital certificates can be used for each of these EXCEPT . a. to encrypt channels to provide secure communication between clients and servers b. to verify the identity of clients and servers on the Web c. to verify the authenticity of the Registration Authorizer d. to encrypt messages for secure email communications
c. to verify the authenticity of the Registration Authorizer
What kind of attack is performed by an attacker who takes advantage of the inadvertent and unauthorized access built through three succeeding systems that all trust one another? a. privilege rights b. heap spray c. transitive d. vertical escalation
c. transitive
A ____ requires a user to transport it from one computer to another. a. worm b. rootkit c. virus d. adware
c. virus
Example of access control list involving cadre
cadre stairwell
Which phrase describes the term security in a general sense? a. protection from only direct actions b. using reverse attack vectors (RAB) for protection c. only available on hardened computers and systems d. the necessary steps to protect a person or properties from harm
d. the necessary steps to protect a person or properties from harm
A digital certificate associates . a. a user's private key with the public key b. a private key with a digital signature c. a user's public key with his private key d. the user's identity with his public
d. the user's identity with his public
An organization has received a small number of reports from external customers stating that when accessing the organization's website, the antivirus application on the computer system sends an alert. The majority of other users do not have access issues. The web administrator has ensured that the web servers do not process any malware, but the network team does not detect network connectivity at the times listed on the reports. Which of the following is the most likely reason for these reports? a. impersonation b. tailgating c. hoaxes d. typo squatting
d. typo squatting
A watering hole attack is directed against ___. a. wealthy individuals b. attackers who send spam c. all users of a large corporation d. users who access a common website
d. users who access a common website
_____ send phishing messages only to wealthy individuals. a. spear phishing b. target phishing c. microing d. whaling
d. whaling