Google IT Support Professional Certificate: IT Security: Defense against the digital dark arts. Week 5

Integrity

-keeping our data accurate and untampered with

Confidentiality

-keeping the data you have hidden from unwanted eyes Examples: -passwords

Risk

possibility of suffering a loss in the event of an attack on the system

Which of the following result from a denial-of-service attack? Check all that apply.

service unreachable slow network performance; A denial-of-service attack is meant to prevent legitimate traffic from reaching a service. This is usually done by flooding the victim with attack traffic, degrading network and system performance, and rendering services unreachable.

A strong password is a good step towards good security, but what else is recommended to secure authentication? A) Password rotation B) Strong encryption C) Vulnerability scanning D) 2-factor authentication

2-factor authentication

Vulnerability

A flaw in the system that could be exploited to compromise the system

What is the CIA triad?

A guiding principle to help develop security policies in the workplace and at home.

Authorization is concerned with determining ______ to resources. Identity Validity Eligibility Access

Access

A(n) _____ defines permissions or authorizations for objects. Network Access Server Access Control Entries Extensible Authentication Protocol Access Control List

Access Control List

A network admin deployed a Terminal Access Controller Access Control System Plus (TACACS+) system so other admins can properly manage multiple switches and routers on the local area network (LAN). The system will keep track and log admin access to each device and the changes made. This "logging" satisfies which part of the three As of security? Authentication Administration Accounting Authorization

Accounting

Which of the following is true of a DDoS attack?

Attack traffic comes from lots of different hosts; The "Distributed" in DDoS means that the attack traffic is distributed across a large number of hosts, resulting in the attack coming from many different machines.

Your company wants to establish good privacy practices in the workplace so that employee and customer data is properly protected. Well-established and defined privacy policies are in place, but they also need to be enforced. What are some ways to enforce these privacy policies? Check all that apply. A) VPN connection B) Print customer information C) Audit access logs D) Lease privilege

Audit access logs Lease privilege

Authn is short for ________. Authoritarian Authored Authentication Authorization

Authentication

In the three As of security, what is the process of proving who you claim to be? Authorization Authored Accounting Authentication

Authentication

Authz is short for ________. Authoritarian Authentication Authored Authorization

Authorization

In the three As of security, which part pertains to describing what the user account does or doesn't have access to? Accounting Authorization Authentication Accessibility

Authorization

The authentication server is to authentication as the ticket granting service is to _______. Integrity Identification Verification Authorization

Authorization

Your bank set up multifactor authentication to access your account online. You know your password. What other factor combined with your password qualifies for multifactor authentication? Check all that apply. Passphrase PIN Fingerprint Bank card

Bank card Fingerprint

Which of these is true of blackhat and whitehat hackers?

Blackhats are malicious. Whitehats exploit weakness to help mitigate threats; Blackhat hackers are trying to break into a system and do something malicious. Whitehats try to find weaknesses before the bad guy does, and reports them to get fixed.

Periodic mandatory security training courses can be given to employees in what way? Check all that apply. A) Interoffice memos B) One-on-one interviews C) Brief quiz D) Short Video

Brief quiz Short Video

An organization needs to setup a(n) _____ infrastructure to issue and sign client certificates. CRL LDAP ID CA

CA

What are some behaviors you should encourage in order to build a security-conscious culture? A) Checking website URLs when authenticating B) Shaming people who haven't done a good job of ensuring your company's security C) Asking security-related questions D) Locking your screen

Checking website URLs when authenticating Asking security-related questions Locking your screen

A company is utilizing Google Business applications for the marketing department. These applications should be able to temporarily access a user's email account to send links for review. Why should the company use Open Authorization (OAuth) in this situation? Compatibility with third party apps Gain access through a wireless access point Utilize a Key Distribution Center server Administer multiple network devices

Compatibility with third party apps

What does CIA stand for?

Confidentiality, Integrity, Availability

Beyond restoring normal operations and data, what else should be done during the recovery phase? A) Assign blame for the incident B) Take systems offline C) Correct the underlying root cause D) Update documentation

Correct the underlying root cause

What type of attack can a hacker perform that involves injecting malicious code into a website to hijack a session cookie?

Cross-site Scripting (XSS); XSS (Cross-site Scripting) is an injection attack where the attacker inserts malicious script into a website to achieve session hijacking.

An attacker could redirect your browser to a fake website login page using what kind of attack?

DNS cache poisoning attack; A DNS cache poisoning attack would allow an attacker to redirect your requests for websites to a server they control.

A Lightweight Directory Access Protocol (LDAP) uses a _____ structure to hold directory objects. Organizational Unit Distinguished Name Data Information Tree Bind

Data Information Tree

A(n) _____ attack is meant to prevent legitimate traffic from reaching a service. DNS Cache poisoning Password Injection Denial of Service

Denial of Service

A network-based attack where one attacking machine overwhelms a target with traffic is a(n) _______ attack.

Denial of Service; This is a classic denial-of-service attack. Note that this is not a distributed denial-of-service attack, as the attack traffic is coming from a single source and not distributed over many attacking hosts

Multiple client switches and routers have been set up at a small military base. The network team decided to implement Terminal Access Controller Access-Control System Plus (TACACS+), along with Kerberos, and an external Lightweight Directory Access Protocol (LDAP) service. What is the primary reason TACACS+ was chosen for this? Device administration NIPRNet Single Sign-On Network access

Device administration

Which of these is where a victim connects to a network that the victim thinks is legitimate, but is really an identical network controlled by a hacker to monitor traffic?

Evil Twin; The premise of an Evil Twin is for the victim to connect to a network that is identical to a legit one, but it is actually controlled by a hacker.

Access control entries can be created for what types of file system objects? Check all that apply. APIs Folders Files Programs

Folders Files Programs

Authentication is concerned with determining _______. Validity Access Eligibility Identity

Identity

What are the characteristics of a rootkit? Check all that apply.

Is difficult to detect; A rootkit is designed to provide administrator-level access to a third party without the system owner's knowledge. Given this, rootkits are usually designed to avoid detection and can be difficult to detect. provides elevated credentials; A rootkit is designed to provide administrator-level access to a third party without the system owner's knowledge. Given this, rootkits are usually designed to avoid detection and can be difficult to detect.

Why is a DNS cache poisoning attack dangerous? Check all that apply.

It affects any clients querying the poisoned DNS server it allows an attacker to redirect targets to malicious web servers; By inserting fake DNS records into a DNS server's cache, every client that queries this record will be served the fake information. This allows an attacker to redirect clients to a web server of their choosing.

Which of these are examples of a Single Sign-On (SSO) service? Check all that apply. Relying Parties Tokens Kerberos OpenID

Kerberos OpenID

What is the first step in performing a security risk assessment? A) Vulnerability scanning B) Logs analysis C) Penetration Testing D) Threat modeling

Logs analysis

Trojan Horse

Malware that disguises itself as one thing but does something else. User has to execute it.

The practice of tricking someone into providing information they shouldn't is called ________. Brute force attacks Eavesdropping Social Engineering Man-in-the-middle attacks

Man-in-the-middle attacks; Not quite. Please refer back to the "Other Attacks" lesson for a refresher.

What could potentially decrease the availability of security and also test the preparedness of data loss?

Ransomware; Ransomware could prevent access to your data by holding the data hostage until you pay a ransom.

Which of these passwords is the strongest for authenticating to a system? P@55w0rd! P@ssword! Password! P@w04d!$$L0N6

P@w04d!$$L0N6

___ is the practice of attempting to break into a system or network for the purpose of verification of systems in place. A) Network probing B) Vulnerability scanning C) Security assessment D) Penetration testing

Penetration testing

Security Keys are more ideal than OTP generators because they're resistant to _______ attacks. DDoS Password Phishing Brute force

Phishing

Management wants to build a culture where employees keep security in mind. Employees should be able to access information freely and provide feedback or suggestions without worry. Which of these are great ideas for this type of culture? Check all that apply. A) Desktop monitoring software B) Designated mailing list C) Bring your own device D) Posters promoting good security behavior

Posters promoting good security behavior

Security Keys utilize a secure challenge-and-response authentication system, which is based on ________. Shared secrets Public key cryptography Steganography Symmetric encryption

Public key cryptography

Which of these are examples of security tools that can scan computer systems and networks for vulnerabilities? Check all that apply. A) Qualys B) OpenVAS C) Wireshark D) Nessus

Qualys OpenVAS Nessus

Which of these are examples of "something you have" for multifactor authentication? Check all that apply.

RSA / Ping / OTP

What are the benefits of using a Single Sign-On (SSO) authentication service? Check all that apply. Reduce overhead of password assistance Reduce likelihood of passwords being written down One set of credentials for the user Reduce time spent on re-authenticating to services

Reduce overhead of password assistance Reduce likelihood of passwords being written down One set of credentials for the user Reduce time spent on re-authenticating to services

What characteristics are used to assess the severity of found vulnerabilities? Check all that apply. A) Remotely exploitable or not B) Use of encryption or not C) Type of access granted D) Chance of exploitation

Remotely exploitable or not Chance of exploitation

The incident response team found malware on several user workstations. Trying to remove the malware infection is becoming time consuming. There is important data on the workstations. Which of these actions will recover the workstations back to a malware-free state? Check all that apply. A) Replace the hard drive B) Restore file from backup C) Rebuild the machine D) Replace network cable

Restore file from backup Rebuild the machine

If a hacker targets a vulnerable website by running commands that delete the website's data in its database, what type of attack did the hacker perform?

SQL injection; A SQL injection targets an entire website if the site uses a SQL database. If vulnerable, hackers can run SQL commands that allow them to delete web data, copy it, and run other malicious commands.

In addition to the client being authenticated by the server, certificate authentication also provides ______. Authorization Integrity Server authentication Malware protection

Server authentication

A co-worker needs to share a sensitive file with you, but it is too large to send via an encrypted email. The co-worker works out of a remote office. You work at headquarters. Which of these options would most likely be approved by the company's security policies? Check all that apply. A) Upload to a personal Google drive B) Share directly via VPN C) Upload to a personal OneDrive D) Upload to company secure cloud storage

Share directly via VPN Upload to company secure cloud storage

Which of the following are valid multi-factor authentication factors? Check all that apply. Something you know Something you did Something you have Something you are

Something you know Something you have Something you are

What are some ways to combat against email phishing attacks for user passwords? Check all that apply. A) Spam filters B) User education C) Cloud email D) Virtual Private Network

Spam filters User education

A systems administrator is designing a directory architecture to support Linux servers using Lightweight Directory Access Protocol (LDAP). The directory needs to be able to make changes to directory objects securely. Which of these common operations supports these requirements? Search, modify. StartTLS, delete. Bind, modify. Bind, add.

StartTLS, delete.

Which of these are examples of an access control system? Check all that apply. TACACS+ OAuth OpenID RADIUS

TACACS+ OAuth RADIUS

Security risk assessment starts with A) Outside attackers B) Attack impact C) Threat modeling D) Payment processing

Threat modeling

What is used to request access to services in the Kerberos process? Client ID Client-to-Server ticket TGS session key Ticket Granting Ticket

Ticket Granting Ticket

Kerberos enforces strict _____ requirements, otherwise authentication will fail. Time NTP Strong password AES

Time

The two types of one-time-password tokens are ______ and ______. Check all that apply. Time-based Identity-based Counter-based Password-based

Time-based Counter-based

What does a Terminal Access Controller Access Control System Plus (TACACS+) keep track of? Check all that apply. Track user authentication Commands that were ran Systems users authenticated to Bandwidth and resource usage

Track user authentication Commands that were ran Systems users authenticated to

What risk are you exposing your organization to when you contract services from a third party? A) DDoS attacks B) Zero-day vulnerabilties C) Trusting the third party's security D) Man-in-the-middle attacks

Trusting the third party's security

A company wants to restrict access to sensitive data. Only those who have a "need to know" will have access to this data. Strong access controls need to be implemented. Which of these examples, that don't include user identification, are used for 2-factor authentication? Check all that apply. A) Smart card B) U2F token C) Common Access Card D) Password

U2F token Password

Data handling policies usually forbid the storing of confidential information on which of these devices? Check all that apply. A) USB Sticks B) CD Drives C) Limited access file shares D) Encrypted portable hard drives

USB Sticks CD drives

Google provides free _____, which is a good starting point when assessing third-party vendors. A) Cloud storage B) Mobile phone services C) Vendor security assessment questionnaires D) Business apps

Vendor security assessment questionnaires

A hacker infected your computer to steal your Internet connection and used your machine's resources to mine Bitcoin. What is the name of this kind of attack?

a bot; Malware can use a victim's machine to perform a task controlled by a hacker. At that point, the compromised machine is known as a bot.

An unhappy Systems Administrator wrote a malware program to bring down the company's services after a certain event occurred. What type of malware does this describe?

a logic bomb; A logic bomb is malware that is intentionally triggered by a hacker once a certain event or time has occurred.

Blackhat Hacker

a malicious hacker who attempt to break into systems

An end-user received an email stating his bank account was compromised, and that he needs to click a link to reset his password. When the user visited the site, he recognized it as legitimate and entered his credentials which were captured by a hacker. What type of social engineering attack does this describe?

a phishing attack; Phishing occurs when a hacker sends a victim an email disguised as being legit but isn't. For example, you get an email saying your bank account has been compromised. When you click the link to reset your password, you go to a site that looks like it's your bank's but it's actually a fake website trying to steal your password!

Malware

a type of malicious software that can be used to obtain your sensitive information, or delete or modify files. Most common types include: trojans, rootkits, backdoors, botnets, viruses, worms, adware, and spyware

0-day vulnerability

a vulnerability that is not known to the software developer or vendor but is known to an attacker -Name refers to amount of time developer has to take care of vulnerability

In the CIA Triad, "Integrity" means ensuring that data is:

accurate and was not tampered with; "Integrity," in this context, means ensuring that the data remains intact, uncorrupted, and not tampered with. The data that gets sent is the exact same as the data that gets received.

Attack

an actual attempt at causing harm to a system

What are the dangers of a man-in-the-middle attack? Check all that apply.

an attacker can modify traffic in transit an attacker can block or redirect traffic an attacker can eavesdrop on unencrypted traffic; A man-in-the-middle attack means that the attacker has access to your network traffic. This allows them to eavesdrop, modify traffic in transit, or block traffic entirely. Yikes!

What's the relationship between a vulnerability and an exploit?

an exploit takes advantage of a vulnerability to run arbitrary code or gain access; A vulnerability is a bug or hole in a system. It allows an attacker to gain access by using an exploit, which takes advantage of the vulnerability.

Virus

attach themselves attach to programs and files and replicates itself over and over to spread as far as it can

Whitehat Hacker

attempt to find weaknesses in a system and then alert the owners of the systems

In the CIA Triad, "Availability" means ensuring that data is:

available and people can access it; "Availability," in this context, means ensuring that data and services remain accessible to those who are authorized to access them.

The very first step of handling an incident is _____ the incident. A) understanding B) detecting C) ignoring D) blaming

detecting

True or false: A brute-force attack is more efficient than a dictionary attack.

false; A brute-force attack tries out every possible valid combination of characters to guess the password, while a dictionary attack only tries passwords contained in a dictionary file. This means the dictionary attack is more efficient, since it doesn't generate the passwords and has a smaller number of guesses to attempt.

Worms

like viruses but instead of attaching themselves to spread, worms can live on their own and spread through the network. Example: lovebug email

In the CIA Triad, "Confidentiality" means ensuring that data is:

not accessible by unwanted parties; "Confidentiality," in this context, means preventing unauthorized third parties from gaining access to the data.

Adware

software that displays advertisements and collects data

Exploit

software that is used to take advantage of a security bug or vulnerability

Which of the following scenarios are social engineering attacks? Check all that apply.

someone uses a fake ID to gain access to a restricted area you receive an email with an attachment containing a virus; A malicious spam email is a form of social engineering; the email is designed to trick you into opening a malicious payload contained in the attachment. Using a fake ID to gain entry to somewhere you're not permitted is impersonation, a classic social engineering technique.

Hacker

someone who attempts to break into or exploit a system

After a known good backup has been restored and the known vulnerabilities have been closed, systems should be thoroughly _____. A) tested B) removed C) baselined D) backed up

tested

Availability

the information we have is readily accessible to those people that should have it

Threat

the possibility of danger that could exploit a vulnerability

Which statement is true for both a worm and a virus?

they're self-replicating and self-propagating; Both worms and viruses are capable of spreading themselves using a variety of transmission means.

Kerberos uses _____ as authentication tokens.

tickets

How can you protect against client-side injection attacks? Check all that apply.

use input validation use data sanitization; By checking user-provided input and only allowing certain characters to be valid input, you can avoid injection attacks. You can also use data sanitization, which involves checking user-supplied input that's supposed to contain special characters to ensure they don't result in an injection attack.

The best defense against injection attacks is to ______.

use input validation; Input validation will prevent an attacker from injecting commands using text input fields.

Check all examples of types of malware:

worms adware viruses; These three are all examples of unwanted software that can cause adverse affects to an infected system, which is exactly what malware is