Risk Exam

What is the first line of every BASH script? What happens when the script file does not have execute permissions for the user attempting to run the script?

#! /bin/bash The script will not execute

What is asset criticality? What are the different classes of criticality commonly used to characterize assets?

Criticality described the importance of an asset to the immediate survival of the organization. Assets can be classified into essential, required, and deferrable.

What are firewalls? Write an example firewall rule and describe what the rule does.

A firewall is a form of protection that allows one network to connect to another network while maintaining some amount of protection. block in port 80 from 192.168.0.0/16 - blocks all incoming web requests (port 80) from the 192.168.0.0/ 16 network

Briefly describe the Information Security Model and define the components.

A model for information security includes the core components of information security, shows the relationship of these components to each other, and excludes everything else Information assets: Resource or information to be protected. Vulnerability: Weaknesses in a system that can be exploited. Threat: Capabilities, intentions and attack methods of adversaries to exploit or cause harm to information. control: Safeguards used to minimize the impact of threats.

What is an information security incident? What are the basic steps involved in handling an incident?

A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices Preparation Detection and Analysis Containment, Eradication, and Recovery, and Post-Incident Analysis

Briefly describe the terms Access Control and User Management and their role in information security

Access controls is limiting access to information system resources only to authorized users, programs, processes, or other systems, and establishing what authorized users can do on a system. user management is that defining the rights of organizational members to information in the organization. User management can create / remove user accounts, and Update permissions when users change roles

What is asset characterization? What is asset sensitivity? What are the different classes of sensitivity commonly used to characterize assets?

Assets characterization helps organizations determine which assets' protection and security should be prioritized. Sensitivity refers to the amount of damage to the organization would be caused if the asset's integrity or confidentiality were violated. Common classes of sensitivity levels are restricted and unrestricted.

What is block encryption? What is cipher-block chaining?

Block encryption is the process of converting a plaintext block into an encrypted block. cipher-block chaining is defined as, "information from the previous cipher block while encrypting a cipher block."

What are deep packet inspection firewalls? What additional capabilities do they offer, compared to packet-filtering firewalls?

Deep packet inspection firewalls, according to the textbook, is used to "examine the data carried by a packet, in addition to the protocol headers, to decide how to handle the packet." Data filtered in this packet can be compared against a database of known malicious payloads.

What is incident response policy? What is a disaster? What is disaster recovery? What is business impact analysis?

Description of standard methods used by the organization for handling information Security Incidents. A disaster is a calamitous event that causes great destruction. D Recovery is the process adopted by organizations to bring systems back up and running. Business Impact Analysis is the identification of services and products that are critical to the organization.

What is encryption? What is confusion-diffusion paradigm of cryptography?

Encryption is the cryptographic transformation of data to produce ciphertext. Confusion is making the relationship between the plaintext and ciphertext as complex as possible. In diffusion, however, it is spreading the impact of a change in 1 big of the plaintext to all bits in the ciphertext.

What are environment variables? What are built-in variables? How are they different from environment variables? What should the value of $? be if the last command that was executed completed successfully?

Environmental variables are created automatically when you login or start a new terminal window. The built-in variables provide a wide array of small functions, from reporting on the type of hardware the server is running on to returning the status of the last command issued. The difference between them is that environmental variables are variables that are defined for the current shell and are inherited by any child shells or processes. 0

What is the top of a filesystem hierarchy called? How is it represented in UNIX systems? What is a path? Give the difference between a relative and absolute path?

Filesystem Root is top of the file hierarchy, and represented as a single slash. (/) Path located a file or directory in the hierarchy. Absolute path always start with slash (/). Absolut presents exact location of file or folder being referenced. However, Relative is not start with slash. Relative presents locations of the file or folder in relation to the current directory.

How do HIPAA (the Health Insurance Portability and Accountability Act) and Sarbanes-Oxley act relate to information security?

HIPAA pushed for electronic health records and their confidentiality, SOA pushed for significant investment in internal controls

What are IDS/ IPS? Briefly describe signature-based IDSs, anomaly-based IDSs, and protocol-state-based IDSs

IDS, according to the textbook, "are hardware devices or software applications that monitor IT systems for malicious activity or violations of usage policies established by the system administrator. "Signature-based detection methods compare observed events to a database of signatures to identify possible incidents.anomaly-based detection, is defined as, "the process of detecting deviations between observed events and defined activity patterns. Protocol-based IDS is Aware of allowed operations for a given protocol state. Able to identify unexpected sequences of commands

What is the IT asset lifecycle? What are the stages in the lifecycle?

IT asset lifecycle is "the sequence of stages that an organization's information technology asset goes through during the time span of its ownership". The typical stages include: Plan, Acquire, Deploy, Manage, Retire.

What is reactive monitoring? What is proactive testing? Provide some common reactive monitoring methods and some common proactive testing methods?

Reactive monitoring defects and analysis failures after they have occurred. There are some common reaction monitoring methods including problem notification, analyzing logs after failures. Proactive testing tests a system for specific issues before they occur. There are some common proactive testing methods are vulnerability scanners, penetration testing and recent development.

Describe secret key cryptography, public key cryptography, digital signatures, and hash functions.

Secret key cryptography refers to the method where the same key is used to encrypt and decrypt the message. Public key cryptography is encryption methods that use two keys, one for encryption and another for decryption. Digital Signature is a process that guarantees that the contents of a message have not been altered in transit. Transform input of arbitrary length into outputs of fixed length. Two properties: Unique output for each input. Infinitely many inputs share same output

Briefly describe the following in context of Information Security: Single point of failure Active Directory Domain Controller Group Policies

Single point of failure A single point of failure is a part of the system that, if it stops operating, will cause the entire system to fail as well. Active Directory An active directory provides centralized user management and access control capabilities across all members of the domain. Domain Controller A server that implements the active directory rules within a domain is called a domain controller. Group Policies Windows computers use a feature called group policies, an infrastructure that allows you to implement specific configurations for users and computers, that allow the administrator to set up groups of users and then assign them the same access privileges restrict actions like downloading executable files.

What are the goals of incident analysis? What is containment? What is eradication?

The goal of the analysis is to discover all adverse events that compose the incident in order to properly and effectively manage the next phase of the cycle - containment and eradication. Containment is the act of prevention of expansion of harm. Eradication is the removal of the cause of the adverse event.

What are viruses and worms? What is the primary difference between them?

Viruses and worms are computer programs that get on the network without users' consent and affect computers negatively. a virus has to use other programs to spread, while a worm can spread by itself.

What is shell scripting and what is it used for? What is the important difference between scripting languages and other computer languages?

Writing shell script - a list of commands saved in a text file that we can run by calling the BASH program on the command line. Shell scripts are used for automating processes throughout a Unix system, from starting network services at boot up to configuring the user 's shell environment during login. Shell scripts do not need to be compiled into a binary file to be run, they are converted at run time.

What is a threat? Describe a threat model.

a threat is defined as, "capabilities, intentions and attack methods of adversaries to exploit or cause harm to assets." a threat model as, "interactions between relevant agents, actions and assets

Briefly define the following: brute-force attack 0-day vulnerability cross-site scripting attack (XSS) threat shifting

brute-force attack - In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. 0-day vulnerability - A zero-day vulnerability, at its core, is a flaw. It is an unknown exploit in the wild that exposes a vulnerability in software or hardware and can create complicated problems well before anyone realizes something is wrong. cross-site scripting attack (XSS) - A cross-site scripting attack or an XSS happens when a user-supplied input is used without verification as part of the output served to other users threat shifting - The response of hackers to controls. They change some characteristic of their intent/targeting in order to avoid and/or overcome those safeguards/countermeasures

Given the following ls -l output, what do you know about the ownership and access permissions for the accounting folder? How can you use the chmod command to give write permissions to all members of "accounting_grp" to the "accounting" folder? drwxr-xr--. 2 root accounting_grp 4096 Jan 28 19:07 accounting/

chmod 773 accounting

What are Threat Agents? What are the different types of threat agents?

he individual, organization, or group that originates a particular threat action." There are three types of threat agents: external, internal, and partners

Describe the following vulnerabilities: lack of input validation buffer-overflow unrestricted upload missing authorization

lack of input validation - Lack of input validation means that there are no checks out in place by the system to verify the input of the users. This scenario presents dangerous, for example, it leaves systems open to SQL injection attacks. buffer-overflow - Buffer overflow occurs when more data is being put into a storage location by a program than the location can handle. Such event usually just resulta in a system crash. However, a skilled hacker can leverage such event and steal information. unrestricted upload - Unrestricted uploads occur when there are no mechanisms in place to verify that the files being uploaded adhere to the script specifications. They are dangerous because they provide hackers an opportunity to upload an executable file instead of an image or word document that can then obtain private information. missing authorization - Missing authorization vulnerability refers to a situation in which a user can gain access to restricted information without the program verifying their credentials. This vulnerability is particularly harmful in the banking industry.

Briefly describe the Morris Worm and the Gang of 414's and their impact on information security

the morris worm was meant to measure the size of the internet but ended up bringing down over 10% of the internet due to a feature in it's design. First conviction under the Computer Fraud and Abuse Act. Gang of 414's was a group of teenagers from milwuare that broke into over 60 high profile computer systems. Due to their actions the Computer Fraud and Abuse Act was passed.

What is information security? What is CIA-triad in information security context?

the state of being protected against the unauthorized use of information, especially electronic data, or the measures taken to achieve this. where C stands for confidentiality, I for integrity, and A for availability.

What are the following UNIXs command used for? pwd cd ls rm

you know