CH.27 Security

Passive social engineering

- Eavesdropping - Dumpster Diving - Tailgaiting

Active Social Engineering

- phone phising - email phishing

Email and anti-spam filtering

A company has chosen a UTM instead of an IDS or IPS appliance to protect their network. Which of the following UTM security features is not available with an IDS or IPS?

Cookie

A file saved on your hard drive that tracks website preferences and use.

man-in-the-middle attack

A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently.

Zombie/botnet

A large number of compromised computers are infected with malware that allows an attacker (herder) to control them to spread email spam and launch denial-of-service attacks. Which of the following does this security threat describe?

Point-to-Point Tunneling Protocol (PPTP)

A protocol that works with PPP to provide a secure data link between computers using encryption.

A cable lock

A public library has purchased a new laptop computer to replace their older desktop computers and is concerned that they are vulnerable to theft. Which of the following laptop features should be used to physically secure the laptop?

Spoofing

A router on the border of your network receives a packet with a source address that shows it originating from a client on the internal network. However, the packet was received on the router's external interface, which means it originated somewhere on the Internet. Which of the following BEST describes the type of attack which as occurred in this scenario?

Principle of Least Privilege

A security discipline that requires that a particular user, system, or application be given no more privilege than necessary to perform its function or job.

Set a password expiration period

Anna, a home office user, employs a technician to check the security on a computer that was hacked. The technician discovers that the user's password is the name of Anna's dog and hasn't been changed in over a year. Which of the following security best practices should the technician recommend?

Proxy Server

An after-school care center allows children to browse the internet. They want to limit the websites that the children can access. Which of the following network hosts would MOST likely provide this service?

Session Hijacking

An attack in which an attacker attempts to impersonate the user by using his session token in order to steal information

Key Fob

An employee working from home accesses the company network using a VPN connection. When connecting, the employee is prompted for a PIN that changes at predetermined intervals. Which of the following will the employee MOST likely use to obtain the PIN?

ClamAV

An open source antivirus engine sponsored and maintained by Cisco and non-Cisco engineers. This is mainly used on linux distributions

USB Lock

makes it harder to plug in removable media with potentially malicious software and infect computer system

Privacy screens

makes screen unreadable to others that are shoulder surfing next to you

Group Policy

makes sure every user has access to their certain group permissions, these can be updated by the network administrator

Popups / Drive by downloads

malicious downloads disguised as windows alerts

Spyware

malicious software generally bundled with legitimate software that captures keystrokes, steals passwords, and other malicious activity.

Data Destruction

malicious users will purposely delete files or modify database information

Administrative Access

minimize the amount of people who have full control and can cause potential accidental harm to a system

Zombie nets

most common use of botnets is sending spam to mass amounts of people and attacking companies and governments by using all the bandwidth allocated by those bots.

Environmental Threats

natural disasters such as hurricanes, thunder storms, and bad electricity can cause harm by power surging computer parts

unauthorized access

person accesses resources without permission and causes unwanted changed such as defacing, deletion, and corruption

Spoofing

pretending to be someone or something else by placing false information into the flow of packets within the network

Malware

program or code that's designed to do damaging effects on a computer system or network

Rootkit

program that takes advantage of very low level operating system functions from all malware scanning tools.

SSL

protocol to manage the security of the website by encrypting the data exchanged in that site

Keylogger

records a users keystrokes and makes that information available to the programmer who owns the logger over the internet.

Full Disk Data Encryption

scrambles data even when hard disks are removed from the main machine and transferred into another one for recovery

Shoulder Surfing

technique for gaining unauthorized access to credentials by peering over someones shoulders as they type on keyboard

spear phising

term used for targeted attacks when a hacker goes after a specific person

brute force attack

the password cracker tries every possible combination of characters

Social Engineering

the process of manipulating people inside the organization to gain access to its network or facilities

Guest Account

this account should be disabled because it allows pass-wordless access to a computer

BIOS/UEFI Password

this should be setup in order to prevent malicious users from harming hardware through CMOS utilities

spam

unsolicited emails that ask for personal information or phishing for information

Boot password

used to evaluate intruders attempting to boot from a certain disk

Facial Recognition

users show their face and the smart device is unlocked , this medium is popularized in smart phones

Action / Security Center

windows OS will notify of problems in this applet

Commercial Licensing

you have to pay money to access the software and agree to abide by the (EULA) End User License Agreement of that specific hardware

Dumpster Diving

going through a companies trash in order to find out sensitive information on the target company

Stop the attack and contain the damage by disconnecting the system from the network.

A security incident is currently occurring on the company network. You discover that the attack involves a computer system that is attached to the network. You're unsure what kind of damage is being done to the network systems or data. Which of the following actions should you take FIRST?

Change default SSID name

A small business named Widgets, Inc. has hired you to evaluate their wireless network security practices. As you analyze their facility, you note the following using a wireless network locator device: -They use an 802.11n wireless network -The wireless network is broadcasting the SSID Linksys - They use omnidirectional antenna's What do you reccomend they do better

Principle of least privilege

A technician assists Joe, an employee in the sales department who needs access to the client database, by granting him administrator privileges. Later, Joe discovers he has access to the salaries in the payroll database. Which of the following security practices was violated?

Document what's on the screen

A technician was able to stop a security attack on a user's computer. When conducting a forensic investigation, which of the following actions should be performed FIRST?

She has enabled Num Lock, causing numbers to be sent from the keyboard instead of letters.

A user is trying to log into her notebook computer. She enters the correct password for her user account, but the system won't let her authenticate, claiming the wrong password has been entered. Which of the following is MOST likely causing the problem?

stealth virus

A virus that temporarily erases its code from the files where it resides and hides in the active memory of the computer.

Alice's email account was hijacked.

Alice has received several calls from her friends informing her that they are receiving strange emails containing content that seems odd coming from her. Which of the following MOST likely happened on Alice's computer?

Anti-spam

Bob calls and complains that he has suddenly started getting a lot of unwanted email. Which of the following is the BEST type of software to install to help solve Bob's problem?

Lock down system method

Chain down hardware to prevent someone from walking away with machine that is attached

Privacy Filter

During an airline flight, a laptop user makes last-minute changes to a presentation that contains sensitive company information. Which of the following would make it difficult for other passengers to view this information on the laptop display?

Install antivirus software on every computer. Set up the software to update the definitions and engine automatically. Set up the software to scan regularly. Educate the users about sites and downloads to avoid.

Edna wants to put a policy in place at her company to prevent or at least limit viruses. What policies would offer the best solution?

Biometric locks

Employees currently access a data center using RFID badges. The company is concerned that an unauthorized person could gain access using a lost or stolen badge. Which of the following could be implemented to increase the physical security?

Disable autorun

Employees in a small business have a habit of transferring files between computers using a USB flash drive and often bring in files from outside the company. Recently, a computer was infected with malware from a USB flash drive even though the employee did not access any files. Which of the following options would prevent this issue in the future?

physical theft

harm of malicious users wanting to steal or damage equipment

ClamTK

GUI version of ClamAV antivirus used on linux distributions

IPSec

Internet Protocol Security. Used to encrypt traffic on the wire and can operate in both tunnel mode and transport mode. It uses tunnel mode for VPN traffic.___ is built into IPv6, but can also work with IPv4 and it includes both AH and ESP..

System Crash/Hardware Failure

keep data source by providing redundancy in operating system hard drives in order to secure data from hardware failure

RJ45 Lock

limits ability for malicious intent to enter computer network through switch interface

Phishing

Joe, a user, receives an email from a popular video streaming website. The email urges him to renew his membership. The message appears official, but Joe has never had a membership before. When Joe looks closer, he discovers that a hyperlink in the email points to a suspicious URL. Which of the following security threats does this describe?

Social Engineering

Joe, an executive, receives an email that appears to be from the financial institution that provides his company credit card. The text of the email includes Joe's name and the company name and states that there is a problem with Joe's credit card. The email provides a link to verify the credit card, but when Joe hovers over the link, he thinks the web address seems strange. Which of the following BEST describes this type of attack?

Tailgaiting

John dressed up in a fake security guard uniform matching the ones used by a company and then walked into the company's headquarters with some legitimate employees in an attempt to gain access to company resources. What kind of attack is this?

Configure the device to remote wipe as soon as it is reported lost.

Jose, a medical doctor, has a mobile device that contains sensitive patient information. He is concerned about unauthorized access to the data if the device is lost or stolen. Which of the following is the BEST option to prevent this from happening?

Dusty Air

Keep computers out of areas with ___ in order to prevent corrosion within the internal components from dust and debris built up within the fan systems

Lock down system method

Lock doors that enter into area with accessible computers

Disable the Guest account.

One of the Windows workstations you manage has four user accounts defined on it. Two of the users are limited users while the third (your account) is an administrative user. The fourth account is the Guest user account, which has been enabled to allow management employees convenient workstation access. Each limited and administrative user has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. Autorun has been disabled on the system. Which of the following actions is MOST likely to increase the security of this system?

Server locks

limits access to server blades by encasing server within metal physical shield panels

Trusted Platform Module (TPM)

Which of the following components is a special hardware chip included on the computer motherboard that contains software in firmware that generates and stores cryptographic keys?

open source

Software that can be freely used, changed, and shared (in modified or unmodified form) by anyone.

wireless

Which of the following forms of networking is highly susceptible to eavesdropping (data interception) and must be secured accordingly?

Phishing

Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through emails or websites that impersonate an online entity that the victim trusts, such as a financial institution or well-known e-commerce site?

compliance

The first day on the job, Jill received a spreadsheet that listed approved software for users and clear instructions not to allow any unapproved software. What kind of policy must she follow?

mantrap

double layer of physical security where an inner door must open when an outer door is closed, this is used to combat tailgating techniques

Power threat

electronics being destroyed or damaged by electrical surges when connected to an electrical outlet

Give employees awareness training

What is the best countermeasure against social engineering?

Virus

What is the common name for a program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found?

Near a window

What is the least secure place to locate an omnidirectional access point when creating a wireless network?

Social Engineering

What is the process for using or manipulating people to gain access to network resources?

Local Security Policy

What tool would you use to enable auditing on a local level?

TuxP3nguinsRn0v3l

Which are examples of a strong password?

Port forwarding

Which hardware firewall feature enables incoming traffic on a specific port to reach an IP address on the LAN?

Disable SSID broadcast

Which of the following measures will make your wireless network less visible to the casual attacker?

Smart Cards

Which of the following might offer good hardware authentication?

EFS

Which of the following security solutions would prevent a user from reading a file which she did not create?

Local Security Policy

Which of the following tools would enable you to stop a user from logging on to a local machine but still enable him to log on to the domain?

WPA2

Which of these choices would provide better security for Mary's Wi-Fi router?

Trusted Platform Module (TPM)

Which security measure can be used to generate and store cryptographic keys?

fingerprint

Which type of biometric authentication uses the ridges of your skin?

Run a full system scan using the anti-malware software installed on your system.

While browsing the internet, a pop-up browser window is displayed warning you that your system is infected with a virus. You are directed to click a link to remove the virus. Which of the following are the next BEST actions to take?

Adware

While browsing the internet, you notice that your browser displays pop-ups containing advertisements that are related to recent keyword searches you have performed. What is this an example of?

You should use disk wiping software to fully erase the drives.

You are responsible for disposing of several old workstations formerly used by accountants in your organization's Finance department. Before being shipped to a computer recycler, you decide to make sure any old data on the hard drives is erased. To do this, you use the Windows XP Installation CDs that came with these systems to delete all partitions from the hard drives. Which of the following BEST describes state of these systems?

It has been moved to a folder on your computer.

You have installed anti-malware software that checks for viruses in e-mail attachments. You configure the software to quarantine any files with problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software. Which of the following BEST describes what happened to the file?

Physically destroy the hard drives with a hammer

You have purchased new computers and will be disposing of your old computers. These computers were previously used for storing highly-sensitive customer order information, including credit card numbers. To properly protect the accidental discovery of the company's sensitive information, which of the following steps MUST be completed prior to getting rid of the computers?

Disable all USB ports in the BIOS/UEFI firmware configuration

You provide desktop support at the branch office of a bank. One of the Windows workstations you manage is used by a bank employee to set up new customer accounts and fill out customer loan applications. Each user account on the system has been assigned a strong password. A cable lock has been installed to prevent it from being stolen. Which of the following steps could be completed to BEST increase the security of this system?

Disable the optical drive

You provide desktop support at the branch office of a bank. One of the Windows workstations you manage is used by a bank employee to set up new customer accounts and fill out customer loan applications. Each user account on the system has been assigned a strong password. A cable lock has been installed to prevent it from being stolen. Which of the following steps could be completed to BEST increase the security of this system?

BitLocker

You want a security solution that protects the entire hard drive, preventing access even when it is moved to another system. Which of the following is the BEST method for achieving your goals?

Open the firewall port for the Remote Desktop protocol.

You want to be able to access your home computer using Remote Desktop while traveling. You enable Remote Desktop, but you find that you cannot access your computer outside of your home network. Which of the following is the BEST solution to your problem?

Configure a user password in the BIOS/UEFI.

You want to configure your computer so that a password is required before the operating system will load. What should you do?

PPTP

You want to use a protocol that can encapsulate other LAN protocols and carry the data securely over an IP network. Which of the following protocols is suitable for this task?

Changing the default administrative password

You've just finished installing a wireless access point for a client. Which action best protects the access point from unauthorized tampering with its configuration settings?

Boot into Safe Mode and try removing the malware.

Your anti-malware software has detected a virus on your Windows 10 system. However, the anti-malware software is unable to remove it. When you try to delete the files, you can't because they are in use. Which of the following actions would be BEST to try first?

Ransomware

encrypts all the data on a harddrive and does not uninstall until the user pays a certain amount of money (often in bitcoin)

Tailgaiting

following someone when they open a door or authorized access area without them knowing

installed a Trojan horse

Zander downloaded a game off the Internet and installed it, but as soon as he started to play, he got a Blue Screen of Death. Upon rebooting, he discovered that his Documents folder had been erased. What happened?

Retinal Scanner

a device that scans the retina of a person in order to authenticate access, not a common form of authentication used in the field

Rogue antivirus software

a disguised trojan horse that acts like an anti-virus but in reality continuously infects your computer

virus

a program that exists only through hard disk spaces such as thumb drives or optical media, it's only objectives are to replicate and activate, activation permeates through corruption or stealing private information

Trojan Horse

a program that pretends to do one thing such as a game or web browser but then does malicious shit behind the scenes, installed ____ do not replicate

worm

a virus that spreads through a network and can replicate on it's own by scanning the network for other vulnerable systems

phishing

act of trying to get people to give their user names, passwords, or other security information by pretending to be someone else electronically

MAC filtering

allows network to only allow white listed mac addresses in order to increase overall security measures

Avast & Malwarebytes

anti malware software often used on Mac OS

closed source

any proprietary software licensed under exclusive legal right of the copyright holder or manufacturer, and cannot be modified by any other person outside of legal jurisdiction

Software Token

application that automatically provides security tokens to be entered at login, an example of this is steam guard

Telephone scam

attacker makes a phone call to someone within the organization to gain information using social engineering

Zero Day Attacks

attacks and vulnerabilities that are exploited as OS updates or software updates are released

Distributed Denial of Service (DDoS)

attacks that use many machines simultaneously to assault a system, typically through the form of overloading internet packets to one specific router

polymorphic virus

attempts to change its signature in order to prevent detection by antivirus programs

Packet filtering

blocks certain outgoing and incoming connections

application filtering

blocks connections based on certain categories

Security Token

devices that store some unique information that the user carries on their person, an example of this is a key fob

Autorun

disabling this is a best practice because it a user plugs in a usb device containing malware the computer will use ___ to play the potentially harmful content

Non Commercial Licensing

free to use for personal use, linux operating system is a great example of non commercial licensing