CH.27 Security
Passive social engineering
- Eavesdropping - Dumpster Diving - Tailgaiting
Active Social Engineering
- phone phising - email phishing
Email and anti-spam filtering
A company has chosen a UTM instead of an IDS or IPS appliance to protect their network. Which of the following UTM security features is not available with an IDS or IPS?
Cookie
A file saved on your hard drive that tracks website preferences and use.
man-in-the-middle attack
A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently.
Zombie/botnet
A large number of compromised computers are infected with malware that allows an attacker (herder) to control them to spread email spam and launch denial-of-service attacks. Which of the following does this security threat describe?
Point-to-Point Tunneling Protocol (PPTP)
A protocol that works with PPP to provide a secure data link between computers using encryption.
A cable lock
A public library has purchased a new laptop computer to replace their older desktop computers and is concerned that they are vulnerable to theft. Which of the following laptop features should be used to physically secure the laptop?
Spoofing
A router on the border of your network receives a packet with a source address that shows it originating from a client on the internal network. However, the packet was received on the router's external interface, which means it originated somewhere on the Internet. Which of the following BEST describes the type of attack which as occurred in this scenario?
Principle of Least Privilege
A security discipline that requires that a particular user, system, or application be given no more privilege than necessary to perform its function or job.
Set a password expiration period
Anna, a home office user, employs a technician to check the security on a computer that was hacked. The technician discovers that the user's password is the name of Anna's dog and hasn't been changed in over a year. Which of the following security best practices should the technician recommend?
Proxy Server
An after-school care center allows children to browse the internet. They want to limit the websites that the children can access. Which of the following network hosts would MOST likely provide this service?
Session Hijacking
An attack in which an attacker attempts to impersonate the user by using his session token in order to steal information
Key Fob
An employee working from home accesses the company network using a VPN connection. When connecting, the employee is prompted for a PIN that changes at predetermined intervals. Which of the following will the employee MOST likely use to obtain the PIN?
ClamAV
An open source antivirus engine sponsored and maintained by Cisco and non-Cisco engineers. This is mainly used on linux distributions
USB Lock
makes it harder to plug in removable media with potentially malicious software and infect computer system
Privacy screens
makes screen unreadable to others that are shoulder surfing next to you
Group Policy
makes sure every user has access to their certain group permissions, these can be updated by the network administrator
Popups / Drive by downloads
malicious downloads disguised as windows alerts
Spyware
malicious software generally bundled with legitimate software that captures keystrokes, steals passwords, and other malicious activity.
Data Destruction
malicious users will purposely delete files or modify database information
Administrative Access
minimize the amount of people who have full control and can cause potential accidental harm to a system
Zombie nets
most common use of botnets is sending spam to mass amounts of people and attacking companies and governments by using all the bandwidth allocated by those bots.
Environmental Threats
natural disasters such as hurricanes, thunder storms, and bad electricity can cause harm by power surging computer parts
unauthorized access
person accesses resources without permission and causes unwanted changed such as defacing, deletion, and corruption
Spoofing
pretending to be someone or something else by placing false information into the flow of packets within the network
Malware
program or code that's designed to do damaging effects on a computer system or network
Rootkit
program that takes advantage of very low level operating system functions from all malware scanning tools.
SSL
protocol to manage the security of the website by encrypting the data exchanged in that site
Keylogger
records a users keystrokes and makes that information available to the programmer who owns the logger over the internet.
Full Disk Data Encryption
scrambles data even when hard disks are removed from the main machine and transferred into another one for recovery
Shoulder Surfing
technique for gaining unauthorized access to credentials by peering over someones shoulders as they type on keyboard
spear phising
term used for targeted attacks when a hacker goes after a specific person
brute force attack
the password cracker tries every possible combination of characters
Social Engineering
the process of manipulating people inside the organization to gain access to its network or facilities
Guest Account
this account should be disabled because it allows pass-wordless access to a computer
BIOS/UEFI Password
this should be setup in order to prevent malicious users from harming hardware through CMOS utilities
spam
unsolicited emails that ask for personal information or phishing for information
Boot password
used to evaluate intruders attempting to boot from a certain disk
Facial Recognition
users show their face and the smart device is unlocked , this medium is popularized in smart phones
Action / Security Center
windows OS will notify of problems in this applet
Commercial Licensing
you have to pay money to access the software and agree to abide by the (EULA) End User License Agreement of that specific hardware
Dumpster Diving
going through a companies trash in order to find out sensitive information on the target company
Stop the attack and contain the damage by disconnecting the system from the network.
A security incident is currently occurring on the company network. You discover that the attack involves a computer system that is attached to the network. You're unsure what kind of damage is being done to the network systems or data. Which of the following actions should you take FIRST?
Change default SSID name
A small business named Widgets, Inc. has hired you to evaluate their wireless network security practices. As you analyze their facility, you note the following using a wireless network locator device: -They use an 802.11n wireless network -The wireless network is broadcasting the SSID Linksys - They use omnidirectional antenna's What do you reccomend they do better
Principle of least privilege
A technician assists Joe, an employee in the sales department who needs access to the client database, by granting him administrator privileges. Later, Joe discovers he has access to the salaries in the payroll database. Which of the following security practices was violated?
Document what's on the screen
A technician was able to stop a security attack on a user's computer. When conducting a forensic investigation, which of the following actions should be performed FIRST?
She has enabled Num Lock, causing numbers to be sent from the keyboard instead of letters.
A user is trying to log into her notebook computer. She enters the correct password for her user account, but the system won't let her authenticate, claiming the wrong password has been entered. Which of the following is MOST likely causing the problem?
stealth virus
A virus that temporarily erases its code from the files where it resides and hides in the active memory of the computer.
Alice's email account was hijacked.
Alice has received several calls from her friends informing her that they are receiving strange emails containing content that seems odd coming from her. Which of the following MOST likely happened on Alice's computer?
Anti-spam
Bob calls and complains that he has suddenly started getting a lot of unwanted email. Which of the following is the BEST type of software to install to help solve Bob's problem?
Lock down system method
Chain down hardware to prevent someone from walking away with machine that is attached
Privacy Filter
During an airline flight, a laptop user makes last-minute changes to a presentation that contains sensitive company information. Which of the following would make it difficult for other passengers to view this information on the laptop display?
Install antivirus software on every computer. Set up the software to update the definitions and engine automatically. Set up the software to scan regularly. Educate the users about sites and downloads to avoid.
Edna wants to put a policy in place at her company to prevent or at least limit viruses. What policies would offer the best solution?
Biometric locks
Employees currently access a data center using RFID badges. The company is concerned that an unauthorized person could gain access using a lost or stolen badge. Which of the following could be implemented to increase the physical security?
Disable autorun
Employees in a small business have a habit of transferring files between computers using a USB flash drive and often bring in files from outside the company. Recently, a computer was infected with malware from a USB flash drive even though the employee did not access any files. Which of the following options would prevent this issue in the future?
physical theft
harm of malicious users wanting to steal or damage equipment
ClamTK
GUI version of ClamAV antivirus used on linux distributions
IPSec
Internet Protocol Security. Used to encrypt traffic on the wire and can operate in both tunnel mode and transport mode. It uses tunnel mode for VPN traffic.___ is built into IPv6, but can also work with IPv4 and it includes both AH and ESP..
System Crash/Hardware Failure
keep data source by providing redundancy in operating system hard drives in order to secure data from hardware failure
RJ45 Lock
limits ability for malicious intent to enter computer network through switch interface
Phishing
Joe, a user, receives an email from a popular video streaming website. The email urges him to renew his membership. The message appears official, but Joe has never had a membership before. When Joe looks closer, he discovers that a hyperlink in the email points to a suspicious URL. Which of the following security threats does this describe?
Social Engineering
Joe, an executive, receives an email that appears to be from the financial institution that provides his company credit card. The text of the email includes Joe's name and the company name and states that there is a problem with Joe's credit card. The email provides a link to verify the credit card, but when Joe hovers over the link, he thinks the web address seems strange. Which of the following BEST describes this type of attack?
Tailgaiting
John dressed up in a fake security guard uniform matching the ones used by a company and then walked into the company's headquarters with some legitimate employees in an attempt to gain access to company resources. What kind of attack is this?
Configure the device to remote wipe as soon as it is reported lost.
Jose, a medical doctor, has a mobile device that contains sensitive patient information. He is concerned about unauthorized access to the data if the device is lost or stolen. Which of the following is the BEST option to prevent this from happening?
Dusty Air
Keep computers out of areas with ___ in order to prevent corrosion within the internal components from dust and debris built up within the fan systems
Lock down system method
Lock doors that enter into area with accessible computers
Disable the Guest account.
One of the Windows workstations you manage has four user accounts defined on it. Two of the users are limited users while the third (your account) is an administrative user. The fourth account is the Guest user account, which has been enabled to allow management employees convenient workstation access. Each limited and administrative user has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. Autorun has been disabled on the system. Which of the following actions is MOST likely to increase the security of this system?
Server locks
limits access to server blades by encasing server within metal physical shield panels
Trusted Platform Module (TPM)
Which of the following components is a special hardware chip included on the computer motherboard that contains software in firmware that generates and stores cryptographic keys?
open source
Software that can be freely used, changed, and shared (in modified or unmodified form) by anyone.
wireless
Which of the following forms of networking is highly susceptible to eavesdropping (data interception) and must be secured accordingly?
Phishing
Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through emails or websites that impersonate an online entity that the victim trusts, such as a financial institution or well-known e-commerce site?
compliance
The first day on the job, Jill received a spreadsheet that listed approved software for users and clear instructions not to allow any unapproved software. What kind of policy must she follow?
mantrap
double layer of physical security where an inner door must open when an outer door is closed, this is used to combat tailgating techniques
Power threat
electronics being destroyed or damaged by electrical surges when connected to an electrical outlet
Give employees awareness training
What is the best countermeasure against social engineering?
Virus
What is the common name for a program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found?
Near a window
What is the least secure place to locate an omnidirectional access point when creating a wireless network?
Social Engineering
What is the process for using or manipulating people to gain access to network resources?
Local Security Policy
What tool would you use to enable auditing on a local level?
TuxP3nguinsRn0v3l
Which are examples of a strong password?
Port forwarding
Which hardware firewall feature enables incoming traffic on a specific port to reach an IP address on the LAN?
Disable SSID broadcast
Which of the following measures will make your wireless network less visible to the casual attacker?
Smart Cards
Which of the following might offer good hardware authentication?
EFS
Which of the following security solutions would prevent a user from reading a file which she did not create?
Local Security Policy
Which of the following tools would enable you to stop a user from logging on to a local machine but still enable him to log on to the domain?
WPA2
Which of these choices would provide better security for Mary's Wi-Fi router?
Trusted Platform Module (TPM)
Which security measure can be used to generate and store cryptographic keys?
fingerprint
Which type of biometric authentication uses the ridges of your skin?
Run a full system scan using the anti-malware software installed on your system.
While browsing the internet, a pop-up browser window is displayed warning you that your system is infected with a virus. You are directed to click a link to remove the virus. Which of the following are the next BEST actions to take?
Adware
While browsing the internet, you notice that your browser displays pop-ups containing advertisements that are related to recent keyword searches you have performed. What is this an example of?
You should use disk wiping software to fully erase the drives.
You are responsible for disposing of several old workstations formerly used by accountants in your organization's Finance department. Before being shipped to a computer recycler, you decide to make sure any old data on the hard drives is erased. To do this, you use the Windows XP Installation CDs that came with these systems to delete all partitions from the hard drives. Which of the following BEST describes state of these systems?
It has been moved to a folder on your computer.
You have installed anti-malware software that checks for viruses in e-mail attachments. You configure the software to quarantine any files with problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software. Which of the following BEST describes what happened to the file?
Physically destroy the hard drives with a hammer
You have purchased new computers and will be disposing of your old computers. These computers were previously used for storing highly-sensitive customer order information, including credit card numbers. To properly protect the accidental discovery of the company's sensitive information, which of the following steps MUST be completed prior to getting rid of the computers?
Disable all USB ports in the BIOS/UEFI firmware configuration
You provide desktop support at the branch office of a bank. One of the Windows workstations you manage is used by a bank employee to set up new customer accounts and fill out customer loan applications. Each user account on the system has been assigned a strong password. A cable lock has been installed to prevent it from being stolen. Which of the following steps could be completed to BEST increase the security of this system?
Disable the optical drive
You provide desktop support at the branch office of a bank. One of the Windows workstations you manage is used by a bank employee to set up new customer accounts and fill out customer loan applications. Each user account on the system has been assigned a strong password. A cable lock has been installed to prevent it from being stolen. Which of the following steps could be completed to BEST increase the security of this system?
BitLocker
You want a security solution that protects the entire hard drive, preventing access even when it is moved to another system. Which of the following is the BEST method for achieving your goals?
Open the firewall port for the Remote Desktop protocol.
You want to be able to access your home computer using Remote Desktop while traveling. You enable Remote Desktop, but you find that you cannot access your computer outside of your home network. Which of the following is the BEST solution to your problem?
Configure a user password in the BIOS/UEFI.
You want to configure your computer so that a password is required before the operating system will load. What should you do?
PPTP
You want to use a protocol that can encapsulate other LAN protocols and carry the data securely over an IP network. Which of the following protocols is suitable for this task?
Changing the default administrative password
You've just finished installing a wireless access point for a client. Which action best protects the access point from unauthorized tampering with its configuration settings?
Boot into Safe Mode and try removing the malware.
Your anti-malware software has detected a virus on your Windows 10 system. However, the anti-malware software is unable to remove it. When you try to delete the files, you can't because they are in use. Which of the following actions would be BEST to try first?
Ransomware
encrypts all the data on a harddrive and does not uninstall until the user pays a certain amount of money (often in bitcoin)
Tailgaiting
following someone when they open a door or authorized access area without them knowing
installed a Trojan horse
Zander downloaded a game off the Internet and installed it, but as soon as he started to play, he got a Blue Screen of Death. Upon rebooting, he discovered that his Documents folder had been erased. What happened?
Retinal Scanner
a device that scans the retina of a person in order to authenticate access, not a common form of authentication used in the field
Rogue antivirus software
a disguised trojan horse that acts like an anti-virus but in reality continuously infects your computer
virus
a program that exists only through hard disk spaces such as thumb drives or optical media, it's only objectives are to replicate and activate, activation permeates through corruption or stealing private information
Trojan Horse
a program that pretends to do one thing such as a game or web browser but then does malicious shit behind the scenes, installed ____ do not replicate
worm
a virus that spreads through a network and can replicate on it's own by scanning the network for other vulnerable systems
phishing
act of trying to get people to give their user names, passwords, or other security information by pretending to be someone else electronically
MAC filtering
allows network to only allow white listed mac addresses in order to increase overall security measures
Avast & Malwarebytes
anti malware software often used on Mac OS
closed source
any proprietary software licensed under exclusive legal right of the copyright holder or manufacturer, and cannot be modified by any other person outside of legal jurisdiction
Software Token
application that automatically provides security tokens to be entered at login, an example of this is steam guard
Telephone scam
attacker makes a phone call to someone within the organization to gain information using social engineering
Zero Day Attacks
attacks and vulnerabilities that are exploited as OS updates or software updates are released
Distributed Denial of Service (DDoS)
attacks that use many machines simultaneously to assault a system, typically through the form of overloading internet packets to one specific router
polymorphic virus
attempts to change its signature in order to prevent detection by antivirus programs
Packet filtering
blocks certain outgoing and incoming connections
application filtering
blocks connections based on certain categories
Security Token
devices that store some unique information that the user carries on their person, an example of this is a key fob
Autorun
disabling this is a best practice because it a user plugs in a usb device containing malware the computer will use ___ to play the potentially harmful content
Non Commercial Licensing
free to use for personal use, linux operating system is a great example of non commercial licensing