Cyber test 3

what are the cloud service models?

-Software as a Service(SaaS) (Google Docs, Dropbox): allows customers access to applications running in cloud -Platform as a service (PaaS) (ex: Google app engine): customer has his own applications, but the cloud provides tools/language to run them -Infrastructure as a Service (IaaS) (ex: amazon web services) cloud offers processing, storage, and other resources that enables customers to run any type of software

how to prevent insider threats

-least privilege policy (giving ppl. authorization to only the resources they need) -periodic security awareness for all employees -have secure backup/recovery in place -educate employees to not click on phishing emails and such

how to detect insider threat

-maintain log of all accounts and users that access the orgs. systems -monitor for unusual outbound traffic patterns

list at least 5 physical security controls

1. Dogs 2. Security Guards 3. ID Cards & Badges 4. Keys 5. Walls, Fences, ETC

List 5 factors for authentication (know as Multi-Factor Authentication)

1. Knowledge - something you know (aka passwords, passphrase) 2. Ownership - something you have (aka calc a number at both authentication server and device) 3. Characteristics -something unique to you (fingerprints, retina, etc) 4. Location - where you are (indicator of authenticity) 5. Action - something you do (typing patterns)

drivers of insider threats

1. TRIGGER that sets betrayal in motion 2. ABILITY to overcome inhibitions & characteristics of malicious insider 3. OPPORTUNITY to commit crime

List three solutions to prevent insider threats

1. implement "least priviledge policy" (only let people access what their job requires of them)

The security manager at your company recently updated the security policy. One of the changes requires two-factor authentication. Which of the following will meet this requirement? a. Hardware token and PIN b. Fingerprint and retina scan c. Password and PIN d. PIN and security questions

A

Thieves recently rammed a truck through the entrance of your company's main building. During the chaos, their partners proceeded to steal a significant amount of IT equipment. Which of the following choices can you use to prevent this from happening again? a. Bollards b. Guards c. CCTV d. Mantrap

A

You maintain a training lab with 18 computers. You have enough rights and permissions on these machines so that you can configure them as needed for classes. However, you do not have the right to add them to your organization's domain. Which of the following choices BEST describes this example? a. Least privilege b. Need to know c. User-based privileges d. BYOD

A

Your company wats to control access to a restricted area of the building by adding an additional physical security control that includes facial recognition. Which of the following provides the BEST solution? 1. Bollards (Barricade) 2. Guards 3. Palm scanners 4. Video surveillance

A. Bollards

To avoid the nefarious use of cloud computing, which of the following is the BEST safeguard? a. Rigorous registration process b. Paid service c. OAuth d. Firewall

A. Rigorous Registration process

You want to deter an attacker from using brute force to gain access to a mobile phone. What would you configure? 1. Remote wiping 2. Account lockout settings (ex: only allowed 5 tries to log into account) 3Geo-Tagging 4. RFID

B

Your organization was recently attacked, resulting in a data breach, and attackers captured customer data. Management wants to take steps to better protect customer data. Which of the following will BEST support this goal? 1. Succession planning and data recovery procedures 2. Stronger access controls and encryption 3. Performing a vulnerability assessment 4. Video surveillance

B

Which of the following choices BEST describes the organizational trigger in insider threats (TWO)? a. High level of physical access controls b. High level of time pressure c. High level of security training d. High availability and easy of acquiring information

B & D

In what type of attack does the attacker send unauthorized commands directly to a database? a. XSS (cross-site scripting) b. SQL injection c. XSRF (cross-site request forgery) d. Database dumping

B SQL Injection

A security professional has reported an increase in the number of tailgating violations into a secure data center. What can prevent this? 1. CCTV 2. Mantrap 3. Proximity card 4. Cipher lock

B. Mantrap

A security auditor discovered that several employees in the accounting department can print and sign checks. In her final report, she recommended restricting the number of people who can print checks and the number of people who can sign them. She also recommended that no one should be authorized to print and sign checks. What policy is she recommending? a. Role-based access control b. BYOD c. Separation of duties d. Job rotation

C

A telecommuting employee calls into his organization's IT help-desk and asks the help-desk professional to reset his password. Which of the following choices is the BEST choice for what the help-desk professional should do before resetting the password? a. Verify the user's name b. Disable the user's account c. Verify the user's identity d. Enable the user's account

C

Sean wants to ensure that other people cannot view data on his mobile device if he leaves it unattended. What should he implement? a. Encryption b. Cable lock c. Screen lock d. Remote wiping

C

Users at your organization currently use a combination of smart cards(something you have) and passwords (something you know), but an updated security policy requires multifactor security using three different factors. Which of the following can you add to meet the new requirement (some thing you are)? 1. Four-digit PIN 2. Hardware tokens 3. Fingerprint readers 4. USB tokens

C

Of the following choices, which one is a cloud computing option model that the vendor provides access to a computer, but customers must manage the system, including keeping it up to data with current patches? a. Platform as a Service b. Software as a Service c. Infrastructure as a Service d. Private

C. Infrastructure as a service

A code review of a web application discovered that the application is not performing properly. What should the web developer add to this application to resolve this issue? a. XSRF b. XSS c. Input validation d. Antivirus software

C. Input validation

Malicious users inject malicious code or software in Adobe PDF and MS office and upload it to the cloud service. Customers who download the Adobe PDF and the MS office will also execute the malwares. Which of the following choices BEST describes this example? a. Account hijacking b. Session hijacking c. Nefarious use of cloud computing d. SQL injection

C. Nefarious use of cloud computing

Looking at logs for an online web application, you see that someone has entered the following phrase into several queries: 'or '1'='1'-- Which of the following is the MOST likely explanation for this? a. Session hijacking b. XSS (cross-site scripting) c. SQL injection d. Domain

C. SQL Injection

Your organization hosts a web site and the web site accesses a database server in the internal network. Database fields hosting customer data are encrypted and all data in transit between the web site server and the database server are encrypted. Which of the following represents the GREATEST risk to the data on the server? a. Theft of the database server b. HTML injection c. SQL injection d. Sniffing

C. SQL Injection

While creating a web application, a developer adds code to limit data provided by users. The code prevents users from entering special characters. Which of the following attacks will this code MOST likely prevent? a. Man-in-the-Middle b. Phishing c. XSS (cross-site scripting) d. Domain hijacking

C. XSS (cross site scripting)

____________________ attacks leverage the fact that users are often logged into multiple sites at the same time and use one site to trick the browser into sending malicious requests to another site without the users' knowledge.

Cross site request forgery (XSRF or CSRF)

____________________ attacks occur when an attacker embeds malicious scripts without permission in a third-party website that are later run by innocent visitors to that site.

Cross site scripting (XSS)

Bart is in a break area outside the office. He told Lisa that he forgot his badge inside and asked Lisa to let him follow her when she goes back inside. What does this describe? a. Spear phishing b. Vishing c. Mantrap d. Tailgating

D

Social engineers have launched several successful phone-based attacks against your organization resulting in several data leaks. Which of the following would be MOST effective at reducing the success of these attacks? a. Implement a BYOD (bring your own device) policy b. Update an AUP (acceptable use policy) c. Implement a least privilege policy d. Implement a program to increase security awareness

D

Which of the following choices BEST describes the characteristics of malicious insider? a. High loyalty toward their organization b. High level of rationality c. High level of ethical values d. High level of compulsive behavior

D

Which one of the following provides an authentication mechanism that would be appropriate for pairing with a password to achieve two-factor authentication? a. Username b. PIN c. Security question d. Fingerprint scan

D

Bart is in a break area outside the office. He told Lisa that he forgot his badge inside and asked Lisa to let him follow her when she goes back inside. What does this describe? 1. Spear phishing 2. Vishing 3. Mantrap 4. Tailgating

D. Tailgating

T/F: Insider attacks usually require the advance knowledge of network

False

T/F: Insider threat is always occurred by the insider who has malicious intention (e.g., fraud, unauthorized trading, and espionage).

False

IaaS (Infrastructure as a Service) gives the customer access to applications running in the cloud. [ T / F , if F, then ]

False; software as a service

What is tailgating?

Gaining unauthorized access to restricted areas by following another person (ex: someone being nice holds open a door for you)

Abuse and Nefarious use of Cloud Computing

IaaS & PaaS offer free limited/unlimited storage, network, etc with sloppy registration process where anyone can register and use cloud services without validation processes -thus, an example would be a nefarious user injects malicious code into a PDF and upload it to a cloud service. Anyone who downloads it will have the malware

____________________ enables a user to allow third-party application to access APIs on that user's behalf; for example, when Facebook asks a user if a new application can have access to his photos.

OAutho

sql injection

Structured Query Language(SQL) Injection: -provide info about a database and allow attacker to read/modify data w/in database -easy way to defend against this is input validation

Application Program Interface (API)

The building blocks needed to create a software program. An API provides the guidelines that guarantee that all programs that use that API will have similar interfaces across operating systems and hardware platforms. -cloud vendors have history of using broken APIs -thus, a great safeguard is: strong authentication and access control with encrypted transmission

T/F : Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and web servers with data in cleartext

True

T/F: An insider threat is occurred by a current or former employee, contractor or business partner who has or had authorized access to an organization's network systems, data or premises.

True

T/F: Cloud venders expose a set of software interface or APIs in which customers use to interact with cloud services

True

T/F: Fingerprints, palm prints, and retina scans are types of biometrics.

True

Insider Threat

a current or former employee who has authorized access to org. networks, and intentionally/unintentionally compromises its CIA

cross-site request forgery (XSRF)

a malicious user can send a fake link to you, when link is opened your cookie information can be compromised and used by malicious user

what is a mantrap?

a set of double doors that are generally monitored by a security guard

Cross-Site Scripting attack (XSS)

attacker embeds malicious scripts without 3rd party permission -an example of this would including malicious script in the url to a website

Web bugs

designed to monitor who is checking the web page; advertisers want to count # of visitors

OAuth (API Access)

enables user to allow third party applications to access API without sharing a password An easy example would be whenever a new app logs in with facebook and it asks the user if it can have access to their photos

Session Hijacking is the process in which a user's or organization's cloud account credentials are stolen and exploited by an unauthorized attacker. [ T / F , if F, then ]

false; account hijacking

best way to defend against account hijacking

having a strong two-factor authentication: example; having a password along with PIN # protecting the accounts

example of multi-factor authentication

step 1: username and pw. step 2: set up mobile device linked with account (like what i have with my school email) step 3: when in account, to access personal info(ex: for bank accounts to access routing #) you have to provide DOB

Cookies are designed for websites to remember stateful information (e.g., items added in the cart on Amazon.com. [ T / F , if F, then ]

true

T/F: An Application Program Interface (API) refers to tools for creating software applications

true

T/F: Cookies are inherently harmless

true

T/F: To be secure interfaces and APIs, strong authentication and access controls are required with encrypted transmission

true

account hijacking

user's or organizations cloud account credentials are stolen

session hijacking attack

way to exploit valid computer session and gain unauthorized access to info (ex: when your keep username & passwords with cookies, this can become compromised)