Cybersecurity Fundamentals

Logic Bomb

A malware that uses a trigger to awaken the malicious code

An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this?

Bluesnarfing

Cryptographically Secure Pseudo-Random Number Generator (CSPRNG)

CSPRNG is a way (and the best way) to generate salt

Why should WEP not be used in wireless networks today?

It is easily crackable

Three devices which represent examples of physical access control

Locks, Swipe Cards, Video Camera

The CIO wants to secure data on company laptops by implementing file encryption. The technician determines the best method is to encrypt each hard drive using Windows BitLocker. Which two things are needed to implement this solution?

At least two volumes. Trusted Platform Module (TPM)

The manager of a department suspects someone is trying to break into computers at night. You are asked to find out if this is the case. What logging would you enable?

Audit

What does a rootkit modify?

Operating System (OS)

Symmetric Encryption

An encryption algorithm that uses the same pre-shared key to encrypt and decrypt data

Which 128-bit block cipher encryption algorithm does the US government used to protect classified information?

Advanced Standard Encryption (AES)

What are three best practices in implementing salting?

A salt must be unique. A salt should not be reused. A salt should be unique for each password.

Spyware

A software used to obtain information about the computer of a user.

Intrusion Detection System (IDS)

A technology put in place to detect potential malware traffic on the network

Watermarking

A technology that protects software from unauthorized access or modification

Algorithm Attack

A type of an attack which can disable a computer by forcing it to use memory or by overworking its CPU.

SQL Injection

A type of attack targets an SQL database using the input field of a user

Vulnerability

A weakness that makes a target susceptible to an attack

What is the difference between an HIDS and a firewall?

An HIDS monitors operating systems on host computers and processes file system activity. Firewalls allow or deny traffic between the computer and other systems.

Diffie-Hellman

An asymmetric algorithm which provides an electronic key exchange method to share the secret key

Asymmetric Encryption

An encryption algorithm that uses one key to encrypt data and a different key to decrypt data

A user calls the help desk complaining that an application was installed on the computer and the application cannot connect to the Internet. There are no antivirus warnings and the user can browse the Internet. What is the most likely cause of the problem?

Computer Firewall

Bluesnarfing

Copying of user info through unauthorized Bluetooth transmissions

A user has created a new program and wants to distribute it to everyone in the company. The user wants to ensure that when the program is downloaded that the program is not changed while in transit. What can the user do to ensure that the program is not changed when downloaded?

Create a hash of the program file that can be used to verify the integrity of the file after it is downloaded.

Step by step process for creating a digital signature

Create a message digest; encrypt the digest with the private key of the sender; and bundle the message, encrypted digest, and public key together in order to sign the document.

Spear Phishing

Describes an email that is targeting a specific person employed at a financial institution

Smishing

Describes sending of a short deceptive SMS message used to trick a target into visiting a website

Cryptology

Describes the science of making and breaking secret codes

A warning banner that lists the negative outcomes of breaking company policy is displayed each time a computer user logs in to the machine. What type of access control is implemented?

Deterrent Access Control

Which service will resolve a specific web address into an IP address of the destination web server?

Domain Name Server (DNS)

Ransomware

E.g. A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user.

Three validation criteria used for a validation rule

Format, Size, Range

A user has been asked to implement IPsec for inbound external connections. The user plans to use SHA-1 as part of the implementation. The user wants to ensure the integrity and authenticity of the connection. What security tool can the user use?

HMAC

Three examples of administrative access controls

Hiring Practices, Policies and Procedures, Background Checks

Which three processes are examples of logical access controls?

IDS, Biometrics, Firewalls, Password, Access Control Lists (ACLs)

Three situations in which the hashing function can be applied

IPsec, Public Key Infrastructure (PKI), Challenge Handshake Authentication Protocol (CHAP)

Strength of using a hashing function

It is a one-way function and it is irreversible.

Companies may have different operation centers that handle different issues with the IT operations. If an issue is related to network infrastructure, what operation center would be responsible?

Network Operation Centre (NOC)

A user makes a request to implement a patch management service for a company. As part of the requisition the user needs to provide justification for the request. What three reasons can the user use to justify the request?

No opportunities for users to circumvent updates. The ability to control when updates occur. The ability to obtain reports on systems.

Buffer Overflow

Occurs when data goes beyond the limits of a buffer

A security breach has happened at a major corporation. The incident team has responded and executed their incident response plan. During which phase are lessons learned applied?

Post-Incident

A user is asked to evaluate the security posture of a company. The user looks at past attempts to break into the company and evaluates the threats and exposures to create a report. Which type of risk analysis could the user perform?

Qualitative Risk Analysis

A user is asked to perform a risk analysis of a company. The user asks for the company asset database that contains a list of all equipment. The user uses this information as part of a risk analysis. Which type of risk analysis could be performed?

Quantitative Risk Analysis

Three NIST-approved digital signature algorithms

RSA, ECDSA, DSA

A user is running a routine audit of the server hardware in the company data center. Several servers are using single drives to host operating systems and multiple types of attached storage solutions for storing data. The user wants to offer a better solution to provide fault tolerance during a drive failure. Which solution is best?

Redundant Array of Independent Disks (RAID)

Script Kiddies

Refers to amateur hackers

Hacktivists

Refers to hackers who hack for a cause

A new PC is taken out of the box, started up and connected to the Internet. Patches were downloaded and installed. Antivirus was updated. In order to further harden the operating system what can be done?

Remove unnecessary programs and services.

In a report, the user emphasized the methods and configurations needed as a whole to make the network fault tolerant. What is the type of design the user is stressing?

Resilient design

A user calls the help desk complaining that the password to access the wireless network has changed without warning. The user is allowed to change the password, but an hour later, the same thing occurs. What might be happening in this situation?

Rogue Access Point

Key elements needed to implement Hash-based Message Authentication Code (HMAC)

Secret key and message digest

What is a flexible and secure method for remotely connecting to servers?

Secure Shell (SSH)

What are the best practices for securing privileged accounts?

Secure password storage. Reduce the number of privileged accounts. Enforce the principle of least privilege.

What is a tool used to set local policy for passwords on the workstation?

Security Policy - secpol.msc

Steganography

Term used to describe concealing data in another file such as a graphic, audio, or other text file

Masking

Term used to describe the technology that replaces sensitive information with a nonsensitive version

Phishing

Term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source

Why is WEP a weak protocol?

The key is static and repeats on a congested network. The key is transmitted in clear text.

x.509

The standard for a public key infrastructure to manage digital certificates

The CEO of a company is concerned that if a data breach should occur and customer data is exposed, the company could be sued. The CEO makes the decision to buy insurance for the company. What type of risk mitigation is the CEO implementing?

Transference Risk Mitigation

Key Space and Key Length

Two terms used to describe cipher keys

Difference between a virus and a worm

Worms self-replicate but viruses do not. Viruses also require a host while worms do not.

DDoS (Distributed Denial of Service)

A type of attack which uses many systems to flood the resources of a target, thus making the target unavailable.

Stream Cipher

A type of cipher encrypts plaintext one byte or one bit at a time

Block Cipher

A type of cipher is able to encrypt a fixed-length block of plaintext into a 128-bit block of ciphertext at any one time

Adware

A type of software that generates revenue by generating annoying pop-ups

Cross-Site Scripting (XSS)

A vulnerability that allows criminals to inject scripts into web pages viewed by users

Workforce Framework Category - Analzye

A workforce framework category that includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence

A user is proposing the purchase of a patch management solution for a company. The user wants to give reasons why the company should spend money on a solution. What benefits does patch management provide?

Administrators can approve or deny patches. Updates cannot be circumvented. Updates can be forced on systems immediately.

Elliptic Curve Cryptography (ECC)

A cryptographic algorithm includes the use of elliptical curves for digital signature generation and key exchange (Used by the NSA)

Backdoor/Rootkit

A malicious program or program code that bypasses normal authentication

Brute Force Attack

A method which tries all possible passwords until a match is found

Entity Integrity

An integrity rule that states every table ​must have a primary key and that the column or columns chosen to be the primary key must be unique and not null.

A user is asked to analyze the current state of a computer operating system. What should the user compare the current operating system against to identify potential vulnerabilities?

Baseline

What are three advantages of using disk cloning?

Ensures a clean imaged machine. Can provide a full system backup. Easier to deploy new computers within the organization.

Which two steps can the user take to classify data?

Establish owner of the data, Identify sensitivity of the data

Why is WPA2 better than WPA?

Mandatory use of AES algorithms

Transposition

Method in which letters are rearranged to create the ciphertext

A team has been asked to create an incident response plan for security incidents. In what phase of an incident response plan does the team get management approval of the plan?

Preparation phase

Which 4 protocols use asymmetric key algorithms?

Pretty Good Privacy (PGP), Secure Shell (SSH), Secure Socket Layer (SSL), Internet Key Exchange (IKE)

Three type of attacks that are preventable through the use of salting

Reverse Lookup Tables, Lookup Tables, Rainbow Tables

A user is asked to evaluate the data center to improve availability for customers. The user notices that there is only one ISP connection, some of the equipment is out of warranty, there are no spare parts, and no one was monitoring the UPS which was tripped twice in one month. Which three deficiencies in high availability has the user identified?

Single points of failure Failure to design for reliability Failure to detect errors as they occur

A user was hired by a company to provide a highly available network infrastructure. The user wants to build redundancy into the network in case of a switch failure, but wants to prevent Layer 2 looping. What would the user implement in the network?

Spanning Tree Protocol (STP)

A company wants to implement biometric access to its data center. The company is concerned with people being able to circumvent the system by being falsely accepted as legitimate users. What type of error is false acceptance?

Type II error

The company has many users who telecommute. A solution needs to be found so a secure communication channel can be established between the remote location of users and the company. What is a good solution for this situation?

Virtual Private Network (VPN)

Three protocols that provide default gateway redundancy

Virtual Router Redundancy Protocol (VRRP), Gateway Load Balancing Protocol (GLBP), and Hot Standby Router Protocol (HSRP)