1.0 Threat Management Flashcards
<p>what is a public cloud?</p>
<p>the standard cloud computing model where a service provider makes resources available to the public over the internet</p>
<p>what does OS fingerprinting involve?</p>
<p>using active fingerprinting to look at the ports (open/closed and the types of responses) and passive fingerprinting to examine the traffic to and from the computer (looking for the default window size or TTL of packets)</p>
<p>what are the three main protocols that can be used for wireless networks?</p>
<p>wired equivalent privacy (WEP), WPAv1, WPAv2</p>
<p>what is the purpose of infrastructure as a service (IaaS) in cloud computing?</p>
<p>it provides computer and server infrastructure, typically through a virtualization environment</p>
<p>what do you use to control traffic from the internet to the LAN (local area network) by controlling the packets that are allowed to enter the LAN?</p>
<p>a firewall</p>
<p>what is the most common type of system used to detect intrusions into a computer network?</p>
<p>NIDS</p>
<p>what is the purpose of PaaS in cloud computing?</p>
<p>it provides not only a virtualized deployment platform but also a value-added solution stack and an application development platform</p>
<p>what is the term for an unauthorized access that a network-based intrusion detection system (NIDS) fails to detect?</p>
<p>missed detection or false positive</p>
<p>what does the acronym IDS denote?</p>
<p>Intrusion detection system</p>
<p>what is the main difference between an IDS and an IPS?</p>
<p>an IDS detects intrusions. an IPS prevents intrusions</p>
<p>what does the acronym ACL denote?</p>
<p>access control list</p>
<p>what devices can limit the effectiveness of sniffing attacks: switches or routers?</p>
<p>switches</p>
<p>what are the two major types of intrusion detection systems (IDS)?</p>
<p>network IDS (NIDS) and host IDS (HIDS)</p>
<p>which type of IDS detects attack on individual devices?</p>
<p>host intrusion detection system (HIDS)</p>
<p>which layer 3 device allows different logical networks to communicate?</p>
<p>router</p>
<p>what is the default rule found in a firewall's access control list (ACL)?</p>
<p>deny all</p>
<p>what does the acronym NIDS denote?</p>
<p>network-based intrusion detection system</p>
<p>which security control is lost when using cloud computing?</p>
<p>physical control of the data</p>
<p>what is the term for an authorized access that a network-based intrusion detection system (NIDS) incorrectly detects as an attack?</p>
<p>false positive</p>
<p>what are the four types of cloud computing based on management type?</p>
<p>public, private, hybrid, and community</p>
<p>what is hybrid cloud?</p>
<p>a cloud computing environment in which an organization provides and manages some resources in-house and has others provided externally via a public cloud</p>
<p>what is multi-tenancy cloud?</p>
<p>a cloud model where multiple tenants share the resources. this model allows the service providers to manage the resource utilization more efficiently</p>
<p>which type of system identifies suspicious patterns that may indicate a network or system attack?</p>
<p>intrusion detection system (IDS)</p>
<p>why is data isolation used in cloud environments?</p>
<p>to ensure that tenant data in a multi-tenant solution is isolated from other tenant' data using a tenant ID in the data labels</p>
<p>which information do routers use to forward packets to their destinations?</p>
<p>the network address and subnet mask</p>
<p>what does the acronym HIDS denote?</p>
<p>host-based intrusion detection system</p>
<p>what is a community cloud?</p>
<p>an infrastructure that is shared among several organizations from a specific group with common computing concerns</p>
<p>what is the purpose of software as a service (SaaS) in cloud computing?</p>
<p>it ensures on-demand, online access to an application suite without the need for local installation</p>
<p>what is a single-tenancy cloud?</p>
<p>a cloud model where a single client or organization uses a resource</p>
<p>what OS footprinting do?</p>
<p>it performs the fingerprinting steps as well as gathering additional information, such as polling DNS (check the status/survey), registrar queries, and so on</p>
<p>which type of IDS detects malicious packets on a network?</p>
<p>network intrusion detection system (NIDS)</p>
what is lightweight extensible authentication protocol (LEAP)?
a proprietary wireless LAN authentication method developed by Cisco Systems
which type of analysis involves identifying traffic that is abnormal?
anomaly analysis
which wireless protocol provides the best security: WEP, WAP, WPA, or WPA2?
WPA2 with CCMP
which category of IDS might increase logging activities, disable a service, or close a port as a response to a detected security breach?
active detection
what does the acronym SIEM denote?
security information and event management
what should you do to ensure that a wireless access point signal does not extend beyond it needed range?
reduce the power levels
which type of analysis involves examining information in the header of the packet?
protocol analysis
what is the purpose of MAC filtering?
to restrict the clients that can access a wireless network
what is protected extensible authentication protocol (PEAP)?
a protocol that encapsulates the EAP within an encrypted and authenticated TLS tunnel
what are the two modes of WAP and WPA2?
personal (also called preshared key or WPA-PSK / WPA2-PSK) and enterprise
what type of analysis focuses on the long term direction in the increase or decrease in a particular type of traffic?
trend analysis
which security protocol is the standard encryption protocol for use with the WPA2 standard?
counter mode cipher block chaining message authentication code protocol (CCMP)
which security protocol was designed as an interim solution to replace WEP without requiring the replacement of legacy hardware?
temporal key integrity protocol (TKIP)
which intrusion detection system (IDS) watches for intrusions that match a known identity?
signature-based IDS
which software can collect logs from specified devices, combine the logs, and analyze the combined logs for security issues?
security information and event management (SIEM)
what doe heuristic analysis do?
it determines the susceptibility of a system towards a particular threat/risk using decision rules or weighing methods
which protocol does the enterprise mode of WPA and WPA2 use for authentication?
extensible authentication protocol (EAP)
which wireless mode ensures that wireless clients can only communicate with the wireless access point and not with other wireless clients?
isolation mode
which type of IDS or IPS uses an initial database of known attack types but dynamically alters their signatures base on learned behavior?
heuristic
what doe packet analysis do?
it examines the entire packet, including the payload
what are the non-overlapping channels for 802.11g/n?
channels 1,6, and 11
what are the non-overlapping channels for 802.11b?
channels 1,6,11, and 14
what is the most secure implementation of file transfer protocol (FTP)?
secure file transfer protocol (SFTP)
what is the name for a hole in the security of an application deliberately left in place by a designer?
backdoor
which malicious software infects a system without relying upon other applications for its execution?
a worm
what does an anti-virus application signature file contain?
it contains identifying information about viruses
which application or services uses TCP/UDP port 3389?
remote desktop protocol (RDP)
which port number is used by TFTP?
UDP port 69
what is the name for a fix that addresses a specific windows system problem or set of problems?
hotfix
which firewall port should you enable to allow SMTP trafic to flow through the firewall?
port 25
how many TCP/UDP ports are vulnerable to malicious attacks?
65,536
which type of virus can change its signature to avoid detection?
polymorphic
what is the default PPTP port?
TCP port 1723
what is the purpose of NAC?
network access control (NAC) ensures that the computer on the network meets an organization’s security policies
using role-based access control (RBAC), which entities are assigned roles?
users or subjects
what is the name of the area that connects to a firewall and offers services to untrusted networks?
DMZ
which virus creates many variants by modifying its code to deceive antivirus scanners?
polymorphic virus
which port should you block at your network firewall to prevent telnet access?
port 23
what is a good solution if you need to separate two departments into separate networks?
VLAN segregation
which port number does LDAP use for communications encrypted using SSL/TLS?
port 636
which type of code performs malicious acts only when a certain set of conditions occurs?
a logic bomb
which firewall port should you enable to allow IMAP4 traffic to flow through the firewall?
TCP port 143
which two port does FTP use?
ports 20 and 21
what does VLAN segregation accomplish?
it protects each individual segment by isolating the segments
which port number does HTTP use?
port 80
which port numbers are used by NetBIOS?
ports 137, 138, 139
which type of malware appears to perform a valuable function, but actually performs malicious acts?
trojan horse
which port number does LDAP use when communications are not secured using SSL/TLS?
port 389
what does the acronym RBAC denote?
role-based access control
which viruses are written in macro language and typically infect operating systems?
macro viruses
who can change a resource’s category in a mandatory access control environment?
administrators only
which port number does NNTP (network news transfer protocol) use?
TCP port 119
what is a trojan horse?
malware that is disguised as a useful utility, but is embedded with a malicious code to infect computer systems
which port number does NTP use?
port 123
what does the acronym DAC denote?
discretionary access control
which firewall port should you enable to allow POP3 traffic to flow through the firewall?
TCP port 110
which port number does DHCP use?
port 67
which port number is used by SSL, FTPS, and HTTPS?
TCP port 443
which port number is used by SSH, SCP, and SFTP?
port 22
what is the default L2TP port?
UDP port 1701
which type of access control associates roles with each user?
role-based access control (RBAC)
why should you install a software firewall and the latest software patches and hotfixes on your computer?
to reduce security risks
what is the name for a collection of hotfixes that have been combined into a single patch?
a service pack
which type of access control is the multi-level security mechanism used by the department of defense (DoD)?
mandatory access control (MAC)
which port number does DNS use?
port 53
which port number is used by SMB?
tcp port 445
what is a file considered in a mandatory access control environment?
an object
what is the purpose of anti-spam application or filters?
to prevent unsolicited e-mail
which type of access control was originally developed for military use?
mandatory access control (MAC)
when should you install a software patch on a production server?
after the patch has been tested
which type of access control is most suitable for top-secret information?
mandatory access control (MAC)
which port number does SNMP use?
UDP port 161
in a secure network, what should be the default permission position?
implicit deny
which port number does SSH use?
port 22
which type of virus attempts to hide from antivirus software and from the operating system by remaining in memory?
stealth
which port is used for LDAP authentication?
port 389
which self-replicating computer program sends copies of itself to other devices on the network?
worm
which port number is used by microsoft SQL server?
tcp port 1433
which TCP port number does secure sockets layer (SSL) use?
port 443
according to the CySA+ objectives, what are the six rules of engagement for penetration testing?
timingscopeauthorizationexploitationcommunicationreporting
is a DHCP server normally placed inside a DMZ?
no
what is meant by the term exploitation in regards to rules of engagement in penetration testing?
all exploits that will be attempted during a scan
what is decomposition?
the process of breaking software or malware down to discover how it works
what is meant by the term scope in regards to vulnerability testing?
the devices or parts of the network that can be scanned and the types of scans to be performed
which technology enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic, while hiding internal addresses or address space?
NAT
which assessment determines whether network security is properly configured to rebuff hacker attacks?
penetration test
what is the purpose of network segmentation?
to isolate a group of devices
what can be used to run a possibly malicious program in a safe environment?
sandbox
which term is used for the process of verifying the integrity of a file by using a hashing algorithm?
fingerprinting or hashing
what is the purpose of the blue team in a training exercise?
defending the device or network
which documentation reduces the likelihood that you have received counterfeit equipment?
OEM (original equipment manufacturer) documentation
which type of connectivity provides a remote user the ability to safely connect to his or her corporate network while maintaining data confidentiality and integrity?
VPN
what is the purpose of the red team in a training exercise?
attacking the devices or network
what is meant by the term timing in regards to penetration testing?
the time when the test should occur and when it should not occur
what is the primary security advantage of using NAT?
NAT hides internal IP addresses from the public network
what is meant by the term authorization in regards to penetration testing?
the written agreement and legal authority to perform a vulnerability test
which type of test attempts to exploit vulnerabilities?
penetration test or pentest
which type of test ONLY identifies vulnerabilities?
vulnerability test
what is the purpose of rules of engagement for penetration testing?
they define how a penetration test should occur, including the factors that limit the penetration test
what does the acronym OEM denote?
original equipment manufacturer
which team acts as the referee during a training exercise?
white team
what is the purpose of the Trusted Foundry?
it identifies trusted vendors and ensures a trusted supply chain for the united states department of defense (DoD)
does each VLAN create its own collision domain or its own broadcast domain?
broadcast domain
