4.0 Security Architecture and Tool Sets Flashcards
which audit category will audit all instances of users exercising their rights?
the audit privilege use audit category
what is another term for logical controls?
technical controls
which type of controls dictates how security policies are implemented to fulfill the company’s security goals?
administrative or management control
what is the name of the process for removing only the incriminating data from the audit logs?
scrubbing
which type of controls is implemented to secure physical access to an object, such as building, a room, or a computer?
physical or operational control
which type of controls include developing policies and procedures, screening personnel, conducting security awareness training, and implementing change control?
administrative controls
what is the purpose of administrative controls?
to implement security policies based on procedures, standards, and guidelines
what is the purpose of password complexity rules?
to ensure that users do not use passwords that are easy to guess using dictionary attacks
what must you do for an effective security auditing policy, besides creating security logs?
analyze the logs
what is the purpose of physical controls?
to work with administrative and technical controls to enforce physical access control
which audit category tracks access to all objects outside active directory?
the audit object access audit category
which password attack does an account lockout policy protect against?
a brute force attack
if a user needs administrative-level access, how many user accounts should be issued to the user?
two - one for normal tasks, one for administrative-level tasks
which setting ensures that accounts are not used beyond a certain data and/or time?
account expiration
what are you trying to determine if you implement audit trails to ensure that users are not performing unauthorized functions?
accountability
which setting ensures that users periodically change their account passwords?
password expiration
what is the name for the process of tracking user activities by recording selected events in the server activity logs?
auditing
which document is used when it is necessary to invoke legal action against an employee for inappropriate use of computer resources?
acceptable use policy
which type of controls includes access control mechanisms, password management, identification methods, authentication methods, and security devices?
technical or logical controls
what are the FIVE stages in the life cycle of the evidence or the chain of custody?
- collection of evidence from the site2. analysis of the evidence by a team of experts3. storage of the evidence in a secure place to ensure that the evidence is not tampered with4. presentation of the evidence by legal experts in a court of law5. returning the evidence to the owner after the proceedings are over
what is the purpose of audit logs?
to document actions taken on a computer network and the party responsible for those actions
which type of controls work to protect system access, network architecture and access, control zones, auditing, and encryption and protocols?
technical controls
what is the purpose of technical controls?
to restrict access to objects and protect availability, confidentiality, and integrity
when should an administrative account be used?
when performing administrative-level tasks
which linux file contains encrypted user passwords that only the root user can read?
/etc/shadow
what is the purpose of password age rules?
to ensure that users change their passwords on a regular basis
which account should you rename immediately after installing a new operating system (OS) to harden the OS?
the administrator account
which assessment examines whether network security practices follow a company’s security policy?
an audit
which audit category monitors changes to user accounts and groups?
the audit account management audit category
what is the purpose of the password history settings?
to ensure that users do not keep reusing the same passwords
which setting ensures that repeated attempts to guess a user’s password is not possible beyond the configured value?
account lockout
which account should you disable immediately after installing a new operating system (OS) to harden the OS?
the guest account
which log in event viewer should you open to view events that are generated based on your auditing settings?
the security log
what is a good password complexity policy?
a mixture of numbers, uppercase and lowercase letters, and special characters, such as rObin3*nest
which audit category tracks all attempts to log on with a domain user account when enabled on domain controllers?
the audit account logon events audit category
which type of controls includes controlling access to different parts of a building, implementing locking systems, installing fencing, implementing environmental controls, and protecting the facility perimeter?
physical controls
what is the top-most level of the LDAP hierarchy?
root
what is the primary function of LDAP?
lightweight directory access protocol (LDAP) controls client access to directories
what are flood guards?
devices that protect denial of service (DoS) attacks
what does the acronym RADIUS denote?
remote authentication dial-in user service
what are the two types of eye scans?
iris scans and retinal scans
which type of authentication is accomplished by authenticating both the client and server sides of a concentration through the encrypted exchange of credentials?
mutual authentication
what does the acronym TACACS denote?
terminal access controller access control system
which function does a single sign-on (SSO) system provide?
it allows a user to present authentication credentials once and gain access to all computers within the SSO system
what is the purpose of federated identity management?
it allows single sign-on (SSO) between companies
what does the acronym KDC denote?
key distribution center
which authentication protocol uses UDP: TACACS+ or RADIUS?
RADIUS
which security-server application and protocol implements authentication and authorization of users from a central server over TCP?
terminal access controller access control system plus (TACACS+)
which authentication protocol is an open standard: TACACS+ or RADIUS?
RADIUS
which authentication system includes clients, servers, and a key distribution center (KDC)?
kerberos
which authentication protocol separates authentication and authorization: TACACS+ or RADIUS?
TACACS+
which Cisco implementation is similar to a RADIUS implementation?
TACACS
what are the two components of the kerberos key distribution center?
authentication server (AS) and ticket-granting server (TGS)
which access control model is based on the data’s owner implementing and administering access control?
discretionary access control (DAC)
which eye scan measures the pattern of blood vessels at the back of the eye?
retinal scan
scanning fingerprints is an example of which authentication technique
biometrics
using role-based access control (RBAC), which entities are assigned roles?
users or subjects
which kerberos component holds all users’ and services’ cryptographic keys and generates tickets?
key distribution center (KDC)
who has the responsibility for configuring access rights in discretionary access control (DAC)?
the data owner or data custodian
what is the most important biometric system characteristic?
accuracy
which type of attack can turn a switch into a hub?
MAC flooding
what does the acronym MAC denote?
mandatory access control
which type of eye scan is considered more intrusive than other eye scans?
retinal scan
which fingerprint scan will analyze fingerprint ridge direction?
minutiae matching
why is password disclosure a significant security issue in a single sign-on network?
it could compromise the entire system because authentication grants access to any systems on the network to which the actual user may have permission
which access control model has the lowest cost?
role-based access control (RBAC)
what does the acronym SSO denote?
single sign-on
which authentication protocol encrypts the entire packet (not just the password): TACACS+ or RADIUS?
TACACS+
which authentication protocol uses tickets to authenticate users?
Kerberos
which function does RADIUS provide?
centralized authentication, authorization, and accounting for remote dial-in users
which security-server application and protocol implement authentication of users from a central server over UDP?
remote authentication dial-in user service (RADIUS)
which directory protocol does directory-enabled networking (DEN) use?
lightweight directory access protocol (LDAP)
which access control model uses security labels for each resource?
mandatory access control (MAC)
what are the two advantages of single sign-on (SSO)?
convenience and centralized administration
which access control model requires assigning security clearance levels to users, such as secret, top-secret, and confidential?
mandatory access control (MAC)
which internet protocol based on X.500 is used to access the data stored in a network directory?
lightweight directory access protocol (LDAP)
what is the purpose of RADIUS?
remote access dial-in user service (RADIUS) enables remote access users to log on to a network through a shared authentication database
which ethernet standard uses a wireless access point with a remote authentication dial-in user service (RADIUS) server to authenticate wireless users?
802.1x
which type of authentication combines two or more authentication methods, like something that a person knows (such as password), something that a person owns (such as a smart card), and a characteristic about the person (such as a fingerprint)?
multi-factor authentication
which technique is used to prevent network bridging?
network separation
on which standard is lightweight directory access protocol (LDAP) based?
X.500
what are the two types of ciphers?
block and streaming
what is most commonly used to provide proof of message’s origin?
a digital signature
which key is used to decrypt a digital signature: public or private?
public
which cryptographic technique is based on a combination of two keys: a secret (private) key and a public key?
public-key cryptography
in asymmetric encryption for a digital signature, which key is used for encryption: public or private?
private
what are mandatory vacations?
administrative controls that ensure that employees take vacations at periodic intervals
what are two other names for single-key cryptography?
symmetric key encryption and secret-key encryption
which type of cryptography is more secure: symmetric or asymmetric?
asymmetric
which security measure prevents fraud by reducing the chances of collusion?
separation of duties
what are the three issues that symmetric data encryption fails to address?
data integrity, repudiation, scalable key distribution
to provide checks and balances and to prevent one person from gaining too much power over a system, which type of security policy should you implement?
separation of duties
what is the term for the process that applies a one-way mathematical function called a message digest function to an arbitrary amount of data?
hashing
what is a dual control?
when two operators work together to accomplish a sensitive task
what is segregation of duties?
when a sensitive activity is segregated into multiple activities and tasks are assigned to different individuals to achieve a common goal
what is another name for public-key encryption?
asymmetric encryption
what is another term used for layered security?
defense in depth
what is job rotation?
when an individual can fulfill the tasks of more than one position in the organization and duties are regularly rotated to prevent fraud
what is the opposite of confidentiality?
disclosure
what is the purpose of filters on a web server?
they limit the traffic that is allowed through
what is the purpose of sandbox in a java applet?
it prevents java applets from accessing unauthorized areas on a user’s computer
which error condition arises because data is not checked before input to ensure that it has an appropriate length?
buffer overflow errors
when does fuzzing occur?
when unexpected values are provided as input to an application to make the application crash
what are the FIVE phases of the system development life cycle (SDLC)?
- initiation2. development and acquisition3. implementation and assessment4. operations and maintenance5. disposal
what is the purpose of a decompiler?
to re-create the source code in some high-level language
which type of attack runs code within another process’s address space by making it load a dynamic link library?
a DLL injection attack
what is the purpose of fuzz testing?
to identify bugs and security flaws within an application
what are alternate terms for cross-site request forgery (XSRF)?
session riding or one-click attack
which application hardening method requires that your organization periodically checks with the application vendor?
patch management
what is the most significant misuse of cookies?
misuse of personal data
when does fuzzing occur?
when unexpected values are provided as input to an application in an effort to make the application crash
what does a race condition typically attack?
the delay between time of check (TOC) and time of use (TOU)
when does a cross-site scripting (XSS) attack occur?
it occurs when an attacker locates a vulnerability on a web site that allows the attacker to inject malicious code into a web application
what is the name for a small piece of information that is saved on a client machine on the hard disk to enable tracking of user information on future web visits?
a cookie
what is the purpose of an application disassembler?
to read and understand the raw language of the program
what is the purpose of a fail-safe error handler?
to ensure that the application stops working, reports the error, and closes down
what is an application backdoor?
lines of code that are inserted into an application to allow developers to enter the application and bypass the security mechanisms
what is cross-site request forgery (XSRF)?
unauthorized commands coming from a trusted user to a user or web site, usually through social networking
what should application developers do to prevent race condition attack?
create code that processes exclusive-lock resources in a certain sequence and unlocks them in reverse order
what is the best protection against cross-site scripting? (XSS)?
disable the running of scripts
what is the purpose of secure code review?
it examines all written code for any security holes that may exist
what is a cookie?
a web client test file that stores persistent settings for a web server
what is the purpose of input validation?
to ensure that data being entered into a database follows certain parameters
what is the purpose of application hardening?
it ensures that an application is secure and unnecessary services are disabled
which error occurs when the length of the input data is more than the length that processor buffers can handle?
buffer overflow
which type of attack is characterized by an attacker who takes over the session of an already authenticated user?
hijacking
what is a zero-day exploit?
an attack that exploits a security vulnerability on the day the vulnerability becomes generally known
when does a persistent XSS attack occur?
when data provided to the web application is first stored persistently on the server and later displayed to users without being encoded using HTML on the Web client
which type of attack intercepts an established TCP session?
TCP hijacking or session hijacking
which type of attack enables an intruder to capture and modify data traffic by rerouting the traffic from a network device to the intruder’s computer?
network address hijacking
what are the FIVE monitoring tools analyst need to know?
MRTG (multi router traffic grapher)NagiosSolarWindsCactiNetflow Analyzer
what is wireshark?
a protocol analyzer or packet sniffer
what are the THREE IPS tools?
sourcefiresnortbro
what is unit testing?
the debugging performed by the programmer while coding instructions
what are the THREE categories of exploit tools?
interception proxyexploit frameworkfuzzers
what error condition arises because data is not checked before input to ensure that it has an appropriate length?
buffer overflow errors
what is the purpose of content inspection?
to search for malicious code or behavior
what are the TWO exploit framework tools analyst need to know?
Metasploit, Nexpose
what are the six SIEM tools analyst need to know?
Arcsight, QRadar, Splunk, AlienVault, OSSIM, Kiwi Syslog
what is microsoft baseline security analyzer?
a microsoft application that creates security reports
what are TWO examples of input validation errors?
buffer overflow and boundary condition errors
what is a proxy server?
a server that caches and filters content
what are the seven categories of preventive tools?
IPSFirewallAnti-VirusAnti-malwareEnhanced Mitigation Experience Toolkit (EMET)Web proxyWeb application firewall
which error occurs when the length of the input data is more than the length that processor buffers can handle?
a buffer overflow
what is the most popular intrusion detection system (IDS)?
network-based IDS
what are the three interception proxy tools analyst need to know?
Burp SuiteZapVega
what does the acronym IDS denote?
intrusion detection system
what are the SEVEN command-line tools analyst need to know?
netstatpingtracert/tracerouteipconfig/ifconfignslookup/digSysinternalsOpenSSL
what is the difference between a password checker and a password cracker?
there is no difference. they are the same tools
what are the SIX vulnerability scanning tools analyst need to know?
QualysNessusOpenVASNexposeNiktoMicrosoft Baseline Security Analyzer
what are the TWO password cracking tools analyst need to know?
john the rippercain and abel
what are the five forensic suite tools analyst need to know?
EnCaseFTK (forensic toolkit)HelixSysinternalsCellebrite
which type of control is an intrusion detection system (IDS)?
detective technical
which type of vulnerability assessment is more likely to demonstrate the success or failure of a possible attack?
a double-blind test
what is Nessus?
a network vulnerability scanner
what are the THREE categories of analytical tools?
vulnerability scanningmonitoring toolsinterception proxy
what are the THREE web application firewalls (WAFs) analyst need to know?
ModSecurityNAXSIImperva
what is the imaging tool analysts need to know?
DD
what are the two hashing tools analyst need to know?
MD5sumSHAsum
what is the network scanning tool analyst need to know?
NMAP
what activity provides identification of security flaws and verification of levels of existing resistance?
penetration testing
what are the THREE fuzzer tools analyst need to know?
UntidyPeach FuzzerMicrosoft SDL File/Regex Fuzzer
what are the FOUR categories of forensics tools?
forensics suiteshashingpassword crackingimaging
what are the four packet capture tools analyst need to know?
wiresharktcpdumpnetwork generalaircrack-ng
which tool obtains a visual map of the topology of your network, including all devices on the network?
a network mapper, also referred to as a network enumerator
what are the THREE firewall vendors analyst need to understand?
Cisco, Palo Alto, Check Point
which tool should you use to retrieve the contents of a GET request: a protocol analyzer or port scanner?
protocol analyzer
what are the SIX categories of collective tools?
SIEMNetworking scanningVulnerability scanningPacket captureCommand-line utilitiesIDS
