4.0 Security Architecture and Tool Sets Flashcards
1
Q
which audit category will audit all instances of users exercising their rights?
A
the audit privilege use audit category
2
Q
what is another term for logical controls?
A
technical controls
3
Q
which type of controls dictates how security policies are implemented to fulfill the company’s security goals?
A
administrative or management control
4
Q
what is the name of the process for removing only the incriminating data from the audit logs?
A
scrubbing
5
Q
which type of controls is implemented to secure physical access to an object, such as building, a room, or a computer?
A
physical or operational control
6
Q
which type of controls include developing policies and procedures, screening personnel, conducting security awareness training, and implementing change control?
A
administrative controls
7
Q
what is the purpose of administrative controls?
A
to implement security policies based on procedures, standards, and guidelines
8
Q
what is the purpose of password complexity rules?
A
to ensure that users do not use passwords that are easy to guess using dictionary attacks
9
Q
what must you do for an effective security auditing policy, besides creating security logs?
A
analyze the logs
10
Q
what is the purpose of physical controls?
A
to work with administrative and technical controls to enforce physical access control
11
Q
which audit category tracks access to all objects outside active directory?
A
the audit object access audit category
12
Q
which password attack does an account lockout policy protect against?
A
a brute force attack
13
Q
if a user needs administrative-level access, how many user accounts should be issued to the user?
A
two - one for normal tasks, one for administrative-level tasks
14
Q
which setting ensures that accounts are not used beyond a certain data and/or time?
A
account expiration
15
Q
what are you trying to determine if you implement audit trails to ensure that users are not performing unauthorized functions?
A
accountability
16
Q
which setting ensures that users periodically change their account passwords?
A
password expiration
17
Q
what is the name for the process of tracking user activities by recording selected events in the server activity logs?
A
auditing
18
Q
which document is used when it is necessary to invoke legal action against an employee for inappropriate use of computer resources?
A
acceptable use policy
19
Q
which type of controls includes access control mechanisms, password management, identification methods, authentication methods, and security devices?
A
technical or logical controls
20
Q
what are the FIVE stages in the life cycle of the evidence or the chain of custody?
A
- collection of evidence from the site2. analysis of the evidence by a team of experts3. storage of the evidence in a secure place to ensure that the evidence is not tampered with4. presentation of the evidence by legal experts in a court of law5. returning the evidence to the owner after the proceedings are over
21
Q
what is the purpose of audit logs?
A
to document actions taken on a computer network and the party responsible for those actions
22
Q
which type of controls work to protect system access, network architecture and access, control zones, auditing, and encryption and protocols?
A
technical controls
23
Q
what is the purpose of technical controls?
A
to restrict access to objects and protect availability, confidentiality, and integrity
24
Q
when should an administrative account be used?
A
when performing administrative-level tasks
25
which linux file contains encrypted user passwords that only the root user can read?
/etc/shadow
26
what is the purpose of password age rules?
to ensure that users change their passwords on a regular basis
27
which account should you rename immediately after installing a new operating system (OS) to harden the OS?
the administrator account
28
which assessment examines whether network security practices follow a company's security policy?
an audit
29
which audit category monitors changes to user accounts and groups?
the audit account management audit category
30
what is the purpose of the password history settings?
to ensure that users do not keep reusing the same passwords
31
which setting ensures that repeated attempts to guess a user's password is not possible beyond the configured value?
account lockout
32
which account should you disable immediately after installing a new operating system (OS) to harden the OS?
the guest account
33
which log in event viewer should you open to view events that are generated based on your auditing settings?
the security log
34
what is a good password complexity policy?
a mixture of numbers, uppercase and lowercase letters, and special characters, such as rObin3*nest
35
which audit category tracks all attempts to log on with a domain user account when enabled on domain controllers?
the audit account logon events audit category
36
which type of controls includes controlling access to different parts of a building, implementing locking systems, installing fencing, implementing environmental controls, and protecting the facility perimeter?
physical controls
37
what is the top-most level of the LDAP hierarchy?
root
38
what is the primary function of LDAP?
lightweight directory access protocol (LDAP) controls client access to directories
39
what are flood guards?
devices that protect denial of service (DoS) attacks
40
what does the acronym RADIUS denote?
remote authentication dial-in user service
41
what are the two types of eye scans?
iris scans and retinal scans
42
which type of authentication is accomplished by authenticating both the client and server sides of a concentration through the encrypted exchange of credentials?
mutual authentication
43
what does the acronym TACACS denote?
terminal access controller access control system
44
which function does a single sign-on (SSO) system provide?
it allows a user to present authentication credentials once and gain access to all computers within the SSO system
45
what is the purpose of federated identity management?
it allows single sign-on (SSO) between companies
46
what does the acronym KDC denote?
key distribution center
47
which authentication protocol uses UDP: TACACS+ or RADIUS?
RADIUS
48
which security-server application and protocol implements authentication and authorization of users from a central server over TCP?
terminal access controller access control system plus (TACACS+)
49
which authentication protocol is an open standard: TACACS+ or RADIUS?
RADIUS
50
which authentication system includes clients, servers, and a key distribution center (KDC)?
kerberos
51
which authentication protocol separates authentication and authorization: TACACS+ or RADIUS?
TACACS+
52
which Cisco implementation is similar to a RADIUS implementation?
TACACS
53
what are the two components of the kerberos key distribution center?
authentication server (AS) and ticket-granting server (TGS)
54
which access control model is based on the data's owner implementing and administering access control?
discretionary access control (DAC)
55
which eye scan measures the pattern of blood vessels at the back of the eye?
retinal scan
56
scanning fingerprints is an example of which authentication technique
biometrics
57
using role-based access control (RBAC), which entities are assigned roles?
users or subjects
58
which kerberos component holds all users' and services' cryptographic keys and generates tickets?
key distribution center (KDC)
59
who has the responsibility for configuring access rights in discretionary access control (DAC)?
the data owner or data custodian
60
what is the most important biometric system characteristic?
accuracy
61
which type of attack can turn a switch into a hub?
MAC flooding
62
what does the acronym MAC denote?
mandatory access control
63
which type of eye scan is considered more intrusive than other eye scans?
retinal scan
64
which fingerprint scan will analyze fingerprint ridge direction?
minutiae matching
65
why is password disclosure a significant security issue in a single sign-on network?
it could compromise the entire system because authentication grants access to any systems on the network to which the actual user may have permission
66
which access control model has the lowest cost?
role-based access control (RBAC)
67
what does the acronym SSO denote?
single sign-on
68
which authentication protocol encrypts the entire packet (not just the password): TACACS+ or RADIUS?
TACACS+
69
which authentication protocol uses tickets to authenticate users?
Kerberos
70
which function does RADIUS provide?
centralized authentication, authorization, and accounting for remote dial-in users
71
which security-server application and protocol implement authentication of users from a central server over UDP?
remote authentication dial-in user service (RADIUS)
72
which directory protocol does directory-enabled networking (DEN) use?
lightweight directory access protocol (LDAP)
73
which access control model uses security labels for each resource?
mandatory access control (MAC)
74
what are the two advantages of single sign-on (SSO)?
convenience and centralized administration
75
which access control model requires assigning security clearance levels to users, such as secret, top-secret, and confidential?
mandatory access control (MAC)
76
which internet protocol based on X.500 is used to access the data stored in a network directory?
lightweight directory access protocol (LDAP)
77
what is the purpose of RADIUS?
remote access dial-in user service (RADIUS) enables remote access users to log on to a network through a shared authentication database
78
which ethernet standard uses a wireless access point with a remote authentication dial-in user service (RADIUS) server to authenticate wireless users?
802.1x
79
which type of authentication combines two or more authentication methods, like something that a person knows (such as password), something that a person owns (such as a smart card), and a characteristic about the person (such as a fingerprint)?
multi-factor authentication
80
which technique is used to prevent network bridging?
network separation
81
on which standard is lightweight directory access protocol (LDAP) based?
X.500
82
what are the two types of ciphers?
block and streaming
83
what is most commonly used to provide proof of message's origin?
a digital signature
84
which key is used to decrypt a digital signature: public or private?
public
85
which cryptographic technique is based on a combination of two keys: a secret (private) key and a public key?
public-key cryptography
86
in asymmetric encryption for a digital signature, which key is used for encryption: public or private?
private
87
what are mandatory vacations?
administrative controls that ensure that employees take vacations at periodic intervals
88
what are two other names for single-key cryptography?
symmetric key encryption and secret-key encryption
89
which type of cryptography is more secure: symmetric or asymmetric?
asymmetric
90
which security measure prevents fraud by reducing the chances of collusion?
separation of duties
91
what are the three issues that symmetric data encryption fails to address?
data integrity, repudiation, scalable key distribution
92
to provide checks and balances and to prevent one person from gaining too much power over a system, which type of security policy should you implement?
separation of duties
93
what is the term for the process that applies a one-way mathematical function called a message digest function to an arbitrary amount of data?
hashing
94
what is a dual control?
when two operators work together to accomplish a sensitive task
95
what is segregation of duties?
when a sensitive activity is segregated into multiple activities and tasks are assigned to different individuals to achieve a common goal
96
what is another name for public-key encryption?
asymmetric encryption
97
what is another term used for layered security?
defense in depth
98
what is job rotation?
when an individual can fulfill the tasks of more than one position in the organization and duties are regularly rotated to prevent fraud
99
what is the opposite of confidentiality?
disclosure
100
what is the purpose of filters on a web server?
they limit the traffic that is allowed through
101
what is the purpose of sandbox in a java applet?
it prevents java applets from accessing unauthorized areas on a user's computer
102
which error condition arises because data is not checked before input to ensure that it has an appropriate length?
buffer overflow errors
103
when does fuzzing occur?
when unexpected values are provided as input to an application to make the application crash
104
what are the FIVE phases of the system development life cycle (SDLC)?
1. initiation2. development and acquisition3. implementation and assessment4. operations and maintenance5. disposal
105
what is the purpose of a decompiler?
to re-create the source code in some high-level language
106
which type of attack runs code within another process's address space by making it load a dynamic link library?
a DLL injection attack
107
what is the purpose of fuzz testing?
to identify bugs and security flaws within an application
108
what are alternate terms for cross-site request forgery (XSRF)?
session riding or one-click attack
109
which application hardening method requires that your organization periodically checks with the application vendor?
patch management
110
what is the most significant misuse of cookies?
misuse of personal data
111
when does fuzzing occur?
when unexpected values are provided as input to an application in an effort to make the application crash
112
what does a race condition typically attack?
the delay between time of check (TOC) and time of use (TOU)
113
when does a cross-site scripting (XSS) attack occur?
it occurs when an attacker locates a vulnerability on a web site that allows the attacker to inject malicious code into a web application
114
what is the name for a small piece of information that is saved on a client machine on the hard disk to enable tracking of user information on future web visits?
a cookie
115
what is the purpose of an application disassembler?
to read and understand the raw language of the program
116
what is the purpose of a fail-safe error handler?
to ensure that the application stops working, reports the error, and closes down
117
what is an application backdoor?
lines of code that are inserted into an application to allow developers to enter the application and bypass the security mechanisms
118
what is cross-site request forgery (XSRF)?
unauthorized commands coming from a trusted user to a user or web site, usually through social networking
119
what should application developers do to prevent race condition attack?
create code that processes exclusive-lock resources in a certain sequence and unlocks them in reverse order
120
what is the best protection against cross-site scripting? (XSS)?
disable the running of scripts
121
what is the purpose of secure code review?
it examines all written code for any security holes that may exist
122
what is a cookie?
a web client test file that stores persistent settings for a web server
123
what is the purpose of input validation?
to ensure that data being entered into a database follows certain parameters
124
what is the purpose of application hardening?
it ensures that an application is secure and unnecessary services are disabled
125
which error occurs when the length of the input data is more than the length that processor buffers can handle?
buffer overflow
126
which type of attack is characterized by an attacker who takes over the session of an already authenticated user?
hijacking
127
what is a zero-day exploit?
an attack that exploits a security vulnerability on the day the vulnerability becomes generally known
128
when does a persistent XSS attack occur?
when data provided to the web application is first stored persistently on the server and later displayed to users without being encoded using HTML on the Web client
129
which type of attack intercepts an established TCP session?
TCP hijacking or session hijacking
130
which type of attack enables an intruder to capture and modify data traffic by rerouting the traffic from a network device to the intruder's computer?
network address hijacking
131
what are the FIVE monitoring tools analyst need to know?
MRTG (multi router traffic grapher)NagiosSolarWindsCactiNetflow Analyzer
132
what is wireshark?
a protocol analyzer or packet sniffer
133
what are the THREE IPS tools?
sourcefiresnortbro
134
what is unit testing?
the debugging performed by the programmer while coding instructions
135
what are the THREE categories of exploit tools?
interception proxyexploit frameworkfuzzers
136
what error condition arises because data is not checked before input to ensure that it has an appropriate length?
buffer overflow errors
137
what is the purpose of content inspection?
to search for malicious code or behavior
138
what are the TWO exploit framework tools analyst need to know?
Metasploit, Nexpose
139
what are the six SIEM tools analyst need to know?
Arcsight, QRadar, Splunk, AlienVault, OSSIM, Kiwi Syslog
140
what is microsoft baseline security analyzer?
a microsoft application that creates security reports
141
what are TWO examples of input validation errors?
buffer overflow and boundary condition errors
142
what is a proxy server?
a server that caches and filters content
143
what are the seven categories of preventive tools?
IPSFirewallAnti-VirusAnti-malwareEnhanced Mitigation Experience Toolkit (EMET)Web proxyWeb application firewall
144
which error occurs when the length of the input data is more than the length that processor buffers can handle?
a buffer overflow
145
what is the most popular intrusion detection system (IDS)?
network-based IDS
146
what are the three interception proxy tools analyst need to know?
Burp SuiteZapVega
147
what does the acronym IDS denote?
intrusion detection system
148
what are the SEVEN command-line tools analyst need to know?
netstatpingtracert/tracerouteipconfig/ifconfignslookup/digSysinternalsOpenSSL
149
what is the difference between a password checker and a password cracker?
there is no difference. they are the same tools
150
what are the SIX vulnerability scanning tools analyst need to know?
QualysNessusOpenVASNexposeNiktoMicrosoft Baseline Security Analyzer
151
what are the TWO password cracking tools analyst need to know?
john the rippercain and abel
152
what are the five forensic suite tools analyst need to know?
EnCaseFTK (forensic toolkit)HelixSysinternalsCellebrite
153
which type of control is an intrusion detection system (IDS)?
detective technical
154
which type of vulnerability assessment is more likely to demonstrate the success or failure of a possible attack?
a double-blind test
155
what is Nessus?
a network vulnerability scanner
156
what are the THREE categories of analytical tools?
vulnerability scanningmonitoring toolsinterception proxy
157
what are the THREE web application firewalls (WAFs) analyst need to know?
ModSecurityNAXSIImperva
158
what is the imaging tool analysts need to know?
DD
159
what are the two hashing tools analyst need to know?
MD5sumSHAsum
160
what is the network scanning tool analyst need to know?
NMAP
161
what activity provides identification of security flaws and verification of levels of existing resistance?
penetration testing
162
what are the THREE fuzzer tools analyst need to know?
UntidyPeach FuzzerMicrosoft SDL File/Regex Fuzzer
163
what are the FOUR categories of forensics tools?
forensics suiteshashingpassword crackingimaging
164
what are the four packet capture tools analyst need to know?
wiresharktcpdumpnetwork generalaircrack-ng
165
which tool obtains a visual map of the topology of your network, including all devices on the network?
a network mapper, also referred to as a network enumerator
166
what are the THREE firewall vendors analyst need to understand?
Cisco, Palo Alto, Check Point
167
which tool should you use to retrieve the contents of a GET request: a protocol analyzer or port scanner?
protocol analyzer
168
what are the SIX categories of collective tools?
SIEMNetworking scanningVulnerability scanningPacket captureCommand-line utilitiesIDS
