401_2 Flashcards

1
Q

Why are most worms successful?

A

A prevalence of undefended perimeters
OSs are left unchanged and unpatched
One application automatically installing another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the CIA triad?

A

Confidentiality, Integrity, and Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Risk?

A

The probability of a threat crossing or touching a vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the impact of vulnerabilities in the risk calculation?

A

Vulnerabilities reduces the risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How does threat affect risk?

A

Threats drive the risk calculation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the key focus of risk?

A

Confidentiality / Disclosure
Integrity / Alteration
Availability / Destruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the primary threats?

A

Malware
Insider
Natural Disasters
Terrorism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a threat?

A

Any activities that represent possible danger to information or operation.
Anything that would negatively impact CIA.
Threats are the agents of Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the relationship between vulnerabilities and threats?

A

Vulnerabilities are the gateway by which threats are manifested.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a vulnerability?

A

A weakness in a system or process that could be exploited by a threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the primary vulnerability types?

A

Software
Electronic
Human
Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the 4 approaches to Defense-in-Depth?

A

Uniform protection
Protected enclaves
Information centric
Threat vector analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When discussing Defense-in-Depth, how does uniform protection treat all system?

A

As equally important

Gives no special consideration or protection to the critical intellectual property of an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

To what type of threat is the uniform protection approach to Defense-in-Depth most vulnerable?

A

Insider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What two things are needed to manage configurations?

A

A baseline

A way to detect when a change occurs to the baseline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the dangers associated with malware?

A

Destroying Data
Leaking Information
Providing Backdoor Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

An effective malware defense strategy should incorporate the following items.

A
  1. Antivirus software at multiple locations
  2. up-to-date virus signature files
  3. A practice of reviewing and installing security patches
  4. Lock-down of system configuration and dangerous application features
  5. Blocking file attachments (#1 to stop email viruses)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the 3 primary defensive techniques incorporated into an antivirus product?

A

Scanners
Activity monitors
Integrity checkers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is another word for Activity monitors?

A

Behavior blockers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

List 2 examples of integrity verification software

A

Tripwire

AIDE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are some classic locations for antivirus products?

A

Workstations
File and print servers
Mail servers
Internet gateways

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is a security policy?

A

It establishes what you must do to protect information stored on computers and contains sufficient definition of “what” to do so you can identify, measure, or evaluate the “how.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

How does a security policy protect people?

A

Allows people to take necessary actions without fear of reprisal
compels the safeguarding of information
eliminates, or at least reduces, personal liability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How do you sell the need for a security policy to executives and users?

A

To sell to executives talk about the money

To sell to users talk about how it makes their job easier

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Why does an organization need a security policy

A

Protects the org, the people, and the info
Establishes what must be done to protect information stored on computers
Protects people who are trying to do the right thing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What does a mission statement have to do with information security?

A

It allows security workers to be sensitive to the needs of the business

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is the foundation for evaluating policy?

A

A baseline of the existing documentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What do policies address

A

The who, what,and why

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What do procedures address

A

The how, where, and when

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is a policy

A

A directive that indicates a conscious decision to follow a path towards a specified objective.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is a standard

A

Specifies a certain way something should be done or a certain brand or type of equipment that must be used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is a baseline in relationship to a standard

A

A baseline is a more specific implementation of a standard and gets into the specific technical details of how a system should be configured. I.e. Hardening Guides

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What are guidelines

A

Suggestions to assist users, systems personnel, and others in effectively implementing policies and procedures. I.e., recommendations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What needs to be included in a policy

A
Purpose
Related documents or references
Cancellation or expiration
Background
Scope
Policy Statement
Responsibility
Action
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

How must a policy statement be written?

A

Clear, concise, and meet SMART objectives

Contain the guiding principles and 5 Ws (who, what, when, where, and why)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

With what other policies should the security policy be consistent?

A

Mission Statement
Program Policy
Issue-Specific
System-Specific

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What should be followed when creating a security policy?

A

State the issue
Identify the players (maintainer, HR, legal, management)
Find all relevant documentation that may exist
Define the policy - including all necessary sections
Identify penalties for non-compliance
Make sure it is enforceable
Submit for review and approval

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is an NDA

A

Non-Disclosure Agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What three elements must be sent in order to register a copyright with the Library of Congress

A

Properly completed application form
Application fee (currently $30)
“Deposit” (sample copy) of the work

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What is a Business Continuity Plan (BCP)?

A

A plan for emergency response, backup operations, and post-disaster recovery maintained as a part of a security program that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What is a Disaster Recovery Plan (DRP)?

A

a plan that covers the tactical recovery of IT systems in the event of a disruption or disaster

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Business continuity activities form a _______ over a crisis situation, while disaster recovery activities are a ________ of business continuity activities.

A

umbrella

subset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Name the six key components to a Business Continuity Plan?

A
Assess
Evaluate
Prepare
Mitigate
Respond
Recover
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What is the primary goal of the Business Impact Analysis?

A

To determine the maximum allowable (or tolerable) downtime for any given system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

List five mistakes that are commonly made in contingency planning

A
Lack of BCP testing
Limited scope
Lack of prioritization
Lack of plan updates
Lack of plan ownership
Lack of communication
Lack of security controls
Inadequate evaluation of vendor suppliers
Inadequate insurance (loss of life)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What are the two primary categories of data classification?

A

Public / Non Classified / Non Confidential

Private / Classified / Confidential

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What are the five DoD and federal classification levels

A
Top Secret
Secret
Confidential
Sensitive But Unclassified (SBU)
Unclassified
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

With respect to access control what does acronym IAAA represent?

A

Identity
Authentication
Authorization
Accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Authentication is proving that you are who you say you are and is done in what four ways?

A

Something you know
Something you have
Something you are
Someplace you are

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What are the four principles associated with access control that you should utilize to make sure your security is as robust as it can possibly be?

A

Least Privilege
Need to Know
Separation of Duties
Rotation of Duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What are six common types of access control?

A
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Role-based Access Control (RBAC)
Ruleset-based Access Control (RSBAC)
List-based Access Control (LBAC)
Token-based Access Control (TBAC)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

User accounts, data, and their relationships must be actively maintained is a process called ________ and consists of what four tasks?

A

Access Management

Account Administration, Maintenance, Monitoring, and Revocation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What are some common ways of implementing SSO?

A

Scripts
LDAP or AD
Secure Tokens
Kerberos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

By what different names is irreversible encryption known?

A

On-way encryption
One-way hashing
Hashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

The strength of a hash used for password storage primarily depends on what five factors?

A
Quality of algorithm
Key length (Hash length)
CPU cycles
Character set support
Password length
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What is password cracking?

A

The process of trying to guess or determine plaintext passwords, given only encrypted passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What are the basic steps involved in cracking passwords?

A
Find a valid user ID
Find the encryption algorithm
Obtain the encrypted password
Create a list of possible passwords
Encrypt each password
See if there is a match
58
Q

What are the four general attack methods for cracking passwords?

A

Dictionary Attack
Hybrid Attack
Brute Force Attack
Pre-computation Attack

59
Q

What’s are two common tools used to crack passwords?

A

John the Ripper

Cain

60
Q

How do computers store passwords?

A

As one-way cryptographic hashes

61
Q

What three major design flaws in Windows NT and Windows 2000 allowed passwords to be cracked very quickly?

A

Breaking it into two seven-character words before applying the hash algorithm
Automatically converts all lowercase characters to uppercase
Does not use salts

62
Q

What effect does a salt have on a password hash?

A

Ensures that two users with the same password will have a different ciphertext.

63
Q

_____ is one of the best Windows password cracking programs on the market for what reasons?

A

Cain
Easy to use and nice GUI
Takes advantage of weak LAN Manager
Can crack passwords extremely quickly
Uses DLL injection to extract password hashes
Option to sniff a challenge/response dialogue
Circumvents MS SYSKEY protection mechanism
Free

64
Q

What is a rainbow table?

A

Name given to the files that are produced by pre-computing password has values and storing the data in an optimized manner.

65
Q

What techniques can be used to protect against password cracking?

A
Protect encrypted passowrds
Enforce a strong password policy
Use one-time passwords or multi-factor authentication
Disable LANMAN
Prevent pre-computation attacks (
66
Q

What are three quantities typically associated with the reliability of a biometric mechnanism?

A

False Acceptance Rate (FAR)
False Reject Rate (FRR)
Cross Error Rate (CER)

67
Q

What is Incident Handling?

A

The action or plan for dealing with intrusions, cyber-theft, denial of service attacks, malicious code, and other events

68
Q

What is an Incident in the context of Incident Handling?

A

An adverse event in an information system, and/or network, or the threat of the occurrence of such an event

69
Q

What is an event?

A

Any observable occurrence in a system and/or network.

Something that happened in time that you either directly experienced or that you can demonstrate actually occurred.

70
Q

What is the relationship of an event to an incident?

A

All incidents are composed of a series of events, but not all events are considered incidents

71
Q

Which of the following would you consider an incident?

  • Attackers exploiting Sendmail on a Unix system
  • Attackers running a NetBIOS scan against a Unix system
  • A missing backup tape that contains sensitive information
A

Yes to all three.

72
Q

What are the six stages of Incident Handling?

A
  1. Preparation
  2. Identification
  3. Containment
  4. Eradication
  5. Recovery
  6. Lessons Learned
73
Q

What are some key items to consider during the preparation phase of the Incident Handling process?

A
  1. Out of band communication
  2. Notification of law enforcement officials
  3. Contain and cleanup or observe
74
Q
In which of the plans that encompass the Business Continuity Plan would Incident Handling be included?
Disaster Recovery
End-user Recovery
Contingency
Emergency Response
Crisis Management
A

Disaster Recovery

75
Q

What is the goal of the contain stage of the Incident Handling process?

A

To stabilize the environment
Make a binary backup of the systems for analysis
Secure the area
Change passwords ASAP

76
Q

List three of the most common backup access methods (backdoors)?

A

A process listening on a specific port and offereing shell access
Creating a new user account with high privileges
Scheduling jobs that periodically run programs that open new paths to access the system.

77
Q

What is the key point to consider in the recovery phase of the Incident Handling process?

A

To ensure you are not restoring vulnerable code that has already proven itself to be exploitable or already compromised.

78
Q

What are the two main options available when restoring a compromised system?

A
  1. Installing the OS and apps from scratch

2. Restoring from a trusted backup and patching to fix the vulnerability

79
Q

What are some key Incident Handling mistakes that are commonly made in organizations?

A
  1. Failure to report an incident or ask for help
  2. Incomplete or nonexistent notes
  3. Mishandling or destroying evidence
  4. Failure to create working backups
  5. Failure to contain or eradicate the incident
  6. Failure to prevent re-infection
  7. Failure to apply lessons learned
80
Q

What are the two dominant legal systems in the world?

A
  1. Common Law System

2. Civil Law System

81
Q

What is the common law system often referred to as?

A

Judge-made Law

82
Q

What is the difference between common law system and civil law sytem?

A

Common law is based on precedence set by prior court rulings. Civil law is based on written rules and codes.

83
Q

What is a “tort” with respect to Incident Handling?

A

A civil wrong

84
Q

What forms and integral part of “Tort Law”

A

The Law of Negligence

85
Q

What are the two main categories of law?

A

Criminal Law

Civil Law

86
Q

What is the burden of proof for criminal law?

A

Have to prove beyond a reasonable doubt that someone committed a crime.

87
Q

Who is the victim in a criminal law case?

A

Society

88
Q

What is chain of custody?

A

A concept in jurisprudence that applies to the handling of evidence and its integrity.
Refers to the document or paper trail showing the seizure, custody, control, storage, transfer, and analysis of physical and electronic evidence.

89
Q

What algorithms are used for preserving computer-based evidence?

A

MD5

SHA1

90
Q

What is real evidence?

A

A tangible item such as the seized computer or USB thumbdrive

91
Q

What is direct evidence?

A

Refers to evidence gathered from an eye witness or the person who watched or logged an incident as it occurred.

92
Q

What are two key tenets of cyber security

A
  1. Know thy system

2. Prevention is ideal but detection is a must

93
Q

What are the three basic tool of information warfare?

A
  1. perception management
  2. Malicious code
  3. Predictable response
94
Q

At its hear, what has the focus for information warfare been over the past decade?

A

Economic

95
Q

What is asymmetry with respect to information warfare?

A

When a fairly small investment or input has a very large affect.

96
Q

Give an example of cycle time?

A

The decreasing amount of time between a vulnerability announcement, patch availability, and the release of a worm taking advantage of the vulnerability.

97
Q

What is the basic model for assessing collected data?

A

Does the data indicate a stimulus or response?
Assess the targeting
Is there implied evidence of earlier successful reconnaissance?
Mechanically assess the trace
Make an estimate as to the purpose and severity

98
Q

List the typical information warfare offensive players?

A
  1. Insiders (Employees, Ex-Employees, Temps, Contractors)
  2. Hackers
  3. Criminals
  4. Corporations
  5. Governments
  6. Terrorists
99
Q

What is the overall goal of an information warfare attack?

A

To target an information resource and either make it more valuable to the offense or less valuable to the defense.
To cause harm to the target organization.

100
Q

What is the mantra of the information operations worker?

A

We win; you lose, but perhaps not in zero-sum fashion

101
Q

As a defender in an information warfare attack, what is one of our most important tools?

A

Defense-in-depth

102
Q

Why is defense not dominant in information warfare?

A
Vast perimeter to defend (mobility)
Complex systems
Data portability (cloud computing)
Insiders whether malicious or just careless
Security is often an afterthought
103
Q

What protocol do browsers and servers use to communicate over the Web?

A

HTTP - Hypertext Transfer Protocol

104
Q

What are the two parts of an HTTP transaction?

A

Client request

Server response

105
Q

What are the most common HTTP methods

A

GET
PUT
POST
HEAD

106
Q

What three components make up the first line of an HTTP request?

A
  1. Name of the method
  2. Resource being requested
  3. HTTP Version
107
Q

In addition component is required in the HTTP/1/1 protocol that is not required in the older HTTP/1.0 protocol?

A

Host header to specify at which domain the request is aimed. This allows a single web server on a single IP address to process requests for multiple domains.

108
Q

HTTP status codes beginning with the number __ are error codes.

A

4

109
Q

What are the three pieces that make up an HTTP request?

A
  1. Request
  2. Header lines
  3. Body
110
Q

What are the three pieces that make up an HTTP response?

A
  1. Status line
  2. Header lines
  3. Body
111
Q

What three fields are in the HTTP response status line?

A
  1. HTTP Version
  2. Status code
  3. Description (free form text message)
112
Q

What was the creator’s main purpose in developing HTML?

A

Allow for standard formatting of document and to facilitate easy editing and uploading of Web-based documents for the purposes of collaboration

113
Q

How is form data sent with the GET action?

A

It is appending to the URL query string.

114
Q

How is form data sent with the PUT action?

A

It is sent within the HTTP headers

115
Q

Is HTTP a stateless or stateful protocol?

A

Stateless

116
Q

In web terms what is a cookie?

A

A named piece of data created by a Web server and stored at the Web broswer.

117
Q

What do cookies most commonly keep track of?

A

User authentication

Application session state

118
Q

What are the two types of cookies?

A

Persistent - stored in text file

Session (non-persistent) - stored in memory

119
Q

List some rules cookies must follow?

A
  1. must have been set by a Web server and can only be sent back to that same Web server
  2. Web server must specify the contents of the cookie at the time it is created
  3. Can’t violate your privacy as they only contain info already know to the site.
120
Q

What is the most significant concern with cookies?

A

They can be used to track you WEb usage.

121
Q

What are the three roles of SSL

A
  1. Encryption
  2. Server identity verification
  3. Data integrity
122
Q

What is SSL?

A

Secure Socket Layers is a protocol that provides an encrypted tunnel between two SSL-aware applications.

123
Q

What is negotiated during the handshake phase of an SSL connection?

A

The type and strength of encryption to use

124
Q

What is presented to the client during SSL initialization allowing the user to verify the server’s identity?

A

Public key certificate

125
Q

What components should be included in an organization’s development, testing, and deployment process to prevent the introduction of vulnerabilities?

A
  1. security training for Developers
  2. Peer Reviews
  3. Formal testing
  4. Performance testing
  5. Configuration management and version control
  6. Staging and deployment
126
Q

What is an ASP?

A

Application Service Provider

127
Q

What items should be on the audit checklist for ASPs?

A
  1. How will they secure the applications
  2. When was last audit? (each 6 month is ideal)
  3. Review the patch mgmt history
  4. Should allow vulnerability scanning
128
Q

What is the best way to identify the security practices of an ASP?

A

By performing an audit every six months.

129
Q

What are the two most commonly seen web authentication methods?

A
  1. HTTP Authentication

2. HTML Form based Authentication

130
Q

What are the two native HTTP authentication schemes?

A
  1. Basic Authentication

2. Digest Authentication

131
Q

What is a URL directory traversal attack?

A

A user exploiting vulnerabilities on a web server to gain access to restricted directories, execute commands, and view data outside of the directories meant to be published.

132
Q

What is the most popular technique for tracking a user through multiple web requests?

A

The use of Session IDs.

133
Q

Where are session IDs often stored?

A
  1. Hidden form element
  2. Cookies
  3. URL query string
134
Q

What are common examples of input attacks?

A
  1. OS command injection
  2. Buffer overflows
  3. SQL Injection
  4. Cross Site Scripting
135
Q

What is the number one defense against most input attacks?

A

Validation of user input.

136
Q

What is one of the most popular file integrity checkers?

A

Tripwire

137
Q

What tool can perform SIEM correlations?

A

Splunk

138
Q

What is the number one all-time champion Web hacking tool in the galaxy?

A

Your Web browser

139
Q

What is the first thing you want to identify when monitoring the performance of your web application?

A

A baseline

140
Q

What are the key performance indicators to track for security purposes while monitoring the performance of your web application?

A
  1. Latency

2. Throughput

141
Q

What are some specific attributes of latency and throughput that should be monitored?

A
  1. Network connections
  2. Page load times
  3. Application login
  4. Transaction times