401_2

Question 1

Why are most worms successful?

Answer 1

A prevalence of undefended perimeters
OSs are left unchanged and unpatched
One application automatically installing another.

Question 2

What is the CIA triad?

Answer 2

Confidentiality, Integrity, and Availability

Question 3

What is Risk?

Answer 3

The probability of a threat crossing or touching a vulnerability

Question 4

What is the impact of vulnerabilities in the risk calculation?

Answer 4

Vulnerabilities reduces the risk

Question 5

How does threat affect risk?

Answer 5

Threats drive the risk calculation

Question 6

What is the key focus of risk?

Answer 6

Confidentiality / Disclosure
Integrity / Alteration
Availability / Destruction

Question 7

What are the primary threats?

Answer 7

Malware
Insider
Natural Disasters
Terrorism

Question 8

What is a threat?

Answer 8

Any activities that represent possible danger to information or operation.
Anything that would negatively impact CIA.
Threats are the agents of Risk

Question 9

What is the relationship between vulnerabilities and threats?

Answer 9

Vulnerabilities are the gateway by which threats are manifested.

Question 10

What is a vulnerability?

Answer 10

A weakness in a system or process that could be exploited by a threat

Question 11

What are the primary vulnerability types?

Answer 11

Software
Electronic
Human
Physical

Question 12

What are the 4 approaches to Defense-in-Depth?

Answer 12

Uniform protection
Protected enclaves
Information centric
Threat vector analysis

Question 13

When discussing Defense-in-Depth, how does uniform protection treat all system?

Answer 13

As equally important

Gives no special consideration or protection to the critical intellectual property of an organization.

Question 14

To what type of threat is the uniform protection approach to Defense-in-Depth most vulnerable?

Answer 14

Insider

Question 15

What two things are needed to manage configurations?

Answer 15

A baseline

A way to detect when a change occurs to the baseline

Question 16

What are the dangers associated with malware?

Answer 16

Destroying Data
Leaking Information
Providing Backdoor Access

Question 17

An effective malware defense strategy should incorporate the following items.

Answer 17

1. Antivirus software at multiple locations
2. up-to-date virus signature files
3. A practice of reviewing and installing security patches
4. Lock-down of system configuration and dangerous application features
5. Blocking file attachments (#1 to stop email viruses)

Question 18

What are the 3 primary defensive techniques incorporated into an antivirus product?

Answer 18

Scanners
Activity monitors
Integrity checkers

Question 19

What is another word for Activity monitors?

Answer 19

Behavior blockers

Question 20

List 2 examples of integrity verification software

Answer 20

Tripwire

AIDE

Question 21

What are some classic locations for antivirus products?

Answer 21

Workstations
File and print servers
Mail servers
Internet gateways

Question 22

What is a security policy?

Answer 22

It establishes what you must do to protect information stored on computers and contains sufficient definition of “what” to do so you can identify, measure, or evaluate the “how.”

Question 23

How does a security policy protect people?

Answer 23

Allows people to take necessary actions without fear of reprisal
compels the safeguarding of information
eliminates, or at least reduces, personal liability

Question 24

How do you sell the need for a security policy to executives and users?

Answer 24

To sell to executives talk about the money

To sell to users talk about how it makes their job easier

Question 25

Why does an organization need a security policy

Answer 25

Protects the org, the people, and the info
Establishes what must be done to protect information stored on computers
Protects people who are trying to do the right thing

Question 26

What does a mission statement have to do with information security?

Answer 26

It allows security workers to be sensitive to the needs of the business

Question 27

What is the foundation for evaluating policy?

Answer 27

A baseline of the existing documentation

Question 28

What do policies address

Answer 28

The who, what,and why

Question 29

What do procedures address

Answer 29

The how, where, and when

Question 30

What is a policy

Answer 30

A directive that indicates a conscious decision to follow a path towards a specified objective.

Question 31

What is a standard

Answer 31

Specifies a certain way something should be done or a certain brand or type of equipment that must be used.

Question 32

What is a baseline in relationship to a standard

Answer 32

A baseline is a more specific implementation of a standard and gets into the specific technical details of how a system should be configured. I.e. Hardening Guides

Question 33

What are guidelines

Answer 33

Suggestions to assist users, systems personnel, and others in effectively implementing policies and procedures. I.e., recommendations.

Question 34

What needs to be included in a policy

Answer 34

Purpose
Related documents or references
Cancellation or expiration
Background
Scope
Policy Statement
Responsibility
Action

Question 35

How must a policy statement be written?

Answer 35

Clear, concise, and meet SMART objectives

Contain the guiding principles and 5 Ws (who, what, when, where, and why)

Question 36

With what other policies should the security policy be consistent?

Answer 36

Mission Statement
Program Policy
Issue-Specific
System-Specific

Question 37

What should be followed when creating a security policy?

Answer 37

State the issue
Identify the players (maintainer, HR, legal, management)
Find all relevant documentation that may exist
Define the policy - including all necessary sections
Identify penalties for non-compliance
Make sure it is enforceable
Submit for review and approval

Question 38

What is an NDA

Answer 38

Non-Disclosure Agreement

Question 39

What three elements must be sent in order to register a copyright with the Library of Congress

Answer 39

Properly completed application form
Application fee (currently $30)
“Deposit” (sample copy) of the work

Question 40

What is a Business Continuity Plan (BCP)?

Answer 40

A plan for emergency response, backup operations, and post-disaster recovery maintained as a part of a security program that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation.

Question 41

What is a Disaster Recovery Plan (DRP)?

Answer 41

a plan that covers the tactical recovery of IT systems in the event of a disruption or disaster

Question 42

Business continuity activities form a _______ over a crisis situation, while disaster recovery activities are a ________ of business continuity activities.

Answer 42

umbrella

subset

Question 43

Name the six key components to a Business Continuity Plan?

Answer 43

Assess
Evaluate
Prepare
Mitigate
Respond
Recover

Question 44

What is the primary goal of the Business Impact Analysis?

Answer 44

To determine the maximum allowable (or tolerable) downtime for any given system.

Question 45

List five mistakes that are commonly made in contingency planning

Answer 45

Lack of BCP testing
Limited scope
Lack of prioritization
Lack of plan updates
Lack of plan ownership
Lack of communication
Lack of security controls
Inadequate evaluation of vendor suppliers
Inadequate insurance (loss of life)

Question 46

What are the two primary categories of data classification?

Answer 46

Public / Non Classified / Non Confidential

Private / Classified / Confidential

Question 47

What are the five DoD and federal classification levels

Answer 47

Top Secret
Secret
Confidential
Sensitive But Unclassified (SBU)
Unclassified

Question 48

With respect to access control what does acronym IAAA represent?

Answer 48

Identity
Authentication
Authorization
Accountability

Question 49

Authentication is proving that you are who you say you are and is done in what four ways?

Answer 49

Something you know
Something you have
Something you are
Someplace you are

Question 50

What are the four principles associated with access control that you should utilize to make sure your security is as robust as it can possibly be?

Answer 50

Least Privilege
Need to Know
Separation of Duties
Rotation of Duties

Question 51

What are six common types of access control?

Answer 51

Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Role-based Access Control (RBAC)
Ruleset-based Access Control (RSBAC)
List-based Access Control (LBAC)
Token-based Access Control (TBAC)

Question 52

User accounts, data, and their relationships must be actively maintained is a process called ________ and consists of what four tasks?

Answer 52

Access Management

Account Administration, Maintenance, Monitoring, and Revocation

Question 53

What are some common ways of implementing SSO?

Answer 53

Scripts
LDAP or AD
Secure Tokens
Kerberos

Question 54

By what different names is irreversible encryption known?

Answer 54

On-way encryption
One-way hashing
Hashing

Question 55

The strength of a hash used for password storage primarily depends on what five factors?

Answer 55

Quality of algorithm
Key length (Hash length)
CPU cycles
Character set support
Password length

Question 56

What is password cracking?

Answer 56

The process of trying to guess or determine plaintext passwords, given only encrypted passwords

Question 57

What are the basic steps involved in cracking passwords?

Answer 57

Find a valid user ID
Find the encryption algorithm
Obtain the encrypted password
Create a list of possible passwords
Encrypt each password
See if there is a match

Question 58

What are the four general attack methods for cracking passwords?

Answer 58

Dictionary Attack
Hybrid Attack
Brute Force Attack
Pre-computation Attack

Question 59

What’s are two common tools used to crack passwords?

Answer 59

John the Ripper

Cain

Question 60

How do computers store passwords?

Answer 60

As one-way cryptographic hashes

Question 61

What three major design flaws in Windows NT and Windows 2000 allowed passwords to be cracked very quickly?

Answer 61

Breaking it into two seven-character words before applying the hash algorithm
Automatically converts all lowercase characters to uppercase
Does not use salts

Question 62

What effect does a salt have on a password hash?

Answer 62

Ensures that two users with the same password will have a different ciphertext.

Question 63

_____ is one of the best Windows password cracking programs on the market for what reasons?

Answer 63

Cain
Easy to use and nice GUI
Takes advantage of weak LAN Manager
Can crack passwords extremely quickly
Uses DLL injection to extract password hashes
Option to sniff a challenge/response dialogue
Circumvents MS SYSKEY protection mechanism
Free

Question 64

What is a rainbow table?

Answer 64

Name given to the files that are produced by pre-computing password has values and storing the data in an optimized manner.

Question 65

What techniques can be used to protect against password cracking?

Answer 65

Protect encrypted passowrds
Enforce a strong password policy
Use one-time passwords or multi-factor authentication
Disable LANMAN
Prevent pre-computation attacks (

Question 66

What are three quantities typically associated with the reliability of a biometric mechnanism?

Answer 66

False Acceptance Rate (FAR)
False Reject Rate (FRR)
Cross Error Rate (CER)

Question 67

What is Incident Handling?

Answer 67

The action or plan for dealing with intrusions, cyber-theft, denial of service attacks, malicious code, and other events

Question 68

What is an Incident in the context of Incident Handling?

Answer 68

An adverse event in an information system, and/or network, or the threat of the occurrence of such an event

Question 69

What is an event?

Answer 69

Any observable occurrence in a system and/or network.

Something that happened in time that you either directly experienced or that you can demonstrate actually occurred.

Question 70

What is the relationship of an event to an incident?

Answer 70

All incidents are composed of a series of events, but not all events are considered incidents

Question 71

Which of the following would you consider an incident?

• Attackers exploiting Sendmail on a Unix system
• Attackers running a NetBIOS scan against a Unix system
• A missing backup tape that contains sensitive information

Answer 71

Yes to all three.

Question 72

What are the six stages of Incident Handling?

Answer 72

1. Preparation
2. Identification
3. Containment
4. Eradication
5. Recovery
6. Lessons Learned

Question 73

What are some key items to consider during the preparation phase of the Incident Handling process?

Answer 73

1. Out of band communication
2. Notification of law enforcement officials
3. Contain and cleanup or observe

Question 74

In which of the plans that encompass the Business Continuity Plan would Incident Handling be included?
Disaster Recovery
End-user Recovery
Contingency
Emergency Response
Crisis Management

Answer 74

Disaster Recovery

Question 75

What is the goal of the contain stage of the Incident Handling process?

Answer 75

To stabilize the environment
Make a binary backup of the systems for analysis
Secure the area
Change passwords ASAP

Question 76

List three of the most common backup access methods (backdoors)?

Answer 76

A process listening on a specific port and offereing shell access
Creating a new user account with high privileges
Scheduling jobs that periodically run programs that open new paths to access the system.

Question 77

What is the key point to consider in the recovery phase of the Incident Handling process?

Answer 77

To ensure you are not restoring vulnerable code that has already proven itself to be exploitable or already compromised.

Question 78

What are the two main options available when restoring a compromised system?

Answer 78

1. Installing the OS and apps from scratch

2. Restoring from a trusted backup and patching to fix the vulnerability

Question 79

What are some key Incident Handling mistakes that are commonly made in organizations?

Answer 79

1. Failure to report an incident or ask for help
2. Incomplete or nonexistent notes
3. Mishandling or destroying evidence
4. Failure to create working backups
5. Failure to contain or eradicate the incident
6. Failure to prevent re-infection
7. Failure to apply lessons learned

Question 80

What are the two dominant legal systems in the world?

Answer 80

1. Common Law System

2. Civil Law System

Question 81

What is the common law system often referred to as?

Answer 81

Judge-made Law

Question 82

What is the difference between common law system and civil law sytem?

Answer 82

Common law is based on precedence set by prior court rulings. Civil law is based on written rules and codes.

Question 83

What is a “tort” with respect to Incident Handling?

Answer 83

A civil wrong

Question 84

What forms and integral part of “Tort Law”

Answer 84

The Law of Negligence

Question 85

What are the two main categories of law?

Answer 85

Criminal Law

Civil Law

Question 86

What is the burden of proof for criminal law?

Answer 86

Have to prove beyond a reasonable doubt that someone committed a crime.

Question 87

Who is the victim in a criminal law case?

Answer 87

Society

Question 88

What is chain of custody?

Answer 88

A concept in jurisprudence that applies to the handling of evidence and its integrity.
Refers to the document or paper trail showing the seizure, custody, control, storage, transfer, and analysis of physical and electronic evidence.

Question 89

What algorithms are used for preserving computer-based evidence?

Answer 89

MD5

SHA1

Question 90

What is real evidence?

Answer 90

A tangible item such as the seized computer or USB thumbdrive

Question 91

What is direct evidence?

Answer 91

Refers to evidence gathered from an eye witness or the person who watched or logged an incident as it occurred.

Question 92

What are two key tenets of cyber security

Answer 92

1. Know thy system

2. Prevention is ideal but detection is a must

Question 93

What are the three basic tool of information warfare?

Answer 93

1. perception management
2. Malicious code
3. Predictable response

Question 94

At its hear, what has the focus for information warfare been over the past decade?

Answer 94

Economic

Question 95

What is asymmetry with respect to information warfare?

Answer 95

When a fairly small investment or input has a very large affect.

Question 96

Give an example of cycle time?

Answer 96

The decreasing amount of time between a vulnerability announcement, patch availability, and the release of a worm taking advantage of the vulnerability.

Question 97

What is the basic model for assessing collected data?

Answer 97

Does the data indicate a stimulus or response?
Assess the targeting
Is there implied evidence of earlier successful reconnaissance?
Mechanically assess the trace
Make an estimate as to the purpose and severity

Question 98

List the typical information warfare offensive players?

Answer 98

1. Insiders (Employees, Ex-Employees, Temps, Contractors)
2. Hackers
3. Criminals
4. Corporations
5. Governments
6. Terrorists

Question 99

What is the overall goal of an information warfare attack?

Answer 99

To target an information resource and either make it more valuable to the offense or less valuable to the defense.
To cause harm to the target organization.

Question 100

What is the mantra of the information operations worker?

Answer 100

We win; you lose, but perhaps not in zero-sum fashion

Question 101

As a defender in an information warfare attack, what is one of our most important tools?

Answer 101

Defense-in-depth

Question 102

Why is defense not dominant in information warfare?

Answer 102

Vast perimeter to defend (mobility)
Complex systems
Data portability (cloud computing)
Insiders whether malicious or just careless
Security is often an afterthought

Question 103

What protocol do browsers and servers use to communicate over the Web?

Answer 103

HTTP - Hypertext Transfer Protocol

Question 104

What are the two parts of an HTTP transaction?

Answer 104

Client request

Server response

Question 105

What are the most common HTTP methods

Answer 105

GET
PUT
POST
HEAD

Question 106

What three components make up the first line of an HTTP request?

Answer 106

1. Name of the method
2. Resource being requested
3. HTTP Version

Question 107

In addition component is required in the HTTP/1/1 protocol that is not required in the older HTTP/1.0 protocol?

Answer 107

Host header to specify at which domain the request is aimed. This allows a single web server on a single IP address to process requests for multiple domains.

Question 108

HTTP status codes beginning with the number __ are error codes.

Answer 108

4

Question 109

What are the three pieces that make up an HTTP request?

Answer 109

1. Request
2. Header lines
3. Body

Question 110

What are the three pieces that make up an HTTP response?

Answer 110

1. Status line
2. Header lines
3. Body

Question 111

What three fields are in the HTTP response status line?

Answer 111

1. HTTP Version
2. Status code
3. Description (free form text message)

Question 112

What was the creator’s main purpose in developing HTML?

Answer 112

Allow for standard formatting of document and to facilitate easy editing and uploading of Web-based documents for the purposes of collaboration

Question 113

How is form data sent with the GET action?

Answer 113

It is appending to the URL query string.

Question 114

How is form data sent with the PUT action?

Answer 114

It is sent within the HTTP headers

Question 115

Is HTTP a stateless or stateful protocol?

Answer 115

Stateless

Question 116

In web terms what is a cookie?

Answer 116

A named piece of data created by a Web server and stored at the Web broswer.

Question 117

What do cookies most commonly keep track of?

Answer 117

User authentication

Application session state

Question 118

What are the two types of cookies?

Answer 118

Persistent - stored in text file

Session (non-persistent) - stored in memory

Question 119

List some rules cookies must follow?

Answer 119

1. must have been set by a Web server and can only be sent back to that same Web server
2. Web server must specify the contents of the cookie at the time it is created
3. Can’t violate your privacy as they only contain info already know to the site.

Question 120

What is the most significant concern with cookies?

Answer 120

They can be used to track you WEb usage.

Question 121

What are the three roles of SSL

Answer 121

1. Encryption
2. Server identity verification
3. Data integrity

Question 122

What is SSL?

Answer 122

Secure Socket Layers is a protocol that provides an encrypted tunnel between two SSL-aware applications.

Question 123

What is negotiated during the handshake phase of an SSL connection?

Answer 123

The type and strength of encryption to use

Question 124

What is presented to the client during SSL initialization allowing the user to verify the server’s identity?

Answer 124

Public key certificate

Question 125

What components should be included in an organization’s development, testing, and deployment process to prevent the introduction of vulnerabilities?

Answer 125

1. security training for Developers
2. Peer Reviews
3. Formal testing
4. Performance testing
5. Configuration management and version control
6. Staging and deployment

Question 126

What is an ASP?

Answer 126

Application Service Provider

Question 127

What items should be on the audit checklist for ASPs?

Answer 127

1. How will they secure the applications
2. When was last audit? (each 6 month is ideal)
3. Review the patch mgmt history
4. Should allow vulnerability scanning

Question 128

What is the best way to identify the security practices of an ASP?

Answer 128

By performing an audit every six months.

Question 129

What are the two most commonly seen web authentication methods?

Answer 129

1. HTTP Authentication

2. HTML Form based Authentication

Question 130

What are the two native HTTP authentication schemes?

Answer 130

1. Basic Authentication

2. Digest Authentication

Question 131

What is a URL directory traversal attack?

Answer 131

A user exploiting vulnerabilities on a web server to gain access to restricted directories, execute commands, and view data outside of the directories meant to be published.

Question 132

What is the most popular technique for tracking a user through multiple web requests?

Answer 132

The use of Session IDs.

Question 133

Where are session IDs often stored?

Answer 133

1. Hidden form element
2. Cookies
3. URL query string

Question 134

What are common examples of input attacks?

Answer 134

1. OS command injection
2. Buffer overflows
3. SQL Injection
4. Cross Site Scripting

Question 135

What is the number one defense against most input attacks?

Answer 135

Validation of user input.

Question 136

What is one of the most popular file integrity checkers?

Answer 136

Tripwire

Question 137

What tool can perform SIEM correlations?

Answer 137

Splunk

Question 138

What is the number one all-time champion Web hacking tool in the galaxy?

Answer 138

Your Web browser

Question 139

What is the first thing you want to identify when monitoring the performance of your web application?

Answer 139

A baseline

Question 140

What are the key performance indicators to track for security purposes while monitoring the performance of your web application?

Answer 140

1. Latency

2. Throughput

Question 141

What are some specific attributes of latency and throughput that should be monitored?

Answer 141

1. Network connections
2. Page load times
3. Application login
4. Transaction times