A+ Core II 2.0 Security Flashcards
What is the list of different PHYSICAL forms of security used in protecting a data center?
*Access control vestibule
*Badge reader
*Video surveillance
*Alarm systems
*Door locks
*Equipment locks
*Guards and access lists
*Barricades / Bollards
*Fences
What is an access control list?
A set of rules used to assign permissions or grant different levels of access to files and business-critical information.
What is NAT?
Network Address Translation: A way to map multiple private addresses inside a local network to a public IP address before transferring the information onto the internet
What is QoS?
Quality of Service: The use of mechanisms or technologies that work on a network to control traffic and ensure the performance of important apps with limited network capacity.
What is ICMP?
Internet Control Message Protocol: A protocol that devices within a network use to communicate problems with data transmission.
What is an Active Directory?
A database of everything on the network
What is an OU in an Active Directory?
Organizational Unit; is a subdivision within an Active Directory in which you can place users, groups, computers, and other organizational units (used in very large databases).
What are logon scripts?
Scripts that allow admins to configure the operating environment for webspace users. May perform an arbitrary set of tasks such as defining user-specific environment variables.
What is a central console that allows users to manage other users or computers?
Group Policy
What is the purpose of a home folder?
A centralized shared folder meant for users to store their files in instead of the local storage.
What encryption methods does WPA2 use?
CCMP- Cyber Crisis Management Plan
What encryption methods does WPA3 use?
GCMP - Galois/Counter Mode Protocol
What is the PSK authentication process?
Using a pre-shared key shared between two parties to log onto a network
What is the main issue with WPA2s PSK authentication method?
Attackers can listen in the four-way handshake and brute force the PSK using the hash
In what way is the PSK brute-force problem remedied with WPA3?
It uses SAE (Simultaneous Authentication of Equals) to include mutual authentication, meaning there is no longer a need for a four-way handshake to be sent over the network
What kind of encryption method allows two devices to derive a shared key without actually sending the keys across the network?
Diffie-Hellman key exchange
What is the RADIUS authentication mode?
One of the more common AAA methods thats supported on a wide variety of platforms and devices.
What remote authentication protocol is commonly used with Cisco devices?
TACACS/TACACS+
What network authentication protocol is commonly used in Windows OSes?
Kerberos
What authentication method should you use if; You have a RADIUS server and a VPN concentrator that can talk to a RADIUS server?
RADIUS
What authentication method should you use if you have a Cisco device?
TACACS/TACACS+
What authentication method should you use if you’re using a Microsoft Windows device?
Kerberos
List malware types and methods:
*Trojan Horse
*Rootkit
*Viruses
*Spyware
*Ransomware
*Keylogger
*Boot sector virus
*Cryptominers
Describe a Trojan horse
Software that pretends to be something helpful/harmless. Better trojan horses are built to circumvent your existing security.
Describe a rootkit
Originally a Unix technique, this is a form of malware that can modify the system core files and embed itself in the kernel
What are some ways to find and remove rootkits?
*Use anti-malware scans to find any unusual activity
*Use a remover specific to the rootkit
*Secure boot with UEFI
Describe a virus
Malware that can replicate itself through file systems or networks. May or may not cause problems.
Describe a boot sector virus.
A virus born from a boot loader being modified to run malware. This form of virus runs before the OS is even loaded
Describe spyware
Malware that spies on you via browser monitoring or keyloggers
Describe ransomware
A form of malware that encrypts your data. To get the encryption key for your data, you need to pay a ransom to the attackers
Describe how cryptominers work
Cryptocurrency mining requires “proof of work”, which usually consists of a difficult math problem. Attackers install malware into other people’s devices and use their CPU to process these calculations for their cryptocurrency.
What is a command line in Windows that can be used as a last resort to remove any malware from a system?
Windows Recovery Environment
How can you start the Windows recovery environment?
*All Windows versions: Hold the Shift key while clicking restart, or boot from installation media
*Windows 10: Settings>Update and Security>Recovery>Advanced Startup
*Windows 11: System>Recovery>Advanced Startup>Restart now
*After rebooting: Troubleshoot>Advanced options>Command Promts
What are some ways/techniques that can be used to prevent/rid of malware or viruses on a system?
*Windows Recovery Environment (Last resort)
*Anti-virus/ Anti-malware
*Software firewalls
*Anti-phishing training
*End-user education
*OS reinstallation
Contrive a list of different social engineering tactics
*Phishing/Vishing/Smishing
*Spear Phishing
*Tailgating/Piggybacking
*Impersonation
*Dumpster diving
*Wireless evil twin
*Shoulder Surfing
What is the definition of Denial of Service?
To force a service to fail by overloading, or exploiting a design flaw
What is a zero-day attack?
An attack that uses a vulnerability that hasn’t been yet discovered or remedied.
What is an on-path attack?
When a user sits in a conversation and can view and even alter the data being sent between two devices
What is an on-path attack that takes place on a local IP subnet called?
ARP poisoning
What does ARP stand for in ARP poisoning?
ARP=Address Resolution Protocol: A protocol that connects an ever-changing IP address to a fixed physical machine address (or MAC address)
What does it mean to store passwords “in the clear”?
To store account passwords with no encryption, meaning anyone with access to the server can see them. (Not a recommended way to store passwords)
What is an insider threat in terms of Cyber Security?
Cyber attack threats within an organization
What is code injection?
Adding your information into a datastream. Usually enabled because of bad programming
What is Cross-site scripting (XSS)?
An attack that takes advantage of vulnerabilities within the JavaScript program
Break down a non-persistent (reflected) XSS
*Run some type of script in a user’s browser (Search box is a common source)
*Attacker emails a link that takes advantage of this vulnerability
*Runs a script that sends credentials/session IDs/Cookies to the attacker
*Script embedded in URL executed in the victim’s browser as if it came from the web server
*Attacker uses credentials/session IDs/Cookies to steal victims info without their knowledge
What does a firewall exception do?
Allows an app or feature through the Windows Firewall
Where can you go to temporarily disable your firewall?
Control Panel>Windows Defender Firewall(Requires elevation)
What are a few ways to log on to a Windows System?
*Local Accounts
*Microsoft accounts (Sync between devices, integrate apps like Skype or Office with OneDrive)
*Windows Domain Accounts
What is the order of the User Hierarchy in Windows systems?
*Administrators
*Standard Users
*Guest (Limited Access)
What is the function of BitLocker?
You can select it to encrypt all of your data in a drive, even the Operating System.
What is EFS?
Encrypting File System: A service integrated into NTFS that allows you to encrypt files at the file system level. This can be used if you don’t wanna encrypt an entire Windows system, but you wanna encrypt specific files.
What is the best practice for protecting data on a USB drive?
Make sure all data on USB drives are encrypted, as losing them can pose a risk of your data being leaked.
What are some good practices in protecting your encrypted data?
*Have a decryption key
*Keep the decryption key backed up/ a copy
*You can integrate the key into Active Directory
True or false: An attacker can use the default username and password found in a system to gain access to a server or machine.
True
What are some ways to secure your information when working in public spaces?
*Use a privacy filter on your screen to keep onlookers from peeking at your screen
*Keep your monitor away from windows and hallways
True or False: Encrypting the data on a USB device is just as important as encrypting any data on a drive?
True
What are some ways to protect/retain the decryption key?
*Have a copy backed up somewhere
*You can integrate it into Active Directory
What are some good practices for maintaining strong passwords in an organization?
*Have a mandatory password change every 30, 60, or 90 days
*Have critical systems change their passwords even more frequently
*The recovery process should not be trivial
*Change default usernames/passwords
What is the best practice for AutoRun and AutoPlay?
Generally wanna have these features turned off, that way when removable media is installed its contents aren’t automatically displayed on the screen
Why don’t mobile phones include a firewall? And what are some ways to remedy this vulnerability?
Mobile phones dont have a firewall because most activity initiates outbound instead of inbound. To remedy this, there are firewall apps available (mostly on android).
What is a way an enterprise can centrally manage an employee’s personal phones?
Admins can use what is called an MDM, or mobile device manager to set policies on apps, camera, etc.
List some examples of IoT devices
*Sensors
Heating, cooling, Lighting
*Smart devices
Home automation, video doorbells
*Wearable tech
Watches, health monitors
*Facility Automation
Temperature, air quality, lighting
What are some things to consider when there is an IoT device involved in your network?
IoT manufacturers are not security professionals, so they may not consider the security risks when making these devices. To remedy this issue, you can add all of your IoT devices to a guest network to isolate them from other devices within the same network.
What are some ways you can safely and effectively destroy a device that contains sensitive data?
*Shredder
*Drill/Hammer through all platters on a storage device or drill through any chips in an SSD
*Electromagnetic (degaussing)
Removes the magnetic field, which
destroys the drive data and
electronics
What is low-level formatting in disk formatting?
This is the default formatting provided at the factory. This is not a recommended format for the user.
What is a certificate of destruction?
A certificate that a third-party company hands you after destroying a device. This is to show validation that the device was successfully destroyed without the risk of any data being leaked.
What is standard formatting [Quick formatting] in disk formatting?
This is the format a disk takes on when a user sets up the file system and installs a boot sector. This clears out the master file table but keeps the data within it intact.
What is standard formatting [Regular format] in disk formatting?
In this format, the system overwrites every sector with zeros. This is the default format for Windows Vista systems and later. In this format, the data cannot be recovered.
Whats a SOHO?
A small office or home office
What is an allow list?
A list of different IP addresses that cannot pass through the firewall unless it’s approved
What is a deny list?
A list of specific URLs, domains, or IP addresses that are not allowed to be accessed going outbound
What is content filtering?
A feature that allows you (parent, admin, or regular user) to regulate allowing or disallowing access to certain locations.
True or False: Content filtering is often done within a single device, such as a router, switch, access point, firewall, etc.
True
In a SOHO environment, how are IP addresses distributed often?
They’re manually distributed
What are DHCP reservations?
This is a feature with DHCP servers that lets you assign a specific IP address to a specific MAC address
What is UPnP (Universal Plug and Play)?
A protocol that lets UPnP-enabled devices on your network automatically discover and communicate with each other
What are the best practices as far as UPnP goes?
The best practice is to have UPnP disabled unless an app requires it. This feature is used mainly for peer-to-peer apps, and there is no approval needed.
What is a screened subnet (AKA DMZ- Demilitarized zone)?
This is essentially a network that is put outside a firewall to mitigate attackers from gaining access to the rest of the network
What is SSID (Service Set Identifier)
This is the name of a wireless network. Some examples include: LINKSYS, DEFAULT, NETGEAR
What is an open system in networking terms?
A network that requires no authentication (i.e. Coffe shop or Hotel)
What encryption methods are typically used in a SOHO environment?
WPA/2/3-Personal or WPA/2/3-PSK
What encryption methods are typically used in an enterprise setting?
WPA/2/3-Enterprise or WPA/2/3-802.1X
What is LDAP?
A protocol that helps users find data about organizations, persons, and more (lightweight version of DAP [Directory Access Protocol])
What is a guest network? And what are some good practices when it comes to guest networks?
A guest network is a feature that allows you to create a separate network from your main one. Though it may be best to disable this feature, using a guest network either for IoT devices or Lab network can be helpful, as this will keep these devices isolated from the main network
What is port forwarding?
This function takes traffic that is inbound to your router, determines which port is being used, and redirects the network traffic onto the device that is being communicated with
True or false: Having you download malicious browser extensions is yet another way attackers can install malware on your device
True
What can you use to verify a browser’s or app’s hash?
You can use a hash-checking app
What’s a tool you can use to have all of your credentials from different websites and sources on one centralized website?
Password managers
What is one way to check the legitimacy of a website?
Check the certificate to see if the dates are aligned, the certificate is properly signed, and the domain name matches the certificate
How can you find a website’s certificate details in Chrome?
Click the menu button on the top right-hand corner of the screen. then go to; More tools>Developer tools, then click on the Security tab
