ALL Flashcards
<p>what is a public cloud?</p>
<p>the standard cloud computing model where a service provider makes resources available to the public over the internet</p>
<p>what does OS fingerprinting involve?</p>
<p>using active fingerprinting to look at the ports (open/closed and the types of responses) and passive fingerprinting to examine the traffic to and from the computer (looking for the default window size or TTL of packets)</p>
<p>what are the three main protocols that can be used for wireless networks?</p>
<p>wired equivalent privacy (WEP), WPAv1, WPAv2</p>
<p>what is the purpose of infrastructure as a service (IaaS) in cloud computing?</p>
<p>it provides computer and server infrastructure, typically through a virtualization environment</p>
<p>what do you use to control traffic from the internet to the LAN (local area network) by controlling the packets that are allowed to enter the LAN?</p>
<p>a firewall</p>
<p>what is the most common type of system used to detect intrusions into a computer network?</p>
<p>NIDS</p>
<p>what is the purpose of PaaS in cloud computing?</p>
<p>it provides not only a virtualized deployment platform but also a value-added solution stack and an application development platform</p>
<p>what is the term for an unauthorized access that a network-based intrusion detection system (NIDS) fails to detect?</p>
<p>missed detection or false positive</p>
<p>what does the acronym IDS denote?</p>
<p>Intrusion detection system</p>
<p>what is the main difference between an IDS and an IPS?</p>
<p>an IDS detects intrusions. an IPS prevents intrusions</p>
<p>what does the acronym ACL denote?</p>
<p>access control list</p>
<p>what devices can limit the effectiveness of sniffing attacks: switches or routers?</p>
<p>switches</p>
<p>what are the two major types of intrusion detection systems (IDS)?</p>
<p>network IDS (NIDS) and host IDS (HIDS)</p>
<p>which type of IDS detects attack on individual devices?</p>
<p>host intrusion detection system (HIDS)</p>
<p>which layer 3 device allows different logical networks to communicate?</p>
<p>router</p>
<p>what is the default rule found in a firewall's access control list (ACL)?</p>
<p>deny all</p>
<p>what does the acronym NIDS denote?</p>
<p>network-based intrusion detection system</p>
<p>which security control is lost when using cloud computing?</p>
<p>physical control of the data</p>
<p>what is the term for an authorized access that a network-based intrusion detection system (NIDS) incorrectly detects as an attack?</p>
<p>false positive</p>
<p>what are the four types of cloud computing based on management type?</p>
<p>public, private, hybrid, and community</p>
<p>what is hybrid cloud?</p>
<p>a cloud computing environment in which an organization provides and manages some resources in-house and has others provided externally via a public cloud</p>
<p>what is multi-tenancy cloud?</p>
<p>a cloud model where multiple tenants share the resources. this model allows the service providers to manage the resource utilization more efficiently</p>
<p>which type of system identifies suspicious patterns that may indicate a network or system attack?</p>
<p>intrusion detection system (IDS)</p>
<p>why is data isolation used in cloud environments?</p>
<p>to ensure that tenant data in a multi-tenant solution is isolated from other tenant' data using a tenant ID in the data labels</p>
<p>which information do routers use to forward packets to their destinations?</p>
<p>the network address and subnet mask</p>
<p>what does the acronym HIDS denote?</p>
<p>host-based intrusion detection system</p>
<p>what is a community cloud?</p>
<p>an infrastructure that is shared among several organizations from a specific group with common computing concerns</p>
<p>what is the purpose of software as a service (SaaS) in cloud computing?</p>
<p>it ensures on-demand, online access to an application suite without the need for local installation</p>
<p>what is a single-tenancy cloud?</p>
<p>a cloud model where a single client or organization uses a resource</p>
<p>what OS footprinting do?</p>
<p>it performs the fingerprinting steps as well as gathering additional information, such as polling DNS (check the status/survey), registrar queries, and so on</p>
<p>which type of IDS detects malicious packets on a network?</p>
<p>network intrusion detection system (NIDS)</p>
what is lightweight extensible authentication protocol (LEAP)?
a proprietary wireless LAN authentication method developed by Cisco Systems
which type of analysis involves identifying traffic that is abnormal?
anomaly analysis
which wireless protocol provides the best security: WEP, WAP, WPA, or WPA2?
WPA2 with CCMP
which category of IDS might increase logging activities, disable a service, or close a port as a response to a detected security breach?
active detection
what does the acronym SIEM denote?
security information and event management
what should you do to ensure that a wireless access point signal does not extend beyond it needed range?
reduce the power levels
which type of analysis involves examining information in the header of the packet?
protocol analysis
what is the purpose of MAC filtering?
to restrict the clients that can access a wireless network
what is protected extensible authentication protocol (PEAP)?
a protocol that encapsulates the EAP within an encrypted and authenticated TLS tunnel
what are the two modes of WAP and WPA2?
personal (also called preshared key or WPA-PSK / WPA2-PSK) and enterprise
what type of analysis focuses on the long term direction in the increase or decrease in a particular type of traffic?
trend analysis
which security protocol is the standard encryption protocol for use with the WPA2 standard?
counter mode cipher block chaining message authentication code protocol (CCMP)
which security protocol was designed as an interim solution to replace WEP without requiring the replacement of legacy hardware?
temporal key integrity protocol (TKIP)
which intrusion detection system (IDS) watches for intrusions that match a known identity?
signature-based IDS
which software can collect logs from specified devices, combine the logs, and analyze the combined logs for security issues?
security information and event management (SIEM)
what doe heuristic analysis do?
it determines the susceptibility of a system towards a particular threat/risk using decision rules or weighing methods
which protocol does the enterprise mode of WPA and WPA2 use for authentication?
extensible authentication protocol (EAP)
which wireless mode ensures that wireless clients can only communicate with the wireless access point and not with other wireless clients?
isolation mode
which type of IDS or IPS uses an initial database of known attack types but dynamically alters their signatures base on learned behavior?
heuristic
what doe packet analysis do?
it examines the entire packet, including the payload
what are the non-overlapping channels for 802.11g/n?
channels 1,6, and 11
what are the non-overlapping channels for 802.11b?
channels 1,6,11, and 14
what is the most secure implementation of file transfer protocol (FTP)?
secure file transfer protocol (SFTP)
what is the name for a hole in the security of an application deliberately left in place by a designer?
backdoor
which malicious software infects a system without relying upon other applications for its execution?
a worm
what does an anti-virus application signature file contain?
it contains identifying information about viruses
which application or services uses TCP/UDP port 3389?
remote desktop protocol (RDP)
which port number is used by TFTP?
UDP port 69
what is the name for a fix that addresses a specific windows system problem or set of problems?
hotfix
which firewall port should you enable to allow SMTP trafic to flow through the firewall?
port 25
how many TCP/UDP ports are vulnerable to malicious attacks?
65,536
which type of virus can change its signature to avoid detection?
polymorphic
what is the default PPTP port?
TCP port 1723
what is the purpose of NAC?
network access control (NAC) ensures that the computer on the network meets an organization’s security policies
using role-based access control (RBAC), which entities are assigned roles?
users or subjects
what is the name of the area that connects to a firewall and offers services to untrusted networks?
DMZ
which virus creates many variants by modifying its code to deceive antivirus scanners?
polymorphic virus
which port should you block at your network firewall to prevent telnet access?
port 23
what is a good solution if you need to separate two departments into separate networks?
VLAN segregation
which port number does LDAP use for communications encrypted using SSL/TLS?
port 636
which type of code performs malicious acts only when a certain set of conditions occurs?
a logic bomb
which firewall port should you enable to allow IMAP4 traffic to flow through the firewall?
TCP port 143
which two port does FTP use?
ports 20 and 21
what does VLAN segregation accomplish?
it protects each individual segment by isolating the segments
which port number does HTTP use?
port 80
which port numbers are used by NetBIOS?
ports 137, 138, 139
which type of malware appears to perform a valuable function, but actually performs malicious acts?
trojan horse
which port number does LDAP use when communications are not secured using SSL/TLS?
port 389
what does the acronym RBAC denote?
role-based access control
which viruses are written in macro language and typically infect operating systems?
macro viruses
who can change a resource’s category in a mandatory access control environment?
administrators only
which port number does NNTP (network news transfer protocol) use?
TCP port 119
what is a trojan horse?
malware that is disguised as a useful utility, but is embedded with a malicious code to infect computer systems
which port number does NTP use?
port 123
what does the acronym DAC denote?
discretionary access control
which firewall port should you enable to allow POP3 traffic to flow through the firewall?
TCP port 110
which port number does DHCP use?
port 67
which port number is used by SSL, FTPS, and HTTPS?
TCP port 443
which port number is used by SSH, SCP, and SFTP?
port 22
what is the default L2TP port?
UDP port 1701
which type of access control associates roles with each user?
role-based access control (RBAC)
why should you install a software firewall and the latest software patches and hotfixes on your computer?
to reduce security risks
what is the name for a collection of hotfixes that have been combined into a single patch?
a service pack
which type of access control is the multi-level security mechanism used by the department of defense (DoD)?
mandatory access control (MAC)
which port number does DNS use?
port 53
which port number is used by SMB?
tcp port 445
what is a file considered in a mandatory access control environment?
an object
what is the purpose of anti-spam application or filters?
to prevent unsolicited e-mail
which type of access control was originally developed for military use?
mandatory access control (MAC)
when should you install a software patch on a production server?
after the patch has been tested
which type of access control is most suitable for top-secret information?
mandatory access control (MAC)
which port number does SNMP use?
UDP port 161
in a secure network, what should be the default permission position?
implicit deny
which port number does SSH use?
port 22
which type of virus attempts to hide from antivirus software and from the operating system by remaining in memory?
stealth
which port is used for LDAP authentication?
port 389
which self-replicating computer program sends copies of itself to other devices on the network?
worm
which port number is used by microsoft SQL server?
tcp port 1433
which TCP port number does secure sockets layer (SSL) use?
port 443
according to the CySA+ objectives, what are the six rules of engagement for penetration testing?
timingscopeauthorizationexploitationcommunicationreporting
is a DHCP server normally placed inside a DMZ?
no
what is meant by the term exploitation in regards to rules of engagement in penetration testing?
all exploits that will be attempted during a scan
what is decomposition?
the process of breaking software or malware down to discover how it works
what is meant by the term scope in regards to vulnerability testing?
the devices or parts of the network that can be scanned and the types of scans to be performed
which technology enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic, while hiding internal addresses or address space?
NAT
which assessment determines whether network security is properly configured to rebuff hacker attacks?
penetration test
what is the purpose of network segmentation?
to isolate a group of devices
what can be used to run a possibly malicious program in a safe environment?
sandbox
which term is used for the process of verifying the integrity of a file by using a hashing algorithm?
fingerprinting or hashing
what is the purpose of the blue team in a training exercise?
defending the device or network
which documentation reduces the likelihood that you have received counterfeit equipment?
OEM (original equipment manufacturer) documentation
which type of connectivity provides a remote user the ability to safely connect to his or her corporate network while maintaining data confidentiality and integrity?
VPN
what is the purpose of the red team in a training exercise?
attacking the devices or network
what is meant by the term timing in regards to penetration testing?
the time when the test should occur and when it should not occur
what is the primary security advantage of using NAT?
NAT hides internal IP addresses from the public network
what is meant by the term authorization in regards to penetration testing?
the written agreement and legal authority to perform a vulnerability test
which type of test attempts to exploit vulnerabilities?
penetration test or pentest
which type of test ONLY identifies vulnerabilities?
vulnerability test
what is the purpose of rules of engagement for penetration testing?
they define how a penetration test should occur, including the factors that limit the penetration test
what does the acronym OEM denote?
original equipment manufacturer
which team acts as the referee during a training exercise?
white team
what is the purpose of the Trusted Foundry?
it identifies trusted vendors and ensures a trusted supply chain for the united states department of defense (DoD)
does each VLAN create its own collision domain or its own broadcast domain?
broadcast domain
what should you consult to identify all systems that need to have a vulnerability scan?
the company’s asset inventory
what is a flaw, loophole, or weakness in the system, software, or hardware?
vulnerabiltiy
which scan has less of an impact on the network: agent-based or server-based?
agent-based vulnerability scans because they run on the device and only send the report to the centralized server
what are the two main factors that CompTIA list as factors for prioritizing vulnerability remediation?
criticality and difficulty of implementation
how often should vulnerability scans be carried out based on PCI-DSS standards?
every three months and whenever systems are updated
which SCAP component provides standardized names for security-related software flaws?
common vulnerabilities and exposures (CVE)2
what does the acronym CCE denote?
common configuration enumeration
which systems provides CCE and CVE identifiers for vulnerability scans?
security content automation protocol (SCAP)
which term is used for an agreement that is signed by two partnering companies?
business partners agreement (BPA)
what does the acronym CVE denote?
common vulnerabilities and exposures
which term is used for an agreement between two or more parties where the parties cannot create a legally enforceable agreement?
memorandum of understanding (MoU)
what does the acronym SCAP denote?
security content automation protocol
which step of the vulnerability management process involves assessing the documented requirements and workflow to determine when scans should occur?
establish scanning frequency
why should you document workflow prior to setting up a vulnerability scan?
to help provide business constraints for the scan
which step of the vulnerability management process involves documenting the regulatory environment and corporate policy, classifying data, and obtaining an asset inventory?
identify requirements
in which situation will you accept a risk?
when the cost of the safeguard exceeds the amount of the potential loss
why should you deploy remediation in a sandbox environment?
to test the effects of the remediation to ensure that the devices will be able to function properly after deployment
what is the process for the vulnerability management process?
- identify requirements2. establish scanning frequency3. configure the tools to perform the scans according to specifications4. execute the scan5. generate scan reports6. provide remediation for discovered vulnerabilities
what does the acronym CVSS denote?
common vulnerability scoring system
what is a service level agreement (SLA)?
a contract between a network service provider and a customer that specifies the services the network service provider will furnish
which range of CVSS scores indicates low priority?
0.1 to 3.9
what is meant by the term vulnerability feed?
the updates to the vulnerability scanner that ensures that the scanner is able to recognize newly discovered vulnerabilities
which range of CVSS scores indicates high priority?
7.0 to 8.9
what happens with an agent-based vulnerability scan?
agents are installed on the devices to run the scan and send the report to a centralized server
which range of CVSS scores indicates medium priority?
4.0 to 6.9
what is the recommended action when the cost of the safeguard exceeds the amount of the potential loss for a given risk?
to accept the risk
which permissions should you assign the account used for the vulnerability scans?
read only
which SCAP component provides standard names for product names and versions?
common platform enumeration (CPE)
which step of the vulnerability management process includes scanning criteria, such as sensitivity levels, vulnerability feed, and scope?
configure the tools to perform the scans according to specifications
which range of CVSS scores indicates critical priority?
9.0 to 10.0
what is meant by the scope of a vulnerability scan?
the range of hosts or subnets included in the scan
what is the purpose of a discovery vulnerability scan?
to create an inventory of assets based on host or service discovery
which SCAP component provides a standardized metric that measures and describes the severity of security-related software flaws?
common vulnerability scoring system (CVSS)
what is the term Nessus uses for vulnerability feeds?
plug-ins
which type of vulnerability scan includes the appropriate permissions for the different data types?
credentialed scan
what does a CVSS score of 0 indicate?
no issues
what are the FIVE inhibitors to remediation after a vulnerability scan?
MOUsSLAsOrganizational GovernanceBusiness process interruptionDegrading functionality
what does the acronym CPE denote?
common platform enumeration (CPE)
what are the three possible values of the availability (A) metric of the CVSS vector, and what do they stand for?
N - NoneP - PartialC - Complete
which value of the authentication (Au) metric of the CVSS vector means no authentication mechanisms are in place to stop the exploitation of the vulnerability?
N
which CVSS metric describes the authentication on attacker would need to get through to exploit the vulnerability?
the authentication (Au) metric
which value of the access vector (AV) metric of the CVSS vector indicates that the attacker must have physical access to the affected system?
L
which value of the Access Vector (AV) metric of the CVSS vector indicates the attacker can cause the vulnerability from any network?
N
which value of the confidentiality (C) metric of the CVSS vector means all information on the system could be compromised?
C
which value of the Confidentiality (C) metric of the CVSS vector means some access to information would occur?
P
what are the three possible values of the Access Vector (AV) metric of the CVSS vector, and what do they stand for?
L - LocalA - AdjacentN - Network
which CVSS metric describes the difficulty of exploiting the vulnerability?
the access complexity (AC) metric
which CVSS metric describes the information disclosures that may occur if the vulnerability is exploited?
the confidentiality (C) metric
what are the three main possible values of the authentication (Au) metric of the CVSS vector, and what do they stand for?
M - MultipleS - SingleN - None
which value of the availability (A) metric of the CVSS vector means system performance is degraded?
P
which CVSS metric describes how the attacker would exploit the vulnerability?
the access vector (AV) metric
which value of the integrity (I) metric of the CVSS vector means some information modification would occur?
P
what are the three possible values of the confidentiality (C) metric of the CVSS vector, and what do they stand for?
N - NoneP - PartialC - Complete
which value of the integrity (I) metric of the CVSS vector means all information on the system could be compromised?
C
which value of the Access Complexity (AC) metric of the CVSS vector means the vulnerability does not require special conditions?
L
which value of the availability (A) metric of the CVSS vector means the system is completely shut down?
C
which CVSS metric describes the disruption that might occur if the vulnerability is exploited?
the availability (A) metric
what should you do for the false positives in a vulnerability scanning report once you have verified that they are indeed false?
configure exceptions for the false positives in the vulnerability scanner
what is meant by the term false negative in a vulnerability scan?
when the vulnerability scan indicated no vulnerabilities existed when, in fact, one was present
which value of the access vector (AV) metric of the CVSS vector indicates the attacker must be on the local network?
A
which value of the integrity (I) metric of the CVSS vector means there is no integrity impact?
N
which CVSS metric describes the type of data alteration that might occur?
the integrity (I) metric
which value of the Confidentiality (C) metric of the CVSS vector means there is no confidentiality impact?
N
which value of the authentication (Au) metric of the CVSS vector means the attacker would need to get through two or more authentication mechanisms?
M
which value of the authentication (Au) metric of the CVSS vector means the attacker would need to get through one authentication mechanism?
S
what are the three possible values of the Access Complexity (AC) metric of the CVSS vector, and what do they stand for?
H - HighM - MediumL - Low