block 11 2 b + c

Question 1

what is anti-virus (AV) software ?

Answer 1

• Software scans computer files for presence of malicious
  code.

Too much affects computer’s performance, the software’s effectiveness, and can conflict with one another.

should be done at least once a week

Question 2

what is Malicious logic/code (malware)?

Answer 2

Hardware, firmware, or software that is intentionally included or inserted in a system for a harmful purpose

Question 3

what is CATIII?

Answer 3

findings degrade measures to protect against loss of confidentiality, availability, or integrity

Question 4

what is CATII?

Answer 4

findings provide information about system, therefore have a high potential of allowing unauthorized access to an intruder.

Question 5

what is CATI?

Answer 5

an indicator of the greatest risk and urgency.
The findings are those that allow an attacker to gain immediate access to a system or component.

Question 6

why does DISA use STIGS?

Answer 6

• to strengthen and assess the security posture of a system or component.
• Findings from STIG are (CATs)

Question 7

what is Unified Master Gold Disk (UMGD)?

Answer 7

running software to ensure compliance and discover any weaknesses in the system security

Question 8

what do STIGS contain?

Answer 8

technical guidance to secure information systems/software

Question 9

what is risk mitigation?

Answer 9

Once the risks are identified, we can
appropriately choose to either avoid, mitigate, transfer, or accept the risks.

Question 10

what is Integrated Network Operations and Security Center (I-NOSC?

Answer 10

Their mission focus is to continuously ensure that systems are operational and fully capable.

personnel monitoring/supporting/responding to real time network events in the day to day

Question 11

what is incident response?

Answer 11

Many organizations have
dedicated teams responsible for investigating any computer security incidents that take place

called a Computer Incident Response
Team (CIRT)

a CSIRT(computer security incident response team)
is set up as the central body to handle responses.
A distributed model contains multiple teams whose responsibilities each cover a particular area of a unit, office, or organization.
Finally, a coordinated model
allows for a team or body of security personnel who relay the IRPs to the teams who are affected by each
incident.

As for the four phases of an IRP, they include:
1. Preparation
2. Detection and Analysis
3. Containment, Eradication, and Recovery
4. Post-Event Activity

Question 12

what is bluesnarfing?

Answer 12

act of hijacking and taking over a Bluetooth connection, typically done during the initialization vector upon pairing devices.
range 10-30 meters

Question 13

what is bluejacking?

Answer 13

is the act of sending unsolicited messages over a Bluetooth connection

Question 14

what is jamming?

Answer 14

• electromagnetic energy is emitted on a wireless network’s frequencies. This attack causes the WAPs to become unusable by the network since the signals cannot be found or used

ranges 18 meters (60 feet)
and 70 meters (230 feet).

Jamming is a form of a wireless DoS attack.

Question 15

what is an evil twin?

Answer 15

an attack designed to fool people into logging into an AP typically over Wi-Fi

attempts to replicate or similarly name the Service Set Identifier (SSID), which is also known as the network name.

Those who connect to an evil twin will have their keystrokes recorded, and login information replicated in hopes of stealing that information to replay it later.

The evil twin attack is essentially a wireless phishing attack.

Question 16

what are the 4 wireless attacks?

Answer 16

• evil twin attack
  -jamming
• blusnarfing
• bluejacking

Question 17

what is a sensitive room?

Answer 17

is secure, sound-proofed, and protected, but only up to the classification of SECRET

Sensitive rooms can be used to contain highly classified documentation and equipment.

Question 18

what is physical barriers and locks?

Answer 18

include fences, cages, physical locks, and mechanical locks.

Physical security also involves preventing unauthorized access to equipment, facilities, and systems.

bollards and mantraps. (found in front of storefronts, to prevent vehicles from driving into a building or pulling up to a building for quick on/offloading, blocking cameras, striking pedestrians, etc.)

Question 19

what is secure premises?

Answer 19

refers to protecting structures and equipment (including information and software) from theft, vandalism, natural and manmade disasters, and accidental damage.

methods and technologies such as barriers, mantraps, bollards, and secure doors are among the types used to secure and protect a building or premesis

Question 20

what is physical security?

Answer 20

involves the protection of servers and the protection of clients to prevent physical intrusion.

measures include lockable server racks, near field
communication (NFC) access to server rooms, surveillance, access lists, and security guards.

Physical server protection also includes practices such as not walking away from a server while logged in and always logging off or locking the system when it’s not in-use

Question 21

what is DDOS (denial of service attacks)?

Answer 21

• attacks use multiple computers to attack a target.
  The controlled computers are called bots, wherein the set of bots being used together in an attack is called a botnet.

Question 22

what is fault tolerance?

Answer 22

property of a system that allows proper operation even if components
fail

Question 23

what is a public key?

Answer 23

unique key that is shared, so data can be encrypted and then sent to them.

Question 24

what is a private key?

Answer 24

keys that are unique to each individual. used to decrypt data encrypted by public key.

Question 25

what is PKC?

Answer 25

A form of cryptography that uses two related keys, a public key and a private key; the
two keys have the property that, given the public key, it is computationally infeasible
to derive the private key.

Question 26

what is asymmetric cryptography?

Answer 26

asymmetric means opposite

Cryptography uses two separate keys to exchange data
one to encrypt or one to decrypting data
one to digitally sign data or to verify digital signature
aka PKC

Question 27

what is symmetric cryptography (secret key)?

Answer 27

keys are called secret keys and are identical copies of the keys used. Therefore, the same key is used to encrypt
and decrypt data.

A cryptographic algorithm that uses the same secret key for its operation and, if applicable, for reversing the effects of the operation (e.g., an AES key for encryption and decryption

Question 28

what is encryption?

Answer 28

Cryptographic transformation of data
(called ‘plaintext’) into a form (called ‘ciphertext’) that conceals the data’s original meaning to prevent it
from being known or used

decryption; which is a transformation that restores encrypted data to its original state

Question 29

what is permissions?

Answer 29

means it is possible to track the user’s online activities, thus allowing for accounting and non-repudiation should a legal case arise.

shown through certificates, tokens, or user ID & password is referred to as Identity-Based Access Control (IBAC). IBAC may be enforced at the operating
system or application level, requiring user ID and passwords and/or with digital certificates

Question 30

what is user accounts?

Answer 30

The local account’s settings determine the rights for running programs, installing and removing programs, accessing files, and enabling or disabling services.

making and authorizing specific accounts for specfic uses and actions

Question 31

what is biometrics?

Answer 31

Biometric authentication relies on a unique physical characteristic to verify the identity of system users.

Common biometric identifiers include fingerprints, written signatures, voice patterns, typing patterns, retinal scans, and hand geometry

something that proves that you are who you say you are

Question 32

what is a token?

Answer 32

a small device (hardware) or computer-generated code (software) that is typically used in the authentication process.

Question 33

passwords

Answer 33

Passwords should never be written down and should be regularly changed.
60 to 90 days are healthy
contain a combination of sixteen or more letters (both upper and lower case), numbers and symbols

PINs and passwords do not provide non-repudiation, confidentiality, or
integrity.

Question 34

what is misuse detection?

Answer 34

it is trying to identify an attack already documented.

strength = adding attack signatures to database as identified which detects attacks more quickly in the future.

weakness =inability to recognize unknown attacks.

Question 35

what is IPS intrusion prevention system?

Answer 35

controls access to an IT network and protects it from abuse and
attack.
IPSs are designed to monitor intrusion data and take the necessary action to prevent an attack from
developing.

Question 36

what is signature based?

Answer 36

uses predefined signatures of well-known network threats.

system takes action when attack matches signature or pattern

Question 37

what is anomaly based?

Answer 37

monitors for any abnormal or unexpected behavior on the network.
If an anomaly is detected, the system blocks access to the target host immediately

Question 38

what is policy based?

Answer 38

administrators configure security policies

Question 39

what is network based IDS (NIDS)?

Answer 39

NIDSs are utilized to detect attacks by capturing and analyzing network packets.

Question 40

what are host based IDS (HIDS)?

Answer 40

HIDS operate on information collected from an individual computer system.

disadvantage = consumes resources on the host on which it resides, possibly slow that device down.

see intended outcome of an attempted attack, because they can directly access and monitor the data files and system processes usually targeted by attacks.

Question 41

what is IDS (intrusion detection system)?

Answer 41

system that scans, audits, and monitors the security infrastructure for signs of unauthorized access or abuse in progress.
IDS software can analyze data and alert security administrators to potential infrastructure problems.

Question 42

what is internet protocol security (IPsec)?

Answer 42

IPSec is an open-source authentication and encryption
protocol suite that operates at layer 3

A protocol that adds security features to the standard IP protocol to provide confidentiality and integrity services IPSec has two modes of operation:
transport and tunnel modes.

Question 43

what is secure real time transport protocol (SRTP)?

Answer 43

the methods of tagging, filtering, prioritizing, and protecting data

commonly used for replay protection in the transmission of real-time
audio/video data in Internet telephony applications

(RTP) is considered insecure since a telephone conversation over IP can easily be eavesdropped.

Question 44

what is a voice protection system? (VPS)

Answer 44

AVoice Protection System (VPS) acts like a firewall for the base’s phone lines, protecting calls to and from
the base.

Question 45

what is a VPN concentrator?

Answer 45

incorporate the most advanced encryption and authentication techniques available.

provide high availability (HA), high performance and scalability, and include components called scalable encryption processing modules.

Cisco VPN concentrators are built specifically for creating a remote-access VPN

Question 46

what is VPN gateway?

Answer 46

networking device that connects two or more networks together in a VPN
infrastructure, rather than just a client and server.

Question 47

what is a virtual private network?

Answer 47

VPNs provide secure connection over a non-secure (public) network to a
secure (private) network.

Protected information system link utilizing tunneling, security controls, and endpoint address translation giving the impression of a dedicated line

Question 48

what are firewalls?

Answer 48

Firewalls monitor all traffic entering and leaving the private network and alert IT staff for any attempts to circumvent security or patterns of inappropriate use based on certain criteria.

Question 49

what is internal control?

Answer 49

internal control = all efforts to ensure that the network and its data retain the characteristics of The CIA Triad and non-repudiation needed to maintain a safe and secure network

Question 50

what is defense in depth steps?

Answer 50

people
- Physical and personnel security measures must be established to control and monitor access to facilities and
the Information Technology (IT) environment.policies to control.
Personnel: making sure all personnel are on the same page that way we limit/prevent any risk

technology
- There are six focus
areas:
∙ Defend the Networks and Infrastructure
∙ Protect the local and wide area communication networks
(e.g. from Denial ofService Attacks)
∙ Provide confidentiality and integrity protection for data transmitted over these networks
(e.g. use encryption and traffic flow security measures to resist passive monitoring)
∙ Defend the Enclave Boundaries
(e.g. deploy Firewalls and Intrusion Detection to resist active network attacks)
∙ Defend the Computing Environment
(e.g. provide access controls on hosts and servers to resist insider, close-in, and distribution attacks)
∙ Defend the Supporting Infrastructure
(e.g. key management and PKI)

operations
- focuses on the activities required to sustain an organization’s security posture on a day-to-day basis
ex. Maintaining an up-to-date system security policy Certifying and accrediting changes to information systems