Book Cards (set 1) Flashcards
What prevents people from stealing PII and sensitive information?
Data Loss Prevention (DLP)
What type of device could suffer an ARP attack?
A switch (because it works with MAC addresses)
Which two devices use ACL?
Firewall and router
What device sits in the screened subnet, authenticates incoming users, and decrypts incoming traffic?
Reverse Proxy
What device could you install to manage a high volume of incoming web traffic?
A load balancer
A network administrator is going to change firewall rules. What should they do FIRST?
Follow the Change Management Process
What kind of records are created by DNS poisoning, and how can we prevent this attack?
DNS poisoning creates RRSIG records and can be prevented using DNSSEC
What device joins multiple networks together?
A router
What type of control does a SIEM system adopt?
Detective Control
What type of attack affects weak database configuration? What are the symptoms?
SQL Injection, symptoms of which include the insertion of malicious code such as 1=1
If an attacker is gathering information from a companys website and Facebook page, what type of reconnaissance is this?
Passive reconnaissance
What type of data does a VPN protect?
Data in Transit
Why would we use an Access Control Vestibule in a datacenter?
To control access
What can you use to isolate an application from the underlying operating system?
Containers
How will a company push out an update to their password policies?
GPO - Group Policy Update
What do digital signatures and hashing have in common?
They both provide non-repudiation
The company SIEM system has detected an attack on a file server, but a manual inspection of the file server finds nothing. What does this decribe?
A false positive
How can you prevent buffer overflow, integer overflow, and SQL injection attacks?
Input validation can prevent all three of these attacks as it controls input to an application or database. A stored procedure is another prevention method that will prevent a SQL injection attack, and this should be the first choice for a database.
What type of threat actor might be employed by the Nation State or APT?
Organized crime
Which threat actor is socially or politically motivated?
Hacktivist
Which threat actor wants your trade secrets?
Competitor
Which threat actor would buy a program from the Dark Web?
Script kiddie
What type of attack involves the insertion of too many characters into a data field on a web server?
Buffer overflow
What can you do to check if a USB drive has a virus?
Inspect it using a sandbox. Use sandboxes for testing, checking patches, and investigating malware.
What risk treatment is being used if you purchase insurance or outsource your IT?
Risk Transference