Categories & Types of security controls Flashcards
Technology-based measures such as firewalls and encryption
Technical Controls
Policies, procedures, and guidelines for security management
Managerial controls
Day-to-day security practices such as monitoring and access management
Operational controls
Measures to safeguard physical assets and premises
Physical controls
Intended to discourage potential attackers
Deterrent controls
Aimed at preventing security incidents
Preventive controls
Focused on identifying and detecting security incidents
Detective controls
Implemented after an incident to mitigate the impact
Corrective controls
Alternative measures to compensate for inadequate primary controls
Compensating controls
Policies or regulations providing specific guidance
Directive controls
After conducting a vulnerability scan of her network, Wendy discovered the issue shown here on several servers. What is the most significant direct impact of this vulnerability?
A. Attackers may eavesdrop on network communications.
B. Attackers may use this information to gain administrative privileges.
C. Encryption will not protect credentials for this account.
D. Automated attacks are more likely to succeed.
D. Automated attacks are more likely to succeed.
D. Most automated attacks assume that a Windows system still contains a default account named Administrator and try to exploit that account. Changing the name makes it less likely that these attacks will stumble upon the account.
Which one of the following characters is the most important to restrict when performing input validation to protect against XSS attacks?
A. <
B. !
C. $
D. ‘
A. <
A. Cross-site scripting relies upon embedding HTML tags in stored or reflected input. The < and > characters are used to denote HTML tags and should be carefully managed when seen in user input.
During forensic analysis, Drew discovered that an attacker intercepted traffic headed to networked printers by modifying the printer drivers. His analysis revealed that the attacker modified the code of the driver to transmit copies of printed documents to a secure repository. What type of attack took place?
A. Refactoring
B. Shimming
C. Swapping
D. Recoding
A. Refactoring
A. The two major categories of attack against device drivers are shimming and refactoring. In a shimming attack, the attacker wraps his or her own malicious code around the legitimate driver. Shimming attacks do not require access to the driver’s source code. In a refactoring attack, such as this one, the attacker actually modifies the original driver’s source code.
Pete is investigating a domain hijacking attack against his company that successfully redirected web traffic to a third-party website. Which one of the following techniques is the most effective way to carry out a domain hijacking attack?
A. ARP poisoning
B. Network eavesdropping
C. DNS poisoning
D. Social engineering
D. Social engineering
D. In a domain hijacking attack, the attacker changes the registration of a domain with the registrar. DNS and ARP poisoning attacks may redirect web traffic, but they would do so by providing bogus address information, not by hijacking the domain. Network eavesdropping could theoretically be used to steal credentials that are used to alter information with a registrar, but this is unlikely. The most likely source of a domain hijacking attack is using social engineering with the registrar to gain access to the account being used to manage registration information.
Which one of the following technologies must be enabled on a wireless network for a Pixie Dust attack to succeed?
A. SSID broadcasting
B. WPS
C. WPA
D. WEP
B. WPS
B. Pixie Dust attacks are a specialized attack that’s used to retrieve the Wi-Fi Protected Setup (WPS) PIN code for a network. Pixie Dust attacks will not work if WPS is not enabled on the network.
Darren is investigating an attack that took place on his network. When he visits the victim’s machine and types www.mybank.com into the address bar, he is directed to a phishing site designed to look like a legitimate banking site. He then tries entering the IP address of the bank directly into the address bar and the legitimate site loads. What type of attack is likely taking place?
A. IP spoofing
B. DNS poisoning
C. ARP spoofing
D. Typosquatting
B. DNS poisoning
B. The fact that the legitimate server responds to requests made by an IP address indicates that the attacker is not performing IP spoofing or ARP spoofing. There is no indication that the URL is incorrect, so Darren can rule out typosquatting. The most likely attack in this scenario is DNS poisoning. Darren can verify this by manually changing the system to a different DNS server, clearing the system’s DNS cache, and attempting to resolve the name again.
What type of scan can best help identify cases of system sprawl in an organization?
A. Database scan
B. Web application scan
C. Detailed scan
D. Discovery scan
D. Discovery scan
D. Discovery scans are designed to identify systems on the network and can be used to detect undocumented assets that are the result of system sprawl.
Scott is a security administrator for a federal government agency. He recently learned of a website that advertises jobs for former government employees. When he accessed the site, the site launched code in his browser that attempted to install malicious software on his system. What type of attack took place?
A. Denial of service
B. Watering hole
C. Spyware
D. Trojan horse
B. Watering hole
B. This is an example of a watering hole attack. These attacks place malicious code on a website frequented by members of the target audience. There is not sufficient information to determine whether the malicious code was spyware or a Trojan horse, or whether it delivered a denial of service payload.
Scott is reviewing a list of cryptographic cipher suites supported by his organization’s website. Which one of the following algorithms is not secure and may expose traffic to eavesdropping attacks?
A. ECC
B. 3DES
C. AES
D. DES
D. DES
The Data Encryption Standard (DES) is an outdated, insecure algorithm that should not be used in modern applications. Triple DES (3DES) is a secure alternative that uses three rounds of DES encryption. The Advanced Encryption Standard (AES) and Elliptic Curve Cryptosystem (ECC) are also modern, secure cipher suites.
Brenda is selecting the tools that she will use in a penetration test and would like to begin with passive techniques. Which one of the following is not normally considered a passive reconnaissance technique?
A. Social engineering
B. Wireless network eavesdropping
C. Open source intelligence
D. Domain name searches
A. Social engineering
A. Social engineering is an active technique because it involves interaction with the target organization. Attackers may conduct open source intelligence gathering, including domain name searches, using only external resources that will not alert the target organization. Wireless network eavesdropping may also be conducted from a location outside of the organization’s facilities without alerting the organization to their presence or interacting with target systems.