Ch5 Securing Individual Systems

Question 1

most cyber-attacks are mitigated fairly quickly, one exception is ___

Answer 1

Denial of Service

Question 2

a ___ attack might involve a ping flood or UDP flood

Answer 2

Volume

Question 3

when a client sends continuous SYN requests without waiting for a response, this is a ___ attack

Answer 3

protocol

Question 4

how do later versions of Apache web server defend against a slow loris attack?

Answer 4

shorter timeouts when waiting for responses

Question 5

in a ___ attack, conversations are repeatedly initiated by a client with a web server but never continued

Answer 5

+++slow loris

Question 6

in a ___ attack, the IP address is spoofed so everyone starts responding to the target

Answer 6

smurf

Question 7

in a ___ attack, malware is used to generate a botnet and several computer attack the target at once

Answer 7

Distributed Denial of Service (DDOS)

Question 8

when spam is done over instant messaging it is called ___

Answer 8

spim

Question 9

___ is an attempt (via email) to collect information, targeted to a particular person

Answer 9

spear phishing

Question 10

___ is like phishing, but more dangerous and done using voice

Answer 10

vishing

Question 11

___ is just trying to get you to click on an ad, but ___ is trying to get you to click on something different than what you thought you were clicking

Answer 11

clickbait; clickjacking

Question 12

___ is taking advantage of common typos to send you to a decoy url

Answer 12

typo squatting

Question 13

if you let the registration of a domain lapse, you might become a victim of ___

Answer 13

domain hijacking

Question 14

in ___ a user’s group might be surreptitiously changed to one with more permissions

Answer 14

privilege escalation

Question 15

when a 3rd party inserts themselves into a conversation without the other two knowing, this is the beginning of a ___ attack

Answer 15

man in the middle (MITM)

Question 16

for wireless connections, ___ or ___ protocols have encryption, but ___ does not

Answer 16

WPA; WPA2; WEP

Question 17

the ___ protocol is used to secure financial data on Bluetooth connections

Answer 17

NFC

Question 18

when an attacker convinces a system that his address is the target computers or vice versa, this is called ___

Answer 18

spoofing

Question 19

___ is lying to the system about the IP address for another machine

Answer 19

ARP poisoning

Question 20

in a ___attack, a password or certificate is obtained, and the login performed again

Answer 20

replay

Question 21

in a ___attack, the system is tricked into using a more primitive version of the protocols, which is more easily hacked

Answer 21

downgrade

Question 22

in ___ the attacker must enter a live conversation and inject information in real-time

Answer 22

session hacking

Question 23

system ___ is the ability to withstand a negative impact

Answer 23

resiliency

Question 24

the ability to add more servers to meet changing network demand is ___, and if you can also reduce servers as demand contracts, this is called ___

Answer 24

scalability; elasticity

Question 25

___ is a way to achieve system resiliency through the ability to return to an earlier state

Answer 25

non-persistence

Question 26

in ___ recovery, the system revert back to an earlier OS or application version

Answer 26

known state

Question 27

in ___ recovery, drivers revert to an earlier version

Answer 27

rollback

Question 28

in using a ___ for system recovery, a virtual installation is run in active memory only

Answer 28

live CD

Question 29

in a ___ system, several drives are used to provide inexpensive and efficient protection against loss of data

Answer 29

Redundant Array of Independent Devices (RAID)

Question 30

RAID systems work by splitting large files into clusters called ___ to distribute between drives, speeding up data access

Answer 30

stripes

Question 31

RAID systems work by duplicating data between drives, called ___, to improve data security

Answer 31

mirroring

Question 32

a RAID 2 system requires at least 3 drives, with the 3rd being a dedicated ___ drive

Answer 32

parity

Question 33

RAID __ systems can recover after losing one drive, and RAID __ systems can recover after losing 2 drives

Answer 33

5; 6

Question 34

why would proprietary RAID systems be used?

Answer 34

to accommodate different drive sizes

Question 35

one proprietary RAID system found in Windows is ___

Answer 35

storage spaces

Question 36

___ is file-level network storage, while ___ is block-level network storage

Answer 36

Network Attached Storage (NAS); Storage Area Networking (SAN)

Question 37

the best way to prevent misuse of ports and connections is to ___

Answer 37

disable them at the BIOS level

Question 38

if you cannot disable a USB port from BIOS, you can probably at least ___ so files can’t be copied from it

Answer 38

disable mass storage

Question 39

the energetic fields of devices can cause harm due to ___, or in the case of wireless routers ___

Answer 39

electro-magnetic interference (EMI); radio frequency interference (RFI)

Question 40

3 steps to reduce EMI disruption on a network would be:

Answer 40

shielding; separation; separate electrical circuits

Question 41

___ can destroy electrical circuits in a flash, but wearing an ___ protects them while you are working on them

Answer 41

electro-static charge (ESD); ESD wrist strap

Question 42

even in the absence of malware, a system can be slowed down unless you disable ___

Answer 42

unnecessary services

Question 43

a major source of attack now is through the Internet of Things devices, unless you ___

Answer 43

change their default passwords

Question 44

best practices for updating OS, application and device patches consists of 5 steps:

Answer 44

Monitor (for updates); Test (on a sandbox system); Evaluate (if needed); Deploy (without disrupting operations); Document what was done

Question 45

what does a RAID system NOT protect from?

Answer 45

power supply of other devices failing

Question 46

what will make it much less expensive to use RAID, load balancing and redundancy on a network?

Answer 46

virtualization of the drives

Question 47

___ is often the easiest way to secure data on a media, but very difficult to recover if you lose the key

Answer 47

disk encryption

Question 48

in ___ a disk is encrypted with a physical chip containing a public/private key

Answer 48

Trusted Platform Module (TPM)

Question 49

the built-in Windows version of TPM security is called __, but you may have to ___ before you can use it

Answer 49

bitlocker; enable TPM in the BIOS

Question 50

___ is a form of hardware/firmware security often found in smartphones, navigation systems, etc. (and now in Windows 10) which creates a “hardware root of trust” and a “secure supply chain”

Answer 50

Secure Boot

Question 51

sometimes a network will have a ___ just to handle security certificates

Answer 51

Hardware Security Module (HSM)

Question 52

when selecting an OS for security, follow the Principle of ___

Answer 52

Least Functionality

Question 53

versions of Windows or Linux that have been certified and locked-down are called ___

Answer 53

Trusted Operating Systems

Question 54

connecting to a Bluetooth signal in order to steal data is called ___

Answer 54

Bluesnarfing

Question 55

a wireless NIC could be inserted into a computers ___ and might go unnoticed for some time

Answer 55

SD slot

Question 56

a ___ can look just like a USB drive, but will actually be grabbing data while it is plugged in

Answer 56

Rubber Duck

Question 57

if a security camera sends video to a smartphone app, assume your video is ___

Answer 57

being monitored by another organization

Question 58

a ___ is a Trojan that is activated by an event (like the deactivation of a user account)

Answer 58

Logic Bomb

Question 59

___ is software that escalates privileges to execute other things

Answer 59

rootkit

Question 60

a ___ works with a USB device to record keystrokes

Answer 60

keylogger

Question 61

___ viruses have superfluous code to confuse anti-malware software

Answer 61

armored

Question 62

most malware today is ___ so anti-malware software has a hard time identifying it

Answer 62

polymorphic

Question 63

the output of a host-based firewall is basically a ___

Answer 63

whitelist

Question 64

firewalls are like ___ of traffic coming into a network, while ___ sends alerts if something bad is found within the network and ___ takes action to shut bad things down

Answer 64

filter; Intrusion Detection System (IDS); Intrusion Prevention System (IPS)

Question 65

automating the security of your network provides both ___ and ___

Answer 65

consistency; repetition

Question 66

when data is ___, it is overwritten with random binary code

Answer 66

wiped

Question 67

when data is ___, something external (like degaussing) is done to the drive which may make it unusable

Answer 67

purged

Question 68

one quick way to make encrypted data inaccessible is to destroy the key, this is called ___

Answer 68

crypto-erasing