Chapter 1 - Essential Knowledge

Question 1

Network Security Zones - Internet

Answer 1

Uncontrollable

Question 2

Network Security Zone - Internet DMZ

Answer 2

Controleld buffer network

Question 3

Network Security Zone - Production Network Zone

Answer 3

Very restricted; controls direct access from uncontrolled zones; has no users

Question 4

Network Security Zone - Intranet Zone

Answer 4

Controlled; has little to no heavy restrictions

Question 5

Network Security Zone - Management Network Zone

Answer 5

Might find VLAN and IPSEC; highly secured; strict policies

Question 6

CVSS

Answer 6

Common Vulnerability Scoring System - Places numerical score based on severity

Question 7

National Vulnerability Database (NVD)

Answer 7

US government repository of vulnerabilities

Question 8

What are the 2 access control types?

Answer 8

Mandatory (MAC) - access is set by an administrator. Discretionary (DAC) - allows users to give access to resources that they own and control

Question 9

Hack Value

Answer 9

perceived value or worth of a target as seen by the attacker

Question 10

Zero-day Attack

Answer 10

attack that occurs before a vendor knows or is able to patch a flaw

Question 11

Doxing

Answer 11

searching for and publishing information about an individual usually with a malicious intent

Question 12

Enterprise Information Security Architecture (EISA)

Answer 12

process that determines how systems work within an organization

Question 13

Incident Management

Answer 13

Deals with specific incidents to mitigate the attack

Question 14

What are the risk management phases?

Answer 14

Risk Identification, Risk Assessment, Risk Treatment, Risk Tracking, Risk Review

Question 15

Annualized Loss Expectancy

Answer 15

ARO x SLE

Question 16

Security Control Types: Physical, Technical, Administrative

Answer 16

Physical: Guards, lights, cameras. Technical: Encryption, Smart Cards, Access Control Lists. Administrative: Training awareness, policies

Question 17

Types of Security Controls: Preventative, Detective, Corrective

Answer 17

Preventative: Authentication, alarm bells. Detective: Audits, Backups. Corrective: Restore Operations

Question 18

User Behavior Analytics

Answer 18

(UBA) - Tracking users and extrapolating data in light of malicious activity

Question 19

CIA Triad

Answer 19

Confidentiality: Passwords, encryption. Integrity: Hashing, digital signatures. Availability: Anti-dos solutions

Question 20

Bit Flipping

Answer 20

Integrity attack. In Bit flipping, the attacker isn’t interested in learning the entirety of the plain-text message. Instead, bits are manipulated in the cipher text itself to generate a predictable outcome in the plain text once it is decrypted.

Question 21

MAC Address spoofing is an example of what kind of CIA attack?

Answer 21

Authentication

Question 22

Evaluation Assurance Level (EAL)

Answer 22

The Evaluation Assurance Level (EAL1 through EAL7) of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation

Question 23

Common Criteria for IT Security Evaluation

Answer 23

Testing standard designed to reduce or remove vulnerabilities from a product before its released.

Question 24

Target of Evaluation (Common Criteria)

Answer 24

What is being tested

Question 25

Security Target (ST) ( common criteria)

Answer 25

The documentation describing the TOE and security requirements

Question 26

Protection Profile (PP) (Common Criteria)

Answer 26

A set of security requirements specifically for the type of product being tested.

Question 27

Security Policy Categories: Promiscuous, Permissive, Prudent, Paranoid

Answer 27

Promiscuous: Wide Open. Permissive: Blocks only known dangerous things. Prudent: Blocks most and only allows things for business purpose. Paranoid: Locks everything down

Question 28

Standards vs. Baselines vs. Guidelines

Answer 28

Standards: Mandatory rules to achieve consistency. Baselines: Provide minimum security necessary. Guidelines: Flexible or recommended actions

Question 29

Script Kiddie

Answer 29

Uneducated in security methods, but uses tools that are freely available to perform malicious ativities

Question 30

Phreaker

Answer 30

Manipulates telephone systems

Question 31

White vs Black vs Gray Hat

Answer 31

White Hat: Ethical Hackers. Black Hat: Hackers that seek to perform malicioius activities. Gray Hat: Hackers that perform good or bad activities but do not have the permission of the organization they are hacking against

Question 32

Suicide Hacker

Answer 32

Do not care about any impunity to themselves, hack to get the job done

Question 33

Hacktivist

Answer 33

Someone who hacks for a cause.

Question 34

Operating System Attack

Answer 34

Attacks targeting OS flaws or security issues inside such as guest accounts or default passwords

Question 35

Application Level Attack

Answer 35

Attacks on programming code and software logic

Question 36

Shrink-Wrap Code attack

Answer 36

Attack takes advantage of built-in code or scripts

Question 37

Misconfiguration Attack

Answer 37

Attack takes advantage of systems that are misconfigured due to improper configuration of default configuration.

Question 38

What are the phases of ethical hacking?

Answer 38

Reconaissance, Scanning and Enumeration, Gaining Access (escalate privilege) , Maintaining Access, Covering Tracks

Question 39

Ethical Hacker vs. Cracker

Answer 39

Ethical Hacker - Employs tools that hackers use with a customer’s perimission; often obtains agreement from client before testing done. Cracker - Uses tools for personal gaihn or destructive purposes.

Question 40

What are the Pen Test phases?

Answer 40

Preparation: Contracts, team, scope of pen test determined. Assessment: All hacking phases (recon, scanning, attacks, etc.). Post-Assessment: Reports & Conclusions

Question 41

White Box vs. Black Box vs. Gray Box

Answer 41

Black Box Testing: Ethical hacker has NO knowledge of TOE. White-Box: Pen tester has full knowledge of network, systems, infrastructure they’re targeting. Gray-Box: Partial knowledge testing, some knowledge of system/or network.

Question 42

ISO 27001

Answer 42

Security standard based on the British BS7799 standard, focuses on security governance

Question 43

NIST-800-53

Answer 43

SOmeone who hacks for a cause.

Question 44

ISO 27002 AND 17799

Answer 44

Based on BS799 but focuses on security objectives and provides security controls based on industry best practice

Question 45

FISMA

Answer 45

“Federal Information Security Modernization Ac Of 2002” A law updated in 2004 to codify the authority of the Department of Homeland Security with regard to implementation of information security policies

Question 46

FITARA

Answer 46

“Federal Information Technology Acquisition Reform Act” A 2013 bill that was intended to change the framework that determines how the US GOV purchases technology

Question 47

HIPAA

Answer 47

“Health Insurance Portability and Accountability Act” a law that set’s privacy standards to protect patient medical records and health information shared between doctors, hospitals and insurance providers

Question 48

PCI-DSS

Answer 48

“Payment Card Industry Data Security Standard” Standard for organizations handling Credit Cards, ATM cards and other POS cards

Question 49

COBIT

Answer 49

“Control Object for Information and Related Technology” IT Governance framework and toolset, created by ISACA and ITGI

Question 50

SOX

Answer 50

“Sarbanes-Oxley Act” Law that requires publicly traded companies to submit to independent audits and to properly disclose financial information

Question 51

GLBA

Answer 51

“U.S Gramm-Leach-Bliley Act” Law that protects the confidentiality and integrity of personal information that is collected by financial institutions.

Question 52

OSSTM Compliance

Answer 52

“Open Source Security Testing Methodology Manual” maintained by ISECOM , defines three types of compliance: Legislative - Deals with government regulations (Such as SOX and HIPAA. Contractual - Deals with industry / group requirement (Such as PCI DSS). Standards based - Deals with practices that must be followed by members of a given group/organization (Such as ITIL ,ISO and OSSTMM itself)