Chapter 1: Getting Started

Question 1

What does OSI stand for?

Answer 1

Open Systems Interconnection

Question 2

What does PDU stand for?

Answer 2

Protocol Data Unit

Question 3

What are the 7 OSI Layers?

Top Down Order: All People Seem To Need Daily Planning

Answer 3

• 7. Application
• 6. Presentation
• 5. Session
• 4. Transport
• 3. Network
• 2. Data Link
• 1. Physical

Question 4

What is the 1st OSI Layer?

Include Layer Name, Ex. Protocols, and PDU

Answer 4

• Physical
• USB Standards, Bluetooth
• Bit

Question 5

What is the 2nd OSI Layer?

Include Layer Name, Ex. Protocols, and PDU

Answer 5

• Data Link
• ARP, CDP, PPP
• Frame

Question 6

What is the 3rd OSI Layer?

Include Layer Name, Ex. Protocols, and PDU

Answer 6

• Network
• IP
• Packet

Question 7

What is the 4th OSI Layer?

Include Layer Name, Ex. Protocols, and PDU

Answer 7

• Transport
• TCP. UDP
• Segment

Question 8

What is the 5th OSI Layer?

Include Layer Name, Ex. Protocols, and PDU

Answer 8

• Session
• x.225, SCP, ZIP
• Data

Question 9

What is the 6th OSI Layer?

Include Layer Name, Ex. Protocols, and PDU

Answer 9

• Presentation
• AFP, NCP, MIME
• Data

Question 10

What is the 7th OSI Layer?

Include Layer Name, Ex. Protocols, and PDU

Answer 10

• Application
• FTP, HTTP, SMTP
• Data

Question 11

What are the 4 TCP/IP Layers?

Answer 11

• 4. Application
• 3. Transport
• 2. Internet
• 1. Network Access

Question 12

Which OSI Layer(s) are equivalent to the TCP/IP Network Access Layer?

Answer 12

• Physical
• Data Link

Question 13

Which OSI Layer(s) are equivalent to the TCP/IP Internet Layer?

Answer 13

Network

Question 14

Which OSI Layer(s) are equivalent to the TCP/IP Transport Layer?

Answer 14

Transport

Question 15

Which OSI Layer(s) are equivalent to the TCP/IP Application Layer?

Answer 15

• Session
• Presentation
• Application

Question 16

How does the TCP handshake get initialized?

Answer 16

1. SYN
2. SYN-ACK
3. ACK

Question 17

What are the 5 security zones?

Answer 17

1. Internet
2. Internet DMZ
3. Production Network Zone
4. Intranet Zone
5. Management Network Zone

Question 18

Define vulnerability

Answer 18

Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

Question 19

What are the vulnerability categories?

Answer 19

• misconfiguration
• default installations
• buffer overflows
• missing patches (unpatched servers)
• design flaws
• operating system flaws
• application flaws
• open services
• default passwords

Question 20

Define hack value

Answer 20

The idea a hacker holds about the perceived worth or interest in attacking a target

Question 21

Define zero-day attack

Answer 21

An attack carried out on a system or application before the vendor becomes aware and before a patch or fix action is available to correct the underlying vulnerability.

Question 22

Define payload

Answer 22

The contents of a packet or specific malicious content an attacker delivers that is acted upon and executed by the system.

Question 23

Define exploit

Answer 23

Software code, a portion of data, or a sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.

Question 24

Define daisy chaining

Answer 24

A method of external testing whereby several sysstems or resources are used together to make an attack.

Question 25

Define doxing

Answer 25

The process of searching for and publishing private information about a target (usually an individual) on the internet, typically with malicious intent.

Question 26

What are the 5 sections of threat modeling?

Answer 26

1. Identify Security Objectives
2. Application Overview
3. Decompose Application
4. Identify Threats
5. Identify Vulnerabilities

Question 27

What does EISA stand for?

Answer 27

Enterprise Information Security Architecture

Question 28

What is EISA?

Answer 28

A collection of requirements and processes that helps determine how an organization’s information systems are built and how they work.

Question 29

What are the phases of risk management?

Answer 29

• Risk Identification
• Risk Assessment
• Risk Treatment
• Risk Tracking
• Risk Review

Question 30

Define asset

Answer 30

Any item of value or worth to an organization, whether physical or virtual.

Question 31

Define threat

Answer 31

Any circumstance or event with the potential to adversely impact organizational operations, organizational assests, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

Question 32

Define security controls

Answer 32

Safeguards or countermeasures to avoid, counteract or minimize security risks.

Question 33

Define risk

Answer 33

The potential for damage to or loss of an IT asset

Question 34

Give an example of a preventive measure

Answer 34

Authentication

Question 35

Give an example of a detective measure

Answer 35

Audit

Question 36

Give an example of a corrective measure

Answer 36

Backups and restore

Question 37

What does BIA stand for?

Answer 37

Business Impact Analysis

Question 38

Define BIA

Answer 38

An organized process to gauge the potential effects of an interruption to critical business operations as a result of a disaster, accident, or emergency.

Question 39

What does MTD stand for?

Answer 39

Maximum Tolerable Downtime

Question 40

Define MTD

Answer 40

A measurement of the potential cost due to a particular asset being unavailable, used as a means to prioritize the recovery of assests should the worst occur.

Question 41

What does BCP stand for?

Answer 41

Business Continuity Plan

Question 42

Define BCP

Answer 42

A set of plans and procedures to follow in the event of a failure or a disaster, security related or not, to get business services back up and running.

Includes a DRP that addresses exactly what to do to recover lost data or services

Question 43

What does DRP stand for?

Answer 43

Disaster Recovery Plan

Question 44

Define DRP

Answer 44

A documented set of procedures to recover business infrasstructures in the event of a disaster.

Question 45

What does ALE stand for?

Answer 45

Annualized Loss Expectancy

Question 46

Define ALE

Answer 46

A measurement of the cost of an asset’s value to the organization and the monetary loss that can be expected for an asset due to risk over a one-year period.

Question 47

What is the equation for ALE?

Answer 47

ALE = ARO * SLE

ARO = Annualized Rate of Occurance
SLE = Single Loss Expectancy

Question 48

What does ARO stand for?

Answer 48

Annualized Rate of Occurance

Question 49

Define ARO

Answer 49

An estimate of the number of times during a year a particular asset would be lost or experience downtime.

Question 50

What does SLE stand for?

Answer 50

Single Loss Expectancy

Question 51

Define SLE

Answer 51

The monetary value expected from the occurance of a risk of an asset

Question 52

What is the equation for SLE?

Answer 52

SLE = AV * EF

AV = Asset Value
EF = Exposure Factor

Question 53

What does EF stand for?

Answer 53

Exposure Factor

Question 54

Define EF

Answer 54

The subjective, potential percentage of loss to a specific asset if a specific threat is realized.

Question 55

What does CIA stand for?

Answer 55

Confidentiality, Integrity, Availability

This is the Holy Trinity of IT security

Question 56

Define Confidentiality

Answer 56

A security objective that ensures a resource can be accessed only by authorized users. This is alos the security priniciple that stipulates sensitive informatino is not disclosed to unauthorized individuals, entities, or processes.

Question 57

Define Integrity

Answer 57

The security property that data is not modified in an unauthorized and undetected manner. Also, this is the principle of taking measures to ensure that data received is in the same condition and state as when it was originally transmitted.

Question 58

Define Availability

Answer 58

The condition of a resource being ready for use and accessible by authorized users.

Question 59

Define hash

Answer 59

A unique numerical string, created by a hashing algorithm on a given piece of data, used to verify data integrity

Question 60

Define hashing algorithm

Answer 60

A one-way mathematical function that generates a fixed length numerical string (hash) from a given data input.
Examples of hashing algorithms: MD5 and SHA-1

Question 61

What does DoS stand for?

Answer 61

Denial of Service

Question 62

Define DoS

Answer 62

An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.

Question 63

What does TOE stand for?

Answer 63

Target Of Evaluation

Question 64

Define TOE

Answer 64

What is being tested

Question 65

What does ST stand for?

Answer 65

Security Target

Question 66

Define ST

Answer 66

The documentation describing TOE and security requirements

Question 67

What does PP stand for?

Answer 67

Protection Profile

Question 68

Define PP

Answer 68

A set of secuirty requirements specifically for the type of product being tested.

Question 69

Define access control

Answer 69

Restricting access to a resource in some selective manner

Question 70

What does MAC stand for?

Answer 70

Mandatory Access Control

Question 71

Define MAC

Answer 71

An access control model in which access to system resources is restricted based on the sensitivity of the information contained in the system resource and the formal authorization of users to access information such as sensitivity.

Question 72

What does DAC stand for?

Answer 72

Discretionary Access Control

Question 73

Define DAC

Answer 73

An access control model in which an individual user, or program operating on the user’s behalf, is allowed to specify explicitly the types of access other users may have to information under the user’s control.

Question 74

Define security policy

Answer 74

A document describing the security controls implemented in a business to accomplish a goal.

Question 75

Define access control policy

Answer 75

Identifies the resources that need protection and the rules in place to control access to those resources.

Question 76

Define information security policy

Answer 76

Identifies to employees what company systems may be used for, what they cannot be used for, and what the consequences are for breaking the rules.

Question 77

Define information protection policy

Answer 77

Information sensitivity levels and who has access to those levels. Also addresses how data is stored, transmitted, and destroyed.

Question 78

Define password policy

Answer 78

Everything imaginable about passwords within the organization, including length, complexity, maximum and minimum age, and reuse.

Question 79

Define e-mail policy

Answer 79

Sometimes also called the e-mail security policy, addresses the proper use of the company e-mail system.

Question 80

Define information audit policy

Answer 80

The framework for auditing secrity within the organization. When, where, how, how often, and sometimes even who conducts information security audits are described here.

Question 81

Name the 4 policies through the prism

Answer 81

1. promiscuous - wide open
2. permissive - blocks only things that are known to be dangerous
3. prudent - provides maximum security but allows some potentially and know dangerous services because of business needs
4. paranoid - locks everythingn down, not even allowing the user to open so much as an internet browser

Question 82

Define standards

Answer 82

Mandatory rules used to achieve consistency

Question 83

Define baselines

Answer 83

Provides the minimum security level necessary

Question 84

Define guidelines

Answer 84

Flexible, recommended actions users are to take in the event there is no standard to follow.

Question 85

Define procedures

Answer 85

Detailed step-by-step instructions for accomplishing a taak or goal.

Question 86

Define phreaker

Answer 86

Someone who manipulates telecommunications systems in order to make free calls.

Question 87

What is a white hat hacker?

Answer 87

An ethical hacker. Engaged to test the security of an organization, and work solely within the bounds of an agreement that has been signed and afreed upon by all parties before the assessment begins.

Question 88

What is a black hat hacker?

Answer 88

An attacker who breaks into computer systems with malicious intent, with-out the owner’s knowledge or permission.

Question 89

What is a gray hat hacker?

Answer 89

A skilled hacker who straddles the line between white hat (ethical) and black hat (malicious). Sometimes perform illegal acts to exploit technology with the intent of achieving better security.

Question 90

Define hactivism

Answer 90

The act or actions of a hacker to put forward a cause or political agenda, to affect some societal change, or to shed light on something the hacker feels to be a political injustice. Usually illegal in nature.

Question 91

What is a suicide hacker?

Answer 91

A hacker who aims to bring down critical infrastructure for a “cause” and does not worry about the penalties associated with their actions.

Question 92

What is a script kiddie?

Answer 92

Derogatory term used to describe an attacker, usually new to the field, who uses simple, easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.

Question 93

What is a cyberterrorist?

Answer 93

Someone motivated by religious or political beliefs to create fear and large-scale systems disruption.

Question 94

What is a state-sponsored hacker?

Answer 94

A hacker employed by the government.

Question 95

What are the 4 categories of attack types?

Answer 95

1. Operating system attacks
2. Application-level attacks
3. Shrink-wrapped code attacks
4. Misconfiguration attacks

Question 96

What are the 5 phases of ethical hacking?

Answer 96

1. Reconnaissance
2. Scanning and enumeration
3. Gaining access
4. Maintaining access
5. Covering tracks

Question 97

Define reconnaissance

Answer 97

The steps taken to gather evidence and information on the targets you want to attack.

Question 98

Define passive reconnaissance

Answer 98

Gathering information about your target without their knowledge.

Question 99

Define active reconnaissance

Answer 99

Using tools and techniques that may or may not be discovered but put your activities as a hcaker at more risk of discovery.

Question 100

Define the scanning and enumeration phase

Answer 100

Taking the information gathered during reconnaissance and actively apply tools and techniques to gather more in-depth information on the targets.

Question 101

Define the gaining access phase

Answer 101

When true attacks are leveled againsed the targets enumerated in the scanning and enumeration phase.

Question 102

Define the maintaining access phase

Answer 102

Hackers attempt to ensure they have a way back into the machine or system they’ve already compromised.

Question 103

Define a zombie machine

Answer 103

A machine used to launch further attacks from

Question 104

Define the covering tracks phase

Answer 104

Attackers attempt to conceal their success and avoid detection by security professionals.

Ex. altering log files, hiding files with hidden attribures or directories, etc.

Question 105

What does SIEM stand for?

Answer 105

Security Incident and Event Manager

Question 106

What does IOC stand for?

Answer 106

Indicator Of Compromise

Question 107

Define IOC

Answer 107

Clues (identifiers, tidbits of information or settings, etc.) that you can readily identify as a strong sympton you’ve been hacked.

Question 108

What are the 4 main types of IOC?

Answer 108

1. E-mail indicators - senders’ addresses, subject lines, types of attachments
2. Network indicators - URLs, domain names, IP addresses
3. Host-based indicators - filenames, hashes, registry keys
4. Behavioral indicators - PowerShell executions, remote command executions, etc.

Question 109

Define tiger team

Answer 109

A group of people gathered together by a business entity, working to address a specific problem or goal.

Question 110

Define penetration testing

Answer 110

A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
A clearly defined, full-scale test of the security controls of a system or network in order to identify security risks and vulnerabilities.

Question 111

What are the 3 main phases of pen testing?

Answer 111

1. Preparation - time period during which the actual contract is hammered out
2. Assessment - the actual assault on the security controls
3. Conclusion - final reports are prepared

Question 112

What is black-box testing?

Answer 112

When the ethical hacker has absolutely no knowledge of the TOE. Used to simulate an outside, unknown attacker.

Question 113

What is white-box testing?

Answer 113

When the pen testers have full knowledge of the network, system, and infrastructure they’re targeting. Used to simulate a knowledgeable internal threat such as a disgruntled network admin or other trusted user.

Question 114

What is gray-box testing?

Answer 114

When the ethical hacker has limited knowledge of the intended target. Used to simulate an internal but non-system-admin.

Question 115

What does HIPAA stand for?

Answer 115

Health Insurance Portability and Accountability Act

Question 116

What are the 5 sub-sections of HIPAA?

Answer 116

1. Electronic Tansactions and Code Sets
2. Privacy Rule
3. Security Rule
4. National Identifier Requirements
5. Enforcement

Question 117

What does SOX stand for?

Answer 117

Sarbanes-Oxley Act

Question 118

Define SOX

Answer 118

Makes corporate disclosures more accurate and reliable in order to protect the public and investors from shady behavior.

Question 119

What does PCI DSS stand for?

Answer 119

Payment Card Industry Data Security Standard

Question 120

Define PCI DSS

Answer 120

The security standard for organizations handling credit cards, ATM cards, and other point-of-sale cards.

Question 121

What are the 12 requirements of PCI DSS?

Answer 121

1. Install and maintain firewall configuration
2. Remove vendor-supplied default passwords and other default security features
3. Protect stored data
4. Encrypt transmission of cardholder data
5. Install, use, and update antivirus
6. Develop secure systems and applications
7. Use “need to know” as a guideline to restric access to data
8. Assign a unique ID to each stakeholder in the process
9. Restrict any physical access to the data
10. Monitor all access to data and network resources
11. Test security procedures and systems regularly
12. Create and maintain an information security policy

Question 122

What is ISO/IEC 27001:2018?

Answer 122

A standard that provides requirements for creating, maintaining and improving organizational information security systems.