Chapter 1 - Mastering Security Basics

Question 1

Use Case

Answer 1

Describes a goal than an organization wants to achieve

Question 2

Confidentiality

Answer 2

Prevents the unauthorized disclosure of data. Authorized personnel can access the data, but unauthorized cannot.

Question 3

Encryption

Answer 3

Scrambles data to make it unreadable by unauthorized personnel. Authorized personnel can decrypt the data to access it.

Question 4

Identification

Answer 4

Claiming identity with unique username

Question 5

Authentication

Answer 5

Prove identity with authentication, such as a password

Question 6

Authorization

Answer 6

Granting or restricting access to resources

Question 7

Stenography

Answer 7

Hiding data within data. Obscures the data and can be used in a use case to support obfuscation. Referred to as hiding data in plain sight. Example is embedding a hidden message in an image by modifying bits.

Question 8

Obfuscation

Answer 8

Attempting to make something unclear or difficult to understand. Its called security by obscurity. Not reliable.

Question 9

Best way to protect data confidentiality

Answer 9

Encryption

Question 10

Access Controls

Answer 10

Help protect confidentiality by restricting access

Question 11

Integrity

Answer 11

Provides assurances that data hasn’t changed. This means data isn’t modified, tampered with, or corrupted.

Question 12

Hash

Answer 12

Simply a number created by executing a hashing algorithm against data, such as a file or message.

Question 13

Digital Signature

Answer 13

Attached to file or email to assure that nothing was modified. Also provided authentication. Also provide non-repudiation (you can’t deny you digitally signed it after sending). Require digital certificates.

Question 14

Availability

Answer 14

Indicates that data and services are available when needed.

Question 15

Redundancy

Answer 15

Adds duplication to critical systems and provides fault tolerance

Question 16

Risk

Answer 16

Possibility or likelihood of a threat exploiting a vulnerability resulting in a loss

Question 17

Threat

Answer 17

Any circumstance or event that has the potential to compromise confidentiality, integrity, or availability.

Question 18

Vulnerability

Answer 18

A weakness in the hardware, software, the configuration, and even the users operating the system.

Question 19

Security Incident

Answer 19

An adverse event or series of events that can negatively affect the confidentiality, integrity, or availability of an organization’s IT systems and data.

Question 20

Risk Mitigation

Answer 20

Reduces the chances that a threat will exploit a vulnerability, by implementing security controls

Question 21

Technical Controls

Answer 21

Use technology to reduce vulnerabilities

Question 22

Principle of Least Privilege

Answer 22

Individuals or processes are granted only to privileges they need to perform their assigned tasks or functions, but no more.

Question 23

Administrative Controls

Answer 23

Use methods mandated by organizational policies or other guidelines.

Question 24

Risk Assessments

Answer 24

Help quantify and qualify risks within an organization so that the organization can focus on the serious risks.

Question 25

Quantitative Risk Assessment

Answer 25

Uses cost and asset values to quantify risks based on monetary values

Question 26

Qualitative Risk Assessment

Answer 26

Uses judgments to categorize risks based on probability and impact.

Question 27

Vulnerability Assessment

Answer 27

Attempts to discover current vulnerabilities or weaknesses.

Question 28

Pen Tests

Answer 28

Attempts to exploit vulnerabilities.

Question 29

Physical Controls

Answer 29

Any controls that you can physically touch. Includes lighting, signs, fences, guards, and more.

Many physical controls are also technical controls, such as a fire suppression system.

Question 30

Preventive Controls

Answer 30

Controls to prevent security incidents like hardening, security awareness & training, security guards, change management, etc

Question 31

Hardening

Answer 31

Making a system or application more secure than its default configuration.

Includes disabling unnecessary ports and services, implementing secure protocols, using strong passwords along with a robust password policy, and disabling default and unnecessary accounts.

Question 32

Security Awareness and Training

Answer 32

Ensuring that users are aware of security vulnerabilities and threat help prevent incidents.

Question 33

Change Management

Answer 33

Ensures that changes don’t result in unintended outages. One must submit a change to a change management process.

Both operational and preventive control.

Question 34

Detective Controls

Answer 34

Detects when vulnerabilities have been exploited, resulting in a security incident.

Question 35

Log Monitoring

Answer 35

Monitoring logs to detect anomalies.

Question 36

Trend Analysis

Answer 36

Using past logs or alerts to identify a trend, such as an increase of attacks on a specific system

Question 37

Security Audit

Answer 37

Examines the security posture of an organization. An example may be reviewing current permissions to ensure no one has more permissions than they should.

Question 38

Difference between detective controls and prevention controls

Answer 38

Detective control (IDS) cant predict/prevent an attack while Prevention control (IPS) stop the incident from occurring at all.

Question 39

Corrective Controls

Answer 39

Attempt to reverse the impact of an incident or problem after it has occurred. Examples include IPS and Backups & system recovery

Question 40

Deterrent Controls

Answer 40

Attempt to discourage a threat. Some attempt to discourage potential attackers from attacking, and others attempt to discourage employees from violating a security policy. Very similar to preventive controls.

Question 41

Compensating Controls

Answer 41

Alternative controls used instead of a primary control. Includes issuing a Time-based One-Time Password while employee awaits smart card.

Question 42

Virtualization

Answer 42

Allows you to host one or more virtual systems on a single physical system.

Question 43

Hypervisor

Answer 43

The software that creates, runs, and manages the VMs is the hypervisor.

Question 44

Host

Answer 44

The physical system hosting the VMs.

Question 45

Guest

Answer 45

Operating systems running on the host system are guests or guest machines.

Question 46

Host elasticity and scalability

Answer 46

Refer to the ability to resize computing capacity based on the load.

Question 47

Type 1 Hypervisors

Answer 47

Run directly on the system on the system hardware. Called bare-metal hypervisors

Question 48

Type 2 Hypervisors

Answer 48

Run as a software within a host operating system.

Question 49

Application Cell/Container virtualization

Answer 49

Runs services or applications within isolated application cells/containers. Doesn’t have its own kernel.

Question 50

Snapshot

Answer 50

Provides you with a copy of the VM at a moment in time which can be used as a backup.

Question 51

VDI/VDE

Answer 51

Virtual Desktop Infrastructure/Virtual Desktop Environment

A user’s desktop operating system runs as a VM on a server

Question 52

Persistent virtual desktop

Answer 52

Each user has a custom desktop image

Question 53

Non-persistent virtual desktop

Answer 53

Serves the same desktop for all users. Reverts back to known state (snapshot) when they log off.

Question 54

VM escape

Answer 54

An attack that allows an attacker to access the host system from within the virtual system.

A successful VM escape attack often gives the attacker unlimited control over the host system and each virtual system within the host.

Question 55

VM Sprawl

Answer 55

Occurs when an organization has many VMs that aren’t managed properly. This means they aren’t updated or or unauthorized.

Question 56

Ping

Answer 56

Tests connectivity for remote systems. Checks name resolution. Checks security posture (if pings aren’t getting through firewall if configured to do so).

Uses ICMP echo request packets.

Question 57

ipconfig

Answer 57

Shows the TCP/IP configuration information for a system. This includes IP, subnet, gateway, MAC, and DNS server address.

Question 58

Command so show content of DNS cache

Answer 58

ipconfig /displaydns

Question 59

Command to erase contents of the DNS cache

Answer 59

ipconfig /flushdns

Question 60

Non-promiscuous mode

Answer 60

Normal function of NIC where it only processes packets addressed directly to its IP address.

Question 61

Promiscuous mode

Answer 61

NIC processes all packets regardless of the IP address.

Question 62

Which command is replacing ifconfig

Answer 62

ip command

Question 63

ipconfig vs ifconfig

Answer 63

ifconfig can manipulate the settings on the network interfaces.

Question 64

How to enable promiscuous mode

Answer 64

ifconfig command

Question 65

Command to view and manipulate NIC settings

Answer 65

ip command

Question 66

Netstat

Answer 66

Allows you to view statistics for TCP/IP protocols on a system. Can also view active TCP/IP network connections.

Question 67

Command to display all TCP/UDP ports that a a system is listening on

Answer 67

Netstat -a

Question 68

Command to display the routing table

Answer 68

Netstat -r

Question 69

ESTABLISHED

Answer 69

Normal state for the data transfer phase of a connection. Indicates an active open connection.

Question 70

LISTEN

Answer 70

System is waiting for a connection request.

Question 71

CLOSE_WAIT

Answer 71

Indicates the system is waiting for a connection termination request

Question 72

TIME_WAIT

Answer 72

Indicates the system is waiting for enough time to pass to be sure the remote system received a TCP-based acknowledgment of the connection.

Question 73

SYN_SENT

Answer 73

Indicates the systems sent a TCP SYN (synchronize) packet as the first part of the SYN, SYN-ACK (synchronize-acknowledge), ACK (acknowledge) handshake process and it is waiting for the SYN-ACK response

Question 74

SYN_RECEIVED

Answer 74

This indicates the system sent a TCP SYN-ACK packet after receiving a SYN packet as the first part of the SYN, SYN-ACK, ACK handshake process.

Question 75

Tracert

Answer 75

Lists the routers between two systems. Identifies faulty routers and where traffic stops.

Question 76

ARP

Answer 76

resolves IP addresses to MAC addresses and stores the result in the ARP cache.