Chapter 1: Mastering Security Basics

Question 1

A use case

Answer 1

helps professionals identify and clarify requirements to achieve a goal.

Question 2

Confidentiality ensures

Answer 2

that data is only viewable by authorized users. Encryption is the best choice to provide confidentiality. Access controls also protect the confidentiality of data.

Question 3

Steganography

Answer 3

(hiding data inside other data) is one method of supporting obfuscation by making the hidden data harder to see.

Question 4

Integrity

Answer 4

provides assurances that data has not been modified, tampered with, or corrupted through unauthorized or unintended changes. Data can be a message, a file, or data within a database. Hashing is a common method of ensuring integrity.

Question 5

Non-repudiation

Answer 5

prevents entities from denying they took an action. Digital signatures and audit logs provide non-repudiation. Digital signatures also provide integrity for files and email.

Question 6

Availability

Answer 6

ensures that data and services are available when needed. A common goal is to remove single points of failure. Methods used to increase or maintain availability include fault tolerance, failover clusters, load balancing, backups, virtualization, HVAC systems, and generators.

Question 7

Risk

Answer 7

the possibility of a threat exploiting a vulnerability and resulting in a loss.

Question 8

A threat

Answer 8

is any circumstance or event that has the potential to compromise confidentiality, integrity, or availability.

Question 9

A vulnerability

Answer 9

is a weakness. It can be a weakness in the hardware, software, configuration, or users operating the system.

Question 10

Risk mitigation

Answer 10

reduces risk by reducing the chances that a threat will exploit a vulnerability or by reducing the impact of the risk.

Question 11

Security controls

Answer 11

reduce risks. For example, antivirus software is a security control that reduces the risk of virus infection.

Question 12

The three primary security control types are

Answer 12

technical (implemented with technology), administrative (using administrative or management methods), and physical (using controls that you can physically touch).

Question 13

A technical control is

Answer 13

one that uses technology to reduce vulnerabilities. Encryption, antivirus software, IDSs, firewalls, and the principle of least privilege are technical controls.

Question 14

Administrative controls are

Answer 14

primarily administrative and include items such as risk and vulnerability assessments. Some administrative controls help ensure that day-to-day operations of an organization comply with their overall security plan. Some examples include security awareness and training, configuration management, and change management.

Question 15

Preventive controls

Answer 15

attempt to prevent security incidents. Examples include system hardening, user training, guards, change management, and account disablement policies.

Question 16

Detective controls

Answer 16

attempt to detect when a vulnerability has been exploited. Examples include log monitoring, trend analysis, security audits (such as a periodic review of user rights), video surveillance systems, and motion detection systems.

Question 17

Corrective controls

Answer 17

attempt to reverse the impact of an incident or problem after it has occurred. Examples include intrusion prevention systems (IPSs), backups, and system recovery plans.

Question 18

Deterrent controls

Answer 18

attempt to prevent incidents by discouraging threats.

Question 19

Compensating controls

Answer 19

are alternative controls used when it isn’t feasible or possible to use the primary control.

Question 20

Virtualization

Answer 20

allows multiple servers to operate on a single physical host. They provide increased availability with various tools such as snapshots and easy restoration.

Question 21

Type I hypervisors

Answer 21

run directly on the system hardware. They are often called bare-metal hypervisors because they don’t need to run within an operating system.

Question 22

Type II hypervisors

Answer 22

run as software within a host operating system.

Question 23

Container virtualization

Answer 23

is a specialized version of a Type II hypervisor. It allows services or applications to run within their own isolated cells or containers. Containers don’t have a full operating system but instead use the kernel of the host.

Question 24

Snapshots

Answer 24

capture the state of a VM at a moment in time. Administrators often take a snapshot before performing a risky operation. If necessary, they can revert the VM to the snapshot state.

Question 25

VM sprawl

Answer 25

can occur if personnel within the organization don’t manage the VMs.

Question 26

VM escape attacks

Answer 26

allow an attacker to access the host system from the VM. The primary protection is to keep the host and guests up to date with current patches.

Question 27

You run command-line tools in

Answer 27

the Command Prompt window (in Windows) and the terminal (in Linux).

Question 28

The ping command can be used to

Answer 28

check connectivity; check name resolution; and verify that routers, firewalls, and intrusion prevention systems block ICMP.

Question 29

The ipconfig command on Windows allows you to

Answer 29

view the configuration of network interfaces.

Question 30

Linux uses ifconfig and/or ip to

Answer 30

view and manipulate the configuration of network interfaces. You can enable promiscuous mode on a NIC with ifconfig.

Question 31

Netstat allows you to

Answer 31

view statistics for TCP/IP protocols and view all active network connections. This can be useful if you suspect malware is causing a computer to connect with a remote computer.

Question 32

Tracert

Answer 32

lists the routers (also called hops) between two systems. It can be used to verify a path has not changed.

Question 33

The arp command allows you to

Answer 33

view and manipulate the ARP cache. This can be useful if you suspect a system’s ARP cache has been modified during an attack.