Chapter 1 Mastering Security Basics

Question 1

A ___ _____ describes a goal that an organization wants to achieve.

Answer 1

Use case

Question 2

True or False : A common naming strategy for a use case is in the verb-noun format.

Answer 2

True

Question 3

List some elements of a use case

Answer 3

1. Actors
2. Preconditions - must occur before the process can begin
3. Trigger - what starts a use case
4. Postconditions - occurs after the process is triggered
5. Normal flow
6. Alternate flow

Question 4

True or False : A common use case that any organization has is to support confidentiality.

Answer 4

True

Question 5

_________ prevents the unauthorized disclosure of data.

Answer 5

Confidentiality

Question 6

_________ scrambles data to make it unreadable by unauthorized personnel.

Answer 6

Encryption

Question 7

True or False : Identification, authentication, and authorization combined provide access controls and help ensure that only authorized personnel can access data.

Answer 7

True

Question 8

List the key elements of access control

Answer 8

1. Identification
2. Authentication
3. Authorization

Question 9

True or False : Another method you can use for confidentiality is steganography.

Answer 9

True

Question 10

_________ obscures the data and can be used in a use case to support obfuscation.

Answer 10

Steganography

Question 11

True or False : Many people refer to steganography as hiding data in plain sight.

Answer 11

True

Question 12

________ provides assurances that data has not changed.

Answer 12

Integrity

Question 13

True or False : You can use hashing techniques to enforce integrity.

Answer 13

True

Question 14

A ____ is simply a number created by executing a hashing algorithm against data, such as a file or message.

Answer 14

Hash

Question 15

True or False : If the data never changes, the resulting hash will always be the same.

Answer 15

True

Question 16

List three different meanings for MAC

Answer 16

1. Media Address Control - physical address assigned to NICs (burned in address)
2. Mandatory Access Control - access control model
3. Message Authentication Code - provides integrity similar to hash

Question 17

True or False : Two key concepts related to integrity are:

1. Integrity provides assurances that data has not been modified, tampered with, or corrupted.
2. Hashing verifies integrity.

Answer 17

True

Question 18

True or False : Digital signatures require the use of certificates and a Public Key Infrastructure (PKI). Certificates include keys used for encryption and the PKI provides the means to create, manage, and distribute certificates.

Answer 18

True

Question 19

__________ indicates that data and services are available when needed.

Answer 19

Availability

Question 20

True or False : Organizations commonly implement redundancy and fault-tolerant methods to ensure high levels of availability for key systems.

Answer 20

True

Question 21

_________ adds duplication to critical systems and provides fault tolerance.

Answer 21

Redundancy

Question 22

True or False : If a critical component has a fault, the duplication provided by the redundancy allows the service to continue without interruption.

Answer 22

True

Question 23

A common goal of fault tolerance and redundancy techniques is to remove each ______ _____ __ ________

Answer 23

Single point of failure (SPOF).

Question 24

True or False : Availability ensures that systems are up and operational when needed and often addresses single points of failure. You can increase availability by adding fault tolerance and redundancies, such as RAID, failover clusters, backups, and generators. HVAC systems also increase availability.

Answer 24

True

Question 25

Another method of ensuring systems stay available is with _______.

Answer 25

Patching

Question 26

One of the basic goals of implementing IT security is to reduce ____.

Answer 26

Risk

Question 27

____ is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss.

Answer 27

Risk

Question 28

A ______ is any circumstance or event that has the potential to compromise confidentiality, integrity, or availability.

Answer 28

Threat

Question 29

A __________ is a weakness.

Answer 29

Vulnerability

Question 30

A _______ _______ is an adverse event or series of events that can negatively affect the confidentiality, integrity, or availability of an organization’s information technology (IT) systems and data.

Answer 30

Security incident

Question 31

Risk __________ reduces the chances that a threat will exploit a vulnerability.

Answer 31

Mitigation

Question 32

True or False : You can’t prevent most threats.

Answer 32

True

Question 33

List control types in CompTIA objectives

Answer 33

1. Technical controls
2. Administrative controls
3. Physical controls
4. Preventive controls - attempt to prevent an incident from occurring
5. Detective controls - detect incidents after they have occurred
6. Corrective controls
7. Deterrent controls - attempt to discourage individuals from causing an incident
8. Compensating controls - alternative controls used when a primary control is not feasible

Question 34

True or False : Most security controls can be classified as technical (implemented with technology), administrative (implemented using administrative or management methods), or physical (items you can touch).

Answer 34

True

Question 35

_______ controls use technology to reduce vulnerabilities.

Answer 35

Technical

Question 36

List a few examples of technical controls

Answer 36

1. Encryption
2. Antivirus software
3. Intrusion detection systems (IDS) and intrusion prevention systems (IPS)
4. Firewalls
5. Least privilege

Question 37

True or False : Technical controls use technology to reduce vulnerabilities. Some examples include encryption, antivirus software, IDSs, IPSs, firewalls, and the principle of least privilege. Technical physical security and environmental controls include motion detectors and fire suppression systems.

Answer 37

True

Question 38

__________ controls use methods mandated by organizational policies or other guidelines.

Answer 38

Administrative

Question 39

List some common administrative controls

Answer 39

1. Risk assessments
2. Vulnerability assessments
3. Penetration tests

Question 40

True or False : Many administrative controls are also known as operational or management controls.

Answer 40

True

Question 41

True or False : Operational controls include the following families:

1. Awareness training
2. Configuration and change management
3. Contingency planning
4. Media protection
5. Physical and environmental protection

Answer 41

True

Question 42

_______ controls are any controls that you can physically touch.

Answer 42

Physical

Question 43

True or False : A fire suppression system is a physical security control because you can touch it. However, it’s also a technical control because it uses technologies to detect, suppress, or extinguish fires.

Answer 43

True

Question 44

True or False : Another way of classifying security controls is based on their goals in relationship to security incidents. Some common classifications are preventive, detective, corrective, deterrent, and compensating. The following sections describe them in more depth.

Answer 44

True

Question 45

The primary goal of _________ controls—to prevent security incidents.

Answer 45

Preventive

Question 46

List some examples of preventive controls

Answer 46

1. Hardening - making a system more secure than its default configuration
2. Security awareness and training
3. Security guards
4. Change management
5. Account disablement policy

Question 47

True or False : Preventive controls attempt to prevent security incidents. Hardening systems increases their basic configuration to prevent incidents. Security guards can prevent unauthorized personnel from entering a secure area. Change management processes help prevent outages from configuration changes. An account disablement policy ensures that accounts are disabled when a user leaves the organization.

Answer 47

True

Question 48

________ controls attempt to detect when vulnerabilities have been exploited, resulting in a security incident.

Answer 48

Detective

Question 49

List some examples of detective controls

Answer 49

1. Log monitoring
2. Trend analysis
3. Security audit
4. Video surveillance
5. Motion detection

Question 50

True or False : A detective control can predict when an incident will occur and it can prevent it.

Answer 50

False

It can’t predict nor prevent an incident

Question 51

__________ controls attempt to reverse the impact of an incident or problem after it has occurred.

Answer 51

Corrective

Question 52

An _______ _______ ______ attempts to detect attacks and then modify the environment to block the attack from continuing.

Answer 52

Intrusion prevention system (IPS)

Question 53

_______ ensure that personnel can recover data if it is lost or corrupted.

Answer 53

Backups

Question 54

System _______ procedures ensure administrators can recover a system after a failure.

Answer 54

Recovery

Question 55

________ controls attempt to discourage a threat.

Answer 55

Deterrent

Question 56

True or False : You can often describe many deterrent controls as preventive controls.

Answer 56

True

Question 57

True or False :
Some physical security controls to deter threats are:

1. Cable locks
2. Hardware locks

Answer 57

True

Question 58

_____________ controls are alternative controls used instead of a primary control.

Answer 58

Compensating

Question 59

True or False : Control types (technical, administrative, and physical) and control goals (preventive, detective, corrective, deterrent, and compensating) are not mutually exclusive. In other words, you can describe most controls using more than one category.

Answer 59

True

Question 60

___________ allows you to host one or more virtual systems, or virtual machines (VMs), on a single physical system.

Answer 60

Virtualization

Question 61

The software that creates, runs, and manages the VMs is the ________.

Answer 61

Hypervisor

Question 62

The physical system hosting the VMs is the ____.

Answer 62

Host

Question 63

Operating systems running on the host system are _____ or ____ machines.

Answer 63

Guests or guest

Question 64

True or False : Elasticity and scalability refer to the ability to resize computing capacity based on the load.

Answer 64

True

Question 65

Type ___ hypervisors run directly on the system hardware.

Answer 65

One

Question 66

Type___ hypervisors run as software within a host operating system.

Answer 66

Two

Question 67

True or False : Application cell virtualization or container virtualization runs services or applications within isolated application cells (or containers).

Answer 67

True

Question 68

True or False : A benefit of container virtualization is that it uses fewer resources and can be more efficient than a system using a traditional Type II hypervisor virtualization.

Answer 68

True

Question 69

One drawback is that containers must use the operating system of the ____.

Answer 69

Host

Question 70

A _______ provides you with a copy of the VM at a moment in time, which you can use as a backup.

Answer 70

Snapshot

Question 71

True or False : After taking a snapshot, the hypervisor keeps a record of all changes to the VM. If the VM develops a problem, you can revert the VM to the state it was in when you took the snapshot.

Answer 71

True

Question 72

True or False : Risky operations include applying patches or updates, testing security controls, and installing new applications.

Answer 72

True

Question 73

In a virtual desktop infrastructure (VDI) or virtual desktop environment (VDE), a user’s _____ ________ ______ runs as a VM on a server.

Answer 73

Desktop operating system

Question 74

A primary consideration when running virtual desktops is whether they will support _________ or ___-________.

Answer 74

Persistence or non-persistence

Question 75

True or False : In a persistent vde users each have a custom desktop. In a non-persistent vde users use a single desktop configuration that reverts back to pre-configuration each time they log off.

Answer 75

True

Question 76

True or False: VMs are files

Answer 76

True

Question 77

__ _____ is an attack that allows an attacker to access the host system from within the virtual system.

Answer 77

VM escape

Question 78

True or False : Most virtual systems run on a physical server with elevated privileges, similar to administrator privileges. A successful VM escape attack often gives the attacker unlimited control over the host system and each virtual system within the host.

Answer 78

True

Question 79

__ ______ occurs when an organization has many VMs that aren’t managed properly.

Answer 79

VM sprawl

Question 80

True or False : VM Sprawl increases vulnerability risk and mismanaged resources

Answer 80

True

Question 81

True or False : Linux is a version of Unix and commands that can be run in a Unix terminal can also be run in a Linux terminal.

Answer 81

True

Question 82

True or False : Most Windows commands are not case sensitive.

Answer 82

True

Question 83

True or False : Linux commands are case sensitive

Answer 83

True

Question 84

____ is a basic command used to test connectivity for remote systems. You can also use it to verify a system can resolve valid host names to IP addresses, test the NIC, and check the security posture of a network.

Answer 84

Ping

Question 85

True or False : The ping command checks connectivity by sending Internet Control Message Protocol (ICMP) echo request packets. Remote systems answer with ICMP echo reply packets and if you receive echo replies, you know that the remote system is operational.

Answer 85

True

Question 86

True or False : You can ping the host name of a remote system and verify that name resolution is working.

Answer 86

True

Question 87

True or False : To protect systems, firewalls commonly block ICMP traffic to prevent these attacks from succeeding.

Answer 87

True

Question 88

True or False : You can use ping to simulate an attack from a couple of computers to repeatedly send ping requests. If the IPS is working, it will block these attacks and the pings will stop receiving replies.

Answer 88

True

Question 89

The _______ command (short for Internet Protocol configuration) shows the Transmission Control Protocol/Internet Protocol (TCP/IP) configuration information for a system. This includes items such as the computer’s IP address, subnet mask, default gateway, MAC address, and the address of a Domain Name System (DNS) server.

Answer 89

ipconfig/ifconfig

Question 90

True or False : Common ipconfig/ifconfig commands

1. ipconfig
2. ipconfig /all
3. ipconfig /displaydns
4. ipconfig /flushdns
5. ifconfig eth0
6. ifconfig eth0 promisc - enables promiscuous mode. allows a NIC to process all traffic it receives
7. ifconfig eth0 allmulti - enables multicast mode and allows to process all multicast traffic received

Answer 90

True

Question 91

True or False : Instead of ifconfig Linux devs recommend using ip command

Answer 91

True
ifconfig was deprecated in 2009 for Debian distros

1. ip link show - shows the interfaces along with some details
2. ip link set eth0 up - enables a network interface
3. ip -s link - shows stats on the network interfaces

Question 92

The _____ command (short for network statistics) allows you to view statistics for TCP/IP protocols on a system.

Answer 92

Netstat

Question 93

True or False : Some of the common commands you can use with netstat are:
• Netstat. Displays a listing of all open TCP connections.
• Netstat -a. Displays a listing of all TCP and User Datagram Protocol (UDP) ports that a system is listening on, in addition to all open connections. This listing includes the IP address followed by a colon and the port number, and you can use the port number to identify protocols. As an example, if you see an IP address followed by :80, it indicates the system is listening on the default port of 80 for HTTP. This indicates this system is likely a web server.
• Netstat –r. Displays the routing table.
• Netstat -e. Displays details on network statistics, including how many bytes the system sent and received. • Netstat -s. Displays statistics of packets sent or received for specific protocols, such as IP, ICMP, TCP, and UDP.
• Netstat -n. Displays addresses and port numbers in numerical order. This can be useful if you’re looking for information related to a specific IP address or a specific port.
• Netstat -p protocol. Shows statistics on a specific protocol, such as TCP or UDP. For example, you could use netstat -p tcp to show only TCP statistics.

Answer 93

True

Question 94

True or False :

Some of the common states are:
• ESTABLISHED. This is the normal state for the data transfer phase of a connection. It indicates an active open connection.
• LISTEN. This indicates the system is waiting for a connection request. The well-known port a system is listening on indicates the protocol.
• CLOSE_WAIT. This indicates the system is waiting for a connection termination request.
• TIME_WAIT. This indicates the system is waiting for enough time to pass to be sure the remote system received a TCP-based acknowledgment of the connection.
• SYN_SENT. This indicates the system sent a TCP SYN (synchronize) packet as the first part of the SYN, SYN-ACK (synchronize-acknowledge), ACK (acknowledge) handshake process and it is waiting for the SYN-ACK response.
• SYN_RECEIVED. This indicates the system sent a TCP SYNACK packet after receiving a SYN packet as the first part of the SYN, SYN-ACK, ACK handshake process. It is waiting for the ACK response to establish the connection. An excessive number of SYN_RECEIVED states indicate a SYN attack where an attacker is flooding a system with SYN packets but never finalizes the connection with ACK packets.

Answer 94

True

Question 95

The _____ command lists the routers between two systems. In this context, each router is referred to as a hop.

Answer 95

tracert

Question 96

True or False : Network administrators typically use tracert to identify faulty routers on the network.

Answer 96

True

Question 97

What does RTT stand for?

Answer 97

Round trip time

Question 98

___ is a command-line tool that is related to the Address Resolution Protocol (ARP) but is not the same. It resolves IP addresses to MAC addresses and stores the result in the ARP cache.

Answer 98

Arp