Chapter 1 Mastering Security Basics Flashcards
A ___ _____ describes a goal that an organization wants to achieve.
Use case
True or False : A common naming strategy for a use case is in the verb-noun format.
True
List some elements of a use case
- Actors
- Preconditions - must occur before the process can begin
- Trigger - what starts a use case
- Postconditions - occurs after the process is triggered
- Normal flow
- Alternate flow
True or False : A common use case that any organization has is to support confidentiality.
True
_________ prevents the unauthorized disclosure of data.
Confidentiality
_________ scrambles data to make it unreadable by unauthorized personnel.
Encryption
True or False : Identification, authentication, and authorization combined provide access controls and help ensure that only authorized personnel can access data.
True
List the key elements of access control
- Identification
- Authentication
- Authorization
True or False : Another method you can use for confidentiality is steganography.
True
_________ obscures the data and can be used in a use case to support obfuscation.
Steganography
True or False : Many people refer to steganography as hiding data in plain sight.
True
________ provides assurances that data has not changed.
Integrity
True or False : You can use hashing techniques to enforce integrity.
True
A ____ is simply a number created by executing a hashing algorithm against data, such as a file or message.
Hash
True or False : If the data never changes, the resulting hash will always be the same.
True
List three different meanings for MAC
- Media Address Control - physical address assigned to NICs (burned in address)
- Mandatory Access Control - access control model
- Message Authentication Code - provides integrity similar to hash
True or False : Two key concepts related to integrity are:
- Integrity provides assurances that data has not been modified, tampered with, or corrupted.
- Hashing verifies integrity.
True
True or False : Digital signatures require the use of certificates and a Public Key Infrastructure (PKI). Certificates include keys used for encryption and the PKI provides the means to create, manage, and distribute certificates.
True
__________ indicates that data and services are available when needed.
Availability
True or False : Organizations commonly implement redundancy and fault-tolerant methods to ensure high levels of availability for key systems.
True
_________ adds duplication to critical systems and provides fault tolerance.
Redundancy
True or False : If a critical component has a fault, the duplication provided by the redundancy allows the service to continue without interruption.
True
A common goal of fault tolerance and redundancy techniques is to remove each ______ _____ __ ________
Single point of failure (SPOF).
True or False : Availability ensures that systems are up and operational when needed and often addresses single points of failure. You can increase availability by adding fault tolerance and redundancies, such as RAID, failover clusters, backups, and generators. HVAC systems also increase availability.
True
Another method of ensuring systems stay available is with _______.
Patching
One of the basic goals of implementing IT security is to reduce ____.
Risk
____ is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss.
Risk
A ______ is any circumstance or event that has the potential to compromise confidentiality, integrity, or availability.
Threat
A __________ is a weakness.
Vulnerability
A _______ _______ is an adverse event or series of events that can negatively affect the confidentiality, integrity, or availability of an organization’s information technology (IT) systems and data.
Security incident
Risk __________ reduces the chances that a threat will exploit a vulnerability.
Mitigation
True or False : You can’t prevent most threats.
True
List control types in CompTIA objectives
- Technical controls
- Administrative controls
- Physical controls
- Preventive controls - attempt to prevent an incident from occurring
- Detective controls - detect incidents after they have occurred
- Corrective controls
- Deterrent controls - attempt to discourage individuals from causing an incident
- Compensating controls - alternative controls used when a primary control is not feasible
True or False : Most security controls can be classified as technical (implemented with technology), administrative (implemented using administrative or management methods), or physical (items you can touch).
True
_______ controls use technology to reduce vulnerabilities.
Technical
List a few examples of technical controls
- Encryption
- Antivirus software
- Intrusion detection systems (IDS) and intrusion prevention systems (IPS)
- Firewalls
- Least privilege
True or False : Technical controls use technology to reduce vulnerabilities. Some examples include encryption, antivirus software, IDSs, IPSs, firewalls, and the principle of least privilege. Technical physical security and environmental controls include motion detectors and fire suppression systems.
True
__________ controls use methods mandated by organizational policies or other guidelines.
Administrative
List some common administrative controls
- Risk assessments
- Vulnerability assessments
- Penetration tests
True or False : Many administrative controls are also known as operational or management controls.
True
True or False : Operational controls include the following families:
- Awareness training
- Configuration and change management
- Contingency planning
- Media protection
- Physical and environmental protection
True
_______ controls are any controls that you can physically touch.
Physical
True or False : A fire suppression system is a physical security control because you can touch it. However, it’s also a technical control because it uses technologies to detect, suppress, or extinguish fires.
True
True or False : Another way of classifying security controls is based on their goals in relationship to security incidents. Some common classifications are preventive, detective, corrective, deterrent, and compensating. The following sections describe them in more depth.
True
The primary goal of _________ controls—to prevent security incidents.
Preventive
List some examples of preventive controls
- Hardening - making a system more secure than its default configuration
- Security awareness and training
- Security guards
- Change management
- Account disablement policy
True or False : Preventive controls attempt to prevent security incidents. Hardening systems increases their basic configuration to prevent incidents. Security guards can prevent unauthorized personnel from entering a secure area. Change management processes help prevent outages from configuration changes. An account disablement policy ensures that accounts are disabled when a user leaves the organization.
True
________ controls attempt to detect when vulnerabilities have been exploited, resulting in a security incident.
Detective
List some examples of detective controls
- Log monitoring
- Trend analysis
- Security audit
- Video surveillance
- Motion detection
True or False : A detective control can predict when an incident will occur and it can prevent it.
False
It can’t predict nor prevent an incident
__________ controls attempt to reverse the impact of an incident or problem after it has occurred.
Corrective
An _______ _______ ______ attempts to detect attacks and then modify the environment to block the attack from continuing.
Intrusion prevention system (IPS)
_______ ensure that personnel can recover data if it is lost or corrupted.
Backups
System _______ procedures ensure administrators can recover a system after a failure.
Recovery
________ controls attempt to discourage a threat.
Deterrent
True or False : You can often describe many deterrent controls as preventive controls.
True
True or False :
Some physical security controls to deter threats are:
- Cable locks
- Hardware locks
True
_____________ controls are alternative controls used instead of a primary control.
Compensating
True or False : Control types (technical, administrative, and physical) and control goals (preventive, detective, corrective, deterrent, and compensating) are not mutually exclusive. In other words, you can describe most controls using more than one category.
True
___________ allows you to host one or more virtual systems, or virtual machines (VMs), on a single physical system.
Virtualization
The software that creates, runs, and manages the VMs is the ________.
Hypervisor
The physical system hosting the VMs is the ____.
Host
Operating systems running on the host system are _____ or ____ machines.
Guests or guest
True or False : Elasticity and scalability refer to the ability to resize computing capacity based on the load.
True
Type ___ hypervisors run directly on the system hardware.
One
Type___ hypervisors run as software within a host operating system.
Two
True or False : Application cell virtualization or container virtualization runs services or applications within isolated application cells (or containers).
True
True or False : A benefit of container virtualization is that it uses fewer resources and can be more efficient than a system using a traditional Type II hypervisor virtualization.
True
One drawback is that containers must use the operating system of the ____.
Host
A _______ provides you with a copy of the VM at a moment in time, which you can use as a backup.
Snapshot
True or False : After taking a snapshot, the hypervisor keeps a record of all changes to the VM. If the VM develops a problem, you can revert the VM to the state it was in when you took the snapshot.
True
True or False : Risky operations include applying patches or updates, testing security controls, and installing new applications.
True
In a virtual desktop infrastructure (VDI) or virtual desktop environment (VDE), a user’s _____ ________ ______ runs as a VM on a server.
Desktop operating system
A primary consideration when running virtual desktops is whether they will support _________ or ___-________.
Persistence or non-persistence
True or False : In a persistent vde users each have a custom desktop. In a non-persistent vde users use a single desktop configuration that reverts back to pre-configuration each time they log off.
True
True or False: VMs are files
True
__ _____ is an attack that allows an attacker to access the host system from within the virtual system.
VM escape
True or False : Most virtual systems run on a physical server with elevated privileges, similar to administrator privileges. A successful VM escape attack often gives the attacker unlimited control over the host system and each virtual system within the host.
True
__ ______ occurs when an organization has many VMs that aren’t managed properly.
VM sprawl
True or False : VM Sprawl increases vulnerability risk and mismanaged resources
True
True or False : Linux is a version of Unix and commands that can be run in a Unix terminal can also be run in a Linux terminal.
True
True or False : Most Windows commands are not case sensitive.
True
True or False : Linux commands are case sensitive
True
____ is a basic command used to test connectivity for remote systems. You can also use it to verify a system can resolve valid host names to IP addresses, test the NIC, and check the security posture of a network.
Ping
True or False : The ping command checks connectivity by sending Internet Control Message Protocol (ICMP) echo request packets. Remote systems answer with ICMP echo reply packets and if you receive echo replies, you know that the remote system is operational.
True
True or False : You can ping the host name of a remote system and verify that name resolution is working.
True
True or False : To protect systems, firewalls commonly block ICMP traffic to prevent these attacks from succeeding.
True
True or False : You can use ping to simulate an attack from a couple of computers to repeatedly send ping requests. If the IPS is working, it will block these attacks and the pings will stop receiving replies.
True
The _______ command (short for Internet Protocol configuration) shows the Transmission Control Protocol/Internet Protocol (TCP/IP) configuration information for a system. This includes items such as the computer’s IP address, subnet mask, default gateway, MAC address, and the address of a Domain Name System (DNS) server.
ipconfig/ifconfig
True or False : Common ipconfig/ifconfig commands
- ipconfig
- ipconfig /all
- ipconfig /displaydns
- ipconfig /flushdns
- ifconfig eth0
- ifconfig eth0 promisc - enables promiscuous mode. allows a NIC to process all traffic it receives
- ifconfig eth0 allmulti - enables multicast mode and allows to process all multicast traffic received
True
True or False : Instead of ifconfig Linux devs recommend using ip command
True
ifconfig was deprecated in 2009 for Debian distros
- ip link show - shows the interfaces along with some details
- ip link set eth0 up - enables a network interface
- ip -s link - shows stats on the network interfaces
The _____ command (short for network statistics) allows you to view statistics for TCP/IP protocols on a system.
Netstat
True or False : Some of the common commands you can use with netstat are:
• Netstat. Displays a listing of all open TCP connections.
• Netstat -a. Displays a listing of all TCP and User Datagram Protocol (UDP) ports that a system is listening on, in addition to all open connections. This listing includes the IP address followed by a colon and the port number, and you can use the port number to identify protocols. As an example, if you see an IP address followed by :80, it indicates the system is listening on the default port of 80 for HTTP. This indicates this system is likely a web server.
• Netstat –r. Displays the routing table.
• Netstat -e. Displays details on network statistics, including how many bytes the system sent and received. • Netstat -s. Displays statistics of packets sent or received for specific protocols, such as IP, ICMP, TCP, and UDP.
• Netstat -n. Displays addresses and port numbers in numerical order. This can be useful if you’re looking for information related to a specific IP address or a specific port.
• Netstat -p protocol. Shows statistics on a specific protocol, such as TCP or UDP. For example, you could use netstat -p tcp to show only TCP statistics.
True
True or False :
Some of the common states are:
• ESTABLISHED. This is the normal state for the data transfer phase of a connection. It indicates an active open connection.
• LISTEN. This indicates the system is waiting for a connection request. The well-known port a system is listening on indicates the protocol.
• CLOSE_WAIT. This indicates the system is waiting for a connection termination request.
• TIME_WAIT. This indicates the system is waiting for enough time to pass to be sure the remote system received a TCP-based acknowledgment of the connection.
• SYN_SENT. This indicates the system sent a TCP SYN (synchronize) packet as the first part of the SYN, SYN-ACK (synchronize-acknowledge), ACK (acknowledge) handshake process and it is waiting for the SYN-ACK response.
• SYN_RECEIVED. This indicates the system sent a TCP SYNACK packet after receiving a SYN packet as the first part of the SYN, SYN-ACK, ACK handshake process. It is waiting for the ACK response to establish the connection. An excessive number of SYN_RECEIVED states indicate a SYN attack where an attacker is flooding a system with SYN packets but never finalizes the connection with ACK packets.
True
The _____ command lists the routers between two systems. In this context, each router is referred to as a hop.
tracert
True or False : Network administrators typically use tracert to identify faulty routers on the network.
True
What does RTT stand for?
Round trip time
___ is a command-line tool that is related to the Address Resolution Protocol (ARP) but is not the same. It resolves IP addresses to MAC addresses and stores the result in the ARP cache.
Arp