Chapter 2 Flashcards
- List three elements to identify when evaluating access control attacks.
Assets, threats, and vulnerabilities should be identified through asset valuation, threat modeling, and vulnerability analysis.
- Name at least three types of attacks used to discover passwords.
Brute-force attacks, dictionary attacks, sniffer attacks, rainbow table attacks, and social engineering attacks are all methods used to discover passwords.
- Describe the relationship between auditing and audit trails.
Auditing is a methodical examination or review of an environment and encompasses a wide variety of different activities to ensure compliance with regulations and to detect abnormalities, unauthorized occurrences, or outright crimes.
Audit trails provide the data that supports such examination or review and essentially are what make auditing and subsequent detection of attacks and misbehavior possible.
- What should an organization do to verify that accounts are managed properly?
Organizations should regularly perform access reviews and audits. These can detect when an organization is not following its own policies and procedures related to account management.
1. When an organization is attempting to identify risks, what should they identify first? A. Assets B. Threats C. Vulnerabilities D. Public attacks
A. An organization must first identify the value of assets when identifying risks so that they can focus on risks to their most valuable assets.
2. What would an organization do to identify weaknesses? A. Asset valuation B. Threat modeling C. Vulnerability analysis D. Access review
C. A vulnerability analysis identifies weaknesses and can include periodic vulnerability scans and penetration tests.
- Which of the following is not a valid measure to take to improve protection against brute-force and dictionary attacks?
A. Enforce strong passwords through a security policy.
B. Maintain strict control over physical access.
C. Require all users to log in remotely.
D. Use two-factor authentication.
C. Requiring users to log in remotely does not protect against password attacks such as brute-force or dictionary attacks
4. What type of attack can detect passwords sent across a network in cleartext? A. Spoofing attack B. Spamming attack C. Sniffing attack D. Side-channel attack
C. A sniffing attack uses a sniffer (also called a packet analyzer or protocol analyzer) to capture data and can be used to read passwords sent across a network in cleartext.
5. Which of the following can help mitigate the success of an online brute-force attack? A. Rainbow table B. Account lockout C. Salting passwords D. Encryption of password
B. An account lockout policy will prevent someone from logging into an account after they have entered an incorrect password too many times.
6. What is an attack that attempts to detect flaws in smart cards? A. Whaling B. Side-channel attack C. Brute-force D. Rainbow table attack
B. A side-channel attack is a passive, noninvasive attack to observe the operation of a device. Methods include power monitoring, timing, and fault analysis attacks.
7. What type of attack uses email and attempts to trick high-level executives? A. Phishing B. Spear phishing C. Whaling D. Vishing
C. Whaling is a form of phishing that targets high-level executives. Spear phishing targets a specific group of people but not necessarily high-level executives
8. What provides data for recreating the history of an event, intrusion, or system failure? A. Security policies B. Log files C. Audit reports D. Business continuity planning
B. Log files provide an audit trail for recreating the history of an event, intrusion, or system failure. An audit trail includes log files and can reconstruct an event, extract information about an incident, and prove or disprove culpability.
9. What can be used to reduce the amount of logged or audited data using nonstatistical methods? A. Clipping levels B. Sampling C. Log analysis D. Alarm triggers
A. Clipping is a form of nonstatistical sampling that reduces the amount of logged data based on a clipping-level threshold.
10. Which of the following focuses more on the patterns and trends of data than on the actual content? A. Keystroke monitoring B. Traffic analysis C. Event logging D. Security auditing
B. Traffic analysis focuses more on the patterns and trends of data rather than the actual content. Keystroke monitoring records specific keystrokes to capture data. Event logging logs specific events to record data. Security auditing records security events and/or reviews logs to detect security incidents.
11. What is used to keep subjects accountable for their actions while they are authenticated to a system? A. Authentication B. Monitoring C. Account lockout D. User entitlement reviews
B. Accountability is maintained by monitoring the activities of subjects and objects as well as core system functions that maintain the operating environment and the security mechanisms.