CompTIA A+ 1201 - 2.0 Security

Question 1

Shadow IT

Answer 1

Shadow IT is any software, hardware or IT resource used on an enterprise network without the IT department’s approval and often without IT’s knowledge or oversight.

Question 2

Share Permissions

Answer 2

Full Control - Change permissions and all else.
Change - Change but not permissions.
Read - Read only.

Question 3

Folder Permissions - Read

Answer 3

View files and subfolders including their attributes, permissions and ownership.

Question 4

Folder Permissions - Write

Answer 4

Create new folders and files, change attributes, view permissions and ownership.

Question 5

Folder Permissions - List

Answer 5

View the names of files and subfolders

Question 6

Folder Permissions - Read & Execute

Answer 6

Pass-through folders for which no permissions are assigned, plus read and list permissions.

Question 7

Folder Permissions - Modify

Answer 7

Includes read/execute and write permissions, as well as the ability to rename and delete the folder.

Question 8

Folder Permissions - Full Control

Answer 8

All previous permissions, plus changing permissions, taking ownership and deleteing files/subfolders.

Question 9

File Permissions - Read

Answer 9

Read the contents of the file and view attributes, ownership and permissions.

Question 10

File Permissions - Write

Answer 10

Overwrite the file and view attributes, ownership and permissions.

Question 11

File Permissions - Read & Execute

Answer 11

Read permissions, plus the ability to run applications.

Question 12

File Permissions - Modify

Answer 12

Includes Read/Execute and Write permissions, as well as the ability to rename and delete the file.

Question 13

File Permissions - Full Control

Answer 13

All previous permissions, plus changing permissions and taking ownership.

Question 14

Windows Server Domain Controller

Answer 14

Any Windows based server that provides domain authentication services (logon services) is reffered to as a Domain Controller.

Question 15

Active Directory Domain Services (ADDS)

Answer 15

The database that contains the users, groups, and computer accounts in a Windows Server Domain.

Question 16

Member Servers

Answer 16

Any server based system that has been configured into the domain, but do not maintain a copy of Active Diretory (Exchange, SQL, Web etc)

Question 17

Organisation Units (OU’s)

Answer 17

In WIndows Active Directory, a way of dividing up the domain into different administrative realms.

Question 18

Logon Script

Answer 18

A file containing commands that run each time a user logs onto a computer to set up the user environment.

Question 19

CIA Triad

Answer 19

Confidentiality - Keeping information and communications private and protected from unauthorized access.

Integrity - Ensuring that data is not altered or tampered with.

Availability - Ensuring that systems operate continuously and that authorized individuals can access what they need.

Question 20

Execution Control (Hardening)

Answer 20

A security technique in which the default configuration of a system is altered to protect the system against attacks.

Question 21

Logical Security

Answer 21

Controls implemented within software to create an access control system. (Firewall etc)

Question 22

Triple A

Answer 22

Authentication - A means to prove identity to computer systems.

Authorization - The process of determining what rights and priveliges a particular entity has.

Accounting - The process of tracking and recording system activities and resource access. (Auditing)

Question 23

Implicit Deny

Answer 23

Unless something has explicitly been granted access, it should be denied access. (You’re not on the list pal)

Question 24

Least Privelige

Answer 24

Something should be allocated the minimum necessary rights, priveliges or information to perform its role.

Question 25

Symmetric Encryption

Answer 25

A fast, light and less intensive form of encryption that uses a single secret key for encryption/decryption.

You need to securely distribute and store the key.

Question 26

Asymmetric Encryption

Answer 26

A slower, more intensive form of encryption that uses 2 keys (public & private) to encrypt/decrypt data.

The public key encrypts the data, and the private key decrypts. Both are mathematically related.

Question 27

RSA Cipher

Answer 27

The first successful algorithm designed for public key encryption, named after its designers - Rivest, Shamir and Adelman.

Question 28

Key Exchange

Answer 28

Two hosts need to know the same symmetric encryption key without any other host finding out what it is.

Question 29

Cryptographic Encryption

Answer 29

A one-way encryption process, from which it is impossible to recover the original data.

Eg; Active Directory stores a hashed copy of your password, which it will match when you input it during logon. Means that your actual password isn’t stored somewhere.

Question 30

SHA-1 & SHA-2

Answer 30

Secure Hashing Algorithm. Utilized during cryptographic encryption to hash data.

Addresses possible weaknesses in the MD5 / MDA

Question 31

MD5 / MDA

Answer 31

Message Digest Algorithm

Used to hash data during cryptographic encryption.

Inferior to SHA-1 & SHA-2

Question 32

Cryptominers

Answer 32

An individual or a group of people that use computers or specialized hardware to participate in blockchain processing to compete for rewards paid in Cryptocurrency.

Question 33

PKI

Answer 33

Public Key Infrastructure

A combination of policies, procedures and technology needed to manage digital certificates in a public key cryptography scheme.

Question 34

CA Server

Answer 34

Certificate of Authority Server.

A server that can issue digital certificates and the associated public/private key pairs.

(Ie; HR gets all the private and public keys associated with their users & machines, so they can communicate securely)

Question 35

Digital Certificate

Answer 35

The X.509 certificate is issued and signed by a CA Server, as a guarantee that the key belongs to the organization that issued it.

Contains a public key that is presented by the logical entity attempting to access system resources and validated by the CA.

(Papers Please)

Question 36

Heuristic Identification

Answer 36

A monitoring technique that allows dynamic pattern matching based on past experience rather than relying on pre-loaded signatures.

An Artificial Intelligence approach to Anti-virus / Anti-malware monitoring that utilizes machine learning to better identify malicious code.

Question 37

NAC

Answer 37

Network Access Control

An umbrella term that relates to the means with which we ensure endpoint security.

Eg; Firewalls, MAC Filtering etc

Question 38

Endpoint

Answer 38

An Endpoint is a remote computing device that communicates back and forth with a network to which it is connected.

Eg; Desktops, Laptops.

Question 39

Health Policy

Answer 39

Policies or profiles describing a minimum security configuration that devices must meet to be granted network access.

Checks for:

• Malware
• Patch Levels
• Personal Firewall Status
• Virus Definitions

(Gonna need to check you before you get in lad)

Question 40

Defense in Depth

Answer 40

Configuring security controls on hosts as well as providing network security, physical security and administrative controls.

Eg; Multiple Firewalls (host/server), MFA

Question 41

Port-based NAC

Answer 41

An IEEE 802.1x standard in which the switch (or router) performs some sort of authentication of the attached device before activating the port.

Question 42

Supplicant

Answer 42

Under 802.1x, the device requesting access to a network.

Question 43

EAPoL

Answer 43

Extensible Authentication Protocol over LAN

Similar to EAP, this is a network authentication protocol developed to give a generic sign on to access network resources.

Question 44

AES Cipher

Answer 44

Advanced Encryption Standard (AES) is a symmetric encryption cipher.

The same key is used to encrypt and decrypt the data in play (messages etc)

Question 45

Phishing

Answer 45

Phishing is when attackers attempt to trick users into doing ‘the wrong thing’, such as clicking a bad link that will download malware, or direct them to a dodgy website.

Question 46

Spoofing

Answer 46

Faking an identity to gain access to data.

Question 47

Spear Phishing

Answer 47

Spear-phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons.

Question 48

Pharming

Answer 48

Online fraud that directs internet users to spoofed websites in order to steal their credentials and data. Will look legitimate, but will not be.

Question 49

Tailgating

Answer 49

Following someone into a restricted area.

Question 50

Footprinting

Answer 50

An information gathering threat, in which the attacker attempts to learn about the configuration of the network and security systems through social engineering or software tools.

Question 51

Network Mapping

Answer 51

Tools used to gather information about the way a network is built, configured and the current status of hosts.

Question 52

Port Scanning

Answer 52

Software that enumerates the status of TCP and UDP ports on a target system. Port scanning can be blocked by some firewalls and IDS (Intrusion Detection System)

Question 53

Eavesdropping

Answer 53

Listening in to communications sent over media - Eavesdropping attacks occur when hackers intercept, delete, or modify data that is transmitted between devices. Also known as sniffing or snooping.

Question 54

MAC Flooding

Answer 54

MAC flooding is a cyberattack that targets network switches on a LAN to try and steal user data, by overloading the switches MAC cache to prevent genuine devices from connecting.

Question 55

ARP Poisoning

Answer 55

ARP Poisoning (also known as ARP Spoofing) is a type of cyber attack carried out over a Local Area Network (LAN) that involves sending malicious ARP packets to a default gateway on a LAN in order to change the pairings in its IP to MAC address table.

Question 56

Address Resolution Protocol

Answer 56

ARP - Port 219

Matches MAC addresses with IP addresses assigned via static/dynamic IP methods.

Question 57

MITM attack

Answer 57

A man-in-the-middle attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.

Question 58

Replay Attack

Answer 58

An attack that involves the capture of transmitted authentication or access control information and its subsequent retransmission with the intent of producing an unauthorized effect or gaining unauthorized access.

Question 59

Mutual Authentication

Answer 59

Mutual authentication is when two sides of a communications channel verify each other’s identity, instead of only one side verifying the other. Mutual authentication is also known as “two-way authentication” because the process goes in both directions.

Question 60

Rainbow Table Attack

Answer 60

A rainbow table attack is a password cracking method that uses a special table (a “rainbow table”) to crack the password hashes in a database.

Question 61

Rainbow Table

Answer 61

A rainbow table is a precomputed table for caching the outputs of a cryptographic hash function, usually for cracking password hashes.

Question 62

Dictionary Attack

Answer 62

A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary as a password. A dictionary attack can also be used in an attempt to find the key necessary to decrypt an encrypted message or document.

Question 63

Brute Force Attack

Answer 63

A brute force attack is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys. It is a simple yet reliable tactic for gaining unauthorized access to individual accounts and organizations’ systems and networks.

Question 64

Dos (Denial of Service)

Answer 64

A cyberattack that causes a service to fail or be unavailable to legitimate users.

Caused by; Overloading a service, Exploiting design failures, cutting cables…

Question 65

DDoS Attack (Distributed Denial of Service)

Answer 65

A DoS attack that uses multiple compromised computers (a “botnet” of “zombies”) to launch the attack.

Question 66

Botnet

Answer 66

A network of Zombies that aim to disrupt a service, usually by overloading it.

Question 67

Zombie

Answer 67

Unauthorized software that directs a device to launch a DoS (Denial of Service) attack.

These machines are not aware of the infection.

Question 68

Cyber Warfare

Answer 68

The use of IT services and devices to disrupt national, state or organizational activities in regards to military operations.

Question 69

Zero-Day Exploit

Answer 69

An attack that exploits a vulnerability in software that is unknown to the software vendor and users.

Question 70

Cross-Site Scripting (XXS)

Answer 70

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.

XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.

Question 71

SQL Injection

Answer 71

A common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.

Question 72

Mantrap

Answer 72

Physical security method using two gates, only one of which being open at any time.

Question 73

RFID Badge

Answer 73

An access card that contains a chip, read wirelessly to validate entry into secure areas.

Question 74

Entry Control Roster

Answer 74

Sign-in sheet managing access into buildings.

Question 75

Remnant Removal

Answer 75

The erasure of data to the point that the original data is overwritten by random data.

Question 76

Degaussing

Answer 76

Exposing a disk to a powerful electromagnet that scrambles the data stored on the disk, to secure confidential data.

Question 77

Low Level Format

Answer 77

Factory Reset for Storage Devices.

Creates sectors and cylinders on a disk, wiping a disk and filling the blanks with zeros.

Question 78

Authentication Factors

Answer 78

Information used to identify a user.

1) Something you have
2) Something you know
3) Something you are

Question 79

TACACS+

Answer 79

TACACS+ is a remote authentication protocol, which allows a remote access server to communicate with an authentication server to validate user access onto the network. TACACS+ allows a client to accept a username and password, and pass a query to a TACACS+ authentication server.

Question 80

RADIUS

Answer 80

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that authorizes and authenticates users who access a remote network.

Question 81

Policy Implementation - LSDOE

Answer 81

Local, Site, Domain, OU, Enforced

From least important to the most important.

Question 82

Information Content Management (ICM)

Answer 82

The process of managing information over its lifecycle, from creation to destruction.

Question 83

Document Sensitivity Levels

Answer 83

Unclassified
Classified
Confidential
Secret
Top Secret

Question 84

Personally Identifiable Information (PII)

Answer 84

Data that can be used to identify or contact an individual.

Eg; Social Security, Date of Birth, Email, Phone, Home Address, Biometric Data

Question 85

Protected Health Information (PHI)

Answer 85

Information that identifies someone as the subject of medical and insurance records, plus associated hospital and lab test results.

Question 86

Payment Card Industry Data Security Standard (PCI DSS)

Answer 86

A standard for organizations that process credit or bank card payments, which identifies steps to take if cardholder data is stored.

Question 87

Full Disk Encryption (FDE)

Answer 87

Encryption of all data on a disk - Bitlocker, VeraCrypt, Best Crypt…

Question 88

Data Loss Prevention (DLP)

Answer 88

Software that can identify data that has been classified and apply fine-grained user priveliges to it.

Eg; Policy Server to configure confidentiality rules; Endpoint agents to enforce policies on client computers; Network agents to scan communications at network borders

Question 89

Incident Response Lifecycle

Answer 89

1) Preparation
2) Detection & Analysis
3) Containment, Eradication and Recovery
4) Post-Incident Activities

Question 90

Computer Security Incident Response Team (CSIRT)

Answer 90

A team composed of various levels and departments, prepped to respond quickly to security threats to a network.

Question 91

Virus

Answer 91

Code designed to infect computer files when it is activated.

Question 92

Worm

Answer 92

A type of virus that spreads through memory and network connections, rather than infecting files themselves.

They are self-contained (doesn’t need a host program) and can travel, targetting network app vulnerabilities and rapidly consuming network bandwidth.

Question 93

Boot Sector Virus

Answer 93

These viruses attack the boot sector information, the partition table and sometimes the file system itself.

Often this results in errors loading up the operating system.

Question 94

Macro Virus

Answer 94

These viruses affect Office documents by infecting Macros.

Question 95

Spyware

Answer 95

Software that records information about a PC and its user.

Question 96

Rootkit

Answer 96

A class of malware that modifies system files, often at the kernel level, to conceal its presence. Masquerades itself as a .DLL file and can infect multiple facets.

Question 97

Malware Removal Process

IQDRSEE

Answer 97

1) Identify and Research Symptoms
2) Quarantine Infected Systems
3) Disable System Restore (in Windows)
4) Remediate infected systems (scan, remove techniques)
5) Schedule Scans and Updates
6) Enable System Restore and create a Restore Point
7) Educate End User.

Question 98

Quarantine and Remediation Steps

Answer 98

1) Disconnect from network
2) Move infected system to secure area
3) Disable System Restore and other backup systems
4) Scan any removable media devices attached during infection
5) Use the Anti-Virus on system

Question 99

Malware Infection Prevention

Answer 99

1) Inspect and resecure DNS configuration (flush DNS)
2) Check software firewalls for rules
3) Enable System Restore and create a clean backup.