Domain 2 Security

Question 1

Wireless Encryption

Answer 1

data is being sent over the air and anyone can listen

Encryption makes the signal impossible to understand without the key

Question 2

WEP

Answer 2

Wired equivalent privacy
vulnerabilities / Do not use
often uses a hexadecimal key for authentication

Question 3

WPA

Answer 3

short term solution for WEP
its legacy/ do not use
uses TKIP

Question 4

WPA2

Answer 4

uses CCMP block cipher mode / Counter Mode and Cipher Block Chaining

data confidentiality with AES encryption

WPA2- Personal / pre-shared key

WPA2 - Enterprise / authentication server, no shared key

Question 5

WPA3

Answer 5

uses GCMP block cipher mode / Galois/Counter Mode Protocol
stronger than WPA2, fixes WPA2 PSK has issue

Question 6

Authentication

Answer 6

Radius : remote authentication dial-in user service, talk to VPNS

TACAS+ : terminal access control access control system
Connect to network equipment, usually a Cisco device

Kerberos : usually a Microsoft network, supports SSO when logging into a domain

Question 7

Authentication

Answer 7

single-factor = password
Multifactor = password and certificate or captive portal

Question 8

Malware

Answer 8

any software initially designed to cause disruption to computer server without the user’s knowledge or consent

Question 9

Virus

Answer 9

code that runs on a computer without the user’s knowledge
typically attached to an executable which allows it to replicate
spread using email, websites, and/or network file sharing

Question 10

Worm

Answer 10

similar to a virus but it will self replicates
exploits network vulnerabilities to spread and infect more hosts
spread through emails, websites, and network shares
doesn’t need human interaction

Question 11

Ransomware

Answer 11

restricts the use of a computer until the user pays a ransom, often encrypts the data and holds the key to unlock it ransom

Question 12

Trojan

Answer 12

appears to perform a desired function, but actually does something malicious
used to deliver other malware

Question 13

Spyware

Answer 13

software used to spy on the user

can be difficult to detect

examples include keyloggers, rootkits, system monitors, and tracking cookies

can be used with adware

Question 14

Keylogger

Answer 14

form of spyware

used to record keystrokes, personal info/passwords

info can be sent over network or stored locally for later pickup

Question 15

Rootkit

Answer 15

designed to hide and give attackers access to the computer

often used to hide other types of malware or provide ongoing access

difficult to detect with traditional malware scanners

Question 16

Botnet

Answer 16

network of infected devices

usually not easy to tell if you are infected

bot software waits for instructions from a controlling device

often used to perform DDoS attacks

Question 17

Boot Sector Virus

Answer 17

will infect the system boot partition or the master boot record

a type of malware that runs as soon as your OS is booted, not after, therefore making it harder for anti-malware to prevent

secure boot, which is included in UEFI BIOS, should prevent unsigned software

Question 18

Cryptominers

Answer 18

malware that unknowingly uses your computer, to complete tasks that earn the hacker cryptocurrency

mining cryptocurrency uses a lot of CPU resources, and attackers typically try to gain access to multiple CPUs

a spoke in your CPU utilization could be a warning sign

Question 19

Windows Recovery ENvironment

Answer 19

windows recovery environment gives you complete control of your system before it even starts

be careful to know what you’re doing; the environment contains all the files related to your OS

can remove malicious software before it boots up

can repair the file system boot sector or master boot record

Question 20

Removal Methods

Answer 20

antivirus/antimalware
software usually quarantines files before removal , make sure its updated, make sure its running in real time

Completely reinstall the OS
Restore from backup, make sure it’s a clean backup
manually install the OS, make sure you have your data backed up first

Question 21

An ounce of Prevention

Answer 21

End user education, don’t go to sketchy websites, don’t plug in flash drives you found on the street, identify spam/ malicious messages, anti-phishing training

Software firewalls
Windows firewall is built into the Windows OS and enabled by default
macOS/Linux may have packages installed but not enabled

Question 22

Social Engineering

Answer 22

tricking users into giving out confidential information or performing other actions such as downloading malware

Question 23

Phishing

Answer 23

used to try to hook users often through links in email or websites

Question 24

Spear Phishing (phishing)

Answer 24

targets a specific individual or institution

Question 25

Whaling (phishing)

Answer 25

targets someone at a high level such as a CEO

Question 26

Vishing Attack

Answer 26

like phishing but it is done over the phone or voicemail

trusted companies will not ask for sensitive information in email or phone calls

Question 27

Shoulder surfing

Answer 27

attacker looks over the shoulder of a user to obtain information

Can be done with phone cameras as well, use a privacy screen, never leave password/PIN info visible, lock or log off computers when not using them

Question 28

Tailgating

Answer 28

attacker follows closely behind an authorized user into a secure area

turnstiles and access control vestibules are effective measures to prevent this

Question 29

Impersonation

Answer 29

attacker pretends to be an authorized employee

convince user to give up info or perform a task

Question 30

Dumpster diving

Answer 30

Attacker looks through the trash/recycling for sensitive information

Question 31

Evil Twin

Answer 31

wireless form of a phishing attack

attacker will create a wireless access point with the same or similar SSID of an existing network

always use HTTPS and a VPN to protect yourself

Question 32

Denial of Service (DoS) attacks

Answer 32

attacker overloads target with information causing it to fail

Distributed DoS (DDoS) uses an army of devices to perform DoS attack
devices in a botnet may be
referred to as zombies

Question 33

Zero-Day Exploits

Answer 33

many applications have vulnerabilities that jsut haven’t been found yet

ethical hackers find exploits and report them to companies

an attack using a previously unknown exploit is called a zero-day attack

Question 34

Spoofing

Answer 34

pretending you are something/someone you aren’t

Email address, MAC address, DNS servers

Question 35

On-Path Attack

Answer 35

traffic is redirected through a middleman device

you may have no idea information is being siphoned

use encrypted protocols to protect against this

Question 36

Password Attacks

Answer 36

most password attacks don’t happen at the login page

attackers gain access to the password file or database
contains passwords in a hashed format-not clear text

attackers then created hased versions of password guesses, then compare them to the database

Question 37

Brute force attack ( password attack)

Answer 37

attackers attempt every combination of viable characters, takes a long time, often not viable

Question 38

Dictionary attack ( password attack)

Answer 38

attackers use a list of common words

Question 39

Rainbow table attack ( password attacks)

Answer 39

attackers use an optimized list of pre-hashed values

significantly faster compared to other attacks

not viable if has is salted random values are added

Question 40

Insider Threat

Answer 40

Former and current employees have institutional knowledge that is valuable to attackers

• attacks can get a better idea of
  when, where, and how to attack
• this can earn the insider a lof
  money

some attackers try to get hired by the company they intend to attack, thus giving them even more access

Question 41

SQL Injection

Answer 41

Websites typically have a database to store information related to the site
- SQL (Structured Query Language)
is a programming language used
to talk to the database

AN improperly formatted website could allow an attacker to manipulate the SQL code and find information they shouldn’t have access to e.g. personal employee data

Question 42

Cross-site Scripting (XSS)

Answer 42

an attack where information from one site is shared with the attackers

there is a common web application development error that allows malware to take advantage of JavaScript

keep your browser up to date and don’t click on any untrusted links

Input validations - make it so that users can’t put scripts into an input field

Question 43

Non-Compliant Systems

Answer 43

systems who don’t comply with the Standard Operating Environment (SOE), are a major security concern for your network

Make sure devices are installing new OS updates, security patches, and anti-virus signatures
- non-compliant systes will warm
the users, and potentially lose
access to the network

Question 44

Unpatched Systems

Answer 44

windows release patches on the second Tuesday of every month

any device that is not patched is the weakest link on your network and that’s the device that attackers will target

Question 45

Unprotected Systems

Answer 45

sometimes during troubleshooting, it might be necessary to disable some of your security features
- disabling the firewall
- disabling the antivirus

be sure to tur these on once you are done. never permanently disable security features

Question 46

EOL OSs

Answer 46

End of Life (EOL)
Manufacturer stops selling an OS, they might continue supporting the OS and release important security patches and updates

Question 47

End of Service Life ( EOSL)

Answer 47

Manufacture stops selling and stops supporting the OS
No more security patches and updates
At this point, you need to find an alternative solution

Question 48

BYOD ( Bring Your Own Device)

Answer 48

Employees bring their own devices to use for company purposes, you must make sure that these devices meet your company’s security requirements

The MDM will help keep the data on the device separated, protected, and make sure that the device’s security is up-do-date

Question 49

Screen Locks

Answer 49

always use a screen lock
most secure is finger print
swipe lock is the worst one

Question 50

Locator/Remote Wipe

Answer 50

find my iPhone
Google Find My device

Features: make sound, lockout, remote wipe, or see location on map

Useful when the device is stolen/lost

Question 51

Mobile OS Patching/Updates

Answer 51

ensure your mobile device is patched and updated

Question 52

Full Device Encryption

Answer 52

data encryption is an option for Android and iphone data is encrypted by default

Question 53

Remove Backup Applications

Answer 53

backup/restore device to/from cloud
iCloud for apple
Google or manufacturer for Android

Question 54

Antinvirus/Antimalware

Answer 54

Malware and viruses are less of a problem on mobile devices

Antivirus/malware apps can be installed via App Store or Play Store

Question 55

Failed Login Attempts Restrictions

Answer 55

set via settings
can lockout user for a certain amount of time
can be set to initiate factory reset with enough failure

Question 56

Biometric Authentication

Answer 56

unlock screen lock
login to apps
use instead of passwords

Question 56

Firewall

Answer 56

3rd party apps are available from app stores

mobile phones normally don’t have firewalls

Question 56

Policies and Procedures

Answer 56

BYOD - Bring Your Own Device
may require the installation of management software

Corporate Owned
- typically managed through the installation of management software

Profile security requirements
-require all users to use screen locks, strong passwords, and mobile device wipe capabilites

Question 57

Low-level format

Answer 57

creates physical sectors-done at the factory

not recommended for users

can also mean an overwrite

Question 57

Internet of Things (IoT)

Answer 57

devices that are connected to your home or work network

Question 57

Physical Destrucstion

Answer 57

Industrial shedders
- ripe apart the drives

Drill
- drill holes into the drive

Hammer
-
Degaussing
- destroys the ability for magnetic
plate to hold information via
electromagnetic field

Incineration
-
ER2 will do this

Question 58

Standard Format - Regular

Answer 58

Sometimes it’s important to make sure that sensitive data is unable to be recovered

Overwrite
- Overwrite data with all 0’s
- Repeat 7 times for DoD
standards

Drive wipe

Question 59

Data Destruction and Disposal

Answer 59

responsibility to dispose of storage devices safely: data security and legal liability

performed on-site or by external company: external company will provide a certificate of destruction

Question 60

Standard Format - Quick Format

Answer 60

organizations may want to recycle/repurpose drives instead of destroying them

Quick Format (Windows)
- deletes partition table so OS
doesn’t understand contents
- savvy users could recover data
from platters

Question 60

Which wireless encryption uses TKIP

Answer 60

WPA

Question 61

Why do we need wireless encryption

Answer 61

to keep our data signal private

Question 62

WEP is safe to use, True or False

Answer 62

False

Question 63

Which authentication provides centralized triple A (AAA), particularly for remote access scenarios?

Answer 63

Radius, Remote authentication dial-in user service

centralized authentication, Radius servers talk to VPNs

Question 64

TACACS+

Answer 64

terminal access controller access

cisco device, equipment is connecting to quipment

Question 65

Kerberos

Answer 65

supports SSO when logging into a domain

Question 66

Not an area of centralized management in network environments

Answer 66

Administration

Question 67

Makes up an area of centralized management in network environments

Answer 67

Authorization
Accounting
Authentication

Question 68

You suspect someone is recording everything you type into the computer. What kind of malware are you dealing with?

Answer 68

Keylogger

Question 69

After downloading a game, you start getting random popups and your computer runs slowly. What type of malware is this?

Answer 69

Trojan

Question 70

You notice symptoms of a malware infection, but a malware scan does not find anything. What kind of malware is this?

Answer 70

Rootkit, will be scanned for but will change itself to look like the same thing

Question 71

A user’s pc has become inoperable and only shows a message asking for payment to unlock the computer. What is this?

Answer 71

Ransomware

Question 72

Cryptominer

Answer 72

is malware used to perform calculations in an effort to accumulate a cryptocurrency. Often uses extensive CPU cycles and causes performance issues on the system

Question 73

Botnet

Answer 73

a group of computers that are under the control of a third-party. Botnets can be used to provide large-scale distributed attacks

Question 74

An attacker is using every combination of letters, numbers, and special characters in an attempt to discover a user’s password. What would describe this attack type?

Answer 74

Brute Force

Question 75

An internal audit has found that asever in the DMZ appears to be infected with malware. The malware does not appear to be part of a file in the OS and the malware is started each time the system is started. What type of malware would be MOST likely found on this server?

Answer 75

Boot sector virus, a virus in the boot sector.

To stop this you would need to get into a preboot environment,

Question 76

You want to ensure that company data is secure in the event of a lost device. What method is best?

Answer 76

Bitlocker

Question 77

What does a strong password?

Answer 77

A strong password includes capital letters, lower case letters, symbols, and numbers

Question 78

You want to ensure users can’t edit BIOS configurations. What should you set?

Answer 78

Supervisor password

Question 79

Which of the following security precautions is most important?

Changing Default Credentials
Disabling Guest Account
Setting screen locks
Setting login attempts restictions

Answer 79

Changing default credentials

Question 80

An employee is leaving your organization. What should you do with their Active Directory acount?

Answer 80

Disable it

Question 81

A system administrator is troubleshooting an older application on a Windows 10 computer and needs to modify the UAC (User Account Control)process. What options would provide access to these settings?

Answer 81

User accounts, settings are contained in the COntril Panel’s user accounts applet

Question 82

System Information

Answer 82

provide information about a system’s hardware, components, and software environment

Question 83

A Windows 10 user is installing a new application that also installs a service. What permission will be required for this installation?

Answer 83

Administrator

Question 84

A business partner in a different country needs to access an internal company server during the very early morning hours. The internal firewall will limit the partner’s access to this single server. What would be the MOST important security task to perform on this server?

Answer 84

Install the latest OS patches, which will ensure that any known vulnerabilities are always removed before they could possibly be exploited

Question 84

An employee has modified the NTFS permissions on a local file share to provide read access to Everyone. However, users connecting from a different computer do not have access to the file. What is the reason for this issue?

Answer 84

Share permissions restrict access from remote devices

Question 85

Full device encryption

Answer 85

ensures that all of the information on the tablet cannot be viewed by anyone outside of the company, so if something was stolen or lost, all of the data on the device would remain private

Question 86

Firewall app

Answer 86

keep unauthorized users from accessing the tablet over the network

Question 86

Locator Application

Answer 86

provides the location of the device