Domain 2: Security Flashcards

1
Q

Difference between procedural & logical security controls

A

-Procedural are enforced by people
-Logical are enforced by cyber systems & software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

2-step verification

A

Authentication mechanism that uses a separate channel to authorize a sign-on attempt or to transmit an additional credential. E.g. email, text or voice call.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Risk

A

Likelihood and impact (or consequence) of a threat actor exercising a vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Vulnerability scanner

A

A class of software designed to detect noncompliant systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Difference between unprotected system and a noncompliant system

A

An unprotected system has at least one security control either missing or improperly configured

-a noncompliance system has drifted from its hard configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Exploit

A

Malicious code that can use a vulnerability to compromise a host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True or false: an evil twin is an on-path attack

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

XSS

A

Cross-site scripting

Malicious script hosted on the attacker’s site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser’s security model of trusted zones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SQL Injection

A

Structured Query Language Injection

Attack that injects a database query into the input data directed at a server by accessing the client side of the application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Hash

A

Function that converts an arbitrary-length stream into a fixed-length string input

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The main drawback of asymmetric encryption

A

A message cannot be larger than the key size

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

For what is asymmetric encryption often used?

A

To encrypt cryptographic hashes and to encrypt symmetric encryption keys, then referred to as session keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Exploit

A

Specific method by which malware code infects a target host, often via some vulnerability in a software process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Why CCMP makes replay attacks harder than TKIP did

A

CCMP provides authenticated encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

True or False: enterprise networks support, RADIUS, TACACS+, and Kerberos for authentication

A

False
Kerberos communication is tunneled & not directly supported

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Photo I.D. Authentication type

A

Something you are

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Yellow ports on a home router

A

LAN ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

How to update the firmware on a router

A

Download the update from the vendor’s website & then in the management app select the firmware upgrade option and browse for the firmware file you downloaded

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How a Soho router performs content filtering

A

It downloads curated reputation databases

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Port forwarding

A

Process in which a router takes requests from the Internet for a particular app and sends them to a designated host on the LAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Port triggering

A

Mechanism to configure access through a firewall for applications that require more than one port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

UPnP

A

Setting on a Soho router that allows an app to send instructions to the firewall with the correct configuration perimeters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

DMZ or DMZ host on a home router

A

A computer on the LAN that is not protected by the router’s firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Minimum password length for non-administrative user accounts

A

12+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Pre-boot authentication

A

The loading of an authentication application by UEFI firmware in order to contact an authentication server on the network & allow the user to submit the credentials for their account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

System user password

A

A password that is shared by all users & is required before any operating system can boot (very rarely used)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Lunchtime attack

A

A threat actor is able to access a computer that has been left unlocked

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

How to lock a Windows computer

A

From the power icon or START+L

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What should happen when the default administrator account is used

A

Generation of an alert

30
Q

Where account policies are configured on a standalone workstation

A

Local Security Policy snap-in
(or
Group Policy Editor snap-in)

31
Q

4 examples of account policies for security

A
  • Restricted login times
  • Timeout/screen lock
  • Failed attempts lockout
  • Concurrent logins
32
Q

Execution control

A

Process of determining what additional software may be installed on a client or server computer beyond its baseline to prevent the use of unauthorized software

33
Q

2 types of antivirus software updates

A
  • Definition/pattern updates
  • Scan engine/component updates (i.e. the program itself)
34
Q

Difference between
1) port security triggers
2) application security triggers
and
3) Address triggers
in firewalls

A

They are based on
1) port number
2) the process that listens for connections
3) IP or FQDN of the server or client hosts

35
Q

EFS

A

NTFS feature supporting file & folder encryption, not available in Home editions

36
Q

Main advantages of full disk encryption vs. file/folder encryption

A

It doesn’t depend on the user to remember to encrypt data. It also encrypts more, such as swap files, print queues, & temp files

37
Q

BitLocker To Go

A

BitLocker for removable drives

38
Q

TPM

A

Trusted Platform Module
Specification for secure hardware-based storage of encryption keys, hashed passwords, & other user- and platform-identification information

39
Q

7-item security checklist for workstations

A
  • Password best practices
  • End-user best practices
  • Account management
  • Disable or change the password of the default administrator account
  • Disable AutoRun/AutoPlay
  • Windows Update, Antivirus, & firewall are enabled
  • Data-at-rest encryption, i.e. EFS or BitLocker
40
Q

Method most websites now use instead of plug-ins to serve dynamic & interactive content more safely

A

HTML version 5

41
Q

What 1) hamburger & 2) meatball menus look like

A

1) 3 horizontal lines stacked on top of each other
2) 3 horizontally or vertically aligned dots

42
Q

What you must do when using enterprise certificates for internal sites & a third-party browser

A

Ensure that the internal CA root certificate is added to the browser

43
Q

The main function of web browser privacy controls

A

Governing sites’ use of tracking tools such as cookies

44
Q

Cookie

A

A text file used to store session data

45
Q

What an incognito window does

A

Disables the caching features of the browser so that no
- cookies
- browsing history
- form fields
- passwords
or
- temp files
will be stored when the session is closed

46
Q

Primary indicator that must be verified before using a web form

A

Lock icon indicating the site uses a trusted certificate

47
Q

6 file extensions for executable code

A

.exe
.msi
.dll
.com
.scr
.jar

48
Q

Virus

A

Malware concealed within the code of an executable process image stored as a file on disk

49
Q

Worm

A

Malware that replicates between processes in system memory

50
Q

Fileless malware

A

Code that uses the host’s scripting environment to create malicious processes in memory

51
Q

RAT

A

Remote access Trojan
Malware that implements a access to a PC

52
Q

RAT (detailed)

A

Remote access Trojan
A.k.a backdoor. Often uses command sequences embedded in HTTPS or DNS traffic to establish a connection between the compromised host and a command and control (C2 or C&C) host or network

53
Q

8 things Spyware can do

A
  • allow tracking cookies
  • change default search providers
  • open arbitrary pages at startup
  • add bookmarks
  • monitor local app activity
  • take screenshots
  • activate recording devices
  • redirect DNS
54
Q

Rootkit

A

Malware running with system level privileges

[pg. 273]

55
Q

2 ways rootkits hide

A
  • Make changes so that Explorer, Task Manager, ps, or top no longer reveal their presence
  • Clean system logs
56
Q

Cryptominer

A

Hijack’s the resources of the host to perform cryptocurrency mining

57
Q

5 types of malware as defined according to vector

A

Viruses
Boot sector viruses
Trojans
Worms
Fileless malware

58
Q

3 common PC malware infection symptoms

A
  • the computer fails to boot or experiences lock ups
  • Performance at startup or in general is very slow
  • The host cannot access the network and/or Internet access or network performance is slow
59
Q

What antivirus, firewall, or Windows Update not working, & crashing software from reputable vendors (including Windows tools) is all a symptom of

A

Malware infection

60
Q

Malware symptoms that are unlikely to have other causes

A

File system errors & anomalies

61
Q

Rogue antivirus

A

A type of malware that pretends to have found an infection on the victim’s computer

62
Q

3 most common causes of certificate warnings

A
  • The certificate is self-signed or issued by a CA that is not trusted
  • The FQDN requested by the browser is different from the subject name listed in the certificate
  • The certificate has expired or is listed as revoked
63
Q

2 types of malware which might cause browser redirection

A

Adware & spyware

64
Q

On-access scanning

A

When A-V software intercepts an OS call to open a file & scans the file before allowing or preventing its opening

65
Q

How “no-root” firewalls work

A

Creating a VPN & controlling app access to it

66
Q

COBO

A

Corporate owned, business only

The device is the property of the company & may only be used for company business

67
Q

COPE

A

The device is chosen and owned by the company and remains its property. The employee may use it for personal things, subject to the AUP.

68
Q

CYOD

A

Choose your own device

The device is chosen by the employee and owned by the company and remains its property. The employee may use it for personal things, subject to the AUP.

69
Q

Enterprise wipe

A

Remote-initiated wipe of a mobile device that removes corporate apps and data only

70
Q

4 ways to destroy a disk

A
  • Shredding with a mechanical shredder
  • Incinerating in a furnace designed for media sanitization
  • Degaussing with a powerful magnet
  • Drill/hammer [less secure]
71
Q

User permission level for modifying system files or installing a service

A

Administrator