Domain 5 Flashcards
Black Box Penetration Test
Black box penetration testing assumes no prior knowledge of the infrastructure to be tested. Testers simulate an attack from someone who is unfamiliar with the system. It is important to have management knowledge of the proceedings so that if the test is identified by the monitoring systems, the legality of the actions can be determined quickly.
User Datagram Protocol (UDP)
User Datagram Protocol (UDP) utilizes a simple transmission model without implicit handshaking routines for providing reliability, ordering or data integrity. Thus, UDP provides an unreliable service and datagrams may arrive out of order, appear duplicated or get dropped.
Kerberos
Kerberos is a network authentication protocol for client-server applications that can be used to restrict access to the database to authorized users.
rootkit
malicious software
Infected Device
The first step is to disconnect the machine from the network, and then, using proper forensic techniques, capture the information stored in temporary files, network connection information, programs loaded into memory and other information on the machine.
improperly implemented intrusion prevention system (IPS)
An IPS prevents a connection or service based on how it is programmed to react to specific incidents. If the IPS is triggered based on incorrectly defined or nonstandard behavior, it may block the service or connection of a critical internal system.
certification practice statement (CPS)
The certification practice statement (CPS) is the how-to document used in policy-based public key infrastructure (PKI).
Port scanning
Port scanning will often target the external firewall of the organization. Use of wireless will not affect this.
defense in-depth security principle
Defense in-depth means using different security mechanisms that back each other up. When network traffic passes the firewall unintentionally, the logical access controls form a second line of defense.
spoofing
Spoofing is a form of impersonation where one computer tries to take on the identity of another computer. IP spoofing takes advantage of the source-routing option in the Internet Protocol.
digital signatures
A digital signature is an electronic identification of a person or entity. It is created by using asymmetric encryption. To verify integrity of data, the sender uses a cryptographic hashing algorithm against the entire message to create a message digest to be sent along with the message. Upon receipt of the message, the receiver will recompute the hash using the same algorithm.
type of antivirus software
A. Scanners look for sequences of bits called signatures that are typical of virus programs. They examine memory, disk boot sectors, executable files and command files for bit patterns that match a known virus. Therefore, scanners need to be updated periodically to remain effective.
B. Active monitors interpret disk operating system (DOS) and read-only memory (ROM) basic input-output system (BIOS) calls, looking for virus-like actions. Active monitors can be misleading, because they cannot distinguish between a user request and a program or virus request. As a result, users are asked to confirm actions such as formatting a disk or deleting a file or set of files.
C. Integrity checkers compute a binary number on a known virus-free program that is then stored in a database file. This number is called a cyclical redundancy check (CRC). When that program is called to execute, the checker computes the CRC on the program about to be executed and compares it to the number in the database. A match means no infection; a mismatch means that a change in the program has occurred. A change in the program could mean a virus.
D. Vaccines are known to be good antivirus software. However, they need to be updated periodically to remain effective.
best antivirus
Integrity checkers
Transaction monitoring
An electronic payment system could be the target of fraudulent activities. An unauthorized user could potentially enter false transactions. By monitoring transactions, the payment processor could identify potentially fraudulent transactions based on the typical usage patterns, monetary amounts, physical location of purchases, and other data that are part of the transaction process.
Use of a point-to-point leased line
A leased line will effectively extend the local area network (LAN) of the headquarters to the remote site, and the mainframe Telnet connection would travel over the private line, which would be less of a security risk when using an insecure protocol such as Telnet.
directory server in a public key infrastructure (PKI)?
A directory server makes other users’ certificates available to applications.
Stores certificate revocation lists (CRLs)
role performed by a security server.
(GSM) technology.
The inherent security features of global system for mobile communications (GSM) technology combined with the use of a virtual private network (VPN) are appropriate. The confidentiality of the communication on the GSM radio link is ensured by the use of encryption and the use of a VPN signifies that an encrypted session is established between the laptop and the corporate network
targeted testing
penetration testers are provided with information related to target and network design and the target’s IT team is aware of the testing activities.
pharming attack
Domain name system (DNS) server security hardening
The pharming attack redirects the traffic to an unauthorized web site by exploiting vulnerabilities of the DNS server.
ARP poisoning attack
experienced a large amount of traffic being re-routed from its Voice-over Internet Protocol (VoIP) packet network.
firewalls provide the GREATEST degree and granularity of control?
Application gateway
Digital certificates with RSA
provide authentication and integrity but do not provide encryption.
A demilitarized zone (DMZ)
A demilitarized zone (DMZ) is an isolated network used to permit outsiders to access certain corporate information in a semi-trusted environment. The DMZ may host a web server or other external facing services. Traffic to a DMZ is not usually encrypted unless it is terminating on a VPN located in the DMZ.
proxy server
is a type of firewall installation used as an intermediary to filter and control traffic between internal and external parties.
web content filter
A web content filter accepts or denies web communications according to the configured rules. To help the administrator properly configure the tool, organizations and vendors have made available uniform resource locator (URL) blacklists and classifications for millions of web sites.
Analyzer vs. Sensors
Analyzers receive input from sensors and determine the presence of and type of intrusive activity.
Sensors are responsible for collecting data. Sensors may be attached to a network, server or other location and may gather data from many points for later analysis.
Stopping a worm
Stopping the service and installing the security fix is the safest way to prevent the worm from spreading.
Digital signatures
signer to have a private key and the receiver to have a public key.
Voice-over Internet Protocol (VoIP) system
Segregating the Voice-over Internet Protocol (VoIP) traffic using virtual local area networks (VLANs) would best protect the VoIP infrastructure from network-based attacks, potential eavesdropping and network traffic issues (which would help to ensure uptime).
confidentiality, reliability and integrity of data?
Secure Sockets Layer (SSL)-reliability
PKI?
Public key infrastructure (PKI) is used in conjunction with SSL is realiability…otherwise SSL
Secure Shell (SSH)
Secure Shell (SSH) is a protocol that is used to establish a secure, encrypted, command-line shell session, typically for remote logon. Although SSH encrypts data transmitted during a session, SSH cannot encrypt data at rest, including data on USB drives. As a result, SSH is not appropriate for this scenar
Power line conditioners
Power line conditioners are used to compensate for peaks and valleys in the power supply and reduce peaks in the power flow to what is needed by the machine. Any valleys are removed by power stored in the equipment
implementing data classification
While implementing data classification, it is most essential that organizational policies and standards, including the data classification schema, are understood by the owner or custodian of the data so they can be properly classified.
high security areas
FAR
mantrap controlling access
is primarily to prevent piggybacking.
effective biometric control system
The EER of a biometric system denotes the percent at which the false-acceptance rate (FAR) is equal to the false-rejection rate (FRR). The biometric that has the lowest EER is the most effective.