Essential Knowledge

Question 1

OSI Layers

Answer 1

Application, 
Presentation, 
Session,
Transport,
Network,
Datalink,
Physical

Question 2

Which OSI Layer? FTP,HTTP,SMTP

Answer 2

Application Layer

Question 3

Which OSI Layer? AFP, NCP, MIME

Answer 3

Presentation Layer

Question 4

Which OSI Layer? X.225, SCP, ZIP

Answer 4

Session Layer

Question 5

Which OSI Layer? TCP, UDP

Answer 5

Transport Layer

Question 6

Which OSI Layer? IP

Answer 6

Network Layer

Question 7

Which OSI Layer? ARP, CDP, PPP

Answer 7

Data Link Layer

Question 8

Which OSI Layer? USB Standards, Bluetooth

Answer 8

Physical Layer

Question 9

PDU at the Application, Presentation, Session Layers?

Answer 9

Data

Question 10

PDU at the Transport Layer?

Answer 10

Segment

Question 11

PDU at the Network Layer?

Answer 11

Packet

Question 12

PDU at the Physical Layer?

Answer 12

Bit

Question 13

OSI Application, Presentation and Session layers map to which layer of the TCP/IP model?

Answer 13

Application Layer

Question 14

OSI Transport layer maps to which layer of the TCP/IP model?

Answer 14

Transport Layer

Question 15

OSI Network layer maps to which layer of the TCP/IP model?

Answer 15

Internet Layer

Question 16

OSI Data Link and Physical layers map to which layer of the TCP/IP model?

Answer 16

Network Access Layer

Question 17

TCP three-way handshake consists of?

Answer 17

SYN, SYN-ACK, and ACK segments

Question 18

A UDP segment structure is called a?

Answer 18

Datagram

Question 19

A demilitarized zone or DMZ is also called a?

Answer 19

Screened Subnet

Question 20

A very restricted zone that strictly controls direct access from uncontrolled zones.

Answer 20

Production Network Zone

Question 21

A controlled zone that has little to no heavy restrictions.

Answer 21

Intranet Zone

Question 22

A highly secure zone with very strict policies.

Answer 22

Management Zone

Question 23

A published standard used by organizations worldwide that provides a way to capture the principal characteristics of a vulnerability and produces a numerical score reflecting its severity. The score can be translated into low, medium, high or critical.

Answer 23

Common Vulnerability Scoring System (CVSS)

Question 24

A method for using specific standards to enable the automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization, including e.g., FISMA compliance.

Answer 24

Security Content Automation Protocol (SCAP)

Question 25

Categories of vulnerabilities.

Answer 25

Misconfiguration, 
Default Installations, 
Buffer Overflows, 
Missing Patches, Design Flaws, 
Operating System Flaws, 
Application Flaws, 
Open Services, 
Default Passwords

Question 26

Example vulnerability management tools

Answer 26

Nessus, 
Qualsys, 
GFI Languard, 
Nikto, 
OpenVAS, 
Retina CS

Question 27

Triangle model whereby an increase in one angle decreases the other two angles.

Answer 27

Security, Functionality and Usability Triangle.

Question 28

Hack Value

Answer 28

Notion used by hackers to express that something is worth doing or is interesting. This is something that hackers often feel intuitively about a problem or solution. An aspect of hack value is performing feats for the sake of showing that they can be done, even if others think it is difficult.

Question 29

Zero-day attack

Answer 29

An attack that exploits vulnerability of an application before it is publicly available and the developer releases a patch for that.

Question 30

Vulnerability

Answer 30

It is an existence of a weakness, design or implementation error that can lead to an unexpected and undesirable event compromising the security of a system.

Question 31

Payload

Answer 31

Malicious content that is acted upon and executed by a system.

Question 32

Daisy-Chaining

Answer 32

Process where a hacker gains entry into a computer or network and then uses it to gain access to another.

Question 33

Doxing

Answer 33

The process of searching for and publishing private information about a target (usually an individual) on the Internet, typically with malicious intent.

Question 34

Threat Modeling

Answer 34

Consists of: 
Identify Security Objectives, 
Application Overview, 
Decompose Application, Identify Threats and 
Identify Vulnerabilities

Question 35

Enterprise Information Security Architecture (EISA)

Answer 35

Collection of requirements and processes that help determine how an organization’s information systems are built and how they work.

Question 36

Risk Management Approach

Answer 36

Mitigate, Eliminate or Accept

Question 37

Risk Management Phases

Answer 37

Risk Identification, Risk Assessment, Risk Treatment, Risk Tracking and Risk Review

Question 38

Security Control categories

Answer 38

Physical, Technical and Administrative

Question 39

Security Control types

Answer 39

Preventive, detective, and corrective.

Question 40

Business Impact Analysis should measure what?

Answer 40

Maximum tolerable downtime (MTD) which helps to prioritize the recovery of assets.

Question 41

Business Impact Analysis should measure what?

Answer 41

An organized process to gauge the potential effects of an interruption to critical business operations as a result of disaster, accident or emergency. For example, part of the BIA can be calculating the Maximum tolerable downtime (MTD) which helps to prioritize the recovery of assets.

Question 42

Disaster Recovery Plan

Answer 42

Addresses exactly what to do to recover any lost data or services.

Question 43

Annualized Loss Expectancy

Answer 43

Measurement of the cost of an asset’s value to the organization and the monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO X SLE

Question 44

Annualized Loss Expectancy (ALE)

Answer 44

Measurement of the cost of an asset’s value to the organization and the monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO X SLE

Question 45

Annual Rate of Occurrence (ARO)

Answer 45

An estimate of the number of times during a year, a particular asset would be lost or experience downtime.

Question 46

Single Loss Expectancy (SLE)

Answer 46

The monetary value expressed from the occurrence of a risk on an asset, Mathematically expressed as SLE = asset value (AV) X exposure factor (EF).

Question 47

Exposure Factor (EF)

Answer 47

Percentage of asset loss. If an Asset’s Value (AV) is reduced by two thirds, the exposure factor is 0.66. If the asset is completely lost, the EF is 1.0.

Question 48

User Behavior Analytics (UBA)

Answer 48

A process of tracking users behaviors and extrapolating those behaviors in light of malicious activity, attacks, and frauds. There exist behavior-based intrusion detection systems.

Question 49

Security Trinity

Answer 49

CIA - Confidentiality, Integrity and Availability

Question 50

Confidentiality

Answer 50

Measures taken to prevent disclosure of information or data to unauthorized individuals or systems and to ensure the proper disclosure of information to those who are authorized to receive it.

Question 51

Integrity

Answer 51

Methods and actions taken to protect the information from unauthorized alteration or revision - whether the data is at rest or in transit. Often ensured through the use of a hashing algorithm.

Question 52

Bit-flipping

Answer 52

Cryptographic attack where bits are manipulated in the cipher text to generate a predictable outcome in the plain text once it is decrypted.

Question 53

Availability

Answer 53

Communication systems and data being ready for use when legitimate users need them.

Question 54

Authenticity

Answer 54

Genuine. For example, a digital signature can be used to guarantee the authenticity of the person sending a message.

Question 55

Rainbow Series

Answer 55

Old security standards for DOD systems. Included the Orange Book which contained the Trusted Computer System Evaluation Criteria (TCSEC).

Question 56

TCSEC

Answer 56

Old DOD security standard for computers which set basic requirements for testing the effectiveness of computer security controls built into a computer system.

Question 57

Common Criteria for Information Technology Security Evaluation

Answer 57

Current DOD standard that replaced TCSEC which provides a way for vendors to make claims about their in-place security by following a set standard of controls and testing methods, resulting in an Evaluation Assurance Level (EAL) (Levels 1 - 7). This criteria is designed to reduce or remove vulnerabilities from a product before it is released.

Question 58

Target of Evaluation (TOE)

Answer 58

DOD Common Criteria term for what is being tested.

Question 59

Security Target (ST)

Answer 59

DOD Common Criteria term describing the Target of Evaluation (TOE) and security requirements.

Question 60

Protection Profile (PP)

Answer 60

DOD Common Criteria term that describes a set of security requirements specifically for the type of products being tested.

Question 61

Access Control

Answer 61

Restricting access to a resource in some selective manner.

Question 62

Mandatory Access Control (MAC)

Answer 62

A method of access control where security policy is controlled by a security administrator. As such, all access to resource objects is strictly controlled by the operating system based on system administrator configured settings. It is not possible under MAC enforcement for users to change the access control of a resource.
Mandatory Access Control begins with security labels assigned to all resource objects on the system. These security labels contain two pieces of information - a classification (top secret, confidential etc) and a category (which is essentially an indication of the management level, department or project to which the object is available).

Question 63

Discretionary Access Control (DAC)

Answer 63

Discretionary Access Control (DAC) allows each user to control access to their own data. DAC is typically the default access control mechanism for most desktop operating systems. Instead of a security label in the case of MAC, each resource object on a DAC based system has an Access Control List (ACL) associated with it. An ACL contains a list of users and groups to which the user has permitted access together with the level of access for each user or group.

Question 64

Security Policy

Answer 64

Document describing the security controls implemented in a business to accomplish a goal.

Question 65

Access Control Policy

Answer 65

Identifies the resources that need protection and the rules in place to control access to those resources.

Question 66

Information Security Policy

Answer 66

Identifies to employees what company systems may be used for, what they cannot be used for, and what the consequences are for breaking the rules.

Question 67

Information Protection Policy

Answer 67

Defines information sensitivity levels and who has access to those levels. Also addresses how data is stored, transmitted and destroyed.

Question 68

Password Policy

Answer 68

Defines length, complexity, maximum and minimum age and reuse.

Question 69

E-mail Policy

Answer 69

Addresses the proper use of the company email systems.

Question 70

Information Audit Policy

Answer 70

Defines the framework for auditing security within the organization.

Question 71

Promiscuous Policy

Answer 71

A wide open policy.

Question 72

Permissive Policy

Answer 72

Blocks only things that are known to be dangerous.

Question 73

Prudent Policy

Answer 73

Provides maximum security but allows some potentially and known dangerous services because of business needs.

Question 74

Paranoid Policy

Answer 74

Locks everything down.

Question 75

Standards

Answer 75

Mandatory rules used to achieve consistency.

Question 76

Baselines

Answer 76

Minimum security level necessary.

Question 77

Guidelines

Answer 77

Flexible recommended actions in the event there is no standard to follow.

Question 78

Procedures

Answer 78

Detailed step by step instructions for accomplishing a task or a goal.

Question 79

Script Kiddie

Answer 79

A person uneducated in hacking techniques who simply makes use of freely available tools and techniques on the Internet.

Question 80

Phreaker

Answer 80

Someone who manipulates telecommunications systems in order to make free calls.

Question 81

White Hat Hacker

Answer 81

The good guys. Ethical hackers. Hired by a customer for the specific goal of testing and improving security or for other defensive purposes. Don’t use their knowledge without prior consent. Also known as security analysts.

Question 82

Black Hat Hacker

Answer 82

The bad guys. Crackers. Illegally using their skills for either personal gain or malicious intent. Seek to steal or destroy data and to deny access to resources and systems. Do not ask for permission or consent.

Question 83

Gray Hat Hacker

Answer 83

Neither good or bad. Some are curious about hacking and who feel it’s their duty, with or without customer permission, to demonstrate security flaws in systems.

Question 84

Hacktivism

Answer 84

Is the use of technology to promote a political agenda or a social change. Is illegal in nature.

Question 85

Suicide Hackers

Answer 85

A hacker who is willing to risk everything to pull off a hack.

Question 86

Cyberterrorist

Answer 86

Motivated by religious or political beliefs to create fear and large-scale systems disruption.

Question 87

State Sponsored Hacker

Answer 87

Employed by a government.

Question 88

Operating System Attack

Answer 88

Target the common mistakes made when installing operating systems - accepting and leaving all the defaults.

Question 89

Application Level Attack

Answer 89

Attacks on programming code and software logic of an application that has vulnerabilities.

Question 90

Shrink-wrap Code Attack

Answer 90

Takes advantage of the built-in code and scripts most off-the-shelf applications come with.

Question 91

Misconfiguration Attack

Answer 91

Takes advantage of systems that are on purpose or by accident, not configured appropriately for security.

Question 92

Infowar

Answer 92

The use of offensive and defensive techniques to create advantage over your adversary.

Question 93

Phases of Ethical Hacking

Answer 93

1. Reconnaissance
2. Scanning and Enumeration
3. Gaining Access
4. Maintaining Access
5. Covering Tracks

Question 94

Reconnaissance Phase

Answer 94

Steps taken to gather evidence and information on the targets you want to attack. Information gathering can be passive or active in nature.

Question 95

Passive Reconnaissance

Answer 95

Gathering information about a target without their knowledge. Examples include social engineering, dumpster diving and network sniffing.

Question 96

Active Reconnaissance

Answer 96

Uses tools and techniques that may or may not be discovered by the target.

Question 97

Scanning and Enumeration Phase

Answer 97

Taking the information gathered in recon and actively applying tools and techniques to gather more in-depth information on the targets,

Question 98

Gaining Access Phase

Answer 98

True attack against a target in order to gain a foothold.

Question 99

Maintaining Access Phase

Answer 99

Ensure there is continued access to a compromised system, usually by creating a back door.

Question 100

Zombie

Answer 100

Compromised computer systems that can be used to launch further attacks or for further information gathering.

Question 101

Covering Tracks Phase

Answer 101

Hackers attempt to conceal their success and avoid detection by security professionals. This could include removing or altering log files, hiding files with hidden attributes or directories, using tunneling protocols, etc.

Question 102

Security Incident and Event Management (SIEM)

Answer 102

Helps to perform functions related to a Security Operations Center (SOC) such as identifying, monitoring, recording, auditing, and analyzing security incidents. Example, Splunk.

Question 103

Ethical Hacker

Answer 103

Someone who employs the same tools and techniques as a criminal may use with the customer’s full support and approval to help secure a network or a system. They work within the confines of an agreement made between themselves and a customer before any action is taken.

Question 104

Cracker

Answer 104

Malicious hacker who is motivated by personal gain or destructive purposes outside the interests of the system owner,

Question 105

Get Out Of Jail Free Card

Answer 105

The contract that defines the permission and authorization given to a security professional conducting a Pen Test and defines the confidentiality and the scope.

Question 106

Tiger Team

Answer 106

A group of people working to address a specific problem or goal. Ethical hackers are sometimes part of a Tiger Team. In IT, a tiger team is usually composed of skilled hackers who will seek to penetrate a network or other tech environment for the purposes of improving security and closing security loopholes.

Question 107

Penetration Test

Answer 107

A clearly defined, full-scale test of the security controls of a system or network in order to identify security risks and vulnerabilities. Has three phases, preparation, assessment and conclusion.

Question 108

PENTEST Preparation Phase

Answer 108

Defines the time period during which the Pentest contract is hammered out. The scope of the test, the types of attacks allowed and the individuals assigned to perform the activity are agreed upon.

Question 109

PENTEST Assessment Phase

Answer 109

Also known as the security evaluation phase or the conduct phase - the actual assaults on the security controls.

Question 110

PENTEST Conclusion Phase

Answer 110

Also known as post-assessment phase - defines the time when final reports are prepared for the customer detailing the findings of the tests and providing recommendations to improve security.

Question 111

Black Box Testing

Answer 111

The ethical hacker has no knowledge of the Target of Evaluation (TOE) so as to simulate an outside, unknown attacker. Takes the most time to complete and is the most expensive. It emphasizes outside attack and does not take into account any trusted users on the inside.

Question 112

White Box Testing

Answer 112

The ethical hacker has full knowledge of the network, system and infrastructure they are targeting. This facilitates quicker testing and less expensive. Designed to simulate a knowledgeable internal threat such as a disgruntled network admin or other trusted user.

Question 113

Gray Box Testing

Answer 113

The ethical hacker has partial knowledge and assumes an insider threat and privilege escalation.

Question 114

Health Insurance Portability and Accountability Act (HIPAA)

Answer 114

Addresses privacy standards with regard to medical information. Has five subsections: Electronic Transaction and Code Sets, Privacy Rule, Security Rule, National Identifier Requirements, Enforcement.

Question 115

Sarbanes-Oxley Act

Answer 115

Created to make corporate disclosures more accurate and reliable in order to protect the public and investors from shady behavior. Has 11 titles that handle everything from what financials should be reported to protecting against auditor conflicts of interest and enforcement for accountability.

Question 116

Open Source Security Testing Methodology Manual (OSSTMM)

Answer 116

Peer-reviewed formalized methodology of security testing and analysis that can provide actionable information to measurably improve your operational security. Defines three types of compliance:
Legislative,
Contractual and
Standards Based.

Question 117

Payment Card Industry Data Security Standard (PCI-DSS)

Answer 117

A security standard for organizations handling credit cards, ATM cards and other point-of-sale cards that apply to all entities involved in the payment process. Consists of 12 requirements:

1. Install and maintain firewall configuration to protect data.
2. Remove vendor-supplied default passwords and other default security features
3. Protect stored data
4. Encrypt transmission of cardholder data
5. Install, use and update antivirus
6. Develop secure systems and applications
7. Use “need to know” as a guideline to restrict access to data
8. Assign a unique ID to each stakeholder
9. Restrict any physical access to the data
10. Monitor all access to data and network resources
11. Test security procedures and systems regularly
12. Create and maintain an information security policy

Question 118

Control Objects for Information and Related Technology (COBIT)

Answer 118

Created by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). Is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development, good practice, and emphasizes regulatory compliance and helps security architects figure out and plan minimum security requirements for their organizations. Categorizes control objectives into the following domains:

1. Planning and Organization
2. Acquisition and Implementation
3. Delivery and Support
4. Monitoring and Evaluation

Question 119

ISO/IEC 27001:2013

Answer 119

Provides requirements for creating, maintaining and improving organizational Information Security systems.

Question 120

Criminal Law

Answer 120

Body of rules and statutes that define conduct prohibited by the government because it threatens and harms public safety and welfare and that establishes punishment to be imposed for the commission of such acts.

Question 121

Civil Law

Answer 121

A body of rules that delineates private rights and remedies as well as governs disputes between individuals in such areas as contracts, property, and family law, distinct from criminal law.

Question 122

Common Law

Answer 122

Law based on societal customs and recognized and enforced by the judgments and decrees of the court.

Question 123

PDU at the Data Link Layer

Answer 123

Frame