Exam Flashcards

1
Q

The common resources that can be targeted in DoS attacks are ___ and ___ ?

A

The common resources that can be targeted in DoS attacks are network bandwidth (for network) and system resources (like memory and CPU).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Lamport’s one-time password scheme relies on using hash functions that are ___ and ___ .

A

Lamport’s one-time password scheme relies on using hash functions that are one way and collision resistant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Examples of each of the main authentication bases are … ? (Three examples)

A
  1. Something you know (password, PIN, security questions)
  2. Something you have (Security Tokens, smart cards, etc.)
  3. Something you are (Fingerprint, Facial Recognition)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

“Online” and “Offline” attacks differ in that ___.

A
  • Online requires the connection to be active, therefore imposing certain restriction for breaking a password.
  • Offline does not require the connection to be active, therefore has unlimited chances to break the password.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A minimum time between password changes is specified so users ___.

A

So that users do not change their password too often in a short period - which could lead to weaker password choices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Two security properties of cryptographic hash functions are ___ and ___.

A
  1. Collision Resistance - Hard to find two different inputs that produce the same hash.
  2. Preimage Resistance - Difficult to figure out the original input from its hash.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A mechanism capable of distinguishing between humans and computers may be a ___.

A

CAPTCHA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

3 classes of intruders that an IDS may attempt to find are…?

A
  1. Clandestine Users - Individuals who gain unauthorised access to privileged system resources or data.
  2. Masqueraders - Users who access the system by impersonating another legitimate user, often through stolen credentials.
  3. Misfeasor - A legitimate user who has authorised access but uses them in an improper or unauthorised manner.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Two primary properties used in malware classification are ___ and ___.

A
  1. Functionality - What the malware does such as stealing data, encrypting files for ransom or causing system damage.
  2. Propagation Method - How the malware spreads, like through email attachments, infected websites, or network vulnerabilities.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Race conditions can occur when ___ and can result in ___.

A

Race conditions occurs when two or more processes try to change or access the same data at the same time and can result in unpredictable or incorrect behaviour in a system.

It’s like two people trying to edit the same document simultaneously without coordinating. If they don’t take turns properly, they might overwrite each other’s changes or create confusion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Phishing emails are typically sent in bulk because ___.

A

Phishing emails are typically sent in bulk because attackers want to increase the chance of victims falling for the scam.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The Biba model is for the purpose of ___ while BLP is for the purpose of ___.

A

The Biba model is for the purpose of ensuring data integrity, while BLP (Bell-LaPadula) is for the purpose of maintaining data confidentiality.

The Biba model focuses on preventing unauthorized users from modifying sensitive data, thereby ensuring that the information remains accurate and uncorrupted.
The Bell-LaPadula model, on the other hand, is primarily concerned with keeping sensitive information secret and preventing unauthorized access to it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

SYN flooding is an example of ___.

A

Denial of Service attack (Dos).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

To be stateless means ___ and is relevant in the context of ___.

A

To be stateless means each request from a client to a server is treated as completely new, with no memory of past interactions.

It is relevant in the context of client puzzle connection protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What’s the difference between spear phishing and general phishing?

A

Spear Phishing is targeting a specific person.

General Phishing is targeting all victims and expecting some to be fooled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Three types of malware are?

A
  1. Viruses
  2. Trojan Horses.
  3. Worms
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The term “shellcode” refers to ___ and is relevant in the context of ___.

A

“Shellcode” refers to code that hackers use to control a compromised computer system.

It’s important in the context of computer security breaches and attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The difference between logging and auditing is ___.

A

Logging - involves recording detailed information about events and actions in a system.

Auditing - the process of reviewing and analysing these log files to check for anything unusual or important.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A firewall cannot typically protect against ___ or ___.

A
  • Internal Threats: These are threats originating from within an organization, such as a malicious employee. Since firewalls are designed to monitor and control incoming and outgoing network traffic, they are less effective against threats that originate inside the network.
  • Social Engineering Attacks: These are techniques that trick people into revealing sensitive information or performing certain actions. Since these attacks exploit human vulnerabilities rather than technical ones, firewalls, which focus on network traffic, cannot prevent them.
20
Q

The purpose of sanitisation in the context of auditing is to ___.

A

The purpose of sanitization in the context of auditing is to hide or delete sensitive information from data to protect privacy while still allowing the data to be reviewed or analyzed.

21
Q

Part B

Describe two distinct types of attack against password systems and the countermeasures against each of those attacks.

A

Brute Force Attack - The attacker trying every possible password combination until the correct password is found.

Countermeasure - Implement rate limiting where user gets locked out after certain amount of failed attempts.

Phishing Attack - The attacker tricks a user into revealing their password.

Countermeasure - Educating the dangers of phishing and how to recognise it. In addition, use 2FA for extra layer of security.

22
Q

Part B

Describe two general “good practices in coding”. For each of them explain why they are appropriate and give an example off what could go wrong if that practice is not followed.

A
  1. Never store secrets in code :

Importance - Keeping passwords or keys in code is risky because if somebody gets the code, they get the secrets too.

Risk of not following - If a sensitive API is stored in the code, and leaked, the attacker can use this API to interact with the 3rd party services leading to incurred cost or accessing restricted data.

  1. Set default to deny instead of default to allow :

Importance - This means only giving access when necessary and not letting anyone has access unless they’re specifically granted.

Risk of not following - If default is set to allow, someone could easily access things they shouldn’t.

23
Q

Part B

Explain what tailored attacks are. Give some specific examples in two different domains and explain how they perform relative to the others attacks in those domains.

A
  1. Corporate Espionage.

Example - An attacker might gather detailed information about a company’s IT infrastructure and employee habits. The attacker then spear phishes specific employees with high levels access, using information they gathered to form believable scams for the target to fall into.

Performance relative to other attacks - Tailored attacks in corporate settings are typically more successful than generic attacks because they use specific gathered information to bypass security measures and exploit human vulnerabilities effectively.

  1. Government or Political Targeting.

Example - A state-sponsored group might conduct a tailored attack against another government’s infrastructure, like targeting a specific power grid or election system. They would use knowledge about the system’s architecture and possibly even insider information to create a precise, damaging attack.

Performance Relative to Other Attacks - In the realm of government or political systems, tailored attacks can be more dangerous than widespread attacks because they are designed to undermine specific, critical functions or to gather highly sensitive information, often going undetected for longer periods due to their sophisticated and targeted nature.

24
Q

Part C

Explain how Unix protects user passwords

A

Unix protects password using a layered approach.

  1. Passwords are hashed.
  2. Salting is then added to ensure each password hash is unique.
  3. The password file is then stored securely so that it’s not easily accessible to unauthorised users.
  4. File permissions restricts access to the password file to root or privileged processes.
25
Q

What is a malware that reproduces?

A

A Virus

26
Q

Inference is the derivation of ___ from ___.

A

Inference is the derivation of sensitive information from non-sensitive, typically aggregate data.

27
Q

Error-based SQL injection uses ___.

A

Error-based SQL injection uses Error messages thrown by the database server to obtain information about the structure of the database.

28
Q

The principle of least privilege implies we should ___ .

A

The principle of least privilege implies we should grant users only the access necessary to perform their duties.

29
Q

The common ground between misfeasors and masqueraders is that both ___.

A

Both have the password for a legitimate account.

30
Q

What is the Biba mandatory rule?

A

No read down, no write up.

31
Q

DoS amplification is characterised by ___.

A

DoS amplification is characterized by using a small initial input to generate a large amount of traffic.

32
Q

Explain the relevance of false positives and false negatives in the context of intrusion detection. Give an example of each.

A

False Positive : It is when the system wrongly identifiers normal activity as an attack. For example, the security system flags an employee for downloading a large file for work as a potential data theft.

False Positive : It is when the system does not recognise an attack, thinking it is normal activity. For example, the system thinks everything is ok when the hacker’s methods were stealthy and disguised as normal traffic.

33
Q

Briefly explain the idea of rainbow tables and what they are used for?

A

Rainbow tables are a tool used to crack passwords by reversing the hashing process.

Hackers use them to quickly find a password if they already have its hashed version.

The purpose is to reverse the hash function and finding the original password from a hash.

34
Q

Why could using the same password on multiple sites be a problem?

A

Using the same password on multiple sites can be a problem because if an attacker successfully guesses the correct password on one site, the attacker can then use that same password on another site, which if it’s the same password, can grant the attacker access.

35
Q

Describe how virus and worm propagation differs?

A

Virus propagates by attaching itself to legitimate programs or files. This requires user interaction to spread.

A worm replicates itself to spread to other computers, usually without any human interaction.

36
Q

Describe two methods we might use to detect a trojan horse. Explain when each would be appropriate.

A
  1. Signature-based detection - This uses a database of known trojans signatures to scan and compare. If a match is found, the system flags it as a potential trojan.
  2. Behavioural Analysis - This method analyses the behaviour of a program/system. If there is unusual activity, the system flags it as a potential trojan.
37
Q

What is ransomware and what does it attempt to do?

A

Ransomware is malware that encrypts a user’s files, then demands payment for the decryption key. It’s a way for attackers to extort money by holding the victim’s data hostage.

38
Q

What is a Trojan horse malware?

A

A trojan is a type of malicious software that disguises itself as a legitimate program to deceive users into installing it. Once installed, it can perform a range of harmful actions such as stealing data.

39
Q

What is a honeypot?

A

A honeypot is a cybersecurity mechanism designed to mimic one or more aspects of a computer system such as servers, networks or applications.

Its primary role is to attract cyber attackers and serve as a decoy to lure attackers away from legitimate systems while gathering information about attacker methods and behaviour.

40
Q

Describe a typical deceptive phishing process.

A

A deceptive phishing is the most common type of phishing scam.

In this process, an attacker impersonates a legitimate entity and trick individuals into revealing sensitive information such as their account username and passwords, credit card numbers etc.

For example
1. Impersonation: Attacker poses as a trusted entity via email.
2. Urgency: Email prompts immediate action, creating urgency.
3. Fake Link: Email contains a link to a counterfeit website.
4. Data Entry: Victim enters personal information on the site.
5. Data Theft: Attacker harvests data and may redirect to a real site to avoid suspicion.

41
Q

Describe three components of a virus.

A
  1. Infection mechanism - This is how the virus enters and spreads in a system.
  2. Payload - This is the malicious actions that the virus performs like deleting files or stealing data.
  3. Trigger - This is a specific condition or event that activates the virus’ payload.
42
Q

Name and describe the two types of errors that occur in authentication systems.

A
  1. False Positive - An example would be the system incorrectly accepts an unauthorised user entry into the system, thinking it is a legitimate user.
  2. False negative - An example would be the system wrongly rejects or fails to recognise an authorised user, denying them access.
43
Q

One type of malware that reproduces is…?

A

Worm

44
Q

Password registration typically involves a user entering a password twice because ___.

A

Passwords are entered twice to ensure that the passwords are correctly entered and to avoid typing errors. If the two entries do not match, there must be a typo in either password.

45
Q

The principle of least privilege implies we should ___.

A

The principle of least privilege implies we should only grant users only the access and permissions that are necessary to perform their duties or tasks.

This means by default, access should be to “deny” and not “allow”.

46
Q

External traffic in a honeypot can all be usefully analysed because ___.

A

External traffic in a honeypot can all be usefully analysed because it is assumed that any interactions with a honeypot are likely to be malicious or unauthorised as honeypots are decoys used to attract attackers and capture their activities.

47
Q

Two types of activity we would expect to log in a computer system are ___ and ___.

A
  1. User authentication attempts.
  2. System changes.