Exam Prep (DION)

Question 1

What port does the Trivial File Transfer Protocol (TFTP) use?

Answer 1

TFTP uses port 69.

Question 2

What port does the Simple Mail Transfer Protocol (SMTP) use?

Answer 2

SMTP uses port 25.

Question 3

What port does the Hypertext Transfer Protocol (HTTP) use?

Answer 3

HTTP uses port 80.

Question 4

What port does the Domain Name Service (DNS) protocol use?

Answer 4

DNS uses port 53.

Question 5

What is Network Access Control (NAC) and what is its primary function?

Answer 5

Network Access Control (NAC) uses protocols to define and implement a policy for securing access to network nodes when a device initially attempts to access the network. It’s focused on controlling access to a network by enforcing security policies.

Question 6

What is the role of a Security Information and Event Management (SIEM) system?

Answer 6

A SIEM system provides real-time analysis of security alerts generated by applications and network hardware.

Question 7

How does an access control list differ from NAC in managing network access?

Answer 7

An access control list defines what ports, protocols, or IP addresses can be used, but unlike NAC, it cannot distinguish between different users or device types accessing the network.

Question 8

Why is MAC filtering insufficient compared to NAC?

Answer 8

While MAC filtering can allow or deny network access, it cannot control which network resources are accessible from a single ethernet port, unlike NAC.

Question 8

How does dual control differ from separation of duties?

Answer 8

Dual control requires two or more people to perform a critical action together, simultaneously. It’s often used in high-security situations.

Question 9

What is the concept of separation of duties in an organization?

Answer 9

Separation of duties is a security concept where more than one person is required to complete a task.

Question 10

What is the purpose of mandatory vacation policies in an organization?

Answer 10

Mandatory vacation policies require employees to take time away from their jobs. This practice helps in detecting fraud or malicious activities that might be easier to spot in the absence of the employee who is on leave.

Question 11

What is a Community Cloud in the context of cloud computing?

Answer 11

A Community Cloud is a form of cloud computing where the cloud infrastructure is shared among different organizations that belong to the same community or have similar computing concerns.

Question 12

What are the security vulnerabilities of Telnet that make it insecure?

Answer 12

Telnet is considered insecure because it transmits all data in plain text, including sensitive information such as usernames, passwords, commands, and data files. This lack of encryption makes it vulnerable to eavesdropping and interception, as unauthorized parties can easily access unencrypted data transmitted over the network.

Question 13

What is the purpose of traceroute/tracert commands?

Answer 13

Traceroute and tracert are diagnostic tools used to display packet routes and measure delays in IP networks. Traceroute uses ICMP, not TCP, for its analysis.

Question 14

What is Broadcast ping and its limitation?

Answer 14

Broadcast ping sends pings to a subnet’s broadcast IP. Its limitation is that if a regular ping fails, broadcast ping will also be ineffective.

Question 15

What is Ptunnel?

Answer 15

Ptunnel is an application that tunnels TCP connections via ICMP echo requests and replies.

Question 16

Why are authenticated scans important in internal network assessments?

Answer 16

Authenticated scans accurately assess vulnerabilities due to deeper access, crucial in uniform enterprise networks.

Question 17

Why are uncredentialed scans less effective for vulnerability detection?

Answer 17

Uncredentialed scans lack deep system access, missing many vulnerabilities due to limited permissions.

Question 18

What is a limitation of the Lockheed Martin cyber kill chain model?

Answer 18

The Lockheed Martin model assumes a unidirectional attack flow, overlooking the possibility of an adversary retreating during an attack.

Question 19

How do MITRE, Diamond, and AlienVault models differ from the Lockheed Martin model?

Answer 19

MITRE and Diamond offer more dynamic systems, accommodating a broader range of adversary behaviors. AlienVault was designed to overcome the rigidity of the Lockheed Martin model.

Question 20

Why is patching not effective against zero-day threats?

Answer 20

Zero-day threats exploit unknown flaws, with no available patches at the time of discovery, making traditional patching ineffective.

Question 21

What strategies can protect against zero-day attacks?

Answer 21

To mitigate zero-day attacks, use network segmentation, application whitelisting, and threat intelligence for enhanced defense.

Question 22

Why is patching not effective against zero-day threats?

Answer 22

Zero-day threats exploit unknown flaws, with no available patches at the time of discovery, making traditional patching ineffective.

Question 23

What strategies can protect against zero-day attacks?

Answer 23

To mitigate zero-day attacks, use network segmentation, application whitelisting, and threat intelligence for enhanced defense.

Question 24

How can you determine if SSH is operating from nmap scan results?

Answer 24

Check if port 22 is open. SSH operates over port 22, so its absence in open ports indicates SSH is not active.

Question 25

What ports indicate the operation of web servers?

Answer 25

Web servers use port 80 for HTTP and 443 for HTTPS. Their presence in nmap results signifies active web services.

Question 26

Which ports are used by database servers and what do they indicate?

Answer 26

Port 1433 is used by Microsoft SQL and 3306 by MySQL. Their open status in nmap results points to active database services.

Question 27

How to identify if Remote Desktop Protocol is in use from nmap results?

Answer 27

Check for port 3389. If it’s open, it indicates that Remote Desktop Protocol is being used.

Question 28

What is the function of a network tap and how does it operate?

Answer 28

Network taps capture a copy of network traffic for analysis, offering passive monitoring without affecting the traffic flow.

Question 29

How does active monitoring differ from using network taps?

Answer 29

Active monitoring, unlike network taps, involves scanning systems or analyzing router logs and SNMP data, directly interacting with network devices.

Question 30

What should you understand from a Snort IDS rule’s flow condition and its implications?

Answer 30

The flow condition “to_client, established” means the rule analyzes only inbound traffic for already established connections. The alert triggers if an inbound TCP packet meets all listed conditions.

Question 31

What does the rule header of a Snort IDS rule indicate about the type of packets to be alerted?

Answer 31

The rule header specifies the packet type to be monitored. In this case, it’s set to alert only on TCP packets.

Question 32

What is a directory traversal attack and how is it executed?

Answer 32

A directory traversal attack accesses files outside the webroot folder by using “../” sequences or absolute paths, potentially reaching critical system files.

Question 33

What is a buffer overflow exploit?

Answer 33

A buffer overflow occurs when data exceeds a buffer’s boundary, overwriting adjacent memory, potentially leading to system compromise.

Question 34

What is XML Injection?

Answer 34

XML Injection manipulates or compromises the logic of an XML application by injecting malicious code into its structure.

Question 35

What is SQL Injection?

Answer 35

SQL Injection involves placing malicious code in SQL statements through web page input, exploiting database vulnerabilities.

Question 35

What are the key components of endpoint security?

Answer 35

Endpoint security typically includes host-based firewalls, host-based intrusion protection systems (HIPS), and anti-virus software.

Question 36

Why is a VPN not considered an endpoint security tool?

Answer 36

A VPN is categorized as a network security tool rather than an endpoint security tool, as its primary function relates to securing network connections.

Question 37

What risks are associated with unauthorized access to devices?

Answer 37

Unauthorized access, either through unintended connections or stolen devices, can lead to exposure of sensitive data not meant for external viewing.

Question 38

What should every firm have in place for data protection and handling leaks?

Answer 38

Firms should implement data encryption policies and have protocols for managing data leaks to protect sensitive information.

Question 39

What is threat hunting in cybersecurity?

Answer 39

Threat hunting involves proactively searching for evidence of adversarial tactics, techniques, and procedures (TTPs) within a network or system, based on threat research and modeling.

Question 40

What does penetration testing entail?

Answer 40

Penetration testing simulates an attack using active tools to evaluate security, verify threats, test and bypass controls, and exploit system vulnerabilities.

Question 41

What is incident response in the context of cybersecurity?

Answer 41

Incident response is an organized approach to manage the aftermath of a security breach, aiming to limit damage and reduce recovery time and costs.

Question 42

What is Information Assurance (IA)?

Answer 42

Information Assurance (IA) is managing risks related to information use, processing, storage, and transmission, ensuring the integrity and security of data and systems.

Question 43

What is the Time-based One-time Password Algorithm (TOTP) and how does it work?

Answer 43

TOTP is an algorithm that generates a one-time password using a shared secret combined with a timestamp-derived value, ensuring time-limited token validity.

Question 44

How does TOTP improve upon the HOTP algorithm?

Answer 44

Unlike HOTP, TOTP tokens automatically expire after a short period (e.g., 60 seconds), reducing the risk of future token decryption by attackers.

Question 45

How is the Annual Loss Expectancy (ALE) determined?

Answer 45

ALE is the product of SLE and the Annual Rate of Occurrence (ARO). With an SLE of $750 and an ARO of 10, ALE = $750 * 10 = $7,500.

Question 46

How do you calculate the Single Loss Expectancy (SLE)?

Answer 46

SLE is calculated as Exposure Factor (EF) multiplied by Asset Value (AV). For an EF of 5% and an AV of $15,000, SLE = 0.05 * $15,000 = $750.

Question 47

What is Pretty Good Privacy (PGP) and its primary use?

Answer 47

PGP is an encryption program providing cryptographic privacy and authentication, mainly used for securing emails, texts, files, and disk partitions.

Question 48

How does PGP’s cryptographic approach differ from AES, RC4, and 3DES?

Answer 48

PGP is a public-key (asymmetric) cryptosystem, unlike AES, RC4, and 3DES, which are symmetric algorithms relying on shared secret keys.

Question 49

How do you prevent unauthorized access to a service in a specific scenario?

Answer 49

Block port 3389 on the host 71.168.10.45 to deny access to the Remote Desktop Protocol service from any workstation, preventing unauthorized connections.

Question 50

What is secure boot and its primary function in BIOS protection?

Answer 50

Secure boot, a UEFI security system, prevents computer hijacking by malicious OS. It verifies the OS boot loader’s digital signature against stored valid certificates.

Question 51

How does secure boot differ from other security practices?

Answer 51

Unlike other security practices active post-boot, secure boot operates at the system start-up, preventing boot sector or rootkit attacks by verifying boot loader integrity.

Question 52

What is the necessary subnet configuration for an ACL rule to enable SSH access to servers in the DMZ?

Answer 52

Use a /24 subnet for the destination network in the ACL rule to cover all three servers in the DMZ, allowing SSH access from a single source.

Question 53

What is containerization in the context of virtualization?

Answer 53

Containerization is a virtualization method where the host operating system creates isolated environments for running applications, ensuring controlled execution.

Question 54

What is a sandbox in computing?

Answer 54

A sandbox is an isolated computing environment within a host system, used to run applications securely and without affecting the host.

Question 55

What is a jumpbox and its role in network security?

Answer 55

A jumpbox is a secured server that acts as a single access point to other hosts in a network, enhancing control and monitoring of access.

Question 56

What is a honeypot and its purpose in cybersecurity?

Answer 56

A honeypot is a decoy host designed to attract attackers, diverting them from real network components and identifying attack methods and security weaknesses.

Question 57

What port does the Remote Desktop Protocol (RDP) use?

Answer 57

RDP operates over port 3389.

Question 58

What port is used by the Layer 2 Tunneling Protocol (L2TP)?

Answer 58

L2TP operates over port 1701.

Question 59

Which port does the Lightweight Directory Access Protocol (LDAP) use?

Answer 59

LDAP operates over port 389.

Question 60

What port is associated with Kerberos?

Answer 60

Kerberos operates over port 88.

Question 61

What is the Federal Information Security Management Act (FISMA)?

Answer 61

FISMA is a U.S. federal law establishing a framework to protect government information and assets against threats, requiring compliance with security standards by government agencies and associated organizations.

Question 62

What does the Health Insurance Portability and Accountability Act (HIPAA) entail?

Answer 62

HIPAA is a U.S. law providing privacy standards to protect patients’ medical records and health information handled by health plans, doctors, and healthcare providers.

Question 63

What is the Children’s Online Privacy Protection Act (COPPA)?

Answer 63

COPPA is a U.S. law requiring websites and online services targeting children under 13, or collecting data from them, to adhere to specific privacy standards.

Question 64

What is the purpose of the Sarbanes–Oxley Act (SOX)?

Answer 64

SOX is a U.S. law setting requirements for U.S. public company boards, management, and public accounting firms, focusing on corporate governance and financial practices.

Question 65

Why is the single quote character (‘) significant in SQL?

Answer 65

In SQL, single quotes delimit strings. Unescaped single quotes in an application can be exploited to inject additional SQL code, a technique used in SQL injection attacks.

Question 66

What is the role of a Relying Party (RP) in a federation?

Answer 66

Relying Parties (RPs) provide services to federation members, relying on information provided by Identity Providers (IdPs) about user identities.

Question 67

What is an Identity Provider (IdP) and its function?

Answer 67

An IdP provides user identities, asserts identity information, and releases identity holder data within a federation.

Question 68

What is Single Sign-On (SSO) and how does it work?

Answer 68

SSO is an authentication scheme that allows users to log in with a single ID and password across multiple independent software systems in a federation.