Exam Simulation 4 Flashcards
Review sticky points in Exam Simulation 4
What are the differences between open, closed, and filtered network ports?
Open: port is open and an application is accessing it
Closed: port is open but no application is accessing it
Filtered: port is not accessible
What do RAID disk stripping and mirroring mean?
RAID utilises disk stripping and disk mirroring:
Disk stripping: dividing the body of data (volume) into data blocks that are spread across multiple storage devices, such as HDD or SSD (solid-state drives), enabling writes and reads to be completed more quickly.
Disk mirroring: duplicating data on 2 separate storage devices.
What are the differences between RAID0, RAID1, and RAID5?
RAID 0: This configuration has striping, but no redundancy of data. It offers the best performance, but no fault tolerance.
RAID 1: Also known as disk mirroring, this configuration consists of at least two drives that duplicate the storage of data. There is no striping. Read performance is improved since either disk can be read at the same time. Write performance is the same as for single disk storage.
RAID 5: This level is based on block-level striping with parity. The parity information is striped across each drive, allowing the array to function even if one drive were to fail. The array’s architecture allows read and write operations to span multiple drives. This results in performance that is usually better than that of a single drive, but not as high as that of a RAID 0 array. RAID 5 requires at least three disks, but it is often recommended to use at least five disks for performance reasons.
What is ASLR?
Address Space Layout Randomization (ASLR) is primarily used to protect against buffer overflow attacks. ASLR works alongside virtual memory management to randomize the locations of different parts of the program in memory. Every time the program is run, components (including the stack, heap, and libraries) are moved to a different address in virtual memory.
What are SMURF, Fraggle, and Teardrop attacks?
A Smurf attack is a form of a distributed denial of service (DDoS) attack that renders computer networks inoperable. The Smurf program accomplishes this by exploiting vulnerabilities of the Internet Protocol (IP) and Internet Control Message Protocols (ICMP). When combined with IP broadcasting — which sends the malicious packet to every IP address in a network — the Smurf attack can quickly cause a complete denial of service.–A Fraggle Attack is a denial-of-service (DoS) attack that involves sending a large amount of spoofed UDP traffic to a router’s broadcast address within a network. It is very similar to a Smurf Attack, which uses spoofed ICMP traffic rather than UDP traffic to achieve the same goal.–A teardrop attack is a denial-of-service (DoS) attack that involves sending fragmented packets to a target machine. Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IP fragmentation reassembly, the packets overlap one another, crashing the target network device.
What is a companion virus?
Companion viruses are self-contained executable files with filenames similar to those of existing system/program files but with a modified extension. The virus file is executed when an unsuspecting user types the filename without the extension at the command prompt.
What is an example of a DDoS toolkit?
Low Orbit Ion Cannon (LOIC) is a commonly used distributed denial of service (DDoS) attack toolkit. The other three tools mentioned (Satan, Saint, Nmap) are reconnaissance utilities used to map networks and scan for known vulnerabilities.
Which ports are subject to SQL injection attacks?
SQL injection attacks take place over web ports, such as 80 and 443, and not database ports, such as 1433 and 1521
On manual review systems, failure recognition is whose primary responsibility?
The observer or auditor of a manual review system is directly responsible for recognizing the failure of that system.
During what phase of incident response do you collect evidence such as firewall logs?
Evidence collection takes place during the response phase of the incident. Incidents are identified and verified during the detection phase. Compliance with laws might occur during the reporting phase, depending on the incident. Personnel typically perform a root-cause analysis during the remediation phase.
What is a MAA Site?
Mutual assistance agreements are rarely implemented because they are difficult to enforce in the event of a disaster requiring site activation.
What privacy principle requires mechanisms to protect data against loss?
The principle of security requires proper mechanisms to protect data against loss, misuse, and unauthorized disclosure.
Which of the following is an example of a code?
The 10 system is a code used in radio communications for brevity and clarity.
Which of the following security models is most often used for general commercial applications?
Clark-Wilson model. Of the four models mentioned, Biba and Clark-Wilson are most commonly used for commercial applications because both focus on data integrity. Of these two, Clark-Wilson offers more control and does a better job of maintaining integrity, so it’s used most often for commercial applications. Bell-LaPadula is used most often for military applications. Brewer and Nash applies only to datasets (usually within database management systems) where conflict-of-interest classes prevent subjects from accessing more than one dataset that might lead to a conflict-of-interest situation.
In a relational database, what type of key is used to uniquely identify a record in a table and can have multiple instances per table?
A candidate key is a subset of attributes that can be used to uniquely identify any record in a table. No two records in the same table will ever contain the same values for all attributes composing a candidate key. Each table may have one or more candidate keys, which are chosen from column headings.
