Exam Study Cards Flashcards

1
Q

What are the primary objectives/goals of security?

A

To maintain confidentiality, Integrity, Availability (CIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is confidentiality?

A

Confidentiality means that objects should not be disclosed to subjects that do not have authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is integrity?

A

Integrity means that data/objects remain unchanged and are not intentionally altered by unauthorized subjects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is availability?

A

Availability means that the subjects that are authorized have consistent and uninterrupted access to objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the CIA triad?

A

The CIA triad contains the concepts of confidentiality, integrity, and availability, which are the three vital principles of security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is identification and how does it work?

A

Identification is what a subject has to provide to a system in the first step of gaining authentication, authorization and accountability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is authentication and how does it work?

A

Authentication means to verify that the identity entered into the system is valid. Information (password) is entered by the subject after providing identification (login ID) and the two must correspond to each other to gain access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is security governance?

A

Security governance is the collection of practices related to defining, guiding, and supporting organizational security efforts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is auditing and how does it work?

A

Auditing is the systematic way for subjects to be held accountable for any actions they performed as authorized users of a system. Auditing detects unauthorized or nefarious activities on a system. Auditing also keeps track of attempted intrusions and any system failures/outages. Because of its tracking mechanisms, auditing can produce logs and analysis of those logs as well as provide them for prosecution evidence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is accountability?

A

Accountability holds subjects accountable for their actions. Accountability can only successfully work once identity is authenticated. Security policies need accountability in order to be enforced.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is nonrepudiation?

A

This ensures that a subject cannot deny that they performed an action or an event occurred.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What kind of plans are included in security management and what do they do?

A

Strategic plans - long-term and stable, defining the goals, missions, and objectives of the organization.

Tactical plans - mid-term plans that are formed to provide a more detailed account on how to accomplish the goals in the strategic plan.

Operational plans - short-term and very detailed and concise plans that revolve around strategic and tactical plans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is data remanence?

A

This is the data that was deleted but actually ends up remaining until it is overwritten.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What can you do to eliminate residual data that still remains after it was deleted?

A
Clearing
Purging
Degaussing
Overwrite with 1's and 0's
Destruction
Encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the most valuable asset to an organization?

A

People. Any risk that involves the loss of life is the highest risk and must be mitigated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is ROI?

A

The amount of money saved by implementing a safeguard. If the annual total cost of ownership (TCO) than the annual loss expectancy (ALE), this equates to a positive ROI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the objectives/goals of information risk management?

A
  1. Identify assets and their value
  2. Identify the vulnerabilities and threats to the assets
  3. Quantify the probability and business impacts of potential threats (risks)
  4. Determine the needs
  5. Deploy a positive ROI safeguard
  6. Monitor and evaluate systems and practice
  7. Promote and spread security awareness
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does encryption provide?

A

Confidentiality by denying unauthorized reads.
Authenticity by validating the source of the message to ensure the sender is who they proclaim to be.
Integrity by denying unauthorized writes AND assurance that the message was not modified.
Non-repudiation by establishing that a subject cannot deny performing an action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is Kerckhoff’s Principle?

A

Principle that maintains that only the key should be kept secret while algorithms are publicly known.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is a unbreakable cipher?

A

A one-time pad.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is hybrid encryption?

A

Using symmetric to encrypt messages and asymmetric to encrypt the symmetric key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is a digital certificate?

A

A public key signed with a digital signature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is HMAC?

A

HMAC (Hashed Message Authentication Code) gives integrity and authenticity by combining symmetric encryption with hashing. It is used by IPSec.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is an APT group?

A

An APT (Advanced Persistent Threat) group has the ability to coordinate very sophisticated attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is TPM?

A

TPM (Trusted Platform Module) is a hardware encryption method that uses a storage root key. Typically used to encrypt hard drives on laptops.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is redundancy?

A

A method used to prevent data loss on a server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is a white box tester?

A

A tester that has full authorized access to product documentation, including the code and data structures used by the application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is a black box tester?

A

A tester that does not have access to product documentation or any prior experience with an application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is a secure DNS zone transfer?

A

A mechanism that prevents attackers from downloading data that maps IP addresses to devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is a cognitive password?

A

A password that an attacker is able to form/gain based on personal identifying information(PII) posted on social media websites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is PAT?

A

PAT (Port Address Translation) is the protocol that allows internal computers to share one public IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is virtualization?

A

A method that allows multiple servers to operate on a single physical server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is SNMP?

A

SNMP (Simple Network Management Protocol) is used to manage and monitor switches and routers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What are methods to detect changes in files?

A
  1. MD-5 (Message Digest 5)
  2. SHA (Secure Hash Algorithm)
  3. HMAC ( Hash-based Message Authentication Code)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What is CRL?

A

CRL (Certificate Revocation List) is a list that identifies revoked certificates and is unrelated to sharing encryption keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What is NDP?

A

NDP (Neighborhood Discovery Protocol) is used by IPv6 to resolve IPv6 addresses to media access control (MAC) addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is RADIUS?

A

RADIUS (Remote Authentication Dial-In User Service) is an authentication service for remote users and devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is Diameter?

A

Diameter is an authentication service for remote users and devices. It is more secure than RADIUS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What is ECDHE?

A

ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) allows negotiation of encryption keys securely over a public network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What is a WPA cracking attack?

A

WPA (Wi-fi Protected Access) attack is the method of capturing traffic and performing an offline brute force attack to discover/steal the encryption key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What is a WPS attack?

A

An attack that uses brute force attack but does not need to wait for an authorized client to connect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is a initialization vector attack?

A

An attack that often uses packet inject techniques to generate more traffic in WEP attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What is full-device encryption?

A

Encryption that can be implemented to safeguard confidentiality of data if a mobile device is lost of stolen.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What is application whitelisting?

A

A method that identifies and lists authorized software and prevents users from installing or running any other software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is a yagi antenna?

A

A high-gain directional antenna with a very narrow radiation pattern. It is a desired choice for providing connectivity between two buildings without running any physical mediums (cables).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What is Blowfish?

A

A symmetric block cipher that provides strong encryption for processing payment card data. Works very fast.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

How is ALE calculated?

A

ALE = SLE x ARO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What is the most important purpose of classifying information?

A

To identify security classifications for sensitive data and define the requirements to protect that sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

How is the classification of data determined?

A

Based on its value to an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What is purging?

A

Removing all data by writing over existing data multiple times to ensure data cannot be recovered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Why is sanitization likely to be unreliable?

A

Because personnel can perform the purging, degaussing, or other processes improperly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What is destruction?

A

The most secure method of eliminating data on optical media (DVD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What is the problem with remanence?

A

It does not completely eliminate data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What is SSH?

A

A secure alternative for connecting to a remote server for administration. It encrypts data transmitted over a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What are the duties of a data custodian?

A

To perform day-to-day tasks to protect the CIA of data as directed by senior management by doing backups, verifying data integrity, implementing security solutions and managing storage by classification label.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What is Bcrypt?

A

Encryption method based on Blowfish that encrypts passwords on Linux by adding 128 additional bits as a SALT to combat against rainbow table attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What are the “Rules of Behavior”?

A

Rules that identify appropriate use and protection of data. This applies to subjects/users, not systems or security controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What is DNS?

A

DNS (Domain Name System/Server) is used to translate IP addresses into hostnames and hostnames into IP addresses. Used mostly on internet and networks.

59
Q

What is DHCP?

A

DHCP (Dynamic Host Configuration Protocol) is used to dynamically assign the IP address to the network computers and devices. Automatically assigns static and dynamic IP addresses.

60
Q

What are ACL rules?

A

ACL (Access Control Rules) provide rule-based management for the router and control inbound and outbound traffic.

61
Q

What do ACLs do?

A

Provide basic packet filtering on routers. They filter packets based on IP addresses, ports, and protocols such as ICMP and/or IPSec.

62
Q

What does a router do?

A

A router, which is a networking device connects multiple network segments together into a single network and routes traffic between the segments.

63
Q

Does a router pass broadcasts?

A

No, it efficiently reduces traffic on a single segment.

64
Q

What is the relationship between routers and ACLs?

A

Routers have ACLs that have rules to designate what traffic is allowed and what traffic is denied.

65
Q

What does a VLAN do?

A

A VLAN (virtual local area network) uses a switch to group several different computers into a virtual network based on departments, job function, or administrative needs.

66
Q

What is the purpose of port security?

A

To limit the number of computers that can connect to the ports on a switch and disable unused ports and also limit the amount of MAC addresses per port. Advanced port security: restrict each physical port to a specific MAC address.

67
Q

What kind of physical security do switches provide?

A
  1. Have a console port that administrators can use to monitor all traffic in or out of the switch.
  2. Kept in a secure area such as a locked wiring closet, and therefore away from potential attackers.
68
Q

What is a switch?

A

A networking device that has the ability to learn which computers are attached to each of its physical ports. The knowledge is then used to create internal switched connections when two computers communicate with each other. This increases network efficiency.

69
Q

What is the general security benefit of a switch?

A

If an attacker installed a sniffer on a computer attached to another port, the sniffer is not able to capture unicast traffic transmitting thru the switch.

70
Q

Any traffic sent across the wire in cleartext is subject to sniffing attacks with a protocol analyzer. How can this be combatted?

A

Encrypt the data or replace all hubs with switches to limit the amount of traffic that reaches any computer. This reduces the risk of a sniffing attack.

71
Q

What is a hub?

A

A networking device that has multiple physical ports used to provide basic connectivity to multiple computers. Usually has between 4 and 32 physical ports and is not intuitive; whatever goes in one port goes out on all ports on the hub.

72
Q

What is the risk with a hub?

A

If an attacker installs a protocol analyzer (sniffer) on a computer connected to a hub, the sniffer captures all traffic on the hub.

73
Q

What ports does NETBIOS run on?

A

137, 138, and 139.

74
Q

What port does IMAP4 run on?

A

143.

75
Q

What port does LDAP run on?

A

389.

76
Q

What port does HTTPS run on?

A

443

77
Q

What port does SMTP SSL/TLS run on?

A

465

78
Q

What port does IPSec run on?

A

500 (UDP)

79
Q

What port does LDAP/SSL run on ?

A

636

80
Q

What port does LDAP/TLS run on?

A

636

81
Q

What port does IMAP SSL/TLS run on?

A

993

82
Q

What port does POP SSL/TLS run on?

A

995

83
Q

What port does L2TP run on?

A

1701 (UDP)

84
Q

What port does PPTP run on?

A

1723

85
Q

What port does Remote Desktop Protocol (RDP) run on?

A

3389 (TCP/UDP)

86
Q

What port does MS SQL Server run on?

A

1433

87
Q

What port does FTP Data (Active) run on?

A

20

88
Q

What port does FTP Control run on?

A

21

89
Q

What port does SSH run on?

A

22

90
Q

What port does SFTP run on?

A

22 (uses SSH)

91
Q

What port does SCP run on?

A

22 (uses SSH)

92
Q

What port does Telnet run on?

A

23

93
Q

What port does SMTP run on?

A

25

94
Q

What port does TACACS+ run on?

A

49

95
Q

What port does DNS (name queries) run on?

A

53 (UDP)

96
Q

What port does DNS zone transfers run on?

A

53 (TCP)

97
Q

What port does TFTP run on?

A

UDP 69

98
Q

What port does HTTP run on?

A

80

99
Q

What port does Kerberos run on?

A

88 (UDP)

100
Q

What port does POP3 run on?

A

110

101
Q

What port does SNMP run on?

A

161 (UDP)

102
Q

What port does SNMP (trap) run on?

A

162 (UDP)

103
Q

What does a vulnerability scanner do?

A
  1. Identify vulnerabilities.
  2. Identify misconfigurations
  3. Passively test security controls
  4. Identify lack of security controls
104
Q

What is a virus?

A

A form of malicious code that infects systems and then spreads copies of itself based on a mechanism that connects it to another system (opening a file, etc). CANNOT spread itself, it relies on a user action.

105
Q

What is a trojan horse?

A

A form of malicious code that disguises itself in apparently useful applications.

106
Q

What is a logic bomb?

A

A form of malicious code that triggers on a particular condition (all files deleted scheduled to be deleted a particular time)

107
Q

What is a worm?

A

A form of malicious code that is self-replicating.

108
Q

What is Java and Active X Control?

A

A form of malicious code that automatically executes when sent via email.

109
Q

What is spoofing?

A

The act of making data (email) appear as though it were sent from someone else.

110
Q

What is a man-in-the-middle attack?

A

An attack that intercepts traffic between two systems and uses a third system to pretend to be one of the others.

111
Q

What is a replay attack?

A

Data is intentionally captured to later impersonate one of the parties in the session.

112
Q

Can a replay attack happen on wired or wireless networks?

A

It can happen on BOTH types of networks.

113
Q

How can replay attacks be thwarted?

A

By using timestamps and sequence numbers. Kerberos helps with timestamped tickets

114
Q

What is a brute force attack?

A

An attempt to guess all possible character combinations to form a password and gain unauthorized access.

115
Q

How can a brute force attack be protected against?

A

With account lockout policies and complex passwords of sufficient length.

116
Q

What is a dictionary attack?

A

An attack that uses a dictionary of words and basically attempts to use every word in the dictionary to see if it works. The dictionaries include many of the common passwords that uninformed users improperly configured for their own accounts.

117
Q

How can a dictionary attack be combatted against?

A

With the use of complex passwords that are unlikely to be in a dictionary.

118
Q

What are password hashes?

A

What most systems store instead of the actual password.

119
Q

What is a hybrid attack?

A

An attack that uses a combination of two or more attacks to crack a password.

120
Q

What is a rainbow table attack?

A

An attack that attempts to discover the password from the hash.

121
Q

What is a birthday attack?

A

A theory that states that for any random group of 23 people, there is a 50% chance that two of them have the same birthday based on mathematical probability.

122
Q

What is SALT and what does it do?

A

A method in which a set of random data with a few additional characters that is added to passwords prior to hashing to combat password attacks.

123
Q

What are logical access controls?

A

Controls that are implemented through technologies such as group policy and account management tools. The intent is to control access to the logical network.

124
Q

Give examples of logical access controls:

A
  1. Least privilege (also a technical control)
  2. Need to Know
  3. Group policy - implemented on a domain controller within a domain
  4. Password policies
  5. Account Management
125
Q

Give examples of management controls:

A
  1. Risk assessments
  2. Vulnerability assessments
  3. Penetration Testing
126
Q

Give examples of operational controls:

A
  1. Awareness and training for users
  2. Configuration and change management
  3. Contingency planning
  4. Media protection - (USB drives, external/internal drives, backup tapes)
  5. Physical and environmental protection
127
Q

What is the goal of preventive controls?

A

To attempt to prevent an incident from occurring.

128
Q

What is the goal of detective controls?

A

To attempt to detect incidents after they have occurred.

129
Q

What is the goal of corrective controls?

A

To attempt to reverse the impact of an incident?

130
Q

What is the goal of deterrent controls?

A

To attempt to discourage individuals from causing an incident.

131
Q

What is the goal of compensating controls?

A

To provide an alternative when a primary control cannot be used.

132
Q

What is PAP?

A

PAP (Password Authentication Protocol) uses a password or PIN for authentication.

133
Q

What is CHAP?

A

CHAP (Challenge Handshake Authentication Protocol) uses a handshake process when authenticating clients and is more secure than PAP.

134
Q

What is the purpose of technical controls?

A

To use technology to reduce vulnerabilities.

135
Q

What is HOTP?

A

HOTP is a HMAC-based one-time password algorithm that creates a one-time use password that does not expire.

136
Q

What is TOTP?

A

TOTP is a time-based one-time password algorithm that creates a one-time password that expires after 30 seconds.

137
Q

What is Cross-Site Scripting (XSS)?

A

An attack method where attackers embed malicious HTML or Javascript code into an email or website error message. When the user responds to the email or error message, the code is executed. Code can also be embedded where HTML tags can be entered.

138
Q

What can be done to protect against cross-site scripting?

A

Input validation at the server level.

139
Q

Who does security management start and end with?

A

Senior management is ultimately and always responsible for security management.

140
Q

What are the requirements for security management?

A
  1. Scope must be concisely defined.
  2. Goals must be identified.
  3. Evaluation of business objectives, security risks, user productivity, and functionality requirements must be performed and managed regularly.
  4. Assets and their value must be identified.
  5. Policies, procedures, standards, and guidelines/baselines MUST be implemented and enforced.
  6. Overall: CIA must be provided and protected.
141
Q

What is the purpose of vulnerability testing?

A

To evaluate systems/networks against a predefined list of vulnerabilities that may include system misconfiguration, outdated software, missing patches.

142
Q

What are the goals of penetration testing?

A

Primary: to simulate an attack to evaluate the risk characteristics of an environment.

Secondary: to test the organizational incident response.

143
Q

What is the goal of security awareness training?

A

To inform and teach so people can be aware, resulting in modified behavior.

144
Q

What is the purpose of exchanging beginning sequence numbers during the connection in the TCP client-server model?

A

To ensure that any data lost during data transfer can be retransmitted.