Final Exam 2 Flashcards

1
Q

What is a vulnerability

A

A flaw in a system that can be taken advantage of to impact the confidentiality, integrity, or availability of the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is an exploit

A

An attack taking advantage of a vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a zero-day

A

An exploit for a vulnerability that has no fix

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a virus vs a worm

A

Virus - malware that replicates locally, often infecting files
Worm - malware that spreads from system to system automatically

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is adware

A

Malware making money through advertising manipulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is spyware

A

Malware collecting private info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is scareware

A

Malware scaring users with threats to coerce actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does a credential stealer steal credentials?

A

Accesses memory, temporary internet files, keylogging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a rootkit?

A

Malware with admin privileges allowing persistent access to a compromised system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is RAT?

A

Remote Admin Tool, allows remote access to a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Biggest email threat and how it propagates

A

Virus (or worm) sets up a backdoor; propagates via sending spam e-mails that turn systems into “spambots”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is phishing?

A

An attempt to gather sensitive info by masquerading a trustworthy entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Ways of identifying phishing threats/protecting yourself from malware

A
  • incorrect grammar
  • email links
  • email attachments
  • asking for credentials
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is spearphishing

A

Phishing aimed at specific individuals or companies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is SMShing

A

Act of sending fraudulent URL or phone # via SMS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is OWASP

A

Open Web Application Security Project

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is an SQL injection

A

An attack manipulating input and server-side scripts to send malicious SQL commands

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is XSS and two types?

A

A cyber attack utilizing web vulnerabilities to send malicious code to a diff end user
Stored and reflected XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is social engineering?

A

the science of manipulating human beings to take an action or divulge info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the types of info processing

A

“Top down - knowledge driven, based on prev exp, goals/expectations drive perception

Bottom up - used when knowledge is lacking, recognition by components, info driven”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Basic Human Tendencies

A

Reciprocity, social proof, consistency, scarcity, liking, authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Telltale signs of social engineering

A
  • pretending to know publicly available info
  • warnings or inducements of fear/concern
  • unrealistic promises
  • time urgency
  • unverified but “official” info
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Steps of a social engineering attack

A

Research, hook, play, exit

Research - gather info
Hook - contact victim
Play - build trust
Exit

24
Q

What are rings of trust

A

Security architecture in which outer rings possess a lower level of security and systems requiring a higher level of security are found in the inner ring

25
Q

What are ACLs

A

Access Control Lists controlling intercommunication btwn lvls of trust

26
Q

What are the key principles of Zero Trust

A
  • Assume breach of other components
  • Explicit validation of trust
  • Least privilege access
  • Constant and comprehensive monitoring and defense
27
Q

Describe the typical secure topology

A
  1. Perimeter firewall (lies between the public internet and the organization, allows hosts outside to access public facing services such as web, email, and DNS)
  2. Perimeter network (also called DMZ – the area between the perimeter firewall and the internal firewall, hosts providing external services such as web, email, and DNS)
  3. Internal firewall (limits access to internal network)
  4. Internal network (rest of info assets)
28
Q

What is PAM

A

Priviliged Access Management; emphasis on managing and monitoring user access when they request access

29
Q

What is PIM

A

Privileged Identity Management; emphasis on the access a user or application (the “identity”) is granted and what they’re authorized to request

30
Q

What is JIT

A

Just-in-Time Access (Part of a PAM/PIM solution, emphasis on requesting access only when needed, only for the duration of the business need)

31
Q

What might we secure in a business environment

A
  • Disable USB/CD devices and/or booting
  • Enforce password policies
  • Set up server and network device logging
  • Content filter
  • App whitelist
  • BYOD
32
Q

What is DLP

A

Data loss prevention software; detects potential data breaches and prevents unauthorized attempts to copy or send sensitive data, intentionally or unintentionally, even if the person is authorized to access the information

33
Q

How are companies and users worried about BYOD

A

Companies:
- insecure devices on their network hold sensitive data
- controlling and monitoring data on the device
- securing data if device lost

Users:
- personal data loss
- privacy

34
Q

Corporate BYOD Recommendations

A
  • clear, comprehensive policy
  • don’t assume one policy fits all users
  • deploy the right IT infrastructure
35
Q

What is digital forensics?

A

Using court approved methods to acquire, investigate, and present evidence which allows decision makers to act on knowledge

36
Q

What is best evidence

A

An exact copy made of the original digital media

37
Q

What are the Federal Rules of Evidence

A

Government regulations for the admission or exclusion of evidence in most US court proceedings

38
Q

What is the Lockheed Martin Kill Chain

A
  1. Reconnaissance
  2. Weaponization
  3. Delivery
  4. Exploitation
  5. Installation
  6. Command & Control
  7. Actions on Objectives
39
Q

What is intentional evidence and its limitations?

A

Sets of evidence (usually logs) designed to record data for later review
Limitations: log rollover, log configurations, timezones

40
Q

What is unintential evidence and its limitations?

A

Program functionality or behavior designed for another purpose, but from which we can infer or derive relevant data (e.g. jumplists)
Limitations: absence of data not always significant, info can be incomplete

41
Q

What are jump lists?

A

A view of recently accessed or used files and programs

42
Q

What is a breach and how long does it take to detect and contain?

A

A security incident in which unauthorized parties gained access to confidential info; 207 days to detect, 70 days to contain

43
Q

Reasons Info Sec Management is formed later on by companies

A
  • Gov’t req
  • Audit team rec
  • Management thought necessary
44
Q

What is Info Sec Management?

A

Activities relating to protection of info/info assets against risk of loss, misuse, disclosure, or damage and describes controls that org needs to implement to ensure risks are managed

45
Q

Explain why spending more on securing an asset than the intrinsic value of the asset is a waste of resources

A

Security is not concerned with eliminating all threats, but
with eliminating known threats and minimizing losses if an attacker succeeds.

46
Q

What are the 3 stages of an attack?

A

Before, during, after

Before: discover, enforce
During: Detect, defend
After: scope, contain

47
Q

Why implement risk management?

A

Eliminate known threats and minimize losses in case of a successful attack

48
Q

What are some protection mechanisms to secure a network

A
  • Firewalls
  • IDS/IPS
  • Secure passwords
  • MFA
48
Q

What are the types of contingency planning

A

“Incident response - procedure for when infosec incident occurs

Disaster recovery - procedure for when natural/manmade disaster occurs”

49
Q

What is policy

A

Rules setting boundaries of acceptability and consequences in an org

NOT procedure

50
Q

What is Common Law and who uses it

A

legal system developed through decisions of courts and tribunals (case law), rather than through legislative or executive action; used by US, Canada, UK, etc

51
Q

What is US Criminal Code

A

Gov’t is the plaintiff filing a litigious action against a company or individual

52
Q

What is US civil code

A

Wrongs against individuals or companies that result in damages or loss

53
Q

What are the 3 potential roles of computers in an investigation

A
  • Assisted
  • Targeted
  • Incidental
54
Q

What are ethics and their importance

A

Standards of right/wrong behavior; helps distinguish good from harmful, respect, guiding decision making