Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Network+ > General Questions Part 3 > Flashcards

General Questions Part 3 Flashcards

1
Q

Fault tolerance

A

Fault tolerance is the property that enables a system to continue operating properly in the event of the failure of (or one or more faults within) some of its components.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

High availability

A

High availability (HA) always on systems which are always available. High availability systems often have expansive fault tolerance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

NIC teaming

A

NIC teaming allows you to group between one and 32 physical Ethernet network adapters into one or more software-based virtual network adapters. These virtual network adapters provide fast performance and fault tolerance in the event of a network adapter failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

UPS

A

Uninterruptible Power Supply is an electrical apparatus that provides emergency power to a load when the input power source or mains power fails. A UPS differs from an auxiliary or emergency power system or standby generator in that it will provide near-instantaneous protection from input power interruptions, by supplying energy stored in batteries, supercapacitors, or flywheels. The on-battery run-time of most uninterruptible power sources is relatively short (only a few minutes) but sufficient to start a standby power source or properly shut down the protected equipment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Generators

A

Generators are a back-up electrical system that operates automatically. Within seconds of a utility outage an automatic transfer switch senses the power loss, commands the generator to start and then transfers the electrical load to the generator. The standby generator begins supplying power to the circuits. After utility power returns, the automatic transfer switch transfers the electrical load back to the utility and signals the standby generator to shut off. It then returns to standby mode where it awaits the next outage. To ensure a proper response to an outage, a standby generator runs weekly self-tests. Most units run on diesel, natural gas, or liquid propane gas.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Dual-power supplies

A

Dual-power supplies is running two power supplies in parallel with each taking 50% of the load. This provides redundancy if one of them fails and each power supply can handle 100% of the load if needed. These power supplies are hot-swappable so it’s easy to replace a faulty power supply without powering down.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cold site

A

Cold sites are mere empty operational spaces with basic facilities like raised floors, air conditioning, power and communication lines etc. On occurring of an incident and if the operations can do with a little down time, alternate facilities are brought to and set up in the cold site to resume operations. A cold site is the least expensive type of backup site for an organization to operate. It does not include backed up copies of data and information from the original location of the organization, nor does it include hardware already set up.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Warm site

A

A warm site is a compromise between a hot and cold cite. These sites will have hardware and connectivity already established, though on a smaller scale than the original production site or even a hot site. Warm sites might have backups on hand, but they may not be complete and may be between several days and a week old. The recovery will be delayed while backup tapes are delivered to the warm site, or network connectivity is established and data is recovered from a remote backup site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Hot site

A

Hot site is a duplicate of the original site of the organization, with full computer systems as well as near-complete backups of user data. Real time synchronization between the two sites may be used to completely mirror the data environment of the original site using wide area network links and specialized software. Following a disruption to the original site, the hot site exists so that the organization can relocate with minimal losses to normal operations in the shortest recovery time. Ideally, a hot site will be up and running within a matter of hours. Personnel may have to be moved to the hot site, but it is possible that the hot site may be operational from a data processing perspective before staff has relocated. The capacity of the hot site may or may not match the capacity of the original site depending on the organization’s requirements. This type of backup site is the most expensive to operate. Hot sites are popular with organizations that operate real time processes such as financial institutions, government agencies and eCommerce providers. The most important feature offered from a hot site is that the production environment(s) is running concurrently with the main datacenter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Incremental Backup

A

Incremental Backup is one in which successive copies of the data contain only the portion that has changed since the preceding backup copy was made. When a full recovery is needed, the restoration process would need the last full backup plus all the incremental backups until the point of restoration. Incremental backups are often desirable as they reduce storage space usage, and are quicker to perform than differential backups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Differential Backup

A

Differential backup is a type of data backup that preserves data, saving only the difference in the data since the last full backup. Since changes to data are generally few compared to the entire amount of data in the data repository, the amount of time required to complete the backup will be smaller than if a full backup was performed every time that the organization or data owner wishes to back up changes since the last full backup. Another advantage, at least as compared to the incremental backup method of data backup, is that at data restoration time, at most two backup media are ever needed to restore all the data. This simplifies data restores as well as increases the likelihood of shortening data restoration time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Recovery

A

Recovery is the mean time to restore (MTTR) mean time to repair.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Taking snapshots

A

Taking snapshots is a recovery method often used in cloud environments. Snapshots can capture the current configuration and data and preserve the complete state of a device, or just the configuration by reverting to a known state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Log management

A

Log Management comprises an approach to dealing with large volumes of computer-generated log messages (also known as audit records, audit trails, event-logs, etc.).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Port scanning

A

Port scanning is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities. Can also discover what OS is being used without logging into a device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Vulnerability scanning

A

A vulnerability scanner is an application that identifies and creates an inventory of all the systems (including servers, desktops, laptops, virtual machines, containers, firewalls, switches, and printers) connected to a network. For each device that it identifies it also attempts to identify the operating system it runs and the software installed on it, along with other attributes such as open ports and user accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Patch management

A

Patch management is the process that helps acquire, test, and install multiple patches (code changes) on existing applications and software tools on a computer, enabling systems to stay updated on existing patches and determining which patches are the appropriate ones. Patches can increase system stability, contain security fixes, typically patches are scheduled in service packs (all at once) or via monthly updates. Sometimes patches are delivered as emergency out-of-band updates to fix zero-day and important security discoveries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Protocol analyzers

A

Protocol analyzer is a tool (hardware or software) used to capture and analyze signals and data traffic over a communication channel. Such a channel can vary from a local computer bus to a satellite link, that provides a means of communication using a standard communication protocol (networked or point-to-point). Each type of communication protocol has a different tool to collect and analyze signals and data. Protocol analyzers can gathers packets on the network, view traffic patterns, identify unknown traffic, verify packet filtering and security controls, and used for big data analytics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

SIEM

A

Security information and event management (SIEM) is a subsection within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware. Usually includes advanced reporting features that can log aggregation and long-term storage, determine data correlation, and link diverse data types. Typically relied upon as a forensic analysis to gather details after an event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

SNMP

A

Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Syslog

A

Syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the software type generating the message, and assigned a severity level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

IPSec (Internet Protocol Security)

A

Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs). Security for OSI Layer with authentication and encryption for every packet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

SSL VPN (Secure Sockets Layer VPN)

A

An SSL VPN is a type of virtual private network (VPN) that uses the Secure Sockets Layer (SSL) protocol or, more often, its successor, the Transport Layer Security (TLS) protocol - in standard web browsers to provide secure, remote-access VPN capability. SSL VPN enables devices with an internet connection to establish a secure remote-access VPN connection with a web browser. An SSL VPN connection uses end-to-end encryption (E2EE) to protect data transmitted between the endpoint device client software and the SSL VPN server through which the client connects securely to the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Site-to-Site VPNs

A

A site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the internet. Site-to-site VPN extends the company’s network, making computer resources from one location available to employees at other locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Host-to-Site VPNs

A

Host-to-Site VPNs is a connection between a user and the LAN inside a company where the user is an employee who needs to connect to the corporate network from outside the company. This type of connection is used mainly by telecommuting or sales force employees who want to connect to the corporate LAN from remote locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

DTLS

A

Datagram Transport Layer Security (DTLS) is a communications protocol that provides security for datagram-based applications by allowing them to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses UDP, the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP rather than TCP, it avoids the “TCP meltdown problem”, when being used to create a VPN tunnel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Remote desktop access

A

Remote desktop access is sharing a desktop from a remote location. Microsoft has RDP (Microsoft Remote Desktop Protocol) and there are other similar clients for Mac OS, Linux, and others. Commonly used by technical support and by scammers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

SSH (Secure Shell)

A

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH. Uses tcp/22.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Web-based management console

A

Manage a device or software from an encrypted web-based front-end.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Out-of-band management

A

Out-of-band management involves the use of management interfaces (or serial ports) for managing and networking equipment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Privileged User Agreement

A

Privileged user agreement is a signed agreement which enables an individual to take actions that may affect computing systems, network communication, or the accounts, files, data, or processes of other users based upon agreed upon terms and expectations. Privileged access is typically granted to system administrators, network administrators, staff performing computing account administration or other such employees whose job duties require special privileges over a computing system or network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Export controls

A

Export controls are U.S. laws and regulations that regulate and restrict the release of critical technologies, information, and services to foreign nationals, within and outside of the United States, and foreign countries for reasons of foreign policy and national security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Data Loss Prevention (DLP)

A

Data loss prevention (DLP) is a set of tools, processes, and policies used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Incident response policies

A

Incident response policy helps your organization systematically handle the entire lifecycle of a security event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Acceptable Use Policies (AUP)

A

Acceptable Usage Policy (AUP) or fair use policy, is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website or system may be used and sets guidelines as to how it should be used. AUP documents are written for corporations, businesses, universities, schools, internet service providers (ISPs), and website owners, often to reduce the potential for legal action that may be taken by a user, and often with little prospect of enforcement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

NDA

A

A non-disclosure agreement (NDA), also known as a confidentiality agreement (CA), confidential disclosure agreement (CDA), proprietary information agreement (PIA) or secrecy agreement (SA), is a legal contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share with one another for certain purposes, but wish to restrict access to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

MSDS (Material Safety Data Sheet)

A

MSDS (Material Safety Data Sheet) - Equipment safety, electrical safety policies, personal safety, jewelry policy, lifting techniques, fire safety, cable management, safety goggles, etc., handling of toxic waste, batteries, toner, government regulations, safety laws, building codes, environmental regulations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

CCTV

A

CCTV (Closed circuit television) also known as video surveillance, is the use of video cameras to transmit a signal to a specific place, on a limited set of monitors. It differs from broadcast television in that the signal is not openly transmitted, though it may employ point-to-point (P2P), point-to-multipoint (P2MP), or mesh wired or wireless links. Though almost all video cameras fit this definition, the term is most often applied to those used for surveillance in areas that may need monitoring such as banks, stores, and other areas where security is needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Asset tracking tags

A

Asset tracking tags refers to the method of tracking physical assets, either by scanning barcode labels attached to the assets or by using tags using GPS, BLE or RFID which broadcast their location. These technologies can also be used for indoor tracking of persons wearing a tag.

40
Q

Tamper detection

A

Tamper detection monitors hardware tampering such as case sensors to identify case removal with an alarm sent from BIOS. If sensors aren’t available or practical, foil asset tags can be used to identify tampering.

41
Q

Identification badges

A

Identification badges provide identifying information of the wearer such as a picture, name, department, title, and other details. Often must be worn at all times and sometimes integrated with door access or a smart card.

42
Q

TACACS

A

TACACS (Terminal Access Controller Access Control System) is an older authentication protocol common to UNIX networks that allows a remote access server to forward a user’s logon password to an authentication server to determine whether access can be allowed to a given system.

43
Q

Kerberos

A

Kerberos is a network authentication protocol that uses secret-key cryptography to authenticate client-server applications. Kerberos requests an encrypted ticket via an authenticated server sequence to use services. Kerberos allows a user to authenticate once and then be trusted by the system so no need to re-authenticate multiple times in the same session.

44
Q

LDAP (Lightweight Directory Access Protocol)

A

The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. LDAP uses TCP/IP (tcp/389 and udp/389). Used in Windows Active Directory, Apple OpenDirectory, OpenLDAP, etc.

45
Q

Local authentication

A

Local authentication is when the credentials are stored on the local device and does not use a centralized database. Most devices include an initial local account and password, but often will force a password change.

46
Q

Certificate-based authentication

A

A certificate-based authentication uses a public key cryptography and digital certificate to authenticate a user. A digital certificate is an electronic form that contains identification data, public key, and the digital signature of a certification authority derived from that certification authority’s private key. When a user signs on to the server, they provide their digital certificate that has the public key and signature of the certification authority. The server then confirms the validity of the digital signature and if the certificate has been issued by a trusted certificate authority or not. The server then authenticates the user with public key cryptography to confirm the user is in possession of the private key associated with the certificate.

47
Q

Multi-factor authentication

A

Multi-factor authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors):

  • Something you are - Biometric authentication, usually stored as mathematical representation of your biometrics.
  • Something you have - Physical device such as a smart card, pseudo-random authentication codes, SMS, or phone.
  • Something you know - Password, PIN, Pattern
  • Somewhere you are - Provide a factor based on your location, geolcation, IP address, or mobile device location.
  • Something you do - Signature/Handwriting comparison, typing technique (delays between keystrokes).
48
Q

Two-factor authentication

A

Two-factor authentication (2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users’ claimed identities by using a combination of two different authentication factors.

49
Q

NAC

A

Network Access Control (NAC) is an approach to computer security that attempts to prevent both logical and physical access until a user authenticates. Logical access prevention is in effect when an unauthenticated user tries to access the network, but they are instead placed in a quarantine network or denied outright. Physical access prevention is done by physically disabling unused interface ports and MAC address checking.

50
Q

Port security

A

Prevent unauthorized users from connecting to a switch interface, either by alerting when an unauthorized device attempts to connect or disable the port entirely. Port security is based on the source MAC address even if forwarded from elsewhere. Each port has its own config and unique rules for every interface.

51
Q

Port security operation

A

Able to configure a maximum number of source MAC addresses on an interface so the admin can decide how many is too many. You can also configure specific MAC addresses and the switch monitors the number of
unique MAC addresses. The switch maintains a list of every source MAC address and once you exceed the maximum, port security activates.

52
Q

Captive portal

A

Captive portal is a web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other valid credentials that both the host and user agree to adhere by.

53
Q

Access Control Lists (ACLs)

A

Access Control List (ACL) is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation, used to allow or deny traffic. ACLs are defined on the ingress or egress of an interface and can be base criteria on things such as source IP, destination IP, TCP/UDP port numbers, ICMP

54
Q

WPA (Wi-Fi Protected Access)

A

In 2002 WPA was the replacement for serious cryptographic weaknesses in WEP (Wired Equivalent Privacy). Needed a short-term bridge between WEP and whatever would be the successor and able to run on existing hardware.

55
Q

TKIP

A

Temporal Key Integrity Protocol is a security protocol used in the IEEE 802.11 wireless networking standard meant to be a band-aid fix for WEP security without requiring the replacement of legacy hardware. TKIP mixed the keys and adds a sequence counter to prevent replay attacks. TKIP implements a 64-bit Message Integrity Check (MIC) which checks the MAC address. TKIP has it’s own set of vulnerabilities and was deprecated in 2012.

56
Q

CCMP

A

Counter Mode Cipher Block Chaining Message Authentication Code Protocol (Counter Mode CBC-MAC Protocol) or CCM mode Protocol (CCMP) is an encryption protocol designed for Wireless LAN products that implements the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM mode) of the Advanced Encryption Standard (AES) standard. It was created to address the vulnerabilities presented by Wired Equivalent Privacy (WEP), a dated, insecure protocol.

57
Q

EAP

A

Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections. There are many different ways to authenticate based on RFC standards; WPA and WPA2 use five EAP types as authentication mechanisms.

58
Q

PEAP

A

Protected Extensible Authentication Protocol, also known as Protected EAP or simply PEAP, is a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel. The purpose was to correct deficiencies in EAP; EAP assumed a protected communication channel, such as that provided by physical security, so facilities for protection of the EAP conversation were not provided.

59
Q

Wireless security modes

A
  • Open System - No authentication password is required
  • WPA-Personal / WPA-PSK
  • WPA2 with a pre-shared key (Everyone uses the same 256-bit key)
  • WPA-Enterprise / WPA-802.1X (Authenticates users individually with an authentication server (i.e., RADIUS))
60
Q

MAC filtering

A

MAC Filtering refers to a security access control method whereby the MAC address (the physical hardware address) assigned to each network card is used to determine access to the network. MAC addresses can be spoofed so MAC filtering can really only increase security through obscurity.

61
Q

Geofencing

A

Geofence is a virtual perimeter for a real-world geographic area. A geofence could be dynamically generated - as in a radius around a point location, or a geofence can be a predefined set of boundaries. Geofencing can restrict or allow features when a particular device is within the geofence area such as only allow logins when the device is located
within the boundaries.

62
Q

Denial of Service

A

Denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

63
Q

“Friendly” DoS

A

A “friendly” DoS is when a website experiences such heavy traffic that users can no longer access the website. This is done when many people flood to the website and cause the server to crash done unintentionally and without malicious intent.

64
Q

DDoS

A

Distributed Denial of Service (DDoS) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. DDos is an asymmetric attack because more often than not the attacker has fewer resources than the victim. DDoS attacks differ from DoS attacks because DDoS attacks are often global attacks, distributed via botnets.

65
Q

DDOS amplification

A

DDOS amplification attacks are used to magnify the bandwidth that is sent to a victim. This is typically done through publicly accessible DNS servers that are used to cause congestion on the target system using DNS response traffic. Many services can be exploited to act as reflectors, some harder to block than others. Turns a small attack into a big attack by using common Internet services against the victim. Protocols such as DNS, NTP, ICMP, and other protocols with little (if any) authentication or checks.

66
Q

Social Engineering

A

Social engineering, in the context of information security, is the psychological manipulation of people into performing actions or divulging confidential information. This differs from social engineering within the social sciences, which does not concern the divulging of confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme.

67
Q

Insider threats

A

An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems.

  • Innocent employees - Phishing scams, hacking scams
  • Careless employees - Using a laptop for personal use
  • Disgruntled employees - Someone is out to get you
68
Q

Logic Bomb

A

A logic bomb, sometimes referred to as slag code, is a string of malicious code used to cause harm to a network when the programmed conditions are met. The term comes from the idea that a logic bomb “explodes” when it is triggered by a specific event. Logic bombs are difficult to identify as systems will appear to be normal until the logic bomb triggers. Best way to prevent against logic bombs is to sent alerts on changes and host-based intrusion detection.

69
Q

Rogue access points

A

A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a network administrator, whether added by a well-meaning employee or by a malicious attacker.

70
Q

Wireless evil twins

A

An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications. The evil twin is the wireless LAN equivalent of the phishing scam. Evil twins are configured exactly the same way as an existing network with the same SSID and security settings.

71
Q

Wardriving

A

Wardriving is the act of searching for Wi-Fi networks from a moving vehicle. It involves slowly driving around an area with the goal of locating Wi-Fi signals. This may be accomplished by an individual or by two or more people, with one person driving and others searching for wireless networks.

72
Q

Phishing

A

Phishing is the fraudulent use of electronic communications to deceive and take advantage of users. Phishing attacks attempt to gain sensitive, confidential information such as usernames, passwords, credit card information, network credentials, and more. Social engineering with a touch of spoofing often delivered by spam, IM, etc.

73
Q

Spear phishing

A

Spear phishing is an email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. This is achieved by acquiring personal details on the victim such as their friends, hometown, employer, locations they frequent, and what they have recently bought online. The attackers then disguise themselves as a trustworthy entity to acquire sensitive information, typically through email or other online messaging. As with emails used in regular phishing attacks, spear phishing messages appear to come from a trusted source.

74
Q

Ransomware

A

Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. Ransomware can appear to be the real deal but can also be fake ransomware as locking a user’s system or an organizations system requires a lot of effort so often times, the bad guys will simply make it look as though the system is unavailable.

75
Q

Crypto-malware

A

Crypto-ransomware/Crypto-malware is a type of harmful program that encrypts files stored on a computer or mobile device in order to extort money. Encryption ‘scrambles’ the contents of a file, so that it is unreadable but the ransomware/malware still allows you to use your computer, they want you running, but not working.

76
Q

Protecting against ransomware

A

Always have a backup, a backup that is ideally offline and in a separate system that doesn’t have a logical connection to the primary system. Keep your operating system up to date and install patches that fix vulnerabilities.

77
Q

Spoofing

A

Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, MAC address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server.

78
Q

MAC spoofing

A

MAC spoofing is a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device. The MAC address that is hard-coded on a network interface controller (NIC) cannot be changed. However, many drivers allow the MAC address to be changed. Additionally, there are tools which can make an operating system believe that the NIC has the MAC address of a user’s choosing. The process of masking a MAC address is known as MAC spoofing. Essentially, MAC spoofing entails changing a computer’s identity.

79
Q

IP address spoofing

A

In computer networking, IP address spoofing or IP spoofing is the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose of impersonating another computing system.

80
Q

Wireless Deauthentication

A

Wireless deauthentication is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point. Deauthencation attack’s use a deauthenication frame, this frame sent from a router to a device forces the device to disconnect. In technical terms it’s called: “sanctioned technique to inform a rogue station that they have been disconnected from the network”. This means that a device is on the network that shouldn’t be on the network. The router sends a deauthentication frame to the device telling it that it has been disconnected.

81
Q

Brute force

A

A brute force attack, also known as an exhaustive search, is a cryptographic hack that relies on guessing every possible combination of letters, special characters, and numbers to try to determine the combination of a targeted password until the correct password is discovered. The longer the password, the more combinations that will need to be tested. A brute force attack can be time consuming, difficult to perform if methods such as data obfuscation are used, and at times down right impossible. Brute forcing can also include calculating a hash, comparing it to what’s stored, and see if you can determine what those passwords might be

82
Q

Dictionary attacks

A

A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password. A dictionary attack can also be used in an attempt to find the key necessary to decrypt an encrypted message or document. People often use common words as passwords and an attack usually starts with trying the most commonly used password.

83
Q

VLAN hopping

A

VLAN hopping is a computer security exploit, a method of attacking networked resources on a virtual LAN (VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain access to traffic on other VLANs that would normally not be accessible. This is done by two primary methods: Switch spoofing and double tagging.

84
Q

Switch spoofing

A

Switch spoofing is a type of VLAN hopping attack that works by taking advantage of an incorrectly configured trunk port. By default, trunk ports have access to all VLANs and pass traffic for multiple VLANs across the same physical link, generally between switches. In a basic switch spoofing attack, the attacker takes advantage of the fact that the default configuration of the switch port is dynamic auto. The network attacker configures a system to spoof itself as a switch. This spoofing requires that the network attacker be capable of emulating 802.1Q and DTP messages. By tricking a switch into thinking that another switch is attempting to form a trunk, an attacker can gain access to all the VLANs allowed on the trunk port.

85
Q

Double tagging

A

Double tagging VLAN hopping attack takes advantage 802.1Q tagging and tag removal process of many types of switches. Many switches remove only one 802.1Q tag. In Double tagging attack, an attacker changes the original frame to add two VLAN tags. An outer tag, which is of his own VLAN and an inner hidden tag of the victim’s VLAN. Here the attacker’s PC must belong to the native VLAN of the trunk link. When double tagging, you can only send because responses don’t have a way back to the source host.

86
Q

Man-in-the-middle

A

A man-in-the-middle (MiTM) attack is one in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other. The attack is a type of eavesdropping in which the entire conversation is controlled by the attacker.

87
Q

Man-in-the-browser

A

Man-in-the-browser (MITB, MitB, MIB, MiB), a form of Internet threat related to man-in-the-middle (MITM), is a proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application.

88
Q

Vulnerabilities vs Exploits

A

Vulnerabilities are essentially weak points in software code that could sneak in during an update or when creating the base of the software code. Vulnerabilities are open doors that exploits could use to access a target system. Simply put, an exploit takes advantage of a vulnerability.

89
Q

Zero-day attacks

A

Zero-day is a flaw in software, hardware, or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. The term zero day may refer to the vulnerability itself, or an attack that has zero days between the time the vulnerability is discovered and the first attack.

90
Q

Device Hardening

A
  • Change default credentials
  • Avoid common passwords
  • Upgrade firmware
  • File hashing (file integrity)
  • Disable unnecessary services
  • Watch the network
  • Use secure protocols
  • Generate new keys
  • Disable unused TCP and UDP ports
  • Disable unused interfaces
91
Q

IPS signature

A

An IPS signature is a set of rules (can be hundreds or even thousands of rules) that an IDS and an IPS use to detect typical intrusive activity, such as DoS attacks. You can easily install signatures using IDS and IPS management software such as Cisco IDM. Sensors enable you to modify existing signatures and define new ones. IPS compares traffic against signatures of known threats and blocks traffic when a threat is detected.

92
Q

Native VLAN

A

Native VLAN is the one into which untagged traffic will be put when it’s received on a trunk port. This makes it possible for your VLAN to support legacy devices or devices that don’t tag their traffic like some wireless access points and simply network attached devices.

93
Q

Privileged accounts

A

Privileged accounts are elevated accounts that have access to one or more systems at the administrator and/or root level. These accounts are often used to manage hardware, drivers, and software installations. Each privileged account should have some sort of role separation with different access rights to make it more difficult for systems and data to be compromised if a security breach were to occur.

94
Q

FIM (File Integrity Monitoring)

A

FIM (File Integrity Monitoring). File integrity monitoring (FIM) refers to an IT security process and technology that tests and checks operating system (OS), database, and application software files to determine whether or not they have been tampered with or corrupted. Some files change all the time and some files should NEVER change.

95
Q

Honeypots

A

A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to detect, deflect or study hacking attempts in order to gain unauthorized access to information systems.

96
Q

Penetration testing

A

Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system by simulating an attack on a network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually.

Network+ (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions