General Questions Part 3

Question 1

Fault tolerance

Answer 1

Fault tolerance is the property that enables a system to continue operating properly in the event of the failure of (or one or more faults within) some of its components.

Question 2

High availability

Answer 2

High availability (HA) always on systems which are always available. High availability systems often have expansive fault tolerance.

Question 3

NIC teaming

Answer 3

NIC teaming allows you to group between one and 32 physical Ethernet network adapters into one or more software-based virtual network adapters. These virtual network adapters provide fast performance and fault tolerance in the event of a network adapter failure.

Question 4

UPS

Answer 4

Uninterruptible Power Supply is an electrical apparatus that provides emergency power to a load when the input power source or mains power fails. A UPS differs from an auxiliary or emergency power system or standby generator in that it will provide near-instantaneous protection from input power interruptions, by supplying energy stored in batteries, supercapacitors, or flywheels. The on-battery run-time of most uninterruptible power sources is relatively short (only a few minutes) but sufficient to start a standby power source or properly shut down the protected equipment.

Question 5

Generators

Answer 5

Generators are a back-up electrical system that operates automatically. Within seconds of a utility outage an automatic transfer switch senses the power loss, commands the generator to start and then transfers the electrical load to the generator. The standby generator begins supplying power to the circuits. After utility power returns, the automatic transfer switch transfers the electrical load back to the utility and signals the standby generator to shut off. It then returns to standby mode where it awaits the next outage. To ensure a proper response to an outage, a standby generator runs weekly self-tests. Most units run on diesel, natural gas, or liquid propane gas.

Question 6

Dual-power supplies

Answer 6

Dual-power supplies is running two power supplies in parallel with each taking 50% of the load. This provides redundancy if one of them fails and each power supply can handle 100% of the load if needed. These power supplies are hot-swappable so it’s easy to replace a faulty power supply without powering down.

Question 7

Cold site

Answer 7

Cold sites are mere empty operational spaces with basic facilities like raised floors, air conditioning, power and communication lines etc. On occurring of an incident and if the operations can do with a little down time, alternate facilities are brought to and set up in the cold site to resume operations. A cold site is the least expensive type of backup site for an organization to operate. It does not include backed up copies of data and information from the original location of the organization, nor does it include hardware already set up.

Question 8

Warm site

Answer 8

A warm site is a compromise between a hot and cold cite. These sites will have hardware and connectivity already established, though on a smaller scale than the original production site or even a hot site. Warm sites might have backups on hand, but they may not be complete and may be between several days and a week old. The recovery will be delayed while backup tapes are delivered to the warm site, or network connectivity is established and data is recovered from a remote backup site.

Question 9

Hot site

Answer 9

Hot site is a duplicate of the original site of the organization, with full computer systems as well as near-complete backups of user data. Real time synchronization between the two sites may be used to completely mirror the data environment of the original site using wide area network links and specialized software. Following a disruption to the original site, the hot site exists so that the organization can relocate with minimal losses to normal operations in the shortest recovery time. Ideally, a hot site will be up and running within a matter of hours. Personnel may have to be moved to the hot site, but it is possible that the hot site may be operational from a data processing perspective before staff has relocated. The capacity of the hot site may or may not match the capacity of the original site depending on the organization’s requirements. This type of backup site is the most expensive to operate. Hot sites are popular with organizations that operate real time processes such as financial institutions, government agencies and eCommerce providers. The most important feature offered from a hot site is that the production environment(s) is running concurrently with the main datacenter.

Question 10

Incremental Backup

Answer 10

Incremental Backup is one in which successive copies of the data contain only the portion that has changed since the preceding backup copy was made. When a full recovery is needed, the restoration process would need the last full backup plus all the incremental backups until the point of restoration. Incremental backups are often desirable as they reduce storage space usage, and are quicker to perform than differential backups.

Question 11

Differential Backup

Answer 11

Differential backup is a type of data backup that preserves data, saving only the difference in the data since the last full backup. Since changes to data are generally few compared to the entire amount of data in the data repository, the amount of time required to complete the backup will be smaller than if a full backup was performed every time that the organization or data owner wishes to back up changes since the last full backup. Another advantage, at least as compared to the incremental backup method of data backup, is that at data restoration time, at most two backup media are ever needed to restore all the data. This simplifies data restores as well as increases the likelihood of shortening data restoration time.

Question 12

Recovery

Answer 12

Recovery is the mean time to restore (MTTR) mean time to repair.

Question 13

Taking snapshots

Answer 13

Taking snapshots is a recovery method often used in cloud environments. Snapshots can capture the current configuration and data and preserve the complete state of a device, or just the configuration by reverting to a known state.

Question 14

Log management

Answer 14

Log Management comprises an approach to dealing with large volumes of computer-generated log messages (also known as audit records, audit trails, event-logs, etc.).

Question 15

Port scanning

Answer 15

Port scanning is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities. Can also discover what OS is being used without logging into a device.

Question 16

Vulnerability scanning

Answer 16

A vulnerability scanner is an application that identifies and creates an inventory of all the systems (including servers, desktops, laptops, virtual machines, containers, firewalls, switches, and printers) connected to a network. For each device that it identifies it also attempts to identify the operating system it runs and the software installed on it, along with other attributes such as open ports and user accounts.

Question 17

Patch management

Answer 17

Patch management is the process that helps acquire, test, and install multiple patches (code changes) on existing applications and software tools on a computer, enabling systems to stay updated on existing patches and determining which patches are the appropriate ones. Patches can increase system stability, contain security fixes, typically patches are scheduled in service packs (all at once) or via monthly updates. Sometimes patches are delivered as emergency out-of-band updates to fix zero-day and important security discoveries.

Question 18

Protocol analyzers

Answer 18

Protocol analyzer is a tool (hardware or software) used to capture and analyze signals and data traffic over a communication channel. Such a channel can vary from a local computer bus to a satellite link, that provides a means of communication using a standard communication protocol (networked or point-to-point). Each type of communication protocol has a different tool to collect and analyze signals and data. Protocol analyzers can gathers packets on the network, view traffic patterns, identify unknown traffic, verify packet filtering and security controls, and used for big data analytics.

Question 19

SIEM

Answer 19

Security information and event management (SIEM) is a subsection within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware. Usually includes advanced reporting features that can log aggregation and long-term storage, determine data correlation, and link diverse data types. Typically relied upon as a forensic analysis to gather details after an event.

Question 20

SNMP

Answer 20

Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.

Question 21

Syslog

Answer 21

Syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the software type generating the message, and assigned a severity level.

Question 22

IPSec (Internet Protocol Security)

Answer 22

Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs). Security for OSI Layer with authentication and encryption for every packet.

Question 23

SSL VPN (Secure Sockets Layer VPN)

Answer 23

An SSL VPN is a type of virtual private network (VPN) that uses the Secure Sockets Layer (SSL) protocol or, more often, its successor, the Transport Layer Security (TLS) protocol - in standard web browsers to provide secure, remote-access VPN capability. SSL VPN enables devices with an internet connection to establish a secure remote-access VPN connection with a web browser. An SSL VPN connection uses end-to-end encryption (E2EE) to protect data transmitted between the endpoint device client software and the SSL VPN server through which the client connects securely to the internet.

Question 24

Site-to-Site VPNs

Answer 24

A site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the internet. Site-to-site VPN extends the company’s network, making computer resources from one location available to employees at other locations.

Question 25

Host-to-Site VPNs

Answer 25

Host-to-Site VPNs is a connection between a user and the LAN inside a company where the user is an employee who needs to connect to the corporate network from outside the company. This type of connection is used mainly by telecommuting or sales force employees who want to connect to the corporate LAN from remote locations.

Question 26

DTLS

Answer 26

Datagram Transport Layer Security (DTLS) is a communications protocol that provides security for datagram-based applications by allowing them to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses UDP, the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP rather than TCP, it avoids the "TCP meltdown problem", when being used to create a VPN tunnel.

Question 27

Remote desktop access

Answer 27

Remote desktop access is sharing a desktop from a remote location. Microsoft has RDP (Microsoft Remote Desktop Protocol) and there are other similar clients for Mac OS, Linux, and others. Commonly used by technical support and by scammers.

Question 28

SSH (Secure Shell)

Answer 28

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH. Uses tcp/22.

Question 29

Web-based management console

Answer 29

Manage a device or software from an encrypted web-based front-end.

Question 30

Out-of-band management

Answer 30

Out-of-band management involves the use of management interfaces (or serial ports) for managing and networking equipment.

Question 31

Privileged User Agreement

Answer 31

Privileged user agreement is a signed agreement which enables an individual to take actions that may affect computing systems, network communication, or the accounts, files, data, or processes of other users based upon agreed upon terms and expectations. Privileged access is typically granted to system administrators, network administrators, staff performing computing account administration or other such employees whose job duties require special privileges over a computing system or network.

Question 32

Export controls

Answer 32

Export controls are U.S. laws and regulations that regulate and restrict the release of critical technologies, information, and services to foreign nationals, within and outside of the United States, and foreign countries for reasons of foreign policy and national security.

Question 33

Data Loss Prevention (DLP)

Answer 33

Data loss prevention (DLP) is a set of tools, processes, and policies used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.

Question 34

Incident response policies

Answer 34

Incident response policy helps your organization systematically handle the entire lifecycle of a security event.

Question 35

Acceptable Use Policies (AUP)

Answer 35

Acceptable Usage Policy (AUP) or fair use policy, is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website or system may be used and sets guidelines as to how it should be used. AUP documents are written for corporations, businesses, universities, schools, internet service providers (ISPs), and website owners, often to reduce the potential for legal action that may be taken by a user, and often with little prospect of enforcement.

Question 36

NDA

Answer 36

A non-disclosure agreement (NDA), also known as a confidentiality agreement (CA), confidential disclosure agreement (CDA), proprietary information agreement (PIA) or secrecy agreement (SA), is a legal contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share with one another for certain purposes, but wish to restrict access to.

Question 37

MSDS (Material Safety Data Sheet)

Answer 37

MSDS (Material Safety Data Sheet) - Equipment safety, electrical safety policies, personal safety, jewelry policy, lifting techniques, fire safety, cable management, safety goggles, etc., handling of toxic waste, batteries, toner, government regulations, safety laws, building codes, environmental regulations.

Question 38

CCTV

Answer 38

CCTV (Closed circuit television) also known as video surveillance, is the use of video cameras to transmit a signal to a specific place, on a limited set of monitors. It differs from broadcast television in that the signal is not openly transmitted, though it may employ point-to-point (P2P), point-to-multipoint (P2MP), or mesh wired or wireless links. Though almost all video cameras fit this definition, the term is most often applied to those used for surveillance in areas that may need monitoring such as banks, stores, and other areas where security is needed.

Question 39

Asset tracking tags

Answer 39

Asset tracking tags refers to the method of tracking physical assets, either by scanning barcode labels attached to the assets or by using tags using GPS, BLE or RFID which broadcast their location. These technologies can also be used for indoor tracking of persons wearing a tag.

Question 40

Tamper detection

Answer 40

Tamper detection monitors hardware tampering such as case sensors to identify case removal with an alarm sent from BIOS. If sensors aren't available or practical, foil asset tags can be used to identify tampering.

Question 41

Identification badges

Answer 41

Identification badges provide identifying information of the wearer such as a picture, name, department, title, and other details. Often must be worn at all times and sometimes integrated with door access or a smart card.

Question 42

TACACS

Answer 42

TACACS (Terminal Access Controller Access Control System) is an older authentication protocol common to UNIX networks that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be allowed to a given system.

Question 43

Kerberos

Answer 43

Kerberos is a network authentication protocol that uses secret-key cryptography to authenticate client-server applications. Kerberos requests an encrypted ticket via an authenticated server sequence to use services. Kerberos allows a user to authenticate once and then be trusted by the system so no need to re-authenticate multiple times in the same session.

Question 44

LDAP (Lightweight Directory Access Protocol)

Answer 44

The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. LDAP uses TCP/IP (tcp/389 and udp/389). Used in Windows Active Directory, Apple OpenDirectory, OpenLDAP, etc.

Question 45

Local authentication

Answer 45

Local authentication is when the credentials are stored on the local device and does not use a centralized database. Most devices include an initial local account and password, but often will force a password change.

Question 46

Certificate-based authentication

Answer 46

A certificate-based authentication uses a public key cryptography and digital certificate to authenticate a user. A digital certificate is an electronic form that contains identification data, public key, and the digital signature of a certification authority derived from that certification authority’s private key. When a user signs on to the server, they provide their digital certificate that has the public key and signature of the certification authority. The server then confirms the validity of the digital signature and if the certificate has been issued by a trusted certificate authority or not. The server then authenticates the user with public key cryptography to confirm the user is in possession of the private key associated with the certificate.

Question 47

Multi-factor authentication

Answer 47

Multi-factor authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors): - Something you are - Biometric authentication, usually stored as mathematical representation of your biometrics. - Something you have - Physical device such as a smart card, pseudo-random authentication codes, SMS, or phone. - Something you know - Password, PIN, Pattern - Somewhere you are - Provide a factor based on your location, geolcation, IP address, or mobile device location. - Something you do - Signature/Handwriting comparison, typing technique (delays between keystrokes).

Question 48

Two-factor authentication

Answer 48

Two-factor authentication (2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users' claimed identities by using a combination of two different authentication factors.

Question 49

NAC

Answer 49

Network Access Control (NAC) is an approach to computer security that attempts to prevent both logical and physical access until a user authenticates. Logical access prevention is in effect when an unauthenticated user tries to access the network, but they are instead placed in a quarantine network or denied outright. Physical access prevention is done by physically disabling unused interface ports and MAC address checking.

Question 50

Port security

Answer 50

Prevent unauthorized users from connecting to a switch interface, either by alerting when an unauthorized device attempts to connect or disable the port entirely. Port security is based on the source MAC address even if forwarded from elsewhere. Each port has its own config and unique rules for every interface.

Question 51

Port security operation

Answer 51

Able to configure a maximum number of source MAC addresses on an interface so the admin can decide how many is too many. You can also configure specific MAC addresses and the switch monitors the number of unique MAC addresses. The switch maintains a list of every source MAC address and once you exceed the maximum, port security activates.

Question 52

Captive portal

Answer 52

Captive portal is a web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other valid credentials that both the host and user agree to adhere by.

Question 53

Access Control Lists (ACLs)

Answer 53

Access Control List (ACL) is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation, used to allow or deny traffic. ACLs are defined on the ingress or egress of an interface and can be base criteria on things such as source IP, destination IP, TCP/UDP port numbers, ICMP

Question 54

WPA (Wi-Fi Protected Access)

Answer 54

In 2002 WPA was the replacement for serious cryptographic weaknesses in WEP (Wired Equivalent Privacy). Needed a short-term bridge between WEP and whatever would be the successor and able to run on existing hardware.

Question 55

TKIP

Answer 55

Temporal Key Integrity Protocol is a security protocol used in the IEEE 802.11 wireless networking standard meant to be a band-aid fix for WEP security without requiring the replacement of legacy hardware. TKIP mixed the keys and adds a sequence counter to prevent replay attacks. TKIP implements a 64-bit Message Integrity Check (MIC) which checks the MAC address. TKIP has it’s own set of vulnerabilities and was deprecated in 2012.

Question 56

CCMP

Answer 56

Counter Mode Cipher Block Chaining Message Authentication Code Protocol (Counter Mode CBC-MAC Protocol) or CCM mode Protocol (CCMP) is an encryption protocol designed for Wireless LAN products that implements the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM mode) of the Advanced Encryption Standard (AES) standard. It was created to address the vulnerabilities presented by Wired Equivalent Privacy (WEP), a dated, insecure protocol.

Question 57

EAP

Answer 57

Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections. There are many different ways to authenticate based on RFC standards; WPA and WPA2 use five EAP types as authentication mechanisms.

Question 58

PEAP

Answer 58

Protected Extensible Authentication Protocol, also known as Protected EAP or simply PEAP, is a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel. The purpose was to correct deficiencies in EAP; EAP assumed a protected communication channel, such as that provided by physical security, so facilities for protection of the EAP conversation were not provided.

Question 59

Wireless security modes

Answer 59

- Open System - No authentication password is required - WPA-Personal / WPA-PSK - WPA2 with a pre-shared key (Everyone uses the same 256-bit key) - WPA-Enterprise / WPA-802.1X (Authenticates users individually with an authentication server (i.e., RADIUS))

Question 60

MAC filtering

Answer 60

MAC Filtering refers to a security access control method whereby the MAC address (the physical hardware address) assigned to each network card is used to determine access to the network. MAC addresses can be spoofed so MAC filtering can really only increase security through obscurity.

Question 61

Geofencing

Answer 61

Geofence is a virtual perimeter for a real-world geographic area. A geofence could be dynamically generated - as in a radius around a point location, or a geofence can be a predefined set of boundaries. Geofencing can restrict or allow features when a particular device is within the geofence area such as only allow logins when the device is located within the boundaries.

Question 62

Denial of Service

Answer 62

Denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

Question 63

"Friendly" DoS

Answer 63

A "friendly" DoS is when a website experiences such heavy traffic that users can no longer access the website. This is done when many people flood to the website and cause the server to crash done unintentionally and without malicious intent.

Question 64

DDoS

Answer 64

Distributed Denial of Service (DDoS) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. DDos is an asymmetric attack because more often than not the attacker has fewer resources than the victim. DDoS attacks differ from DoS attacks because DDoS attacks are often global attacks, distributed via botnets.

Question 65

DDOS amplification

Answer 65

DDOS amplification attacks are used to magnify the bandwidth that is sent to a victim. This is typically done through publicly accessible DNS servers that are used to cause congestion on the target system using DNS response traffic. Many services can be exploited to act as reflectors, some harder to block than others. Turns a small attack into a big attack by using common Internet services against the victim. Protocols such as DNS, NTP, ICMP, and other protocols with little (if any) authentication or checks.

Question 66

Social Engineering

Answer 66

Social engineering, in the context of information security, is the psychological manipulation of people into performing actions or divulging confidential information. This differs from social engineering within the social sciences, which does not concern the divulging of confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.

Question 67

Insider threats

Answer 67

An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems. - Innocent employees - Phishing scams, hacking scams - Careless employees - Using a laptop for personal use - Disgruntled employees - Someone is out to get you

Question 68

Logic Bomb

Answer 68

A logic bomb, sometimes referred to as slag code, is a string of malicious code used to cause harm to a network when the programmed conditions are met. The term comes from the idea that a logic bomb “explodes” when it is triggered by a specific event. Logic bombs are difficult to identify as systems will appear to be normal until the logic bomb triggers. Best way to prevent against logic bombs is to sent alerts on changes and host-based intrusion detection.

Question 69

Rogue access points

Answer 69

A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a network administrator, whether added by a well-meaning employee or by a malicious attacker.

Question 70

Wireless evil twins

Answer 70

An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications. The evil twin is the wireless LAN equivalent of the phishing scam. Evil twins are configured exactly the same way as an existing network with the same SSID and security settings.

Question 71

Wardriving

Answer 71

Wardriving is the act of searching for Wi-Fi networks from a moving vehicle. It involves slowly driving around an area with the goal of locating Wi-Fi signals. This may be accomplished by an individual or by two or more people, with one person driving and others searching for wireless networks.

Question 72

Phishing

Answer 72

Phishing is the fraudulent use of electronic communications to deceive and take advantage of users. Phishing attacks attempt to gain sensitive, confidential information such as usernames, passwords, credit card information, network credentials, and more. Social engineering with a touch of spoofing often delivered by spam, IM, etc.

Question 73

Spear phishing

Answer 73

Spear phishing is an email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. This is achieved by acquiring personal details on the victim such as their friends, hometown, employer, locations they frequent, and what they have recently bought online. The attackers then disguise themselves as a trustworthy entity to acquire sensitive information, typically through email or other online messaging. As with emails used in regular phishing attacks, spear phishing messages appear to come from a trusted source.

Question 74

Ransomware

Answer 74

Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid. Ransomware can appear to be the real deal but can also be fake ransomware as locking a user's system or an organizations system requires a lot of effort so often times, the bad guys will simply make it look as though the system is unavailable.

Question 75

Crypto-malware

Answer 75

Crypto-ransomware/Crypto-malware is a type of harmful program that encrypts files stored on a computer or mobile device in order to extort money. Encryption 'scrambles' the contents of a file, so that it is unreadable but the ransomware/malware still allows you to use your computer, they want you running, but not working.

Question 76

Protecting against ransomware

Answer 76

Always have a backup, a backup that is ideally offline and in a separate system that doesn't have a logical connection to the primary system. Keep your operating system up to date and install patches that fix vulnerabilities.

Question 77

Spoofing

Answer 77

Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, MAC address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server.

Question 78

MAC spoofing

Answer 78

MAC spoofing is a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device. The MAC address that is hard-coded on a network interface controller (NIC) cannot be changed. However, many drivers allow the MAC address to be changed. Additionally, there are tools which can make an operating system believe that the NIC has the MAC address of a user's choosing. The process of masking a MAC address is known as MAC spoofing. Essentially, MAC spoofing entails changing a computer's identity.

Question 79

IP address spoofing

Answer 79

In computer networking, IP address spoofing or IP spoofing is the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose of impersonating another computing system.

Question 80

Wireless Deauthentication

Answer 80

Wireless deauthentication is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point. Deauthencation attack’s use a deauthenication frame, this frame sent from a router to a device forces the device to disconnect. In technical terms it’s called: “sanctioned technique to inform a rogue station that they have been disconnected from the network”. This means that a device is on the network that shouldn’t be on the network. The router sends a deauthentication frame to the device telling it that it has been disconnected.

Question 81

Brute force

Answer 81

A brute force attack, also known as an exhaustive search, is a cryptographic hack that relies on guessing every possible combination of letters, special characters, and numbers to try to determine the combination of a targeted password until the correct password is discovered. The longer the password, the more combinations that will need to be tested. A brute force attack can be time consuming, difficult to perform if methods such as data obfuscation are used, and at times down right impossible. Brute forcing can also include calculating a hash, comparing it to what's stored, and see if you can determine what those passwords might be

Question 82

Dictionary attacks

Answer 82

A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password. A dictionary attack can also be used in an attempt to find the key necessary to decrypt an encrypted message or document. People often use common words as passwords and an attack usually starts with trying the most commonly used password.

Question 83

VLAN hopping

Answer 83

VLAN hopping is a computer security exploit, a method of attacking networked resources on a virtual LAN (VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain access to traffic on other VLANs that would normally not be accessible. This is done by two primary methods: Switch spoofing and double tagging.

Question 84

Switch spoofing

Answer 84

Switch spoofing is a type of VLAN hopping attack that works by taking advantage of an incorrectly configured trunk port. By default, trunk ports have access to all VLANs and pass traffic for multiple VLANs across the same physical link, generally between switches. In a basic switch spoofing attack, the attacker takes advantage of the fact that the default configuration of the switch port is dynamic auto. The network attacker configures a system to spoof itself as a switch. This spoofing requires that the network attacker be capable of emulating 802.1Q and DTP messages. By tricking a switch into thinking that another switch is attempting to form a trunk, an attacker can gain access to all the VLANs allowed on the trunk port.

Question 85

Double tagging

Answer 85

Double tagging VLAN hopping attack takes advantage 802.1Q tagging and tag removal process of many types of switches. Many switches remove only one 802.1Q tag. In Double tagging attack, an attacker changes the original frame to add two VLAN tags. An outer tag, which is of his own VLAN and an inner hidden tag of the victim's VLAN. Here the attacker's PC must belong to the native VLAN of the trunk link. When double tagging, you can only send because responses don’t have a way back to the source host.

Question 86

Man-in-the-middle

Answer 86

A man-in-the-middle (MiTM) attack is one in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other. The attack is a type of eavesdropping in which the entire conversation is controlled by the attacker.

Question 87

Man-in-the-browser

Answer 87

Man-in-the-browser (MITB, MitB, MIB, MiB), a form of Internet threat related to man-in-the-middle (MITM), is a proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application.

Question 88

Vulnerabilities vs Exploits

Answer 88

Vulnerabilities are essentially weak points in software code that could sneak in during an update or when creating the base of the software code. Vulnerabilities are open doors that exploits could use to access a target system. Simply put, an exploit takes advantage of a vulnerability.

Question 89

Zero-day attacks

Answer 89

Zero-day is a flaw in software, hardware, or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. The term zero day may refer to the vulnerability itself, or an attack that has zero days between the time the vulnerability is discovered and the first attack.

Question 90

Device Hardening

Answer 90

- Change default credentials - Avoid common passwords - Upgrade firmware - File hashing (file integrity) - Disable unnecessary services - Watch the network - Use secure protocols - Generate new keys - Disable unused TCP and UDP ports - Disable unused interfaces

Question 91

IPS signature

Answer 91

An IPS signature is a set of rules (can be hundreds or even thousands of rules) that an IDS and an IPS use to detect typical intrusive activity, such as DoS attacks. You can easily install signatures using IDS and IPS management software such as Cisco IDM. Sensors enable you to modify existing signatures and define new ones. IPS compares traffic against signatures of known threats and blocks traffic when a threat is detected.

Question 92

Native VLAN

Answer 92

Native VLAN is the one into which untagged traffic will be put when it's received on a trunk port. This makes it possible for your VLAN to support legacy devices or devices that don't tag their traffic like some wireless access points and simply network attached devices.

Question 93

Privileged accounts

Answer 93

Privileged accounts are elevated accounts that have access to one or more systems at the administrator and/or root level. These accounts are often used to manage hardware, drivers, and software installations. Each privileged account should have some sort of role separation with different access rights to make it more difficult for systems and data to be compromised if a security breach were to occur.

Question 94

FIM (File Integrity Monitoring)

Answer 94

FIM (File Integrity Monitoring). File integrity monitoring (FIM) refers to an IT security process and technology that tests and checks operating system (OS), database, and application software files to determine whether or not they have been tampered with or corrupted. Some files change all the time and some files should NEVER change.

Question 95

Honeypots

Answer 95

A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to detect, deflect or study hacking attempts in order to gain unauthorized access to information systems.

Question 96

Penetration testing

Answer 96

Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system by simulating an attack on a network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually.