InfoSec

Question 1

What is a security plan?

Answer 1

A plan that identifies and organizes the security activities for a system/organization

Question 2

What is risk analysis?

Answer 2

A systematic investigation of the system, its environment, and what might go wrong

Question 3

What is a security policy?

Answer 3

A security policy is a document that defines how an organization deals with some aspect of security.

Question 4

What is a plan maintenance?

Answer 4

A plan that specify the order which controls are to be implemented.

Question 5

What is a business continuity plan?

Answer 5

A (business) continuity plan documents how a business will continue to function during or after a computer security incident

Question 6

What is a Incident response?

Answer 6

Tells the staff how to deal with a security incident

Question 7

What is ISO/IEC 27005 about?

Answer 7

Information Security Risk Management (ISRM)

Question 8

What is ISO 31000 about?

Answer 8

(general) Risk Management (RM) (principles and guidelines)

Question 9

What is risk management?

Answer 9

Coordinated activities to direct and control an organization with regard to risk

Question 10

What is risk assessment?

Answer 10

Overall process of risk identification, risk analysis and risk evaluation

Question 11

What is risk identification?

Answer 11

process of finding, recognizing and describing risks

Question 12

What is risk evaluation?

Answer 12

process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable

Question 13

What does “Level of risk” mean?

Answer 13

magnitude of a risk expressed in terms of the combination of consequences and their likelihood

Question 14

What does “residual risk” mean?

Answer 14

risk remaining after risk treatment

Question 15

What does vulnerability mean?

Answer 15

Weakness of an asses or control that can be exploited by one or more threats

Question 16

What does threat mean?

Answer 16

potential cause of an unwanted incident, which may result in harm to a system or organization

Question 17

What is ISO?

Answer 17

the process to comprehend the nature of risk and to determine the level of risk

Question 18

What is Risk analysis?

Answer 18

Organized process for identifying the most significant risks in a computing environment, determining the impact of those risks, and weighing the desirability of applying various controls against those risks

Question 19

What is management systems?

Answer 19

A management system is a “set of interrelated or interacting elements of an organization to establish policies and objectives and processes to achieve those objectives” (ISO/IEC 27000:2014)

Question 20

What is cyber terrorism?

Answer 20

The use of computers to launch a terrorist attack

Question 21

What is an Economic attack?

Answer 21

An attack that causes economic damage.

Question 22

What is cryptanalysis?

Answer 22

the study of methods for breaking ciphertext

Question 23

What is cryptography?

Answer 23

the use and practice of cryptographic techniques

Question 24

What is cryptology?

Answer 24

the study of both cryptography and cryptanalysis

Question 25

What is plaintext/cleartext, P?

Answer 25

The original form a message

Question 26

What is ciphertext/cyphertext, C?

Answer 26

encrypted version of a message

Question 27

What is a Cipher?

Answer 27

a pair of cryptographic algorithms, e.g., a mathematical function used for encryption and one for decryption

Question 28

What is the cryptosystem in formal notation?

Answer 28

P = D(E(P))

Question 29

What is an encryption algorithm?

Answer 29

A set of rules of how to encrypt plaintext and how to decrypt the ciphertext

Question 30

What is a symmetric cryptosystem?

Answer 30

• Encryption and decryption keys are the same
• Provide a two-way channel to their users
• If the key is kept secret for a pair - the system also provides authentication proof
• If the secret key is compromised, the adversary can decrypt all traffic and produce fake messages

Question 31

What is an Asymmetric cryptosytem?

Answer 31

*One key for encryption and another key for decryption
* Keys come in pairs
* A decryption key, KD, inverts the encryption of key KE so that:
* P = D(KD, E(KE,P))
* Also called public key

Question 32

What is a Stream cipher?

Answer 32

• Each bit/byte of the data stream is encrypted separately (low diffusion)
• Fast and encryption can take place as soon as data is read
• If errors occur, only bit/byte is affected
• Susceptible to malicious insertions and modifications

Question 33

What is a block cipher?

Answer 33

• Encrypts a group of plaintext symbols as a single block (typically 64, 128, 256 bits or
  more) (high diffusion)
• Slower process, the last block needs to be padded, and an error affects more bytes
• Impossible to insert a single symbol into one block

Question 34

What is The Data Encryption Standard (DES)?

Answer 34

• Symmetric block cipher
• Encryption and decryption algorithms are public but the design principles are classified
• Used fixed 56 bits (short) key
• Is considered insecure and was deprecated in 2017

Question 35

What is The Advanced Encryption Standard (AES)?

Answer 35

• A replacement for DES
• Symmetric, block cipher (128) bits
• Three different key lengths: 128, 192, and 256 bits

Question 36

What is the de-facto encryption standard today?

Answer 36

AES

• Used in e.g., WPA2, IPsec, WhatsApp, Telegram… and in hardware such as Intel & AMD processors

Question 37

What is Rivest-Shamir-Adelman (RSA)?

Answer 37

• Asymmetric block cipher
• Public key system (i.e., one private and one public key)
• Long keys (1024-4096 bits)
• Slow algorithm

Question 38

What is the Diffie-Hellman key exchange protocol?

Answer 38

A way in which a public channel can be used to create a confidential shared key

Question 39

How does the Diffie-Hellman key exchange work?

Answer 39

1. First agree on an arbitrary staring key
2. Then pick a private key
3. Mix the (public) starting key with the secret key
4. Exchange the keys with each other
5. Mix the other shared key with their own secret key

Question 40

What is error detecting codes?

Answer 40

A fast and reliable way of finding out if an error in a transmission have happened

Question 41

Name some simple error detecting codes?

Answer 41

• Parity checks
• Cyclic redundancy checks

Question 42

Name some cryptographic error detecting codes?

Answer 42

• One-way hash functions
• Cryptographic checksums
• Digital signatures

Question 43

What’s in Shannon’s characteristics of good ciphers?

Answer 43

• The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption
• The set of keys and the enciphering algorithm should be free from complexity
• The implementation of the process should be as simple as possible
• Errors in ciphering should not propagate and cause corruption of further information in the message
• The size of the enciphered text should be no larger than the text of the original message

Question 44

What is Interception?

Answer 44

Unauthorized viewing
CIA: Confidentiality
Network security examples: Eavesdropping or wiretapping

Question 45

What is Modification?

Answer 45

Unauthorized change
CIA: Integrity
Network security examples: Integrity failures - insertion

Question 46

What is Fabrication?

Answer 46

Unauthorized creation
CIA: Integrity
Network security examples: Integrity failures - replay

Question 47

What is Interruption?

Answer 47

Preventing authorized access
CIA: Availability
Network security examples: DoS/DDoS

Question 48

What vulnerabilities is there to Wi-Fi?

Answer 48

• It’s prone to eavesdropping
• Shared media = easy insertion and easy disruption (DoS)

Question 49

What is the standard Wireless protocol?

Answer 49

WPA2/802.11i

Question 50

What does CYOD mean?

Answer 50

The company lists acceptable devices (that is, those that meet company security requirements) and allows each employee to choose his or her own device.

Question 51

What is COPE?

Answer 51

The company owns and provides the equipment. This clearly offers the most security, but also comes at the highest cost.

Question 52

What is segmentation?

Answer 52

Dividing a network into smaller segments.

Question 53

What is important for network security countermeasures?

Answer 53

• System architecture
• Segmentation
• DMZ
• Redundancy
• Encryption

Question 54

What is a Virtual Private Network (VPN)?

Answer 54

I provides a way to the Internet. It creates a virtual connection between a remote user and the central location.

Question 55

What two approaches are it to VPN?

Answer 55

• Remote access - one fixed side (What you get if you buy a VPN Service)
• Site-to-site - two fixed sites

Question 56

What is a firewall?

Answer 56

A device that filters all traffic between a protected or “inside” network and less trustworthy or “outside” network

Firewalls implement security policies or rule-sets that determine what traffic can or cannot pass through

Question 57

What is a firewall an example of?

Answer 57

A reference monitor
* Always invoked (cannot be circumvented)
* Tamperproof
* Small and simple enough for rigorous analysis

Question 58

What is a demilitarized zone?

Answer 58

• A perimeter network or screened subnet
• Physical or logical subnetwork
• DMZ is a form of network architecture
• Services dedicated to outside use separated
• The idea is that intrusion of DMZ hosts lead
  to only limited damage to the internal hosts

Question 59

What is a Intrusion Detection System (IDS)?

Answer 59

It monitors activity malicious or suspicious events

Question 60

What is an IDS detection methods?

Answer 60

• Signature-based
• Heuristic

Question 61

What is the Capability of IDS?

Answer 61

• Passive –sound the alarm
• Active, that’s when it become IPS

Question 62

How does a IPS respond to an alarm?

Answer 62

• Monitor and collect data
• Protect
• Signal an alert to other protection components

Question 63

What is capacity planning?

Answer 63

• Know what cause spikes in traffic and plan for them

Question 64

What is network tuning?

Answer 64

• Adjusting the number of segments, machines, uplinks…
• Rate limiting - countermeasure that reduces the impact of an attack by limiting capacity to a host/network

Question 65

What is shunning?

Answer 65

Reducing service given to traffic from certain address ranges

Question 66

What is blacklisting?

Answer 66

Blocking all traffic to/from a specific host

Question 67

What is sinkholing?

Answer 67

Incoming traffic is analyzed, and bad traffic rejected

Question 68

What is a honeypot?

Answer 68

A virtual machine meant to lure an attacker into an environment that can be both controlled and monitored

Question 69

What is a kernel?

Answer 69

• A kernel is the part of the OS that performs the lowest-level functions

Question 70

What is a security kernel?

Answer 70

• A security kernel is responsible for enforcing the security mechanisms of the entire OS
• Typically contained within the kernel

Question 71

What is kernel-mode?

Answer 71

Kernel-mode - executing code has complete and unrestricted access to the underlying hardware and memory

Question 72

What is User-mode?

Answer 72

User-mode - executing code has no direct access to hardware or reference memory

Question 73

What is a reference monitor?

Answer 73

• A reference monitor mediates access by subjects to objects (e.g., to let a user read a file)

Question 74

What is Discretionary access control (DAC)?

Answer 74

Access control model based on the identity of the user
* The owner decides who is allowed to access the object
and what privileges they have
* Rights can be delegated at users’ discretion
* Most common model

Question 75

What is Role-based access control (RBAC)?

Answer 75

• Controls based on a subject’s (user’s or program’s) role, not their identity
• Subject’s rights can change depending on their current role
• access is controlled at the system level, outside of the user’s control
• Used in, e.g., Microsoft Azure

Question 76

What does reconnaissance mean?

Answer 76

The hacker research their target

Question 77

What does reconnaissance (passive) mean?

Answer 77

• Before an attack is executed the hacker attempt to find out information about the target system

Question 78

What does Reconnaissance (Active) mean?

Answer 78

Port scanning (Nmap) Scans to see which ports are open

• Ping scan
• Connect scan
• SYN scan
• FIN scan

Question 79

What is a Ping scan?

Answer 79

A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers).

Question 80

What is a SYN scan?

Answer 80

• Stealthy scan
• Also called half-open scan

You send a SYN packet but you never respond to the SYN/ACK

Question 81

What is an SQL attack?

Answer 81

You enter SQL commands into login forms to trick the server into executing those commands.

Question 82

What is Bluesnarfing?

Answer 82

Unauthorized access of information from a Bluetooth device

Question 83

What is Blue jacking?

Answer 83

Using another blue tooth device within range and sending messages to the target

Question 84

What is Bluebugging?

Answer 84

Accesses and uses all phone features

Question 85

What is Pod slurping?

Answer 85

Using a device such as an iPod to steal confidential data by directly plugging it into a computer where the data are held

Question 86

What is Malware?

Answer 86

Software planted by an agent with malicious intent to cause unanticipated or undesired effects

Question 87

What is a Virus?

Answer 87

A program that can replicate itself and pass on malicious code to other non-malicious programs by modifying them

Question 88

What is a Worm?

Answer 88

A program that spreads copies of itself through a network

Question 89

What is a Trojan Horse?

Answer 89

A application/software that looks legit but contains code that, in addition to its stated effect, has a second, nonobvious, malicious effect

Question 90

What is a Rabbit?

Answer 90

Code that replicates itself without limit to exhaust resources

Question 91

What is a Logic Bomb?

Answer 91

Code that triggers when a predetermined condition occurs

Question 92

What is a Time Bomb?

Answer 92

Code that triggers action when a predetermined time occurs

Question 93

What is a Dropper?

Answer 93

Transfer agent code only to drop other malicious code, such as virus or Trojan horse

Question 94

What is Hostile mobile code agent?

Answer 94

Code communicated semi-autonomously by programs transmitted through the web

Question 95

What is a cross-site script attack?

Answer 95

• Tricking a client or server into executing scripted code by including the code in data inputs

Question 96

What is a RAT (remote access Trojan)?

Answer 96

Trojan horse that, once planted, gives access from remote location

Question 97

What is Spyware?

Answer 97

Program that intercepts and covertly communicates data on the user or user’s activity

Question 98

What is a bot?

Answer 98

Semi-autonomous agent, under control of a (usually remote) controller or “herder”; not necessarily malicious

Question 99

What is a Zombie?

Answer 99

Code or entire computer under control of a (usually remote) program

Question 100

What is a Browser hijacker?

Answer 100

Code that changes browser settings, disallows access to certain sites, or redirects browser to other

Question 101

What is a Rootkit?

Answer 101

A collection of tools that a hacker uses to mask their intrusion and obtain admin-level access to a computer or network.

Question 102

What is trapdoor or backdoor?

Answer 102

Code feature that allows unauthorized access to a machine or program; bypasses normal access control and authentication

Question 103

What is a tool or toolkit?

Answer 103

Program containing a set of tests for vulnerabilities; not dangerous itself, but each successful test identifies a vulnerable host that can be attacked

Question 104

What is Scareware?

Answer 104

Not code; false warning of malicious code attack

Question 105

How does virus scanners work?

Answer 105

Virus scanners look for signs of malicious code infection using signatures in program files and memory

Question 106

What is a Denial-of-Service Attacks?

Answer 106

A way to prevent legitimate access to a system, by flooding the system with so many false connection requests that the system cannot respond to legitimate requests

Question 107

What is DHCP Starvation?

Answer 107

If enough requests flood a network, the attacker could completely exhaust the address space allocated by the DHCP servers for an indefinite period of time

Question 108

What are some DoS weaknesses?

Answer 108

• The flood must be sustained.
• When machines are disinfected, the attack stops.
• Hacker’s own machine are at risk of discovery

Question 109

How does a SYN Attack/Flood work?

Answer 109

• The client sends a SYN.
• Server responds with SYN+ACK

The client should now respond with an ACK, but through non –responsiveness and continues sending of a SYN from other clients the server ends up in a busy state.

Question 110

What is Low Orbit Ion Cannon? (LOIC)

Answer 110

• A common tool for DoS attacks
• Requires the user to put in the target URL or IP address and then begin the attack

Question 111

What is XOIC?

Answer 111

• XOIC is another DoS attacking tool.
• Performs a DoS attack on any server with an IP address, a user-selected port, and a user-selected protocol.

Question 112

What is Ping of Death?

Answer 112

• A ping of death is a type of attack on a computer system that involves sending a malformed or otherwise malicious ping to a computer.

Question 113

What is a Man-in-the-Browser?

Answer 113

• Malicious code in browser/add-ons

Question 114

What is a Keystroke logger?

Answer 114

• Hardware or software that records all keystrokes

Question 115

What is Page-in-the-Middle

Answer 115

• The user is directed to a different page than believed or intended

Question 116

What is a download substitution?

Answer 116

• The attacker creates a page with seemingly harmless and desirable programs for download
• Instead of, or in addition to, the intended functionality, the user installs malware

Question 117

What is clickjacking?

Answer 117

• A way of tricking user into providing desired input, like personal information

Question 118

What is Drive-by download?

Answer 118

Code is downloaded, installed, and executed on a computer without the user’s knowledge.

Question 119

What is SQL injection?

Answer 119

Injecting SQL code into an exchange between an application and its database server

Question 120

What is Phishing?

Answer 120

A message that tries to trick a victim into providing private information or taking some other unsafe action

Question 121

What is Spear phishing?

Answer 121

A more personalized attack to a particular recipient or set of recipients

Question 122

What is Whaling?

Answer 122

Attacks directed at high-profile targets such as CEO:s…

Question 123

What is Rate limiting?

Answer 123

countermeasure that reduces the impact of an attack by limiting capacity to a host/network