ISC2 - Study Notes 12

Question 1

The data plane (sometimes called the forwarding plane) uses rules within an ACL to identify whether the router will pass traffic or block traffic.

The control plane is responsible for identifying paths to other networks. Routers typically do this with routing protocols such as OSPF and BGP.

SDNs separate the data and control planes to provide logical segmentation of networks.

Answer 1

Info

Question 2

VM escape is a known attack against virtual systems. If successful, an attacker can access the host system and all virtual systems within the host.

Customers have the most maintenance and security responsibility for IaaS and the least responsibility for SaaS.

Answer 2

Info

Question 3

is sometimes called Hardware-as-a-Service, and this is a good way to think of it. Customers rent access to hardware, such as servers and networking infrastructure, and the vendor maintains the hardware. The customer is responsible for installing operating systems and applications on the hardware, and is responsible for maintenance of the operating systems and applications.

Answer 3

IaaS

Question 4

This includes hardware, an operation system, and applications. Customers may install the applications from a list of available options, or the vendor may install the applications. The vendor performs all the hardware maintenance on the server, and typically performs most of the software maintenance.

Answer 4

PaaS

Question 5

Public cloud–based services are provided by third-party vendors and are available to anyone.

A private cloud is available only to users within an organization.

A community cloud is a private cloud that is shared by two or more organizations.

hybrid cloud is a combination of any two or more clouds.

Answer 5

Clouds

Question 6

refers to any process that searches data with the goal of using it as evidence. It also includes locating and securing the data so that it can be used in a civil or criminal case. Using a cloud provider from a local jurisdiction ensures that ??? processes can be used when necessary.

Answer 6

E-discovery

Question 7

criminals must have motive, means, and opportunity to complete a crime. The motive for an attacker is often money, but can also be revenge, espionage, or other reasons. The opportunity is available for anyone with Internet or internal access. The means is often with some type of malicious code.

Answer 7

MOM

Question 8

System Isolation : most commonly done with ICSs or classified networks.

Data theft refers to any attack that allows the attacker to exfiltrate data from an internal network.

Answer 8

Info

Question 9

In a SYN flood attack (also called a TCP SYN, TCP flood, and TCP half-open attack), the attacker floods a system with SYN packets but withholds the third packet in the TCP handshake process.

A ping of death attack changes the size of the ping packet to more than 64KB.

(LAND) attack tricks a system into sending out packets to itself in an endless loop. In other words, the source and destination addresses are set to the attacked system.

Answer 9

Attacks

Question 10

Promiscuous mode allows a sniffer to capture all data that reaches the sniffer. When the sniffer runs in nonpromiscuous mode, it will only capture data sent directly to or from the system running the sniffer.

Answer 10

Info