Lecture 2

Question 1

The goal of _____ is to prevent unauthorized access to objects

Answer 1

access control

Question 2

Malicious users are called what?

Answer 2

Crackers (attackers)

Question 3

True/Flase: A hacker is someone who is just a technology enthusiast, not intent on causing harm.

Answer 3

True

Question 4

the process of identifying, understanding, and categorizing potential threats is what?

Answer 4

Threat modeling

Question 5

A group of attackers that work together to go after targets (are can be government funded), regardless of ease of access, are called what?

Answer 5

Advanced persistent threats (APT)

Question 6

The process of detecting unauthorized or abnormal activities is called what?

Answer 6

monitoring

Question 7

This ensures that people are held accountable for their actions and can help reconstruct events for prosecution, and to create reports.

Answer 7

monitoring

Question 8

Audit and logging tools help with _____.

Answer 8

monitoring

Question 9

What are 5 common logs?

Answer 9

Security logs
System logs
application logs
firewall logs
change logs

Question 10

An___________ is a tool that automates the inspection of audit logs and real-time system events. It provides accountability and enables timely and accurate responses to an intrustion.

Answer 10

Intrusion Detection System (IDS)

Question 11

What are the 3 types of responses for an IDS?

Answer 11

Passive- records the intrusion and alerts
Active- affects/attempts to stop the intrusion. (limited capabilities)
Hybrid- records and affects/stops the intrusion

Question 12

What are the 4 types of IDS?

Answer 12

Host-based
Network-based
Knowledge-based
Behavior-based

Question 13

A ______ is a system placed on the network that is usually an easy target (not patched, vulnerable to attacks). It is designed to attract an intruder and keep them busy on the system.

Answer 13

Honepot

Question 14

This is used to test a system for known security vulnerabilities and weaknesses.

Answer 14

Vulnerability scanner

Question 15

An_____ seeks to actively block unauthorized connection attempts or illicit traffic patterns as they occur

Answer 15

Intrusion Prevention System (IPS)

Question 16

Penetration testing is used for what?

Answer 16

To determine the strength of the security measures

Question 17

_______ is used to find any and all detectable weaknesses in the security perimeter.

Answer 17

Penetration testing

Question 18

True/False: Penetration testing should be done whenever you think there is a weakness and you want to prove it.

Answer 18

False.

Penetration testing should only be done with prior approval/coordination of the security staff.

Question 19

A _____ attack is testing all possible valid combinations of a given character set.

Answer 19

Brute Force

Question 20

Using a table of predefined words/potential passwords is what type of attack?

Answer 20

Dictionary

Question 21

A _____ is when a reverse hash is matched from a possible password and the hash value stored in the database file.

Answer 21

Birthday attack

Question 22

What attack is used to prevent a system from processing or responding to legitimate traffic or requests.

Answer 22

Denial of Service (DoS)

Question 23

This type of attack is when someone uses other systems as zombies/slaves to send illegitimate traffic to a destination to prevent legitimate traffic from getting through.

Answer 23

Distributed Denial of Service (DDoS)

Question 24

A SYN Flood attack is a type of DoS attack where multiple SYN packets are sent to a system. What is the purpose of the SYN flood?

Answer 24

Break the TCP/IP 3-way handshake. It leaves sessions open but not connected, taking up system resources.

Question 25

A _____ attack occurs when an amplifying server or network is used to flood a victim with useless data

Answer 25

smurf

Question 26

An attack where a valid source and/or destination IP address is replaced with false ones, is called what?

Answer 26

Spoof attack

Question 27

What are 2 countermeasures for spoofing attacks?

Answer 27

source/destination verification on routers

IDS

Question 28

When someone is intercepting traffic (sniffing) as it goes between a source and destination it is called what?

Answer 28

Man in the middle attack

Question 29

When someone intercepts traffic as a store and forward mechanism what type of attack is it?

Answer 29

Man in the middle attack

Question 30

A type of Man in the middle attack where an attacker captures traffic and records it, then re-transmits it to that server with slight variations.

Answer 30

Replay or playback attack

Question 31

Gathering information on the network to obtain information about the network or traffic going over the network is called what?

Answer 31

Sniffer attack

Question 32

_____ is unwanted or unsolicited messages and can cause DoS attacks.

Answer 32

Spam

Question 33

Numerous types of attacks are designed to bypass access control.
In addition to specific countermeasures for each of these attacks, certain measures can be used to help compensate for access control violations.
What are these called?

Answer 33

Access Control Compensations

Question 34

Access control compensations include (list at least 3)

Answer 34

Insurance
Business Continuity plan
Backup and recovery
fault-tolerance