Lecture 2 Flashcards

Attacks & Monitoring

1
Q

The goal of _____ is to prevent unauthorized access to objects

A

access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Malicious users are called what?

A

Crackers (attackers)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

True/Flase: A hacker is someone who is just a technology enthusiast, not intent on causing harm.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

the process of identifying, understanding, and categorizing potential threats is what?

A

Threat modeling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A group of attackers that work together to go after targets (are can be government funded), regardless of ease of access, are called what?

A

Advanced persistent threats (APT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The process of detecting unauthorized or abnormal activities is called what?

A

monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

This ensures that people are held accountable for their actions and can help reconstruct events for prosecution, and to create reports.

A

monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Audit and logging tools help with _____.

A

monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are 5 common logs?

A
Security logs
System logs
application logs
firewall logs
change logs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An___________ is a tool that automates the inspection of audit logs and real-time system events. It provides accountability and enables timely and accurate responses to an intrustion.

A

Intrusion Detection System (IDS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the 3 types of responses for an IDS?

A

Passive- records the intrusion and alerts
Active- affects/attempts to stop the intrusion. (limited capabilities)
Hybrid- records and affects/stops the intrusion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the 4 types of IDS?

A

Host-based
Network-based
Knowledge-based
Behavior-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A ______ is a system placed on the network that is usually an easy target (not patched, vulnerable to attacks). It is designed to attract an intruder and keep them busy on the system.

A

Honepot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

This is used to test a system for known security vulnerabilities and weaknesses.

A

Vulnerability scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An_____ seeks to actively block unauthorized connection attempts or illicit traffic patterns as they occur

A

Intrusion Prevention System (IPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Penetration testing is used for what?

A

To determine the strength of the security measures

17
Q

_______ is used to find any and all detectable weaknesses in the security perimeter.

A

Penetration testing

18
Q

True/False: Penetration testing should be done whenever you think there is a weakness and you want to prove it.

A

False.

Penetration testing should only be done with prior approval/coordination of the security staff.

19
Q

A _____ attack is testing all possible valid combinations of a given character set.

A

Brute Force

20
Q

Using a table of predefined words/potential passwords is what type of attack?

A

Dictionary

21
Q

A _____ is when a reverse hash is matched from a possible password and the hash value stored in the database file.

A

Birthday attack

22
Q

What attack is used to prevent a system from processing or responding to legitimate traffic or requests.

A

Denial of Service (DoS)

23
Q

This type of attack is when someone uses other systems as zombies/slaves to send illegitimate traffic to a destination to prevent legitimate traffic from getting through.

A

Distributed Denial of Service (DDoS)

24
Q

A SYN Flood attack is a type of DoS attack where multiple SYN packets are sent to a system. What is the purpose of the SYN flood?

A

Break the TCP/IP 3-way handshake. It leaves sessions open but not connected, taking up system resources.

25
Q

A _____ attack occurs when an amplifying server or network is used to flood a victim with useless data

A

smurf

26
Q

An attack where a valid source and/or destination IP address is replaced with false ones, is called what?

A

Spoof attack

27
Q

What are 2 countermeasures for spoofing attacks?

A

source/destination verification on routers

IDS

28
Q

When someone is intercepting traffic (sniffing) as it goes between a source and destination it is called what?

A

Man in the middle attack

29
Q

When someone intercepts traffic as a store and forward mechanism what type of attack is it?

A

Man in the middle attack

30
Q

A type of Man in the middle attack where an attacker captures traffic and records it, then re-transmits it to that server with slight variations.

A

Replay or playback attack

31
Q

Gathering information on the network to obtain information about the network or traffic going over the network is called what?

A

Sniffer attack

32
Q

_____ is unwanted or unsolicited messages and can cause DoS attacks.

A

Spam

33
Q

Numerous types of attacks are designed to bypass access control.
In addition to specific countermeasures for each of these attacks, certain measures can be used to help compensate for access control violations.
What are these called?

A

Access Control Compensations

34
Q

Access control compensations include (list at least 3)

A

Insurance
Business Continuity plan
Backup and recovery
fault-tolerance