Lesson 13: Explaining Common Security Concepts

Question 1

What are the 3 concepts of the CIA triad?

Answer 1

1. Confidentiality
2. Integrity
3. Availability

Question 2

Define confidentiality in the CIA triad

Answer 2

Confidentiality means that certain information should only be known to certain people.

Question 3

Define integrity in the CIA triad

Answer 3

Integrity means that the data is stored and transferred as intended and that any modification is authorized.

Question 4

Define availability in the CIA triad

Answer 4

Availability means that information is accessible to those authorized to view or modify it.

Question 5

Define a vulnerability

Answer 5

A weakness that could be accidentally triggered or intentionally exploited to cause a security breach

Question 6

Define a threat

Answer 6

The potential for someone or something to exploit a vulnerability and breach security. A threat may be intentional or unintentional. The person or thing that poses the threat is called a threat actor or threat agent.

Question 7

Define an attack vector

Answer 7

The path or tool used by a threat actor

Question 8

Define risk

Answer 8

The likelihood and impact (or consequence) of a threat actor exercising a vulnerability

Question 9

Define risk management

Answer 9

A process for identifying, assessing, and mitigating vulnerabilities and threats to the essential functions that a business must perform

Question 10

Define risk assessment

Answer 10

A subset of risk management where a company’s systems and procedures are evaluated

Question 11

Define a mission essential function (MEF)

Answer 11

Business or organizational activity/process that is too critical to be deferred for anything more than a few hours, if at all

Question 12

Define Business impact analysis (BIA)

Answer 12

Activity that identifies organizational risks and asses their effect on ongoing, mission critical operations as well as what losses might occur for a range of threat scenarios

Question 13

Define business continuity planning (BCP)

Answer 13

Identifies controls and processes that enable an organization to maintain critical workflows in the face of some adverse event

Question 14

Define an exploit

Answer 14

Specific code or method of using a vulnerability to gain control of a system or to cause damage

Question 15

Define a zero-day vulnerability/exploit

Answer 15

A vulnerability that is exploited before the developer knows about it or can release a patch

Question 16

Define a legacy system

Answer 16

A legacy system is one where the software vendor no longer provides support or fixes for problems

Question 17

Define a vulnerability assesment

Answer 17

An evaluation of a system’s security and ability to meet compliance requirements based on the configuration state of the system; determines if the current configuration matches the ideal configuration (the baseline)

Question 18

What does CVE stand for?

Answer 18

Common Vulnerabilities and Exposers

Question 19

What is the purpose of a CVE?

Answer 19

A scheme for identifying vulnerabilities

Question 20

What is the construction of a CVE identifier?

Answer 20

CVE-YEAR-ORDER DISCOVERED

Question 21

Define an external threat

Answer 21

A threat actor that has no account or authorized access to the targeted system

Question 22

Define an internal threat

Answer 22

A threat actor that has been granted permissions/access on the system

Question 23

Define Security Information and Event Management (SIEM)

Answer 23

Solution that provides real-time or near-real-time analysis of security alerts/logs generated by network hardware and applications

Question 24

What is the primary function of SIEM?

Answer 24

To aggregate logs from multiple sources, and to correlate individual events into indicators of compromise (IOC)

Question 25

What is a pen test?

Answer 25

Active test that uses tools and security utilities to evaluate security by simulating a live attack on a system

Question 26

Define Privileged Account Management (PAM)

Answer 26

Policies, procedures, and technical controls to prevent the malicious abuse of privileged accounts and to mitigate risks from weak configuration control over privileges

Question 27

What are the 3 principals of Priviledged Account Management (PAM)

Answer 27

1. Least privilege
2. Role-based access
3. Zero trust

Question 28

Define least privilege

Answer 28

Principle of security stating that a user should be allocated the minimum necessary rights, privileges, or information to perform its role

Question 29

What is the purpose of least privilege?

Answer 29

Mitigates the risk if the account becomes compromised

Question 30

Define authorization creep

Answer 30

Refers to when a user requires more rights over time

Question 31

Define role-based access

Answer 31

Access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions (read, write, modify, etc) based on job functions

Question 32

Define zero trust

Answer 32

Security design paradigm where any request (host-to-host or container-to-container) must be authenticated before being allowed

Question 33

What are the ways to implement zero trust?

Answer 33

1. Uses systems such as continuous authentication and conditional access to mitigate privilege escalation and account compromise
2. Micro segmentation - is a security process that is capable of applying policies to a single node, as though it was in a zone of its own

Question 34

What is the purpose of an access control system?

Answer 34

Set of technical security controls that govern how subjects are permitted to interact with objects

Question 35

Define a subject

Answer 35

A user, device, or software process; anything that can request and be granted access to a resource

Question 36

Define an object

Answer 36

networks, servers, databases, files, etc

Question 37

Define an Access Control List (ACL)

Answer 37

Collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given

Question 38

Define Identity and Access Management (IAM)

Answer 38

Security system that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets

Question 39

What processes does an Identity and Access Management (IAM) system perfrom?

Answer 39

1. Identification
2. Authentication
3. Authorization
4. Accounting

Question 40

Define the Identification process

Answer 40

Creating an account or ID that identifies the user, device, or process on the network

Question 41

Define the authentication process

Answer 41

Proving that a subject is who or what it claims to be when it attempts to access the resource when the account holder submits credentials to the system to request access and the system compares the submitted credentials to credentials stored in the system

Question 42

Define the authorization process

Answer 42

Determining what rights subjects should have on each resource and enforcing those rights

Question 43

Define the accounting process

Answer 43

Tracking authorized usage of a resource or use of rights by a subject and alerting when unauthorized use is detected or attempted

Question 44

Name the different authentication factors

Answer 44

1. Knowledge factor
2. Ownership factor
3. Biometric factor
4. Behavioral factor
5. location factor

Question 45

Define a knowledge authentication factor

Answer 45

Something you know (password/passphrase)

Question 46

Define a ownership authentication factor

Answer 46

Something you have (smartcard)

Question 47

Define a human/biometric authentication factor

Answer 47

something you are (fingerprint)

Question 48

Define a behavioral authentication factor

Answer 48

Something you do (making a signature)

Question 49

Define a location authentication factor

Answer 49

Somewhere you are (a mobile device with location services)

Question 50

Define multifactor authentication

Answer 50

Authentication scheme that requires the user to present at least two or more different factors as credentials

Question 51

What is the default authentication factor for local authenticaiton?

Answer 51

Knowledge factor - A password or PIN

Question 52

How is knowledge factor authentication secured in a credential database?

Answer 52

By cryptographic hashes

Question 53

What is a cryptographic hash?

Answer 53

A function that converts any string to a unique, fixed-length code

Question 54

How does an authenticator verify a password?

Answer 54

By converting the user submitted password into a hash, and and comparing it against the one in the database

Question 55

Define windows local sign-in

Answer 55

The Local Security Authority (LSA) compares the submitted credential to a hash stored in the Security Accounts Manager (SAM) database, which is part of the registry

Question 56

Define windows network sign-in

Answer 56

The local security authority (LSA) can pass the credentials for authentication to Kerberos

Question 57

Where are user account names stored in linux?

Answer 57

in /etc/passwd

Question 58

Where does the linux system store password hashes?

Answer 58

in /etc/shadow

Question 59

Define a pluggable authentication module (PAM)

Answer 59

A PAM is a package for enabling smart cards

Question 60

Define Single Sign-On (SSO)

Answer 60

Authentication technology that enables a user to authenticate once and receive authorizations for multiple services

Question 61

Define Kerberos

Answer 61

Provides SSO authentication in a windows domain.

Question 62

What is the purpose of a Key Distribution Center (KDC)

Answer 62

A technology that verifies the identity of a client and the server its requesting resources from such as a domain controller

Question 63

What are the two functions that make up a Key Distribution Center (KDC)?

Answer 63

1. The authentication service
2. Ticket granting service

Question 64

What is the purpose of the authentication service of a Key Distribution Center (KDC)

Answer 64

Responsible for authenticating user logon requests and services

Question 65

What does a Key Distribution Center (KDC) do after authenticating a service/user?

Answer 65

Once the client/service has authenticated, the KDC presents the user with a ticket granting ticket

Question 66

What is a ticket granting ticket?

Answer 66

Allows user to request service ticket that grant access to a target resource

Question 67

How does a client/service gain access to a resource?

Answer 67

By requesting a service ticket by supplying the Ticket Granting Ticket to the Ticket Granting Service

Question 68

What is the purpose of a digital certificate?

Answer 68

Identification and authentication information presented in the X.509 format and issued by a Certificate Authority (CA) as a guarantee that a key pair (as identified by the public key embedded in the certificate) is valid for a particular subject (user or host)

Question 69

Define asymmetric encryption

Answer 69

Public key cryptography; allows users to encrypt information using key pairs

Question 70

List one way cryptographic key pairs are used

Answer 70

When receiving data, the public key pair is given to encrypt the data before transmission, and the message can only be decrypted by the private key pair that only the recipient has

Question 71

List another way cryptographic key pairs are used

Answer 71

When authenticating to a remote system, create a signature and sign it by encrypting it with the private key, and when its received by the recipient they will decrypt it with the public key

Question 72

What is the biggest problem with public key cryptography?

Answer 72

Proving the identity of the owner of a public key

Question 73

What is the purpose of Public Key Infrastructure (PKI)?

Answer 73

Aims to prove the identity of the owners of a public key

Question 74

What purpose does a digital certificate serve?

Answer 74

A wrapper/placeholder for a pubic key as well as information about the subject (entity)

Question 75

Define the Extensible Authentication Protocol (EAP)

Answer 75

Framework for negotiating authentication methods that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication

Question 76

How is 802.1X Port-based Network Access Control (NAC) implemented?

Answer 76

Encapsulating EAP communications over a LAN (EAPoL) to implement port-based authentication

Question 77

What authentication protocol does 802.1X port-based Network Access Control (NAC)

Answer 77

AAA

Question 78

Define AAA architecture

Answer 78

Authentication, authorization, accounting

Question 79

What is RADIUS (remote authentication dial-in user service)?

Answer 79

AAA protocol used to manage remote and wireless authentication infrastructures over UDP ports 1812 and 1813

Question 80

What is TACACS+ (Terminal Access Controller Access Control System)?

Answer 80

AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management over TCP port 49

Question 81

Define LDAP (Lightweight directory access protocol)

Answer 81

Network protocol used to access network directory databases, which store information about authorized users and their privileges over TCP/UDP port 389

Question 82

Define simple bind authentication

Answer 82

The client must supply its distinguished name (DN)/identity and password, but these are passed as plaintext

Question 83

Define Simple Authentication and Security Layer (SASL)

Answer 83

The client and server negotiate the use of a supported authentication mechanism, such as Kerberos

Question 84

What is LDAP Secure (LDAPS)

Answer 84

The LDAP server is installed with a digital certificate, which it uses to set up a secure tunnel for the user credential exchange over TCP port 636

Question 85

Which kind of bandwidth management technology uses a header field to indicate a priority value for a layer 3 (IP) packet?

Answer 85

DiffServ