N10-009-Section_4

Question 1

Data in Transit/Motion

Answer 1

Data in Transit refers to the process of securing data as it is transmitted between systems, devices, or networks. Usually referred to in the context of security and how to encrypt said data while it’s in motion

Question 2

Data at Rest

Answer 2

Data at Rest refers to the process of securing stored data by encrypting it to protect it from unauthorized access, theft, or breaches when it is not actively being transmitted or used. This includes data stored on devices such as servers, hard drives, SSDs, USB drives, or cloud storage.

Question 3

PKI

Answer 3

PKI (Public Key Infrastructure) is a framework (policies, procedures, hardware, software, people) used to manage digital certificates and public-key encryption, enabling secure communication and authentication over networks. Uses key pair

Question 4

CA

Answer 4

Certificate Authority - A third party that is trusted to sign digital certificates - this is a public entity that is not within your org

Question 5

IAM

Answer 5

IAM (Identity and Access Management) is a framework of policies, processes, and technologies used to manage digital identities and control access to resources within an organization. It ensures the right individuals have access to the right resources at the right times, while keeping unauthorized access at bay.

Question 6

Least Privilege

Answer 6

Users only have the minimum access they need to perform job

Question 7

RBAC

Answer 7

Role-based Access Control. Users are in groups that give them permissions to resources

Question 8

Geofencing

Answer 8

Geofencing, refers to the use of virtual boundaries, defined by GPS or RFID technology, to control or monitor network access, device usage, or services based on a specific geographic location.

Question 9

AAA

Answer 9

Authentication, Authorization, Accounting

Question 10

Identification

Answer 10

Part of Authentication. Keeping track of who is who. Who you are, your username/email - this is public information

Question 11

Authentication

Answer 11

Goes hand in hand with Identification. The act of proving you are who you say you are. password, or other MFA

Question 12

Authorization

Answer 12

Based on who you, what access do you have?

Question 13

Accounting

Answer 13

Resources used, login time, data sent and received, logout time

Question 14

RADIUS

Answer 14

Remote Authentication Dial-in User Service. An AAA protocol supported on many platforms to centralize authentication for users. Can be used for server authentication, routers, switches, firewalls, Remote VPN access, 802.11X network access.

Question 15

LDAP

Answer 15

Lightweight Directory Access Protocol. Protocol for reading and writing directories over an IP network. Uses the X.500 standard (a directory standard)

Question 16

X.500

Answer 16

A standard for organizing directories. Uses attribute=value pairs. CN=Common Name, OU=Organizational Unit and so on.

Question 17

Container Objects

Answer 17

In an X.500 directory, Container Objects store and organize Leaf Objects. An OU.

Question 18

Leaf Objects

Answer 18

In an X.500 directory, Leaf Objects represent the users, computers, printers and files themselves

Question 19

SAML

Answer 19

Security Assertion Markup Language. An open standard for authentication and authorization. Manifests as a service itself that provides authentication to other services. The SAML service will authenticate the user, then pass a SAML assertion to the service provider of the service the user is trying to access. SAML is used a lot when using SSO for web-apps. SAML was not built for mobile devices and is weak in this area.

Question 20

TACACS

Answer 20

Terminal Access Controller Access Control System. A remote authentication protocol originally created to control access to dial-up lines to ARPANET

Question 21

TACACS+

Answer 21

Terminal Access Controller Access Control System Plus. The latest version of TACACS. Usually associated with Cisco products.

Question 22

TOTP

Answer 22

Time-based One-time Password - random code that changes every few seconds for authentication. Generated from a secret key and the time of day (or something like that). Not really random, both the server and the client have synchronized clocks and the secret key so they will generate the same code at the same time.

Question 23

Honeypot

Answer 23

A host designed to be enticing for hackers to try and hack. Hackers can reveal vulnerabilities so the network admins can put preventative measures in place

Question 24

Honeynet

Answer 24

A network of honeypots. This will look more “real” to an attacker. Contains servers, workstations, routers, switches etc�

Question 25

Risk

Answer 25

An exposure to harm or danger

Question 26

Threat

Answer 26

Threat: The potential danger. A threat is any potential danger that could harm or disrupt an organization’s network, data, or resources. Threats can come from various sources, including malicious attackers (hackers), natural disasters (such as floods or fires), or even internal users (whether intentional or accidental). In essence, a threat is anything that poses a risk to the confidentiality, integrity, or availability of network resources.

Question 27

Vulnerability

Answer 27

Vulnerability: The weakness that could be targeted. A vulnerability is a weakness or flaw in a system, network, software, or process that could be exploited by a threat. Vulnerabilities could exist in outdated software, poor network configurations, weak passwords, or unpatched systems. If a vulnerability is not addressed, it increases the likelihood that a threat could compromise the system or network.

Question 28

Exploit

Answer 28

Exploit: The action taken to use the vulnerability maliciously. An exploit is the specific method or technique used to take advantage of a vulnerability in order to carry out an attack. Exploits are often developed by attackers to bypass security controls and gain unauthorized access, manipulate data, or disrupt services. Examples of exploits include malware, phishing attacks, or specially crafted software designed to trigger a vulnerability.

Question 29

CIA

Answer 29

Confidentiality, Integrity, Availability. Sometimes (ICA)

Question 30

Confidentiality

Answer 30

Prevent disclosure of information to unauthorized individuals or systems

Question 31

Integrity

Answer 31

Ensure data remains un-edited when sent across a network (unless there is some kind of detection in place)

Question 32

Availability

Answer 32

Data needs to be available for access when its needed

Question 33

Data Localization

Answer 33

Any data from a region or country must be stored within that region or country

Question 34

PCI DSS

Answer 34

PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. It was created by the Payment Card Industry Security Standards Council (PCI SSC) to protect cardholder data and prevent fraud.

Question 35

GDPR

Answer 35

GDPR (General Data Protection Regulation) is a comprehensive data protection law enacted by the European Union (EU) to regulate the collection, storage, and use of personal data of individuals within the EU. It went into effect on May 25, 2018, and applies to any organization, regardless of location, that processes the personal data of EU residents.

Question 36

List the 6 Control Objectives of PCI DSS

Answer 36

1 Build and maintain a secure network and systems, 2 Protect cardholder data, 3 Maintain a vulnerability management program, 4 Implement strong access control measures, 5 Regularly monitor and test networks, 6 Maintain an information security policy

Question 37

SCADA

Answer 37

Supervisory Control and Data Acquisition, Designed for long distance stuff like Oil piplines or railways. ICS systems need to be more ready to control cause it may take time before a human can get onsite and interact, SCADA has a remote terminal unit (not used in traditional ICS)

Question 38

OT

Answer 38

Operational Technology. Hardware and software for industrial equipment. Electric Grids, traffic lights, manufacturing plants

Question 39

DoS

Answer 39

Denial of Service, forces a service to fail

Question 40

Friendly DoS

Answer 40

Unintentional DoSing. Layer 2 loop without STP, downloading a large file on a limited bandwidth connection

Question 41

DDoS

Answer 41

Distributed Denial of Service. Attack from a large botnet

Question 42

Asymmetric Threat

Answer 42

When a hacker/attacker has fewer resources than the victim

Question 43

DDoS Reflection and Amplification

Answer 43

An attacker uses a protocol with a small bit of a data. Example, a botnet could send a simple DNS query packet, the DNS server response is much larger than the initial packet, the botnet is also spoofing the source address so the DNS server responses flood back to the web-server (the spoofed address)

Question 44

Switch Spoofing

Answer 44

One way to VLAN hop. Some switches are configured to detect a connection from another switch and automatically set up a trunk port. In this case, a bad switch could be plugged in and then have VLAN traffic sent to itself or another malicious clients. Could also be some device impersonating a switch.

Question 45

Double Tagging

Answer 45

An extra VLAN tag is placed on packets so when that packet is stripped of its VLAN tag as it passes through the switch, it has the VLAN tag of a VLAN it didn�t come through, then the switch will send that packet on to the “wrong” VLAN. Requires that the attacker know the Native VLAN

Question 46

MAC Flooding

Answer 46

An attacker will send a ton of frames to a switch and change its MAC address each time. This will quickly fill up the MAC table on the switch. When a MAC table is full on a switch, the switch just forwards the frames to everything its connected to. Effectively turns the switch into a hub. The attacker can then capture all traffic sent to the switch. Usually there are settings on the switch to prevent flooding from a single interface (switch port)

Question 47

ARP Poisoning (Spoofing)

Answer 47

An attacker will send an unsolicited ARP response to the victim saying “I’m 192.168.1.1” (the router). The victim will accept this response and remove the old MAC for the real router from its ARP cache

Question 48

DNS Poisoning

Answer 48

An attacker could modify the host file on the client, the host file takes priority over the DNS server, or could hack into the DNS server and change the IP address for certain records. The DNS server will then redirect traffic to the attackers computer.

Question 49

DHCP Snooping

Answer 49

A feature on higher-grade switches. Has a list of all known-good MAC addresses for DHCP clients, If an unknown MAC starts sending the DHCP server messages, the server can block it

Question 50

Rogue AP

Answer 50

Unauthorized AP plugged into a network. Can give unauthorized access to a network

Question 51

802.11X

Answer 51

Network Access Control. Requires clients to authenticate, regardless of the connection type. Could prevent rogue ap connection

Question 52

Evil Twin

Answer 52

A Rogue AP with the same SSID as a legitimate network to fool people into connecting - when they are connected you can packet sniff and whatever else. The clients can still access the internet and won’t know the difference. Wireless Evil Twin’s can overpower their antennas to entice clients by using a stronger signal

Question 53

On-Path Attack

Answer 53

Man in the middle, Session highjacking, HTTPS Spoofing, WiFi Eavesdropping, ARP poisoning. Encrypting fixes most of these attacks

Question 54

Virus (What makes it different from other malware)

Answer 54

Malware that requires human interaction to replicate

Question 55

Worm (What makes it different from other malware)

Answer 55

Malware that does not require human interaction to replicate. More dangerous than Virus

Question 56

Rootkit

Answer 56

Malware that can hide in the OS itself. Very hard to find and remove

Question 57

Logic Bomb

Answer 57

A logic bomb is a type of malicious code or software that triggers a harmful action when specific conditions are met, such as a particular date, time, or action within a system. Unlike other malware that might immediately execute upon entering a system, a logic bomb remains dormant until the specified condition activates it.

Question 58

Trojan

Answer 58

Malware that is disguised as legitimate software

Question 59

Port Security

Answer 59

Many switches will have the option to auto-disable the port if an unknown MAC is plugged in

Question 60

NAC

Answer 60

Network Access Control. You can’t communicate unless you’ve authenticated. This can be applied to more than just WiFi Networks. Switch Interfaces/Ports

Question 61

ACL

Answer 61

Access Control List. Allow or disallow traffic based on rule that can be based on MAC addresses, IP addresses, Port numbers, time of day, etc..

Question 62

NGFW

Answer 62

Next Generation Firewall

Question 63

Screened Subnet

Answer 63

Formerly known as a DMZ

Question 64

Security Zones

Answer 64

Firewall configuration. Zoned based security technology. More flexible and secure than IP address ranges. Each area of the network is associated with a zone. Trusted, untrusted, internal, external