Network Security Flashcards
What is the abbreviation for information security?
InfoSec
What is the abbreviation for security operations?
SecOps
What is a person, device, information or locations that SecOps aims to protect from attack
Asset
What is an action taken by a threat that exploits a vulnerability?
Attack
What is the potential of a threat to exploit a vulnerability?
Risk
What is the abbreviation for IT security operations responsible for protecting assets by reducing the risk of attacks?
SecOps
What is something or someone that can exploit a vulnerability to attack an assett?
Threat
What is a weakness in software, hardware, facilities or humans that can be exploited by a threat?
Vulnerability
What is an indispensable tool for detecting vulnerabilities within servers, computers and network devices?
Vulnerability Scanner
You need to protect your assets from both what?
Physical and electronic security matters
Blank that aren’t changed in network devices are easy to find online for an attacker
Default passwords
What unleashes a multitude of viruses or malware or ransomware into a network from one seemingly innocuous computer?
Trojan Horse
What is a virus laying in wait for some preordained time or a trigger to release its attack?
Advanced Persistent Threat (APT)
What is the real danger of an APT attack?
Backups are infected
What is the term for an exploit or vulnerability that is not yet known to the public, so there is no patch available to mitigate it.
Zero Day Exploits
Who allows administrators to forward unknown or suspicious code patterns for analysis?
Intrusion Prevention System (IPS) vendors
Who is tasked with attempting to compromise a network’s security?
Penetration tester
Who is responsible for scanning servers and network devices for known vulnerabilities?
Vulnerability tester
What is nessus.com
Vulnerability scanning tool
Which team attempts to compromise the security?
Red team
Which team attempts to defend a network’s security?
Blue team
Which team is the continuous improvement team that debrief and cross-train each other after an attack?
Purple team
Who are IT professionals who specialize in penetrating or compromising network security but only to help improve its own security posture?
White hat hackers
Who possess the knowledge and will to breach systems for profit?
Black hat hackers
Who have no permission to attack a network, but they have no malicious intent?
Grey hat hackers
What is the key to preventing insider threats?
Minimum set of permissions
What is the term for intellectual property theft by nation states with large budgets?
Industrial espionage
Who are copycat criminals of the hacker world who hack out of curiosity with a lack of knowledge?
Script Kiddies
What is the term for someone or something that can exploit a vulnerability to attack an asset?
Threat
Which attack comes from the historical technique that allows the attacker to eavesdrop a conversation between two humans or two computers?
Wiretapping
What is a device called that listens and records traffic on the network?
Packet sniffer
What are fiber optic cables immune to attack-wise?
EMF listening devices
What is the term for an application that can systematically check each port by sending thousands of TCP/IP packets to the victim’s computer?
Port scanner
What is a popular target of attacks because they typically contain high-value information?
Database servers
When the attacker knows what ports are accepting traffic, they can run what against the victim’s computer to see if any of the services can be easily exploited?
Vulnerability scanner
What type of attack allows an attacker to take control of a database server by inserting special commands into input boxes instead of entering basic text?
SQL injection
What type of attack is made possible by applications that do not properly validate user input for extraneous content. The attacker purposefully enters text that is too large to fit within a region of memory
Buffer overflow
Reviewing your source code and enabling the NX-bit (no execute functionality on the computer are two ways to prevent what type of attack?
Take control attack
What attack is made more difficult by advances in networking, like the Ethernet switch?
Spoofing
What is the term for an attacker impersonating the sender and receiver of network traffic?
Spoofing the identinty
Which attack wants to intercept the communication between a client computer and a server?
Man in the middle attack
What attack is used to cause an Ethernet switch to flood all traffic to every port of the switch?
ARP poisoning
What is the term for an attack that overwhelms a victim’s computer wit enormous amounts of useless traffic?
Denial of Service (DOS) attack
What attack would send the victim malformed ICMP packet that would cause it to crash?
Ping of death
What attack overwhelms a victim’s computer with an immense volume of ICMP packets all containing a forged, randomized service address?
Ping flood
Which attack is a distributed DoS attack in which the attacker sends an ICMP echo request to a large IP subnet specifying the victim’s address as the source address?
Smurf attack
What attack causes the victim’s computer to consume excessive CPU time as is constantly sets up and tears down thousands of encrypted sessions over and over again?
SSL attack
What is the act of manipulating human users to gain access or information?
Hacking a human
What is the act of pretending to be an employee or vendor in order to gain access to the network?
Impersonating
What is the social engineering attack that gets information voluntarily from the victim through email or phone?
Phishing
What is the term for a server or device that is configured to appear to have legitimate data?
Honey pot
Honeypot is also known as what?
tar pit
The goal of what is to provide a false positive for the attacker and make them believe the fake data is real.
Honey pot
What can contain tracking information that can be obtained by the intrusion detection system in order to collect data on the attacker?
Tar pit server
The best way to secure the network is use what in a what manner?
Multiple tools; overlapping
What does IPS stand for?
Intrusion Prevention System
Minimize exposure to attack by keeping your what up to date
patches
What guides help you remove unnecessary services & features that may be susceptible to attack?
Security-hardening
You should test and develop what before a virus attack occurs?
Containment plans
Run blank on your system regularly and keep the virus definition up-to-date as possible to help you detect new and emerging threats
antivirus and anti-malware scans
What does CIA stand for?
Confidentiality, Integrity, Availability
What in the CIA triad limits access?
Confidentiality
What in the CIA triad enables you to trust the information?
Integrity
What in the CIA triad ensures you have access to the information?
Availability
Blank is critical in security management. Some orgs create specific classifications for their data that define different sensitivity levels, each with specific policies
Consistency
The goal of what in the CIA triad is to prevent an unauthorized user from accessing, copying, or transmitting the information
Confidentiality
Confidentiality is often equated to what?
Privacy
What ensures that only the intended recipient of the information can access it, following a need-to-know policy and destroying all copies that are no longer needed.
Privacy
Blank information is easy to steal and change
Unencrypted
Blank files are rarely purged from a disk immediately and often can be recovered with ease
Deleted
Blank of a device gives an attacker unlimited time to break an encryption
Physical theft
Blank is a method to gain a victim’s trust to provide information
Social Engineering
Blank is like storing files in the wrong location
Accidents & Malfunctions
Encrypt the blank (where it is stored) and blank (where it is moving across the network)
Information-at-rest
Information-in-transit
What describes data where it is stored?
At-rest
What describes data moving across the network?
In-transit
Blank makes it possible to identify where information came from and if the data has changed since it was originally sent
Integrity
Blank works well with confidentiality
Integrity
Blank attacks can compromise integrity
Man-in-the-middle attacks
Intentional or unintentional blank can or modifications can compromise integrity
Deletion
Blank in equipment can cause data corruption
Malfunction
Blank such as an EMP attack can destroy or severely corrupt data
Natural phenomena
You should require all data transmissions to use blank or blank to confirm identity
Encryption; data signatures
Blank, such as SHA-3, can be used to verify that the data has not changed
One-way hash calculations
Blank create a value that can be used to verify the data has not changed
SHA-3
Use blank with your data storage to quickly revert accidental changes or deletions
Version control
You can blank to server solutions by carefully managing your app updates and patches
High availability
Blank attacks prevent legitimate users from accessing resources
DoS and distributed DoS
Accidental changes to blank can remove access for authorized users
Access control lists
You should create and maintain a blank that includes a full site failover as well as the method to restore data for individual servers
Full disaster recovery plan
You should implement server what, using clustering tech where appropriate
High availability
Setting up blank and storing a backup copy at another physical location protect against site-level disasters
regular backups
