Network Security Concepts

Question 1

What are six terms associate with security management?

Answer 1

Asset; Vulnerability; Exploit; Threat; Risk; Countermeasure

Question 2

A weakness in a system or its design that could be exploited by a threat.

Answer 2

Vulnerability

Question 3

The mechanism used to leverage a vulnerability to compromise an asset.

Answer 3

Exploit

Question 4

A potential danger to an asset such as information or network functionality.

Answer 4

Threat

Question 5

The likelihood that a particular threat will exploit a particular vulnerability of an asset that results in an undesirable consequence.

Answer 5

Risk

Question 6

A protection that mitigates a potential threat or risk.

Answer 6

Countermeasure

Question 7

To provide adequate protection of network assets, what three things must be guaranteed?

Answer 7

Confidentiality, Integrity, Availability (CIA)

Question 8

Only authorized users can view sensitive information.

Answer 8

Confidentiality

Question 9

Only authorized users can change sensitive information. It can also guarantee the authenticity of data.

Answer 9

Integrity

Question 10

Authorized users must have uninterrupted access to important resources and data.

Answer 10

Availability

Question 11

What factors should be considered when classifying data?

Answer 11

Value; Age; Useful Life; Personal association

Question 12

The number one criteria when classifying data, and is based on the cost to acquire, develop, and replace.

Answer 12

Value

Question 13

The importance of data usually decreases with time.

Answer 13

Age

Question 14

The amount of time in which data is considered valuable and must be kept classified.

Answer 14

Useful Life

Question 15

Data that involves personal information of users and employees.

Answer 15

Personal association

Question 16

What data classifications terms are commonly used by government and military?

Answer 16

Unclassified; Sensitive but Unclassified (SBU); Confidential; Secret; Top Secret

Question 17

Which security term refers to a person, property, or data of value to a company?

Answer 17

Asset

Question 18

Which asset characteristic refers to the risk that results from a threat and lack of a countermeasure?

Answer 18

Liability

Question 19

Data that has little or no confidentiality, integrity, or availability requirements, and therefore little effort is made to secure it.

Answer 19

Unclassified

Question 20

Data that could prove embarrassing if it is revealed, but no great security breach would occur.

Answer 20

Sensitive but Unclassified (SBU)

Question 21

Data that must be kept secure.

Answer 21

Confidential

Question 22

Data for which significant effort is made to keep it secure. Few individuals have access to this data.

Answer 22

Secret

Question 23

Data for which great effort and sometimes considerable cost is made to guarantee its secrecy. Few individuals on a need-to-know condition have access.

Answer 23

Top secret

Question 24

What data classifications terms are commonly used by private sector?

Answer 24

Public; Sensitive; Private; Confidential

Question 25

Data that is available publicly, such as websites, publications, and brochures.

Answer 25

Public

Question 26

Data that is similar to SBU data in that it might cause some embarrassment if revealed.

Answer 26

Sensitive

Question 27

Data that is important to an organization and an effort is made to maintain secrecy and accuracy of this data.

Answer 27

Private

Question 28

Data that companies make the greatest effort to keep secure, such as trade secre4ts, employee data, and customer information.

Answer 28

Confidential

Question 29

What are the three Classification roles?

Answer 29

Owner; Custodian; User

Question 30

Person responsible for the information

Answer 30

Owner

Question 31

Perosn in charge of performing day-day data maintenance, including securing and backing up the data.

Answer 31

Custodian

Question 32

Person using the data in accordance to established procedures.

Answer 32

User

Question 33

What are the three categories of threat classification?

Answer 33

Administrative; Technical; Physical

Question 34

Policy and procedure based, including change/configuration control, security training, audits, and tests.

Answer 34

Administrative

Question 35

Controls that involve hardware and software.

Answer 35

Technical

Question 36

Controls for protecting the physical infrastructure.

Answer 36

Physical

Question 37

_______ includes insidious reasons, such as for political and financial reasons, aimed at economic espionage and money-making activities.

Answer 37

Motivation

Question 38

Activities are now _____ with mutating and stealth features.

Answer 38

Targeted

Question 39

Threats are consistently focusing on the _______ _______ such as known web browser vulnerabilities and looking for new web programming errors.

Answer 39

Application Layer

Question 40

________ ________ sites are a huge source of information. Attackers use it not only to try to steal an identity, but also try to assume the identity of the user.

Answer 40

Social Engineering

Question 41

Attackers are also targeting mobile platforms because data is in more places.

Answer 41

Borderless

Question 42

What five categories entail Incident and Exposure management?

Answer 42

Preventive; Detective; Corrective; Recovery; Deterrent

Question 43

Preventing the threat form coming in contact with a vulnerability, such as using a firewall, physical locks, and security policy.

Answer 43

Preventive

Question 44

Identifying that the threat has entered the network or system using system logs, intrusion prevention systems (IPSs), and surveillance cameras.

Answer 44

Detective

Question 45

Determining the underlying cause of a security breach and then mitigating the effects of the threat being manifested, such as updating virus or IPS signatures.

Answer 45

Corrective

Question 46

Putting a system back into production after an incident.

Answer 46

Recovery

Question 47

discouraging security violations.

Answer 47

Deterrent

Question 48

What are the four categories of managing risk?

Answer 48

Risk Avoidance; Risk Reduction; Risk Sharing or Transfer; Risk Retention or Acceptance

Question 49

Avoiding activity that could carry risk.

Answer 49

Risk Avoidance

Question 50

Involves reducing the severity of the loss or the likelihood of the loss from occurring.

Answer 50

Risk Reduction

Question 51

Involves sharing the burden of the loss or the benefit of gain with another party.

Answer 51

Risk Sharing or Transfer

Question 52

Involves accepting the loss, or benefit of gain, from a risk when it occurs.

Answer 52

Risk Retention or Acceptance

Question 53

What key factors are considered when designing a secure network?

Answer 53

Business Needs
Risk Analysis
Security Policy
Industry best practices
Security Operations

Question 54

____ ____ and ______ refers to means by which data leaves the organization w/o authorization.

Answer 54

Data Loss and Exfiltration

Question 55

What are four ways Data Loss and Exfiltration occur

Answer 55

Email Attachments
Unencrypted Devices
Cloud Storage Devices
Removable Storage Devices

Question 56

What is malicious code also known as?

Answer 56

Malware

Question 57

Infectious malicious software that attaches to another program to execute a specific unwanted function on a computer. Most ____ require end-user activation and can lay dormant for an extended period and then activate at a specific time and date.

Answer 57

Viruses

Question 58

Infectious malware, ____ are self-contained programs that exploit known vulnerabilities with the goal of slowing a network. ____ do not require end-user activation. An infected host replicates the ____ and automatically attempts to infect other hosts by independently exploiting vulnerabilities in networks.

Answer 58

Worms

Question 59

_____ is typically used for financial gain and collects personal user information, monitoring web-browsing activity for marketing purposes, and routing of HTTP requests to advertising sites.

Answer 59

Spyware

Question 60

Refers to any software that displays advertisements, whether or not the user has consented, sometimes in the form of pop-up advertisements.

Answer 60

Adware

Question 61

Refers to a class of software used for scamming unsuspecting users. _______ can contain malicious payloads or be of little or no benefit.

Answer 61

Scareware

Question 62

These are applications written to look like something else, such as a free screensaver, free virus checker, and so on. When a ____ ____ is downloaded and opened, it attacks the end0user computer from within.

Answer 62

Trojan Horse

Question 63

Trojan Horses may be created to initiate specific types of attacks, to include:

Answer 63

Remote Access
Data Sending (key logging)
Destructive
Security Software Disabler
Denial of Service (DoS)

Question 64

Most worms have what three components?

Answer 64

Enabling vulnerability
Propagation Mechanism
Payload

Question 65

The primary means of mitigating malware is ______ _____.

Answer 65

Anti-virus Software

Question 66

The goal of ________ is to limit the spread of infection and requires segmentation of the infected devices to prevent infects hosts from targeting other uninfected systems.

Answer 66

Containment

Question 67

The goal of ________ is to deprive the worm of any available targets. Therefore, all uninfected systems are patched with the appropriate vendor patch. Often runs parallel to, or subsequent to, the containment phase.

Answer 67

Inoculation

Question 68

The goal of ________ is to track down and identify the infected machines. Once identified, they are disconnected, blocked, or removed from the network and isolated for the treatment phase.

Answer 68

Quarantine

Question 69

The goal of ________ is to disinfect infected systems of the worm. This can involve terminating the worm process, removing modified files or system settings that the worm introduced, and patching the vulnerability the worm used to exploit the system.

Answer 69

Treatment

Question 70

Individuals who break into computer networks to learn more about them. Most mean no harm and do not expect financial gain.

Answer 70

Hackers

Question 71

Names given to identify types of good hackers. __1__ 1 are ethical hackers, such as individuals performing security audits for organizations. __2__ 2 are bug testers to ensure secure applications.

Answer 71

1. White Hat

2. Blue Hat

Question 72

Hackers with criminal intent to harm information systems or for financial gain. They are sometimes called “black hat hackers.”

Answer 72

Crackers

Question 73

Names given to identify types of crackers. __1__ 1 is synonymous with crackers, and __2__ 2 are ethically questionable crackers.

Answer 73

1. Black Hat

2. Gray Hat

Question 74

Hackers of telecommunication systems. They compromise telephone systems to reroute and disconnect telephone lines, sell wiretaps, and steal long-distance services.

Answer 74

Phreakers

Question 75

Hackers with very little skill. They do not write their own code but instead run scripts written by more skilled attackers.

Answer 75

Script Kiddies

Question 76

Individuals with political agendas who attack government sites.

Answer 76

Hacktivists

Question 77

__________ ______ typically involve the unauthorized discovery and mapping of systems, services, or vulnerabilities.

Answer 77

Reconnaissance Attacks

Question 78

What are four common ways reconnaissance attacks are achieved?

Answer 78

Internet Information Queries; Ping Sweeps; Port Scanners; Packet Sniffers

Question 79

Uses readily available Internet tools, such as WHOIS, which is widely used for querying databases that store the registered users or assignee of an Internet resource.

Answer 79

Internet Information Queries

Question 80

Method is used to discover a range of live IP addresses.

Answer 80

Ping Sweeps

Question 81

An application program designed to probe a target host for open ports and identify vulnerable services to exploit.

Answer 81

Port Scanners

Question 82

An application program that can intercept, log, and analyze traffic flowing over a network (also referred to as a packet analyzer, network analyzer, or protocol analyzer).

Answer 82

Packet Sniffers

Question 83

The goal of ______ ______ is to discover usernames and passwords to access various resources.

Answer 83

Access Attacks

Question 84

______ ______ are attack mechanisms that combine the characteristics of viruses, worms, Trojan horses, spyware, and others.

Answer 84

Blended Threats

Question 85

______ attacks masquerade as trustworthy entity to get unsuspecting users to provide sensitive information (and are usually used for identity theft).

Answer 85

Phishing

Question 86

______ ______ is when a phishing attack is directed at a specific user.

Answer 86

Spear Phishing

Question 87

______ is when the attack is targeted at a group of high profile individuals such as top-level executives, politicians, famous people, and more.

Answer 87

Whaling

Question 88

______ is an attack aimed at redirecting the traffic of a website to another website.

Answer 88

Pharming

Question 89

In a ________________ ______, a hacker positions himself between a user and the destination and can be carried out in a variety of ways. This type of attack is used for session hijacking, theft or information, sniffing and analyzing network traffic, corrupting data flows, propagating bogus network information, and for DoS attacks.

Answer 89

Man-in-the-middle attacks

Question 90

In __ ______ ______ attacks, a hacker forges IP packets with trusted IP source addresses. MAC address spoofing similarly forges trusted host MAC address on a LAN.

Answer 90

IP and MAC address spoofing

Question 91

_____ _______ refers to when a hacker has compromised a target and that host is trusted by another host (new target).

Answer 91

Trust exploitation

Question 92

This is using social skills, relationships, or understanding of cultural norms to manipulate people inside a network and have them willingly (but usually unknowingly) participate and provide access to the network.

Answer 92

Social Engineering

Question 93

Attacker manually enters possible passwords based on informed guesses.

Answer 93

Password Guessing

Question 94

Programs use dictionary and word lists; phrases; or other combinations of letters, numbers, and symbols that are often used as passwords.

Answer 94

Dictionary Lists

Question 95

This approach relies on power and repetition, comparing every possible combination and permutation of characters until it finds a match.

Answer 95

Brute Force

Question 96

some password crackers mix a combination of techniques and are highly effective against poorly constructed passwords.

Answer 96

Hybrid Cracking

Question 97

The goal of a _____ attack is to deny network services to valid users.

Answer 97

DoS

Question 98

A DoS attack in which the attacker provides input that is larger than the destination device expected. It may overwrite adjacent memory, corrupt the system, ad cause it to crash.

Answer 98

Buffer Overflow

Question 99

Legacy attack in which the attacker would craft a packet specifying a packet size greater that 65,536 bytes. Servers receiving these packets would crash causing a DoS situation. Modern servers are no linger susceptible to this attack.

Answer 99

Ping of Death

Question 100

A DoS attack that sends a large number of ICMP requests or ICMP responses to a destination device in an attempt to overwhelm it, slow it down, or even crash it.

Answer 100

ICMP Flood

Question 101

A DoS attack that sends large number of UDP packets to a destination device in an attempt to overwhelm it, slow it down, or even crash it.

Answer 101

UDP Flood

Question 102

A DoS attack that exploits the TCP three-way handshake operation. The attacker sends multiple TCP SYN packets with random source addresses to the target host. The victim replies with a SYN ACK, adds an entry in its states table, and waits for the last part of the handshake, which is never completed.

Answer 102

TCP SYN Flood

Question 103

A DoS attack that sends a flood of protocol request packets with a spoofed source IP address to numerous target hosts.

Answer 103

Reflection

Question 104

A DoS attack that amplifies a reflection attack by using a small request packet to solicit a large response form the victim. For instance, a small DNS query that results in a large reply by the DNS server.

Answer 104

Amplification

Question 105

This is a self-propagating malware designed to infect a host and make it surrender control to an attacker’s command and control server. ____ can also log keystrokes, gather usernames and passwords, capture packets, and more.

Answer 105

Bots

Question 106

Describes a collection of compromised zombie systems that are running bots.

Answer 106

Botnets

Question 107

Describes a host compromised with a bot. The ______ is logged in to the command and control server and quietly waits for commands.

Answer 107

Zombie

Question 108

Describes the attacker’s host, which remotely controls the botnets. The attacker uses the master control mechanism on a ______ and _____ _____ to send instructions to zombies.

Answer 108

Command and Control Server

Question 109

Architecture uses a layered approach to create security domains and separate them by different types of security controls.

Answer 109

Defense in Depth

Question 110

Architecture segments the network where different assets with different values are in different security domains, be it physical or logical.

Answer 110

Compartmentalization

Question 111

Principle applies a need-to-know approach to trust relationships between security domains. This results in restrictive policies between security domains. This results in restrictive policies, where access to and from a security domain is allowed only for the required users, applications, or network.

Answer 111

Least Privilege

Question 112

Architecture uses a layered approach to security, with weaker or less-protected assets residing in separated security domains.

Answer 112

Weakest Link

Question 113

______ are often considered to be the weakest link in information security architecture.

Answer 113

Humans

Question 114

Concept of developing systems where more than one individual is required to complete a certain task to mitigate fraud and error. This applies to information security controls, and it applies to both technical controls and human procedures to manage those controls.

Answer 114

Separation and Rotation of duties

Question 115

Principle is based on centralizing security controls to protect groups of assets or security domains such as using firewalls, proxies, and other security controls to act on behalf of the assets they are designed ti protect, and mediate the trust relationships between security domains.

Answer 115

Mediated Access

Question 116

Architecture should provide mechanisms to track the activity of users, attackers, and even security administrators. It should include provisions for accountability and non repudiation.

Answer 116

Accountability and Traceability

Question 117

What are some recommendations for a Defense-In-Depth strategy?

Answer 117

Defend in Multiple places
Build Layered Defenses
Use Robust Components
Employ Robust Key Management
Deploy intrusion detection/prevention systems (IDSs/IPSs)