Network Security Concepts Flashcards

1
Q

What are six terms associate with security management?

A

Asset; Vulnerability; Exploit; Threat; Risk; Countermeasure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A weakness in a system or its design that could be exploited by a threat.

A

Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The mechanism used to leverage a vulnerability to compromise an asset.

A

Exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A potential danger to an asset such as information or network functionality.

A

Threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The likelihood that a particular threat will exploit a particular vulnerability of an asset that results in an undesirable consequence.

A

Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A protection that mitigates a potential threat or risk.

A

Countermeasure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

To provide adequate protection of network assets, what three things must be guaranteed?

A

Confidentiality, Integrity, Availability (CIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Only authorized users can view sensitive information.

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Only authorized users can change sensitive information. It can also guarantee the authenticity of data.

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Authorized users must have uninterrupted access to important resources and data.

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What factors should be considered when classifying data?

A

Value; Age; Useful Life; Personal association

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The number one criteria when classifying data, and is based on the cost to acquire, develop, and replace.

A

Value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The importance of data usually decreases with time.

A

Age

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The amount of time in which data is considered valuable and must be kept classified.

A

Useful Life

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Data that involves personal information of users and employees.

A

Personal association

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What data classifications terms are commonly used by government and military?

A

Unclassified; Sensitive but Unclassified (SBU); Confidential; Secret; Top Secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which security term refers to a person, property, or data of value to a company?

A

Asset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which asset characteristic refers to the risk that results from a threat and lack of a countermeasure?

A

Liability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Data that has little or no confidentiality, integrity, or availability requirements, and therefore little effort is made to secure it.

A

Unclassified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Data that could prove embarrassing if it is revealed, but no great security breach would occur.

A

Sensitive but Unclassified (SBU)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Data that must be kept secure.

A

Confidential

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Data for which significant effort is made to keep it secure. Few individuals have access to this data.

A

Secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Data for which great effort and sometimes considerable cost is made to guarantee its secrecy. Few individuals on a need-to-know condition have access.

A

Top secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What data classifications terms are commonly used by private sector?

A

Public; Sensitive; Private; Confidential

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Data that is available publicly, such as websites, publications, and brochures.

A

Public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Data that is similar to SBU data in that it might cause some embarrassment if revealed.

A

Sensitive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Data that is important to an organization and an effort is made to maintain secrecy and accuracy of this data.

A

Private

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Data that companies make the greatest effort to keep secure, such as trade secre4ts, employee data, and customer information.

A

Confidential

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What are the three Classification roles?

A

Owner; Custodian; User

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Person responsible for the information

A

Owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Perosn in charge of performing day-day data maintenance, including securing and backing up the data.

A

Custodian

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Person using the data in accordance to established procedures.

A

User

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What are the three categories of threat classification?

A

Administrative; Technical; Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Policy and procedure based, including change/configuration control, security training, audits, and tests.

A

Administrative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Controls that involve hardware and software.

A

Technical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Controls for protecting the physical infrastructure.

A

Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

_______ includes insidious reasons, such as for political and financial reasons, aimed at economic espionage and money-making activities.

A

Motivation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Activities are now _____ with mutating and stealth features.

A

Targeted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Threats are consistently focusing on the _______ _______ such as known web browser vulnerabilities and looking for new web programming errors.

A

Application Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

________ ________ sites are a huge source of information. Attackers use it not only to try to steal an identity, but also try to assume the identity of the user.

A

Social Engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Attackers are also targeting mobile platforms because data is in more places.

A

Borderless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What five categories entail Incident and Exposure management?

A

Preventive; Detective; Corrective; Recovery; Deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Preventing the threat form coming in contact with a vulnerability, such as using a firewall, physical locks, and security policy.

A

Preventive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Identifying that the threat has entered the network or system using system logs, intrusion prevention systems (IPSs), and surveillance cameras.

A

Detective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Determining the underlying cause of a security breach and then mitigating the effects of the threat being manifested, such as updating virus or IPS signatures.

A

Corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Putting a system back into production after an incident.

A

Recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

discouraging security violations.

A

Deterrent

48
Q

What are the four categories of managing risk?

A

Risk Avoidance; Risk Reduction; Risk Sharing or Transfer; Risk Retention or Acceptance

49
Q

Avoiding activity that could carry risk.

A

Risk Avoidance

50
Q

Involves reducing the severity of the loss or the likelihood of the loss from occurring.

A

Risk Reduction

51
Q

Involves sharing the burden of the loss or the benefit of gain with another party.

A

Risk Sharing or Transfer

52
Q

Involves accepting the loss, or benefit of gain, from a risk when it occurs.

A

Risk Retention or Acceptance

53
Q

What key factors are considered when designing a secure network?

A
Business Needs
Risk Analysis
Security Policy
Industry best practices
Security Operations
54
Q

____ ____ and ______ refers to means by which data leaves the organization w/o authorization.

A

Data Loss and Exfiltration

55
Q

What are four ways Data Loss and Exfiltration occur

A

Email Attachments
Unencrypted Devices
Cloud Storage Devices
Removable Storage Devices

56
Q

What is malicious code also known as?

A

Malware

57
Q

Infectious malicious software that attaches to another program to execute a specific unwanted function on a computer. Most ____ require end-user activation and can lay dormant for an extended period and then activate at a specific time and date.

A

Viruses

58
Q

Infectious malware, ____ are self-contained programs that exploit known vulnerabilities with the goal of slowing a network. ____ do not require end-user activation. An infected host replicates the ____ and automatically attempts to infect other hosts by independently exploiting vulnerabilities in networks.

A

Worms

59
Q

_____ is typically used for financial gain and collects personal user information, monitoring web-browsing activity for marketing purposes, and routing of HTTP requests to advertising sites.

A

Spyware

60
Q

Refers to any software that displays advertisements, whether or not the user has consented, sometimes in the form of pop-up advertisements.

A

Adware

61
Q

Refers to a class of software used for scamming unsuspecting users. _______ can contain malicious payloads or be of little or no benefit.

A

Scareware

62
Q

These are applications written to look like something else, such as a free screensaver, free virus checker, and so on. When a ____ ____ is downloaded and opened, it attacks the end0user computer from within.

A

Trojan Horse

63
Q

Trojan Horses may be created to initiate specific types of attacks, to include:

A
Remote Access
Data Sending (key logging)
Destructive
Security Software Disabler
Denial of Service (DoS)
64
Q

Most worms have what three components?

A

Enabling vulnerability
Propagation Mechanism
Payload

65
Q

The primary means of mitigating malware is ______ _____.

A

Anti-virus Software

66
Q

The goal of ________ is to limit the spread of infection and requires segmentation of the infected devices to prevent infects hosts from targeting other uninfected systems.

A

Containment

67
Q

The goal of ________ is to deprive the worm of any available targets. Therefore, all uninfected systems are patched with the appropriate vendor patch. Often runs parallel to, or subsequent to, the containment phase.

A

Inoculation

68
Q

The goal of ________ is to track down and identify the infected machines. Once identified, they are disconnected, blocked, or removed from the network and isolated for the treatment phase.

A

Quarantine

69
Q

The goal of ________ is to disinfect infected systems of the worm. This can involve terminating the worm process, removing modified files or system settings that the worm introduced, and patching the vulnerability the worm used to exploit the system.

A

Treatment

70
Q

Individuals who break into computer networks to learn more about them. Most mean no harm and do not expect financial gain.

A

Hackers

71
Q

Names given to identify types of good hackers. __1__ 1 are ethical hackers, such as individuals performing security audits for organizations. __2__ 2 are bug testers to ensure secure applications.

A
  1. White Hat

2. Blue Hat

72
Q

Hackers with criminal intent to harm information systems or for financial gain. They are sometimes called “black hat hackers.”

A

Crackers

73
Q

Names given to identify types of crackers. __1__ 1 is synonymous with crackers, and __2__ 2 are ethically questionable crackers.

A
  1. Black Hat

2. Gray Hat

74
Q

Hackers of telecommunication systems. They compromise telephone systems to reroute and disconnect telephone lines, sell wiretaps, and steal long-distance services.

A

Phreakers

75
Q

Hackers with very little skill. They do not write their own code but instead run scripts written by more skilled attackers.

A

Script Kiddies

76
Q

Individuals with political agendas who attack government sites.

A

Hacktivists

77
Q

__________ ______ typically involve the unauthorized discovery and mapping of systems, services, or vulnerabilities.

A

Reconnaissance Attacks

78
Q

What are four common ways reconnaissance attacks are achieved?

A

Internet Information Queries; Ping Sweeps; Port Scanners; Packet Sniffers

79
Q

Uses readily available Internet tools, such as WHOIS, which is widely used for querying databases that store the registered users or assignee of an Internet resource.

A

Internet Information Queries

80
Q

Method is used to discover a range of live IP addresses.

A

Ping Sweeps

81
Q

An application program designed to probe a target host for open ports and identify vulnerable services to exploit.

A

Port Scanners

82
Q

An application program that can intercept, log, and analyze traffic flowing over a network (also referred to as a packet analyzer, network analyzer, or protocol analyzer).

A

Packet Sniffers

83
Q

The goal of ______ ______ is to discover usernames and passwords to access various resources.

A

Access Attacks

84
Q

______ ______ are attack mechanisms that combine the characteristics of viruses, worms, Trojan horses, spyware, and others.

A

Blended Threats

85
Q

______ attacks masquerade as trustworthy entity to get unsuspecting users to provide sensitive information (and are usually used for identity theft).

A

Phishing

86
Q

______ ______ is when a phishing attack is directed at a specific user.

A

Spear Phishing

87
Q

______ is when the attack is targeted at a group of high profile individuals such as top-level executives, politicians, famous people, and more.

A

Whaling

88
Q

______ is an attack aimed at redirecting the traffic of a website to another website.

A

Pharming

89
Q

In a ________________ ______, a hacker positions himself between a user and the destination and can be carried out in a variety of ways. This type of attack is used for session hijacking, theft or information, sniffing and analyzing network traffic, corrupting data flows, propagating bogus network information, and for DoS attacks.

A

Man-in-the-middle attacks

90
Q

In __ ______ ______ attacks, a hacker forges IP packets with trusted IP source addresses. MAC address spoofing similarly forges trusted host MAC address on a LAN.

A

IP and MAC address spoofing

91
Q

_____ _______ refers to when a hacker has compromised a target and that host is trusted by another host (new target).

A

Trust exploitation

92
Q

This is using social skills, relationships, or understanding of cultural norms to manipulate people inside a network and have them willingly (but usually unknowingly) participate and provide access to the network.

A

Social Engineering

93
Q

Attacker manually enters possible passwords based on informed guesses.

A

Password Guessing

94
Q

Programs use dictionary and word lists; phrases; or other combinations of letters, numbers, and symbols that are often used as passwords.

A

Dictionary Lists

95
Q

This approach relies on power and repetition, comparing every possible combination and permutation of characters until it finds a match.

A

Brute Force

96
Q

some password crackers mix a combination of techniques and are highly effective against poorly constructed passwords.

A

Hybrid Cracking

97
Q

The goal of a _____ attack is to deny network services to valid users.

A

DoS

98
Q

A DoS attack in which the attacker provides input that is larger than the destination device expected. It may overwrite adjacent memory, corrupt the system, ad cause it to crash.

A

Buffer Overflow

99
Q

Legacy attack in which the attacker would craft a packet specifying a packet size greater that 65,536 bytes. Servers receiving these packets would crash causing a DoS situation. Modern servers are no linger susceptible to this attack.

A

Ping of Death

100
Q

A DoS attack that sends a large number of ICMP requests or ICMP responses to a destination device in an attempt to overwhelm it, slow it down, or even crash it.

A

ICMP Flood

101
Q

A DoS attack that sends large number of UDP packets to a destination device in an attempt to overwhelm it, slow it down, or even crash it.

A

UDP Flood

102
Q

A DoS attack that exploits the TCP three-way handshake operation. The attacker sends multiple TCP SYN packets with random source addresses to the target host. The victim replies with a SYN ACK, adds an entry in its states table, and waits for the last part of the handshake, which is never completed.

A

TCP SYN Flood

103
Q

A DoS attack that sends a flood of protocol request packets with a spoofed source IP address to numerous target hosts.

A

Reflection

104
Q

A DoS attack that amplifies a reflection attack by using a small request packet to solicit a large response form the victim. For instance, a small DNS query that results in a large reply by the DNS server.

A

Amplification

105
Q

This is a self-propagating malware designed to infect a host and make it surrender control to an attacker’s command and control server. ____ can also log keystrokes, gather usernames and passwords, capture packets, and more.

A

Bots

106
Q

Describes a collection of compromised zombie systems that are running bots.

A

Botnets

107
Q

Describes a host compromised with a bot. The ______ is logged in to the command and control server and quietly waits for commands.

A

Zombie

108
Q

Describes the attacker’s host, which remotely controls the botnets. The attacker uses the master control mechanism on a ______ and _____ _____ to send instructions to zombies.

A

Command and Control Server

109
Q

Architecture uses a layered approach to create security domains and separate them by different types of security controls.

A

Defense in Depth

110
Q

Architecture segments the network where different assets with different values are in different security domains, be it physical or logical.

A

Compartmentalization

111
Q

Principle applies a need-to-know approach to trust relationships between security domains. This results in restrictive policies between security domains. This results in restrictive policies, where access to and from a security domain is allowed only for the required users, applications, or network.

A

Least Privilege

112
Q

Architecture uses a layered approach to security, with weaker or less-protected assets residing in separated security domains.

A

Weakest Link

113
Q

______ are often considered to be the weakest link in information security architecture.

A

Humans

114
Q

Concept of developing systems where more than one individual is required to complete a certain task to mitigate fraud and error. This applies to information security controls, and it applies to both technical controls and human procedures to manage those controls.

A

Separation and Rotation of duties

115
Q

Principle is based on centralizing security controls to protect groups of assets or security domains such as using firewalls, proxies, and other security controls to act on behalf of the assets they are designed ti protect, and mediate the trust relationships between security domains.

A

Mediated Access

116
Q

Architecture should provide mechanisms to track the activity of users, attackers, and even security administrators. It should include provisions for accountability and non repudiation.

A

Accountability and Traceability

117
Q

What are some recommendations for a Defense-In-Depth strategy?

A
Defend in Multiple places
Build Layered Defenses
Use Robust Components
Employ Robust Key Management
Deploy intrusion detection/prevention systems (IDSs/IPSs)