NETWORK & SECURITY FOUNDATIONS OVERVIEW Flashcards
What device forwards data packets to all connected ports?
HUB
A hub is also known as a multi-port repeater.
What is the primary function of a modem?
Sending & receiving data, allows computers to transport digital info over analog lines
A modem connects to the internet.
Which device amplifies or regenerates signals to extend a network?
REPEATER
What does a switch do in a network?
Connects devices in a specific network and allows them to communicate efficiently using MAC addresses.
What is the function of a bridge in networking?
Joins 2 separate network segments together.
What is the primary role of a router?
Forwards data packets between two or more networks and determines the best path for transmission.
What does an edge router do?
Connects internal networks to external networks (Internet).
What is the purpose of a core router?
Routes data within a large network (Internet backbone).
What is the function of a wireless range extender (WRE)?
Extends the coverage of a wireless network.
What is a wireless access point (WAP)?
Connects wireless devices to a wired network.
What is the primary security device on a network?
FIREWALL
What does an inter-provider border router do?
Connects ISP to ISP, forming the core or backbone of the Internet.
What type of cable uses a foil or mesh shield to reduce noise and crosstalk?
STP (Shielded Twisted Pair)
What is a key characteristic of unshielded twisted pair (UTP) cabling?
Suitable for both office and home environments.
What is coaxial cable primarily used for?
Carrying cable TV signals and broadband cable Internet access.
How is data transmitted in fiber optic cables?
Using pulses of light.
What are the two types of fiber optic cables?
Single-mode & Multi-mode.
What type of fiber optic cable is best for long cable runs?
Single-mode.
What is a patch cable?
A short Ethernet twisted pair cable with RJ 45 connectors on both ends.
Which category of twisted pair cable is required for Gigabit network compatibility?
Category 5E.
What type of network focuses on personal workspace and can use NFC or Bluetooth?
PAN (Personal Area Network).
What defines a Local Area Network (LAN)?
A small computer network typically confined to a single room or building.
Which network type connects multiple buildings?
CAN (Campus Area Network).
What is the characteristic of a Metropolitan Area Network (MAN)?
Data network design used for a city, town, or municipality.
What type of topology connects all devices to a central hub or switch?
Star topology.
In which topology do packets navigate device-to-device until reaching their destination?
Ring topology.
What is the advantage of a mesh topology?
Enables multiple data paths between any two devices to safeguard against link failure.
Which network architecture is centralized?
Client/Server model.
In a Peer-to-Peer (P2P) architecture, how is configuration handled?
Decentralized, with each device requiring individual configuration.
What command is used to measure round-trip time to a specific destination?
PING.
What does the command TRACERT (or TRACEROUTE) do?
Traces the path packets take to reach a network destination.
What command displays IP configuration settings in Windows?
IPCONFIG.
What does NSLOOKUP do?
Provides name to IP information (DNS).
What is the purpose of the ARP command?
Displays and modifies the ARP table, mapping IP addresses to MAC addresses.
Which command identifies active TCP connections?
NETSTAT.
What is NMAP used for?
Network scanning to find hosts and open ports.
What does ARP stand for?
Address Resolution Protocol
ARP maps IP addresses to MAC addresses.
What command is used to display active TCP connections on Windows?
NETSTAT
What is the purpose of the NETSTAT command?
Displays network connections and statistics
What does NMAP stand for?
Network Mapper
What is the primary function of the ROUTE command?
Displays and manipulates the IP routing table
What protocol does FTP use for file transfer?
TCP
Fill in the blank: TFTP uses ______, which does not guarantee accurate delivery of files.
UDP
What is the main security feature of SSH?
Secure remote device management
What does WHOIS provide?
Domain information lookup
What is TCPDUMP used for?
Packet capturing utility
What command is used to display the IP configuration on a Windows computer?
IPCONFIG
What command can a user run to test latency to a specific destination?
PING
What is the purpose of the IFCONFIG command in Linux?
Views detailed information about network interfaces
Which OSI model layer is responsible for network addressing and routing?
Network layer
At which layer of the OSI model does TCP operate?
Transport layer
What is the primary function of the Data Link layer?
Node-to-node data transfer and error detection
What is the highest layer of the OSI model?
Application layer
What does the Presentation layer handle in the OSI model?
Formatting and encrypting data
Fill in the blank: The IEEE 802.11 wireless standard includes ______.
A, B, G, N, AC, AX
What type of hypervisor runs directly on hardware?
Type 1 hypervisor
What is a key feature of a Type 2 hypervisor?
Runs on top of a host operating system
What does IaaS stand for in cloud computing?
Infrastructure as a Service
What is the main responsibility of the user in a PaaS model?
Managing applications and data
What type of cloud deployment model is dedicated to a single organization?
Private cloud
What defines a public cloud?
Cloud services are shared among multiple organizations over the internet
Fill in the blank: SaaS focuses on ______ delivery through the internet.
Application
Which command is used for DNS resolution of a domain name?
NSLOOKUP
Which layer of the OSI model is responsible for breaking data into packets?
Transport layer
What is the primary function of the Session layer in the OSI model?
Establishing, maintaining, and terminating connections
What does a hybrid cloud combine?
Private and public clouds
What is the OSI layer that includes IPX?
Network layer
What is the command to display the mapping of IP addresses to MAC addresses on Windows?
ARP
What type of hypervisor is used for maximum virtual machine capacity?
Type 1
What is the main advantage of SaaS?
No need for individual installations or updates
What is the role of the Presentation layer in the OSI model?
Formatting, encrypting, and decrypting data
What is an example of a SaaS application?
Gmail
What is a private cloud?
Cloud infrastructure dedicated to a single organization, providing more control & security
Examples include services like Gmail, Google Drive, MS One Drive, and Zoom.
What defines a public cloud?
Cloud services provided to multiple organizations over the internet, shared between users but isolated
Accessible over the public internet to anyone interested in subscribing.
What is a community cloud?
Cloud infrastructure shared by multiple organizations with common interests or regulatory concerns
What is a hybrid cloud?
A combination of private & public clouds, allowing data & applications to move between them
What does multi-cloud mean?
The use of multiple cloud services from different providers to meet specific needs or improve redundancy
What distinguishes a public cloud model?
Accessible over the public internet to anyone interested in subscribing
Which cloud deployment often utilizes exclusive (non-shared) hardware?
Private cloud
How is a community cloud defined?
Shared among multiple organizations with similar objectives
What defines the hybrid cloud model in terms of IT asset locations?
Mix of on-premises & cloud-based services for IT assets
What describes a public cloud?
Provides cloud services to just about anyone
In a hybrid cloud, what is known as data in transit?
Data traveling over the WAN connection between private & public clouds
What does least privilege mean in security?
Restricts access rights for users to minimum levels necessary for performing their tasks
What is risk in the context of security?
The potential or probability that a loss may occur
What does anti-malware do?
Helps detect & remove malicious software, such as viruses or malware
What is the purpose of a firewall?
Controls incoming & outgoing network traffic based on predetermined security rules
What is the definition of a vulnerability?
A weakness or flaw in hardware, software, or facilities that can be taken advantage of to compromise security
What is an exploit?
A method or tool used to take advantage of a vulnerability
What is a threat in cybersecurity?
Anything that has the potential to cause harm to your assets
What is an attack in cybersecurity?
An action taken to harm your assets by exploiting vulnerabilities
What is a threat actor?
A person or group that poses a threat, intending to carry out attacks or harm assets
What does patch management involve?
Regularly updating software & applying patches to address known vulnerabilities
True or False: In a private cloud, companies like AWS and Microsoft Azure are responsible for physical data center security.
False
What type of vulnerability is created by setting a password to ‘password01’?
Weak password
What defines a zero-day attack?
An attack that exploits a previously unknown vulnerability in software or hardware
What is a white hat hacker?
IT professionals who specialize in penetrating & compromising network security to help an organization
What is a black hat hacker?
Individuals with malicious intent who breach systems for profit
What is a gray hat hacker?
Individuals who break laws by not having permission but do not have malicious intent
What is a hacktivist?
A hacker who engages in hacking activities to promote a social or political agenda
What is an insider threat?
Individuals within an organization who misuse their access privileges to compromise security
What is SQL injection?
Allows attackers to take control of a database by inserting special commands into input boxes
What is a buffer overflow attack?
An attacker enters text that is too large to fit within a region of memory called a buffer
What is the goal of a phishing attack?
To steal sensitive info like usernames & passwords
What is a denial of service (DoS) attack?
Aims to disrupt availability of services by overwhelming a network or server with traffic
What is a smurf attack?
A DDoS attack where multiple computers reply to ICMP requests, overwhelming the target
What is the definition of eavesdropping?
Unauthorized listening to private conversations
What is packet sniffing?
Capturing IP packets & analyzing TCP/IP network traffic
What is zero-day exploit?
An exploit or vulnerability not known yet, requiring a patch to be remedied
What is an advanced persistent threat (APT)?
A network attack where an unauthorized person gains access and stays undetected for a long period
What does social engineering involve?
Manipulating individuals to divulge confidential info or perform actions that may compromise security
What is a rogue access point?
A fake wireless network set up to trick users into joining, allowing attackers to capture data
In a man-in-the-middle attack, where does the attacker position themselves?
Between two communicating parties
What is the primary goal of a deauth attack?
To force any client off the network
What is a fake access point also known as?
Evil twin
What is a security risk that originates from individuals within an organization, such as employees or contractors?
Insider threat
What type of attack is performed when an attacker is inserting text that is too large to fit within a region of memory?
Buffer overflow
What is an attacker attempting to breach the network remotely considered?
External threat
Which type of DoS attack involves sending oversized or malformed ping packets to crash the target system?
Ping of death
What exploit includes breaching the network cable and using a packet sniffer to listen and record the traffic on the network?
Wiretapping
A wireless deauthentication attack is an example of which type of attack?
Denial of service attack
Which attack floods a system with traffic to prevent legitimate activities or transactions from occurring?
Denial of service attack
What type of attack targets an SQL database using the input field of a user?
SQL injection
Describe man-in-the-middle.
A false server intercepts communications from a client by impersonating the intended server
What type of attack does the attacker attempt to send unauthorized commands to a back-end database through a web application?
SQL injection
What occurs when an attacker gains unauthorized access to a computer and modifies browser security settings?
Data modification
What does an attacker use a Trojan horse for to forward usernames and passwords to an anonymous email address?
Data export
What type of attack involves trying all possible combinations of a password and user ID?
Brute-force attack
What is it called when an attacker uses exposed data from a data breach to attempt to access accounts of another online retailer?
Credential surfing
What attack uses a list of commonly used access credentials to attempt to gain access to an online account?
Dictionary attack
What type of attack occurs when an attacker tries to gain access to a system by disguising their computer as another computer?
IP address spoofing
What type of attack involves an attacker using a program to take control of a connection by pretending to be each end of the connection?
Session hijacking
What occurs when an attacker intercepts messages between two parties before transferring them to the correct destination?
Man-in-the-middle attack
What type of attack does an attacker use a false ID to gain physical access to IT infrastructure?
Social engineering
What type of email attack involves sending emails claiming that an online account has been locked and provides a fake link?
Phishing
What type of attack uses a DNS poisoning strategy to direct users from a legitimate website to the attacker’s website?
Pharming
What are examples of social engineering?
Impersonation, phishing
What is risk avoidance?
Eliminating a particular risk by getting rid of its cause
What is risk acceptance?
Not taking any action to reduce risk
What is risk mitigation?
Decrease possibility of occurrence of risk
What is risk transfer?
Shifting the potential loss to a third party
What is a honeypot?
A decoy system that is intentionally vulnerable and filled with fabricated data to lure attackers
What risk management strategy involves eliminating the threat or vulnerability to completely eliminate the associated risk?
Risk avoidance
What risk management approach is demonstrated by opting to keep a network device operational despite being aware of its risk?
Risk acceptance
Which risk management approach entails reducing the likelihood of a risk occurring or reducing the impact if a risk does occur?
Risk mitigation
What are two ways to protect a computer from malware?
- Use antivirus software
- Keep software up to date
What type of tool should Kyle use to attract an attacker and analyze their activity?
Honeypot
If a company installs a state-of-the-art firewall, what are they primarily engaged in?
Risk mitigation
What is an example of risk acceptance?
Ignoring minor security risks because the cost to address them would outweigh the potential loss
What strategy involves sharing some of the risk burden with someone else, such as an insurance policy?
Risk transference
What does the CIA triad help protect?
Information from unauthorized disclosure and modification while ensuring it is accessible to authorized users
What does confidentiality in the CIA triad refer to?
Secrecy and privacy of data
What is the goal of integrity in the CIA triad?
Ensuring accuracy and trustworthiness of data
What is the goal of availability in the CIA triad?
Ensuring authorized users have access to network, systems, applications, or data when required
Data encryption at rest primarily addresses which component of the CIA triad?
Confidentiality
What accurately defines a security vulnerability?
A defect or imperfection in hardware, software, or infrastructure that could be exploited to undermine security
What CIA component is breached when a ransomware attack encrypts all files on a company’s server?
Availability
What CIA components are compromised in a man-in-the-middle (MITM) attack?
- Confidentiality
- Integrity
What CIA component is affected when sensitive emails are intercepted on a compromised Wi-Fi network?
Confidentiality
Ensuring that data is accurate and hasn’t been tampered with relates to which CIA triad?
Integrity
What is the best practice to secure backup drives containing sensitive information?
Store the devices in an access controlled server room
What CIA triad component is affected by a flood in the server room causing significant damage to hardware?
Availability
What are checksums and cryptographic hashes primarily used to ensure?
Integrity
What CIA triad component is impacted when a critical software application fails to start due to an expired license key?
Availability
What CIA triad component is affected when Kim’s exam results are accidentally sent to Karen?
Confidentiality
In cybersecurity, what does CIA stand for?
Confidentiality, Integrity, Availability
What CIA triad component is affected when Cynthia is unable to turn in her application on time due to a website crash?
Availability
What CIA triad component is a driver for enabling data encryption?
Confidentiality
What CIA triad component is a driver for implementing and monitoring controls?
Confidentiality
What CIA triad component requires IP packets to be retransmitted if the receiving host has an invalid checksum value?
Integrity
What is an example of a violation of confidentiality?
A company stores sensitive customer data without access controls
What is an example of a violation of availability?
A new employee hasn’t been issued access credentials to the company’s network for needed info
What does a company use hash value comparisons to determine?
If the data in a database has changed
What does a company do when updating devices it provides to employees?
Ensure that each employee has consistent network access
What are security policies?
Guidelines and rules set by an organization to protect its information and technology assets
What does a data handling policy outline?
Procedures and guidelines for managing and securing company data throughout its lifecycle
What does a password policy specify?
Requirements for creating and managing passwords within the organization
What does a Bring Your Own Device (BYOD) policy set?
Rules for employees who want to use their personal devices
What does a privacy policy document require?
How an organization collects, uses, discloses, and manages both intellectual property and personally identifiable information
Which principle in network security design advocates for the use of cryptographic techniques?
Security
What must each sub-policy in an information security policy document clearly contain?
The specific compliance obligations the sub-policy fulfills
What should we keep up to date?
Office suites, browser plugins, and anti-virus
What are the two states of data?
- In transit
- At rest
What principle involves limiting user rights and access control permissions to the minimum necessary?
Least privilege
What does complete mediation ensure?
Check authentication every time
What principle requires that critical tasks involve more than one person?
Separation of privilege/duties
What does fail-safe default emphasize?
Default to maximum security, access denied by default
What does economy of mechanism suggest?
Keep security systems simple, use proven components
What does least common mechanism advocate?
Use separate devices, tools, applications for different users or activities
What does human-centered design focus on?
Designing with the user in mind
What does psychological acceptability ensure?
Security design is simple and intuitive
What does open design emphasize?
Security of the system shouldn’t depend on its design being secret
What does the zero trust principle state?
Never trust, always verify
What does defense in depth refer to?
A multi-layered approach to security
What principle ensures that users are only granted the minimum level of access necessary to perform their tasks?
Least privilege
What principle focuses on ensuring the system remains secure even if individual components fail?
Fail-safe
Which principle ensures access to resources is checked against the security policy even after initial authentication?
Complete mediation
What principle emphasizes the importance of keeping security mechanisms transparent and understandable?
Open design
What principle emphasizes the need to verify the identity of users and restrict access based on their roles?
Separation of privilege
What principle suggests that security mechanisms should be easy to understand and use?
Psychological acceptability
What aspect of zero-trust architecture could have prevented unauthorized access when an employee connected to the company network remotely from a public Wi-Fi hotspot?
Zero trust network access (ZTNA)
What aspect of zero-trust architecture could have prevented unauthorized access when connecting to a company network remotely from a public Wi-Fi hotspot?
Zero Trust Network Access (ZTNA)
ZTNA ensures that only authorized users and devices can access specific resources.
Which aspect of zero-trust architecture could have mitigated a data breach due to a compromised employee device?
Least Privilege Access
This principle limits user access to only what is necessary for their role.
What principle is enforced when a company allows less complex passwords with two-factor authentication for better user-friendliness?
Psychological Acceptability
This principle focuses on making security measures easier for users to comply with.
What principle does a mobile banking app utilize by terminating all active sessions after detecting unauthorized access attempts?
Fail-Safe
This principle ensures that systems default to a secure state in case of an error.
What technology is essential for achieving effective zero trust architecture?
Multi-Factor Authentication (MFA)
MFA requires multiple forms of verification to enhance security.
What practice best exemplifies separation of duties in incident response at a software company?
One team detects & reports security incidents, while a different team analyzes & responds to these incidents
This practice prevents conflicts of interest and enhances security.
How does zero trust handle internal and external threats?
Treats all network traffic with the same level of suspicion
This approach minimizes risk from both internal and external sources.
What principle enhances security through simplicity by using a simple, well-understood algorithm?
Economy of Mechanism
This principle emphasizes simplicity in design to improve security.
Why is separation of duties essential in IT security?
Helps prevent any one individual from having too much control over a critical process
This reduces the risk of fraud and errors.
What principle is a development team committed to when designing a web application to protect sensitive info in case of an error?
Fail-Safe
This principle ensures that systems default to a secure state in case of an error.
What goal is an organization pursuing when designing an intuitive, user-friendly, and secure info system dashboard?
Human-Centeredness
This approach focuses on user experience and usability.
What principle is reinforced when a company holds meetings to inform employees about session timeouts and the risks of workarounds?
Psychological Acceptability
This principle encourages understanding and compliance among users.
What practice requires a manager to verify any changes made to a client’s electronic profile by an employee?
Separation of Duties
This ensures oversight and accountability in sensitive operations.
What are the factors on which rules in packet filtering firewalls are based?
- Source IP address
- Destination IP address
- Port numbers
- Protocol types (IP, TCP, UDP, ICMP)
These factors help determine whether to allow or block traffic.
What does stateful inspection in firewalls track?
The state of active connections
This allows the firewall to determine if incoming packets are part of an established session.
What is required before allowing traffic into the network in stateful inspection firewalls?
A prior outbound request
This helps ensure that only legitimate traffic is allowed.
What type of firewall inspects the content of packets?
Application-Level Firewall
This firewall filters traffic based on specific application data.
What type of firewall acts as intermediaries between internal and external networks?
Proxy Firewall
This firewall hides clients’ identities while inspecting traffic.
What does Unified Threat Management (UTM) provide?
Single device protection from a variety of threats
UTM consolidates multiple security features into one device.
What distinguishes Intrusion Detection Systems (IDS) from Intrusion Prevention Systems (IPS)?
IDS can only detect, whereas IPS can prevent
IDS alerts administrators, while IPS actively blocks threats.
What is a solution that can help detect and prevent unauthorized activities by an insider attempting to access sensitive information?
IDS & IPS
These systems work together to monitor and respond to threats.
What capability does an IPS have that an IDS lacks?
Blocking detected threats automatically
This allows for immediate response to threats.
Which type of firewall can check whether a packet is part of an established connection?
Stateful Inspection Firewall
This type of firewall maintains the state of active connections.
Which firewall should an organization use that allows or denies packets based on administrator-defined rules?
Packet Filtering Firewall
This firewall applies specific rules for traffic control.
If an IPS detects a threat, what actions can it take?
- Record the details
- Report the threat to security admins
- Take preventative action to stop the threat
These actions help mitigate risks posed by detected threats.
What type of firewall inspects all incoming and outgoing messages for harmful content before they reach desktops?
Application-Level Firewall
This firewall focuses on content inspection for security.
What is the most effective control against SQL injection attacks on a database?
Application Layer Firewall
This type of firewall can filter and block malicious traffic.
What technology can be put in place to detect potential malware traffic on the network?
Firewall
Firewalls can monitor and manage traffic to identify threats.
What type of firewall can reject packets that are not part of an active session?
Application-Level Firewall
This firewall applies session state tracking.
What restrictions are most commonly implemented in packet-filtering firewalls?
- IP source & destination address
- Direction (inbound or outbound)
- TCP or UDP source & destination port requests
These restrictions help control network access.
What are the three states of data concerning encryption?
- At rest
- In transit
- In use
These states define how data is protected during different phases.
What is the result of plaintext plus an encryption key?
Ciphertext
This is the encrypted output of the encryption process.
What type of encryption uses the same key for both encryption and decryption?
Symmetric Encryption
This method is faster but requires secure key management.
What distinguishes asymmetric encryption from symmetric encryption?
Employs different keys for encryption & decryption
Asymmetric encryption uses a public and a private key.
In a secure email exchange, which key should Alice use to ensure only Bob can read her message?
Bob’s Public Key
This allows Alice to encrypt the message specifically for Bob.
What layer of protection is considered the last line of defense in a well-implemented security in depth strategy?
Data encryption at rest
This protects data even if physical security is compromised.
What key does Bob use to decrypt a message received from Alice using an asymmetric cryptography algorithm?
Bob’s Private Key
This key is kept secret and used to decrypt messages encrypted with his public key.
What encryption algorithm uses the same pre-shared key to encrypt and decrypt data?
Symmetric
This method simplifies the encryption process.
What key should Alice use to encrypt a message to Bob using an asymmetric cryptography algorithm?
Bob’s Public Key
This ensures that only Bob can decrypt the message.
True or False: Encryption of data at rest provides an additional layer of protection by keeping data protected and inaccessible to attackers even if the system is physically stolen.
True
This emphasizes the importance of encrypting sensitive data.
Which protocol is the best choice for encrypting communication between a website and its users?
TLS
TLS (Transport Layer Security) is widely used for secure web communication.
What type of device is designed to handle DDoS attacks and ensure the availability of network services?
DDoS Mitigation Appliances
These devices filter out malicious traffic during attacks.
What is not typically considered a part of device hardening?
Increasing the # of open ports
This would actually increase vulnerability rather than enhance security.
What strategy should an organization use for Wi-Fi hardening in response to several cyberattacks?
Configure Wi-Fi signal strength to reduce range
This limits the area where unauthorized users can connect.
What is an Acceptable Use Policy (AUP)?
Agreement between 2 parties outlining permissible & prohibited use of organization’s IT resources
AUP helps establish clear guidelines for technology use.
What does a Security Awareness Policy mandate?
Training & education of employees about organization’s security measures
This policy promotes a culture of security awareness.
What is the purpose of an Asset Classification Policy?
Categorizing organization’s assets based on how critical each asset is to the organization’s mission
This helps prioritize security efforts.
What does the Asset Protection Policy establish?
Methods & measures required to physically & digitally protect an organization’s assets
This policy outlines security practices for asset protection.
What does the Asset Management Policy include?
Security operations & management of all IT assets within seven domains
This policy ensures comprehensive oversight of IT assets.
What is involved in Vulnerability Assessment & Management?
Identifying, classifying, & managing vulnerabilities within the organization’s technology environment
This process helps mitigate potential risks.
What does Threat Assessment & Monitoring outline?
Processes for continuously monitoring & assessing threats that could impact the organization’s IT infrastructure
This helps in proactive threat management.
What threat involves looking for an open wireless network while driving?
War Driving
This activity is often associated with searching for unsecured networks.
What is the mitigation for War Driving?
- Decrease wireless range
- Hide SSID
These actions minimize the visibility of the network.
What is War Chalking?
Marking an area after SSID & credentials are known
This practice helps others find unsecured networks.
What is the mitigation for War Chalking?
- Use WPA2 or WPA3
- Enable MAC filtering
- Hide SSID
These measures enhance network security.
What does WEP/WPA cracking involve?
Scanning & determining the pre-shared key
This is a method used to compromise wireless security.
What is the mitigation for WEP/WPA cracking?
Use stronger encryption protocols, such as WPA2 or WPA3
Stronger encryption makes it more difficult to crack keys.
What is an Evil Twin attack?
Setting up a rogue WAP for legitimate users to sniff data
This attack tricks users into connecting to an unsecured network.
What is the mitigation for Evil Twin attacks?
Wireless Intrusion Prevention Systems (WIPS)
WIPS can detect and prevent rogue access points.
What is a Rogue Access Point?
An WAP installed on the network without the IT team’s knowledge
This poses a security risk by allowing unauthorized access.
What is the mitigation for Rogue Access Points?
- Switch port tracing
- Monitor mode scanning
- Rogue detector
These practices help identify unauthorized devices.
What is the threat of DoS/DDoS?
Slowing a computer or network to a halt after saturating its resources
This disrupts normal operations and services.
What is the mitigation for DoS/DDoS attacks?
- Monitor normal traffic patterns
- Compare signatures of incoming traffic
- Use an anti-DoS/DDoS device
These actions help manage and mitigate attacks.
What is an ICMP (Ping) Flood attack?
Sends a large number of ICMP (Ping) packets to a system
This can overwhelm the target system and disrupt services.
What is the mitigation for ICMP Flood attacks?
Block ICMP packets on firewall
This prevents the attack from overwhelming the system.
What is a Smurf attack?
Sends a large number of ICMP packets to a network’s broadcast address using a spoofed source IP
This amplifies the attack and floods the target network.
What is the mitigation for Smurf attacks?
- Disable IP broadcast
- Block ICMP packets on firewall
These measures prevent the attack from being effective.
What is a Fraggle attack?
Sends spoofed UDP packets to a specific broadcast address
This can also flood the target network with traffic.
What is the mitigation for Fraggle attacks?
- Disable IP broadcast
- Block ICMP packets on firewall
These actions help control incoming traffic.
What is a Buffer Overflow attack?
Puts more data in memory buffer than it can handle
This can lead to crashes or exploitation of vulnerabilities.
What is the mitigation for Buffer Overflow attacks?
Detect vulnerabilities in code
Regular code audits can help identify and fix issues.
What is an Injection attack?
Injects malicious data or script in a web application
This type of attack targets input validation weaknesses.
What is the mitigation for Injection attacks?
User server-side validation and validate & sanitize input data
These practices help secure web applications.
What is Broken Authentication?
Uses brute-force & dictionary attacks to gain access
This exploits weak authentication mechanisms.
What is the mitigation for Broken Authentication?
- Implement multi-factor authentication
- Implement complex passwords
These measures enhance security against unauthorized access.
What is Sensitive Data Exposure?
Theft of encryption keys or MitM attack on clear text data in transit
This compromises data confidentiality.
What is the mitigation for Sensitive Data Exposure?
Avoid storing sensitive data (secure data)
This reduces the risk of data breaches.
What is an injection vulnerability?
Injects malicious data or script in a web application
What is a method to prevent injection vulnerabilities?
Validate & sanitize input data
What is broken authentication?
Use brute-force & dictionary attacks to gain access
What can be implemented to enhance authentication security?
Implement multi-factor authentication
What is sensitive data exposure?
Theft of encryption keys or MITM attack on clear text data in transit
How can sensitive data exposure be prevented?
Avoid storing sensitive data (secure data)
What is a crucial step to secure data in transit?
Encrypt data in transit
What is a common wireless attack that involves unauthorized access?
Evil twin attack
What traditional network security tool can mitigate ICMP ping flood attacks?
Firewall with ICMP filtering capabilities
What is the primary reason attackers set up rogue access points?
To capture personal & financial information from unsuspecting users
What should a library implement to secure its network after war chalking?
WPA2 or WPA3 wireless encryption
What is the purpose of a Wireless Intrusion Prevention System (WIPS)?
To detect and prevent rogue access points
What strategy can an e-commerce company use to mitigate DoS/DDoS attacks?
Monitor normal traffic patterns
What access control model allows the owner of a resource to decide permissions?
DAC (Discretionary Access Control)
What defines RBAC?
Permissions assigned based on role or job function
What is RUBAC?
Rule-based access control; allowed or denied based on fixed rules
What does ABAC stand for?
Attribute-based access control
What is the goal of implementing strong encryption algorithms in the cloud?
To ensure that sensitive data is securely stored
What is a key feature of multi-factor authentication?
Combines something you know and something you have
What does the term ‘accounting’ refer to in the AAA framework?
Tracks what a user did & accessed
What is the purpose of a security question in authentication?
Relies on something you know
What access control method uses job function for permissions?
RBAC
What does PII stand for?
Personally Identifiable Information
What does PIPEDA govern?
How private sector organizations collect, store, use & disclose personal information
What is the focus of the GDPR?
Protection & privacy of personal information for individuals within the EU
What does HIPAA primarily protect?
Health information
What is the purpose of the PCI DSS?
To ensure security of credit & debit card transactions
What does the Sarbanes-Oxley Act (SOX) set standards for?
Financial reporting to protect investors from fraudulent practices
What is a key aspect of security governance?
Developing security policies & procedures
What must organizations do under PIPEDA regarding personal information?
Establish adequate security measures for protection
What should be included in an information security policy document?
Compliance requirements the sub-policy is designed to meet
Fill in the blank: The weakest wireless security protocol is _______.
WEP
True or False: WPA3 is the newest wireless security protocol.
True
What does authorization determine in the AAA framework?
What can you do? What can you access?
What type of access control is based on context or state of transaction?
CBAC (Context-Based Access Control)
