Operations Security Flashcards

1
Q

zero day exploit

A

existence of exploit code for a vulnerability that has yet to be patched

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

differential backup

A

backs up files changed since last full back up; quicker than full, but gets longer over time to backup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

RAID levels

A

0 - Striped set 1 - mirrored set 3 - byte-level striping with dedicated parity 4 - block-level striping with dedicated parity 5 - block-level striping with distributed parity 6 - block-level striping with double distributed parity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

RAID 2

A

hamming code: not commercially viable for hard disks; cost prohibitive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

mirroring

A

complete duplication of data to another disk, used by some levels of RAID; used to achieve full data reduncy by writing to multiple hard disks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

active-passive

A

backup systems only begin processing when a failure state is detected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

full backup

A

contain all of the allocated data on the hard disk; quick recover; long backup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

sniffing

A

potentially able to insert a malicious system in the middle of a connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

recovery

A

cautiously restoring the system or systems to operational status

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

macro virus

A

malicious code that infects microsoft office documents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

lessons learned

A

most likely step to be neglected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

SYN flood

A

DOS; resource exhaustion; lots of SYN, but never acknowledge SYN/ACK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

teardrop

A

DOS; malformed packet; targest issues with systems fragmentation reassembly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

RAID 5

A

striped set w/ distributed parity: performance gains; data redundancy; can lose 1 disk and still function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

ping of death

A

DOS; malformed packet; sends malformed ICMP echo request (ping) that is larger than maximum size of an IP packet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

remanence

A

data that might persist after removal attempts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

spoofing

A

masquerading as another endpoint

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

RAID 6

A

striped set w/ dual distributed parity: can accommodate loss of 2 drives and still function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

preparation

A

steps taken before incident occurs; includes training, writing incident response policies/procedures, providing tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

incremental backup

A

only archive files that have changed since last backup of any kind performed; quick backup; long recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

need to know

A

clearance level alone is insufficient when dealing with most sensitive information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

account lockouts

A

used to prevent an atttacker from being able to simply guess the right password by attempting a large number of potential passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

NDA

A

non-disclosure agreement: work-related contractual agreement that ensures people will maintain confidentiality of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

DNS reflection

A

DOS; attacker has poorly configured 3rd paty DSN server query an attacker-controlled DNS server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

striping

A

spreading data writes across multiple disks to achieve performance gains; used by some levels of RAID; performance increase and no data redundancy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

trojan horse

A

defined by how they are concealed and are most often associated with providing an attacker with persistentbackdoor access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

operations security is concerned with?

A

threats to a production operating environment

22
Q

degaussing

A

destroys integrity of the manetization of the media making data recovery impossible

23
Q

change management process

A
  1. ID change 2. propose change 3. assess risk associated w/ change 4. test change 5. schedule change 6. notify impacted parties of change 7. implement change 8. report results of change
25
Q

Collusion

A

agreement between 2 or more people to subvert the security of a system

26
Q

threat vectors

A

e-mail attachments, open ports, web appps, phone lines to target internal servers,

26
Q

password cracking

A

an offline technique in which athe attacker has gained access to the password hashes or database

27
Q

eradication

A

process of understanding the cause of the incident so system can be reliably cleaned and ultimatelly restored to operational status

27
Q

fraggle

A

DOS; malformed packet; like smurf, but uses UDP

28
Q

password guessing

A

online technique that involves attempting to authenticate a particular user to a system

29
Q

background checks

A

administrative control

30
Q

mandatory leave

A

closely related to rotation of duties; reduces or detects personnel single points of failure; detects/deters fraud; reveals fraudulent or suspicious behavior

31
Q

containment

A

atempts to keep further damage from occuring

32
Q

malware

A

one of the best known types of threats to an info system

34
Q

RAID 4

A

striped set with dedicated parity (block level): same as RAID 3 but at block level

36
Q

separation of duties

A

prescribes that multiple people are required to complete criticqal or sensitive transactions

37
Q

Smurf

A

DOS; resource exhaustion; ICMP echo request flood (ping flood)

38
Q

vulnerability management

A

emphasizes the need for management of the vulnerability information

40
Q

vulnerability scanning

A

way to discover poor configurations and missing patches in an environment

42
Q

parity

A

to achieve data redundancy without incurrring the same degree of cost as that of mirroring in terms of disk usage and write performance

43
Q

zero day vulnerability

A

vulnerabilty being known before the existence of a patch

44
Q

DoS

A

denial of service: one to one availability attack; distributed DOS is many to one availability attack

45
Q

rootkit

A

malware that is focused on hiding its own existence from a savvy admin trying to detect malware

45
Q

Land

A

DOS; malformed packet; spoofed SYN packet

47
Q

detection and anaylsis

A

events are analyzed in order to determine whether these events might comprise a security incident

48
Q

worm

A

self propagates

50
Q

compartmentalization

A

method for enforcing need to know

51
Q

RAID 0

A

striped set: improves performance of read/writes; no data redundancy

53
Q

rollback plan/backout plan

A

details procedures for reversing the change should that be deemed necessary

55
Q

baselining

A

process of capturing a piont-in-time understanding of the current system security configuration

55
Q

threat agents

A

the actors causing the threats that might exploit a vulnerability

56
Q

MITM

A

Man in the middle: places attacker between victim and another system; goal is to serve as undiscovered proxy for either or both endpoints

57
Q

RAID 1

A

mirrored set: has an exact duplicate of all data on other disks

58
Q

principle of least privilege

A

persons have no more than the access that is strictly required for the performance of their duties; aka principle of minimum necessary access

60
Q

virus

A

indicates malicious code that hooks onto executable code and requires user interaction to spread

61
Q

active-active

A

each node in a high-availabiltiy cluster is actively processind data in advance of a failure

62
Q

clipping levels

A

differentiate between lmalicious attacks and normal users accidentally mistyping their passwords and malicious

63
Q

RAID 3

A

striped set w/ dedicated parity: performance gains

64
Q

change management

A

maintains consistent and known operational security; purpose is to undersatnd, communicate, and document any changes with the primary goal of being able to understand, contol and avoid negative impact changes might impose

65
Q

rotation of duties

A

aka job rotation or rotation of responsibilities; requires that one person doesn’t perform critical functions or responsibilites w/o interruption; mitigates fraud

66
Q

incident lifecycle

A
  1. preparation 2. detection and analysis (identification) 3. containment 4. eradication 5. recovery 6. lessons learned
67
Q

fundemental aspect of operations sec?

A

ensuring controls are in place to inhibit people from either inadvertently or intentionally compromising the CIA of data or systems