Operations Security

Question 1

zero day exploit

Answer 1

existence of exploit code for a vulnerability that has yet to be patched

Question 1

differential backup

Answer 1

backs up files changed since last full back up; quicker than full, but gets longer over time to backup

Question 1

RAID levels

Answer 1

0 - Striped set 1 - mirrored set 3 - byte-level striping with dedicated parity 4 - block-level striping with dedicated parity 5 - block-level striping with distributed parity 6 - block-level striping with double distributed parity

Question 1

RAID 2

Answer 1

hamming code: not commercially viable for hard disks; cost prohibitive

Question 3

mirroring

Answer 3

complete duplication of data to another disk, used by some levels of RAID; used to achieve full data reduncy by writing to multiple hard disks

Question 3

active-passive

Answer 3

backup systems only begin processing when a failure state is detected

Question 4

full backup

Answer 4

contain all of the allocated data on the hard disk; quick recover; long backup

Question 4

sniffing

Answer 4

potentially able to insert a malicious system in the middle of a connection

Question 5

recovery

Answer 5

cautiously restoring the system or systems to operational status

Question 5

macro virus

Answer 5

malicious code that infects microsoft office documents

Question 6

lessons learned

Answer 6

most likely step to be neglected

Question 7

SYN flood

Answer 7

DOS; resource exhaustion; lots of SYN, but never acknowledge SYN/ACK

Question 8

teardrop

Answer 8

DOS; malformed packet; targest issues with systems fragmentation reassembly

Question 9

RAID 5

Answer 9

striped set w/ distributed parity: performance gains; data redundancy; can lose 1 disk and still function

Question 9

ping of death

Answer 9

DOS; malformed packet; sends malformed ICMP echo request (ping) that is larger than maximum size of an IP packet

Question 10

remanence

Answer 10

data that might persist after removal attempts

Question 10

spoofing

Answer 10

masquerading as another endpoint

Question 11

RAID 6

Answer 11

striped set w/ dual distributed parity: can accommodate loss of 2 drives and still function

Question 11

preparation

Answer 11

steps taken before incident occurs; includes training, writing incident response policies/procedures, providing tools

Question 12

incremental backup

Answer 12

only archive files that have changed since last backup of any kind performed; quick backup; long recovery

Question 14

need to know

Answer 14

clearance level alone is insufficient when dealing with most sensitive information

Question 15

account lockouts

Answer 15

used to prevent an atttacker from being able to simply guess the right password by attempting a large number of potential passwords

Question 16

NDA

Answer 16

non-disclosure agreement: work-related contractual agreement that ensures people will maintain confidentiality of data

Question 16

DNS reflection

Answer 16

DOS; attacker has poorly configured 3rd paty DSN server query an attacker-controlled DNS server

Question 17

striping

Answer 17

spreading data writes across multiple disks to achieve performance gains; used by some levels of RAID; performance increase and no data redundancy

Question 18

trojan horse

Answer 18

defined by how they are concealed and are most often associated with providing an attacker with persistentbackdoor access

Question 20

operations security is concerned with?

Answer 20

threats to a production operating environment

Question 22

degaussing

Answer 22

destroys integrity of the manetization of the media making data recovery impossible

Question 23

change management process

Answer 23

1. ID change 2. propose change 3. assess risk associated w/ change 4. test change 5. schedule change 6. notify impacted parties of change 7. implement change 8. report results of change

Question 25

Collusion

Answer 25

agreement between 2 or more people to subvert the security of a system

Question 26

threat vectors

Answer 26

e-mail attachments, open ports, web appps, phone lines to target internal servers,

Question 26

password cracking

Answer 26

an offline technique in which athe attacker has gained access to the password hashes or database

Question 27

eradication

Answer 27

process of understanding the cause of the incident so system can be reliably cleaned and ultimatelly restored to operational status

Question 27

fraggle

Answer 27

DOS; malformed packet; like smurf, but uses UDP

Question 28

password guessing

Answer 28

online technique that involves attempting to authenticate a particular user to a system

Question 29

background checks

Answer 29

administrative control

Question 30

mandatory leave

Answer 30

closely related to rotation of duties; reduces or detects personnel single points of failure; detects/deters fraud; reveals fraudulent or suspicious behavior

Question 31

containment

Answer 31

atempts to keep further damage from occuring

Question 32

malware

Answer 32

one of the best known types of threats to an info system

Question 34

RAID 4

Answer 34

striped set with dedicated parity (block level): same as RAID 3 but at block level

Question 36

separation of duties

Answer 36

prescribes that multiple people are required to complete criticqal or sensitive transactions

Question 37

Smurf

Answer 37

DOS; resource exhaustion; ICMP echo request flood (ping flood)

Question 38

vulnerability management

Answer 38

emphasizes the need for management of the vulnerability information

Question 40

vulnerability scanning

Answer 40

way to discover poor configurations and missing patches in an environment

Question 42

parity

Answer 42

to achieve data redundancy without incurrring the same degree of cost as that of mirroring in terms of disk usage and write performance

Question 43

zero day vulnerability

Answer 43

vulnerabilty being known before the existence of a patch

Question 44

DoS

Answer 44

denial of service: one to one availability attack; distributed DOS is many to one availability attack

Question 45

rootkit

Answer 45

malware that is focused on hiding its own existence from a savvy admin trying to detect malware

Question 45

Land

Answer 45

DOS; malformed packet; spoofed SYN packet

Question 47

detection and anaylsis

Answer 47

events are analyzed in order to determine whether these events might comprise a security incident

Question 48

worm

Answer 48

self propagates

Question 50

compartmentalization

Answer 50

method for enforcing need to know

Question 51

RAID 0

Answer 51

striped set: improves performance of read/writes; no data redundancy

Question 53

rollback plan/backout plan

Answer 53

details procedures for reversing the change should that be deemed necessary

Question 55

baselining

Answer 55

process of capturing a piont-in-time understanding of the current system security configuration

Question 55

threat agents

Answer 55

the actors causing the threats that might exploit a vulnerability

Question 56

MITM

Answer 56

Man in the middle: places attacker between victim and another system; goal is to serve as undiscovered proxy for either or both endpoints

Question 57

RAID 1

Answer 57

mirrored set: has an exact duplicate of all data on other disks

Question 58

principle of least privilege

Answer 58

persons have no more than the access that is strictly required for the performance of their duties; aka principle of minimum necessary access

Question 60

virus

Answer 60

indicates malicious code that hooks onto executable code and requires user interaction to spread

Question 61

active-active

Answer 61

each node in a high-availabiltiy cluster is actively processind data in advance of a failure

Question 62

clipping levels

Answer 62

differentiate between lmalicious attacks and normal users accidentally mistyping their passwords and malicious

Question 63

RAID 3

Answer 63

striped set w/ dedicated parity: performance gains

Question 64

change management

Answer 64

maintains consistent and known operational security; purpose is to undersatnd, communicate, and document any changes with the primary goal of being able to understand, contol and avoid negative impact changes might impose

Question 65

rotation of duties

Answer 65

aka job rotation or rotation of responsibilities; requires that one person doesn’t perform critical functions or responsibilites w/o interruption; mitigates fraud

Question 66

incident lifecycle

Answer 66

1. preparation 2. detection and analysis (identification) 3. containment 4. eradication 5. recovery 6. lessons learned

Question 67

fundemental aspect of operations sec?

Answer 67

ensuring controls are in place to inhibit people from either inadvertently or intentionally compromising the CIA of data or systems