Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

TM112: Block 2 > Part 7, Dangerous data / data on your computer > Flashcards

Part 7, Dangerous data / data on your computer Flashcards

1
Q

these can be configured within disk optimization on windows

A

where can

TRIM setting

be configured on windows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

this part of the accronym stands for

integrity

from a security perspective this means that data should remain unchanged unless intended people are editing it

A

describe the

I

of the acronym CIA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

this is some danger that can exploit a vulnerability

A

describe what a

threat

is

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what will be inside a flash memory cell if it is interpreted as the following

1. read as 1

2. read as 0

A

within a flash memory cell what will each of these charges be interpreted as

1. filled with electrons (negative charge)

2. filled with no electrons

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what is a

live system image

A

this is the process of taking an image of ram while it is running

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what are some settings a

registry hive

may hold

A

some settings these might hold are:

  1. Desktop settings
  2. Printers
  3. Network settings
  4. Environmental settings
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

describe what a

zero day

is

A

this is a vulnerability that is unknown to software developers and security companies.

notes

  • These types of vulnerabilities are sold on the black market and when used are known as a zero day attack.
  • The purchase price for one of these can be worth hundreds of thousands when speaking about a major OS or browser
  • On average when one of these becomes known to the the developers it can take on average 300 days to fix the vulnerability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

to produce a hash from a given input this will use a combination of:

  1. constants
  2. AND, OR, NOT logic operators
  3. modulus operator with large prime numbers to produce smaller numbers from large numbers
A

what will a

hash algorithm

use in order to produce a hash from a given input

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

this is the heart of the virus and contains the viruses destructive code such as corrupting or collecting data or creating back doors

A

describe the

payload

of a virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

how does a

peer-to-peer botnet

maintain resillience

A

this maintains resillience by having each zombie only knowing the address of a few other zombies

destroying a commander or server does not cripple the entire botnet since only the botnets in its address range will be affected and any other zombie can pick up the role of the disabled commander or server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what

data might you typically find in ram

A

held in here you may find

  1. Instructions and data that will be needed by the processor
  2. The operating system
  3. Information about running programs and processes
  4. Networks a computer is connected to
  5. Decrypted passwords and files as well as the keys that decrypted them
  6. Registry hives
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

give two examples of a

vulnerability

A

some examples of this include

  1. allowing employees to insert any usb into network attached computers
  2. having out of date operating system or antivirus
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

give two examples of a

threat

A

some examples of this are

  1. zero-day attacks
  2. employees wishing to cause harm
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

name two technical factors that

malware

could use to gain entry to a computer

A

technical factors that this could exploit to gain entry to a computer could be

  1. using known weaknesses (exploits) in either software or hardware
  2. using a zero-day
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

with this the malware will rewrite its own code without effecting its functionality. therefore the data created will have a new signature

A

what is

metamorphic malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

to fully acheive this

  1. encryption should be used when data is being sent from client to server
  2. hashing should be used to store all data.
  3. Further encryption may be used to hide the hash
A

when

protecting passwords

describe where the following should be used

  1. encryption
  2. hashing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

this is One way SSDs mitigate wear and involves not repeatedly using the same area of the drive but instead spread out new writes across the drive

A

what is

wear levelling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

this accronym stands for

1. confidentiality

2. integrity

3. availability

A

what does the accronym

CIA

stand for

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

this is a software or an option within software that can ensure that a disk image is read only. Ensuring that the disk image remains unchanged even if it is mounted and navigated

A

what is a

write blocker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

these are mainly concerned with spreading itself across networks. and may lie dormant until a command is received to do something

A

how do

botnets

operate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

this type of attack involves iterating over a dictionary to see if you can get a password match

A

describe what a

dictionary attack

is

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

describe

adware

A

Forces users to view advertising and may report their internet use to advertisers or its creators.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

what are

heuristics

used by antivirus programmes

A

these are rules used to identify malware and relies on using previous knowledge about how malware operates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

what is a

write blocker

A

this is a software or an option within software that can ensure that a disk image is read only. Ensuring that the disk image remains unchanged even if it is mounted and navigated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

when this is performed:

  1. file is sent to the recycle bin and renamed so it begins with $R
  2. an additional file known as the $I file is created in a hidden location and will hold the metadata from the $R file

(NOTE: the $I file allows recovery of the original file)

A

what happens when you perform a

soft delete

on windows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

some settings these might hold are:

  1. Desktop settings
  2. Printers
  3. Network settings
  4. Environmental settings
A

what are some settings a

registry hive

may hold

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

this is the term used when two different files produce the same hash and so hashing algorithms are created in a way that reduces this to a near zero likelihood

A

what is a

hash collision

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

this stands for

Programmable logic controller

A

what does the accronym

PLC

stand for

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

what are three drawbacks of using

signatures

to detect malware

A

some drawbacks of using these is that

  1. an antivirus can only detect malware if it holds one of these for that particular malware
  2. authors of malware frequently update their malware creating a variant and producing the same problem as the above
  3. sophisticated malware is built to be polymorphic or metamorphic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

describe the term

Information assets

A

this is s a term used by cybersecurity professionals which describes information such as names, addresses and passports.

Individuals also posses this in the form of personal photos e.t.c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

these may be found and used within

  1. electrical generation and distribution
  2. Water and sewage pumps
  3. Car engines
A

name three places you may find a

Programmable logic controller (PLC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

describe a

client-server botnet

A

These are an older type of botnet and is made up of zombies which all speak to a command and control server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

this is the process of creating a disk image from a hard drive that has been removed from a computer

(often carried out for forensic investigation)

A

what is

dead system imaging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

some examples of this are

  1. zero-day attacks
  2. employees wishing to cause harm
A

give two examples of a

threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

give three examples of a

countermeasure

A

three examples of this are

1. installing and updating antivirus software

2. configuring a network with security in mind

3. seperation of duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

within a peer-to-peer botnet describe the

server zombie

A

this will be a zombie in charge of managing sections of the botnet such as zombies within a companies intranet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

what is the

signature

that antivirus programmes use to detect malware

A

this is data created by the malware which can be detected within memory or inside a file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q
  1. Every different piece of plaintext produces a unique hash

(The benefit of this is that you cannot find resemblance between two pieces of plain text)

  1. Every hash produced will be the same length

(the benefit of this is you cannot know the length of the original plaintext)

  1. From a hash its almost impossible to find the original plaintext

(this makes it great to store passwords in this form since their is no easy way to find the original plaintext)

A

give three main points about

hashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Forces users to view advertising and may report their internet use to advertisers or its creators.

A

describe

adware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

describe and give an example of

identification

A

this is the process of claiming you are a particular individual

(example: when you give your name at the airport)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

to perform this human factors/traits that are exploited could be

  1. Curiosity
  2. Greed
  3. Helpfulness/politeness
  4. Friendship
A

name four

human traits/factors that are exploited during a social engineering attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

this is software that allows you to read data on a binary level

A

what is a

hex editor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

this is an exact copy (bit for bit) of a storage device. It will typically be stored as a compressed file

A

what is a

disk image

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

These can be accessed and seen as the first folders within the registry editor.

These in turn hold registry keys which hold more registry keys or a registry value

A

where can

registry hives

be viewed via the GUI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

describe what

Advanced persistent threats (APTs)

are

A

this is a combination of attacks used that leave organisations exposed for prolonged periods of time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

where can

registry hives

be viewed via the GUI

A

These can be accessed and seen as the first folders within the registry editor.

These in turn hold registry keys which hold more registry keys or a registry value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

these are a self replicating program just like viruses however they do not rely on human interaction to spread themselves across networks and computers they can copy and transport themselves instead

(note: Worms are the most common type of malware currently in use)

A

describe what a

worm

is

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

what are the two methods in which

malware

can gain access to a computer

A

this can gain entry to a computer by exploiting either

  1. human factors
  2. technical factors
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

the fact these have no moving parts is their main benefit

the benefits of this are:

  1. less likely to encounter physical damage to internal components
  2. all data is loaded with equal performance
  3. battery power is saved
  4. file fragmentation is no longer an issue since all data is loaded with equal performance
A

what is the main benefit of

Solid State Drives (SSDs)

and what are four benefits that come of this

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

in real life and on the internet these three steps allow you to be

identified as an individual and given the access you are permitted to have

A

what does

Identification, authentication and authorization

allow as a whole

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

what are the two

main types of botnet

A

these have two main types being

  1. client-server
  2. peer-to-peer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

this is the act of finding and recovering a file by using the magic number associated with that file type.

Since the magic number is usually in the header with the file length it is possible for the software to recover all of the deleted data, assuming it had not been overwritten in any way or been highly fragmented

A

describe

File carving / data carving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

describe in three points a

peer-to-peer botnet

A

a description of this is that

  1. This is a more modern approach to creating a botnet
  2. does not rely on a single command and control server
  3. each zombie knows the address of a few other zombies and any zombie can take on different roles
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

what is

ata secure erase

A

this is a protocol and command built into the firmware of most SSDs.

When used it will reset an entire SSD by sending a spike of voltage to all memory cells and in turn removing all data from the SSD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

this is typically performed on a list of stolen passwords

A

how is a

dictioanry attack

usually carried out

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

how were

Programmable logic controllers (PLCs)

born

A

these were born out of the need to quickly recalibrate or set-up new assembly lines

before these assembly lines could take months to setup for new parts or models

with the birth of these it became days

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

within a

virus

what are the three main programming concepts that you will find

A

this will contain

  1. an infection mechanism
  2. a trigger
  3. a payload
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

this will be a zombie that receives commands from the botnet operator and then issues them across the botnet

A

describe the

commander

within a peer-to-peer botnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

this is s a term used by cybersecurity professionals which describes information such as names, addresses and passports.

Individuals also posses this in the form of personal photos e.t.c

A

describe the term

Information assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

describe the

A

of the acronym CIA

A

this part of the accronym stands for

availability

this means that data should be available to read and edit whenever desired by intended people

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

what happens when you perform a

soft delete

on windows

A

when this is performed:

  1. file is sent to the recycle bin and renamed so it begins with $R
  2. an additional file known as the $I file is created in a hidden location and will hold the metadata from the $R file

(NOTE: the $I file allows recovery of the original file)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

give five uses of a

botnet

A

this may be used to

  1. send spam email
  2. click on advertisements (click fraud)
  3. attempt to decrypt passwords (Brute-force decryption)
  4. bitcoin mining
  5. denial of service attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

this is the process of proving your identification

(example: when you show your passport at the airport)

A

describe and give an example of

authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

how do

client-server botnets

typically communicate with their servers

A

these typically communicate with their servers using

internet relay chat which was originally designed for instant messaging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

these were born out of the need to quickly recalibrate or set-up new assembly lines

before these assembly lines could take months to setup for new parts or models

with the birth of these it became days

A

how were

Programmable logic controllers (PLCs)

born

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

describe what a

dictionary attack

is

A

this type of attack involves iterating over a dictionary to see if you can get a password match

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

what is a

registry hive

A

for every new user that logs on to a machine a new registry hive is created

the registry hive is a collection of low to high level settings and describes a users profile.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

what is a

hex editor

A

this is software that allows you to read data on a binary level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q
  1. Pc is infected with worm
  2. It will then scan all ports of the system and ports of other systems to see if there is any open and any that are vulnerable to attack such as not being patched for a known bug
  3. Once a port is found that is vulnerable it will scan the destination pc to see what operating system and apps it has installed to see if it is suitable for infection
  4. once a successful scan has been run it sends a copy of itself across that port to the destination pc
A

describe in four steps

how a worm spreads itslef

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

when this is performed:

  1. all references including the $I if applicable are deleted

(NOTE: only references to the original file are deleted meaning that the data still exists although the operating system has no access to it)

A

what happens when you perform a

hard delete

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

this will contain

  1. an infection mechanism
  2. a trigger
  3. a payload
A

within a

virus

what are the three main programming concepts that you will find

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

how is a cell within flash memory given a charge

A

to hold a charge this will have an electric voltage applied to the top of it. this causes negative electrons to be attracted to it giving it a negative charge.

since it is insulated the charge is maintained even when there is no power

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

what is

polymorphic malware

A

with this the malware uses an encryption key in order to scramble its data and therefore creating a variety of signatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

describe and give an example of

authentication

A

this is the process of proving your identification

(example: when you show your passport at the airport)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

what is

stuxnet

A

this was a virus discovered in the summer of 2010 and was the first of its kind in the sense that instead of targeting a huge number of publicly owned computers it was specifically designed to attack and control siemens PLCs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

a description of this is that

  1. This is a more modern approach to creating a botnet
  2. does not rely on a single command and control server
  3. each zombie knows the address of a few other zombies and any zombie can take on different roles
A

describe in three points a

peer-to-peer botnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

these typically communicate with their servers using

internet relay chat which was originally designed for instant messaging

A

how do

client-server botnets

typically communicate with their servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

this is a technique used to bring down an entire peer-to-peer botnet.

it involves editing the address list of all the zombies so that they all speak to a server known as a sinkhole computer which is owned by the parties attacking the botnet. Since all zombies then only speak to the sinkhole the botnet is left effectivelly useless

(note: these can also be used in the collection of information about the owners of the botnet)

A

when speaking about peer-to-peer botnets describe what a

sinkhole

is

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

this is a combination of attacks used that leave organisations exposed for prolonged periods of time

A

describe what

Advanced persistent threats (APTs)

are

80
Q

these have two main types being

  1. client-server
  2. peer-to-peer
A

what are the two

main types of botnet

81
Q

describe and give an example of

authorization

A

this follows the process of identification and authentication and provides access

(example: the guard allowing entry to a country once they are satisfied with your identification and authentication)

82
Q

this may be used to

  1. send spam email
  2. click on advertisements (click fraud)
  3. attempt to decrypt passwords (Brute-force decryption)
  4. bitcoin mining
  5. denial of service attack
A

give five uses of a

botnet

83
Q

describe the steganography technique known as

Least significant bit (LSB)

A

this is a simple yet effective method of implementing Steganography.

It works by having a message you want to hide already in bits and then for each pixel change either the last or last two bits so that they match your hidden message.

To retrieve the message one would simply have to gather the least significant bits used to hide the message and use them to reconstruct the hidden message

84
Q

what does the accronym

CIA

describe

A

This is an acronym to describe the guiding principles behind information security

85
Q

this part of the accroynym stands for

Confidentiality

from a security perspective this means data should only be read by the intended people

A

describe the

C

of the acronym CIA

86
Q

this can gain entry to a computer by exploiting either

  1. human factors
  2. technical factors
A

what are the two methods in which

malware

can gain access to a computer

87
Q

this part of the accronym stands for

availability

this means that data should be available to read and edit whenever desired by intended people

A

describe the

A

of the acronym CIA

88
Q

when speaking about peer-to-peer botnets describe what a

sinkhole

is

A

this is a technique used to bring down an entire peer-to-peer botnet.

it involves editing the address list of all the zombies so that they all speak to a server known as a sinkhole computer which is owned by the parties attacking the botnet. Since all zombies then only speak to the sinkhole the botnet is left effectivelly useless

(note: these can also be used in the collection of information about the owners of the botnet)

89
Q

name four

human traits/factors that are exploited during a social engineering attack

A

to perform this human factors/traits that are exploited could be

  1. Curiosity
  2. Greed
  3. Helpfulness/politeness
  4. Friendship
90
Q

this is data created by the malware which can be detected within memory or inside a file

A

what is the

signature

that antivirus programmes use to detect malware

91
Q

what is a

hash collision

A

this is the term used when two different files produce the same hash and so hashing algorithms are created in a way that reduces this to a near zero likelihood

92
Q

this part of the virus is in charge of finding new files, disk space or devices to infect

A

describe the

infection mechanism

of a virus

93
Q

is a network of compromised machines known as zombies. A single one of theses may be made up of thousands or millions of zombies.

A

describe a

botnet

94
Q

what is

TRIM

A

this is software used by SSDs and involves removing any unreferenced data and getting it ready to be written to while there is downtime on the drive.

This process speeds up writing since the memory cell does not need to be cleaned before writing since it has already been done

95
Q

Attempts to access personal information by monitoring keystrokes or patterns of activity.

A

describe

spyware

96
Q

describe what a

countermeasure

is

A

this is some action that protects assets from vulnerabilities and threats

97
Q

what is the main weakness of

client-server botnets

A

the main weakness of these comes from having a single command and control server which if cut of disables the botnet entirely

98
Q

describe the terms

Cybersecurity / information security

A

these are terms to describe the tools, knowledge and best practices regarding the protection of:

  1. Computers
  2. Communication networks
  3. Programs
  4. Data
99
Q

name three places you may find a

Programmable logic controller (PLC)

A

these may be found and used within

  1. electrical generation and distribution
  2. Water and sewage pumps
  3. Car engines
100
Q

this is software used by SSDs and involves removing any unreferenced data and getting it ready to be written to while there is downtime on the drive.

This process speeds up writing since the memory cell does not need to be cleaned before writing since it has already been done

A

what is

TRIM

101
Q

some drawbacks of using these is that

  1. an antivirus can only detect malware if it holds one of these for that particular malware
  2. authors of malware frequently update their malware creating a variant and producing the same problem as the above
  3. sophisticated malware is built to be polymorphic or metamorphic
A

what are three drawbacks of using

signatures

to detect malware

102
Q

what is

wear levelling

A

this is One way SSDs mitigate wear and involves not repeatedly using the same area of the drive but instead spread out new writes across the drive

103
Q

with this the malware uses an encryption key in order to scramble its data and therefore creating a variety of signatures

A

what is

polymorphic malware

104
Q

what must happen to a

solid state drive (SSD) memory cell

before it is written to

A

when this is to be written to it must first have its content completely removed

this means that slack space on an SSD will no longer contain old data

105
Q

this is essentially a computer that runs a set of installed instructions. The instructions may be for example to move a robotic arm

A

what is a

Programmable logic controller (PLC)

106
Q

technical factors that this could exploit to gain entry to a computer could be

  1. using known weaknesses (exploits) in either software or hardware
  2. using a zero-day
A

name two technical factors that

malware

could use to gain entry to a computer

107
Q

one drawback of these is that they rely on previous knowledge about malware any malware using new techniques will go unnoticed by the antivirus

A

what is one drawback of antivirus programmes using

heuristics

108
Q

what does

Identification, authentication and authorization

allow as a whole

A

in real life and on the internet these three steps allow you to be

identified as an individual and given the access you are permitted to have

109
Q

one advantage these hold is that they are relatively cheaper to buy

A

what is one advantage

hard disk drives (HDDs)

have over solid state drives (SSDs)

110
Q

this follows the process of identification and authentication and provides access

(example: the guard allowing entry to a country once they are satisfied with your identification and authentication)

A

describe and give an example of

authorization

111
Q

describe a

botnet

A

is a network of compromised machines known as zombies. A single one of theses may be made up of thousands or millions of zombies.

112
Q

this is a vulnerability that is unknown to software developers and security companies.

notes

  • These types of vulnerabilities are sold on the black market and when used are known as a zero day attack.
  • The purchase price for one of these can be worth hundreds of thousands when speaking about a major OS or browser
  • On average when one of these becomes known to the the developers it can take on average 300 days to fix the vulnerability
A

describe what a

zero day

is

113
Q

what is

Enhanced Metafile (EMF)

A

this is an image file format that was originally created by microsoft.

One purpose for it is that when a file is printed windows converts the file into an EMF format it is then held in the printers spooler file and in turn RAM

114
Q

describe what a

trojan

is

A

this is a virus that is built into an application the application itself will seem legit and performs the advertised task however it will contain a virus. Trojan viruses are not self replicating and rely on human interaction to spread

115
Q

how do

botnets

operate

A

these are mainly concerned with spreading itself across networks. and may lie dormant until a command is received to do something

116
Q

this is the act of hiding data within other data such as an image.

A

what is

steganogaphy

117
Q

the reason that hashing passwords alone cannot protect against this attack is because the dictionary used for this attack can also be hashed and so a match can still be found

A

why can hashing passwords alone not protect against a

dictionary attck

118
Q

describe what a

threat

is

A

this is some danger that can exploit a vulnerability

119
Q

what is a

Programmable logic controller (PLC)

A

this is essentially a computer that runs a set of installed instructions. The instructions may be for example to move a robotic arm

120
Q

what is an

image mounter

A

this is software that is able to read and write to disk images.

Upon mounting a disk image it will appear as a physical disk and can be navigated as normal via the OS you are using

121
Q

name 5 potential places that words for a

dictionary which will be used for a dictionary attack

could come from

A

this could contain words from

  1. The a-z dictionary
  2. Most used passwords
  3. Professional terminology such as medical terms
  4. Literature
  5. Tv and film
122
Q

descibe what a

vulnerability

is

A

this is a point at which there is potential for a breach

123
Q

the main weakness of these comes from having a single command and control server which if cut of disables the botnet entirely

A

what is the main weakness of

client-server botnets

124
Q

this is a semiconductor material surrounded by an insulator and is able to hold a charge even when there is no power

A

what is a cell within

flash memory

125
Q

describe the

payload

of a virus

A

this is the heart of the virus and contains the viruses destructive code such as corrupting or collecting data or creating back doors

126
Q

this is an isolated environment that mimics an operating system

A

what is a

sandbox

127
Q

describe the

I

of the acronym CIA

A

this part of the accronym stands for

integrity

from a security perspective this means that data should remain unchanged unless intended people are editing it

128
Q

what is

metamorphic malware

A

with this the malware will rewrite its own code without effecting its functionality. therefore the data created will have a new signature

129
Q

for every new user that logs on to a machine a new registry hive is created

the registry hive is a collection of low to high level settings and describes a users profile.

A

what is a

registry hive

130
Q

describe the

infection mechanism

of a virus

A

this part of the virus is in charge of finding new files, disk space or devices to infect

131
Q

what is one drawback of antivirus programmes using

heuristics

A

one drawback of these is that they rely on previous knowledge about malware any malware using new techniques will go unnoticed by the antivirus

132
Q

what is the main benefit of

Solid State Drives (SSDs)

and what are four benefits that come of this

A

the fact these have no moving parts is their main benefit

the benefits of this are:

  1. less likely to encounter physical damage to internal components
  2. all data is loaded with equal performance
  3. battery power is saved
  4. file fragmentation is no longer an issue since all data is loaded with equal performance
133
Q

to hold a charge this will have an electric voltage applied to the top of it. this causes negative electrons to be attracted to it giving it a negative charge.

since it is insulated the charge is maintained even when there is no power

A

how is a cell within flash memory given a charge

134
Q

Hidden programs used by attackers to remotely control or access a computer.

A

describe

rootkits

135
Q

what is a

disk image

A

this is an exact copy (bit for bit) of a storage device. It will typically be stored as a compressed file

136
Q

this maintains resillience by having each zombie only knowing the address of a few other zombies

destroying a commander or server does not cripple the entire botnet since only the botnets in its address range will be affected and any other zombie can pick up the role of the disabled commander or server

A

how does a

peer-to-peer botnet

maintain resillience

137
Q

describe the

C

of the acronym CIA

A

this part of the accroynym stands for

Confidentiality

from a security perspective this means data should only be read by the intended people

138
Q

this is some action that protects assets from vulnerabilities and threats

A

describe what a

countermeasure

is

139
Q

how is a

dictioanry attack

usually carried out

A

this is typically performed on a list of stolen passwords

140
Q

when

protecting passwords

describe where the following should be used

  1. encryption
  2. hashing
A

to fully acheive this

  1. encryption should be used when data is being sent from client to server
  2. hashing should be used to store all data.
  3. Further encryption may be used to hide the hash
141
Q

what are two techniques that antivirus programmes use when working with

heuristics

A

when using this the antivirus programme may

  1. decompile a suspected programme and see if it contains instructions such as copying itself or overwriting operating system files
  2. put the programme within a sandbox and then execute the programme to see what instructions it tries to execute
142
Q

what is one advantage

hard disk drives (HDDs)

have over solid state drives (SSDs)

A

one advantage these hold is that they are relatively cheaper to buy

143
Q

this spreads by relying on human interaction such as a file being shared via a medium such as email

A

how does a

virus

spread

144
Q

this is a point at which there is potential for a breach

A

descibe what a

vulnerability

is

145
Q

when speaking in terms of file carving what is the

magic number

A

this is a number that is a kind of signature for a file type.

each file type will produce its own one of these which is usually located inside the header

146
Q

this is the term used to describe using human factors/nature to defeat the security of a device

A

describe the term

social engineering

147
Q

what is a

ram dump

A

this is the process of viewing or copying the contents of ram

148
Q

within a flash memory cell what will each of these charges be interpreted as

1. filled with electrons (negative charge)

2. filled with no electrons

A

what will be inside a flash memory cell if it is interpreted as the following

1. read as 1

2. read as 0

149
Q

describe in four steps

how a worm spreads itslef

A
  1. Pc is infected with worm
  2. It will then scan all ports of the system and ports of other systems to see if there is any open and any that are vulnerable to attack such as not being patched for a known bug
  3. Once a port is found that is vulnerable it will scan the destination pc to see what operating system and apps it has installed to see if it is suitable for infection
  4. once a successful scan has been run it sends a copy of itself across that port to the destination pc
150
Q

These are an older type of botnet and is made up of zombies which all speak to a command and control server.

A

describe a

client-server botnet

151
Q

three examples of this are

1. installing and updating antivirus software

2. configuring a network with security in mind

3. seperation of duties

A

give three examples of a

countermeasure

152
Q

describe the

commander

within a peer-to-peer botnet

A

this will be a zombie that receives commands from the botnet operator and then issues them across the botnet

153
Q

this is some action that will make the virus deliver its payload such as a date or an execution of a file

A

describe the

trigger

of a virus

154
Q

This is an acronym to describe the guiding principles behind information security

A

what does the accronym

CIA

describe

155
Q

this is the process of claiming you are a particular individual

(example: when you give your name at the airport)

A

describe and give an example of

identification

156
Q

Redirect browsers to unwanted websites, either to earn advertising clicks or to download further malware. Some of the sites masquerade as legitimate websites and are designed to harvest personal information such as logins and credit card details.

A

describe

hijackers

157
Q

this is the process of viewing or copying the contents of ram

A

what is a

ram dump

158
Q

this is a virus that is built into an application the application itself will seem legit and performs the advertised task however it will contain a virus. Trojan viruses are not self replicating and rely on human interaction to spread

A

describe what a

trojan

is

159
Q

this is an image file format that was originally created by microsoft.

One purpose for it is that when a file is printed windows converts the file into an EMF format it is then held in the printers spooler file and in turn RAM

A

what is

Enhanced Metafile (EMF)

160
Q

describe the term

social engineering

A

this is the term used to describe using human factors/nature to defeat the security of a device

161
Q

what happens when you perform a

hard delete

A

when this is performed:

  1. all references including the $I if applicable are deleted

(NOTE: only references to the original file are deleted meaning that the data still exists although the operating system has no access to it)

162
Q

this is the process of taking an image of ram while it is running

A

what is a

live system image

163
Q

where can

TRIM setting

be configured on windows

A

these can be configured within disk optimization on windows

164
Q

describe

hijackers

A

Redirect browsers to unwanted websites, either to earn advertising clicks or to download further malware. Some of the sites masquerade as legitimate websites and are designed to harvest personal information such as logins and credit card details.

165
Q

describe

spyware

A

Attempts to access personal information by monitoring keystrokes or patterns of activity.

166
Q

this will be a zombie in charge of managing sections of the botnet such as zombies within a companies intranet

A

within a peer-to-peer botnet describe the

server zombie

167
Q

this is a number that is a kind of signature for a file type.

each file type will produce its own one of these which is usually located inside the header

A

when speaking in terms of file carving what is the

magic number

168
Q

describe what a

worm

is

A

these are a self replicating program just like viruses however they do not rely on human interaction to spread themselves across networks and computers they can copy and transport themselves instead

(note: Worms are the most common type of malware currently in use)

169
Q

this is software that is able to read and write to disk images.

Upon mounting a disk image it will appear as a physical disk and can be navigated as normal via the OS you are using

A

what is an

image mounter

170
Q

what is

dead system imaging

A

this is the process of creating a disk image from a hard drive that has been removed from a computer

(often carried out for forensic investigation)

171
Q

held in here you may find

  1. Instructions and data that will be needed by the processor
  2. The operating system
  3. Information about running programs and processes
  4. Networks a computer is connected to
  5. Decrypted passwords and files as well as the keys that decrypted them
  6. Registry hives
A

what

data might you typically find in ram

172
Q

what is a cell within

flash memory

A

this is a semiconductor material surrounded by an insulator and is able to hold a charge even when there is no power

173
Q

describe

File carving / data carving

A

this is the act of finding and recovering a file by using the magic number associated with that file type.

Since the magic number is usually in the header with the file length it is possible for the software to recover all of the deleted data, assuming it had not been overwritten in any way or been highly fragmented

174
Q

these maintain resillience by

  1. using encryption
  2. using multiple servers in different countries
A

how do

client-server botnets

maintain resillience

175
Q

this is a protocol and command built into the firmware of most SSDs.

When used it will reset an entire SSD by sending a spike of voltage to all memory cells and in turn removing all data from the SSD

A

what is

ata secure erase

176
Q

give three main points about

hashing

A
  1. Every different piece of plaintext produces a unique hash

(The benefit of this is that you cannot find resemblance between two pieces of plain text)

  1. Every hash produced will be the same length

(the benefit of this is you cannot know the length of the original plaintext)

  1. From a hash its almost impossible to find the original plaintext

(this makes it great to store passwords in this form since their is no easy way to find the original plaintext)

177
Q

what does the accronym

CIA

stand for

A

this accronym stands for

1. confidentiality

2. integrity

3. availability

178
Q

describe the

trigger

of a virus

A

this is some action that will make the virus deliver its payload such as a date or an execution of a file

179
Q

what will a

hash algorithm

use in order to produce a hash from a given input

A

to produce a hash from a given input this will use a combination of:

  1. constants
  2. AND, OR, NOT logic operators
  3. modulus operator with large prime numbers to produce smaller numbers from large numbers
180
Q

what does the accronym

PLC

stand for

A

this stands for

Programmable logic controller

181
Q

these are terms to describe the tools, knowledge and best practices regarding the protection of:

  1. Computers
  2. Communication networks
  3. Programs
  4. Data
A

describe the terms

Cybersecurity / information security

182
Q

this could contain words from

  1. The a-z dictionary
  2. Most used passwords
  3. Professional terminology such as medical terms
  4. Literature
  5. Tv and film
A

name 5 potential places that words for a

dictionary which will be used for a dictionary attack

could come from

183
Q

this is a simple yet effective method of implementing Steganography.

It works by having a message you want to hide already in bits and then for each pixel change either the last or last two bits so that they match your hidden message.

To retrieve the message one would simply have to gather the least significant bits used to hide the message and use them to reconstruct the hidden message

A

describe the steganography technique known as

Least significant bit (LSB)

184
Q

this is a programme that is able to self replicate but not self spread and will typically inject or attach itself to an application or file

A

describe what a

virus

is

185
Q

how do

client-server botnets

maintain resillience

A

these maintain resillience by

  1. using encryption
  2. using multiple servers in different countries
186
Q

some examples of this include

  1. allowing employees to insert any usb into network attached computers
  2. having out of date operating system or antivirus
A

give two examples of a

vulnerability

187
Q

how does a

virus

spread

A

this spreads by relying on human interaction such as a file being shared via a medium such as email

188
Q

why can hashing passwords alone not protect against a

dictionary attck

A

the reason that hashing passwords alone cannot protect against this attack is because the dictionary used for this attack can also be hashed and so a match can still be found

189
Q

describe what a

virus

is

A

this is a programme that is able to self replicate but not self spread and will typically inject or attach itself to an application or file

190
Q

describe

rootkits

A

Hidden programs used by attackers to remotely control or access a computer.

191
Q

what is a

sandbox

A

this is an isolated environment that mimics an operating system

192
Q

these are rules used to identify malware and relies on using previous knowledge about how malware operates

A

what are

heuristics

used by antivirus programmes

193
Q

when this is to be written to it must first have its content completely removed

this means that slack space on an SSD will no longer contain old data

A

what must happen to a

solid state drive (SSD) memory cell

before it is written to

194
Q

what is

steganogaphy

A

this is the act of hiding data within other data such as an image.

195
Q

when using this the antivirus programme may

  1. decompile a suspected programme and see if it contains instructions such as copying itself or overwriting operating system files
  2. put the programme within a sandbox and then execute the programme to see what instructions it tries to execute
A

what are two techniques that antivirus programmes use when working with

heuristics

196
Q

this was a virus discovered in the summer of 2010 and was the first of its kind in the sense that instead of targeting a huge number of publicly owned computers it was specifically designed to attack and control siemens PLCs

A

what is

stuxnet

TM112: Block 2 (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions