Remember This Flashcards

1
Q

A use case helps:

A

professionals identify and clarify requirements to achieve a goal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Confidentiality ensures:

A

that data is only viewable by authorized users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Encryption is the:

A

best choice to provide confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Access controls protect:

A

the confidentiality of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Steganography supports:

A

obfuscation by making the hidden data harder to see

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Integrity provides:

A

assurances that data has not been modified, tampered with, or corrupted through unauthorized or unintended changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Hashing is a common method:

A

of ensuring integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Non-repudiation prevents:

A

entities from denying they took an action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Digital signatures provide what 2 things?

A

non-repudiation

integrity for files and email

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Audit logs provide:

A

non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Availability ensures:

A

that data and services are available when needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Risk is:

A

the possibility of a threat exploiting a vulnerability, resulting in a loss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A threat is:

A

any circumstance or event that has the potential to compromise confidentiality, integrity, or availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A vulnerability is:

A

a weakness in either the hardware, software, configuration, or users operating the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Risk mitigation reduces risk by:

A

reducing the chances that a threat will exploit a vulnerability

by reducing the impact of the risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Security controls reduce:

A

risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The three primary security control types are:

A

technical

administrative

physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A technical control is:

A

one that uses technology to reduce vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Some examples of technical controls are:

A

Encryption

antivirus software

IDSs

firewalls

the principle of least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Administrative controls are:

A

primarily administrative and include items such as risk and vulnerability assessments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Preventive controls attempt to:

A

prevent security incidents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Detective controls attempt to:

A

detect when a vulnerability has been exploited

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Corrective controls attempt to:

A

reverse the impact of an incident or problem after it has occurred

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Deterrent controls attempt to:

A

prevent incidents by discouraging threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Compensating controls are:

A

alternative controls used when it isn’t feasible or possible to use the primary control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Virtualization allows:

A

multiple servers to operate on a single physical host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Type I hypervisors run:

A

directly on the system hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Type II hypervisors run:

A

as software within a host operating system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Container virtualization is:

A

a specialized version of a Type II hypervisor. It allows services or applications to run within their own isolated cells or containers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Containers don’t have:

A

a full operating system but instead use the kernel of the host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Snapshots capture:

A

the state of a VM at a moment in time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Administrators often take a snapshot before what?

A

performing a risky operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

VM sprawl can occur:

A

if personnel within the organization don’t manage the VMs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

VM escape attacks allow:

A

an attacker to access the host system from the VM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

You run command-line tools in the:

A

Command Prompt window in Windows and the terminal in Linux

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

The ping command can:

A

be used to check connectivity

check name resolution

verify that routers, firewalls, and intrusion prevention systems block Internet Control Message Protocol (ICMP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

The ipconfig command on Windows allows:

A

you to view the configuration of network interfaces

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Linux uses ifconfig and/or ip to:

A

view and manipulate the configuration of network interfaces

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Netstat allows you to:

A

view statistics for TCP/IP protocols and view all active network connections. This can be useful if you suspect malware is causing a computer to connect with a remote computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Tracert lists:

A

the routers (also called hops) between two systems. It can be used to verify a path has not changed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

The arp command allows you to:

A

view and manipulate the ARP cache. This can be useful if you suspect a system’s ARP cache has been modified during an attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Authentication allows:

A

entities to prove their identity by using credentials known to another entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Identification occurs when:

A

a user claims or professes an identity, such as with a username, an email address, a PIV card, or by using biometrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Authentication occurs when:

A

an entity provides proof of an identity (such as a password). A second entity is the authenticator and it verifies the authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Authorization provides:

A

access to resources based on a proven identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Accounting methods track:

A

user activity and record the activity in logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Five factors of authentication are:

A

Something you know, such as a username and password

Something you have, such as a smart card, CAC, PIV, or token

Something you are, using biometrics, such as fingerprints or retina scans

Somewhere you are, using geolocation, a computer name, or a MAC address

Something you do, such as gestures on a touch screen

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

The something you know factor typically refers to:

A

a shared secret, such as a password or a PIN. This is the least secure form of authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Passwords should be:

A

strong and changed often

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Complex passwords include:

A

multiple character types

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Strong passwords are:

A

complex and at least 14 characters long

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Administrators should verify a:

A

user’s identity before resetting the user’s password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

When resetting passwords manually:

A

administrators should configure them as temporary passwords that expire after the first use, requiring users to create a new password the first time they log on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Self-service password systems:

A

automate password recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Password policies provide:

A

a technical means to ensure users employ secure password practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Password length specifies:

A

the minimum number of characters in the pasword

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Password complexity ensures:

A

passwords are complex and include at least three of the four character types

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Password history remembers:

A

past passwords and prevents users from reusing passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Minimum password age is:

A

used with password history to prevent users from changing their password repeatedly to get back to the original password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Maximum password age or password expiration forces:

A

users to change their password periodically

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

When administrators reset user passwords, the password should:

A

expire upon first use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Password policies should:

A

apply to any entity using a password. This includes user accounts and accounts used by services and applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Applications with internally created passwords should:

A

still adhere to the organization’s password policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Account lockout policies:

A

lock out an account after a user enters an incorrect password too many times.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Smart cards are:

A

credit card-sized cards that have embedded certificates used for authentication. They require a PKI to issue certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Common Access Cards (CACs) and Personal Identity Verification (PIV) cards can:

A

be used as photo IDs and as smart cards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Tokens (or key fobs) display:

A

numbers in an LCD. These numbers provide rolling, one-time use passwords and are synchronized with a server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

USB tokens include:

A

an embedded chip and a USB connection. Generically, these are called hardware tokens

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

HMAC-based one-time passwords (HOTP) and Time-based one-time passwords (TOTP) are:

A

open source standards used to create one-time-use passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Hash-based Message Authentication one-time password (HOTP) creates:

A

a one-time-use password that does not expire

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

TOTP creates:

A

a one-time password that expires after 30 seconds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Biometric methods are:

A

the most difficult to falsify.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Biometric physical methods include:

A

voice and facial recognition

fingerprints

retina scans

iris scans

palm scans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

Biometric methods can also be used for:

A

identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

The false acceptance rate (FAR), or false match rate, identifies:

A

the percentage of times false acceptance occurs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

The false rejection rate (FRR), or false nonmatch rate, identifies:

A

the percentage of times false rejections occur

77
Q

The crossover error rate (CER) indicates:

A

the quality of the biometric system. Lower CERs are better

78
Q

Single-factor authentication includes:

A

one or more authentication methods in the same factor, such as a PIN and a password

79
Q

Dual-factor (or two-factor) authentication:

A

used two factors of authentication, such as a USB token and a PIN

80
Q

Multifactor authentication uses:

A

two or more factors. Is stronger than any form of single-factor authentication

81
Q

Authentication methods using two or more methods in the same factor are:

A

single-factor authentication

82
Q

Kerberos is a:

A

network authentication protocol using tickets issued by a Key Distribution Center KDC or Ticket Granting Ticket TGT server.

83
Q

If a ticket-granting ticket expires:

A

the user might not be able to access resources.

84
Q

Microsoft Active Directory domains and Unix realms use:

A

Kerberos for authentication

85
Q

Lightweight Directory Access Protocol (LDAP) specifies:

A

formats and methods to query directories. It provides a single point of management for objects, such as users and computers, in an Active Directory domain or Unix realm

86
Q

Lightweight Directory Application Protocol LDAP Secure (LDAPS):

A

encrypts transmissions with Secure Sockets Layer (SSL) or Transport Layer Security (TLS)

87
Q

Single sign-on (SSO) allows:

A

users to authenticate with a single user account and access multiple resources on a network without authenticating again

88
Q

SSO can be used to:

A

provide central authentication with a federated database and use this authentication in an environment with different operating systems

89
Q

Security Assertion Markup Language SAML is an:

A

XML-based standard used to exchange authentication and authorization information between different parties.

90
Q

SAML is used with:

A

web-based applications

91
Q

A federated identity links:

A

a user’s credentials from different networks or operating systems, but the federation treats it as one identity

92
Q

Shibboleth is:

A

an open source federated identity solution that includes Open SAML libraries

93
Q

OAuth and OpenID Connect are:

A

used by many web sites to streamline the authentication process for users

94
Q

OAuth and OpenID allow:

A

users to log on to many web sites with another account, such as one they’ve created with Google and Facebook

95
Q

The principle of least privilege is:

A

a technical control that uses access controls

96
Q

The principle of least privilege specifies that:

A

individuals or processes are granted only the rights and permissions needed to perform assigned tasks or functions, but no more

97
Q

Users should not share:

A

accounts

98
Q

Most organizations ensure the:

A

Guest account is disabled

99
Q

Account policies often require:

A

administrators to have two accounts (an administrator account and a standard user account) to prevent privilege escalation and other attacks

100
Q

An account disablement policy ensures that:

A

inactive accounts are disabled

101
Q

Accounts for employees who:

A

either resign or are terminated should be disabled as soon as possible.

102
Q

Configuring expiration dates on temporary accounts ensures:

A

they are disabled automatically

103
Q

Time restrictions can:

A

prevent users from logging on or accessing network resources during specific hours.

104
Q

Location-based policies prevent:

A

users from logging on from certain locations

105
Q

Accounts should be recertified to:

A

verify they are still required.

106
Q

Administrators routinely perform:

A

account maintenance.

107
Q

Account maintenance is often done with:

A

scripts to automate the processes and includes deleting accounts that are no longer needed

108
Q

Credential management systems:

A

store and simplify the use of credentials for users

109
Q

The role-based access control (role-BAC) model uses:

A

roles to grant access by placing users into roles based on their assigned jobs, functions, or tasks

110
Q

A matrix matches:

A

job titles with required privileges

111
Q

Group-based privileges are a form of:

A

role-BAC

112
Q

In a Group-based privilege company, Administrators:

A

create groups, add users to the groups, and then assign permissions to the groups.

113
Q

The rule-based access control (rule-BAC) model is:

A

based on a set of approved instructions, such as ACL rules in a firewall.

114
Q

Some rule-BAC implementations use:

A

rules that trigger in response to an event, such as modifying ACLs after detecting an attack

115
Q

In the discretionary access control (DAC) model, every object has:

A

an owner that has explicit access and establishes access for any other user

116
Q

Microsoft NTFL uses:

A

the DAC model, with every object having a discretionary access control list (DACL)

117
Q

The discretionary access control list (DACL) identifies:

A

who has access and what access they are granted

118
Q

A major flaw of the DAC model is:

A

its susceptibility to Trojan horses

119
Q

Mandatory access control (MAC) uses:

A

security or sensitivity labels to identify objects (what you’ll secure) and subjects( users)

120
Q

MAC is often used when:

A

access needs to be restricted based on predefined security labels. These labels are often defined with a lattice to specify the upper and lower security boundaries

121
Q

An attribute-based access control (ABAC) evaluates:

A

attributes and grants access based on the value of these attributes.

122
Q

An ABAC is used in many:

A

software defined networks (SDNs)

123
Q

Protocol used for voice and video include:

A

Real-time Transport Protocol (RTP) and Secure Real-time Transport (SRTP)

124
Q

Secure Real-time Transport Protocol (SRTP) provides:

A

encryption, message authentication, and integrity for RTP

125
Q

File Transfer Protocol (FTP) is commonly used to:

A

transfer files over networks, but FTP does not encrypt the transmission

126
Q

Several encryption protocols encrypt:

A

data-in-transmit to protect its confidentiality

127
Q

The encryption protocols that encrypt data-in-transmit to protect its confidentiality are:

A

File Transfer Protocol Secure (FTPS)

Secure File Transfer Protocol (SFTP)

Secure Shell (SSH)

Secure Sockets Layer (SSL)

Transport Layer Security (TLS)

128
Q

SMTP sends:

A

email using TCP port 25

129
Q

POP3 receives:

A

email using TCP port 110

130
Q

IMAP4 uses:

A

TCP port 143

131
Q

Secure POP uses:

A

TLS on port 995 (legacy) or with STARTTLS on port

132
Q

HTTP uses:

A

port 80 for web traffic

133
Q

HTTPS encrypts:

A

HHTP traffic in transmit and uses port 443

134
Q

Directory services solutions implement:

A

Kerberos as the authentication protocol

135
Q

Lightweight Directory Access Protocol (LDAP) uses what port?

A

TCP port 389

136
Q

LDAP Secure (LDAPS) uses what port?

A

TCP port 636

137
Q

The Network Time Protocol (NTP) provides:

A

time synchronization services

138
Q

Domain Name System (DNS) provides:

A

domain name resolution

139
Q

DNS zones include:

A

A records for IPv4 addresses

AAAA records for IPv6 addresses

140
Q

Zone data is:

A

updated with zone transfers and secure zone transfers help prevent unauthorized access to zone data

141
Q

DNS uses:

A

TCP port 53 for zone transfers

UDP port 53 for DNS client queries

142
Q

Domain Name System Security Extensions (DNSSEC) provides:

A

validation for DNS responses and helps prevent DNS poisoning attacks

143
Q

Two command-line tools used to query DNS are:

A

nslookup and dig

144
Q

Both nslookup and dig support:

A

axfr switch, allowing them to download all zone data from a DNS server, unless the DNS server blocks the attempt

145
Q

Switches are used for:

A

network connectivity and they map media access control (MAC) addresses to physical ports

146
Q

Port security limits:

A

access to switch ports

147
Q

Port security includes:

A

limiting the number of MAC addresses per port and disabling unused ports

148
Q

You can manually map:

A

each port to a specific MAC address or group of addresses

149
Q

An aggregation switch connects:

A

multiple switches together in a network

150
Q

Routers connect:

A

networks and direct traffic based on the destination IP address

151
Q

Routers (and firewalls) use:

A

rules within access control lists (ACLs) to allow or block traffic

152
Q

Implicit deny indicates:

A

that unless something is explicitly allowed, it is denied.

153
Q

Implicit deny is the last:

A

rule in an ACL

154
Q

Host-based firewalls filter:

A

traffic in and out of individual hosts

155
Q

Some Linux systems use:

A

iptables or xtables for firewall capabilities

156
Q

Network-based firewalls filter:

A

traffic in and out of a network

157
Q

Network-based firewalls are placed:

A

on the border of the network, such as between the Internet and an internal network

158
Q

A stateless firewall controls:

A

traffic between networks using rules within an ACL

159
Q

The ACL can block:

A

traffic based on ports, IP addresses, subnets, and some protocols

160
Q

Stateful firewalls filter:

A

traffic based on the state of a packet within a session

161
Q

A web application firewall (WAF) protects:

A

a web server against web application attacks

162
Q

A web application firewall (WAF) is typically placed:

A

in the demilitarized zone (DMZ) and will alert administrators of suspicious events

163
Q

A DMZ provides:

A

a layer of protection for servers that are accessible from the Internet

164
Q

An intranet is:

A

an internal network

165
Q

People use the intranet to:

A

communicate and share content with each other

166
Q

An extranet is:

A

part of a network that can be accessed by authorized entities from outside of the network

167
Q

NAT translates:

A

public IP addresses to private IP addresses

private back to public, and hides IP addresses on the internal network from users on the Internet

168
Q

Networks use:

A

various methods to provide networks segregation, segmentation, and isolation

169
Q

An airgap is:

A

a metaphor for physical isolation, indicating a system or network is completely isolated from another system or network

170
Q

Routers provide:

A

logical separation and segmentation using ACLs to control traffic

171
Q

Forward proxy servers forward:

A

requests for services from a client

172
Q

Forward proxy servers can cache:

A

content and record users’ Internet activity

173
Q

A transparent proxy accepts:

A

and forwards requests without modifying them

174
Q

A nontransparent proxy can:

A

modify or filter requests, such as filtering traffic based on destination URLs

175
Q

Reverse proxy servers accept:

A

traffic from the Internet and forward it one or more internal web servers

176
Q

Reverse proxy server is placed:

A

in the DMZ and the web servers can be in the internal network

177
Q

A unified threat management (UTM) security appliance includeds:

A

multiple layers of protection, such as URL filters, content inspection, malware inspection, and a distributed denial-of-service (DDoS) mitigator

178
Q

UTMs typically raise:

A

alerts and send them to administrators to interpret

179
Q

Mail gateway are logically placed:

A

between an email server and the Internet

180
Q

Mail gateways examine:

A

and analyze all traffic and can block unsolicited email with a spam filter

181
Q

Loop protection protects:

A

against switching loop problems, such as when a user connects two switch ports together with a cable

182
Q

Spanning Tree Protocols protect:

A

against switching loops

183
Q

Flood guards prevent:

A

MAC flood attacks on switches

184
Q

VLANS can logically:

A

separate computers or logically group computers regardless of their physical location

185
Q

You create VLANs with:

A

Layer 3 switches

186
Q

Routers use:

A

rules within ACLs as an antispoofing method

187
Q

Border firewalls block:

A

all traffic coming from private IP addresses

188
Q

Simple Network Management Protocol version 3 SNMPv3 is used to:

A

monitor and configure network devices and uses notification messages known as traps

189
Q

Simple Network Management Protocol version 3 SNMPv3 uses strong:

A

authentication mechanisms and is preferred over earlier versions