Sec + Flashcards
Which term describes when data is in some sort of persistent storage media?
Data at rest
Describe Data in transit.
Same as data in motion, It is when data is transmitted over a network. Examples include website traffic and remote access traffic, and data being synchronized between cloud repositories.
Describe Data in use
When data is present in volatile memory sources. Examples include documents open in a word processing application, database data that is currently being modified, and event logs being generated while an operating system is running.
What is Data Sovereignty?
Refers to legal implications of data stores in other countries.
What is a cold site?
A cold site is an alternate location where a network can be rebuilt after a disaster has occurred. A cold site can take some time to implement, as systems and assets (including data) are not readily configured and available for full use.
What is a warm site?
A warm site is a dormant alternate location, or a location that performs noncritical functions under normal conditions, but can be rapidly converted to a main operations site with minimal effort.
What is a hot site?
A hot site is a fully configured alternate network that can be quickly brought online after a disaster. With a hot site, systems and data are usually up-to-date.
What is a failover?
Refers to system redundancy. With a failover configuration, an additional device is configured to function when the primary configuration fails.
What is Standard Naming Convention?
A standard naming convention is a defined set of rules for choosing the character sequence to be used for identification in coding. A standard naming convention reduces the effort in code reviews and programming error.
What is code of obfuscation?
Code obfuscation is the practice of camouflaging code by replacing numbers with expressions and renaming variables to make the code unreadable
What is Baselining?
Baselining is a method for analyzing computer network performance. The method is marked by comparing current performance to a historical metric, or “baseline”.
Baselining is the practice of applying changes to the master baseline of code in a continuous pattern. Developers apply the changes regularly to build the application.
Define Code Reuse?
Code reuse is the practice of reusing tested and approved code for development to save time and prevent the introduction of errors in new coding efforts.
What is a logic bomb?
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files, should they ever be terminated from the company.
A logic bomb is a malicious program or script set to run under particular circumstances or in response to a defined event, such as the admin’s account becoming disabled.
What is a RAT? (Remote Access Trojan)
A Remote Access Trojan functions as a backdoor and allows the attacker to access the PC, upload files, and install software on it.
What is a rootkit?
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of “root” and the word “kit”.
A rootkit is a backdoor malware that changes core system files and programming interfaces so that local shell processes no longer reveal their presence.
What is spyware?
Spyware is a program that monitors user activity and sends the information to someone else, with or without the user’s knowledge. One spyware technique is to spawn browser pop-up windows, as well as modify DNS queries attempting to direct the user to other websites, often of dubious provenance.
What is crypto-malware?
Crypto-malware is a class of ransomware that attempts to encrypt data files. The user will be unable to access the files without obtaining the private encryption key, held by the attacker.
While ransomware primarily demand ransom in the form of Bitcoin, the first cryptocurrency— to ‘unblock’ access to system/files— a crypto malware is designed to mine cryptocurrencies from systems without the users’ knowledge
Which of the following attacks do security professionals expose themselves to, if they do not salt passwords with a random value?
A rainbow table attack -Passwords not “salted” with a random value make the ciphertext vulnerable to rainbow table attacks. A rainbow table attack is a password attack that allows an attacker to use a set of plaintext passwords and their hashes to crack passwords.
What is a dictionary attack?
In a dictionary attack, software enumerates values in a dictionary wordlist. Enforcing password complexity makes passwords difficult to guess and compromise. Varying the characters in the password makes it more resistant to these attacks
What can an attacker do to acquire a duplicate of another user’s smart card?
Clone it - Card cloning refers to making one or more copies of an existing card. An attacker can physically duplicate a lost or stolen card with no cryptographic protections.
What is a Potentially unwanted program (PUP)?
Potentially unwanted programs (PUP) or potentially unwanted applications (PUA) is software installed alongside a package or from a computer store that the user did not request.
What is a downgrade attack?
A downgrade attack is a form of cyber attack in which an attacker forces a network channel to switch to an unprotected or less secure data transmission.
A downgrade attack can facilitate an On-path attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths.
What is a Lightweight Directory Access Protocol (LDAP)?
A lightweight directory access protocol (LDAP) injection occurs when an attacker exploits a client’s unauthenticated access to submit LDAP queries that could create or delete accounts, even change authorizations and privileges. LDAP uses port 389.
What is XML injection?
An extensible markup language (XML) injection attack occurs when submitted XML data takes advantage of spoofing, request forgery, and injection of arbitrary code. The XML had no encryption or input validation checks.
What is a SQL injection?
A structured query language (SQL) attack embeds or inserts SQL code to a website to query and output information from a database such as password hashes, for example.
What is DLL?
DLL injection is a software vulnerability that can occur when a Windows-based application attempts to force another running application to load a dynamic-link library (DLL) in memory, that could cause the victim application to experience instability or leak sensitive information.
What is a replay attack?
In a replay attack, the attacker captures some data, like a cookie file, used to log on or start a session legitimately. The attacker resends the data to re-enable the connection.
What is Directory Traversal?
Directory traversal is an injection attack that submits a request for a file outside the web server’s root directory by submitting a path to navigate to the parent directory (../). Access permissions on the file are the same as on the web server directory.
What is command injection?
A command injection attack runs OS shell commands from the browser and allows commands to operate outside of the server’s directory root, forcing commands to run as the web “guest” user.
What is a server-side request forgery?
A server-side request forgery abuses the functionality and services of backend servers to read and update internal resources. This can expose, for example, database information, even without an authenticated session.
What is client-side request forgery?
A client-side (or cross-site) request forgery is an attack that forces a user to execute unwanted actions to a web server that the user is currently authenticated to
What is resource exhaustion?
A resource exhaustion attack overloads resources like CPU time, memory, or disk capacity using distributed denial of service (DDoS) requests.
What is race condition?
A race condition occurs when the outcome from an execution process is directly dependent on the order and timing of certain events. A TOCTTOU vulnerability will take advantage of this timing to modify data before finally using it
What is refactoring?
Refactoring is the process of altering an application’s source code without changing its external behavior. The purpose of code refactoring is to improve some of the nonfunctional properties of the code, such as readability, complexity, maintainability and extensibility.
Refactoring means the code performs the same function by using different methods. Refactoring means that the antivirus software may no longer identify the malware by its signature.
What’s the difference between Cross Site-Scripting and SQL injection?
XSS is a client-side vulnerability that targets other application users, while SQL injection is a server-side vulnerability that targets the application’s database.
What is a Man-in-the-Browser (MitB) attack?
An attack where the perpetrator installs a Trojan horse on the victim’s computer that is capable of modifying that user’s web transactions. The purpose of a man-in-the-browser attack includes eavesdropping, data theft or session tampering.
What is Cross-Site Request Forgery? (XSRF)
XSRF is a malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser
What is a VBA code?
Visual Basic for Applications (VBA) is a scripting language for Microsoft Office that uses macros to perform a sequence of actions in the context of a word processor, spreadsheet, or presentation file.
What is Bluesnarfing?
Bluesnarfing refers to using an exploit in Bluetooth to steal information from someone else’s phone. The exploit (now patched) allows attackers to circumvent the authentication mechanism.
What is a rogue access point?
A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator, whether added by a well-meaning employee or by a malicious attacker.
A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator, whether added by a well-meaning employee or by a malicious attacker.
What is a spectrum analyzer?
A spectrum analyzer is a device that can detect the source of jamming (interference) on a wireless network. It usually has a directional antenna, so that the security analyst can pinpoint the exact location of the interference.
Which attacks can perform a Denial of Service (DoS) attack against a wireless network?
Disassociation attack and deauthentication attack
A security engineer examined some suspicious error logs on a Windows server that showed attempts to run shellcode to a web application. The shellcode showed multiple lines beginning with Invoke-Command. What type of script is the suspicious code trying to run?
A Powershell Script - common scripts: Invoke-Expression, Invoke-Command, Invoke-WMIMethod, New-Service, etc
A low level distributed denial of service (DDoS) attack that involves SYN or SYN/ACK flooding describes what type of attack?
Network
Explain Application attacks
An application attack targets vulnerabilities in the headers and payloads of specific application protocols. For example, one type of amplification attack targets DNS services with bogus queries.
A malicious user sniffed credentials exchanged between two computers by intercepting communications between them. What type of attack did the attacker execute?
An on-path attack
On-path attackers place themselves between two devices (often a web browser and a web server) and intercept or modify communications between the two. The attackers can then collect information as well as impersonate either of the two agents.
Which attack does NOT provide encryption and is, therefore, vulnerable to eavesdropping and Man-in-the-Middle attacks?
NFC (Near Field Communications) does not provide encryption, so eavesdropping and Man-in-the-Middle attacks are possible if the attacker can find some way of intercepting the communication and other software services are not encrypting the data.
What is an Initialization Vector (IV) attack?
An Initialization Vector attack modifies the IV of an encrypted wireless packet during transmission to compute the RC4 keystream to decrypt all other wireless traffic. This attack becomes useless when WPA or WPA2 wireless protection is enabled.
Which actor seeks authorization before performing a penetration attack?
A white hat hacker always seeks authorization to perform penetration testing of private and proprietary systems. Companies usually contract these hackers to test their security systems.
What are Advanced Persistent Threats?
Advanced Persistent Threats (APTs) are cyber nation state adversaries that have developed cybersecurity expertise and use cyber weapons to compromise network security and achieve military and commercial goals.
What are state actors?
State actors’ goals are primarily espionage and strategic advantage. These actors are backed by governments with virtually unlimited resources and are known to be particular about another country’s energy and health network systems.
The Auto-ISAC is what type of threat intelligence source?
Information Sharing and Analysis Centers (ISACs) share threat intelligence and promote best practice in many critical industries, such as the auto industry. Auto-ISAC operates as a private organization made of a board of directors.
A vulnerability related to the system kernel affects which of the following?
Operating system
What is data exfiltration?
An attack that takes content from a local system, encrypts it, and sends it to the attacker’s server via HTTP over the port 80
What is an SDN? (Software Defined Network)
A Software Defined Network (SDN) separates data and control planes in a network. It uses virtualization to route traffic to its intended destination, instead of using proprietary hardware.
What is a VM Sprawl?
Virtualization sprawl is a phenomenon that occurs when the number of virtual machines (VMs) on a network reaches a point where the administrator can no longer manage them effectively. This can happen by patch mismanagement or simply too many virtual machines.
What is a VM Escape?
Virtual machine escape is a vulnerability that enables a user to gain access to the primary hypervisor and associated virtual machines.
Define SaaS (Security as a Service)
Security as a Service is a part of the Software as a Service (SaaS) platform. Any security services provided in the cloud are a subset of SaaS cloud-based technologies.
Define PaaS (Platform as a Service)
Platform as a Service (PaaS) offers a company configurable operating systems and applications to use in a cloud environment. PaaS does not provide security services.
Define IaaS (Infrastructure as a Service)
Infrastructure as a Service (IaaS) provides companies the ability to “rent” hardware and services in a cloud environment. The company would do its own security patching and maintaining
What is the name of the infrastructure that uses a mix of public and private resources on a single platform?
Hybrid
A company has outsourced its equipment requirements and pays on a per use basis to save costs. Which cloud service is this?
IaaS
Which of the following secure coding techniques makes code more difficult to read for an attacker?
Obfuscation; Code obfuscation is the method of disguising coding methods by way of renaming variables, replacing strings, and hiding comments. This a secure coding practice.
What is code reuse?
Code reuse is the practice of using existing code (code previously developed) for a new function in a system. Because the code was previously built and published, it has also been tested for vulnerabilities and errors.
Describe Version Control
Version control tracks the versions of software in real time. It will record who has accessed the code, and what was changed. Version Control also allows for rollback if necessary.
A capability delivery team (CDT) reduces software development risk and cost while increasing the speed of delivery to the customer with updated software. What is the CDT providing the customer?
Continuous Deployment; The process of delivery of software to a production environment using automation, which reduces the software development lifecycle.
During testing, an application demonstrates poor performance in the amount of time a function to the database retrieves results. What should developers ensure in the database, to improve performance?
Normalization; Normalization is used to optimize database performance by removing duplicates, use of primary keys, and related data contained in separate tables.
Describe deprovisioning
Deprovisioning is the act of removing or disabling access to a resource. Since the application has been replaced, the application should be deprovisioned to preserve resources.
Describe provisioning
Provisioning is the process of procuring, configuring and making available an application or system. This process provides a resource to users.
What is Stored Procedures?
A stored procedure is a set of Structured Query Language (SQL) statements stored in a database as a group, so it can be reused and shared by multiple programs. Stored procedures can validate input.
A system administrator identified an issue in the cloud infrastructure where storage continues to fill, and system latency occurs. Which is the best solution to stop the drive space from reaching capacity and causing failure?
Automated scripting; An automated script can continuously check configurations of a system and react accordingly to keep systems secure and available.
Describe Scalability?
Scalability is the capacity to increase and decrease the workload on current resources by adding and removing necessary components without any interruption in business flow.
Which of the following describes the ability of a system to adapt to current demands by provisioning and deprovisioning resources as needed?
Elasticity; A user can increase or decrease resources as necessary. It is commonly used with cloud technologies.
Describe Version Control?
Version control tracks the versions of software in real time. It will record who has accessed the code, and what was changed. Version Control also allows for rollback if necessary.
Describe Integrity Measurements
Integrity measurements are done to identify baseline deviations. Automated tools continuously monitor the system for any baseline changes. If changes are found, Group Policy will force the system back to its original state.
An organization implements Directory Services as a management access control. Which of the following attributes will be used for authentication and role identification
Distinguished Name - Directory Services provide privilege management and authorization to a network by storing user information such as groups, roles, and services allowed into a Distinguished Name (DN). Directory services are used to structure user management and implement access security.
What is Gait Analysis?
Gait analysis is the study and recording of human behavior such as motion and action to authorize access. (An individual’s unique walking style)
What is Elliptic Curve Cryptography (ECC)?
Elliptic Curve Cryptography (ECC) is a trapdoor function used to generate public/private key pairs. Even at smaller key lengths, it is comparable to other asymmetric encryptions using larger key bits.
What is Key Stretching?
Key stretching is creating a key using thousands of rounds of hashing. Adding a salt in the hashing process makes the hash or key much stronger.
Describe United Communications
These solutions are messaging applications that combine multiple communications channels and technologies into a single platform. i.e. A phone call meeting can transition to a video call under same application.
What is a Secure Shell File Transfer Protocol (SFTP)?
Secure Shell File Transfer Protocol (SFTP) addresses the privacy and integrity issues of FTP by encrypting the authentication and data transfer between a client and server. A secure link is created using Secure Shell over Transmission Control Protocol port 22.
What is Lightweight Directory Access Protocol Secure (LDAPS)?
Lightweight Directory Access Protocol Secure (LDAPS) uses port 636 to set up a secure channel to a directory service using a digital certificate. It secures queries to a directory service, while an unsecure version (LDAP) would utilize port 389.
What is DNS Security Extensions?
Domain Name System Security Extensions (DNSSEC) helps to mitigate against spoofing and poisoning attacks. The authoritative server for the zone creates a package of resource records, called an RRset, signed with a private key known as the zone signing key.
Which method is used for a Secure File Transfer within UNIX systems?
Secure Shell (SSH) is the principal means of obtaining secure remote access to a UNIX or Linux server. The main uses of SSH are for remote administration and Secure File Transfer (SFTP).
A server administrator should use which protocol to secure user communication with web services?
Hypertext transfer protocol secure (HTTPS) is the secure protocol that can encrypt communication between a user and web services. HTTPS operates over port 443 by default.
Which vulnerabilities can influence routing?
Fingerprinting, route injection, and ARP poisoning.
What is Lightweight Directory Access Protocol Secure (LDAPS)?
Lightweight Directory Access Protocol Secure (LDAPS) uses port 636 to set up a secure channel to a directory service using a digital certificate.
