Sec_Vista

Question 1

BIA

Answer 1

business impact analysis interviewing to gather info about business units and their functions.
Id and Prioritize business function

Question 2

contingency plan

Answer 2

detail how all business function will be carries out during an outage or disaster

Question 3

Occupant Emergency Plan (OEP)

Answer 3

OEP minimize injury or loss of life during an outage or disaster

Question 4

Define Privilege Escalation vs attack

Answer 4

Gain access to a file you should not have access to by changing permission of your valid account
Hacking is using another user’s credentials
Social Engineering is impersonating a user to get their credentials

Question 5

What is a use for CSR?

Answer 5

Certificate Signing Request: first step to verify the authenticity of a certificate issued by a CA

Question 6

Define OID

Answer 6

Object Identifiers: id X.509 certificates (dotted #s)

Question 7

What type of encryption is EIGamal

Answer 7

asymmetric public key encryption based on D-H.

Used for digital signatures, key exchange, & data encryption

Question 8

What is HAVAL, IDEA, & Knapsack?

Answer 8

HAVAL: hashing algorithm (message digests)
IDEA: International data encrypt algo: block cipher used by PGP for secret key encryption
Knapsack: asymmetric encryption algo; not D-H based

Question 9

Would you format storage media? And what methods would destroy it?

Answer 9

No, format aka delete data does not remove data. Pulverize, degauss, purge, & wiping

Question 10

What is degaussing and when to not use it?

Answer 10

Reduce or eliminate unwanted magnetic field on storage media. Does not work on CD or DVDs

Question 11

How to describe DNS poisoning?

Answer 11

Practice of dispensing IP addresses & host names with the goal of traffic diversion.

Question 12

What are other DNS attacks?

Answer 12

Syn Flood: send DNS server sync messages with spoofed packets
DNS DoS: transmit malformed packets to DNS server to cause a crash

Question 13

How to log changes to a file?

Answer 13

Use a file integrity check to examine files and check for changes then log any changes that occurred

Question 14

Define HIDS/HIPS

Answer 14

Alert for a Single server or computer & stop the attack

i.e. shut port 80 when if traffic exceeds baseline norm

Question 15

What is a VPN?

Answer 15

A virtual private network is not a physical network. It allows secure communication between companies not located together or between private networks. It transports encrypted data

Question 16

What is a VLAN?

Answer 16

Allows networks to be segmented logically without physically rewiring the network. Provides added security layer by isolating resources into subnets.

Question 17

What is denial of service?

Answer 17

Attacker floods a system with messages to prevent the system from replying to valid requests

Question 18

What model does PGP, PKI, and CA use?

Answer 18

PGP uses web of trust to validate key pairs

PKI & CA use hierarchy to sign key pairs

Question 19

What is a RADIUS federation used for?

Answer 19

A group of RADIUS servers assisting with network roaming. The servers validate login credentials of a user belonging to another RADIUS server’s network.
i.e. tenants in a shopping area want all customer to access internet in their area

Question 20

Define EAP-FAST, EAP-TLS, EAP-TTLS

Answer 20

These are all authentication protocols
EAP manages key tranmissions
TLS - uses X.509 digital certificate to authenticate
TTLS - encapsulates TLS allowing for client authentication
FAST - creates TLS tunnel used in wireless & point-to-point network

Question 21

What devices connect multiple LAN segments?

Answer 21

Bridge, switches, & routers
Bridge & switch (layer 2) use MAC to send packets to destination
Routers (layer 3-network) use IP address to route packets to destination

Question 22

What is ISA

Answer 22

Interconnection security agreement gives security requirements for interconnection between two organizations

Question 23

Why use airgapping & sandboxing?

Answer 23

Air gapping: physically separate secure networks & equipment from insecure networks & equipment. Data can only be moved physically via disk or USB
Sanbox: test a system to security patches or issues i.e. legacy system

Question 24

Who is responsible for access in DAC & RBAC?

Answer 24

DAC: data owner
RBAC: security administrator

Question 25

what do phreakers attack?

Answer 25

VoIP or PBX equipment

Question 26

What are 2 VPN protocols?

Answer 26

PPTP: create a secure WAN connection
L2TP: VPN, packets, encrypt data
Both use tunnels for security
PPP: establish dial-up network connections

Question 27

What replaced Infrared?

Answer 27

Infrared needs line-of-sight communication i.e. TV. Replaced by Bluetooth & Wi-fi

Question 28

What is ANT?

Answer 28

Low-power (proprietary) tech used in wearable devices like fitness sensors. NFC: connects devices automatically when in range i.e. smartphone or mobile payments

Question 29

TPM vs. HSM

Answer 29

TPM chip implement hardware-based encryption

HSM stores key or digital certificates and can be replaced

Question 30

What type of attack redirects a user to a fake website?

Answer 30

Hyperlink spoofing aka web spoofing or URL spoofing
Gets browser to connect to a fake server to get access to confidential info: PIN, credit card, bank details
Uses hyperlinks instead of DNS addresses

Question 31

What should you consider when choosing a mail gateway?

Answer 31

Spam Filter, DLP, encryption
Spam filters: trap undesirable mail
DLP: prevent unauthorized access, protect data
Encrypt: critical feature, scramble outgoing messages

Question 32

When creating a wireless network what protocol has maximum security and supports older wireless clients?

Answer 32

WPA: wi-fi protected access
WPA fixed WEP issues
WAP: wireless app protocol is the weakest (don’t use)
WEP: security standard for wireless networks and devices to encrypt data - not as secure as WPA

Question 33

WAP vs. WAP2

Answer 33

WPA uses TKIP (temporal key integrity protocol)
WPA2 uses CCM Mode Protocol (CCMP) for encryption with AES
Operate in two modes: personal & enterprise
Personal uses Preshared Key (PSK)
Enterprise uses EAP for authentication
more secure than WPA2-PSK & needs a digital certificate

Question 34

Which protocols should be used for implementing a secure wireless authentication method using a RADIUS server for authentication?

Answer 34

LEAP (lightweight extensible authentication protocol) to
PEAP (protected extensible authentication protocol)
Both offer to simplify secure authentication, but PEAP is more secure

Question 35

How do Trojan horses, worms, viruses, and spyware work?

Answer 35

Spyware: tracks cookies to collect & report on user’s activities
Virus (malware) relies on other apps to execute itself and infect a system
Worm: spreads itself through network connections
Trojan Horse: disguised as a useful utility but contains malicious code that can damage a network or give hackers a pathway into a network

Question 36

What is DER?

Answer 36

DER (distinguished encoding rules) certificate encoded by ASN.1 not Base64 ASCII
Its a parent format of PEM (used by webservers)
And does not support storage of private key or cert paths

Question 37

What are PFX, P12, P7B?

Answer 37

All are certificate types using Base64 ASCII encoding

PFX & P12 are ways to export private keys

Question 38

What is DIAMETER used for?

Answer 38

VoIP & wireless services

DIAMETER uses EAP and was meant to handle tech that RADIUS could not

Question 39

What is SAML?

Answer 39

Security Assertion Markup Language: an XML data format for exchanging authentication & authorization data between an identity provider and a service provider

Question 40

Is Kerberos more secure than RADIUS, TACACS, or LDAP and what is it for?

Answer 40

Yes, its a method of access, authentication, & authorization

TACACS is a CISCO implement of RADIUS, TACACS+ uses challenge response

Question 41

What are some security solutions for a mobile device?

Answer 41

White-listing: permit certain apps to be installed & run on the device
Transitive Trust: federated user identities allow users to access multiple apps, devices, & resources
Remote Wiping & Screen Lock

Question 42

When using social media at work what is a concern?

Answer 42

Data Exfiltration

Question 43

How does a weak security configuration happen?

Answer 43

Neglecting to implement a specific security device or not configuring security settings properly

Question 44

What cipher & hash algorithm would be good to use on an organization’s network?

Answer 44

RC4 - encrypts streaming video based on a stream cipher for streaming video providing 56-bit encryption
A type of symmetric algo

Question 45

What is one-way hashing and which algorithm uses it?

Answer 45

MD5 inserts a string of variable length into a hashing algorithm and produces a hash value of a fixed length
then it attaches to the end of the message and if the recomputed hash value is the same then the message wasn’t altered during transmission

Used to verify file integrity

Question 46

What are SHA variants?

Answer 46

Secure Hash Algorithm (SHA) are MD2, MD4, MD5, HAVAL
MD5 is a one-way hashing algorithm

Mostly replaced by SHA-2 aka SHA-256

Question 47

What are the four modes of symmetric ciphers?

Answer 47

ECB (Electronic Cook Book) implements the cipher in its original form (each block independent from the rest)
CBC (Cipher Block Chaining) uses output & XOR to increase diffusion
CTM or CTR (Counter Mode) converts block into a stream cipher
GTM (Galois Counter Mode) uses hash function to complicate encrypt

Question 48

What is XSRF?

Answer 48

Cross-site request forgery aka session riding involves unauthorized commands from a trusted user to a or web site (usually social networking involved)
i.e. 2 friends chatting on instant message app and one clicks on a link that ends up sending bank info

Question 49

What type of attack is a buffer overflow attack? What does a macro virus do?

Answer 49

Buffer is a DoS occurring when more data goes into the buffer than it can handle
Macro Virus commands an app to perform actions using programming instructions

Question 50

What control type is a security policy that includes system testing and security awareness training?

Answer 50

Preventative Administrative Controls
Admin Control dictate how security policies are implemented to fulfill a company’s security goals
Includes policies & procedures, training, supervisory structure
Detective is monitoring & supervising

Question 51

What are detective & preventative technical controls

Answer 51

Detective include audit logs & IDS

Preventative: include ACL, routers, A-V, smart cards,…

Question 52

What is throughput?

Answer 52

The rate at which something is processed

Processor speed, memory, & bandwidth allocated affect a workstation’s throughput

Question 53

What is an advantage & disadvantage to using NIDS?

Answer 53

Low maintenance in analyzing network traffic
Monitors a packets sent over a network segment but cannot analyze encrypted information
i.e. packets going through a VPN

Question 54

What are the advantages & disadvantages of HIDS?

Answer 54

HIDS are difficult to configure & monitor
Uses OS audit logs & system logs
Not affected by a switched network

Question 55

Explain Kerberos using AS, TGT, TGS, & CS

Answer 55

AS (Authentication Service) authenticates users with TGT
User, who wants access to a network resources, gives TGT to TGS
TGS turns TGT into a session key
The CS (client-server) takes the session key letting the client & server authenticate with one another
AS, TGS, CS are the main protocols to authenticate & authorize use of resources

Question 56

Define how a firewall, proxy server & NAT server work on a network?

Answer 56

Firewall: allows & denies network access through communication ports
NAT server: presents IP to the internet on behalf of computers on a private network
Proxy server: enables hosts to access internet resources
Increases performance by caching web pages and filtering content

Question 57

What does RSA encryption algorithms do?

Answer 57

RSA is an asymmetric cryptography that can prevent MiTM by authenticating with public & private keys
Does not use logarithms its uses prime numbers and is the de factor standard for digital signatures

Question 58

Least privilege can be called what?

Answer 58

File system security only allow what is necessary to do a job

Question 59

Define recertification

Answer 59

Examine a user’s permissions to determine if they still need access to what was previously granted

Question 60

What is Snort & Wireshark?

Answer 60

Snort is a network intrusion detection system (NIDS)
Wireshark is a network protocol analyzer: monitors data traffic & analyze captured signals as it moves along LAN, PAN, & wireless networks

Question 61

What does Message Authentication Code (MAC) ensure?

Answer 61

Message Integrity
Protects against message replay, but does not ensure availability of data or confidentiality
HMAC - Hash-MAC is a symmetric key appended to message to the authorized recipient but lack confidentiality too
CBC-MAC symmetric key in CBC cipher mode encrypts the message

Question 62

What should you implement if you need to ensure wireless clients can only communicate with wireless access points and not other wireless clients?

Answer 62

Isolation Mode

FYI: SSID is a wireless network’s name

Question 63

What are the steps in a change control process?

Answer 63

Make a Request
Analyze the Request (cost, security?,...)
Record the Request
Submit the Request for Approval
Make the Change
Send to management for review

Question 64

Define spoofing

Answer 64

Spoofing aka masquerading is when a person or program pretends to be another person or program
the source IP addr is spoofed/modified to imitate an IP address from an authorized source
i.e. MiTM or session hijacking or email

Question 65

Pharming vs. spoofing

Answer 65

Both redirect to a fake site to steal info but pharming often poisons the DNS cache to ensure redirect even if correct URL is entered

Question 66

What does a packet-filtering firewall do?

Answer 66

Looks at a data packet to obtain source & destination addresses along with the protocol & port used
Compares to rules based on ACL
An application-level firewall examines the entire packet

Question 67

Define stateful firewal

Answer 67

Examines all packet layers to compile information for the state table

Question 68

What is a KDC?

Answer 68

Key Distribution Center used in Kerberos for storing, distributing, & maintaining cryptographic session keys
Client requests resource access through the KDC which Stores secret keys used to generate session keys so it does not use public keys

Question 69

What are 4 SIEM features?

Answer 69

Automated Alerting & Triggers for when a predetermined event occurs
i.e. NIPS shut down port 80 during unusually high web traffic
Correlation: find patterns between events among different devices
Logs/WORM long-term storage & security so data can’t be modified
Aggregation: collects events that are flagged by network hardware & SW applications

Question 70

Which algorithm does the US gov’t use for digital signatures that NIST & NSA developed?

Answer 70

Digital Signature Algorithm (DSA)

Question 71

Name three secret key encryption standards used to encrypt files.

Answer 71

AES, DES, IDEA

SHA-1 is a hashing algo to determine if the file was changed

Question 72

Define Protocol Analyzer

Answer 72

Provides info regarding traffic flow & statistical information on your network
Also called network analyzer or packer sniffer

Question 73

What are transport & tunnel modes used for?

Answer 73

Provided by IPSec to transmit IP packets securely
Tunnel good for VPN & entire IP packet
Transport good for ESP host-to-host & upper layer
Method to send encrypted data over the internet

Question 74

Difference between what backdoor & escalation of privilege use to gain access

Answer 74

Backdoor attacker inserts code to enter an app and bypass security
Escalation of privilege uses design flaws to gain unauthorized access
Vertical: obtains higher privileges to run unauthorized code
Horizontal: same level of permissions but using a different user account

Question 75

Define database views

Answer 75

A content-dependent access control based on sensitivity of info & user privilege
Partitioning ensures database security making it difficult to collect & combine confidential information to deduce facts

Question 76

Define stored procedures

Answer 76

SQL statements executed as a group & similar to scripts. Protects from SQL injection attacks