SecPlusP3

Question 1

What are Industrial Control Systems (ICS)?

Answer 1

Monitor and control industrial processes

Question 2

What are the two types of ICS?

Answer 2

Distributed Control Systems (DCS) and Programmable Logic Controllers (PLCs)

Question 3

What are SCADA systems?

Answer 3

ICS designed for monitoring and controlling geographically dispersed industrial processes

Question 4

What industries commonly use SCADA systems?

Answer 4

Electric power, water treatment, oil and gas

Question 5

What is unauthorized access?

Answer 5

Manipulating system operations

Question 6

What is a risk of malware attacks?

Answer 6

Disruptive attacks

Question 7

Why is lack of updates a vulnerability?

Answer 7

Unpatched vulnerabilities

Question 8

What are physical threats?

Answer 8

Damage to hardware or infrastructure

Question 9

What are some ways to implement strong access controls?

Answer 9

Strong passwords, Two-factor authentication, Limited access to authorized personnel only

Question 10

Why is it important to regularly update and patch systems?

Answer 10

To protect against known vulnerabilities

Question 11

What are some measures to detect and prevent unauthorized access?

Answer 11

Use Firewall and Intrusion Detection Systems

Question 12

Why is conducting regular security audits important?

Answer 12

To identify and address potential vulnerabilities through routine assessments

Question 13

What is the purpose of employee training?

Answer 13

To train employees on security awareness and response to potential threats

Question 14

What are embedded systems?

Answer 14

Specialized computing components designed for dedicated functions within larger devices

Question 15

What is a Real-Time Operating System (RTOS)?

Answer 15

A system designed for real-time applications that process data without significant delays

Question 16

What are some risks and vulnerabilities in embedded systems?

Answer 16

Hardware Failure
Software Bugs
Security Vulnerabilities
Outdated Systems

Question 17

What are some key security strategies for embedded systems?

Answer 17

Network Segmentation
Wrappers (e.g., IPSec)
Firmware Code Control
Challenges in Patching

Question 18

What are OTA updates?

Answer 18

Patches delivered and installed remotely

Question 19

What are the objectives of the Security Infrastructure section?

Answer 19

3.2 - Apply security principles to secure enterprise architecture, 4.5 - Modify enterprise capabilities to enhance security

Question 20

What does the Security Infrastructure encompass?

Answer 20

Hardware, software, networks, data, and policies

Question 21

What are the different types of firewalls?

Answer 21

Web Application, Unified Threat Management, Next-generation

Question 22

What are the functions of network appliances?

Answer 22

Load Balancing, Proxying

Question 23

What is the purpose of Port Security?

Answer 23

Restricting and controlling network access

Question 24

What is the basis of Port Security?

Answer 24

Media Access Control (MAC) addresses

Question 25

What are the concepts related to Port Security?

Answer 25

802.1x and EAP

Question 26

What technologies are used to secure network communications?

Answer 26

VPNs, IPSec, TLS

Question 27

What is the objective of creating a secure backbone for communication?

Answer 27

To ensure secure communication

Question 28

What is SD-WAN?

Answer 28

Software-Defined Wide Area Networks

Question 29

What is SASE?

Answer 29

Secure Access Service Edge

Question 30

What does SD-WAN optimize?

Answer 30

WAN connections with software-defined principles

Question 31

What does SASE integrate?

Answer 31

Security and wide area networking

Question 32

What are the infrastructure considerations for security?

Answer 32

Device placement, security zones, screen subnets, attack surfaces

Question 33

What concerns and considerations are there for connectivity?

Answer 33

205

Question 34

What are the different types of device attributes?

Answer 34

Active vs. passive, inline vs. taps or monitors

Question 35

What are the two failure mode options for security devices?

Answer 35

Fail-open or fail-closed

Question 36

How should infrastructure controls be selected?

Answer 36

Choosing controls aligned with network needs

Question 37

What should be ensured for a robust security architecture?

Answer 37

Ensuring robust security architecture

Question 38

What are ports?

Answer 38

Logical communication endpoints on a computer or server

Question 39

What are the two classifications of ports?

Answer 39

Inbound and outbound

Question 40

What are well-known ports and their range?

Answer 40

Assigned by IANA, range: 0-1023

Question 41

What are registered ports and their range?

Answer 41

Vendor-specific, registered with IANA, range: 1024-49151

Question 42

What is the range of dynamic and private ports?

Answer 42

49152-65535

Question 43

What are temporary outbound connections typically used for?

Answer 43

Data exchange

Question 44

Give an example of a protocol that uses port 443.

Answer 44

HTTPS

Question 45

What should you memorize for each port?

Answer 45

Port number, default protocol, TCP or UDP support, basic description

Question 46

Which protocol is typically associated with port 21?

Answer 46

FTP

Question 47

Which protocols are typically associated with port 22?

Answer 47

SSH, SCP, SFTP

Question 48

Which protocol is typically associated with port 23?

Answer 48

Telnet

Question 49

Which protocol is typically associated with port 25?

Answer 49

SMTP

Question 50

Which protocol is typically associated with port 53?

Answer 50

DNS

Question 51

Which protocol is typically associated with port 69?

Answer 51

TFTP

Question 52

What is the protocol used for port 80?

Answer 52

HTTP

Question 53

What is the specific service associated with port 88?

Answer 53

Kerberos

Question 54

Which protocol uses port 110?

Answer 54

POP3

Question 55

Which protocol uses port 119?

Answer 55

NNTP

Question 56

What is the abbreviation for Remote Procedure Call?

Answer 56

RPC

Question 57

Which protocols use ports 137, 138, and 139?

Answer 57

NetBIOS

Question 58

Which protocol uses port 143?

Answer 58

IMAP

Question 59

What is a firewall?

Answer 59

Network security device or software that monitors and controls network traffic based on security rules

Question 60

Why are firewalls important in cybersecurity?

Answer 60

Protects networks from unauthorized access and potential threats

Question 61

What are some study tips for learning about firewalls?

Answer 61

Create flashcards with protocol, port, and connection details
Regularly test yourself to memorize ports and protocols

Question 62

What is an advantage of Kernel Proxy Firewalls?

Answer 62

Minimal impact on network performance

Question 63

Where are Kernel Proxy Firewalls typically placed?

Answer 63

Close to the system they protect

Question 64

What is a characteristic of Next Generation Firewalls (NGFW)?

Answer 64

Application-aware

Question 65

What is a capability of Next Generation Firewalls (NGFW)?

Answer 65

Conduct deep packet inspection

Question 66

What method do Next Generation Firewalls (NGFW) use for intrusion detection?

Answer 66

Signature-based

Question 67

What are the benefits of using a UTM Firewall?

Answer 67

Operate fast, full-stack traffic visibility, can integrate with other security products

Question 68

What are the potential drawbacks of relying on a single vendor for firewall configurations?

Answer 68

Dependency and limitations on one product line

Question 69

What functions does a UTM Firewall combine?

Answer 69

Firewall, intrusion prevention, antivirus, and more

Question 70

What is a potential drawback of relying on a UTM Firewall?

Answer 70

UTMs are a single point of failure

Question 71

What is the main focus of a Web Application Firewall (WAF)?

Answer 71

Inspecting HTTP traffic and preventing web application attacks

Question 72

What are two common web application attacks that a WAF can prevent?

Answer 72

Cross-site scripting and SQL injections

Question 73

What are the two possible placements for a WAF?

Answer 73

In-line (live attack prevention) and out of band (detection)

Question 74

What layer does a Layer 4 Firewall operate at?

Answer 74

Transport layer

Question 75

What is the purpose of a layer 7 firewall?

Answer 75

Inspect, filter, and control traffic based on content and data characteristics

Question 76

What are access control lists (ACLs) used for?

Answer 76

Securing networks from unwanted traffic

Question 77

Where are rule sets placed?

Answer 77

On firewalls, routers, and network infrastructure devices

Question 78

What can be used to configure ACLs?

Answer 78

Web-based interface or text-based command line interface

Question 79

What does the order of ACL rules specify?

Answer 79

Order of actions taken on traffic (top-down)

Question 80

What happens when a matching rule is found in ACLs?

Answer 80

First matching rule is executed and no other ACLs are checked

Question 81

Where should the most specific rules be placed in ACLs?

Answer 81

At the top

Question 82

What should be done for devices that require a ‘deny all’ rule at the end?

Answer 82

Add a ‘deny all’ rule at the end

Question 83

What actions taken by network devices should be logged?

Answer 83

Deny actions

Question 84

What are ACL rules made up of?

Answer 84

Type of traffic, Source of traffic, Destination of traffic, Action to be taken against the traffic

Question 85

What is a hardware-based firewall?

Answer 85

Dedicated network security device that filters and controls network traffic at the hardware level

Question 86

What is a software-based firewall?

Answer 86

Firewall that runs as a software application on individual devices, such as workstations

Question 87

How do firewalls ensure security?

Answer 87

By specifying permitted and denied actions through ACLs

Question 88

What is the key difference between IDS and IPS?

Answer 88

IDS - Logs and alerts
IPS - Logs, alerts, and takes action

Question 89

What are the three types of Intrusion Detection Systems (IDS)?

Answer 89

Network-based IDS (NIDS), Host-based IDS (HIDS), Wireless IDS (WIDS)

Question 90

What does a Network-based IDS (NIDS) monitor?

Answer 90

Traffic coming in and out of a network

Question 91

What does a Host-based IDS (HIDS) look at?

Answer 91

Suspicious network traffic going to or from a single endpoint

Question 92

What does a Wireless IDS (WIDS) detect?

Answer 92

Attempts to cause a denial of service on a wireless network

Question 93

What are the two types of detection algorithms used in IDS?

Answer 93

Signature-based and anomaly-based

Question 94

What is the purpose of analyzing traffic based on defined signatures?

Answer 94

To recognize attacks based on previously identified attacks

Question 95

What is pattern-matching used for in traffic analysis?

Answer 95

To identify specific patterns of steps

Question 96

What are some examples of systems that use pattern-matching?

Answer 96

NIDS, WIDS

Question 97

What is stateful-matching used for in traffic analysis?

Answer 97

To compare against a known system baseline

Question 98

What is an Anomaly-based IDS?

Answer 98

Analyzes traffic and compares it to a normal baseline of traffic to determine whether a threat is occurring

Question 99

What are the five types of Anomaly-based Detection Systems?

Answer 99

Statistical, Protocol, Traffic, Rule or Heuristic, Application-based

Question 100

What is an Intrusion Prevention System (IPS)?

Answer 100

Logs, alerts, and takes action when it finds something suspicious or malicious

Question 101

What does a Network Appliance refer to?

Answer 101

A dedicated hardware device with pre-installed software for specific networking services

Question 102

What is the purpose of load balancers?

Answer 102

Distribute network/application traffic

Question 103

Why are load balancers important?

Answer 103

Enhance server efficiency and prevent overload

Question 104

What do load balancers ensure?

Answer 104

Redundancy and reliability

Question 105

What do application delivery controllers offer?

Answer 105

Advanced functionality

Question 106

Where are load balancers essential?

Answer 106

High-demand environments and high-traffic websites

Question 107

What are the main functions of proxy servers?

Answer 107

Content caching, request filtering, login management, enhancing speed and reducing bandwidth usage, adding a security layer and enforcing policies

Question 108

How do proxy servers protect against DDoS attacks?

Answer 108

By filtering and controlling incoming traffic

Question 109

What are the main functions of sensors?

Answer 109

Monitoring, detecting, analyzing network traffic and data flow

Question 110

What is the role of jump servers/jump box?

Answer 110

Secure gateways for system administrators to access devices in different security zones

Question 111

How do jump servers help in incident response during cyber-attacks?

Answer 111

By speeding up the incident response process

Question 112

What is port security?

Answer 112

Restricts device access based on MAC addresses

Question 113

How does port security enhance network security?

Answer 113

Prevents unauthorized devices from connecting

Question 114

What is a network switch?

Answer 114

Networking device that operates at Layer 2 of the OSI model

Question 115

How do network switches make traffic switching decisions?

Answer 115

Using MAC addresses through transparent bridging

Question 116

What is the purpose of a CAM table?

Answer 116

To remember connected devices based on MAC addresses

Question 117

How does a network switch increase security?

Answer 117

By broadcasting traffic only to intended receivers

Question 118

What is the purpose of Port Security Implementation?

Answer 118

Associate specific MAC addresses with interfaces to prevent unauthorized devices

Question 119

What is a potential vulnerability of Port Security Implementation?

Answer 119

Susceptible to MAC spoofing attacks

Question 120

What is the purpose of 802.1x Authentication?

Answer 120

Provides port-based authentication for wired and wireless networks

Question 121

What are the three roles involved in 802.1x Authentication?

Answer 121

Supplicant, Authenticator, Authentication server

Question 122

What protocols are utilized for actual authentication in 802.1x Authentication?

Answer 122

RADIUS or TACACS+

Question 123

What is the difference between RADIUS and TACACS+?

Answer 123

RADIUS is cross-platform, while TACACS+ is Cisco proprietary

Question 124

What are the advantages of using TACACS+?

Answer 124

Offers additional security and independently handles authentication, authorization, and accounting

Question 125

What is the difference in protocol support between RADIUS and TACACS+?

Answer 125

TACACS+ supports all network protocols, whereas RADIUS lacks support for some

Question 126

What is EAP?

Answer 126

A framework for various authentication methods

Question 127

What is the authentication process used in EAP-MD5?

Answer 127

Challenge handshake authentication process

Question 128

What is the one-way authentication process?

Answer 128

Doesn’t provide mutual authentication

Question 129

What is EAP-TLS?

Answer 129

Uses public key infrastructure with a digital certificate installed on both client and server

Question 130

What is EAP-TTLS?

Answer 130

Requires a digital certificate on the server, but not on the client

Question 131

What is EAP-FAST?

Answer 131

Uses protected access credential for mutual authentication

Question 132

What is PEAP?

Answer 132

Supports mutual authentication using server certificates

Question 133

What are Active Directory databases used for?

Answer 133

To authenticate a password from the client

Question 134

What is EAP-LEAP?

Answer 134

Cisco proprietary and limited to Cisco devices

Question 135

What does integrating EAP with port security and 802.1X enhance?

Answer 135

Network security

Question 136

What do VPNs do?

Answer 136

Extend private networks across public networks

Question 137

What are the different types of VPN configurations?

Answer 137

Site-to-site, client-to-site, and clientless

Question 138

What is a site-to-site VPN?

Answer 138

Connects two sites cost-effectively

Question 139

What are the benefits of using a site-to-site VPN?

Answer 139

Replaces expensive leased lines

Question 140

How does a site-to-site VPN work?

Answer 140

Utilizes a VPN tunnel over the public internet

Question 141

What is the main advantage of a site-to-site VPN?

Answer 141

Encrypts and secures data between sites

Question 142

What are the characteristics of a client-to-site VPN?

Answer 142

Connects a single host (e.g., laptop) to the central office

Question 143

What is a common use case for a client-to-site VPN?

Answer 143

Ideal for remote user access to the central network

Question 144

What are the configuration options for a client-to-site VPN?

Answer 144

Full tunnel and split tunnel configurations

Question 145

What is a clientless VPN?

Answer 145

Uses a web browser to establish secure, remote-access VPN

Question 146

How does a clientless VPN differ from other VPN types?

Answer 146

No need for dedicated software or hardware client

Question 147

What protocols does CompTIA Security+ use for secure connections to websites?

Answer 147

HTTPS and TLS

Question 148

What are the differences between a full tunnel VPN and a split tunnel VPN?

Answer 148

Full tunnel encrypts all network requests, split tunnel only encrypts specific requests

Question 149

What are the advantages of using a full tunnel VPN?

Answer 149

Provides high security, limits access to local resources

Question 150

When is a split tunnel VPN configuration suitable?

Answer 150

Remote access to central resources

Question 151

What does split tunneling do?

Answer 151

Divides traffic, routing some through the VPN, some directly to the internet

Question 152

Why is split tunneling recommended for better performance?

Answer 152

Enhances performance by bypassing VPN for non-central traffic

Question 153

What is one drawback of using split tunneling?

Answer 153

Less secure; potential exposure to attackers

Question 154

When should caution be exercised when using split tunneling?

Answer 154

Requires caution on untrusted networks

Question 155

What is TLS?

Answer 155

Provides encryption and security for data in transit

Question 156

What is TLS commonly used for in web browsers?

Answer 156

Secure connections (HTTPS)

Question 157

What protocol does TLS use for secure connections between a client and a server?

Answer 157

Transmission Control Protocol (TCP)

Question 158

What is DTLS?

Answer 158

A faster UDP-based alternative for secure connections

Question 159

What does DTLS protect against in clientless VPN connections?

Answer 159

Eavesdropping

Question 160

What is IPSec used for?

Answer 160

Provides confidentiality, integrity, authentication, and anti-replay protection

Question 161

What are the five key steps in establishing an IPSec VPN?

Answer 161

Request to start IKE, Authentication (IKE Phase 1), Negotiation (IKE Phase 2), Data transfer, Tunnel termination

Question 162

What are the two IPSec tunneling modes?

Answer 162

Transport Mode, Tunnel Mode

Question 163

What is the purpose of tunneling mode in VPNs?

Answer 163

Encapsulates the entire packet

Question 164

What are the benefits of using tunneling mode in VPNs?

Answer 164

Confidentiality for payload and header, authentication, integrity, encryption

Question 165

What is the difference between AH and ESP in IPSec?

Answer 165

AH provides connectionless data integrity and data origin authentication, while ESP provides confidentiality, integrity, encryption, and replay protection

Question 166

What are the considerations when choosing a VPN tunnel type?

Answer 166

Balance between security and performance, full tunnel for higher security but reduced local access, split tunnel for better performance but potentially lower security

Question 167

What is the purpose of SD-WAN?

Answer 167

Efficiently routes traffic between remote sites, data centers, and cloud environments

Question 168

What are the benefits of SD-WAN?

Answer 168

Increased agility, security, and efficiency for geographically distributed workforces

Question 169

What type of architecture does SD-WAN have?

Answer 169

Software-based architecture with control extracted from underlying hardware

Question 170

What transport services can be used with SD-WAN?

Answer 170

MPLS, Cellular, Microwave links, Broadband internet

Question 171

How does SD-WAN handle traffic routing?

Answer 171

Utilizes centralized control function for intelligent traffic routing

Question 172

What are the differences between traditional WANs and SD-WAN?

Answer 172

Traditional WANs vs. SD-WAN

Question 173

Which enterprises can benefit from SD-WAN?

Answer 173

Enterprises with multiple branch offices moving towards cloud-based services

Question 174

What does SASE stand for?

Answer 174

Secure Access Service Edge

Question 175

What is the purpose of SASE?

Answer 175

Addresses challenges of securing and connecting users and data across distributed locations

Question 176

What key technology does SASE utilize?

Answer 176

Software-defined networking (SDN)

Question 177

What are some components of SASE?

Answer 177

Firewalls, VPNs, Zero-trust network access, Cloud Access Security Brokers (CASBs)

Question 178

How is policy and management delivered in SASE?

Answer 178

Through a common set of policy and management platforms

Question 179

Which cloud providers offer services aligned with SASE?

Answer 179

AWS, Azure, Google Cloud

Question 180

What are some cloud services that offer secure, flexible, and global networking capabilities?

Answer 180

Google Cloud VPN

Question 181

Why is understanding and implementing SD-WAN and SASE important for organizations?

Answer 181

Enhanced security and successful migration to cloud-based environments

Question 182

What are some considerations for infrastructure when it comes to device placement?

Answer 182

Proper placement of routers, switches, and access points

Question 183

What are security zones?

Answer 183

Isolate devices with similar security requirements

Question 184

What are screened subnets?

Answer 184

Act as buffer zones between internal and external networks

Question 185

What is the purpose of a screened subnet?

Answer 185

Hosts public-facing services, protecting core internal networks

Question 186

What term is used for modern DMZ?

Answer 186

Screened subnet

Question 187

What does the term ‘attack surface’ refer to?

Answer 187

Points where unauthorized access or data extraction can occur

Question 188

How does a larger attack surface affect vulnerability risk?

Answer 188

Increases the risk of vulnerabilities

Question 189

What can be done to reduce the attack surface?

Answer 189

Identify and mitigate vulnerabilities

Question 190

What should be done regularly for network security?

Answer 190

Assess and minimize the attack surface

Question 191

What factors should be considered when choosing connectivity methods?

Answer 191

Scalability, speed, security, and budget constraints

Question 192

What are active devices?

Answer 192

Monitor and act on network traffic

Question 193

What are passive devices?

Answer 193

Observe and report without altering traffic

Question 194

What are inline devices?

Answer 194

Devices that are in the path of network traffic

Question 195

What is the key principle of Least Privilege?

Answer 195

Users and systems should have only necessary access rights

Question 196

What is the key principle of Defense in Depth?

Answer 196

Utilize multiple layers of security

Question 197

What is the key principle of Risk-based Approach?

Answer 197

Prioritize controls based on potential risks and vulnerabilities

Question 198

What is the key principle of Lifecycle Management?

Answer 198

Regularly review, update, and retire controls

Question 199

What is the open design principle?

Answer 199

Ensure transparency and accountability through rigorous testing and scrutiny of controls.

Question 200

What is the purpose of a gap analysis?

Answer 200

Identify discrepancies between current and desired security postures.

Question 201

Why is benchmarking important in security?

Answer 201

Compare your organization’s processes and security metrics with industry best practices.

Question 202

What is the purpose of conducting a cost-benefit analysis in security?

Answer 202

Evaluate the balance between desired security level and required resources.

Question 203

Why is stakeholder involvement important in control selection?

Answer 203

Ensure controls align with business operations.

Question 204

What is the importance of monitoring and feedback loops in control selection?

Answer 204

Continuously adapt to evolving threats.

Question 205

Why should organizations regularly conduct risk assessments?

Answer 205

To assess threats and vulnerabilities specific to their organization.

Question 206

What are some established frameworks for security?

Answer 206

NIST, ISO

Question 207

Why is it important to customize framework controls?

Answer 207

To match your organization’s risk profile and business operations

Question 208

Why is stakeholder engagement important?

Answer 208

To include all relevant decision-makers

Question 209

Why is regular training important?

Answer 209

To keep the workforce updated on security controls and threats

Question 210

What is the objective of Identity and Access Management (IAM) Solutions?

Answer 210

To ensure that the right individuals have the right access to the right resources for the right reasons.

Question 211

What are the components of Identity and Access Management (IAM) Solutions?

Answer 211

Password Management, Network Access Control, Digital Identity Management.

Question 212

What are the processes involved in IAM?

Answer 212

Identification, Authentication, Authorization, and Accounting (IAAA).

Question 213

What is the purpose of Identification in IAM?

Answer 213

To claim identity, e.g., username, email address.

Question 214

What is the purpose of Authentication in IAM?

Answer 214

To verify user, device, or system identity.

Question 215

What is the purpose of Authorization in IAM?

Answer 215

To determine user permissions after authentication.

Question 216

What is the purpose of Accounting in IAM?

Answer 216

To track and record user activities.

Question 217

What are the IAM processes?

Answer 217

Provisioning, Deprovisioning, Identity Proofing, Interoperability, Attestation

Question 218

What are the factors of multi-factor authentication (MFA)?

Answer 218

Something you know, Something you have, Something you are, Something you do, Somewhere you are

Question 219

What are some implementations of MFA?

Answer 219

Biometrics, Hard tokens, Soft tokens, Security keys, Passkeys

Question 220

What are some best practices for password security?

Answer 220

Password policies, Password managers, Passwordless authentication

Question 221

What are the types of password attacks?

Answer 221

Spraying, Brute Force, Dictionary, Hybrid

Question 222

What is Single Sign-On (SSO)?

Answer 222

User authentication service for multiple apps

Question 223

What technologies are used in SSO?

Answer 223

LDAP, OAuth, SAML

Question 224

What is Federation?

Answer 224

Sharing identities across systems or organizations

Question 225

What is Privileged Access Management (PAM)?

Answer 225

JIT Permissions, Password Vaulting, Temporal Accounts

Question 226

What are the access control models?

Answer 226

MAC, DAC, RBAC, RABC, ABAC

Question 227

What is Identity and Access Management (IAM)?

Answer 227

Critical component of enterprise security for managing access to information

Question 228

What does IAM ensure?

Answer 228

Right individuals have access to the right resources at the right times for the right reasons

Question 229

What are the four main IAM processes?

Answer 229

Identification, Authentication, Authorization, and Accountability

Question 230

What is authentication?

Answer 230

Verifying user identity

Question 231

What are some methods of authentication?

Answer 231

Passwords, biometrics, multi-factor authentication

Question 232

What is authorization?

Answer 232

Determining user permissions

Question 233

What does role-based access control do?

Answer 233

Ensures users have appropriate access

Question 234

What is the purpose of accounting/auditing?

Answer 234

Tracks and records user activities

Question 235

What does accounting/auditing help detect?

Answer 235

Security incidents, vulnerabilities

Question 236

What does accounting/auditing provide in case of breaches?

Answer 236

Evidence

Question 237

What is provisioning in IAM?

Answer 237

Creating new user accounts, assigning permissions, providing system access

Question 238

What is deprovisioning in IAM?

Answer 238

Removing access rights when no longer needed

Question 239

What is identity proofing?

Answer 239

Verifying a user’s identity before creating their account

Question 240

What is interoperability?

Answer 240

Systems working together and sharing information

Question 241

What are examples of standards for interoperability in IAM?

Answer 241

SAML and OpenID Connect

Question 242

What is attestation?

Answer 242

Validating user accounts and access rights

Question 243

What is Multi-factor Authentication?

Answer 243

Security system requiring multiple methods of authentication

Question 244

How does Multi-factor Authentication enhance security?

Answer 244

Creates a layered defense against unauthorized access

Question 245

What are the five categories of authentication for MFA?

Answer 245

Something You Know, Something You Have, Something You Are, Somewhere You Are, Something You Do

Question 246

What is a smart card?

Answer 246

Hardware token

Question 247

What is a key fob?

Answer 247

Hardware token

Question 248

What is meant by ‘something you are’ in authentication?

Answer 248

Inherence-Based Factor

Question 249

What are examples of biometric characteristics used for authentication?

Answer 249

Fingerprints, Facial recognition, Voice recognition

Question 250

What is meant by ‘somewhere you are’ in authentication?

Answer 250

Location-Based Factor

Question 251

How is the user’s location determined for location-based authentication?

Answer 251

IP address, GPS, or network connection

Question 252

What are geographical location restrictions?

Answer 252

Restrictions based on user’s location

Question 253

What is behavior-based factor authentication?

Answer 253

Authenticating based on user behavior patterns

Question 254

What are some examples of behavior-based factors?

Answer 254

Keystroke patterns, device interaction

Question 255

What is single factor authentication?

Answer 255

Using one authentication factor

Question 256

What is two-factor authentication?

Answer 256

Requiring two different authentication factors

Question 257

What is multi-factor authentication?

Answer 257

Using two or more authentication factors

Question 258

How many factors can be involved in MFA?

Answer 258

2, 3, 4, or 5 depending on configuration

Question 259

What are knowledge-based factors?

Answer 259

Passwords and PINs

Question 260

What is an alternative to traditional passwords for authentication?

Answer 260

Passkeys

Question 261

How can password managers improve security?

Answer 261

Generate long, strong, and complex passwords

Question 262

What are the benefits of fingerprint or facial recognition for authentication?

Answer 262

Secure and user-friendly

Question 263

What is the purpose of passkeys?

Answer 263

Utilize public key cryptography

Question 264

What does password security measure?

Answer 264

Effectiveness in resisting attacks

Question 265

What does the Group Policy Editor in Windows allow you to do?

Answer 265

Create password policies

Question 266

What is the importance of password length in password policies?

Answer 266

1

Question 267

What does password complexity refer to?

Answer 267

1

Question 268

Why should we avoid password reuse?

Answer 268

1

Question 269

What is password expiration?

Answer 269

Users changing passwords after a specific period

Question 270

What is password age?

Answer 270

Time a password has been in use

Question 271

What are the features of password managers?

Answer 271

Password generation, auto-fill, secure sharing

Question 272

What do password managers provide?

Answer 272

Secure methods to share passwords

Question 273

What is a benefit of password managers?

Answer 273

Cross-platform access

Question 274

What do password managers promote?

Answer 274

Password complexity, prevention of reuse, easy access to strong, unique passwords

Question 275

What do passwordless authentication methods provide?

Answer 275

Higher security and better user experience

Question 276

What is a brute force attack?

Answer 276

Tries every possible character combination until the correct password is found

Question 277

What are some types of password attacks?

Answer 277

Brute force, Dictionary, Password spraying, Hybrid

Question 278

How can brute force attacks be mitigated?

Answer 278

Increasing password complexity and length, Limiting login attempts

Question 279

What is a dictionary attack?

Answer 279

Cracking passwords using a list of common passwords

Question 280

How can dictionary attacks be mitigated?

Answer 280

Increase password complexity, limit login attempts, use multi-factor authentication

Question 281

What is password spraying?

Answer 281

Trying a few common passwords against multiple usernames or accounts

Question 282

How can password spraying be mitigated?

Answer 282

Use unique passwords, implement multi-factor authentication

Question 283

What is a hybrid attack?

Answer 283

Combines brute force and dictionary attacks

Question 284

What variations can be used in a hybrid attack?

Answer 284

Numbers or special characters added to passwords

Question 285

What is the advantage of a hybrid attack over other methods?

Answer 285

Effective for discovering passwords following specific patterns

Question 286

What is SSO?

Answer 286

Single Sign-On simplifies the user experience and enhances productivity.

Question 287

How does SSO work?

Answer 287

User logs into primary Identity Provider (IdP) and accesses secondary application configured for SSO.

Question 288

What are the benefits of SSO?

Answer 288

Improved user experience, increased productivity, reduced IT support costs, enhanced security.

Question 289

What is the LDAP protocol used for?

Answer 289

Accessing and maintaining distributed directory information, central repository for authentication and authorization.

Question 290

What is OAuth used for?

Answer 290

Token-based authentication and authorization without exposing passwords.

Question 291

What is the purpose of using JSON Web Tokens (JWT) for data transfer?

Answer 291

Enhancing security and flexibility

Question 292

What is the main benefit of using SAML?

Answer 292

Eliminates the need for services to authenticate users directly

Question 293

What is federation in the context of identity management systems?

Answer 293

Links electronic identities and attributes across multiple systems

Question 294

What does federation enable users to do across systems managed by different organizations?

Answer 294

Use the same credentials for login

Question 295

What is the key component that ensures security in federation?

Answer 295

Trust relationships between networks

Question 296

What is the purpose of redirection to the Identity Provider?

Answer 296

Authenticate the user

Question 297

How does the Identity Provider validate the user’s identity?

Answer 297

Using stored credentials

Question 298

What does the Identity Provider create after validating the user’s identity?

Answer 298

An assertion (token) in a standardized format

Question 299

What does the Service Provider do after receiving the assertion from the Identity Provider?

Answer 299

Verifies the assertion and grants access

Question 300

What are the benefits of using federated authentication?

Answer 300

Simplified user experience, reduced administrative overhead, increased security

Question 301

What is the purpose of Privileged Access Management?

Answer 301

Preventing data breaches and ensuring least privileged access

Question 302

What is Just-In-Time Permissions (JIT Permissions)?

Answer 302

Security model that grants administrative access only when needed

Question 303

What is the purpose of password vaulting?

Answer 303

Securely storing and managing passwords

Question 304

What is required for accessing stored passwords?

Answer 304

Multi-factor authentication

Question 305

What does the system track for privileged credentials?

Answer 305

Access

Question 306

What are temporal accounts?

Answer 306

Temporary accounts for time-limited access

Question 307

What happens to temporal accounts after a predefined period?

Answer 307

Automatically disabled or deleted

Question 308

What is mandatory access control (MAC)?

Answer 308

Uses security labels to authorize resource access

Question 309

What does MAC require?

Answer 309

Assigning security labels to both users and resources

Question 310

What is Discretionary Access Control (DAC)?

Answer 310

Resource owners specify which users can access their resources

Question 311

What is Role-Based Access Control (RBAC)?

Answer 311

Assigns users to roles and assigns permissions to roles

Question 312

What is Rule-Based Access Control?

Answer 312

Uses security rules or access control lists

Question 313

What is Attribute-Based Access Control (ABAC)?

Answer 313

Considers various attributes like user’s name, role, organization ID, or security clearance

Question 314

What are the environment attributes that affect access decisions?

Answer 314

Time of access, data location, and current organization’s threat level

Question 315

What are the resource attributes that affect access decisions?

Answer 315

File creation date, resource owner, file name, and data sensitivity

Question 316

What is the purpose of time-of-day restrictions?

Answer 316

Limits access based on specific time periods.

Question 317

What is the Principle of Least Privilege?

Answer 317

Users are granted the minimum access required to perform their job functions.

Question 318

What is the role of a Local Administration Account?

Answer 318

High level of access, allows administrator to change system settings, install softwares, and perform managerial tasks.

Question 319

What is the role of a Standard User Account?

Answer 319

Can’t change system settings, can store files in their designated area only.

Question 320

What is the principle of least privilege?

Answer 320

A user should only have the minimum access rights needed to perform their job.

Question 321

What is a Microsoft Account?

Answer 321

Free online account to sign in to Microsoft services

Question 322

What is User Account Control (UAC)?

Answer 322

Mechanism to authorize administrative actions

Question 323

What is the purpose of UAC?

Answer 323

Minimize risk of users gaining administrative privileges

Question 324

Can access control and permissions apply to groups of users?

Answer 324

Yes

Question 325

How do you access file and folder permissions in Windows?

Answer 325

Right-click on a file or folder, select ‘Properties’, navigate to the ‘Security’ tab

Question 326

What happens when you set permissions at the folder level?

Answer 326

The permissions are applied to all files within that folder

Question 327

What is the importance of only giving out necessary permissions?

Answer 327

Ensure security and minimize risks

Question 328

What are vulnerabilities?

Answer 328

Weaknesses or flaws in hardware, software, configurations, or processes

Question 329

What are the consequences of vulnerabilities?

Answer 329

Unauthorized Access, Data Breaches, System Disruptions

Question 330

What are attacks?

Answer 330

Deliberate actions by threat actors to exploit vulnerabilities

Question 331

What forms can attacks take?

Answer 331

Unauthorized Access, Data Theft, Malware Infections, DoS Attacks, Social Engineering

Question 332

What are some examples of hardware vulnerabilities?

Answer 332

Firmware, end-of-life systems, missing patches, misconfigurations

Question 333

What is a recommended mitigation for hardware vulnerabilities?

Answer 333

Harden systems, patch, enforce baseline configurations, decommission old assets, isolation

Question 334

What are some examples of Bluetooth vulnerabilities and attacks?

Answer 334

Bluesnarfing, Bluejacking, Bluebugging, Bluesmark, Blueborne

Question 335

What are some examples of mobile vulnerabilities and attacks?

Answer 335

Sideload, Jailbreaking, Insecure connections

Question 336

What is a recommended mitigation for mobile vulnerabilities and attacks?

Answer 336

Patch Management

Question 337

What is mobile device management?

Answer 337

Managing and securing mobile devices

Question 338

What is the purpose of preventing sideloading?

Answer 338

To prevent the installation of unauthorized apps

Question 339

What is rooting?

Answer 339

Gaining administrative access to a mobile device

Question 340

What are zero-day vulnerabilities?

Answer 340

Newly discovered and exploited vulnerabilities with no known defenses

Question 341

What are the types of operating system vulnerabilities?

Answer 341

Unpatched systems, zero-days, misconfigurations

Question 342

How can operating system vulnerabilities be protected?

Answer 342

Patching, configuration management, encryption, endpoint protection, firewalls, IPS, access controls

Question 343

What are SQL injections?

Answer 343

Exploiting web app or database vulnerabilities

Question 344

What is XML Injection?

Answer 344

Injects malicious scripts into XML data processing.

Question 345

What are the targets of XML Injection?

Answer 345

XML data processing.

Question 346

What are Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Attacks?

Answer 346

Injecting malicious scripts into web pages and triggering actions on different websites without user consent, respectively.

Question 347

What is a buffer overflow?

Answer 347

Software vulnerability when more data is written to a memory buffer than it can hold.

Question 348

What are race conditions?

Answer 348

Multiple processes or threads accessing shared resources simultaneously.

Question 349

What are hardware vulnerabilities?

Answer 349

Security flaws in physical components or design

Question 350

What are firmware vulnerabilities?

Answer 350

Software on hardware devices that can grant attackers control

Question 351

What are vulnerabilities due to insecure development, outdated practices, and overlooked updates?

Answer 351

End-of-Life, Legacy, and Unsupported Systems

Question 352

What is an end-of-life system?

Answer 352

No updates or support from the manufacturer

Question 353

What is a legacy system?

Answer 353

Outdated and superseded by newer alternatives

Question 354

What is an unsupported system?

Answer 354

No official support, security updates, or patches

Question 355

What are the risks associated with unpatched systems?

Answer 355

Exposed to known exploits and attacks

Question 356

What are hardware misconfigurations?

Answer 356

Incorrect device settings or options

Question 357

What is hardening?

Answer 357

Tightening security measures

Question 358

What are some strategies for hardening?

Answer 358

Closing unnecessary ports, disabling services, setting permissions

Question 359

What is patching?

Answer 359

Regular updates to address vulnerabilities

Question 360

What does patching address?

Answer 360

Known vulnerabilities in software, firmware, and applications

Question 361

What is configuration enforcement?

Answer 361

Ensure devices adhere to secure configurations

Question 362

What is decommissioning?

Answer 362

Retire end-of-life or legacy systems posing security risks

Question 363

What is isolation?

Answer 363

Isolate vulnerable systems from the enterprise network

Question 364

What is segmentation?

Answer 364

Divide the network into segments to limit the impact of breaches

Question 365

What is Bluetooth?

Answer 365

Wireless technology for short-distance data exchange

Question 366

What are some vulnerabilities of Bluetooth?

Answer 366

Insecure pairing

Question 367

What is device spoofing?

Answer 367

Impersonating a device to trick a user

Question 368

What are on-path attacks?

Answer 368

Intercepting and altering Bluetooth communications

Question 369

What is bluejacking?

Answer 369

Sending unsolicited messages to a Bluetooth device

Question 370

What is bluesnarfing?

Answer 370

Unauthorized access to a device to steal information

Question 371

What is bluebugging?

Answer 371

Allows attackers to take control of a device’s Bluetooth functions

Question 372

What is bluesmack?

Answer 372

Denial-of-service attack by overwhelming a device with data

Question 373

What is BlueBorne?

Answer 373

Spreads through the air to infect devices without user interaction

Question 374

What is the first best practice for secure Bluetooth usage?

Answer 374

Turn off Bluetooth when not in use.

Question 375

What does setting devices to ‘non-discoverable’ mode by default help prevent?

Answer 375

Unsolicited connection attempts.

Question 376

What should be done regularly to ensure Bluetooth security?

Answer 376

Update firmware.

Question 377

What precaution should be taken when pairing Bluetooth devices?

Answer 377

Only pair with known and trusted devices.

Question 378

What is one way to add security during the pairing process?

Answer 378

Use a unique PIN or passkey

Question 379

Why should you be cautious of unsolicited connection requests?

Answer 379

To avoid accepting requests blindly

Question 380

What does encryption do for sensitive data transfers?

Answer 380

Scrambles data to prevent unauthorized access

Question 381

What is sideloading?

Answer 381

Installing apps from unofficial sources

Question 382

What can sideloading introduce?

Answer 382

Malware

Question 383

What should you do to mitigate sideloading risks?

Answer 383

Download apps from official sources with strict review processes

Question 384

What is jailbreaking/rooting?

Answer 384

Giving users escalated privileges

Question 385

What can jailbreaking/rooting expose devices to?

Answer 385

Potential security breaches

Question 386

How does using open Wi-Fi networks or pairing with unknown devices over Bluetooth expose devices?

Answer 386

To attacks

Question 387

How can you mitigate the risks of insecure connection methods?

Answer 387

Use cellular data for more secure connections and connect only to known devices

Question 388

How can you minimize mobile vulnerabilities?

Answer 388

MDM solutions

Question 389

What are the methods to secure a network?

Answer 389

Using long passwords, 802.1x authentication

Question 390

What does MDM stand for?

Answer 390

Mobile Device Management

Question 391

What does MDM do to minimize vulnerabilities?

Answer 391

Patching, configuration management, best practice enforcement, zero-day vulnerability detection

Question 392

What are zero-day exploits?

Answer 392

Attacks that target previously unknown vulnerabilities

Question 393

What is a zero-day?

Answer 393

Refer to the vulnerability, exploit, or malware that exploits the vulnerability

Question 394

Why are zero-day exploits significant in the cybersecurity world?

Answer 394

They can be lucrative and are sold to government agencies, law enforcement, and criminals

Question 395

Who can earn money by discovering zero-day vulnerabilities?

Answer 395

Bug bounty hunters

Question 396

Why do threat actors save zero-days for high-value targets?

Answer 396

To increase the chances of successful attacks

Question 397

What can an up-to-date antivirus detect?

Answer 397

Known vulnerabilities’ exploitation

Question 398

Why do attackers exploit unpatched systems?

Answer 398

They have known vulnerabilities

Question 399

How can unpatched system vulnerabilities be mitigated?

Answer 399

Regular system updates and patches

Question 400

How can host-based intrusion prevention systems help with zero-day vulnerabilities?

Answer 400

Detect and block suspicious activities

Question 401

How can misconfigurations occur?

Answer 401

Improperly configured system settings

Question 402

What can be done to mitigate vulnerabilities due to misconfigurations?

Answer 402

Standardize and automate configuration processes

Question 403

What is data exfiltration?

Answer 403

Unauthorized data transfers from an organization to an external location

Question 404

How can data exfiltration be protected against?

Answer 404

Encryption for data at rest and endpoint

Question 405

What can endpoint protection tools do?

Answer 405

Monitor and restrict unauthorized data transfers

Question 406

What are malicious updates?

Answer 406

Updates that appear legitimate but contain malware or exploits

Question 407

How can you verify the authenticity of updates?

Answer 407

By maintaining application allow lists and checking digital signatures and hashes

Question 408

What is an injection attack?

Answer 408

Sending malicious data to a system for unintended consequences

Question 409

What is the goal of SQL and XML injections?

Answer 409

To insert code into systems

Question 410

What is SQL used for?

Answer 410

Interact with databases

Question 411

What are the four main SQL actions?

Answer 411

Select, Insert, Delete, Update

Question 412

What is the purpose of the SQL SELECT statement?

Answer 412

Read data from the database

Question 413

What is the purpose of the SQL INSERT statement?

Answer 413

Write data into the database

Question 414

What is the purpose of the SQL DELETE statement?

Answer 414

Remove data from the database

Question 415

What is the purpose of the SQL UPDATE statement?

Answer 415

Overwrite some data in the database

Question 416

What is an XML Bomb?

Answer 416

Consumes memory exponentially, acting like a denial-of-service attack

Question 417

What is an XXE Attack?

Answer 417

Attempts to read local resources, like password hashes in the shadow file

Question 418

How can you prevent XML vulnerabilities?

Answer 418

Implement proper input validation

Question 419

What is Cross-Site Scripting (XSS)?

Answer 419

Injects a malicious script into a trusted site to compromise the site’s visitors

Question 420

What is the goal of an XSS attack?

Answer 420

To have visitors run a malicious script bypassing normal security mechanisms

Question 421

What are the four steps to an XSS attack?

Answer 421

1. Identify input validation vulnerability
2. Craft a URL for code injection
3. Inject malicious code into trusted site
4. Run malicious code in client’s browser

Question 422

What are the functions of an XSS attack?

Answer 422

Defacing the trusted website, stealing user’s data, intercepting data or communications

Question 423

What is Non-Persistent XSS?

Answer 423

A XSS attack that only occurs when launched and happens once

Question 424

What is Persistent XSS?

Answer 424

Allows an attacker to insert code into a backend database

Question 425

What is a server-side scripting attack?

Answer 425

Exploits the server to execute the attack

Question 426

What is DOM XSS?

Answer 426

Exploits the client’s web browser to modify web page content

Question 427

What is a client-side scripting attack?

Answer 427

Exploits the client’s device to execute the attack

Question 428

What can a client-side scripting attack be used for?

Answer 428

To change the DOM environment

Question 429

How does a client-side scripting attack run?

Answer 429

Using the logged in user’s privileges on the local system

Question 430

What is session management?

Answer 430

Enables web applications to uniquely identify a user across actions and requests

Question 431

What is a cookie?

Answer 431

A fundamental security component in modern web applications

Question 432

What is a non-persistent cookie?

Answer 432

A session cookie that is deleted at the end of the session.

Question 433

What is a persistent cookie?

Answer 433

A cookie that is stored in the browser cache until deleted or expired.

Question 434

What is session hijacking?

Answer 434

A type of spoofing attack where the attacker disconnects a host.

Question 435

What is session prediction?

Answer 435

Type of spoofing attack where the attacker attempts to predict the session token in order to hijack the session

Question 436

How can session prediction attacks be prevented?

Answer 436

By using a non-predictable algorithm to generate session tokens

Question 437

What is XSRF?

Answer 437

Malicious script used to exploit a session started on another site within the same web browser

Question 438

How can XSRF attacks be prevented?

Answer 438

Use user-specific tokens in all form submissions and add randomness and additional information prompts when resetting passwords

Question 439

Why is two-factor authentication important?

Answer 439

Increases security by adding an additional layer of verification.

Question 440

What is required when changing a password?

Answer 440

Entering the current password.

Question 441

How common is buffer overflow as an initial attack vector in data breaches?

Answer 441

85% of data breaches used buffer overflow.

Question 442

What are buffers used for in programs?

Answer 442

Temporary storage areas for data

Question 443

What happens when a buffer overflows?

Answer 443

Data spills into adjacent memory locations

Question 444

What is the purpose of the stack in a program?

Answer 444

To store data during processing

Question 445

How does an attacker exploit the stack?

Answer 445

By overwriting the return address with malicious code

Question 446

What is the goal of a stack smashing attack?

Answer 446

Overwrite the return address with malicious code

Question 447

How does a stack smashing attack work?

Answer 447

By modifying the return address

Question 448

What can an attacker do once they have successfully modified the return address?

Answer 448

Execute remote code on the victim’s system

Question 449

What are NOP instructions used for in a stack smashing attack?

Answer 449

To create a slide for the return address

Question 450

How do NOP instructions help in a stack smashing attack?

Answer 450

Slide the return address down to the attacker’s code

Question 451

What is Address Space Layout Randomization (ASLR)?

Answer 451

Randomizes memory addresses used by well-known programs to make it harder to predict the location of the attacker’s code.

Question 452

What is a race condition?

Answer 452

Software vulnerabilities related to the order and timing of events in concurrent processes.

Question 453

Why are race conditions exploitable?

Answer 453

Allows attackers to disrupt intended program behavior and gain unauthorized access.

Question 454

What is dereferencing?

Answer 454

Removing the relationship between a pointer and the memory location it was pointing to

Question 455

What causes vulnerabilities in race conditions?

Answer 455

Unexpected conflicts and synchronization issues

Question 456

How do attackers exploit race conditions?

Answer 456

Timing their actions with vulnerable code execution

Question 457

What can exploitation of race conditions lead to?

Answer 457

Unauthorized access, data manipulation, and system crashes

Question 458

What is a real-world example of race condition exploitation?

Answer 458

Dirty COW Exploit

Question 459

What types of race conditions exist?

Answer 459

Time-of-Check (TOC), Time-of-Use (TOU), Time-of-Evaluation (TOE)

Question 460

What can be used to synchronize access to shared resources?

Answer 460

Locks and mutexes

Question 461

What does a mutex do?

Answer 461

Acts as a gatekeeper to a section of code so that only one thread can be processed at a time

Question 462

What is the purpose of locks and mutexes?

Answer 462

To ensure only one thread or process can access a specific section of code at a time

Question 463

What should be done to prevent deadlocks when using locks?

Answer 463

Properly design and test locks

Question 464

What is a deadlock?

Answer 464

Lock remains in place after process completes

Question 465

What is the importance of understanding cyber threats?

Answer 465

First step to effective prevention and mitigation

Question 466

What are the variants of DDoS attacks?

Answer 466

Denial of Service, Amplified DDoS, Reflected DDoS

Question 467

What are the types of DNS attacks?

Answer 467

DNS Cache Poisoning, DNS Amplification, DNS Tunneling

Question 468

What is domain hijacking?

Answer 468

Unauthorized takeover of a domain name

Question 469

What is a DNS zone transfer?

Answer 469

A method of copying DNS records from a primary DNS server to a secondary DNS server

Question 470

What are directory traversal attacks?

Answer 470

Exploiting insufficient security validation of user-supplied input file names

Question 471

What is privilege escalation attack?

Answer 471

Exploiting system vulnerability to gain elevated access

Question 472

What are replay attacks?

Answer 472

Malicious or fraudulent repeat/delay of a valid data transmission

Question 473

What are malicious code injection attacks?

Answer 473

Introduction of harmful code into a program or system

Question 474

What are indicators of compromise (IoC)?

Answer 474

Examples include account lockout, concurrent session usage, blocked content, etc.

Question 475

What is a distributed denial of service (DDoS) attack?

Answer 475

Attack that tries to make resources unavailable

Question 476

What is a denial of service (DoS) attack?

Answer 476

Attempt to make resources unavailable

Question 477

What is a ping flood?

Answer 477

Overloading server with ICMP echo requests

Question 478

What is a SYN flood?

Answer 478

Initiating multiple TCP sessions but not completing handshake

Question 479

How can a ping flood be countered?

Answer 479

Blocking echo replies

Question 480

What countermeasure can be used against flood attacks?

Answer 480

Flood guard

Question 481

What is a Permanent Denial of Service (PDOS) Attack?

Answer 481

Exploits security flaws to break a networking device permanently by re-flashing its firmware

Question 482

What is a Fork Bomb?

Answer 482

Creates a large number of processes, consuming processing power

Question 483

What is a Distributed Denial of Service (DDoS) attack?

Answer 483

Malicious attempt to disrupt the normal functioning of a network, service, or website by overwhelming it with a flood of internet traffic

Question 484

What is a DNS amplification attack?

Answer 484

DDoS attack using DNS requests to flood a website

Question 485

How do black hole/sinkhole solutions work against DDoS attacks?

Answer 485

Routes attacking IP traffic to a non-existent server

Question 486

What is the benefit of using specialized cloud service providers for DDoS protection?

Answer 486

Web application filtering, content distribution, robust network defenses

Question 487

What is the role of DNS in the internet?

Answer 487

Translating human-friendly domain names

Question 488

What is DNS cache poisoning?

Answer 488

Corrupts cache with false information

Question 489

How can DNS cache poisoning be mitigated?

Answer 489

Use DNSSEC, secure network configurations and firewalls