SecPlusP4 Flashcards
How does a DNS amplification attack exploit the DNS resolution process?
By sending spoofed DNS queries to open DNS servers
What is one way to mitigate the impact of DNS responses?
Limit the size of DNS responses
How can DNS tunneling be used to bypass firewall rules?
Encapsulates non-DNS traffic over port 53
What is one way to mitigate domain hijacking?
Monitor and analyze DNS logs for unusual patterns
What is a DNS Zone Transfer Attack?
Attempts to obtain an entire DNS zone data copy
What can a DNS Zone Transfer Attack expose?
Sensitive information about a domain’s network infrastructure
What can a Directory Traversal Attack allow access to?
Commands, files, and directories that may or may not be connected to the web document root directory
What character do Windows systems use as the default directory separator?
\
What character do Unix-like systems use as the directory separator?
/
What can directory traversals be used to do?
Access any file on a system with the right permissions
How can attackers hide directory traversal attempts?
Using encoding (%2e%2e%2f represents ../)
What is file inclusion vulnerability?
A web application vulnerability that allows an attacker to download or upload files
What is remote file inclusion?
Injecting a remote file into a web app or website
What is an example of remote file inclusion?
Attacker executing a script with a remote file URL
What is local file inclusion?
Adding a file to a web app or website that already exists on the server
What is an example of local file inclusion?
Attacker adding a file to the web app with server file URL
What do ../ in logs pertain to?
Directory traversals
What is a directory traversal attack?
Attacker tries to access files outside the target directory
How can input validation help prevent directory traversals and file inclusion attacks?
Verify and sanitize user input to ensure it conforms to expected formats
What is arbitrary code execution?
Running an attacker’s code without restrictions
What is remote code execution?
Executing code remotely, often over the internet
What is privilege escalation?
Gaining higher-level permissions than originally assigned
Why is privilege escalation dangerous?
Allows attackers to operate with elevated privileges, such as administrator or root access
What is vertical privilege escalation?
Going from normal user to higher privilege (e.g., admin or root)
What is horizontal privilege escalation?
Accessing or modifying resources at the same level as the attacker
Why is understanding privileges crucial for system security?
Applications inherit the permissions of the user running them
What is a rootkit?
Malware that conceals its presence by modifying system files
What is Ring Zero?
Highest privilege level for the kernel
What are Kernel mode rootkits?
More dangerous due to extensive control
What are Rings 1 to 3?
User-level components with decreasing privileges
Why are Ring Zero rootkits more dangerous?
Extensive control over the kernel
What is a kernel mode rootkit?
Rootkit embedded in the kernel with maximum control
What is a user mode rootkit?
Rootkit attached to user-level components with administrator-level privileges
What is a replay attack?
Malicious re-broadcasting or delaying of valid data transmissions
How is a replay attack different from a session hijack?
In a session hijack, the attacker alters real-time data transmission while in a replay attack, the attacker can decide later whether to retransmit the data
Where can replay attacks occur?
Banking, email, online shopping, social media, wireless authentication
What is a credential replay attack?
Capturing user’s login credentials and reusing them for unauthorized access
How can replay attacks be prevented?
Use session tokens, implement multi-factor authentication, use security protocols like WPA3
What is the purpose of a cookie?
To store information about a user when they visit a website
Why must cookies be protected?
They contain client information transmitted across the Internet
What are session cookies?
Non-persistent, reside in memory, deleted when browser is closed
What are persistent cookies?
Stored in browser cache, deleted by user or expiration date
What should be done to cookies that store confidential information?
Encrypt them
How can session hijacking attacks occur?
Theft or modification of cookies
What is a session prediction attack?
Attacker predicts session token to hijack a session
What is the requirement for generating a session token?
Non-predictable algorithm and no session information
What is cookie poisoning?
Modifying a cookie to exploit web app vulnerabilities
What is an on-path attack?
Attacker positions between hosts to intercept communication
What are some methods for On-Path Attacks?
ARP Poisoning, DNS Poisoning, Rogue Wireless Access Point, Rogue Hub or Switch
What is ARP Poisoning?
Manipulating ARP tables to redirect network traffic
What is DNS Poisoning?
Altering DNS responses to reroute traffic
What is a Rogue Wireless Access Point?
Creating a fake wireless access point to intercept traffic
What is a Rogue Hub or Switch?
Introducing a malicious hub or switch to capture data on a wired network
What is a Replay Attack?
Capturing valid data and replaying it immediately or with a delay
What is a relay attack?
Attacker becomes part of conversation
What is the role of the attacker in a relay attack?
Serves as a proxy to read or modify communication
What is one challenge faced by attackers in relay attacks?
Difficulty in intercepting and crafting communication due to encryption
What encryption scheme can pose significant challenges for attackers in relay attacks?
TLS 1.3
What is SSL stripping?
An attack that tricks the encryption application into presenting an HTTP connection instead of HTTPS
What does SSL stripping enable attackers to do?
Capture unencrypted data when the user believes they are using a secure connection
What is a downgrade attack?
An attacker forces a client or server to abandon a higher security mode in favor of a lower security mode
What is the scope of downgrade attacks?
Downgrade attacks can be used with various encryption and protection methods, including Wi-Fi and VPNs
What situations are vulnerable to a downgrade attack?
Any situation where a client agrees to a lower level of security that is still backward compatible
What are injection attacks?
Unspecified
What is LDAP?
An open application protocol for accessing and maintaining distributed directory information services
What is LDAP Injection?
An application attack that targets web-based applications by fabricating LDAP statements
How to protect against LDAP injection?
Use input validation and input sanitization
What is command injection?
Executing shell commands via a vulnerable web application
What is process injection?
Executing arbitrary code in a separate live process
What are some methods of process injection?
Injection through DLLs, Thread Execution Hijacking, Process Hollowing, Process Doppel Ganging, Asynchronous Procedure Calls, Portable Executable Injections
How can process injection be mitigated?
Endpoint security solutions, Security Kernel Modules, Least Privilege, Indicators of Compromise
What are indicators of compromise?
Forensic data that identify potentially malicious activity
What does IoC stand for?
Indicators of Compromise
What is account lockouts?
Locking an account due to multiple failed login attempts
Why is balancing security with usability crucial when implementing account lockout?
To avoid locking legitimate users out
What does concurrent session usage refer to?
Multiple active sessions from a single user account
What does blocked content involve?
Attempts to access or download content blocked by security protocols
What does blocked content suggest?
User trying to access malicious content or an attacker attempting to steal data
What are indicators of impossible travel in account logins?
Geographically distant locations and unreasonably short timeframe
What can unusual spikes in resource utilization indicate?
Malware infections or DDoS attacks
What is resource inaccessibility in relation to security attacks?
Inability to access files, databases, or network services
What does out-of-cycle logging indicate?
Attacker trying to hide activities during off-peak hours
What does missing logs suggest?
Logs have been deleted to hide attacker activities
What are some examples of published articles or documents that attackers can use to publicly disclose their actions?
Social media, hacker forums, newspaper articles, victim’s own website
What is the purpose of hardening in security?
Strengthen overall security posture and resilience against cyberattacks
What are some measures of hardening?
Apply security patches, configure access controls, disable unnecessary services
What are default configurations in security?
System or application settings that are pre-set by the vendor
What is the purpose of restricting applications in security?
Prevent unauthorized or malicious software from running
What is a method to identify unnecessary services?
System audit or vulnerability scanning
What are the risks and consequences of running unnecessary services?
Increased attack surface
How can disabling unnecessary services reduce the attack surface?
By reducing potential entry points for attackers
What are trusted operating systems?
Operating systems with rigorous security evaluations and certifications
What is the role of Group Policies in Windows environments?
Central management and control of user and computer settings
What is SELinux?
Security-Enhanced Linux, implementing mandatory access controls for enhanced security
What are the different levels of data encryption?
Full-disk, Partition, File, Volume, Database, Record Level Encryption
What is the purpose of secure baselines?
Establishing a secure starting point for minimizing security risks
Why should default passwords be changed?
To ensure security
How often should passwords be rotated?
Every 90 days
What should be used to manage passwords?
Password manager
What should be done with unneeded ports?
Close them
What should be done with enabled ports and protocols?
Audit them
What should be used instead of insecure protocols?
Secure versions
What should be done with extra open ports?
Close the insecure ones
What can be done to restrict applications?
Implement application restrictions
What is the goal of least functionality?
To provide only the necessary applications and services
Why should unneeded applications be restricted or uninstalled?
To reduce vulnerabilities
Why is keeping software up-to-date important for security?
To ensure the latest security patches and fixes are applied
What is the challenge with managing software in large networks?
Controlling excessive installations
What are secure baseline images used for?
To install new computers
What does a secure baseline image include?
OS, minimum required applications, and strict configurations
How should secure baseline images be updated?
Based on evolving business needs
Why is preventing unauthorized software installation important?
It poses security risks
What are application allowlisting and blocklisting used for?
To control which applications can run on a workstation
How does application allowlisting work?
Only approved applications are allowed to run
What happens to applications not on the approved list in application allowlisting?
They are blocked from running
What is a Trusted Operating System (TOS)?
Operating system that enforces stringent security policies
What is Evaluation Assurance Level (EAL)?
Security standard for assessing security controls in an OS
What is the highest level of assurance?
EAL 7
What is mandatory access control?
Access permissions determined by system administrators and enforced by operating system
What is security auditing?
Process of monitoring and analyzing computer systems to ensure they are operating securely
What is role-based access control?
Access permissions determined by roles assigned to users
What is an example of a trusted operating system?
SELinux
What does Trusted Solaris offer?
Secure multi-level operations with MAC and detailed system audits
How does Trusted OS enhance security?
By using microkernels and minimizing the trusted base
What should be considered when choosing an operating system?
Balancing security with usability, performance, and functional requirements
What are the two methods of patch management?
Manual and Automated
What is a hotfix?
A software patch that solves a security issue and should be applied immediately
What is an update?
Provides additional functionality but doesn’t usually patch security issues
What is a service pack?
Includes all hotfixes and updates since the release of the operating system
What are the risks of updates?
They can introduce new vulnerabilities
What does effective patch management involve?
Assigning a dedicated team to track vendor security patches
What is the importance of establishing automated system-wide patching for OS and applications?
1
How can cloud resources be included in patch management?
2
What are the categories for prioritizing patches?
2
Why is it important to create a test environment for critical patches before production deployment?
1
What is the purpose of maintaining comprehensive patching logs?
3
How can firmware updates be evaluated, tested, and deployed?
2
How can urgent patches be deployed to production?
2
What should be done periodically with non-critical patches?
2
What is patch management?
Planning, testing, implementing, and auditing of software patches
Why is patch management important?
Important for compliance
What are the four steps in the patch management process?
Planning, Testing, Implementing, Auditing
What is the purpose of planning in patch management?
Creating policies, procedures, and systems to track and verify patch compatibility
What is the purpose of testing in patch management?
To prevent the patch from causing additional problems
How can patch implementation be done?
Manually or automated
Why should large organizations use a central update server?
Centralized control
How can mobile devices be patched?
Using an MDM
What are patch rings?
Implementing patches group by group
What is auditing in patch management?
Scanning network and checking for issues
Why should firmware versions be monitored and patched?
To maintain security and stability
What are group policies?
Rules and policies for users or computers
How can you access the Group Policy Editor?
Enter ‘gpedit’ in the run prompt.
What is the purpose of the local Group Policy Editor?
To create and manage policies within a Windows environment.
What are some examples of rules that can be applied using Group Policies?
Password complexity requirements, account lockout policies, software restrictions, application restrictions.
What is a security template?
A group of policies that can be loaded through the Group Policy Editor
What is the purpose of a security template in corporate environments?
To create security templates with predefined rules based on administrative policies
What is a Group Policy Objective (GPO) used for?
To harden the operating system and establish secure baselines
What is baselining?
A process of measuring changes in the network, hardware, or software environment
How does the Group Policy Editor in Windows be accessed?
By entering ‘gpedit’ in the run prompt
What can be done using the Group Policy Editor?
Create allow or block list rules for application control policies
How do you navigate to the App Locker section in the Group Policy Editor?
Navigate to ‘Computer Configuration’ > ‘Windows Settings’ > ‘Security Settings’ > ‘Application Control Policies’ > ‘App Locker’
What is the first step in creating an executable rule in App Locker?
Create an executable rule
What are the two options to choose from when creating an executable rule?
Choose to allow or deny
Who can you select for the rule to apply to?
Select who the rule applies to (e.g., everyone)
What are the conditions you can define for the rule in App Locker?
Define the rule based on conditions like publisher, path, or file hash
What are the steps to create a rule in Group Policy Editor?
Specify path, Name rule, Create default rules, Deploy policy
What are the default allow rules in Group Policy Editor?
Program Files, Windows folder, Administrators
What is an example of a deny rule in Group Policy Editor?
Block files in temp directory
What does SELinux enforce?
Mandatory Access Control (MAC)
What are context-based permissions?
Permission schemes based on properties
What are the two main context-based permission schemes in Linux that use MAC?
SELinux and AppArmor
What is DAC?
Discretionary Access Control
What does DAC allow object owners to do?
Directly control access using tools like ‘chown’ and ‘chmod’
What does SELinux rely on for permissions and access control?
MAC
What does SELinux enhance?
File system and network security
What are the three main contexts in SELinux?
User Context, Role Context, Type Context
What is remote work?
Employees work outside the traditional office
What is hybrid work?
Combines traditional office work with remote work opportunities
What are the security challenges of remote and hybrid work environments?
Increased risk due to lack of physical security controls outside the office, data exposure, weaker network security, cyberattacks, increased risk of device loss or theft
What are some measures to address security challenges in remote work?
Establish comprehensive policies, use secure connections like VPN, implement multi-factor authentication, provide cybersecurity training and awareness, encourage reporting of incidents, use company-issued devices, define security measures for BYOD, set up automated backups, choose secure collaboration tools, maintain clear communication
What is the recommended method for data access in remote work?
VPN
What should be done to enhance security for data access in remote work?
Implement multi-factor authentication
What should employees receive to improve their cybersecurity awareness?
Cybersecurity training
What should be encouraged in the event of security incidents?
Reporting
What is a secure option for device usage in remote work?
Company-issued devices
How should personally owned devices be secured?
Define security measures for BYOD
What should be done for data protection?
Set up automated backups
What should be considered when choosing collaboration tools?
End-to-end encryption and administrative controls
What is important for maintaining effective security measures in remote work?
Clear communication with the cybersecurity team
How many IP addresses can computers understand?
270
How can computers understand 270 https://www.DionTraining.com?
IP addresses
How many domains can group policies be used to deploy and manage allowlists and blocklists?
286
What allow centralized management of lists?
tory domain controllers
What does the Optional Context Level Context describe?
sensitivity level of a file, directory, or process
What is the Optional Context Level Context Describes the sensitivity level of a file, directory, or process?
a multi-level security context
How many security techniques must you be able to apply to computing resources?
4.5
What is the Security Techniques Objectives?
4.1
What is the name of the study topic?
Wireless Infrastructure Security
What is a Transport method selection?
Wireless Infrastructure Security
What impacts network performance and security?
Placement of Wireless Access Points
What is crucial for securing wireless networks in organizations?
Wireless Infrastructure Security
What standards do WAPs use to connect wireless devices to a wired network?
Wi-Fi standards 300
What does WAPs allow wireless devices to connect to a wired network using Wi-Fi standards 300?
Wireless Access Point Placement
What is used on higher locations for better coverage?
Mount WAPs
What is a site visit to test for radio frequency interference?
301
What type of coverage does CompTIA Security+ provide?
Wireless coverage
What is SY0-701?
CompTIA Security+
What is a useful tool for visualizing the effectiveness of WAP placement and configuration?
Signal leakage
What is the name of the device that helps in visualizing the effectiveness of WAP placement and configuration?
Wireless Security Settings
What is essential for data confidentiality in wireless networks?
Wireless Encryption
What types of services are offered?
Authentication, Authorization, and Accounting
What is the terminal Access Controller Access-Control System Plus?
TACACS+
What is the purpose of TCP encryption?
enhanced security
What is used for enhanced security?
TCP
What is used to verify user identity and control network access?
Authentication Protocols
How many websites are there for DionTraining?
308
What is the name of the web filtering technique?
Agent-Based Web Filtering
What type of security is often used by schools, universities, and organizations to ensure safe and educational internet usage?
Email Security
What protects email content, accounts, and infrastructure from unauthorized access, loss, or compromise?
Encompasses techniques and protocols
What is a protection against email spoofing?
Improved email deliverability
Where does a receiving server check if the sender’s IP is authorized?
SPF record 310
What does SY0-701 mean?
CompTIA Security+
What is CompTIA Security+?
SY0-701
What is the goal of preventing email spoofing?
Improving email deliverability
How many UBA tools can identify potential threats before significant damage occurs?
315
What is another example of HTTP vs. SFTP?
HTTPS
What often indicate whether a protocol is secure?
Default port numbers
What can add a layer of obscurity but not replace robust security measures?
Changing port numbers
What layer of security can change port numbers add?
obscurity
How many times does the program’s scope define?
324
What is the definition of security weaknesses?
True
What are valuable maps for attackers 330?
Vulnerability reports
What can be used to share reports on a need-to-know basis?
Encrypt reports
Importance Crucial for maintaining integrity, confidentiality, and availability of information systems Components Alerting (not
Monitoring
What type of alerts are there?
True Positive
What is a legitimate issue?
False Positive
What is the name of the issue that indicates an issue when there isn’t one?
True Negative
What is the name of the issue that does not exist in the absence of an issue?
False Negative
What does False Negative mean?
Correctly recognizes the absence of an issue
How many false positives do you want to avoid?
alert fatigue
What software tool is used for scanning and analyzing?
Manual Monitoring
What type of tools are used for scanning and analyzing?
Software tools
What is the overview of monitoring systems, applications, and infrastructure?
Monitoring Resources
What is a log Aggregation?
Monitoring Activities
What is the name of the report that generates reports on system and network status?
Archiving
What does Alert Response and Remediation/Validation do?
historical data
What are historical data?
Alert Response and Remediation/Validation
What is SIEM?
Security Information and Event Management
What tools collects and aggregates log data?
Security Tools
What are some sources of data collected from?
Antivirus, DLP systems, NIDS, NIPS, firewalls, Vulnerability scanner
How many networks does DionTraining have?
Network performance 334
What can indicate potential issues?
Deviations from the baseline
What may indicate code problems or resource deficiencies?
Slower response times
What does Observe physical and virtual infrastructure, including servers, networks, virtual machines, containers, and cloud services?
Infrastructure Monitoring
What can be triggered based on thresholds or anomalies?
alerts
What does CompTIA Security+ include?
Vulnerability scanning
What is the name of the data that is stored at DionTraining.com?
Incident data 337
What is one of the steps that should be taken to manage and resolve issues based on alerts or scans?
Investigating
What changes alert parameters to reduce errors, false positives, and improve alert relevance?
Alert Tuning
What is SNMP?
Simple Network Management Protocol
What types of tools are included in the collection?
free and open-source SIEM tools
What is the name of the software that protects systems against malware?
Data from Security Tools
What is the name of the CompTIA that Generates malware detection logs, system scans, and updates?
Security+
How many logs does DionTraining.com have?
344
What are Network Intrusion Detection Systems and NIDS?
Network Intrusion Prevention Systems
What is the name of the Simple Network Management Protocol?
SNMP
What is the Multi Router Traffic Grapher?
MRTG
How many people are detected by SPOG?
350
What can security teams monitor the environment for suspicious signs?
Security teams can monitor the environment for suspicious signs like unusual traffic or failed logins
What steps can be implemented as software or hardware?
Defining Requirements
What are the steps for implementing SPOG Defining Requirements Defining Requirements
Software or hardware
How many phases is Containment, Eradication, and Recovery divided into?
three
How many phases is Detection and Analysis divided into?
two
How many Phases of Incident Response focuses on making systems resilient to attacks by hardening systems?
355
How many Phases of Incident Response are Preparation Get an organization ready for future incidents?
Seven Phases of Incident Response
What is the name of the computer network that creates policies, procedures, and a communication plan?
CompTIA Security+ (SY0-701)
What is the purpose of identifying an effective solution?
Implement and track the solutions
What are the lessons learned?
Documents experiences during incidents
What is the name of the team that collects formalized information about what happened?
incident response
What is the name of the organization that has full-time incident response teams?
IT Support 357
What is used to detect threats that haven’t been discovered by normal security monitoring?
Proactive cybersecurity technique
What do Threat Actors and Activities do?
Create scenarios to understand how attackers might attempt an intrusion
What is the purpose of CompTIA Security+?
Threat Hunting Process
How many times is the root cause analysis?
359
What is the name of the source device?
CompTIA Security+ (SY0-701)
What are the data sources for an Incident Investigation?
Dashboards and Automated Reports
What do you need to be able to use to support an investigation?
Data Sources
What is a Role Foundation for understanding potential entry points?
Identify system vulnerabilities
What type of traffic does Firewall Logs detect?
Monitor network traffic
How many logs do DionTraining logs detect?
368
What is the name of Study Notes?
CompTIA Security+ (SY0-701)
Automated responses can include suspending user accounts, blocking IP addresses, and what?
resetting passwords
The analysis of the report is essential to confirm what ity of identified vulnerabilities?
Valid
What reduces the risk of burnout?
Reduces repetitive and mundane tasks
How much does DionTraining reduce staffing needs and optimizes resource allocation?
Cost savings
How many times does DionTraining.com have?
381
What improves IT and customer support team efficiency?
Automating Support Ticket Management
Automating SupportTicket Management Enhances what?
IT and customer support team efficiency
What improves customer satisfaction?
Streamlines issue resolution
How many steps does Automating Support Ticket Creation take?
Six steps
What is the name of the six steps in the ticket creation process?
Automating Support Ticket Creation
What reduces the risk of lost or overlooked tickets?
Accelerates response time to user needs
What addresses complex or high-priority issues?
Ticket escalation
What is Automation Involves using technology to execute repetitive tasks without continuous human intervention?
Automating Onboarding
How many support ticket management processes does DionTraining have?
383
How many platforms does Automation keep user information synchronized across?
384
What are the resources included in Resource Provisioning Software licenses Communication tools Process involves Requirements analysis
Workstations
How does Automating Security help prevent?
security vulnerabilities
What is the name of the website that automates service access management to prevent unnecessary risks?
386
What is the name of the system that manages permissions using Role-based Access Controls?
Automating Permissions Management
What is the purpose of managing access rights using Role-based Access Controls?
Automate provisioning and de-provisioning
What verifies each check-in and detects problems 387?
Automated build process
What ensures software quality after integration?
Automated tests
What is CI/CD?
Continuous Delivery
What does CD stop short of automatic production deployment?
Automated testing and build processes
What is automated only to a certain stage?
Full deployment process
What is the purpose of deployment to production environment?
manual business decision
How many times does DionTraining.com allow flexibility in timing, market conditions, and stakeholder readiness?
388
What takes CI/CD further by automatically deploying code changes to testing and production environments?
Continuous Deployment
How many years ago did DionTraining enable software developers to access functions or features of another application programmatically?
389
What are APIs used to facilitate communication between different parts of a microservice or service-oriented architecture?
Common communication methods
What is the name of the common communication method used by APIs?
REST
What types of methods does REST use for interactions?
HTTP methods, status codes, URIs, and MIME types
What is used for data transfer?
JSON
What protocol is suitable for integration with existing websites?
Lightweight protocol
What is a simple Object Access Protocol?
SOAP
In what format does SOAP have a structured message format?
XML
What is SOAP’s structured message format known for?
robustness, additional security features, and transaction compliance
What has a structured message format in XML?
SOAP
Suitable for what type of web services?
enterprise-level web services
What type of requirements do web services have?
regulatory compliance requirements
What type of transactions are required for enterprise-level web services?
complex transactions
What are the commonly used protocols for API testing?
HTTP and HTTPS 390
CURL allows sending data to an API and receiving what type of response?
JSON
What is the goal of 5.6?
Security Awareness
What is Knowledge and understanding of security threats and mitigation measures Goal Equip individuals to recognize and respond to threats for data protection?
Security Awareness
How many passwords does DionTraining.com have?
392
What is insider threat from individuals within an organization?
Security risk
What are techniques Maintaining situational awareness, avoiding shoulder surfing, eavesdropping?
Social Engineering Attacks
What does Organizational mindset prioritize security in daily tasks and decision-making?
Creating a Culture of Security
What is essential in addressing insider threats?
Training employees
How many items do Discreet investigations to rule out illicit activities, theft, or information selling?
394
What do employees under financial stress express financial woes to coworkers?
Financial Struggles
What is the name of the person who is responsible for detecting anomalous behavior while respecting employee privacy?
Password Managers
What is a specialized tool, plugin, or extension used with web browsers?
Password Manager
What are most usernames?
Email addresses
