Section 5 Flashcards

1
Q

What is business continuity planning

A

refers to the plans you put in place to ensure that critical business functions can continue in a state of emergency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is disaster recovery planning

A

refers to the plans you put in place to prepare for a potential disaster, including what exactly to do during and after a disaster strikes, such as evacuation routes posted on maps throughout the facility or signage indicating meeting places in the case of an evacuation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are deterrent measures

A

aim to discourage those who might violate your security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are detective measures

A

alert you to potential intrusions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are preventive controls

A

physically prevent intrusions from taking place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is network segmentation

A

divide it into multiple smaller networks called subnets. You can control the flow of traffic between subnets, allowing or disallowing it based on a variety of factors or even blocking the flow of traffic entirely if necessary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are network chokepoints

A

locations where you can inspect, filter, and control the traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is packet filtering

A

the firewall looks at the contents of each packet in the traffic individually and either allows or disallows it based on the source and destination IP addresses, the port number, and the protocol being used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are deep packet inspection firewalls

A

they can analyze the actual content of the traffic that flows through them. deep packet inspection firewalls can reassemble the contents of the traffic to see what it will deliver to the application for which it’s destined.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a demilitarized zone (DMZ)

A

a layer of protection that separates a device from the rest of a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are signature-based IDS

A

They maintain a database of the signatures that might signal an attack and compare incoming traffic to those signatures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are anomaly-based IDS

A

work by determining the normal kinds of traffic and activity taking place on the network. They then measure the present traffic against this baseline in order to detect patterns that aren’t present in the traffic normally

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are packet crafting attacks

A

use packets of traffic that carry attacks or malicious code but are designed to avoid detection by IDS, firewalls, and other similar devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the 2 terms for client and server when talking about VPNs

A

the VPN client application and the VPN concentrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are rogue access points

A

unauthorized wireless access points

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the 2 different types of scanners

A

port scanners and vulnerability scanners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are honeypots

A

look legitimate but are fake and display vulnerabilities or materials that would be attractive to an attacker. Able to see all activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are honeypots

A

look legitimate but are fake and display vulnerabilities or materials that would be attractive to an attacker. Able to see all activity of attacker. networks of honeypots are called honeynets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are honeynets

A

networks of honeypots with some sort of centralized instrumentation for monitoring all of the honeypots

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is Scapy

A

a tool used to map the topology of firewalls and help you locate vulnerabilities in them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is Scapy

A

a tool used to map the topology of firewalls and help you locate vulnerabilities in them as well as specially crafting ICMP packets to evade some of the normal measure put in place to prevent you from seeing devices behind firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the attack surface

A

the sum of available avenues though which your OS might be attacked

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the six primary means of OS hardening

A

remove unnecessary software, remove unneeded services, alter default accounts, use principles of least privilege, perform updates, implement logging and auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is executable space protection

A

a technology that prevents the OS and apps from using certain portions of the memory to execute code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is address space layout randomization (ASLR)

A

a technique that shifts the contents of the memory in used around so that tampering with it is even more difficult

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is a buffer overflow attack

A

works by inputting more data than an application is expecting and then the leftover data is put into memory which can be executed as malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is an exploit framework

A

a collection of prepackaged exploits and tools, such as network mapping tools and sniffers.

28
Q

What is OpenVAS used for

A

to locate specific security flaws in your services or network-enababled software

29
Q

What is a host-based IDS

A

used to analyze the activities on or directed at the network interface of a particular asset (host).

30
Q

What are the 2 corporate owned mobile device types

A

corporate-owned business only (COBO) or corporate-owned personally enabled (COPE)

31
Q

What is a baseband operating system

A

a tiny operating system running on its own processor which is underneath the OS you can see on modern mobile devices. it handles things like USB ports, GPS, radios, etc.

32
Q

What are race conditions

A

when multiple processes (or multiple threads within a process) control or share access to a resource and the correct handling of that resource depends on the proper ordering or timing of transactions. If you were to perform 2 actions at once than there might be an error not giving the correct result.

33
Q

What happens in a format string attack

A

attackers use certain print functions within a programming language that are meant to format the output but instead allow the attacker to manipulate or view an application’s internal memory.

34
Q

What are authentication attacks

A

those that attempt to gain access to resources without the proper credentials to do so.

35
Q

What are authorization attacks

A

attacks that attempt to gain access to resources without the appropriate authorization to do so.

36
Q

What happens in a cross-site scripting (XSS) attack

A

placing code written in a scripting language into a web page, or other media like Adobe Flash animation and some types of video files, that is displayed by a client browser. When other people view the web page or media, they execute the code automatically, and the attack is carried out.

37
Q

What happens in a directory traversal attack

A

gain access to the file system outside of the web server’s structure where content is stored by using the ../ character sequence, which moves up one level of a directory to change directories

38
Q

What are privilege escalation attacks

A

those that increase your level of access above what you’re authorized to have on the system or application.

39
Q

What is “spidering”

A

indexing and mapping all files and directories on a target web server

40
Q

What are 2 tools that can find web app vulnerabilities

A

OWASP ZAP & Burp Suite

41
Q

What is fuzz testing

A

uses tools called fuzzers that work by bombarding your applications with all manner of data and inputs from a wide variety of sources, in the hope that you can cause the application to fail or to perform some unexpected behavior.

42
Q

What is bounds checking

A

setting a limit on the amount of data an app takes in to mitigate a buffer overflow attack

43
Q

Which port service needs to be removed when running a webserver

A

Port 53 is typically blocked on webservers to prevent Domain Name System (DNS) servers from divulging critical information to attackers.

44
Q

What is an industrial control system

A

any system controlling an industrial process

45
Q

What is a supervisory control and data acquisition system

A

a kind of industrial control system that specifically monitors and controls systems over long distances, often those related to utilities and other infrastructure

46
Q

What is an air-gapped network

A

a network which has no direct connections to the outsdie

47
Q

What is a controller area network bus

A

a network on which the embedded devices in a car communicate to each other

48
Q

What are 2 common vulnerability assessment tools

A

Qualys and Nessus

49
Q

What is a container

A

an entirely self-contained and ready-to-run virtualized instance, specifically designed to allow easy scaling up and down of portions of the environment seeing variable levels of load. only includes everything needed to run an application, including the code, runtime, system tools, libraries, and configurations.

50
Q

What is the pentesting process

A

scoping -> reconnaissance -> discovery -> exploitation -> reporting

51
Q

What is OWASP ZAP

A

designed to automatically find security vulnerabilities in web applications while you are developing and testing your applications.

52
Q

What is Burp Suite

A

designed to be an all-in-one solution for web application vulnerability scanning, and provides a variety of features that can help identify and exploit security issues.

53
Q

What are rules of engagement in a pentest

A

These rules may specify times of day in which testing must take place, procedures testers should follow if they uncover a severe vulnerability, and so on.

54
Q

What happens in a directory traversal attack

A

gain access to the file system outside of the web server’s structure where content is stored by using the ../ character sequence, which moves up one level of a directory to change directories

54
Q

What happens in a directory traversal attack

A

gain access to the file system outside of the web server’s structure where content is stored by using the ../ character sequence, which moves up one level of a directory to change directories

55
Q

What happens during reconnaissance in a pentest

A

the research you conduct before attempting any attacks against a target.

56
Q

What happens during exploitation in a pentest

A

attempting to exploit the vulnerabilities you detected in the earlier stages. This may include attacking vulnerabilities in the environment or even chaining multiple vulnerabilities together to penetrate deeper into the environment.

56
Q

What happens during reporting in a pentest

A

document what you discovered and what exact steps you need to reproduce the attacks you successfully carried out.

56
Q

What happens during scoping in a pentest

A

company lays out what you are testing against what is off limits, and may provide rules of engagement

57
Q

What happens during discovery in a pentest

A

you’d likely run your vulnerability assessment tools, if you didn’t already do so, and go over the results. In this step, you’d look for open ports and services on hosts to detect any running services that could be vulnerable to attack.

58
Q

What is the difference between black-box, white-box, and gray-box testing

A

in black-box testing the tester has no knowledge of the environment other than the testing scope

in white-box testing the tester has all the information about the environment available

in gray-box testing the attacker is given some inside information about the environment, but not as much as they’d get if they were conducting a white-box test.

59
Q

What is static analysis in pentesting

A

involves directly analyzing the application source code and resources. For instance, the tester might pore through the code, looking for issues such as logic errors or vulnerabilities that exist due to the specific lines of code and libraries in use

60
Q

What is dynamic analysis in pentesting

A

involves testing the application while it’s in operation—in other words, testing the compiled binary form or the running web application.

61
Q

What are file integrity monitoring (FIM) tools

A

used to monitor the integrity of the application and operating system files on a particular machine. file may automatically be reverted to its original state or alert someone.

62
Q

What is alert fatigue

A

If you send too many alerts, particularly if they’re false alarms, your blue team will start to ignore the alerts entirely. The answer to this is to carefully send actionable alerts (those that prompt a specific response) and to send as few alerts as possible.