Security Flashcards
A firewall operating as a ____ passes or blocks traffic to specific addresses based on the type of application and the port used.
packet filter
A ___ firewall can be thought of as an intermediary between your network and any other network.
proxy
____ firewalls are used to process requests from an outside network; the ____ firewall examines the data and makes rule-based decisions about whether the request should be forwarded or refused.
Proxy
A proxy firewall typically uses two ____.
network interface cards (NICs).
*Note
This type of firewall is referred to as a dual-homed firewall.
____ proxy functions read the individual commands of the protocols that are being served.
Application-level
An implementation of this type of proxy must know the difference between ___ and ___ operations, for example, and have rules specifying how to execute them.
Get & Put
A ____ proxy creates a circuit between the client and the server and doesn’t deal with the contents of the packets that are being processed.
circuit-level
Many proxy servers also provide full ____, and other usage information that wouldn’t normally be kept by a circuit-level proxy server.
full auditing, accounting
____ inspection is also referred to as ____ packet filtering.
Stateful
____ describe how the employees in an organization can use company systems and resources, both software and hardware.
Acceptable use policies (AUPs)
A ____ attack is an attempt to guess passwords until a successful guess occurs.
brute-force
A ____ attack uses a dictionary of common words to attempt to find the user’s password.
dictionary
A ___ attack typically uses a combination of dictionary entries and brute force.
hybrid
___ are software programs that have the ability to hide certain things from the operating system; they do so by obtaining (and retaining) administrative-level access.
Rootkits
A ____ virus exploits the enhancements made to many application programs.
macro
A ____virus attaches itself to legitimate programs and then creates a program with a different filename extension.
companion
A ____ attack is an attempt by someone or something to masquerade as someone else.
spoofing
Rather than self-replicating, like viruses and worms, ___ is spread to machines by users who inadvertently ask for it.
spyware
An ____ virus is designed to make itself difficult to detect or analyze. ____ viruses cover themselves with protective code that stops debuggers or disassemblers from examining critical elements of the virus.
armored
A ____ virus attaches itself to legitimate programs and then creates a program with a different filename extension.
companion
A ____ virus exploits the enhancements made to many application programs.
macro
____ viruses can infect all of the documents on your system and spread to other systems via email or other methods. Macro viruses are one of the fastest-growing forms of exploitation today.
Macro
A ___ virus attacks your system in multiple ways.
multipartite
A ___ virus alters programs and databases and the only way to remove this virus is to reinstall the programs that are infected.
phage
A ____ is an algorithm or other element of a virus that uniquely identifies it.
signature
A ____ virus attempts to avoid detection by masking itself from applications.
stealth
With a ____ virus an infected file may report a file size different from what is actually present.
stealth
____ are programs that enter a system or network under the guise of another program.
Trojan horses
With ____, software—often delivered through a Trojan horse—takes control of a system and demands that a third party be paid.
ransomware
With ____ spoofing (also known as ___ poisoning), the media access control (MAC) address of the data is faked.
ARP
With ___ spoofing, the ___ server is given information about a name server that it thinks is legitimate when it isn’t.
DNS
This type of spoofing can send users to a website other than the one to which they wanted to go, reroute mail, or do any other type of redirection for which data from a DNS server is used to determine a destination.
DNS
Software running on infected computers called zombies is often known as a ___.
botnet
Given a security-related scenario, ____ can take into account such settings as restricting user permissions, setting login time restrictions, disabling the guest account, locking an account after a certain number of failed attempts, and configuring a screen lock when the system times out after a certain length of inactivity.
account management
____ systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed.
Data loss prevention (DLP)
One of the best-known DLP systems is ___
MYDLP
Microsoft wanted to create a group in Windows that was not as powerful as the Administrators group, and that is how the ___ group came into being.
Power Users
____ would be given read/write permission to the system, allowing members to install most software but keeping them from changing key operating system files.
Power users
*Note
The group did not work out as planned, and in Windows Vista, Windows 7, and Windows 8/8.1, the group has no more permissions than a standard user. The group is now only kept around for backward compatibility with Windows XP systems.
Before Windows NT was released, it had become apparent to Microsoft that a new file system was needed to handle growing disk sizes, security concerns, and the need for more stability. ___ was created to address those issues.
NTFS
One of the benefits of NTFS was a ____ system, which made it possible for Windows NT to back out of any disk operations that were in progress when it crashed or lost power.
transaction tracking
With NTFS, files, directories, and volumes, each can have their own ___.
security
It’s possible to convert from ___ to NTFS without losing data, but you can’t do the operation in reverse
FAT32
If you’re using FAT32 and want to change to NTFS, the convert utility will allow you to do so. For example, to change the E: drive to NTFS, the command is convert
e: /FS:NTFS
What NTFS permission gives the user all of the other choices and the ability to change permissions. The user can also take ownership of the directory or any of its contents?
Full Control
What NTFS permission Combines the Read & Execute permission with the Write permission and further allows the user to delete everything, including the folder?
Modify
What NTFS permission combines the permissions of Read with those of List Folder Contents and adds the ability to run executables?
Read & Execute
What NTFS permission allows the user to navigate the entire directory structure, view the contents of the directory, view the contents of any files in the directory, and see ownership and attributes?
Read
What NTFS permission allows the user to create new entities within the folder.
Write
____ allows for encryption/decryption of files stored in NTFS volumes.
Encrypting File System (EFS)
A ___ format (typically only accomplished in the factory) can be performed on the system, or a utility can be used to completely wipe the disk clean.
low-level
Never perform a low-level format on ___ or ___ drives! They’re formatted at the factory, and you may cause problems by using low-level utilities on these types of drives.
IDE or SCSI
____ the drive entails copying over the data with new data.
Overwriting
____ involves applying a strong magnetic field to initialize the media (this is also referred to as disk wiping).
Degaussing
A ___ is different from a virus in that it can reproduce itself, it’s self-contained, and it doesn’t need a host application to be transported.
worm
____ is an attempt to steal a valid IP address and use it to gain authorization or information from a network.
TCP/IP hijacking
A attack attempts to replay the results of a previously successful session to gain access.
replay
A exploitation attack attempts to exploit weaknesses in software.
software
*Note
A common attack attempts to communicate with an established port to gain unauthorized access.
Your computer is infected with a virus that can change signature each time it is executed. What type of virus is it?
Polymorphic
What term refers to an antivirus software file updated from time to time to protect a computer from new viruses?
Definition
Which of the following commands will show the MAC address on a Windows-based PC?
ipconfig /all
Rootkits are programs that infiltrate the operating system in order to gain administrator-level access. Rootkits are notoriously difficult to detect and remove. Sometimes reinstalling the operating system is the only way to recover from a rootkit infection. Rootkits have the following features:
They allow an attacker to run packet sniffers secretly to capture passwords.
They allow an attacker to set a Trojan into the operating system and thus open a backdoor for anytime access.
They allow an attacker to replace utility programs that can be used to detect the attacker’s activity.
They provide utilities for installing Trojans with the same attributes as legitimate programs.
___ is used to collect personal information stored in the computer and send it to a third party without the permission of the user.
Spyware
What category of malware do pop-up advertisements fall beneath?
Adware
