Security 6.1

Question 1

What technique would a hacker use to target the availability of network services?

Answer 1

Compromise hosts with bot malware to launch a coordinated attack that overwhelms a web service

Question 2

Confidentiality

Answer 2

Information is only revealed to authorized people

Think Encryption

Question 3

Confidentiality Concerns

Answer 3

Snooping, Eavesdropping/wiretapping, Social Engineering, dumpster diving

Question 4

Snooping

Answer 4

this is any attempt to get access to information on a host or storage device

Question 5

Eavesdropping/Wiretapping

Answer 5

snooping on data or telephone conversations as they pass over the network.

“tap” into a wire network or intercept unencrypted wireless transmissions

Question 6

Social Engineering/Dumpster Diving

Answer 6

getting users to reveal information or finding printed information.

Question 7

Integrity

Answer 7

Data being stored and transferred has not been altered without authorization.

(Think Non-Repudiation/Hashing)

Question 8

Man in MIddle

Answer 8

hosts sits between 2 communicating nodes and captures comms and relays all communications between them.

Question 9

Replay Attack

Answer 9

host captures another’s to some server and replays that response to gain unauthorized access.

Question 10

Availability Concerns

Answer 10

Keeping a service running so that authorized users can access and process data whenever necessary.

(Think ACCESS)

Ex. Denial or Service D.O.S., Power Outage, Hardware Failure, Destruction, Service Outage

Question 11

Authentication

Answer 11

One or more methods of proving that a user is who they say they are

(Proving that you are who you say you are or what you claim to be)

Question 12

Non-repudiation

Answer 12

the assurance that someone cannot deny the validity of something.

Question 13

Authorization

Answer 13

creating one or more barriers around the resource such that only authenticated users can gain access.

(permissions list that allows what users can do)

Question 14

Accounting

Answer 14

Recording when and by whom a resource was accessed.

(

Question 15

Hashing

Answer 15

the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string.

Question 16

Which action is an example of an appropriate redundancy measure?

Answer 16

Using a backup power generator in a hospital to provide electricity to critical life-support systems

Question 17

What technique can be used to prevent eavesdropping on a data network?

Answer 17

Encrypting data in-transit

Question 18

How do cyber criminals typically use wiretapping to steal information?

Answer 18

Using a hardware device that inserts the hacker between two hosts

Question 19

Which is an availability-related factor to consider when choosing a third-party cloud service provider?

Answer 19

Fault tolerance

Question 20

How can an administrator reduce the impact of hardware failures?

Answer 20

Provisioning redundant servers and configure a service to failover to a working server

Question 21

What action can help mitigate the risk of impersonation attacks?

Answer 21

Implementing strong identity controls, such as badging systems for building access and multi-factor authentication for network access

Question 22

impersonation attack

Answer 22

when a malicious actor assumes the identity of a legitimate party.

Ex.

Question 23

What action can help mitigate the risk of replay attacks?

Answer 23

Ensuring that applications use encryption and time-stamping to make certain that the tokens cannot be misused

Question 24

In which type of email-based social engineering attack does a person pretend to be someone else for the purpose of identity concealment by manipulating an IP address, MAC address, or email header?

Answer 24

Spoofing

Question 25

If someone claims to be receiving spam, what problem is occurring?

Answer 25

The person is receiving advertising or promotional schemes through instant messaging.