Security Assessment Flashcards

1
Q

What is a posture assessment

A

It is a thorough examination of each aspect to determine gow it might be compromised
-try to complete annually

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a security audit?

A

Assessment performed orginaization accreddited by an agency that has security standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a hacker?

A

Person who gains unauthorized access to systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is vulnerability?

A

Weakness of a system, process, or architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is exploiting

A

Means of taking advantate of a vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is ‘zero-day exploit/attack’

A

Taking advantage of an undiscovered vulnerabilty

Most are well known

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are human associated security risks?

A

Consists of half of security vreaches
Eg, omission, ignorance, or error
Easiest way to circumvent network securty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is social engineering?

A

Strategy yo gain access/ credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is phishing?

A

Gaining sensitive info by posing as a trusted person in the organziation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are layer 1 and 2 security risks?

A
  • Wirless jamming
  • RF emanation on a private wireless and copper media communications
  • eaves dropping on connections to internet
  • sniffing data on public wireless networks
  • access to unused and unsecure ports
  • arp table poisioning
  • computes eith sensitive data connected to a publically accessable network
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are layer 3 -7 risks?

A
  • Banner grabbing attack -malicuous use of network monitoring tools to inventory services running on servers
  • session jacking - “man in the middle”
    -invalid trust relationship, dhcp snooping
  • nos backdoors
    Buffer overflows
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are internet access risks

A
  • Web browsing configured to permit scripts to access system
  • ip snooping
  • access sites
  • use of insecure plug ins
  • incompatibility with secure client software
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Denial of service attack

What is distributes dos

A

Orchestrated through many sources called zombies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Denial of service attack
What is distributed reflection of dos
Drdos

A

Bounced off of uninfected computers at the target

Many requests sent to comp with source ip spoofed to attack the target

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Denial of service attack

What is permanent dos

A

Replaces the device firmware to permanently damage it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Whatbis a security policy

A

Minimizes exploits by communicating with, and managing users via a throughly planned policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a policy?

A
  • Identifies security goals, risks, authority levels, coordination and team members
  • Define responsibility of each user and team member
    And how to address security breaches
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are malware risks and infections

A
  • malware software designed to intrudr upon or harm system
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are viruses

A

Replicated code that attaches to an existing code or data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is Trojan horse

A

Disguises itself as something useful, but harms the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is a worm?

A

Runs independently, travelling b/w computers over the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are bots?

A

They run automatically in the system

23
Q

What are boot sector viruses

A

Viruses embedded in disk boot sector

24
Q

What are macro viruses?

A

Take form of an application macro

25
What are file infection viruses
Viruses thay corrupts and attaches to executable files
26
What are network viruses?
Propogate via network protocol
27
What is encryption stealth?
Some malware is encrypted | Disguised as legitimate programs to prevent detection
28
Polymorphism
Changes characteristics on every infection using complicated algorithms
29
Time dependency
Lay dormant and activated on defined date
30
What are logic bombs?
Lay dormant and active on defined conditions
31
Visable symptoms of malware?
-unexplained size increases -significant unexplained memory loss -unusual error messages - unexpected reboots **usually discovered when damage is done Often difficlt to find when system is running
32
What are the functions of anti virus software?
- scans data for signature of known malware - checks integrity of files againstbknown good hash - monitors unexpected file changes - recieves regular updates to logic and malware signature - reports valid malware instances - quarentines to remove suspected or known malware
33
What are network design risks?
- breaches may occur due to poor network desgin - Controll access points at every point where the trusted network connects to the public - monitor and filter traffic on the lan to external connecting - hide/mask internal hosts from external networks
34
What is scanning?
Technique used during posture assessment
35
``` Scanning tools Network mapper (nmap) ```
Scans large networks | Provides info about ports/ services running on network
36
Scanning tools | Nessus
Performs more sophisticated scans than namp -can check for default passwords
37
What are things you can restrain for loggin on the network
- The time, day, and duration - Source address Unsuccessful log in attempts (lockout)
38
What is device access control
Controls type and level of access granted to a device when it joins a network - need predefined access policy - non complaint devicr may be placef in quarantine until complaint
39
Traffic access control
Routers may filter traffic bewteen netwprl Rules define permitted and denied traffic Generally based on layer 3 and 4 rules Eg wlan cant access internal network
40
What are fiewalls?
Filter traffic Generaly more sophisticated than traffic access control - rules define permitted and denied rrafgic Generally based on layer 3-7 rules -used b/w public and dmz And bma and intertior trusted networks Often used between endpoint and server networks
41
What is a poxy server
Acts as an intermediary b/w ecternal amd internal network | -screens out all outgoing and incoming traffic
42
Whats a proxy server
Network gost ru ning Application layer security Appears on interal server to outside traffic
43
What is an intrision detection system
Detects suspicious network activity | Typically dedicated service
44
What is intrusion prevention service
Detects and reacts to suspicious network activity Typically dedicated device Prevents traffic flow
45
Security information and event management | Siem
Software that gathers analyzes amd reports on the data from network device logs - routers, switches, ids, ips, os, databases can provide alerts - can be used for compliance and audit monitoring and reporting - May provide forensic analysis
46
What is a honey pot
Purposly vulnerable decoy designed to fool hackers and gaim info about their behaviours
47
What is honey net?
A network of honey pots
48
Demilitarized zone
Network segment that isnt public or local
49
Proxy services
Proxies act on behalf of whole network to separate packets from internal hosts and external hosts Proxy server- first recieves request, examines, breaks down and creates new packet to send to external server
50
What does an ip proxy do?
Hides ip addressed of all devices on the internal network by exchanging its ip addr for the address of any requesting station
51
What is a web proxy?
Handles http rquests on behalf 9f the sending work station Browser gets request and sends it to proxy server, Proxy changes the from address to its own network addresss and sends it to the internet web server
52
Rules to live by whej configuring ACL's
Deny any source address from your internal network Deny any local host addresses (127.0.0.0/8) Deny any reserved private addresses (RFC1918) Deny any addresses in the ip multicast address range (224.0.0.0/4)
53
What is implicit deny when it comes to access lists?
At the end of every access list os an implicit deny -meaning if a packet doesnt match any lines in an access list it will be discarded Also if nothing but deny statements, the list will not permiy any packets