Security Assessment

Question 1

What is a posture assessment

Answer 1

It is a thorough examination of each aspect to determine gow it might be compromised
-try to complete annually

Question 2

What is a security audit?

Answer 2

Assessment performed orginaization accreddited by an agency that has security standards

Question 3

What is a hacker?

Answer 3

Person who gains unauthorized access to systems

Question 4

What is vulnerability?

Answer 4

Weakness of a system, process, or architecture

Question 5

What is exploiting

Answer 5

Means of taking advantate of a vulnerability

Question 6

What is ‘zero-day exploit/attack’

Answer 6

Taking advantage of an undiscovered vulnerabilty

Most are well known

Question 7

What are human associated security risks?

Answer 7

Consists of half of security vreaches
Eg, omission, ignorance, or error
Easiest way to circumvent network securty

Question 8

What is social engineering?

Answer 8

Strategy yo gain access/ credentials

Question 9

What is phishing?

Answer 9

Gaining sensitive info by posing as a trusted person in the organziation

Question 10

What are layer 1 and 2 security risks?

Answer 10

• Wirless jamming
• RF emanation on a private wireless and copper media communications
• eaves dropping on connections to internet
• sniffing data on public wireless networks
• access to unused and unsecure ports
• arp table poisioning
• computes eith sensitive data connected to a publically accessable network

Question 11

What are layer 3 -7 risks?

Answer 11

• Banner grabbing attack -malicuous use of network monitoring tools to inventory services running on servers
• session jacking - “man in the middle”
  -invalid trust relationship, dhcp snooping
• nos backdoors
  Buffer overflows

Question 12

What are internet access risks

Answer 12

• Web browsing configured to permit scripts to access system
• ip snooping
• access sites
• use of insecure plug ins
• incompatibility with secure client software

Question 13

Denial of service attack

What is distributes dos

Answer 13

Orchestrated through many sources called zombies

Question 14

Denial of service attack
What is distributed reflection of dos
Drdos

Answer 14

Bounced off of uninfected computers at the target

Many requests sent to comp with source ip spoofed to attack the target

Question 15

Denial of service attack

What is permanent dos

Answer 15

Replaces the device firmware to permanently damage it

Question 16

Whatbis a security policy

Answer 16

Minimizes exploits by communicating with, and managing users via a throughly planned policy

Question 17

What is a policy?

Answer 17

• Identifies security goals, risks, authority levels, coordination and team members
• Define responsibility of each user and team member
  And how to address security breaches

Question 18

What are malware risks and infections

Answer 18

• malware software designed to intrudr upon or harm system

Question 19

What are viruses

Answer 19

Replicated code that attaches to an existing code or data

Question 20

What is Trojan horse

Answer 20

Disguises itself as something useful, but harms the system

Question 21

What is a worm?

Answer 21

Runs independently, travelling b/w computers over the network

Question 22

What are bots?

Answer 22

They run automatically in the system

Question 23

What are boot sector viruses

Answer 23

Viruses embedded in disk boot sector

Question 24

What are macro viruses?

Answer 24

Take form of an application macro

Question 25

What are file infection viruses

Answer 25

Viruses thay corrupts and attaches to executable files

Question 26

What are network viruses?

Answer 26

Propogate via network protocol

Question 27

What is encryption stealth?

Answer 27

Some malware is encrypted | Disguised as legitimate programs to prevent detection

Question 28

Polymorphism

Answer 28

Changes characteristics on every infection using complicated algorithms

Question 29

Time dependency

Answer 29

Lay dormant and activated on defined date

Question 30

What are logic bombs?

Answer 30

Lay dormant and active on defined conditions

Question 31

Visable symptoms of malware?

Answer 31

-unexplained size increases -significant unexplained memory loss -unusual error messages - unexpected reboots **usually discovered when damage is done Often difficlt to find when system is running

Question 32

What are the functions of anti virus software?

Answer 32

- scans data for signature of known malware - checks integrity of files againstbknown good hash - monitors unexpected file changes - recieves regular updates to logic and malware signature - reports valid malware instances - quarentines to remove suspected or known malware

Question 33

What are network design risks?

Answer 33

- breaches may occur due to poor network desgin - Controll access points at every point where the trusted network connects to the public - monitor and filter traffic on the lan to external connecting - hide/mask internal hosts from external networks

Question 34

What is scanning?

Answer 34

Technique used during posture assessment

Question 35

``` Scanning tools Network mapper (nmap) ```

Answer 35

Scans large networks | Provides info about ports/ services running on network

Question 36

Scanning tools | Nessus

Answer 36

Performs more sophisticated scans than namp -can check for default passwords

Question 37

What are things you can restrain for loggin on the network

Answer 37

- The time, day, and duration - Source address Unsuccessful log in attempts (lockout)

Question 38

What is device access control

Answer 38

Controls type and level of access granted to a device when it joins a network - need predefined access policy - non complaint devicr may be placef in quarantine until complaint

Question 39

Traffic access control

Answer 39

Routers may filter traffic bewteen netwprl Rules define permitted and denied traffic Generally based on layer 3 and 4 rules Eg wlan cant access internal network

Question 40

What are fiewalls?

Answer 40

Filter traffic Generaly more sophisticated than traffic access control - rules define permitted and denied rrafgic Generally based on layer 3-7 rules -used b/w public and dmz And bma and intertior trusted networks Often used between endpoint and server networks

Question 41

What is a poxy server

Answer 41

Acts as an intermediary b/w ecternal amd internal network | -screens out all outgoing and incoming traffic

Question 42

Whats a proxy server

Answer 42

Network gost ru ning Application layer security Appears on interal server to outside traffic

Question 43

What is an intrision detection system

Answer 43

Detects suspicious network activity | Typically dedicated service

Question 44

What is intrusion prevention service

Answer 44

Detects and reacts to suspicious network activity Typically dedicated device Prevents traffic flow

Question 45

Security information and event management | Siem

Answer 45

Software that gathers analyzes amd reports on the data from network device logs - routers, switches, ids, ips, os, databases can provide alerts - can be used for compliance and audit monitoring and reporting - May provide forensic analysis

Question 46

What is a honey pot

Answer 46

Purposly vulnerable decoy designed to fool hackers and gaim info about their behaviours

Question 47

What is honey net?

Answer 47

A network of honey pots

Question 48

Demilitarized zone

Answer 48

Network segment that isnt public or local

Question 49

Proxy services

Answer 49

Proxies act on behalf of whole network to separate packets from internal hosts and external hosts Proxy server- first recieves request, examines, breaks down and creates new packet to send to external server

Question 50

What does an ip proxy do?

Answer 50

Hides ip addressed of all devices on the internal network by exchanging its ip addr for the address of any requesting station

Question 51

What is a web proxy?

Answer 51

Handles http rquests on behalf 9f the sending work station Browser gets request and sends it to proxy server, Proxy changes the from address to its own network addresss and sends it to the internet web server

Question 52

Rules to live by whej configuring ACL's

Answer 52

Deny any source address from your internal network Deny any local host addresses (127.0.0.0/8) Deny any reserved private addresses (RFC1918) Deny any addresses in the ip multicast address range (224.0.0.0/4)

Question 53

What is implicit deny when it comes to access lists?

Answer 53

At the end of every access list os an implicit deny -meaning if a packet doesnt match any lines in an access list it will be discarded Also if nothing but deny statements, the list will not permiy any packets