Security Assessment and Testing Flashcards

Question 1

Q

¿Cuál es el objetivo del Vulenrability Assessment?

Answer

A

What I’m doing is looking for weaknesses

Question 2

Q

¿Cuáles son los dos tipos de Vulnerability Assessment?

Answer

A

Physical/ Administrative/ Logical.

Identify Weaknesses

Question 3

Q

Ejemplos de Vulenarbility Assessment Físicos.

Answer

A

Las puertas y/o ventanas cierra bien, políticas de escritorio limpio.

Question 4

Q

Ejemplos de Vulnerability Assessment Administrativos.

Answer

A

Pen-test, social engineering

Question 5

Q

¿Cuál es el objetivo de los penetration testings?

Answer

A

What looking is if we can exploit the weaknesses

Question 6

Q

¿Cuál es el objetivo de los Red y Blue Teams?

Answer

A

Red Teams (attack)
Blue teams (defend)

Question 7

Q

¿Cuáles son los tipos de pruebas para el pen-testing¡

Answer

A

Black Box
Gray Box
White box

Question 8

Q

¿Cual es el objetivo del Vulnerability Scanning?

Answer

A

Identifying

Question 9

Q

¿Cuáles son los pasos de la metodología de ataque?

Answer

A

Reconnaisance
Footprinting Network
Fingerprinting
Vulnerability Assessment
The “attack”

Question 10

Q

¿En qué consiste la etapa de Reconnaisance?

Answer

A

Gather Internet Information

Question 11

Q

¿En qué consiste la etapa de Footprinting Network?

Answer

A

Discover the essentials devices on your network, to map your network. NMAP, Ping sweep.

Question 12

Q

¿En qué consiste la etapa de Fingerprinting?

Answer

A

Learn from the network. Identifying host information, port scanning.

Question 13

Q

¿En qué consiste la etapa de Vulnerability Assessment?

Answer

A

Identifying weaknesses in system configurations. Discovering unpatched SW.

Question 14

Q

¿En qué consiste la etapa de Attack?

Answer

A

Penetration, privilege escalations, root kit, cover tracks.

Question 15

Q

¿Cuál es el propósito del pen-testing?

Answer

A

Overall purpose is to determine subjects ability to withstand an attack and determine effectiveness of current security measures.

Question 16

Q

¿Cuáles son los requerimientos básicos para poder realizar un pen-test dentro de una empresa?

Answer

A

Meet with senior management to determine the goal of the assessment.
Document rules of engagement.
Get sign off from senior management.

Question 17

Q

Tester should not be the one suggestins remediation, true or false?

Answer

A

True, because this violates separation of duties.

Question 18

Q

¿Cuáles son los tipos de pen test?

Answer

A

Physical security
Administrative Security
Logical Security

Question 19

Q

Ejemplos de pruebas físicas de pentest:

Answer

A

Access into building or department.

- Wiring closets, locked file cabinets, offices, server room, sensitive areas.

Question 20

Q

Ejemplos de pruebas Administrativas de pentest:

Answer

A

Help desk gving out sensitive information, data on disposed disks.

Question 21

Q

Ejemplos de pruebas lógicas de pentest:

Answer

A

Attacks on systems, networks, communication.

Question 22

Q

¿Cuáles son las características de los IDS?

Answer

A

Passive in action
Gathering information
Identify Suspicious activity
Log Activity
Respond (alert people)

Question 23

Q

¿Cuáles son los componentes de un IDS?

Answer

A

Sensor - Data collector
Analysis Engine, signature database
User interface

Question 24

Q

¿Qué hace un HIDS?

Answer

A

Examine the operation of a single system independently to determine of anything “off note” is going on.

Question 25

Q

A NIDS cannot look encripted data, true or false?

Question 26

Q

¿Qué tipo de eventos registra un HIDS?

Answer

A

Logins
System Log files
Application log files
File activity
Configuration files changes
Use of certain programs
Network traffic to/from PC

Question 27

Q

¿Cuáles son las ventajas de un HIDS?

Answer

A

Can be operating system and application specific.

- Thay can look at data after it’s been decrypted.

Question 28

Q

¿Cuáles son las desventajas de un HIDS?

Answer

A

Only protec one machine
Use local system resources
Scalability

Question 29

Q

¿Qué es un NIDS?

Answer

A

Network based IDS, a concepto focused on watching an entire network and all associated. machines. Focuses specifically on netwokr traffic, in this case the sensor is sometimes called a traffic collector.

Question 30

Q

¿Qué tipo de eventos registra o busca un NIDS?

Answer

A

Source IP
Destination IP
Protocol
Port numbers
Data content
DoS Attacks
Port scans
Malicious content

Question 31

Q

¿Cuáles son las ventajas de un NIDS?

Answer

A

A NIDS can see things that are happening on multiples machines, it gots a bigger picture and may see distributed attacks that a HIDS would miss.

Question 32

Q

¿Qué hace un Analysis Engine del tipo Pattern Machine?

Answer

A

SIgnature based, only as good as the last update. Does not protect against today attacks.

Question 33

Q

¿Qué hace un Analysis Engine del tipo Profile Machine?

Answer

A

Anomaly based systems, look for changes in normal behavior.

Anomaly/Behavior/Heuristics

Question 34

Q

¿En qué consiste un Evassion attack?

Answer

A

Many small attacks from different directions.

Question 35

Q

¿En qué consiste un Insertion attack?

Answer

A

Adding meaningless information (without modifying the payload) to a known attack.

Question 36

Q

¿Cuál es el objetivo de un honeypot?

Answer

A

Administrator hope that intruders will attack this system instead of their production systems.

Question 37

Q

¿Qué significan los términos “enticement” “entrapment”?

Answer

A

Enticement (tentacion)

Entrapment (atrapamiento, tender una trampa)

Brainscape's Knowledge GenomeTM

Security Assessment and Testing Flashcards

Brainscape's Knowledge Genome^TM