Security Basics Flashcards

1
Q

What are the seven layers of the OSI model ?

A

Physical, Data Link, Network, Transport, Session, Presentation and Application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What layer of the OSI model handles the transmission of information across the wire ?

A

Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the Data Link layer responsible for ?

A

This handles addressing within your network via the use of frames and mac addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the layer 3 responsible for in the OSI model ?

A

The networking layer Handles the addressing outside of your network via the use of packets and ip addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What layer is responsible for the delivery of packets ?

A

Transport - UDP/TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the four layers in the TCP IP model ?

A

Application, Transport, Internet and Network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How are ethernet frames constructed ?

A

From the inside out using information passed by each layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the seven parts of an ethernet frame ?

A

Preamble, Start Frame Delimiter, Destination Address, Source Address, Length, Data and Frame Check sequence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What information does the Source Address and Destination Address hold?

A

MAC (6 bytes)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the three types of message flows in a TCPIP network

A

SYN SYN/ACK ACK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the five types of network segmentation ?

A

DMZ, Internet, Intranet, Production and Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the three stages of a Pen test ?

A

Preparation, Evaluation and Conclusion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of Pen Test asssumes no prior knowledge ?

A

Black box testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a vulnerability ?

A

A vulnerability is simply a weakness that can be exploited by an attacker to perform unauthorized actions within a computer or network system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is CVSS ?

A

Common vulnerabilities scoring system is a way to characterise vulnerabilities it gives a numerical score that can then be translated into a high medium or low category

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the nine categories of vulnerability ?

A
Misconfiguration
Default Installations
Buffer Overflows
Missing Patches
Design Flaws
OS Flaws
App Flaws
Open Services
Default Passwords
17
Q

What is a SIEM ?

A

Security Incident and Event Management a tool that can help identify monitor record and audit security incidents

18
Q

What are the five hacking phases ?

A

Reconnaissance, Scanning and Enumeration, Gaining Access, Maintaining Access, Covering Tracks

19
Q

What is a typical action in the covering tracks phase

A

Deletion or Manipulation of logs

20
Q

What is hack value ?

A

is the notion used by hackers to express that something is worth doing or is interesting.

21
Q

What is a zero day attack

A

is a computer-software vulnerability unknown to those who should be interested in its mitigation

22
Q

What is doxing ?

A

search for and publish private or identifying information about (a particular individual) on the internet, typically with malicious intent.

23
Q

What is daisy chaining ?

A

it involves gaining access to a network and /or computer and then using the same information to gain access to multiple networks and computers that contains desirable information

24
Q

What is annualized loss expectancy ?

A

Annual Rate of Occurance * Single Loss Expectance

25
Q

What are the three types of security control ?

A

Physical, Technical, Administrative

26
Q

What does CIA cover ?

A

Confidentiality, Integrity, Availability

27
Q

What is the difference between Standards, Baselines, Guidelines and Procedures ?

A

Standards - Mandatory rules designed to achieve consistency Baselines - Provide Minimum Security Guidelines - Flexible recommendation actions Procedures - Detailed step by step instructions for accomplishing a task or goal

28
Q

What is a promiscuous security policy ?

A

Wide open

29
Q

What is the difference between a prudent and a paranoid security policy?

A

Paranoid lock everything down