Security Basics

Question 1

What are the seven layers of the OSI model ?

Answer 1

Physical, Data Link, Network, Transport, Session, Presentation and Application

Question 2

What layer of the OSI model handles the transmission of information across the wire ?

Answer 2

Physical

Question 3

What is the Data Link layer responsible for ?

Answer 3

This handles addressing within your network via the use of frames and mac addresses

Question 4

What is the layer 3 responsible for in the OSI model ?

Answer 4

The networking layer Handles the addressing outside of your network via the use of packets and ip addresses

Question 5

What layer is responsible for the delivery of packets ?

Answer 5

Transport - UDP/TCP

Question 6

What are the four layers in the TCP IP model ?

Answer 6

Application, Transport, Internet and Network

Question 7

How are ethernet frames constructed ?

Answer 7

From the inside out using information passed by each layer

Question 8

What are the seven parts of an ethernet frame ?

Answer 8

Preamble, Start Frame Delimiter, Destination Address, Source Address, Length, Data and Frame Check sequence

Question 9

What information does the Source Address and Destination Address hold?

Answer 9

MAC (6 bytes)

Question 10

What are the three types of message flows in a TCPIP network

Answer 10

SYN SYN/ACK ACK

Question 11

What are the five types of network segmentation ?

Answer 11

DMZ, Internet, Intranet, Production and Management

Question 12

What are the three stages of a Pen test ?

Answer 12

Preparation, Evaluation and Conclusion

Question 13

What type of Pen Test asssumes no prior knowledge ?

Answer 13

Black box testing

Question 14

What is a vulnerability ?

Answer 14

A vulnerability is simply a weakness that can be exploited by an attacker to perform unauthorized actions within a computer or network system

Question 15

What is CVSS ?

Answer 15

Common vulnerabilities scoring system is a way to characterise vulnerabilities it gives a numerical score that can then be translated into a high medium or low category

Question 16

What are the nine categories of vulnerability ?

Answer 16

Misconfiguration
Default Installations
Buffer Overflows
Missing Patches
Design Flaws
OS Flaws
App Flaws
Open Services
Default Passwords

Question 17

What is a SIEM ?

Answer 17

Security Incident and Event Management a tool that can help identify monitor record and audit security incidents

Question 18

What are the five hacking phases ?

Answer 18

Reconnaissance, Scanning and Enumeration, Gaining Access, Maintaining Access, Covering Tracks

Question 19

What is a typical action in the covering tracks phase

Answer 19

Deletion or Manipulation of logs

Question 20

What is hack value ?

Answer 20

is the notion used by hackers to express that something is worth doing or is interesting.

Question 21

What is a zero day attack

Answer 21

is a computer-software vulnerability unknown to those who should be interested in its mitigation

Question 22

What is doxing ?

Answer 22

search for and publish private or identifying information about (a particular individual) on the internet, typically with malicious intent.

Question 23

What is daisy chaining ?

Answer 23

it involves gaining access to a network and /or computer and then using the same information to gain access to multiple networks and computers that contains desirable information

Question 24

What is annualized loss expectancy ?

Answer 24

Annual Rate of Occurance * Single Loss Expectance

Question 25

What are the three types of security control ?

Answer 25

Physical, Technical, Administrative

Question 26

What does CIA cover ?

Answer 26

Confidentiality, Integrity, Availability

Question 27

What is the difference between Standards, Baselines, Guidelines and Procedures ?

Answer 27

Standards - Mandatory rules designed to achieve consistency Baselines - Provide Minimum Security Guidelines - Flexible recommendation actions Procedures - Detailed step by step instructions for accomplishing a task or goal

Question 28

What is a promiscuous security policy ?

Answer 28

Wide open

Question 29

What is the difference between a prudent and a paranoid security policy?

Answer 29

Paranoid lock everything down