Security+ Book

Question 1

An organization can avoid a risk by not providing a service or not participating in risky activity. For example, an organization may evaluate an application that requires multiple open ports on the firewall that it considers too risky. It can avoid the risk by purchasing another application.

Answer 1

Risk Avoidance

Question 2

The organization transfers the risk to another entity. The most common method is by purchasing insurance. Another method is by outsourcing.

Answer 2

Risk Transference

Question 3

When the cost of a control outweighs a risk, an organization will often accept the risk. For example, spending $100 in hardware locks to secure a $15 mouse does not make sense.

Answer 3

Risk Acceptance

Question 4

The organization implements controls to reduce the risk. These controls may reduce the vulnerabilities or reduce the impact of the threat. For example, up-to-date antivirus software mitigates the risks of malware.

Answer 4

Risk Mitigation

Question 5

An organization can deter a risk by implementing some security controls.

Answer 5

Risk Deterrence

Question 6

_____ are executable files that masquerade as something useful but are actually malicious software.

Answer 6

Trojan

Question 7

_____ is a specific type of DNS poisoning attack that redirects a websites traffic to another website.

Question 8

Self-replicating malware that travels throughout a network without the assistance of a host application or user interaction. It resides in memory and is able to use different transport protocols to travel over the network.

Answer 8

Worm

Question 9

___ is a set of malicious code that attaches itself to a host application. The host application must be executed to run, and when the host application is executed, the malicious code executes. It will try to find other host applications to infect with this malicious code.

Answer 9

Virus

Question 10

_____ is a string of code embedded into an application or script that will execute in response to an event. The event may be a specific date or time, when a user launches a specific program, or any event the programmer decides on. Antivirus scanners most unlikely are able to discover this.

Answer 10

Logic Bomb

Question 11

Group of programs that hides the fact that the system has been infected or compromised by malicious code. A user may suspect something is wrong, but antivirus scans and other checks may indicate everything is fine since the _____ hides it running processes to avoid detection.

Answer 11

Rootkit

Question 12

Specific type of command injection attack that attempts to access a file by including the full directory path, or traversing the directory structure.

Answer 12

Directory Traversal

Question 13

The attacker learns the user’s session ID and uses it to impersonate the user. Attackers can read cookies installed on systems through cross-site scripting attacks, or with a sniffer if they are on the same network.

Answer 13

Session Hijacking

Question 14

____ allows an attacker to redirect users to malicious websites and steal cookies. Websites prevent these type of attacks through input validation to detect and block input that include HTML and javascript tags. Many sites prevent the use of < and > characters to block this.

Answer 14

Cross-Site Scripting

Question 15

is an attack where an attacker tricks the user into performing an action on a website. The attacker creates a specially crafted HTML link and the user performs the action without realizing it.

Answer 15

XSRF (Criss-site request forgery)

Question 16

The attacker enters additional data into the web page form to generate different SQL statements.

Answer 16

SQL Injection

Question 17

This ensures that data is only viewable by authorized users. If there is a risk of sensitive data falling into the wrong hands, it should be encrypted to make it unreadable. Any data should be protected with access controls to enforce this.

Answer 17

Confidentiality

Question 18

This is used to verify that data has not been modified, and loss of this can occur through unauthorized or unintended changes. Hashing algorithms such as MD5, HMAC, or SHA1 can calculate hashes to verify this.

Question 19

This ensures that systems are up and operational when needed and often addresses single points of failure. You can increase this by adding fault tolerance, and redundancies such as RAID, clustering, backups, and generators. HVAC also increases this.

Answer 19

Availability

Question 20

This is used to prevent entities from denying they took an action. Digitally signed email prevents individuals from later denying they sent it. An audit log provides non-repudiation since audit log entries include who took an action in addition to what the action was, where the action took place, and when it occurred.

Answer 20

Non-Repudiation

Question 21

This is a network authentication protocol within a MS AD domain or a Unix realm. IT uses a database of objects such as AD and a KDC (Key Distribution Center) to issue time stamped tickets that expire after a certain period. This requires internal time synchronization and uses Port 88.

Answer 21

Kerberos

Question 21

This uses port 88 by default and uses symmetric key cryptography to prevent unauthorized disclosure and to ensure confidentiality.

Answer 21

Kerberos

Question 22

Specifies formats and methods to query directories. This is an extension of the X.500 standard that was used extensively by Novell and early MS Exchange server editions. Well known ports used by this is port 389 for secure and port 636 when encrypted with SSL or TLS.

Answer 22

LDAP

Question 23

This is a control that uses technology to reduce vulnerabilities. Some examples include the principle of least privilege, antivirus software, IDS, and firewalls.

Answer 23

Technical Control

Question 24

This control is primarily administrative in function. They use planning and assessment methods to provide an ongoing review of the organization’s ability to reduce and manage risk.

Answer 24

Management Control

Question 25

This control helps ensure the day-to-day operations of an organization comply with their overall security plan. Types of this control includes: Awareness and training, configuration management, contigency planning, media protection, physical and environmental protection.

Answer 25

Operational Control

Question 26

This functional control attempt to prevent an incident from occurring. The goal is to take steps to prevent the risk. Examples are: Security guards, change management, account disablement policy, and system hardening.

Answer 26

Preventative Controls

Question 27

This functional control can detect when a vulnerability has been exploited. Two examples are security audits and CCTV systems.

Answer 27

Detective Control

Question 28

This functional control attempts to reverse the impact of an incident or problem after it has occurred. Some examples include: Active IDS, Backups and system recovery.

Answer 28

Corrective Control

Question 29

This access control uses roles o manage rights and permissions for users. This is useful for users within a specific department that perform the same job functions.

Answer 29

Role Based Access Control

Question 30

This access control is based on a set of approved instrucitons configured on rules. A simple example is the rules of a router or firewall.

Answer 30

Rule Based Access Control

Question 31

In this access control model, every object has an owner, and the owner establishes access for the objects.

Answer 31

DAC (Discretionary Access Control)

Question 32

This access control model uses labels (sometimes referred to as sensitivity labels or security labels) to determine access. SELinux is a trusted operating system platform using the MAC model that prevents malicious or suspicious code from executing on the system.

Answer 32

Mandatory Access Control

Question 33

This is a common DoS attack. The attacker sends multiple SYN packets but never completes the third part of the handshake. Instead the attacker witholds the last ACK packet, leaving the server with several open sessions waiting to complete the handshake in each.

Answer 33

Syn Flood Attack

Question 34

Some implementations of this use port 989 and 990.

Answer 34

FTPS

Question 35

This uses UDP port 69

Answer 35

TFTP

Question 36

Frequently used to connect to network devices (such as routers) to make configuration changes. It uses port 23 and sends data in clear text. This traffic can be encrypted with SSH.

Answer 36

Telnet

Question 37

This is a name resolution service for this type of names on internal networks. It uses ports 137 through 139.

Answer 37

NetBIOS

Question 38

This type of server is a server application that hosts databases accessible from web servers and a wide array of applications. Uses port 1433 by default.

Answer 38

MS-SQL Server

Question 39

Used to send email and uses port 25.

Answer 39

SMTP

Question 40

Transfers emails from servers down to clients, uses port 110.

Answer 40

POP3

Question 41

Used to store email on an email server. Uses port 143.

Answer 41

IMAP4

Question 42

Port 500

Answer 42

IKE

Question 43

Tunneling protocol used with VPNs that has some known vulnerabilities. TCP port 1723

Answer 43

PPTP

Question 44

Commonly used with IPSec for VPNs. This uses UDP port 1701.

Answer 44

L2TP

Question 45

UDP Port 49

Answer 45

TACACS/XTACACS

Question 46

Uses TCP Port 49

Answer 46

TACACS+

Question 47

The range of UDP and TCP ports is ______.

Answer 47

0-65,535

Question 48

IANA range of well-known ports is_____.

Answer 48

0 - 1023

Question 49

IANA range of registered ports are _______. IANA registers these ports for companies as a convenience to the IT community. A single company may register a port for proprietary use, or multiple companies may use the same port for a specific standard.

Answer 49

1024-49, 151.

Question 50

IANA range of Dynamic and Private Ports are ______. These ports are available for use by any application. Applications commonly use these ports to temporally map an application to a port. These are also called ephermeral ports, indicating they are short lived.

Answer 50

49,152 - 65,535

Question 51

This is any unauthorized access to or theft of information from a bluetooth connection. This type of attack can access information such as e-mail, contact lists, calendars, and text messages.

Answer 51

Bluesnarfing attack

Question 52

Unauthorized sending of text messages from a bluetooth device.

Answer 52

Bluejacking

Question 53

This type of attack allows an attacker to access the host system from within the virtual system. If successful, it allows the attacker to control the physical host server and all other virtual servers on the physical server.

Answer 53

VM Escape

Question 54

Software installed on users’ systems without their awareness or consent. Its purpose is often to take some level of control over the user’s computer to learn information and send this information to a 3rd party.

Answer 54

Spyware

Question 55

Software that is free but includes advertisements. Usually as popups that are annoying.

Answer 55

Adware

Question 56

A wide range of different software that has malicious intent. This is not software that you would knowingly purchase or download and install. It is installed onto your computer through devious means. Examples include viruses, trojans and worms. Can be detected by anti-virus software.

Answer 56

Malware

Question 57

An attack where the attacker replays data that was already part of a communication session.

Answer 57

Replay

Question 58

The practice of checking data for validity before using it. Example: Error handling routines.

Answer 58

Input Validation

Question 59

This type of attack sends random strings of data to applications looking for vulnerabilities. Security professionals use this technique for vulnerability testing.

Answer 59

Fuzzing

Question 60

This risk assessment uses judgment to categorize risks based on probability and impact.

Answer 60

Qualitative Risk Assessment

Question 61

This risk assessment uses specific monetary amounts to identify cost and asset values.

Answer 61

Quantitative Risk Assessment

Question 62

Describe the elements of an attack:

Answer 62

Identify IP addresses of targets.

Identify Open ports with a port scanner.

Fingerprint system.

Identify vulnerabilities.

Attack.

Question 63

This type of pen test have zero knowledge of the environment prior to the test. They approach the test with the same knowledge of the attacker.

Answer 63

Black Box Testing

Question 64

This type of pen test have full knowledge of the environment.

Answer 64

White Box Testing

Question 65

Pen testers have some knowledge of the environment but do not have access to all documentation or data.

Answer 65

Gray Box Testing

Question 66

This software can crack passwords on multiple platofrms. Its often used to detect weak passwords.

Answer 66

John the Ripper

Question 67

Commonly used to discover passwords on Windows systems; it can sniff the network and use dictionary, brute force, and cryptanalysis attacks.

Answer 67

Cain and Abel

Question 68

Used to crack passwords on Windows systems through the use of rainbow tables.

Answer 68

Ophcrack

Question 69

Can discover WEP keys used on 802.11 wireless networks.

Answer 69

Airsnort

Question 70

Used for both WEP and WPA cracking on 802.11 wireless networks.

Answer 70

Aircrack

Question 71

Can crack passwords on older Windows systems.

Answer 71

L0phtcrack

Question 72

This is an international standard used to rate the exposure of vulnerabilities. The goal is to standardize the assessment process and reporting used by vulnerability scanners and assessment tools.

Answer 72

OVAL (Open Vulnerability and Assessment Language)

Question 73

Type of backup that is the easiest and quickest to restore. If you have unlimited time and money, this type of backup alone provides the fastest recovery time.

Answer 73

Full Backup

Question 74

This type of backup strategy starts with a full backup, then afterwards only backs up data that has changed or is different since the last full backup. It only requires 2 tapes to restore, the day of the full backup and the day of the data restore requested. It takes longer to backup but faster to restore.

Answer 74

Differential Backups

Question 75

Backup strategy that starts with a full backup, then afterwards it backs up the data that has changed since the last backup. This type of backup takes less time to backup data but longer to restore.

Answer 75

Incremental Backup

Question 76

If availability is more important than security, if something fails then you want it to fail in what kind of state?

Answer 76

Fail Open

Question 77

If security is more important than availability, if something should fail it should fail in what kind of state?

Answer 77

Fail Closed

Question 78

A room that prevents signals from emanating beyond this room.

Answer 78

Faraday Cage

Question 79

A government program that has been around for several decades to measure emanations from different devices.

Answer 79

TEMPEST

Question 80

Explain MD5 Hash.

Answer 80

A common hashing algorithm that produces a 128 bit hash. This includes email, files downloaded from the internet, executable files, and more.

Question 81

Explain SHA.

Answer 81

A hashing algorithm that has several variations grouped into 3 families.

SHA-0 is not used.

SHA-1 creates 160-bit hashes.

SHA-2 improved to overcome potential weaknesses. It includes 4 versions SHA-224, SHA-256, SHA-384, and SHA-512.

SHA-3 is currently in development

Question 82

A strong symmetric block cipher that is still widely used today. Bruce Schneier designed this as a general purpose algorithm to replace DES.

Answer 82

Blowfish

Question 83

This cipher encrypts data in specific sized blocks, such as 64-bit blocks or 128-bit blocks. It divides large files or messages into these blocks and then encrypts each individual block separately.

Answer 83

Block Cipher

Question 84

Encrypts data as a strem of bits rather than dividing it into blocks. An important principle when using this type of cipher that the encryption keys should never be reused.

Answer 84

Stream Cipher

Question 85

Key exchange algorithm used to privately share a symmetric key between two parties. It is widely believed that the work of of these 3 provided the basis for public key cryptography.

Answer 85

Deffie-Hellman

Question 86

This is an encrypted hash of a message. The sender’s private key encrypts the hash of the message to create this ____. The recipient decrypts the hash with the sender’s public key, and if successful, provides authentication, non-repudiation, and integrity.

Answer 86

Digital Signature

Question 87

Explain the steps of encrypting email using only asymmetric encryption from Sally to Joe.

Answer 87

Sally retrieves a copy of Joe’s certificate that contains his public key.

Sally encrypts the email with Joe’s public key.

Sally sends the encrypted email to joe.

Joe decrypts the email with his private key.

Question 88

Explain the steps of encrypting email with asymmetric and symmetric encryption from Sally to Joe.

Answer 88

Sally identifies a symmetric key to encrypt her email.

Sally encrypts the email contents with a symmetric key.

Sally retrieves a copy of Joe’s certificate that contains his public key. She then uses Joe’s public key to encrypt the symmetric key.

Sally sends the encrypted email and the encrypted symmetric key to Joe.

Joe decrypts the symmetric key with his private key. He then decrypts the email with the decrypted symmetric key.

Question 89

Explain the steps of encrypting HTTPS with SSL and TLS.

Answer 89

Client requests the secure session using HTTPS.

Server responds with certificat which includes the servers public key.

Client creates symmetric key and encrypts it with the public key.

Encrypted symmetric key is sent to server.

Server decrypts symmetric key with the private key.

The session is encrypted with the session key using symmetric encryption.

Question 90

This _____ maintains a copy of a private key for recovery in the event the original is lost.

Answer 90

Key Escrow

Question 91

An individual who can recover or restore cryptographic keys.

Answer 91

Recovery Agent