Security Fundamentals

Question 1

Define vulnerability

Answer 1

Any potential weakness that can compromise a system

Question 2

Define exploit

Answer 2

Something that can potentially be used to exploit a vulnerability

Question 3

Define threat

Answer 3

The potential of a vulnerability to be exploited

A hacker exploiting a vulnerability in your system is a threat

Question 4

Define mitigation technique

Answer 4

Something that can protect against threats

These should be implemented everywhere a vulnerability can be exploited

Question 5

A DoS attack threatens what aspect of a system

Answer 5

Availability

A DoS attack floods a system to the extent that regular traffic can’t get through

Question 6

A single DoS attack is usually not done, and instead a _____ is used

Answer 6

DDoS

Distributed Denial of Service

Question 7

Briefly describe a DDoS attack and how it is different from a DoS attack

Answer 7

DDoS uses many machines (botnet) to send SYN messages to a single target, so that it is harder for the target to block the attack after it is detected or traced back.

DoS attacks use only one attacking machine typically

Question 8

A spoofing attack is when:

Answer 8

A fake source address is used in an attack.

An example is a DHCP exhaustion attack. The attacker uses spoofed MAC addresses to flood DHCP discover messages. The target server’s DHCP pool becomes full, resulting in a DoS to other devices.

Not all spoofing attacks are also DoS attacks, but a DHCP exhaustion attack is.

Question 9

Describe a reflection attack

Answer 9

The attacker sends traffic to a reflector, and spoofs the source address of its packets using the target’s IP address. The reflector sends the reply to the target’s IP address. Can result in a DoS.

Question 10

Describe an amplification attack

Answer 10

A reflection attack becomes an amplification attack when the amount of traffic sent by the attacker is small, but it triggers a large amount of traffic to be send from the reflector to the target.

Question 11

Describe a man-in-the-middle attack

Answer 11

When an attacker places himself between the source and destination to eavesdrop on communications, or to modify traffic before it reaches its destination.

An example is ARP spoofing/poisoning, where an attacker uses ARP to make the target believe the attacker’s MAC address corresponds to a legitimate IP address

Question 12

ARP Spoofing/Poisoning is what type of attack:

Answer 12

Man-in-the-middle

Question 13

Describe a reconnaissance attack

Answer 13

Not strictly an attack itself, but used to gather information about a target which can be used for a future attack.

This is often public information. For example, using WHOIS queries to tailor a social engineering attack

Question 14

Describe malware

Answer 14

A variety of harmful programs that can infect a computer.

Question 15

Describe a virus

Answer 15

Infects other software (a host program). The virus spreads as the host software is shared by users. Typically corrupts or modifies files on the target computer.

Question 16

Describe a worm

Answer 16

Doesn’t require a host program, a standalone piece of malware able to spread on its own and without user interaction. Spread of worms can congest a network, but the payload of a worm can cause additional harm to target devices

Question 17

Describe a trojan horse

Answer 17

Harmful software disguised as legitimate software. Spread through user interaction such as opening email attachments or downloading a file from the internet.

Question 18

Describe a social engineering attack

Answer 18

An attack designed to manipulate people into allowing an attacker to compromise a system. Phishing, spear phishing, whaling, Vishing, Smishing.

Question 19

Describe a watering hole attack

Answer 19

Compromising a site that the victim frequently visits.

Question 20

Describe a password related attack

Answer 20

Attempting to guess a target’s password, usually via either dictionary attacks (common words) or brute force

Question 21

AAA stands for

Answer 21

Authentication, Authorization, Accounting

Question 22

Authentication is:

Answer 22

Process of verifying a user’s identity

Question 23

Authorization is:

Answer 23

Process of compartmentalizing access. Granting access to appropriate areas of system, denying it to others

Question 24

Accounting is:

Answer 24

Process of recording user’s activities on the system. I.E. logging when a user makes a change to a file

Question 25

AAA servers typically support the two following protocols:

Answer 25

RADIUS: Open standard. UDP 1812 and 1813

TACACS+: Cisco proprietary. TCP 49

Question 26

A program designed to make employees aware of potential security risks and threats is called a:

Answer 26

User awareness program

Question 27

Describe an example of a user awareness program

Answer 27

Simulate phishing attacks

Question 28

A dedicated series of training sessions which educate users on corporate security policies, how to create strong passwords, and how to avoid potential threats would be referred to as a:

Answer 28

User training program

Question 29

Describe physical access control

Answer 29

Method of protecting equipment and data from potential attackers by only allowing authorized users into protected areas such as network closets or data center floors

Question 30

Ensuring that systems are running and accessible by users is referred to as system _____

Answer 30

avaliability

Question 31

Confidentiality means that:

Answer 31

Data/system can only be accesses by authorized users

Question 32

Which of the following terms refers to the real possibility that a potential weakness is taken advantage of to attack a system?

a) Threat
b) Vulnerability
c) Exploit
d) Mitigation technique

Answer 32

a) Threat

Question 33

Your company implements door locks that require a badge to be scanned and a pass code to be entered. What is this an example of? (pick 2)

a) User training
b) User awareness
c) Physical access control
d) Multi-factor authentication
e) AAA
f) Biometrics

Answer 33

c) Physical access control
d) Multi-factor authentication

Question 34

Which of the following is not an example of multi-factor authentication?

a) Swiping a key card and then doing a retina scan
b) Entering a password and then tapping a notification on your phone
c) Doing a retina scan and then doing a fingerprint scan
d) Swiping a key card and then entering a PIN

Answer 34

C

For MFA, you want to pick 2 different categories from something you know, have, and are. Retina and fingerprint are both “are”s

Question 35

Which of the following is considered accounting in the AAA model?

a) Granting a user permission to modify a file
b) Using MFA to verify a user’s identity
c) Restricting a user from viewing a file
d) Logging the date and time a user logged in to the system

Answer 35

D

A & C are authorization
B is authentication

Question 36

Which of the following are most likely to be considered forms of authorization? (pick 2)

a) Verifying a user’s fingerprint pattern
b) Verifying a user’s password
c) Allowing a user to access a specific file
d) Logging a verified user’s file access
e) Assigning a role to a verified user

Answer 36

C and E

A and B are authentication
D is accounting