Short Answer: 1-10 Flashcards
What are the causes for widesperad vulnerabilites?
+ large number of vulnerabilities
+ end of life systems
+ lack of vendor support
Name 3 configuration issues.
+ default configuration
+ week configuration
+ misconfigurations
Name 3 reasons why it is difficult to defend against today’s attacks.
+ delay in security updates
+ increased speed of attacks
+ simplicity of attack tools
Name 3 ideas about the nature of security.
+ security is a goal
+ security includes the necessary steps to protect from harm
+ security is a process
Name the successive layers that information secutiy is achieved.
+ products
+ people
+ procedures
Name 3 types of risk response techniques.
+ transfer risk
+ mitigate risk
+ avoid risk
Name 4 security principles
+ obscurity
+ diversity
+ limiting
+ layering
Name 3 traits that can be applied to malware.
+ circulation
+ infection
+ concealment
Name the types of malware.
+ worms
+ rootkits
+ adware
+ viruses
+ ransomware
Name the types of mutations that viruses can undergo
+ betamorphic
+ oligimorphic
+ polymorphic
+ metamorphic
Define logic bomb.
+ used to delete data
+ computer code that is added to legitimate applications but lies dormant until a specific logical event triggers it
Name characteristics of a rootkit.
+ rootkit is able to hide its prescence and the prescence of other malware
+ rootkit accesses “lower layers” of the operating system
+ the risk of a rootkit is less today than previously
Name 3 facts about keylogger.
+ keylogger can be used to capture passwords, credit card number, or personal information
+ hardware keylogger are installed between the keylogger connector and computer keyboard USB port
+ software keylogger can be desigend to send captured information back to the attacker through the internet
Name the psychological approaches used by attackers in social engineering.
+ familiarity + urgency
+ scarcity + familiarity
+ intimidation + trust
+ consensus
+ impersonation
Name items that would be helpful to find when dumpster diving.
+ calendars
+ organizational charts
+ memos
Why is adware hated by people?
+ it displays objectionable content
+ it can intefer with a user’s productivity
+ it can cause a computer to crash or slow down
Explain how a hash algorithm works and how it is primarily used.
A hash alogrithm creates a unique “digital fingerprint” of a set of data. This process is called hasing. It produces a resulting fingerprint called a digest that represents the contents. It is primarily used for comparision purposes.
Name the basic security protections for information using cryptography
+ authenticity
+ integrity
+ ciphertext
Which areas of a file can be used by stenography to hide date?
+ areas that contain content data itself
+ in teh file header fields that describe a file
+ in data that is used to describe the content or structure of the actual data
Which characteristics are applicable to secure hash algorithm?
+ collisions happen often
+ a message cannot be produced from a predfined hash
+ the results of a hash function should not be reversed
+ hash should always be the same fixed size
Name 4 protections that can be used in protecting data.
+ diffusion
+ confusion
+integrity
+ chaos
Name the benefits htat a digital signature provides.
+ verify the sender
+ prove the integrity of the message
+ enforce non-repudiation
Name 6 key exchanges/systems.
+ Diffe-Hellman-RSA (DHRSA)
+ Diffe-Hellman Ephemeral (DHE)
+ Diffe-Hellman (DH)
+ Elliptic-Curve Diffe-Helman (ECDH)
+ Public Key Exchange (PKE)
+ Perfect Forward Secrecy
Name 4 symmetric crypotographic algorithms.
+ data encryption standard
+ triple data encryption standard
+ advanced encryption standard
+ RCI
Name 4 asymmetric cryptographic algorithms.
+ SHA-2
+ ME-312
+ BTC-2
+ RSA
List the four stages of a certificate life cycle.
1) creation
2) suspension
3) revocation
4) expiration
Name the methods used to strengthen a key.
+ randomness
+ cryptoperiod
+ length
Name 4 clock ciphers.
+ Electronic Code Block (ECB)
+ Galois/Counter (GCM)
+ Counter (CTR)
+ Cipher Block Chaining (CBC)
Digital certificates can be used in which situations.
+ to encrypt channels to provide secure communication betweeen clients and servers
+ to verfiy the idtenty of clients and servers on the web
+ to encrypt messages for secure email communication
Name 4 trust models.
+ bridge
+ hierarchical
+ distributed
+ third-party trust
Name 4 facts about hierachical trust models.
+ designed for use on a small scale
+ root signals all digital certificate authorities with a signal key
+ it assigns a single hierarchy with one master CA
+ the master CA is called the root
Name 4 common attacks used by hackers.
+ Man-In-Middel (MITM)
+ Man-In-The-Browswer (MITB)
+ Replay
+ ARP poisoning
Name 3 actions that can be done in a SQL injection attack
+ erase a database table
+ display a list of customer telelphones numbers
+ discover the names of different fields in a table