Sybex Flashcards

Question

What is a replay or playback attack?

Answer 1

A malicious user records the traffic between a client and a server and then retransmits them to the server with slight variations of the timestamp and source IP address. It is similar to hijacking.

Answer 2

Any activity that results in a malicious user obtaining information about a network or the traffic over that network. Data is captured using a sniffer or protocol analyzer.

Answer 3

Directing floods of messages to a victim’s email inbox or other messaging system. Such attacks cause DoS issues by filling up storage space and preventing legitimate messages from being delivered.

Answer 4

Patching software, reconfiguring security, employing firewalls, updating filters, using IDSs/IPSs, improving security policy, using traffic filters, improving physical access control, using system monitoring/auditing

Answer 5

Application (7), Presentation (6), Session (5), Transport (4), Network (3), Data Link (2), and Physical (1)

Answer 6

The Network layer (layer 3) offers confidentiality, authentication, and integrity.

Answer 7

Ring, bus, star, and mesh

Answer 8

Static packet filtering, application-level gateway, stateful inspection, dynamic packet filtering, and kernel proxy

Answer 9

Routers, switches, hubs, repeaters, bridges, gateways, proxies

Answer 10

Any system that performs a function or requests a service on behalf of another system. Proxies are most often used to provide clients with Internet access while protecting their identity.

Answer 11

IPsec, SKIP, SWIPE, SSL, S/MIME, SET, PEM, PGP, PPP, SLIP, PPTP, L2TP, CHAP, PAP, RADIUS, TACACS, S-RPC

Answer 12

Frame Relay, SMDS, SDH, SONET, X.25, ATM, SDLC, HDLC, ISDN

Answer 13

Frame Relay requires the use of a DTE and a DCE at each connection point. PVC is always available; SVC is established using the best paths currently available.

Answer 14

RADIUS, DIAMETER, and TACACS+

Answer 15

A process that protects the contents of packets by encapsulating them in another protocol. This creates the logical illusion of a communications tunnel through an untrusted intermediary network.

Answer 16

A virtual private network (VPN) is a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an intermediary network.

Answer 17

PPTP, L2TP, SSH, and IPsec (Note: SSL/TLS is a valid VPN protocol as well, but it’s not necessarily recognized on the exam as such.)

Answer 18

In transport mode, the IP packet data is encrypted, but the header is not. In tunnel mode, the entire IP packet is encrypted, and a new header is added to govern transmission through the tunnel.

Answer 19

Network Address Translation (NAT) allows the private IP addresses defined in RFC 1918 to be used in a private network while still being able to communicate with the Internet.

Answer 20

A characteristic of a service, security control, or access mechanism that ensures it is unseen by users

Answer 21

Nonrepudiation, access control, message integrity, source authentication, verified delivery, acceptable use policies, privacy, management, and backup and retention policies

Answer 22

Email is a common delivery mechanism for viruses, worms, Trojan horses, documents with destructive macros, and phishing attacks.

Answer 23

S/MIME, MOSS, PEM, and PGP

Answer 24

Always err on the side of caution whenever communications are odd or unexpected. Always request proof of identity. Identify what information can be conveyed via voice communications by classifying the information. Never change passwords over the phone.

Answer 25

Denial of service, eavesdropping, impersonation, replay, and modification

Answer 26

Maintaining physical access security, using encryption, employing one-time authentication methods

Answer 27

The modification of ARP mappings. When ARP mappings are falsified, packets are not sent to their proper destination. ARP mappings can be attacked through spoofing. Spoofing provides false MAC addresses for requested IP addressed systems to redirect traffic to alternate destinations.

Answer 28

Prevention of unauthorized intrusion, knowledge that information deemed personal or confidential won’t be shared with unauthorized entities, freedom from being observed without consent

Answer 29

Identification, authentication, authorization, and auditing

Answer 30

Nonrepudiation prevents a subject from claiming not to have sent a message, not to have performed an action, or not to have been the cause of an event.

Answer 31

Layering is the use of multiple controls in a series. The use of a multilayered solution allows for numerous controls to be brought to bear against whatever threats occur.

Answer 32

Abstraction is used to collect similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions.

Answer 33

Data hiding is preventing data from being known by a subject. Keeping a database from being accessed by unauthorized visitors is a form of data hiding.

Answer 34

A mechanism used to systematically manage change. Typically, it involves extensive logging, auditing, and monitoring of activities related to security controls and security solutions.

Answer 35

Implementation of changes in an orderly manner, formalized testing, ability to reverse changes, ability to inform users of changes, systematical analysis of changes, minimization of negative impact of changes

Answer 36

Data classification is the primary means by which data is protected based on categories of secrecy, sensitivity, or confidentiality.

Answer 37

Usefulness, timeliness, value or cost, maturity or age, lifetime or expiration period, disclosure damage assessment, modification damage assessment, national or business security implications, storage

Answer 38

Top secret, secret, confidential, sensitive, and unclassified

Answer 39

Confidential, private, sensitive, public

Answer 40

CIA Triad, confidentiality, integrity, availability, privacy, identification, authentication, authorization, auditing, accountability, and nonrepudiation

Answer 41

Have at least one witness; escort terminated employee off the premises immediately; collect identification, access, or security devices; perform exit interview; disable network account

Answer 42

The data owner is responsible for classifying information for protection within the security solution.

Answer 43

The data custodian is assigned the tasks of implementing the prescribed protection defined by the security policy and upper management.

Answer 44

The auditor is responsible for testing and verifying that the security policy is properly implemented and the derived security solutions are adequate.

Answer 45

Policies, standards, baselines, guidelines, and procedures

Answer 46

Analyzing an environment for risks, evaluating each risk as to its likelihood and damage, assessing the cost of countermeasures, and creating a cost/benefit report to present to upper management

Answer 47

Cost of purchase, development, maintenance, acquisition, and protection; value to owners/users/competitors; equity value; market valuation; liability of asset loss; and usefulness

Answer 48

Viruses; buffer overflows; coding errors; user errors; intruders (physical and logical); natural disasters; equipment failure; misuse of data, resources, or services; loss of data; physical theft; denial of service

Answer 49

The cost associated with a single realized risk against a specific asset. SLE = asset value (AV) * exposure factor (EF). The SLE is expressed in a dollar value.

Answer 50

The possible yearly cost of all instances of a specific realized threat against a specific asset. ALE = single loss expectancy (SLE) * annualized rate of occurrence (ARO).

Answer 51

Quantitative risk analysis assigns real dollar figures to the loss of an asset. Qualitative risk analysis assigns subjective and intangible values to the loss of an asset.

Answer 52

Reduce/mitigate, assign/transfer, accept, or reject/deny

Answer 53

Once countermeasures are implemented, the risk that remains is known as residual risk. Residual risk is the risk that management has chosen to accept rather than mitigate.

Answer 54

The amount of risk an organization would face if no safeguards were implemented. A formula for total risk is threats * vulnerabilities * asset value = total risk.

Answer 55

The difference between total risk and residual risk. The controls gap is the amount of risk that is reduced by implementing safeguards.

Answer 56

Awareness, training, and education

Answer 57

A strategic plan is a long-term plan that is fairly stable. The tactical plan is a midterm plan that provides more details. Operational plans are short term and highly detailed.

Answer 58

Foreign key

Answer 59

Polyinstantiation

Answer 60

Certification and accreditation

Answer 61

Site accreditation

Answer 62

Dedicated security mode

Answer 63

Boot sector

Answer 64

Macro virus

Answer 65

Delete the file, disinfect the file, or quarantine the file.

Answer 66

Polymorphic virus

Answer 67

Logic bomb

Answer 68

In the /etc/shadow file, much older systems may still use /etc/passwd.

Answer 69

Dumpster diving

Answer 70

SYN, SYN/ACK, ACK

Answer 71

It sends overlapping packet fragments to the victim machine.

Answer 72

Trap door (or back door)

Answer 73

When only one of the input bits is true

Answer 74

One-way function

Answer 75

Simple substitution

Answer 76

Key exchange

Answer 77

DSA, RSA, and ECDSA

Answer 78

Enrollment

Answer 79

Certificate authorities (CAs)

Answer 80

RSA public key cryptography and DES private key cryptography in connection with digital certificates

Answer 81

Authentication Header (AH), Encapsulating Security Payload (ESP), IP Payload Compression protocol (IPComp), and Internet Key Exchange (IKE)

Answer 82

Replay attack

Answer 83

The certificate was compromised, the certificate was erroneously issued, the certificate details changed, the private key was exposed, or there was a change of security association.

Answer 84

Asymmetric

Answer 85

Multithreading

Answer 86

System mode, privileged mode, supervisory mode, and kernel mode

Answer 87

Direct addressing

Answer 88

nonvolatile

Answer 89

Randomly and sequentially

Answer 90

BIOS or UEFI

Answer 91

Data hiding

Answer 92

Hiring practices, ongoing job performance reviews, and termination procedures

Answer 93

Job rotation, separation of duties, mandatory vacations, workstation change

Answer 94

Malware is the most common form of security breach in the IT world. Any communications pathway can be and is being exploited as a delivery mechanism for a virus or other malicious code.

Answer 95

Need to know is the requirement to have access to, knowledge of, or possession of data or a resource in order to perform specific work tasks.

Answer 96

Principle of least privilege

Answer 97

Due care is using reasonable care to protect the interest of an organization. Due diligence is practicing the activities that maintain the due care effort.

Answer 98

A secure environment should provide mechanisms to prevent the committal of illegal activities, which are actions that violate a legal restriction, regulation, or requirement.

Answer 99

Backup media should be handled with the same security precautions as any other asset with the same data classification.

Answer 100

Preventing disclosure, destruction, or alteration of data

Answer 101

Erasing, clearing, and overwriting media that will be used in the same classification environments; purging, sanitizing, and degaussing if media is used in different classification environments

Answer 102

Preventive, deterrent, detective, corrective, recovery, compensation, directive

Answer 103

To ensure compliance with security policy and to detect abnormalities, unauthorized occurrences, or outright crimes

Answer 104

Recording of event/occurrence data, examination of data, data reduction, use of event/occurrence alarm triggers, log analysis, logging, monitoring, using alerts, intrusion detection

Answer 105

To ensure that all of the necessary and required elements of a security solution are properly deployed and functioning as expected

Answer 106

To reconstruct an event, to extract information about an incident, to prove or disprove culpability

Answer 107

Information/intelligence gathering, war driving, sniffing, eavesdropping, radiation monitoring, dumpster diving, social engineering, port scanning, ping scanning, vulnerability scanning, war dialing, and actual compromise activities.

Answer 108

Address the issue in the security policy, perform awareness training, use content filtering tools to filter source or word content.

Answer 109

If the storage space, computing power, or networking bandwidth capacity is consumed by inappropriate or non-work-related (non-profit-producing) data, the organization loses money.

Answer 110

It can cause the disclosure of sensitive information, violating the principle of confidentiality.

Answer 111

Input validators and user training

Answer 112

The use of access controls (auditing and monitoring, for example) reduce fraud and theft.

Answer 113

Intensive auditing, monitoring for abnormal or unauthorized activity, keeping lines of communication open between employees and managers, and compensating and recognizing employees for excellence

Answer 114

Most safeguards and countermeasures protect against one specific threat or another, but it is not possible to protect against all possible threats that a cracker represents.

Answer 115

Malicious code is any script or program that performs an unwanted, unauthorized, or unknown activity on a computer system.

Answer 116

Quantitative

Answer 117

Maximum tolerable downtime (MTD)

Answer 118

SLE = AV * EF [Single Loss Expectancy = Asset Value * Exposure Factor]

Answer 119

ALE = SLE * ARO [Annualized Loss Expectancy = Single Loss Expectancy * Annual Rate of Occurrence]

Answer 120

Loss of goodwill among client base, loss of employees after prolonged downtime, social/ethical responsibilities to the community, and negative publicity

Answer 121

Ensure that people are safe.

Answer 122

Acceptance and mitigation

Answer 123

Computer-safe fire suppression systems and uninterruptible power supplies

Answer 124

To ensure the continuous operation of a business in the face of an emergency situation

Answer 125

Immediate response procedures, notification procedures, and secondary response procedures

Answer 126

Identification of priorities, risk identification, likelihood assessment, impact assessment, and resource prioritization

Answer 127

Disaster recovery planning (DRP)

Answer 128

Earthquakes, floods, storms, tornadoes, and fires

Answer 129

Federal Emergency Management Agency (FEMA)

Answer 130

Fire suppression system

Answer 131

Workgroup recovery

Answer 132

Hot sites, warm sites, and cold sites

Answer 133

Mobile site

Answer 134

Checklists

Answer 135

Full backups, incremental backups, and differential backups

Answer 136

Software escrow agreements

Answer 137

recovery, restoration (in either order)

Answer 138

By establishing a chain of evidence

Answer 139

Documentary evidence

Answer 140

Evidence must be relevant, material, and competent.

Answer 141

Government Information Security Reform Act

Answer 142

The trademark must not be confusingly similar to another trademark, and it must not be descriptive.

Answer 143

The invention must be new, useful, and nonobvious.

Answer 144

Indefinitely

Answer 145

Fourth Amendment

Answer 146

Children’s Online Privacy Protection Act

Answer 147

Family Educational Rights and Privacy Act

Answer 148

Terrorist attack

Answer 149

Scanning. The purpose of a scanning attack is to collect information. The real damage to the system occurs in later attacks.

Answer 150

Make sure your security policy restricts the introduction of untested files to your computer system. Have a good scanner with an up-to-date signature database. Frequently scan all files. Implement whitelisting of applications.

Answer 151

Scanning and denial of service. They can both potentially be stopped by filtering out the offending packets.

Answer 152

You must ensure that the evidence has not changed, and you must be able to validate its integrity.

Answer 153

The first place to look is in the system and network log files.

Answer 154

The incident reporting guidelines should be in your security policy.

Answer 155

Adherence to the (ISC)2 Code of Ethics is mandatory, and acceptance of the Code of Ethics is a condition of certification.

Answer 156

Because they are not recognized as incidents

Answer 157

Administrative physical security controls, technical physical security controls, physical controls for physical security

Answer 158

To discourage casual intruders, trespassers, prowlers, and would-be thieves

Answer 159

They are able to adapt and react to any condition or situation, are able to learn and recognize attack patterns, can adjust to a changing environment, and are able to make decisions and judgment calls.

Answer 160

Not all environments support them; prescreening, bonding, and training is not always effective; they are expensive, subject to illness, take vacations, and are vulnerable to social engineering.

Answer 161

They can be deployed as a perimeter security control and as detection and deterrent agents, they are costly and require high maintenance, and their use involves insurance and liability issues.

Answer 162

Fault, blackout, sag, brownout, spike, surge, inrush, noise, transient, clean, ground

Answer 163

Common mode noise is generated by the difference in power between the hot and ground wires. Traverse mode noise is generated by the difference in power between the hot and neutral wires.

Answer 164

A computer room should be kept at 60 to 75 degrees Fahrenheit (15 to 23 degrees Celsius). Humidity in a computer room should be maintained at between 40 and 60 percent.

Answer 165

Destruction of sensitive circuits

Answer 166

A Type C fire extinguisher is for use on electrical devices, thus the extinguishing agent is non-conductive, so the devices might use CO2, halon, or various alternatives.

Answer 167

Wet pipe system, dry pipe system, deluge system, preaction system

Answer 168

FM-200 (HFC-227ea), CEA-410 or CEA 308, NAF-S-III (HCFC Blend A), FE-13 (HCFC-23), Aragon (IG55) or Argonite (IG01), Inergen (IG541), and low-pressure water mists

Answer 169

Covert timing channel

Answer 170

Security token

Answer 171

Integrity verification procedure (IVP)

Answer 172

No read down

Answer 173

The US Department of Defense

Answer 174

Security kernel

Answer 175

The target of evaluation (TOE)

Answer 176

Category D (minimal protection)

Answer 177

Authentication Header (AH)

Answer 178

Mandatory access controls

Answer 179

Security perimeter

Answer 180

Certification

Answer 181

Analog communications occur with a continuous signal that varies in frequency, amplitude, and so on. Digital communications occur through the use of a state change of on-off pulses.

Answer 182

Synchronous communications rely on a timing or clocking mechanism. Asynchronous communications rely on a stop and start delimiter bit to manage transmission of data.

Answer 183

Baseband technology uses a direct current to support a single communication channel. Broadband technology uses frequency modulation to support multiple simultaneous signals.

Answer 184

A broadcast supports communications to all possible recipients. A multicast supports communications to multiple specific recipients. A unicast supports only a single communication to one recipient.

Answer 185

In circuit switching, a dedicated physical pathway is created between the two parties. Packet switching occurs when the message is broken up into segments and sent across the intermediary network.

Answer 186

The Point-to-Point Protocol (PPP) is an encapsulation protocol designed to support the transmission of IP traffic over dial-up or point-to-point links. PPP supports CHAP and PAP for authentication.

Answer 187

Common Object Request Broker Architecture (CORBA) is an international standard (sanctioned by the International Organization for Standardization) for distributed computing.

Answer 188

Denial. When access is not specifically granted, it should be denied by default. This is also known as implicit deny.

Answer 189

Defense in depth, multiple layers of security, concentric circles of security

Answer 190

A hybrid attack. Sometimes called a one-upped password attack.

Answer 191

Retina scans

Answer 192

A reference profile or a reference template

Answer 193

Any or all of them, including SESAME, KryptoKnight, NetSP, thin clients, directory services, and scripted access

Answer 194

The user’s password is hashed, and a timestamp is added.

Answer 195

A directory service

Answer 196

MAC, RBAC, TBAC

Answer 197

MAC (specifically, a hybrid MAC environment)

Answer 198

Contain or constrain the intrusion.

Answer 199

Format and reinstall from scratch.

Answer 200

Host-based IDS

Answer 201

Cable failures and misconfigurations

Answer 202

Plenum-rated cable

Answer 203

Plenum-rated cable

Answer 204

65, 536 (2^16) sockets (aka ports), numbered from 0 to 65,535

Answer 205

6, 17, 1, 2

Answer 206

169.254.0.1 to 169.254.255.254 along with the default Class B subnet mask of 255.255.0.0

Answer 207

Port 68 for client request broadcast and port 67 for server point-to-point response

Answer 208

Large terrestrial footprint

Answer 209

The D channel is used only for call management, not data.

Answer 210

Open relay SMTP servers

Answer 211

Disable automatic printing of received faxes.

Answer 212

Parallel run

Answer 213

Declassification

Answer 214

(ALE before safeguard – ALE after implementing the safeguard) – annual cost of safeguard = value of the safeguard to the company

Answer 215

One-to-one, one-to-many, and many-to-many

Answer 216

Select, Update, Delete, Insert, Grant, and Revoke

Answer 217

Bind variable

Answer 218

Concurrency

Answer 219

Database partitioning

Answer 220

Polyinstantiation

Answer 221

Aggregation

Answer 222

Decision support system

Answer 223

Bad coding

Answer 224

Stopping the environment, a STOP error, a BSOD

Answer 225

Reverse engineering

Answer 226

Polymorphism

Answer 227

Gantt chart

Answer 228

Program Evaluation Review Technique (PERT)

Answer 229

White-box testing

Answer 230

Black-box testing

Answer 231

Test data method

Answer 232

Kerckhoffs’s principle

Answer 233

Federal Information Processing Standards (FIPS-140-2)

Answer 234

Initialization vector (IV)

Answer 235

The leftmost bit

Answer 236

Clustering or key clustering

Answer 237

Zero-knowledge proof

Answer 238

Split knowledge

Answer 239

M of N control

Answer 240

Work function or work factor

Answer 241

Vigenère cipher

Answer 242

Frequency analysis

Answer 243

Period analysis

Answer 244

Stream ciphers

Answer 245

Asymmetric cryptography

Answer 246

CBC, CFB, OFB

Answer 247

0 to 2,048 bits

Answer 248

Confidentiality, integrity, authenticity/access control, and nonrepudiation

Answer 249

The sender

Answer 250

Analytic attack

Answer 251

Implementation attack

Answer 252

Statistical attack

Answer 253

Protection profile

Answer 254

Security target

Answer 255

Accreditation

Answer 256

Defense Information Technology Security Certification and Accreditation Process (DITSCAP)

Answer 257

Site, type, system

Answer 258

Safety of personnel

Answer 259

Actual Cost Value (ACV)

Answer 260

Hardware failures

Answer 261

Hot, warm, and cold sites; mobile sites; service bureaus; multiple sites; and reciprocal agreements

Answer 262

Full and incremental

Answer 263

Writable CDs, DVDs, and Blu-ray discs as well as flash drives. These and similar types of smaller capacity storage mechanisms are useful for holding smaller amounts of data than when compared to enterprise options such as multiterabyte hard drives and tapes.

Answer 264

Periodic backups

Answer 265

Communications Assistance for Law Enforcement Act (CALEA) of 1994

Answer 266

Economic and Protection of Proprietary Information Act of 1996

Answer 267

Physical, people

Answer 268

Deterrence, then denial, then detection, then delay

Answer 269

Electronic access control (EAC)

Answer 270

Processing capability

Answer 271

At what stage of a fire is a flame visible?

Answer 272

Overloaded electrical distribution outlets

Answer 273

In dropped ceilings, raised floors, server rooms, private offices and public areas, HVAC vents, elevator shafts, the basement, and so on

Answer 274

Human error

Answer 275

RIP, IGRP, BGP

Answer 276

Transport layer (OSI layer 4)

Answer 277

802.11 networking, Bluetooth (802.15), mobile phones, and cordless phones

Answer 278

900 MHz, 2.4 GHz, and 5 GHz

Answer 279

FHSS, DSSS, and OFDM

Answer 280

Personal area network (PAN)

Answer 281

A four-digit PIN

Answer 282

Wireless access points and wireless clients

Answer 283

Ad hoc or peer-to-peer

Answer 284

Stand-alone, wired extension, enterprise extended, and bridge

Answer 285

Open System Authentication (OSA) and Shared Key Authentication (SKA)

Answer 286

SYN, ACK, FIN, and RES (or RST)

Answer 287

8: echo request, 0: echo reply

Answer 288

A security concept infrastructure used to organize the complex security solution of companies.

Answer 289

White-box testing

Answer 290

Black-box testing

Answer 291

Gray-box testing

Answer 292

Any hardware, software, or organizational administrative policy or procedure that maintains confidentiality, integrity, and/or accountability also counts as an access control.

Answer 293

Confidentiality

Answer 294

Availability

Answer 295

Nonrepudiation

Answer 296

Authentication

Answer 297

Discretionary access control (DAC)

Answer 298

Mandatory access control (MAC)

Answer 299

Role-based access control (RBAC)

Answer 300

Rule-based access control

Answer 301

Concentric circle strategy

Answer 302

The principle of least privilege

Answer 303

Declassification

Answer 304

Degaussing

Answer 305

Directive control

Answer 306

Preventive control

Answer 307

Detective control

Answer 308

Compliance checking

Answer 309

Ethical hacker

Answer 310

Social engineering

Answer 311

Partial-knowledge team

Answer 312

Zero-knowledge team (performs black-box testing)

Answer 313

Record retention

Answer 314

Business continuity planning (BCP) is the preventive practice of establishing and planning for threats to business flow, including natural and unnatural risk and threats to daily operations.

Answer 315

Disaster recovery planning (DRP) is the practice of establishing and executing recovery actions as part of an emergency response following a disaster.

Answer 316

Natural disaster

Answer 317

Man-made disaster

Answer 318

Recovery strategy

Answer 319

Mobile site

Answer 320

Service bureaus lease computer time via contractual agreements and can meet an organization’s entire IT needs in the event of disaster or catastrophic failure.

Answer 321

A systematic effort to identify relationships between mission-critical applications, processes, and operations and all of the necessary supporting elements

Answer 322

Facility construction and selection, site management, personnel controls, security awareness training, emergency response, and procedures

Answer 323

Access controls; intrusion detection; alarm systems; closed-circuit television (CCTV); monitoring systems; heating, ventilation, and air conditioning (HVAC) systems; power supplies; fire detection and suppression systems

Answer 324

Fencing, lighting, locks, construction materials, mantraps, watchdogs, guards

Answer 325

Shoulder surfing

Answer 326

Masquerading

Answer 327

Piggybacking

Answer 328

Intrusion detection system (IDS)

Answer 329

An uninterruptible power supply (UPS) is a type of self-charging battery that can be used to supply consistent clean power to sensitive equipment.

Answer 330

Electromagnetic interference refers to any noise generated by electric current and can affect any means of data transmission or storage that relies on electromagnetic transport mechanisms.

Answer 331

The waterfall model is a sequential development process that results in the development of a finished product. Developers may step back only one phase in the process if errors are discovered. The spiral model uses several iterations of the waterfall model to produce a number of fully specified and tested prototypes. Agile development models place an emphasis on the needs of the customer and quickly developing new functionality that meets those needs in an iterative fashion.

Answer 332

Maturity models help software organizations improve the maturity and quality of their software processes by implementing an evolutionary path from ad hoc, chaotic processes to mature, disciplined software processes.

Answer 333

The three basic components of change control are request control, change control, and release control.

Answer 334

TEMPEST is a standard for the study and control of electronic signals produced by various types of electronic hardware, such as computers, televisions, phones, and so on. Its primary goal is to prevent EMI and RFI radiation from leaving a strictly defined area to eliminate the possibility of external radiation monitoring, eavesdropping, and signal sniffing.

Answer 335

Static testing evaluates the security of software without running it by analyzing either the source code or the compiled application. Static analysis usually involves the use of automated tools designed to detect common software flaws, such as buffer overflows.

Answer 336

Dynamic testing

Answer 337

Those that store, process, or transmit credit card account information

Answer 338

The increased use of third-party and cloud services

Answer 339

Media analysis, network analysis, software analysis, and hardware/embedded device analysis

Answer 340

Excessive privileges (also known as the violation of least privilege)

Answer 341

Creeping privileges or privilege creep

Answer 342

Rule-based access control

Answer 343

Fencing, lighting, locks, construction materials, mantraps, watchdogs, guards

Answer 344

Preventive control

Answer 345

Asset valuation

Answer 346

Threat modeling

Answer 347

Vulnerability analysis

Answer 348

Assets, threats, and vulnerabilities

Answer 349

Advanced persistent threat (APT)

Answer 350

Clipping levels

Answer 351

Audit trail

Answer 352

Check to ensure that users do not have excessive privileges and that accounts are managed appropriately

Answer 353

Violation of the principle of least privilege policy, as incidents of excessive privileges or creeping privileges

Answer 354

Privileged accounts such as administrator or root user accounts

Answer 355

Only people who have a need to know

Answer 356

Mandatory vacations

Answer 357

Purging, sanitization, or destruction

Answer 358

Encryption, GPS, password-protected screen locks, and remote wipe

Answer 359

Remote wipe

Answer 360

Sanitization

Answer 361

Data remanence

Answer 362

Evaluate, test, apply, and audit patches

Answer 363

Vulnerability scanner or a patch management system

Answer 364

Audit patches, or use a vulnerability scanner to verify patches have been applied

Answer 365

Vulnerability scanner

Answer 366

Vulnerability assessment

Answer 367

Change management

Answer 368

Change management

Answer 369

Detection, Response, Reporting, Recovery, and Remediation and Review

Answer 370

Remediation and Review

Answer 371

Protection of evidence

Answer 372

Computer security incident

Answer 373

Drive-by download

Answer 374

Education, policies, and tools

Answer 375

Zero-day exploit

Answer 376

SYN flood attack

Answer 377

Up-to-date antivirus software

Answer 378

Knowledge-based (also called signature-based or pattern-matching)

Answer 379

Behavior-based (also called statistical-intrusion detection or anomaly detection)

Answer 380

Upgrade the baseline

Answer 381

Knowledge and consent of management

Answer 382

Partial-knowledge team (performs gray-box testing)

Answer 383

Full-knowledge team (performs white-box testing)

Answer 384

Redundant array of independent disks (RAID)

Answer 385

Failover cluster

Answer 386

Uninterruptible power supply (UPS)

Answer 387

XXUAPRSF. The X represents two flags no longer used, followed by Urgent, Acknowledgment, Push, Reset, Synchronization, and Finish. You can memorize this flag order using the phrase “Unskilled Attackers Pester Real Security Folk.”

Answer 388

XXUAPRSF. The X represents two flags no longer used, followed by Urgent, Acknowledgment, Push, Reset, Synchronization, and Finish. You can memorize this flag order using the phrase “Unskilled Attackers Pester Real Security Folk.”

Answer 389

An attack using double-encapsulated IEEE 802.1Q VLAN tags to fool a switch into allowing traffic to jump to a different VLAN from which the traffic originated

Answer 390

Network Access Control (NAC) is a concept of controlling access to an environment through strict adherence to and implementation of security policy. The goals of NAC are to prevent/reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control.

Answer 391

The concept that each individual device must maintain local security whether or not its network or telecommunications channels provide or offer security. Sometimes this is expressed as the end device is responsible for its own security.

Answer 392

The beacon frame contains the SSID (i.e., network name) by default. This can be stopped using the Disable SSID Broadcast feature of a wireless access point.

Answer 393

WPA-2 (AES/CCMP)

Answer 394

Port authentication; basically a mechanism to proxy authentication from the local device to another dedicated authentication service within the network

Answer 395

A collection of techniques to discover that a wireless network is present at a given location

Answer 396

A hardware-imposed network segmentation created by switches used to manage traffic

Answer 397

1) Remote control, remote access, or remote desktop–like services. 2) A technology that can allow an automated tool to interact with a human interface, such as extracting information from web pages.

Answer 398

Technology used to host one or more operating systems within the memory of a single host computer. This mechanism allows virtually any OS to operate on any hardware. It also allows multiple operating systems to work simultaneously on the same hardware.

Answer 399

The first form exploits a vulnerability in hardware or software. This exploitation of a weakness, error, or standard feature of software to cause a system to hang, freeze, consume all system resources, and so on. The end result is that the victimized computer is unable to process any legitimate tasks. The second form floods the victim’s communication pipeline with garbage network traffic. Sometimes called a traffic generation or flooding attack.

Answer 400

Security management planning ensures proper creation, implementation, and enforcement of a security policy. Security management is a responsibility of upper management, not of the IT staff, and is considered a business operations issue rather than an IT administration issue.

Answer 401

Security governance is the collection of practices related to supporting, defining, and directing the security efforts of an organization. A common goal of organizational governance is to ensure that the organization will continue to exist and will grow or expand over time.

Answer 402

Third-party governance is the system of oversight that may be mandated by law, regulation, industry standards, or licensing requirements. The actual method of governance may vary but generally involves an outside investigator or auditor.

Answer 403

Documentation review is the process of not just reading the exchange materials but verifying it against standards and expectations. The documentation review is typically performed before any on-site inspection is performed.

Answer 404

The Goguen−Meseguer model is an integrity model based on predetermining the set or domain of objects that a subject can access. This model is based on automation theory and domain separation.

Answer 405

The Sutherland model is an integrity model focused on preventing interference in support of integrity. It is based on the idea of defining a set of system states, initial states, and state transitions. Through the use of and limitations to only these predetermined secure states, integrity is maintained and interference is prohibited.

Answer 406

The Graham–Denning model is focused on the secure creation and deletion of both subjects and objects. Ultimately, it is a collection of eight primary protection rules or actions that define the boundaries of certain secure actions.

Answer 407

Being able to launch individual instances of servers or services as needed, real-time scalability, and being able to run the exact needed OS version for the needed application

Answer 408

Trusted Platform Module (TPM) is a cryptoprocessor chip on a mainboard used to store and process cryptographic keys for the purposes of a hardware-supported or -implemented hard drive encryption system.

Answer 409

A hardware security module (HSM) is a cryptoprocessor used to manage/store digital encryption keys, accelerate crypto operations, support faster digital signatures, and improve authentication.

Answer 410

A concept of computing where processing and storage are performed elsewhere over a network connection rather than locally

Answer 411

Privacy concerns, regulation compliance difficulties, use of open/closed source solutions, adoption of open standards, and whether or not cloud-based data is actually secured (or even securable)

Answer 412

Platform as a Service (PaaS) is the concept of providing a computing platform and software solution stack as a virtual or cloud-based service.

Answer 413

Software as a Service (SaaS) is a derivative of Platform as a Service (PaaS). Software as a Service provides on-demand online access to specific software applications or suites without the need for local installation (or even local hardware and OS requirements in many cases).

Answer 414

Infrastructure as a Service (IaaS) takes the Platform as a Service (PaaS) model another step forward. It provides not just on-demand operating solutions but complete outsourcing options as well. This can include utility or metered computing services, administrative task automation, dynamic scaling, virtualization services, policy implementation and management services, and managed/filtered Internet connectivity.

Answer 415

Grid computing is a form of parallel distributed processing that loosely groups a significant number of processing nodes toward the completion of a specific processing goal.

Answer 416

The tendency for various technologies, solutions, utilities, and systems to evolve and merge over time. Often this results in multiple systems performing similar or redundant tasks or one system taking over the features and abilities of another. While in some instances this can result in improved efficiency and cost savings, it can also be an increased single point of failure and can become a more valuable target for hackers and intruders.

Answer 417

Sensitivity refers to the quality of information that could cause harm or damage if disclosed. Maintaining confidentiality of sensitive information helps to prevent harm or damage.

Answer 418

Discretion is an act of decision whereby an operator can influence or control disclosure in order to minimize harm or damage.

Answer 419

The level to which information is mission critical is its measure of criticality. The higher the level of criticality, the more likely the need to maintain the confidentiality of the information. High levels of criticality are essential to the operation or function of an organization.

Answer 420

Concealment is the act of hiding or preventing disclosure. Often concealment is viewed as a means of cover, obfuscation, or distraction.

Answer 421

Secrecy is the activity of keeping something a secret or preventing the disclosure of information.

Answer 422

Privacy refers to keeping information confidential that is personally identifiable or that might cause harm, embarrassment, or disgrace to someone if revealed.

Answer 423

Seclusion refers to storing something in an out-of-the-way location. This location can also provide strict access controls. Seclusion can help enforce confidentiality protections.

Answer 424

Isolation is the act of keeping something separated from others. Isolation can be used to prevent co-mingling of information or disclosure of information.

Answer 425

A business case is usually a documented argument or stated position in order to define a need to make a decision or take some form of action. To make a business case is to demonstrate a business-specific need to alter an existing process or choose an approach to a business task. A business case is often made to justify the start of a new project, especially a project related to security. It is also important to consider the budget that can be allocated to a business-need-based security project.

Answer 426

Threat modeling is the security process whereby potential threats are identified, categorized, and analyzed. Threat modeling can be performed as a proactive measure during design and development or as a reactive measure once a product has been deployed.

Answer 427

Secure by Design, Secure by Default, Secure in Deployment and Communication

Answer 428

To reduce the number of security-related design and coding defects. To reduce the severity of any remaining defects.

Answer 429

A proactive approach to threat modeling takes place during early stages of systems development, specifically during initial design and specifications establishment. This type of threat modeling is also known as a defensive approach. This method is based on predicting threats and designing in specific defenses during the coding and crafting process rather than relying on post-deployment updates and patches. A reactive approach to threat modeling takes place after a product has been created and deployed. This deployment could be in a test or laboratory environment or to the general marketplace. This type of threat modeling is also known as the adversarial approach. This technique of threat modeling is the core concept behind ethical hacking, penetration testing, source code review, and fuzz testing.

Answer 430

Focused on assets, focused on attackers, and focused on software.

Answer 431

Microsoft developed a threat categorization scheme known as STRIDE. STRIDE is often used in relation to assessing threats against applications or operating systems. However, it can also be used in other contexts as well. STRIDE is an acronym standing for Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege.

Answer 432

Reduction analysis is also known as decomposing the application, system, or environment. The purpose of this task it to gain a greater understanding of the logic of the product as well as its interactions with external elements. Whether an application, a system, or an entire environment, it needs to be divided into smaller containers or compartments.

Answer 433

Probability * Damage Potential, high/medium/low, or DREAD.

Answer 434

DREAD is a threat rating system designed to provide a flexible rating solution that is based on asking five main questions of each threat: Damage potential: How severe is the damage likely to be if the threat is realized? Reproducibility: How complicated is it for attackers to reproduce the exploit? Exploitability: How hard is it to perform the attack? Affected users: How many users are likely to be affected by the attack (as a percentage)? Discoverability: How hard is it for an attacker to discover the weakness?

Answer 435

Cross-training is often discussed as an alternative to job rotation. In both cases, workers learn the responsibilities and tasks of multiple job positions. However, in cross-training the workers are just prepared to perform the other job positions; they are not rotated through them on a regular basis. Cross-training enables existing personnel to fill the work gap when the proper employee is unavailable as a type of emergency response procedure.

Answer 436

Compliance is the act of conforming to or adhering to rules, policies, regulations, standards, or requirements. Compliance is an important concern to security governance.

Answer 437

A risk framework is a guideline or recipe for how risk is to be assessed, resolved, and monitored.

Answer 438

The Federal Information Security Management Act (FISMA), passed in 2002, requires that federal agencies implement an information security program that covers the agency’s operations. FISMA also requires that government agencies include the activities of contractors in their security management programs.

Answer 439

In 2009, Congress amended HIPAA by passing the Health Information Technology for Economic and Clinical Health (HITECH) Act. This law updated many of HIPAA’s privacy and security requirements and was implemented through the HIPAA Omnibus Rule in 2013.

Answer 440

Under the HITECH Breach Notification Rule, HIPAA-covered entities that experience a data breach must notify affected individuals of the breach and must also notify both the Secretary of Health and Human Services and the media when the breach affects more than 500 individuals.

Answer 441

Classifying and labeling assets.

Answer 442

Sensitive data is any information that isn’t public or unclassified. It can include confidential, proprietary, protected, or any other type of data that an organization needs to protect due to its value to the organization or to comply with existing laws and regulations.

Answer 443

Personally identifiable information (PII) is any information that can identify an individual.

Answer 444

Protected health information (PHI) is any health-related information that can be related to a specific person. In the US, the Health Insurance Portability and Accountability Act (HIPAA) mandates the protection of PHI.

Answer 445

Proprietary data refers to any data that helps an organization maintain a competitive edge. It could be software code it developed, technical plans for products, internal processes, intellectual property, or trade secrets. If competitors are able to access the proprietary data, it can seriously affect the primary mission of an organization.

Answer 446

Copyrights, patents, and trade secret laws provide protection for proprietary data.

Answer 447

Data at rest is any data stored on media such as system hard drives, external USB drives, storage area networks (SANs), and backup tapes. Data in transit (sometimes called data in motion) is any data transmitted over a network. This includes data transmitted over an internal network using wired or wireless methods and data transmitted over public networks such as the Internet. Data in use refers to data in temporary storage buffers while an application is using it.

Answer 448

When an organization no longer needs sensitive data, personnel should destroy it. Proper destruction ensures that it cannot fall into the wrong hands and result in unauthorized disclosure.

Answer 449

Data remanence is the data that remains on a storage device as residual and potentially recoverable data. Using system tools to delete data generally leaves much of the data remaining on the media, and widely available tools can easily undelete it. Even when you use sophisticated tools to overwrite the media, traces of the original data may remain.

Answer 450

Erasing media is simply performing a delete operation against a file, a selection of files, or the entire media. In most cases, the deletion or removal process removes only the directory or catalog link to the data. The actual data remains on the drive.

Answer 451

Clearing, or overwriting, is a process of preparing media for reuse and assuring that the cleared data cannot be recovered using traditional recovery tools. When media is cleared, unclassified data is written over all addressable locations on the media.

Answer 452

Purging is a more intense form of clearing that prepares media for reuse in less-secure environments. It provides a level of assurance that the original data is not recoverable using any known methods. A purging process will repeat the clearing process multiple times and may combine it with another method such as degaussing to completely remove the data. Even though purging is intended to remove all data remnants, it isn’t always trusted.

Answer 453

Declassification involves any process that purges media or a system in preparation for reuse in an unclassified environment. Purging can be used to prepare media for declassification, but often the efforts required to securely declassify media are significantly greater than the cost of new media for a less-secure environment.

Answer 454

Sanitization is a combination of processes that removes data from a system or from media. It ensures that data cannot be recovered by any means.

Answer 455

A degausser creates a strong magnetic field that erases data on some media in a process called degaussing. Technicians commonly use degaussing methods to remove data from magnetic tapes with the goal of returning the tape to its original state. While it is possible to degauss hard disks, it is not recommended. Degaussing a hard disk will normally destroy the electronics used to access the data.

Answer 456

Destruction is the final stage in the life cycle of media and is the most secure method of sanitizing media. When destroying media it’s important to ensure that the media cannot be reused or repaired and that data cannot be extracted from the destroyed media. Methods of destruction include incineration, crushing, shredding, disintegration, and dissolving using caustic or acidic chemicals. Some organizations remove the platters in highly classified disk drives and destroy them separately.

Answer 457

Scoping refers to reviewing baseline security controls and selecting only those controls that apply to the IT system you’re trying to protect. Tailoring refers to modifying the list of security controls within a baseline so that they align with the mission of the organization.

Answer 458

In 2012, the federal government design committee announced the selection of the Keccak algorithm as the SHA-3 standard. However as of mid-2015, the SHA-3 standard remains in draft form and some technical details still require finalization.

Answer 459

Digital rights management (DRM) software uses encryption to enforce copyright restrictions on digital media.

Answer 460

The cryptographic salt is a random value that is added to the end of the password before the operating system hashes the password. The salt is then stored in the password file along with the hash. It is used to help combat the use of brute-force attacks, including those aided by dictionaries and rainbow tables.

Answer 461

Transitive trust is the concept that if A trusts B and B trusts C, then A inherits trust of C through the transitive property, which works like it would in a mathematical equation: if A = B, and B = C, then A = C. In this example, when A requests data from B, then B requests data from C, the data that A receives is essentially from C. Transitive trust is a serious security concern because it may enable bypassing of restrictions or limitations between A and C.

Answer 462

Memory protection is used to prevent an active process from interacting with an area of memory that was not specifically assigned or allocated to it. Memory protection is a core security component that must be designed and implemented into an operating system. It must be enforced regardless of the programs executing in the system. Otherwise instability, violation of integrity, denial of service, and disclosure are likely results.

Answer 463

Flash memory is a derivative concept from EEPROM. It is a nonvolatile form of storage media that can be electronically erased and rewritten. The primary difference between EEPROM and flash memory is that EEPROM must be fully erased to be rewritten, while flash memory can be erased and written in blocks or pages.

Answer 464

UEFI (Unified Extensible Firmware Interface) is a more advanced interface (than BIOS) between hardware and the operating system, which maintains support for legacy BIOS services.

Answer 465

A local cache is anything that is temporarily stored on the client for future reuse. There are many local caches on a typical client, including ARP cache, DNS cache, and Internet files cache.

Answer 466

ARP cache poisoning is caused by an attack responding to ARP broadcast queries in order to send back falsified replies. A second form of ARP cache poisoning is to create static ARP entries.

Answer 467

HOSTS poisoning, authorized DNS server attack, caching DNS server attack, changing a DNS server address, and DNS query spoofing

Answer 468

Data analytics is the science of raw data examination with the focus of extracting useful information out of the bulk information set. The results of data analytics could focus on important outliers or exceptions to normal or standard items, a summary of all data items, or some focused extraction and organization of interesting information.

Answer 469

Big data refers to collections of data that have become so large that traditional means of analysis or processing are ineffective, inefficient, and insufficient. Big data involves numerous difficult challenges, including collection, storage, analysis, mining, transfer, distribution, and results presentation.

Answer 470

Parallel data systems or parallel computing is a computation system design to perform numerous calculations simultaneously. But parallel data systems often go far beyond basic multiprocessing capabilities. They often include the concept of dividing up a large task into smaller elements, then distributing each subelement to a different processing subsystem for parallel computation. This implementation is based on the idea that some problems can be solved efficiently if they are broken into smaller tasks that can be worked on concurrently.

Answer 471

An industrial control system (ICS) is a form of computer-management device that controls industrial processes and machines. ICSs are used across a wide range of industries, including manufacturing, fabrication, electricity generation and distribution, water distribution, sewage processing, and oil refining.

Answer 472

There are several forms of ICS, including distributed control systems (DCS), programmable logic controllers (PLC), and supervisory control and data acquisition (SCADA).

Answer 473

DCS units are typically found in industrial process plans where the need to gather data and implement control over a large-scale environment from a single location is essential. An important aspect of DCS is the controlling elements are distributed across the monitored environment, such as a manufacturing floor or a production line, while the centralized monitoring location sends commands out of those localized controllers while gathering status and performance data.

Answer 474

Programmable logic controller (PLC) units are effectively single-purpose or focused-purpose digital computers. They are typically deployed for the management and automation of various industrial electromechanical operations, such as controlling systems on an assembly line or a large-scale digital light display.

Answer 475

Supervisory control and data acquisition (SCADA) systems can operate as a stand-alone device, be networked together with other SCADA systems, or be networked with traditional IT systems. Most SCADA systems are designed with minimal human interfaces. Often, they use mechanical buttons and knobs or simple LCD screen interfaces.

Answer 476

A device owned by an individual can be referenced using any of these terms: portable device, mobile device, personal mobile device (PMD), personal electronic device or portable electronic device (PED), and personally owned device (POD).

Answer 477

Android is a mobile device OS based on Linux, which was acquired by Google in 2005. The Android source code is made open source through the Apache license, but most devices also include proprietary software. Although it’s mostly intended for use on phones and tablets, Android is being used on a wide range of devices, including televisions, game consoles, digital cameras, microwaves, watches, e-readers, cordless phones, and ski goggles.

Answer 478

iOS is the mobile device OS from Apple that is available on the iPhone, iPad, iPod, and Apple TV. iOS isn’t licensed for use on any non-Apple hardware. Thus, Apple is in full control of the features and capabilities of iOS.

Answer 479

Remote wipe lets you delete all data and possibly even configuration settings from a device remotely. The wipe process can be triggered over mobile phone service or sometimes over any Internet connection.

Answer 480

Storage segmentation is used to artificially compartmentalize various types or values of data on a storage medium. On a mobile device, the device manufacturer and/or the service provider may use storage segmentation to isolate the device’s OS and preinstalled apps from user-installed apps and user data.

Answer 481

Mobile device management (MDM) is a software solution to the challenging task of managing the myriad mobile devices that employees use to access company resources. The goals of MDM are to improve security, provide monitoring, enable remote management, and support troubleshooting. Many MDM solutions support a wide range of devices and can operate across many service providers. You can use MDM to push or remove apps, manage data, and enforce configuration settings both over the air (across a carrier network) and over Wi-Fi connections.

Answer 482

The storage of credentials in a central location is referred to as credential management. Given the wide range of Internet sites and services, each with its own particular logon requirements, it can be a burden to use unique names and passwords. Credential management solutions offer a means to securely store a plethora of credential sets.

Answer 483

Mobile devices with GPS support enable the embedding of geographical location (geo-tagging) in the form of latitude and longitude as well as date/time information on photos taken with these devices.

Answer 484

Application whitelisting is a security option that prohibits unauthorized software from being able to execute. Whitelisting is also known as deny by default or implicit deny. In application security, whitelisting prevents any and all software, including malware, from executing unless it’s on the preapproved exception list: the whitelist.

Answer 485

Bring-your-own-device (BYOD) is a policy that allows employees to bring their own personal mobile devices to work and use those devices to connect to (or through) the company network to business resources and/or the Internet. Although BYOD may improve employee morale and job satisfaction, it increases security risk to the organization.

Answer 486

An embedded system is a computer implemented as part of a larger system. The embedded system is typically designed around a limited set of specific functions in relation to the larger product of which it’s a component. It may consist of the same components found in a typical computer system, or it may be a microcontroller (an integrated chip with on-board memory and peripheral ports). Examples of embedded systems include network-attached printers, smart TVs, HVAC controls, smart appliances, smart thermostats, Ford SYNC (a Microsoft embedded system in vehicles), and medical devices.

Answer 487

A static system or static environment is a set of conditions, events, and surroundings that don’t change. In theory, once understood, a static environment doesn’t offer new or surprising elements. A static IT environment is any system that is intended to remain unchanged by users and administrators. The goal is to prevent or at least reduce the possibility of a user implementing change that could result in reduced security or functional operation.

Answer 488

Cyber-physical system is a term used to refer to devices that offer a computational means to control something in the physical world. In the past these might have been referred to as embedded systems, but the category of cyber-physical seems to focus more on the physical world results rather than the computational aspects.

Answer 489

Internet of Things (IoT) is the collection of devices that can communicate over the Internet with each other or with a control console in order to affect and monitor the real world. IoT devices might be labeled as smart devices or smart home equipment.

Answer 490

DNP3 (Distributed Network Protocol) is a multilayer protocol primarily used in the electric and water utility and management industries. It is used to support communications between data acquisition systems and the system control equipment. DNP3 is an open and public standard. DNP3 is a multilayer protocol that functions similarly to TCP/IP, in that it has link, transport, and transportation layers.

Answer 491

Converged protocols are the merging of specialty or proprietary protocols with standard protocols, such as those from the TCP/IP suite. The primary benefit of converged protocols is the ability to use existing TCP/IP supporting network infrastructure to host special or proprietary services without the need for unique deployments of alternate networking hardware. Common examples of converged protocols include FCoE, MPLS, iSCSI, and VOIP.

Answer 492

Fibre Channel over Ethernet (FCoE) can be used to support Fibre Channel communications over the existing network infrastructure. FCoE is used to encapsulate Fibre Channel communications over Ethernet networks. It typically requires 10 Gbps Ethernet in order to support the Fibre Channel protocol.

Answer 493

MPLS (multiprotocol label switching) is a high-throughput, high-performance network technology that directs data across a network based on short path labels rather than longer network addresses.

Answer 494

Internet Small Computer System Interface (iSCSI) is a networking storage standard based on IP. This technology can be used to enable location-independent file storage, transmission, and retrieval over LAN, WAN, or public Internet connections. iSCSI is often viewed as a low-cost alternative to Fibre Channel.

Answer 495

Voice over IP (VoIP) is a tunneling mechanism used to transport voice and/or data over a TCP/IP network. VoIP has the potential to replace or supplant PSTN because it’s often less expensive and offers a wider variety of options and features.

Answer 496

Software-defined network (SDN) is a unique approach to network operation, design, and management. SDN aims at separating the infrastructure layer (i.e., hardware and hardware-based settings) from the control layer (i.e., network services of data transmission management). Furthermore, this also removes the traditional networking concepts of IP addressing, subnets, routing, and so on from needing to be programmed into or be deciphered by hosted applications.

Answer 497

A captive portal is an authentication technique that redirects a newly connected wireless web client to a portal access control page. The portal page may require the user to input payment information, provide logon credentials, or input an access code

Answer 498

A site survey is a formal assessment of wireless signal strength, quality, and interference using a RF signal detector. A site survey is performed by placing a wireless base station in a desired location and then collecting signal measurements from the area. The signal measurements are overlaid onto a blueprint of the building to determine whether sufficient signal is present where needed, while minimizing signals outside the desired location.

Answer 499

A content-distribution network (CDN) or content delivery network is a collection of resource services deployed in numerous data centers across the Internet in order to provide low-latency, high-performance, high-availability of the hosted content.

Answer 500

These are private VLANs that are configured to use a dedicated or reserved uplink port. The members of a private VLAN or a port isolated VLAN can only interact with each other and over the predetermined exit port or uplink port. A common implementation of port isolation occurs in hotels.

Answer 501

Virtualization technology is used to host one or more operating systems within the memory of a single host computer. This mechanism allows virtually any OS to operate on any hardware. Such an OS is also known as a guest operating system. From the perspective that there is an original or host OS installed directly on the computer hardware, the additional OSes hosted by the hypervisor system are guests.

Answer 502

OAuth is an open SSO standard designed to work with HTTP, and it allows users to log on with one account. For example, users can log onto their Google account and use the same account to access Facebook and Twitter pages.

Answer 503

OpenID is also an open SSO standard but it is maintained by the OpenID Foundation rather than as an IETF RFC standard. OpenID can be used in conjunction with OAuth or on its own.

Answer 504

Identity as a Service, or Identity and Access as a Service (IDaaS), is a third-party service that provides identity and access management. IDaaS effectively provides SSO for the cloud and is especially useful when internal clients access cloud-based Software as a Service (SaaS) applications.

Answer 505

An advanced implementation of a rule-BAC is an attribute-based access control (ABAC) model. ABAC models use policies that include multiple attributes for rules. Many software-defined networking applications use ABAC models.

Answer 506

Security tests verify that a control is functioning properly. These tests include automated scans, tool-assisted penetration tests, and manual attempts to undermine security.

Answer 507

Security assessments are comprehensive reviews of the security of a system, application, or other tested environment. During a security assessment, a trained information security professional performs a risk assessment that identifies vulnerabilities in the tested environment that may allow a compromise and makes recommendations for remediation as needed.

Answer 508

Security audits use many of the same techniques followed during security assessments but must be performed by independent auditors.

Answer 509

Vulnerability scans automatically probe systems, applications, and networks looking for weaknesses that may be exploited by an attacker. The scanning tools used in these tests provide quick, point-and-click tests that perform otherwise tedious tasks without requiring manual intervention.

Answer 510

The most common tool used for network discovery scanning is an open source tool called nmap. Originally released in 1997, nmap is remarkably still maintained and in general use today. It remains one of the most popular network security tools, and almost every security professional either uses nmap regularly or used it at some point in their career.

Answer 511

Network vulnerability scans go deeper than discovery scans. They don’t stop with detecting open ports but continue on to actually probe a targeted system or network for the presence of known vulnerabilities. These tools contain databases of thousands of known vulnerabilities along with tests they can perform to identify whether a system is susceptible to each vulnerability in the system’s database.

Answer 512

When the scanner tests a system for vulnerabilities, it uses the tests in its database to determine whether a system may contain the vulnerability. In some cases, the scanner may not have enough information to conclusively determine that a vulnerability exists and it reports a vulnerability when there really is no problem. This situation is known as a false positive report and is sometimes seen as a nuisance to system administrators.

Answer 513

Far more dangerous than a false positive is when the vulnerability scanner misses a vulnerability and fails to alert the administrator to the presence of a dangerous situation. This error is known as a false negative report.

Answer 514

Web vulnerability scanners are special-purpose tools that scour web applications for known vulnerabilities. They play an important role in any security testing program because they may discover flaws not visible to network vulnerability scanners. When an administrator runs a web application scan, the tool probes the web application using automated techniques that manipulate inputs and other parameters to identify web vulnerabilities.

Answer 515

The penetration test goes beyond vulnerability testing techniques because it actually attempts to exploit systems. Security professionals performing penetration tests actually try to defeat security controls and break into a targeted system or application to demonstrate the flaw.

Answer 516

An example of a vulnerability scanner.

Answer 517

A penetration testing tool used to automatically execute exploits against targeted systems. Metasploit uses a scripting language to allow the automatic execution of common attacks, saving testers (and hackers!) quite a bit of time by eliminating many of the tedious, routine steps involved in executing an attack.

Answer 518

Code review is the foundation of software assessment programs. During a code review, also known as a peer review, developers other than the one who wrote the code review it for defects. Code reviews may result in approval of an application’s move into a production environment or they may send the code back to the original developer with recommendations for rework of issues detected during the review.

Answer 519

Planning Overview Preparation Inspection Rework Follow-up

Answer 520

Static testing evaluates the security of software without running it by analyzing either the source code or the compiled application. Static analysis usually involves the use of automated tools designed to detect common software flaws, such as buffer overflows.

Answer 521

Dynamic testing evaluates the security of software in a runtime environment and is often the only option for organizations deploying applications written by someone else. In those cases, testers often do not have access to the underlying source code.

Answer 522

Dynamic testing may include the use of synthetic transactions to verify system performance. These are scripted transactions with known expected results. The testers run the synthetic transactions against the tested code and then compare the output of the transactions to the expected state.

Answer 523

Fuzz testing is a specialized dynamic testing technique that provides many different types of input to software to stress its limits and find previously undetected flaws. Fuzz testing software supplies invalid input to the software, either randomly generated or specially crafted to trigger known software vulnerabilities.

Answer 524

Mutation (dumb) fuzzing takes previous input values from actual operation of the software and manipulates (or mutates) it to create fuzzed input. It might alter the characters of the content, append strings to the end of the content, or perform other data manipulation techniques. Generational (intelligent) fuzzing develops data models and creates new fuzzed input based on an understanding of the types of data used by the program.

Answer 525

The zzuf tool automates the process of mutation fuzzing by manipulating input according to user specifications.

Answer 526

Interface testing assesses the performance of modules against the interface specifications to ensure that they will work together properly when all of the development efforts are complete.

Answer 527

In some applications, there are clear examples of ways that software users might attempt to misuse the application. Software testers use a process known as misuse case testing or abuse case testing to evaluate the vulnerability of their software to these known risks.

Answer 528

While testing is an important part of any software development process, it is unfortunately impossible to completely test any piece of software. There are simply too many ways that software might malfunction or undergo attack. Software testing professionals often conduct a test coverage analysis to estimate the degree of testing conducted against the new software.

Answer 529

Number of open vulnerabilities Time to resolve vulnerabilities Number of compromised accounts Number of software flaws detected in preproduction scanning Repeat audit findings User attempts to visit known malicious sites

Answer 530

Entitlement refers to the amount of privileges granted to users, typically when first provisioning an account.

Answer 531

Segregation of duties is similar to a separation of duties and responsibilities policy, but it also combines the principle of least privilege. The goal is to ensure that individuals do not have excessive system access that may result in a conflict of interest.

Answer 532

Two-person control (often called the two-man rule) is similar to segregation of duties. It requires the approval of two individuals for critical tasks.

Answer 533

Versioning typically refers to version control used in software configuration management. A labeling or numbering system differentiates between different software sets and configurations across multiple machines or at different points in time on a single machine.

Answer 534

Vulnerabilities are commonly referred to using the Common Vulnerability and Exposures (CVE) dictionary. The CVE dictionary provides a standard convention used to identify vulnerabilities. MITRE maintains the CVE database, and you can view it here .

Answer 535

A distributed denial of service (DDoS) attack occurs when multiple systems attack a single system at the same time.

Answer 536

A distributed reflective denial of service (DRDoS) attack is a variant of a DoS. It uses a reflected approach to an attack. In other words, it doesn’t attack the victim directly but instead manipulates traffic or a network service so that the attacks are reflected back to the victim from other sources

Answer 537

A ping flood attack floods a victim with ping requests. This can be very effective when launched by zombies within a botnet as a DDoS attack. If tens of thousands of systems simultaneously send ping requests to a system, the system can be overwhelmed trying to answer the ping requests.

Answer 538

A drive-by download is code downloaded and installed on a user’s system without the user’s knowledge. Attackers modify the code on a web page, and when the user visits, the code downloads and installs malware on the user’s system without the user’s knowledge or consent.

Answer 539

War dialing means using a modem to search for a system that accepts inbound connection attempts.

Answer 540

A honeypot is an individual computer created as a trap for intruders. A honeynet is two or more networked honeypots used together to simulate a network. They look and act like legitimate systems, but they do not host data of any real value for an attacker.

Answer 541

A pseudo flaw is a false vulnerability or apparent loophole intentionally implanted in a system in an attempt to tempt attackers. They are often used on honeypot systems to emulate well-known operating system vulnerabilities.

Answer 542

A padded cell system is similar to a honeypot, but it performs intrusion isolation using a different approach. When an IDS detects an intruder, that intruder is automatically transferred to a padded cell.

Answer 543

Sandboxing provides a security boundary for applications and prevents the application from interacting with other applications. Anti-malware applications use sandboxing techniques to test unknown applications. If the application displays suspicious characteristics, the sandboxing technique prevents the application from infecting other applications or the operating system.

Answer 544

Security Information and Event Management (SIEM), Security Event Management (SEM), and Security Information Management (SIM)

Answer 545

Sampling, or data extraction, is the process of extracting specific elements from a large collection of data to construct a meaningful representation or summary of the whole. In other words, sampling is a form of data reduction that allows someone to glean valuable information by looking at only a small sample of data in an audit trail.

Answer 546

Egress monitoring refers to monitoring outgoing traffic to prevent data exfiltration, which is the unauthorized transfer of data. Some common methods used to prevent data exfiltration are data loss prevention techniques, looking for steganography attempts, and watermarking.

Answer 547

Data loss prevention (DLP) systems attempt to detect and block data exfiltration attempts. These systems have the capability of scanning data looking for keywords and data patterns.

Answer 548

A network-based DLP scans all outgoing data looking for specific data. An endpoint-based DLP can scan files stored on a system and files sent to external devices.

Answer 549

Steganography is the practice of embedding a message within a file.

Answer 550

Watermarking is the practice of embedding an image or pattern in paper that isn’t readily perceivable. It is often used with currency to thwart counterfeiting attempts. Similarly, organizations often use watermarking in digital documents and other types of files.

Answer 551

System resilience refers to the ability of a system to maintain an acceptable level of service during an adverse event. This could be a hardware fault managed by fault-tolerant components, or it could be an attack managed by other controls such as effective intrusion detection and prevention systems.

Answer 552

A failover cluster includes two or more servers, and if one of the servers fails, another server in the cluster can take over its load in an automatic process called failover. Failover clusters can include multiple servers (not just two), and they can also provide fault tolerance for multiple services or applications.

Answer 553

A fail-secure system will default to a secure state in the event of a failure, blocking all access

Answer 554

A fail-open system will fail in an open state, granting all access.

Answer 555

Quality of Service (QoS) controls protect the integrity of data networks under load. Many different factors contribute to the quality of the end user experience, and QoS attempts to manage all of those factors to create an experience that meets business requirements.

Answer 556

An operational investigation examines issues related to the organization’s computing infrastructure and has the primary goal of resolving operational issues.

Answer 557

A criminal investigation, typically conducted by law enforcement personnel, investigates the alleged violation of criminal law. A criminal investigation may result in charging suspects with a crime and the prosecution of those charges in criminal court.

Answer 558

A civil investigation typically does not involve law enforcement but rather involves internal employees and outside consultants working on behalf of a legal team. It prepares the evidence necessary to present a case in civil court resolving a dispute between two parties.

Answer 559

In legal proceedings, each side has a duty to preserve evidence related to the case and, through the discovery process, share information with their adversary in the proceedings. This discovery process applies to both paper records and electronic records, and the electronic discovery (or eDiscovery) process facilitates the processing of electronic information for disclosure.

Answer 560

Recent years marked the rise of sophisticated attackers known as advanced persistent threats (APTs). These attackers are well funded and have advanced technical skills and resources. They act on behalf of a nation-state, organized crime, terrorist group, or other sponsor and wage highly effective attacks against a very focused target in order to maintain persistent unauthorized access or effect.

Answer 561

A business attack focuses on illegally obtaining an organization’s confidential information. This could be information that is critical to the operation of the organization, such as a secret recipe, or information that could damage the organization’s reputation if disclosed, such as personal information about its employees.

Answer 562

The gathering of a competitor’s confidential information, also called industrial espionage, is not a new phenomenon. Businesses have used illegal means to acquire competitive information for many years. The temptation to steal a competitor’s trade secrets and the ease with which a savvy attacker can compromise some computer systems makes this type of attack attractive.

Answer 563

Financial attacks are carried out to unlawfully obtain money or services. They are the type of computer crime you most commonly hear about in the news. The goal of a financial attack could be to steal credit card numbers, increase the balance in a bank account, or place “free” long-distance telephone calls.

Answer 564

Terrorist attacks are a reality in modern society. Our increasing reliance on information systems makes them more and more attractive to terrorists. Such attacks differ from military and intelligence attacks. The purpose of a terrorist attack is to disrupt normal life and instill fear, whereas a military or intelligence attack is designed to extract secret information.

Answer 565

Grudge attacks are attacks that are carried out to damage an organization or a person. The damage could be in the loss of information or information processing capabilities or harm to the organization or a person’s reputation.

Answer 566

Thrill attacks are the attacks launched only for the fun of it.

Answer 567

Scanning attacks are reconnaissance attacks that usually precede another, more serious attack.

Answer 568

To ensure that the security control mechanisms built into a new application properly implement the security policy throughout the life cycle of the system

Answer 569

The word DevOps is a combination of Development and Operations, symbolizing that these functions must merge and cooperate to meet business requirements. The DevOps approach seeks to resolve these issues by bringing the three functions (software development, quality assurance, and technology operations) together in a single operational model.

Answer 570

An application programming interface (API) allows application developers to bypass traditional web pages and interact directly with the underlying service through function calls.

Answer 571

It acts as a central storage point for developers to place their source code. It may also provide version control, bug tracking, web hosting, release management, and communications functions that support software development.

Answer 572

Passive monitoring

Answer 573

Synthetic monitoring (or active monitoring)

Answer 574

Specifications, mechanisms, activities, and individuals

Answer 575

Six months

Answer 576

Common Vulnerability Scoring System (CVSS)

Answer 577

Inputs, behaviors, and outputsw

Answer 578

Anonymisation (or anonymization)

Answer 579

Pseudonymisation (or pseudonymization)

Answer 580

The European Union (EU) General Data Protection Regulation (GDPR). It replaced the EU Data Protection Directive, and it regulates the transfer of personal data in and out of the EU.

Answer 581

An authentication method often used by mobile device management (MDM) systems to identify mobile device users. It includes multiple elements such as the location of the user, the time of day, and the mobile device.

Answer 582

An attribute-based access control (ABAC) model is typically implemented in software defined networks (SDNs).

Answer 583

Rainbow table attacks. Bcrypt salts passwords.

Answer 584

A pepper can be added to a salt to add additional protection for passwords.

Answer 585

A salt adds extra bits to a password before hashing it to protect against rainbow table attacks.

Answer 586

A persistent virtual desktop infrastructure (VDI) maintains user desktop changes.

Answer 587

A combination of two or more private, public, and/or community clouds

Answer 588

Identification, authentication, authorization, auditing, and accounting

Answer 589

Sensitive But Unclassified (SBU) is used for data that is for internal use or office use only. Often SBU is used to protect information that could violate the privacy rights of individuals.

Answer 590

Stage I is Definition the Objectives (DO) for the Analysis of Risks, Stage II is Definition of the Technical Scope (DTS), Stage III is Application Decomposition and Analysis (ADA), Stage IV is Threat Analysis (TA), Stage V is Weakness and Vulnerability Analysis (WVA), Stage VI is Attack Modeling & Simulation (AMS), and Stage VII is Risk Analysis & Management (RAM).

Answer 591

Trike is another threat modeling methodology that focuses on a risk-based approach instead of depending upon the aggregated threat model used in STRIDE and DREAD. Trike provides a method of performing a security audit in a reliable and repeatable procedure. It also provides a consistent framework for communication and collaboration among security workers.

Answer 592

VAST (Visual, Agile, and Simple Threat) is a threat modeling concept based on Agile project management and programming principles. The goal of VAST is to integrate threat and risk management into an Agile programming environment on a scalable basis.

Answer 593

Onboarding is the process of adding new employees to the identity and access management (IAM) system of an organization. The onboarding process is also used when an employee’s role or position changes or when that person is awarded additional levels of privilege or access.

Answer 594

Offboarding is the reverse of this process. It is the removal of an employee’s identity from the identity and access management (IAM) system once that person has left the organization.

Answer 595

Risk deterrence is the process of implementing deterrents to would-be violators of security and policy. Some examples include implementation of auditing, security cameras, security guards, instructional signage, warning banners, motion detectors, strong authentication, and making it known that the organization is willing to cooperate with authorities and prosecute those who participate in cybercrime.

Answer 596

Risk avoidance is the process of selecting alternate options or activities that have less associated risk than the default, common, expedient, or cheap option. For example, choosing to fly to a destination instead of drive is a form of risk avoidance. Another example is to locate a business in Arizona instead of Florida to avoid hurricanes.

Answer 597

A Security Control Assessment (SCA) is the formal evaluation of a security infrastructure’s individual mechanisms against a baseline or reliability expectation. The SCA can be performed in addition to or independently of a full security evaluation, such as a penetration test or vulnerability assessment.

Answer 598

What is split-DNS?

Answer 599

TCP 53 is used for zone transfers (which includes most DNS server to DNS server communications), and UDP 53 is used for queries (which is any non-DNS system sending a query to a DNS server).

Answer 600

A type I hypervisor is a native or bare-metal hypervisor. In this configuration, there is no host OS; instead, the hypervisor installs directly onto the hardware where the host OS would normally reside. A type II hypervisor is a hosted hypervisor. In this configuration, a standard regular OS is present on the hardware, and then the hypervisor is installed as another software application.

Answer 601

Cloud storage is the idea of using storage capacity provided by a cloud vendor as a means to host data files for an organization. Cloud storage can be used as form of backup or support for online data services. Cloud storage may be cost effective, but it is not always high speed or low latency.

Answer 602

An on-premise solution is the traditional deployment concept in which an organization owns the hardware, licenses the software, and operates and maintains the systems on its own usually within their own building.

Answer 603

A hosted solution is a deployment concept where the organization must license software and then operates and maintains the software. The hosting provider owns, operates, and maintains the hardware that supports the organization’s software.

Answer 604

A cloud solution is a deployment concept where an organization contracts with a third-party cloud provider. The cloud provider owns, operates, and maintains the hardware and software. The organization pays a monthly fee (often based on a per-user multiplier) to use the cloud solution.

Answer 605

A private cloud is a cloud service within a corporate network and isolated from the Internet.

Answer 606

A public cloud is a cloud service that is accessible to the general public, typically over an Internet connection. Public cloud services may require some form of subscription or pay per use or may be offered for free.

Answer 607

A hybrid cloud is a mixture of private and public cloud components.

Answer 608

A community cloud is a cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange. This may allow for some cost savings compared to accessing private or public clouds independently.

Answer 609

Snapshots are backups of virtual machines. They offer a quick means to recover from errors or poor updates. It’s often easier and faster to make backups of entire virtual systems rather than the equivalent native hardware installed system.

Answer 610

A cloud access security broker (CASB) is a security policy enforcement solution that may be installed on-premises, or it may be cloud-based. The goal of a CASB is to enforce and ensure that proper security measures are implemented between a cloud solution and a customer organization.

Answer 611

Security as a Service (SECaaS) is a cloud provider concept in which security is provided to an organization through or by an online entity. The purpose of an SECaaS solution is to reduce the cost and overhead of implementing and managing security locally.

Answer 612

The cloud shared responsibility model is the concept that when an organization uses a cloud solution, there is a division of security and stability responsibility between the provider and the customer. The different forms of cloud service (such as SaaS, PaaS, and IaaS) may each have different levels or division points of shared responsibility.

Answer 613

Smart devices are a range of mobile devices that offer the user a plethora of customization options, typically through installing apps, and may take advantage of on-device or in-the-cloud artificial intelligence (AI) processing.

Answer 614

The Internet of Things (IoT) is a new subcategory or even a new class of smart devices that are Internet-connected in order to provide automation, remote control, or AI processing to traditional or new appliances or devices in a home or office setting.

Answer 615

The concept of COPE (company-owned, personally enabled) is for the organization to purchase devices and provide them to employees. Each user is then able to customize the device and use it for both work activities and personal activities.

Answer 616

The concept of CYOD (choose your own device) provides users with a list of approved devices from which to select the device to implement. A CYOD can be implemented so that employees purchase their own devices from the approved list (a BYOD variant) or the company can purchase the devices for the employees (a COPE variant).

Answer 617

A corporate-owned mobile strategy is when the company purchases the mobile devices that can support security compliance with the security policy. These devices are to be used exclusively for company purposes, and users should not perform any personal tasks on the devices. This often requires workers to carry a second device for personal use.

Answer 618

Virtual desktop infrastructure (VDI) is a means to reduce the security risk and performance requirements of end devices by hosting virtual machines on central servers that are remotely accessed by users. It is a means to retain storage control on central servers, gain access to higher levels of system processing and other resources, and allow lower-end devices access to software and services behind their hardware’s capacity.

Answer 619

Virtual mobile infrastructure (VMI) is a technology where the operating system of a mobile device is virtualized on a central server. Thus most of the actions and activities of the traditional mobile device are no longer occurring on the mobile device itself. This remote virtualization allows an organization greater control and security than when using a standard mobile device platform.

Answer 620

A cable plant is the collection of interconnected cables and intermediary devices (such as cross-connects, patch panels, and switches) that establish the physical network. Elements of a cable plant include entrance facility, equipment room, backbone distribution system, telecommunications room, and horizontal distribution system.

Answer 621

A Faraday cage is EM blocking enclosure, often a wire mesh that fully surrounds an area on all sides. This metal skin acts as an EMI absorbing capacitor (which is why it’s named after Michael Faraday, a pioneer in the field of electromagnetism) that prevents electromagnetic signals (emanations) from exiting or entering the area that the cage encloses.

Answer 622

White noise simply means broadcasting false traffic at all times to mask and hide the presence of real emanations.

Answer 623

A fully qualified domain names (FQDN) consists of three main parts: top-level domain (TLD), like the com in www.google.com; registered domain name, like the google in www.google.com; and subdomain(s) or hostname, like the www in www.google.com.

Answer 624

Every registered domain name has an assigned authoritative name server. The primary authoritative name server hosts the original zone file for the domain. Secondary authoritative name servers can be used to host read-only copies of the zone file. A zone file is the collection of resource records or details about the specific domain. There are dozens of possible resource records.

Answer 625

DNSSEC (Domain Name System Security Extensions) is a security improvement to the existing DNS infrastructure. The primary function of DNSSEC is to provide reliable authentication between devices during DNS operations. DNSSEC has been implemented across a significant portion of the DNS system. Each DNS server is issued a digital certificate, which is then used to perform mutual certificate authentication.

Answer 626

DNS poisoning is the act of falsifying the DNS information used by a client to reach a desired system. It can take place in many ways.

Answer 627

Rogue DNS server, planting false data in zone file, altering the HOSTS file, and corrupting IP configuration to change DNS lookup server address.

Answer 628

DNS pharming is the malicious redirection of a valid website’s URL or IP address to a fake website that hosts a false version of the original valid site. This is often part of a phishing attack where the attacker is attempting to trick victims into giving up their logon credentials.

Answer 629

Domain hijacking, or domain theft, is the malicious action of changing the registration of a domain name without the authorization of the valid owner. This may be accomplished by stealing the owner’s logon credentials; using XSRF, session hijacking, or MitM; or exploiting a flaw in the domain registrar’s systems.

Answer 630

In late 2017, a concept of attack known as KRACK (Key Reinstallation AttaCKs) was disclosed that is able to corrupt the initial four-way handshake between client and WAP into reusing a previously used key and in some cases use a key composed of only zeros.

Answer 631

WiFi Protected Setup (WPS) is a security standard for wireless networks. It is intended to simplify the effort involved in adding new clients to a well-secured wireless network. It operates by autoconnecting the first new wireless client to seek the network once the administrator triggered the feature by pressing the WPS button on the base station.

Answer 632

War chalking is a type of geek graffiti that some wireless hackers used during the early years of wireless (1997–2002). It’s a way to physically mark an area with information about the presence of a wireless network.

Answer 633

RFID (Radio Frequency Identification) is a tracking technology based on the ability to power a radio transmitter using current generated in an antenna when placed in a magnetic field. RFID can be triggered/powered and read from a considerable distance away (often hundreds of meters).

Answer 634

Evil twin is an attack in which a hacker operates a false access point that will automatically clone, or twin, the identity of an access point based on a client device’s request to connect.

Answer 635

Near field communication (NFC) is a standard that establishes radio communications between devices in close proximity. It lets you perform a type of automatic synchronization and association between devices by touching them together or bringing them within inches of each other.

Answer 636

SRTP (Secure Real-Time Transport Protocol, or Secure RTP) is a security improvement over RTP (Real-Time Transport Protocol) that is used in many VoIP (Voice over IP) communications. SRTP aims to minimize the risk of VoIP DoS through robust encryption and reliable authentication.

Answer 637

Opportunistic TLS for SMTP will attempt to set up an encrypted connection with every other email server in the event that it is supported; otherwise, it will downgrade to plaintext. Using opportunistic TLS for SMTP gateways reduces the opportunities for casual sniffing of email.

Answer 638

A broadcast storm is a flood of unwanted Ethernet broadcast network traffic.

Answer 639

VM escaping occurs when software within a guest OS is able to breach the isolation protection provided by the hypervisor in order to violate the container of other guest OSs or to infiltrate a host OS.