Teacher Highlights Flashcards
The model Microsoft uses for threat analysis and identification is called ___.
STRIDE
What does STRIDE stand for?
- Spoofing
- Tampering
- Repudiation
- Information disclosure
- Denial of Service
- Elevation of privilege
What is spoofing?
Pretending to be something or someone other than yourself.
What is tampering?
Modifying something on a disk, network, memory, or elsewhere.
What is repudiation?
Claiming you didn’t do something or were not responsible.
What is information disclosure?
Providing information to someone not authorized to have it
What is denial of service?
Exhausting resources needed to provide services to the user
What is elevation of privilege?
Allowing someone to do something they are not authorized to do.
A ____ is an aggregation of compromised computers, turning them into robots used by attackers.
botnet
What are the three types of network attacks?
Denial of Service, Distributed Denial of Service, Unauthorized Access
The following describes which network attack?
__ __ __ attacks are probably the nastiest, and most difficult to address. They are very easy to launch and often difficult (sometimes impossible) to track because of their timing. The intent is to send
more requests to a machine than it can handle, disrupting or even totally blocking user services.
Denial of Service
While a standard DoS attack comes from one computer, a __ __ __ __ attack, involves multiple computers sending requests, and is usually performed by a botnet.
Distributed Denial of Service
When it comes to Executing Commands Illicitly, there are two main classifications of users and their system access capability:
user access and administrator access
When it comes to Destructive Behavior, there are two major categories of break-ins and attacks:
Data Diddling and Data Destruction
___ ___ occurs when an attacker makes small changes or entries in records to change the original meaning. It is a form of computer fraud involving the intentional falsification of numbers in data entry.
Data Diddling
The term ___ ___ can be defined as the process of destroying the data stored on tapes, hard disks, and other forms of electronic media so that it is completely unreadable.
Data Destruction
___ is a non-technical or low-technology confidence trick (“con”) used for attacking information systems, often involving trickery or fraud.
Social Engineering
What are the two different types of phishing?
Spear Phishing and Whaling
___ ___ is a type of phishing that targets a specific group of individuals by sending messages that appeal to the group. Phishers may identify their targets by name using information collected from public sources such as social media.
Spear Phishing
___ is a specific form of spear phishing targeted at high-value individuals, such as a CEO or company board member. This type of target provides an especially high payoff for potential attackers
due to the type and amount of information they have access to.
Whaling
___ techniques attempt to acquire sensitive data, such as bank account numbers, passwords, email accounts, etc., through fraudulent solicitation via email, text messages, or websites. A perpetrator masquerades as a legitimate business or reputable person, often broadcasting messages to a wide audience of targets or individuals within an organization or otherwise. Imagine a fisherman casting a line into the water with a baited hook waiting for a victim to bite.
Phishing
___ tricks a victim by using their curiosity or greed against them. It encourages any user who happens to come across the bait to perform some action to trigger a trap, such as installing malware onto a device.
Baiting
Software is considered ___ because of the perceived intent of the creator rather than any features of the software itself.
malware
A ___ ___ is a type of virus planted on the system by installing a piece of software that contains some code that will not execute until a certain event occurs, such as a specific date.
logic bomb
___ is a type of malware that prevents or limits users from accessing their system. Attackers can encrypt a victim’s entire system, specific files, or they may lock the system’s screen until the victim pays a specified ransom to have their data unencrypted or unlocked by the attacker.
Ransomware
___ software is your system’s protection against viruses. Your system can contract viruses from websites, e-mail attachments, etc. ___ programs inspect the contents of each file. They search for a virus signature, that is, specific patterns that match a malicious profile of something known to be harmful. For each file that matches a signature, the ___ program provides options on how to respond, such as removing the offending patterns, quarantining the file, or deleting the file.
Anti-virus
When it comes to countermeasures, what are the steps of the response phase of an attack?
Tasks such as defining the attack, informing users of the attack, contain the intrusion, identifying the source, notifying all interested parties (to include legal authorities), and compiling detailed repair reports for the entire affected system
___ ___ ___ refers to efforts to enhance the security of the supply chain, the transport and logistics system for the cargo. It combines traditional practices of supply-chain management with the security requirements driven by threats such as terrorism, piracy, and theft.
Supply chain security
Typical supply-chain security activities include:
- Credentialing of participants in the supply chain.
- Screening and validating of the contents of cargo being shipped.
- Advance notification of the contents to the destination.
- Ensuring the security of cargo while in-transit via the use of locks and tamper-proof seals.
- Inspecting cargo on entry.
Cloud computing is a powerful business solution because it allows an organization to save on hardware and management costs while maintaining high availability. However, cloud computing often relies on a third party to handle your data, which could include sensitive information. Ensuring the third party is securing this data is an important prerequisite when considering moving in-house services off-site and putting them into the hands of a third party.
Third Party Data Storage
A third party in a supply chain is an intermediary, subcontracted individual, or company that provides a product or a service in support of the primary objectives of an organization. Support services can vary widely from janitorial services to software engineering, and more. Granting either ___ or ___ access to an organization’s information system, software code, or intellectual property can leave these assets vulnerable to exploitation through malicious actions or carelessness
physical or virtual
___ ___ ___ is a wired and wireless network security solution that allows control of access based on predefined conditions that systems must meet prior to being granted access to a network. Any system not meeting the conditions may be directed to a restricted network that allows the user to become compliant and then gain access to the main network. The restricted network does not grant access to network resources.
Network Access Control (NAC)
___ NAC utilizes software installed on clients which authenticates the client to the NAC for scanning before allowing network access. ___ NAC does not require agent software to be installed on a client. The authentication server will perform any required checks.
Agent-based
Agentless
NAC agents can be ___, thereby continuously monitoring the system it’s installed on, or they can be ___. ___ agents are installed on the device when it attempts to connect to the network. After scanning the device for compliance, the ___ NAC will either remove itself immediately, or it may remain on the device until the device disconnects from the network
permanent
dissolvable
However, the drawback to this authenticator is that if an account is compromised, a hacker can now access multiple servers rather than just one.
Single Sign On (SSO)
Which authentication method is the following referring to?
With ____, clients can access a network remotely by connecting to a ____ client which sends an authentication request via User Datagram Protocol (UDP) to a ____ server which either verifies or rejects the credentials, thereby granting or denying access. The 802.1X protocol can be used in conjunction with ____ on wireless networks and switches that support it.
RADIUS
Which authentication method is the following referring to?
___ is a newer AAA protocol that gives a more reliable and secure communication service through Transmission Control Protocol (TCP).
Diameter
What are the six SDLC phases?
- Requirements Gathering and Analysis
- Design
- Implementation
- Testing
- Deployment
- Maintenance
The code must be checked for functionality, that the application does what it’s designed to do. Developers should also input random invalid data into input fields to check for crashes, memory leaks, and other bugs. This process is known as fuzzing.
SDLC Phase “Testing”
Best practices dictate that software developers provide ___ ___, ensuring that when data is entered into an application and buttons are pressed, the desired result happens. Ensure that no possible keyboard characters leave room for manipulation by hackers.
input validation
Web sites and applications using ___ ____ can manipulate a system, obtaining full system access and potentially exploiting security vulnerabilities. On a Microsoft Internet browser, a user might be prompted to agree to run ___ ___. This practice should be discouraged.
ActiveX controls
____ data puts the information in an unreadable format until
an authorized person decrypts the data, which places it back to cleartext ( a readable format).
File Encryption
___ ___ ___ detects suspicious activity on a host or a network, logs it, and alerts system or network administrators.
Intrusion Detection System (IDS)
___ ___ ___ monitor hosts or networks for suspicious activity and take corrective action.
Intrusion Prevention Systems (IPS)
IDSs and IPSs can be either ____ (HIDS/HIPS) or ____ (NIDS/NIPS).
host-based
network-based
___ ___ has the system digitally sign bootup files. Only digitally signed bootup files will run. This process prevents someone from booting up a different operating system to gain access.
Secure boot
___ ___, or hardware encryption, applies very complex encryption more quickly than software encryption. Hardware encryption is done using chips physically installed in the system.
Device encryption
When using Full Disk Encryption (FDE), a ____ stores cryptographic keys used to encrypt the data. On Windows-based OS’s, BitLocker utilizes TPM.
Trusted Platform Module (TPM)
___ ___ ___ (HSM) Cryptographic processors can also be stored on a separate card that can be installed on a system. The HSM is an add-on device.
Hardware Security Module (HSM)
The ___ ___ is responsible for receiving packets from the sensor or collector and then performing the analysis on the packets to determine if they are suspicious.
analysis engine
The following describes which backup type?
This backup type backs up all files and folders. It does not rely on the archive bit to tell it what to backup, but it does clear the bit as each file is backed up. Restoring a ___ backup recovers all data that
may have been lost.
Full Backup
The following describes which backup type?
___ backups back up everything that has changed since the most recent full backup. ____ backups do not clear the archive bit.
Differential Backup
____ backups backup all data that has changed since the previous backup. ___ backups do clear the archive bit.
Incremental Backup
What are the three configuration management benefits?
- Benefit 1: Disaster Recovery
- Benefit 2: Uptime and Site Reliability
- Benefit 3: Scalability
The baseline configuration is the ___ ___ for all future baseline assessments.
starting point
When it comes to backup methods, it is a good business practice to store data where?
offsite
During a cyber incident process, how long do you have to determine if the event or incident AF Operational Reporting (OPREP-3) and/or
USSTRATCOM or USCYBERCOM Commander’s Critical Information Requirements (CCIR) reporting requirements?
within 1 hour
The first thing to do to prepare for handling security incidents within your organization is to make sure that you have an incident response team in place (also known as a computer incident response
team (CIRT). The first step is to..?
Create the team
Who are the four members typically found on a response team?
- Team Leader
- Technical Specialist
- Documentation Specialist
- Legal Advisor
The ____ zone is designed for visitors to your office location. Visitors typically do not need access to the private network or even the extranet zone; they typically just need Internet access to check
email and surf the Internet.
Guest zone
What are the three primary security zones?
- Private Zone - The Local Area Network resides in the private zone.
- Demilitarized Zone - The DMZ is an area between two firewalls
- Public Zone - The public zone is any network not controlled by the network administrator.
There are two major classes of firewalls:
software-based and hardware-based
NIDS is configured on the what?
Console
Web sites store ___ (small text files) client computers that contain user preferences and logon information on. If the text file is accessed by someone else, they can see the information on it.
Cookies
Files such as music, videos and software can be shared online between users using ____ applications, such as BitTorrent. This is a common method of transmitting malicious code.
Peer-to-peer (P2P) file sharing
___ are used to automate processes on a computer and for generating web pages. This creates an application security issue
because ___ can make modifications to a system without user input.
Scripting
Systems that provide centralization of authentication, authorization, and accounting are known as..?
Triple A (AAA)
A RADIUS client sends an authentication request via..?
UDP
Diameter is a newer AAA protocol that gives a more reliable and secure communication service through…?
TCP
During which SDLC phase does the following apply to?
The code must be checked for functionality, that the application does what it’s designed to do. Developers should also input random invalid data into input fields to check for crashes, memory leaks, and other bugs. This process is known as fuzzing.
Testing
