Teacher Highlights

Question 1

The model Microsoft uses for threat analysis and identification is called ___.

Answer 1

STRIDE

Question 2

What does STRIDE stand for?

Answer 2

• Spoofing
• Tampering
• Repudiation
• Information disclosure
• Denial of Service
• Elevation of privilege

Question 3

What is spoofing?

Answer 3

Pretending to be something or someone other than yourself.

Question 4

What is tampering?

Answer 4

Modifying something on a disk, network, memory, or elsewhere.

Question 5

What is repudiation?

Answer 5

Claiming you didn’t do something or were not responsible.

Question 6

What is information disclosure?

Answer 6

Providing information to someone not authorized to have it

Question 7

What is denial of service?

Answer 7

Exhausting resources needed to provide services to the user

Question 8

What is elevation of privilege?

Answer 8

Allowing someone to do something they are not authorized to do.

Question 9

A ____ is an aggregation of compromised computers, turning them into robots used by attackers.

Answer 9

botnet

Question 10

What are the three types of network attacks?

Answer 10

Denial of Service, Distributed Denial of Service, Unauthorized Access

Question 11

The following describes which network attack?

__ __ __ attacks are probably the nastiest, and most difficult to address. They are very easy to launch and often difficult (sometimes impossible) to track because of their timing. The intent is to send
more requests to a machine than it can handle, disrupting or even totally blocking user services.

Answer 11

Denial of Service

Question 12

While a standard DoS attack comes from one computer, a __ __ __ __ attack, involves multiple computers sending requests, and is usually performed by a botnet.

Answer 12

Distributed Denial of Service

Question 13

When it comes to Executing Commands Illicitly, there are two main classifications of users and their system access capability:

Answer 13

user access and administrator access

Question 14

When it comes to Destructive Behavior, there are two major categories of break-ins and attacks:

Answer 14

Data Diddling and Data Destruction

Question 15

___ ___ occurs when an attacker makes small changes or entries in records to change the original meaning. It is a form of computer fraud involving the intentional falsification of numbers in data entry.

Answer 15

Data Diddling

Question 16

The term ___ ___ can be defined as the process of destroying the data stored on tapes, hard disks, and other forms of electronic media so that it is completely unreadable.

Answer 16

Data Destruction

Question 17

___ is a non-technical or low-technology confidence trick (“con”) used for attacking information systems, often involving trickery or fraud.

Answer 17

Social Engineering

Question 18

What are the two different types of phishing?

Answer 18

Spear Phishing and Whaling

Question 19

___ ___ is a type of phishing that targets a specific group of individuals by sending messages that appeal to the group. Phishers may identify their targets by name using information collected from public sources such as social media.

Answer 19

Spear Phishing

Question 20

___ is a specific form of spear phishing targeted at high-value individuals, such as a CEO or company board member. This type of target provides an especially high payoff for potential attackers
due to the type and amount of information they have access to.

Answer 20

Whaling

Question 21

___ techniques attempt to acquire sensitive data, such as bank account numbers, passwords, email accounts, etc., through fraudulent solicitation via email, text messages, or websites. A perpetrator masquerades as a legitimate business or reputable person, often broadcasting messages to a wide audience of targets or individuals within an organization or otherwise. Imagine a fisherman casting a line into the water with a baited hook waiting for a victim to bite.

Answer 21

Phishing

Question 22

___ tricks a victim by using their curiosity or greed against them. It encourages any user who happens to come across the bait to perform some action to trigger a trap, such as installing malware onto a device.

Answer 22

Baiting

Question 23

Software is considered ___ because of the perceived intent of the creator rather than any features of the software itself.

Answer 23

malware

Question 24

A ___ ___ is a type of virus planted on the system by installing a piece of software that contains some code that will not execute until a certain event occurs, such as a specific date.

Answer 24

logic bomb

Question 25

___ is a type of malware that prevents or limits users from accessing their system. Attackers can encrypt a victim’s entire system, specific files, or they may lock the system’s screen until the victim pays a specified ransom to have their data unencrypted or unlocked by the attacker.

Answer 25

Ransomware

Question 26

___ software is your system’s protection against viruses. Your system can contract viruses from websites, e-mail attachments, etc. ___ programs inspect the contents of each file. They search for a virus signature, that is, specific patterns that match a malicious profile of something known to be harmful. For each file that matches a signature, the ___ program provides options on how to respond, such as removing the offending patterns, quarantining the file, or deleting the file.

Answer 26

Anti-virus

Question 27

When it comes to countermeasures, what are the steps of the response phase of an attack?

Answer 27

Tasks such as defining the attack, informing users of the attack, contain the intrusion, identifying the source, notifying all interested parties (to include legal authorities), and compiling detailed repair reports for the entire affected system

Question 28

___ ___ ___ refers to efforts to enhance the security of the supply chain, the transport and logistics system for the cargo. It combines traditional practices of supply-chain management with the security requirements driven by threats such as terrorism, piracy, and theft.

Answer 28

Supply chain security

Question 29

Typical supply-chain security activities include:

Answer 29

• Credentialing of participants in the supply chain.
• Screening and validating of the contents of cargo being shipped.
• Advance notification of the contents to the destination.
• Ensuring the security of cargo while in-transit via the use of locks and tamper-proof seals.
• Inspecting cargo on entry.

Question 30

Cloud computing is a powerful business solution because it allows an organization to save on hardware and management costs while maintaining high availability. However, cloud computing often relies on a third party to handle your data, which could include sensitive information. Ensuring the third party is securing this data is an important prerequisite when considering moving in-house services off-site and putting them into the hands of a third party.

Answer 30

Third Party Data Storage

Question 31

A third party in a supply chain is an intermediary, subcontracted individual, or company that provides a product or a service in support of the primary objectives of an organization. Support services can vary widely from janitorial services to software engineering, and more. Granting either ___ or ___ access to an organization’s information system, software code, or intellectual property can leave these assets vulnerable to exploitation through malicious actions or carelessness

Answer 31

physical or virtual

Question 32

___ ___ ___ is a wired and wireless network security solution that allows control of access based on predefined conditions that systems must meet prior to being granted access to a network. Any system not meeting the conditions may be directed to a restricted network that allows the user to become compliant and then gain access to the main network. The restricted network does not grant access to network resources.

Answer 32

Network Access Control (NAC)

Question 33

___ NAC utilizes software installed on clients which authenticates the client to the NAC for scanning before allowing network access. ___ NAC does not require agent software to be installed on a client. The authentication server will perform any required checks.

Answer 33

Agent-based
Agentless

Question 34

NAC agents can be ___, thereby continuously monitoring the system it’s installed on, or they can be ___. ___ agents are installed on the device when it attempts to connect to the network. After scanning the device for compliance, the ___ NAC will either remove itself immediately, or it may remain on the device until the device disconnects from the network

Answer 34

permanent
dissolvable

Question 35

However, the drawback to this authenticator is that if an account is compromised, a hacker can now access multiple servers rather than just one.

Answer 35

Single Sign On (SSO)

Question 36

Which authentication method is the following referring to?

With ____, clients can access a network remotely by connecting to a ____ client which sends an authentication request via User Datagram Protocol (UDP) to a ____ server which either verifies or rejects the credentials, thereby granting or denying access. The 802.1X protocol can be used in conjunction with ____ on wireless networks and switches that support it.

Answer 36

RADIUS

Question 37

Which authentication method is the following referring to?

___ is a newer AAA protocol that gives a more reliable and secure communication service through Transmission Control Protocol (TCP).

Answer 37

Diameter

Question 38

What are the six SDLC phases?

Answer 38

1. Requirements Gathering and Analysis
2. Design
3. Implementation
4. Testing
5. Deployment
6. Maintenance

Question 39

The code must be checked for functionality, that the application does what it’s designed to do. Developers should also input random invalid data into input fields to check for crashes, memory leaks, and other bugs. This process is known as fuzzing.

Answer 39

SDLC Phase “Testing”

Question 40

Best practices dictate that software developers provide ___ ___, ensuring that when data is entered into an application and buttons are pressed, the desired result happens. Ensure that no possible keyboard characters leave room for manipulation by hackers.

Answer 40

input validation

Question 41

Web sites and applications using ___ ____ can manipulate a system, obtaining full system access and potentially exploiting security vulnerabilities. On a Microsoft Internet browser, a user might be prompted to agree to run ___ ___. This practice should be discouraged.

Answer 41

ActiveX controls

Question 42

____ data puts the information in an unreadable format until
an authorized person decrypts the data, which places it back to cleartext ( a readable format).

Answer 42

File Encryption

Question 43

___ ___ ___ detects suspicious activity on a host or a network, logs it, and alerts system or network administrators.

Answer 43

Intrusion Detection System (IDS)

Question 44

___ ___ ___ monitor hosts or networks for suspicious activity and take corrective action.

Answer 44

Intrusion Prevention Systems (IPS)

Question 45

IDSs and IPSs can be either ____ (HIDS/HIPS) or ____ (NIDS/NIPS).

Answer 45

host-based
network-based

Question 46

___ ___ has the system digitally sign bootup files. Only digitally signed bootup files will run. This process prevents someone from booting up a different operating system to gain access.

Answer 46

Secure boot

Question 47

___ ___, or hardware encryption, applies very complex encryption more quickly than software encryption. Hardware encryption is done using chips physically installed in the system.

Answer 47

Device encryption

Question 48

When using Full Disk Encryption (FDE), a ____ stores cryptographic keys used to encrypt the data. On Windows-based OS’s, BitLocker utilizes TPM.

Answer 48

Trusted Platform Module (TPM)

Question 49

___ ___ ___ (HSM) Cryptographic processors can also be stored on a separate card that can be installed on a system. The HSM is an add-on device.

Answer 49

Hardware Security Module (HSM)

Question 50

The ___ ___ is responsible for receiving packets from the sensor or collector and then performing the analysis on the packets to determine if they are suspicious.

Answer 50

analysis engine

Question 51

The following describes which backup type?

This backup type backs up all files and folders. It does not rely on the archive bit to tell it what to backup, but it does clear the bit as each file is backed up. Restoring a ___ backup recovers all data that
may have been lost.

Answer 51

Full Backup

Question 52

The following describes which backup type?

___ backups back up everything that has changed since the most recent full backup. ____ backups do not clear the archive bit.

Answer 52

Differential Backup

Question 53

____ backups backup all data that has changed since the previous backup. ___ backups do clear the archive bit.

Answer 53

Incremental Backup

Question 54

What are the three configuration management benefits?

Answer 54

1. Benefit 1: Disaster Recovery
2. Benefit 2: Uptime and Site Reliability
3. Benefit 3: Scalability

Question 55

The baseline configuration is the ___ ___ for all future baseline assessments.

Answer 55

starting point

Question 56

When it comes to backup methods, it is a good business practice to store data where?

Answer 56

offsite

Question 57

During a cyber incident process, how long do you have to determine if the event or incident AF Operational Reporting (OPREP-3) and/or
USSTRATCOM or USCYBERCOM Commander’s Critical Information Requirements (CCIR) reporting requirements?

Answer 57

within 1 hour

Question 58

The first thing to do to prepare for handling security incidents within your organization is to make sure that you have an incident response team in place (also known as a computer incident response
team (CIRT). The first step is to..?

Answer 58

Create the team

Question 59

Who are the four members typically found on a response team?

Answer 59

1. Team Leader
2. Technical Specialist
3. Documentation Specialist
4. Legal Advisor

Question 60

The ____ zone is designed for visitors to your office location. Visitors typically do not need access to the private network or even the extranet zone; they typically just need Internet access to check
email and surf the Internet.

Answer 60

Guest zone

Question 61

What are the three primary security zones?

Answer 61

1. Private Zone - The Local Area Network resides in the private zone.
2. Demilitarized Zone - The DMZ is an area between two firewalls
3. Public Zone - The public zone is any network not controlled by the network administrator.

Question 62

There are two major classes of firewalls:

Answer 62

software-based and hardware-based

Question 63

NIDS is configured on the what?

Answer 63

Console

Question 64

Web sites store ___ (small text files) client computers that contain user preferences and logon information on. If the text file is accessed by someone else, they can see the information on it.

Answer 64

Cookies

Question 65

Files such as music, videos and software can be shared online between users using ____ applications, such as BitTorrent. This is a common method of transmitting malicious code.

Answer 65

Peer-to-peer (P2P) file sharing

Question 66

___ are used to automate processes on a computer and for generating web pages. This creates an application security issue
because ___ can make modifications to a system without user input.

Answer 66

Scripting

Question 67

Systems that provide centralization of authentication, authorization, and accounting are known as..?

Answer 67

Triple A (AAA)

Question 68

A RADIUS client sends an authentication request via..?

Answer 68

UDP

Question 69

Diameter is a newer AAA protocol that gives a more reliable and secure communication service through…?

Answer 69

TCP

Question 70

During which SDLC phase does the following apply to?

The code must be checked for functionality, that the application does what it’s designed to do. Developers should also input random invalid data into input fields to check for crashes, memory leaks, and other bugs. This process is known as fuzzing.

Answer 70

Testing