Test 2

Question 1

What is Operation Security?

Answer 1

Operational Security (OPSEC) is a systematic and iterative process designed to identify, control, and protect sensitive information that could be exploited by adversaries.

Question 2

Who coined the term operations security?

Answer 2

The United States military during the Vietnam War

Question 3

What are the 5 steps of the Operation Security Process?

Answer 3

Critical Information
Identifying Threats
Assessing Vulnerabilities
Risk Analysis
Developing Countermeasures

Question 4

What is Critical Information

Answer 4

To identify our most critical information assets. What data would be particularly harmful to the organization if an adversary obtained it. This includes intellectual property, employees’ or customers’ personally identifiable information, financial statements, credit card data, and product research.

Question 5

What is Identifying Threats?

Answer 5

To identify who is a threat to the organization’s critical information. There may be numerous adversaries who target different information, and companies must consider any competitors or hackers who might target the data.

Question 6

What is Assessing Vulnerabilities

Answer 6

The organization examines potential weaknesses among the safeguards in place to protect critical information and identifies which ones leave it vulnerable. This step includes finding any potential lapses in physical and electronic processes designed to protect against the predetermined threats or areas where a lack of security awareness training leaves information open to attack.

Question 7

What is Risk Analysis?

Answer 7

To determine the threat level associated with each of the identified vulnerabilities. Companies rank the risks according to factors such as the chances a specific attack will occur and how damaging such an attack would be to operations. The higher the risk, the more pressing is the need to implement risk management

Question 8

What is Developing Countermeasures?

Answer 8

Once we have discovered what risks to our critical information might be present, we would then put measures in place to mitigate them. Such measures are referred to in operations security as countermeasures. In order to do the bare minimum, we need only to mitigate either the threat or the vulnerability.

Question 9

Haas Law of Operation Security

Answer 9

1. If you don’t know the threat, how do you know what to protect?
2. If you don’t know what to protect, how do you know you’re protecting it?
3. If you are not protecting it, the dragon wins.

Question 10

What is Human Error?

Answer 10

We can expect people to behave in unexpected or unusual ways, whether innocently, through ignorance, or maliciously. Whatever the case, providing security for this area can be a challenge.

Question 11

What are Strategies to Tackle Human Errors

Answer 11

Education and Awareness
Principle of Least Privilege
Monitoring

Question 12

List the 5 Core Components of Security Awareness (d)

Answer 12

Protecting data
Passwords
Social Engineering
Personal Equipment Usage
Clean Desk Policy

Question 13

What are the six principles of social influence?

Answer 13

Reciprocity
Commitment
Social Proof
Authority
Liking
Scarcity

Question 14

What is:
1. Reciprocity
2. Commitment
3. Social Proof
4. Authority
5. Liking
6. Scarcity

Answer 14

1. Hackers woo their targets with “helpful” advice or information about products and deals, or by sending them small gifts to gain their trust.
2. Hackers sometimes will trick victims into thinking they signed up for a service or subscription, and coerce them into making good on their “commitment” with payment and login details.
3. People will follow what they see other people are doing whether it’s a trusted figure using the same product, or standing in line with everyone else even if there isn’t a sign to do so.
4. People will follow orders from authority figures with less discretion than orders from their peers. This is why hackers will often pose themselves as managers or bosses when gaining access
5. Similar to deferring to authority, people will generally follow orders from people they like. Hackers rely on this by spoofing as friends or family members or establishing a rapport with their target before making an attack.
6. If something is rare or limited, then it becomes more desirable or urgent. This is why many ransomware attacks and phishing emails will have timers attached to them, disorienting the victims and making them panic.

Question 15

What are the 5 Social Engineering Techniques (almost malware)

Answer 15

Phishing:
Phishing involves the use of fraudulent emails, messages, or websites that appear to be from a trustworthy source to trick individuals into providing sensitive information, such as login credentials or financial details.
Water holing (reverse honey pot):
In a watering hole attack, attackers compromise websites that the targeted individuals or groups are known to visit regularly. By infecting these legitimate websites with malware, attackers exploit the trust users have in those sites to deliver malicious content to their systems.
Baiting:
Baiting involves offering something enticing, such as a free software download or USB drive, to lure individuals into taking actions that could compromise their security. For example, an attacker might leave infected USB drives in a public place, relying on someone to pick it up and use it on their computer.
Pretexting:
Pretexting involves creating a fabricated scenario or pretext to manipulate individuals into divulging sensitive information. This may include posing as a trusted entity or using a false identity to gain someone’s trust and extract information.
Tailgating:
Also known as piggybacking, tailgating occurs when an unauthorized person follows an authorized individual into a restricted area. This technique exploits the natural tendency of people to hold doors open for others or not to question someone who appears to be entering a secure area legitimately.

Question 16

What are choke points?

Answer 16

They funnel network traffic through certain points where we can inspect, filter, and control the traffic.

Question 17

What is Redundancy

Answer 17

Backups

Question 18

What are the 2 types of Network Attacks?
(like a game abilities)

Answer 18

Active:
An active attack is a network exploit in which a hacker attempts to make changes to data on the target or data en-route to the target. There are several different types of active attacks. However, in all cases, the threat actor takes some sort of action on the data in the system or the devices the data resides on. Attackers may attempt to insert data into the system or change or control data that is already in the system.
Passive:
A passive attack is characterized by the interception of messages without modification. There is no change to the network data or systems. The message itself may be read or its occurrence may simply be logged.

Question 19

DoS VS DDoS

Answer 19

Denial-of-service (DoS): floods a server with traffic, making a website or resource unavailable.
Distributed denial-of-service (DDoS) attack is a DoS attack that uses multiple computers or machines to flood a targeted resource.
Both types of attacks overload a server or web application with the goal of interrupting services.

Question 20

What are some Network Security Devices and Tools

Answer 20

Access control
Antivirus and anti-malware software
Application security
Data loss prevention
Distributed denial of service prevention
Email security
Firewalls.
Mobile device security
Web security
VPNs

Question 21

List the 3 types of Intrusion detection systems or IDSes

Answer 21

HIDes
NIDSes
Hybrid IDS

Question 22

Honeypots

Answer 22

A honeypot can detect, monitor, and sometimes tamper with the activities of an attacker. Honeypots are configured to deliberately display vulnerabilities or materials that would make the system attractive to an attacker. One of the interesting things about honeypots is that the vulnerabilities or data that is left out to bait the attacker is entirely false. In reality, honeypots are configured to display these items so that we can catch the attackers and monitor what they are doing on the system without their knowledge.

Question 23

Packet Sniffers

Answer 23

A network or protocol analyzer, also known as a packet sniffer, or just plain sniffer is a tool that can intercept traffic on a network, commonly referred to as sniffing. Sniffing basically amounts to listening for any traffic that the network interface of our computer or device can see, whether it was intended to be received by us or not.

Question 24

Port Scanners

Answer 24

A port scan is a method for determining which ports on a network are open. As ports on a computer are the place where information is sent and received, port scanning is analogous to knocking on doors to see if someone is home. Running a port scan on a network or server reveals which ports are open and listening (receiving information), as well as revealing the presence of security devices such as firewalls that are present between the sender and the target.

Question 25

What are HIDes

Answer 25

Host-based intrusion detection systems or HIDS are used to analyze the activities on or directed at the network interface of a particular host.

Question 26

NIDSes

Answer 26

A network-based intrusion detection system (NIDS) is used to monitor and analyze network traffic to protect a system from network-based threats.

Question 27

Hybrid IDS

Answer 27

Hybrid Intrusion Detection systems are systems that combine both Host-based IDS, which monitors events occurring on the host system, and Network-based IDS, which monitors network traffic, and functionality on the same security platform.
A Hybrid IDS, can monitor system and application events and verify a file system’s integrity like a Host-based IDS, but only serves to analyze network traffic destined for the device itself.

Question 28

List the Software Development Life Cycle 8 steps.

Answer 28

Planning
Requirements
Design
Build
Document
Test
Deploy
Maintain

Question 29

List Software development vulnerabilities

Answer 29

Buffer overflows
Race conditions
Input validation attacks
Authentication attacks
Authorization attacks
Cryptographic attacks

Question 30

What is a buffer overflow?

Answer 30

A buffer overflow is a programming error that occurs when a program writes more data to a block of memory, or buffer than it was allocated.

If we are taking data into an application, most programming languages will require that we specify the amount of data we expect to receive and set aside storage for that data. If we do not set a limit on the amount of data we take in, called bounds checking, we may receive 1000 characters of input where we had only allocated storage for 50 characters.

Question 31

What are Race Conditions?

Answer 31

Race conditions are software bugs that occur when the behavior of a program depends on the relative timing of events, leading to unpredictable outcomes when multiple threads or processes compete for shared resources.

Question 32

What is Input Validation?

Answer 32

Input validation is the process of inspecting and validating data entered by a user or received from an external system to ensure it meets specified criteria and prevents potentially malicious or unintended actions in software applications.

Question 33

Authentication and Authorization Attacks

Answer 33

Authentication and authorization attacks aim at gaining access to resources without the correct credentials. Authentication specifically refers to how an application determines who you are, and authorization refers to the application limiting your access to only that which you should see.

Question 34

Cryptographic Attacks/ Cryptanalysis

Answer 34

A cryptographic attack is a method of evading the security of a cryptographic system by finding a weakness in a code, cipher, cryptographic protocol, or key management scheme.

Question 35

What are the 2 types of Web Application Security attacks?

Answer 35

Client-side attacks:
Client-side attacks take advantage of weaknesses in the software loaded on our clients, or those attacks that use social engineering to trick us into going along with the attack.
Server-side attacks:
Server-side attacks involve exploiting vulnerabilities in a server or its software to compromise the integrity, confidentiality, or availability of the server and its associated resources.

Question 36

What must Database security protect?

Answer 36

The data in the database

The database management system (DBMS)

Any associated applications

The physical database server and/or the virtual database server and the underlying hardware

The computing and/or network infrastructure used to access the database

Question 37

What is Operating System Security?

Answer 37

Operating system security involves implementing measures to protect the integrity, confidentiality, and availability of a computer’s operating system, preventing unauthorized access and mitigating potential threats.

Question 38

List the 3 Operating System Security Functions

Answer 38

Separation
Memory Protection
Operating System Access Control

Question 39

What is Separation(Operating System Security Functions)

Answer 39

Separation in operating system security involves isolating processes and resources to ensure that they operate independently, preventing unauthorized interactions and potential security breaches.

Question 39

List some Physical Separation methods.

Answer 39

Air Gapping: Isolating a computer or network physically from external, unsecured networks to protect highly sensitive information.

Secure Facilities: Establishing restricted-access data centers with biometric authentication and physical barriers for safeguarding critical infrastructure.

Server Room Access Controls: Implementing locked doors with keycards or biometric scanners to limit entry to authorized personnel in server rooms or data centers.

Hardware Isolation: Physically segregating critical hardware components in locked cabinets or separate rooms to prevent unauthorized access or tampering.

Redundant Systems and Geographic Separation: Creating backups in different locations to ensure business continuity and data recovery in case of physical disasters.

Cable Management and Segregation: Organizing and securing network cables to prevent unauthorized access or accidental disconnection.

Physical Device Security: Implementing locks, encryption, and remote wipe capabilities for devices to prevent theft or unauthorized access to sensitive information.

Question 39

What are the 4 types of separation
(Operating System Security Functions)

Answer 39

Physical Separation
Temporal separation
Logical separation
Cryptographic separation

Question 40

ist some Temporal Separation methods.

Answer 40

Scheduled Maintenance Windows: Designating specific timeframes for system upkeep and updates to minimize disruptions and reduce exposure to potential vulnerabilities.

Time-Based Access Control: Restricting user access rights based on predefined timeframes, allowing access only during specified hours or days.

Time-Limited Session and Session Expiry: Setting time limits on user sessions, requiring re-authentication after inactivity, or limiting session durations to prevent unauthorized access.

Time-Stamping and Logging: Recording events and actions with precise timestamps for accurate tracking, forensic analysis, and accountability.

Backup Scheduling: Creating regular backup routines at specified times to ensure the availability of recent data copies for recovery purposes.

Time-Based Encryption Key Changes: Rotating encryption keys or certificates at regular intervals to bolster security against prolonged key exposure.

Time-Delayed Transactions or Processes: Introducing delays between transactions or actions to prevent rapid successive actions that might lead to exploitation or abuse.

Question 40

ist some Logical Separation methods.

Answer 40

Network Segmentation: Dividing a network into smaller, isolated segments using firewalls or VLANs to restrict access and contain potential security breaches.

Virtualization and Containerization: Creating isolated environments within a single physical system (virtual machines or containers) to run applications or services independently.

Access Controls and Role-Based Permissions: Utilizing permissions and access controls to grant specific privileges based on user roles or identities, limiting access to sensitive data or systems.

Sandboxes and Application Isolation: Running applications or processes in isolated environments (sandboxes) to prevent interactions with other parts of the system, reducing the impact of potential security vulnerabilities.

Software-Defined Networking (SDN): Employing programmable networks to create logical network segments and dynamically adjust network configurations for better security and flexibility.

API Access Controls: Implementing controls and authentication mechanisms for Application Programming Interfaces (APIs) to regulate access and interactions between software components or services.

Question 41

ist some Cryptographic Separation methods.

Answer 41

Encryption: Using algorithms to convert plaintext data into ciphertext, ensuring that only authorized individuals with decryption keys can access the original information.

Hashing: Creating fixed-size, irreversible representations of data through hash functions, used to verify data integrity and securely store passwords.

Digital Signatures: Using cryptographic techniques to validate the authenticity and integrity of digital messages or documents, ensuring they haven’t been altered and come from the expected sender.

Question 42

What is Memory Protection

Answer 42

Memory protection is a mechanism in computer systems that prevents a program from accessing the memory space allocated to other programs, enhancing system stability and security.

Question 43

Name the 2 types of Memory Protection

Answer 43

Memory segmentation
Memory paging

Question 44

What is Memory segmentation?

Answer 44

Memory segmentation: Dividing memory into segments and enforcing access controls on each segment to prevent unauthorized access or modification, enhancing system security by isolating different parts of memory and controlling their accessibility.

Question 45

What is Memory paging?

Answer 45

Memory paging: Dividing physical memory into fixed-size blocks called pages and using these pages to store and manage data and programs, allowing for more flexible memory allocation and enabling efficient virtual memory usage by swapping data between RAM and secondary storage (like a hard drive or SSD) when needed.

Question 46

What is Operating System Access Control

Answer 46

Access control for an operating system determines how the operating system implements access to system resources by satisfying the security objectives of integrity, availability, and confidentiality. Such a mechanism authorizes subjects (e.g., processes and users) to perform certain operations (e.g., read, write) on objects and resources of the OS (e.g., files, sockets).

Question 47

What are the 2 types of Operating System Access Control?

Answer 47

Mandatory Access Control (MAC)
Discretionary Access Control (DAC)

Question 48

What is MAC?

Answer 48

Mandatory Access Control (MAC) is a security model where access permissions are predefined and set by a system administrator, restricting users’ actions based on security labels and policies.

Question 49

What is DAC?

Answer 49

Discretionary Access Control (DAC) is a security model where access permissions are determined by the owner of an object, allowing users to control access to their own resources.

Question 50

What are some Operating System Protection Mechanisms

Answer 50

No Protection: No specific controls are in place; it’s like leaving a resource completely open without any security measures.

Isolation: Imagine different processes running on a computer as if they are in their own separate bubbles, not aware of each other’s presence or interfering with one another.

Share All or Share Nothing: Owners of resources decide whether everyone can access them (share all) or keep them private for themselves (share nothing).

Share via Access Limitation: Each user’s access to an object is checked against a list of rights or permissions, allowing or denying access based on what they’re allowed to do.

Share via Dynamic Capabilities: It’s like having different levels of sharing depending on who the owner is, who’s accessing it, the context of the situation, or specific attributes of the object.

Limit Use of an Object: Not only controlling who can access an object but also putting restrictions on how it can be used after access is granted, ensuring it’s used as intended and not misused.

Question 51

What is Operating System Hardening?

Answer 51

Operating system hardening involves patching and implementing advanced security measures to secure an operating system (OS).

Question 52

What is attack surface?

Answer 52

The attack surface refers to the sum of all possible points in a system, network, or application that could be exploited by an attacker to gain unauthorized access or compromise the system’s security.

Question 53

6 ways to decrease the attack surface.

Answer 53

1. Removing unnecessary software
2. Removing or turning off unessential services
3. Making alterations to common accounts
4. Applying the principle of least privilege
5. Applying software updates in a timely manner
6. Making use of logging and auditing functions