Udemy Sections 9-11: Application Security, Secure Software Development, and Network Design Flashcards

1
Q

T/F: It is best practice to immediately upgrade to the newest browser when it comes out.

A

False

New browsers can have bugs and security issues. It is best practice to wait to upgrade until issues have been fixed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

T/F: It is best practice to immediately download the newest patch when it comes out.

A

True

A patch means that there is a vulnerability that has been found and fixed through that patch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What two things should you take into consideration when choosing a browser?

A

Your OS
Your needs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

5 general security tips to secure your browser

A

Implement policies as an administrative control or technical control

Train your users

Use proxy servers to cache the website and reduce bandwidth usage

Use content filters to blacklist websites or categories of sites

Prevent malicious code by preventing ActiveX controls, Java applets, JavaScript, Flash, and other active content

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Text files placed on a client’s computer to store information about the user’s browsing habits, credentials, and other data

A

Cookies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A type of cookie commonly used by spyware to gather details about users. Includes information about what websites the user goes to, for how long, and what types of things the users click on.

A

Tracking cookie

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A type of cookie used to keep track of users and their preferences, including what is in virtual shopping carts.

Being used as a way to maintain a connection and a session between the user and the server.

A

Session cookie

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Since the common populace doesn’t like cookies, what type of tracking are organizations switching to?

A

Server-side tracking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A data file stored in your Windows user profile under the Flash folder inside of your AppData folder. It is created by visiting a website that runs a Flash application.

A

LSO (Locally Shared Object)
AKA Flash cookie

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does LSO stand for?

A

Locally Shared Object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is replacing Adobe Flash?

A

HTML5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Smaller browser extensions and plugins that provide additional functionality to the browser

A

Add-ons

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why is it best practice to not use any additional extensions or add-ons with your browser?

A

More code always means more vulnerability risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Browser configuration and settings for numerous options such as SSL/TLS settings, local storage/cache size, browsing history, etc.

A

Advanced security options

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which version of SSL is deprecated?

A

SSL 3.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which version of TLS is deprecated?

A

TLS 1.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The obvious first step to protect your documents from being viewed or modified. The Microsoft suite has this capability built-in.

A

Create a password for them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What can you set your documents to if you want them to be viewed, but not modified by others?

A

Read only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

By default, should you enable or disable macros?

A

Disable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What does MS Outlook use for email security?

A

Digital signatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The file type for a Microsoft Outlook data file (including archived emails)

A

.pst

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A Windows security component that prevents unauthorized access and avoids user error in the form of accidental changes.

It keeps every user besides the actual administrator account in a standard user mode. When an administrative action is taken, this triggers a pop-up to ask for credentials.

A

UAC (User Account Control)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

UAC stands for

A

User Account Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A cookie with this attribute is only sent to the server with an encrypted request over the HTTPS protocol. This keeps the contents of the cookie safe from MITM attacks.

A

Secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A cookie with this attribute is inaccessible to the JavaScript API; it’s only sent to the server.

A

HttpOnly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

This cookie attribute specify which hosts can receive a cookie.

A

Domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

This cookie attribute indicates a URL path that must exist in the requested URL in order to send the cookie header.

A

Path

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

This cookie attribute lets the servers specify whether/when cookies are sent with cross-site requests. This provides protection against CSRF attacks. This attribute has 2 variations: Strict and Lax.

A

SameSite

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

SDLC stands for

A

Software Development Life Cycle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

An organized process of developing a secure application throughout the life of the project. Based on the Waterfall Model.

A

SDLC (Software Development Life Cycle)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Phase 1 of the SDLC

A

Planning and analysis

The goals are determined, stakeholder needs are assessed, requirements are gathered, high-level planning is conducted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Phase 2 of the SDLC

A

Software/systems design

Application/system is defined, outlined, and diagramed in detail. Focus on the overarching inputs and outputs of each function that makes up the finalized software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Phase 3 of the SDLC

A

Implementation

Programmers code functions needed for the final product. Programmers perform basic debugging and testing to ensure it is functional.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Phase 4 of the SDLC

A

Testing

The code is tested through a myriad of testing methodologies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Phase 5 of the SDLC

A

Integration

The application/system is integrated into the larger network environment. This ensures that all the parts can interact effectively and correctly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Phase 6 of the SDLC

A

Deployment

Application/system is moved into the production environment where customers and end users can utilize it to perform their work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Phase 7 of the SDLC

A

Maintenance

Bugs and vulnerabilities are always found. Programmers roll out patches and updates. Also includes end user training on the new software/system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

The 7 phases of the SDLC

A

Planning and analysis
Software/systems design
Implementation
Testing
Integration
Deployment
Maintenance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

The SDLC phase where programmers roll out patches and updates. Also includes end user training on the new software/system.

A

Phase 7: Maintenance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

The SDLC phase where the application/system is moved into the production environment where customers and end users can utilize it to perform their work.

A

Phase 6: Deployment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

The SDLC phase where the application/system is integrated into the larger network environment. This ensures that all the parts can interact effectively and correctly.

A

Phase 5: Integration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

The SDLC phase where the code is tested through a myriad of testing methodologies

A

Phase 4: Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

The SDLC phase where programmers code functions needed for the final product. Programmers perform basic debugging and testing to ensure it is functional.

A

Phase 3: Implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

The SDLC phase where the application/system is defined, outlined, and diagramed in detail. Focus on the overarching inputs and outputs of each function that makes up the finalized software.

A

Phase 2: Software/systems design

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

The SDLC phase where the goals are determined, stakeholder needs are assessed, requirements are gathered, high-level planning is conducted.

A

Phase 1: Planning and analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

PSITIDM is an acronym (I created) for…

A

The 7 SDLC phases.

Planning and analysis
Software/systems design
Implementation
Testing
Integration
Deployment
Maintenance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

In the version Windows 10 v10.0.12425, which number is the major number?

A

10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

In the version Windows 10 v10.0.12425, which number is the minor number?

A

0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

In the version Windows 10 v10.0.12425, which number is the build number?

A

12425

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What is the additional phase that is only sometimes mentioned of the SDLC?

A

Phase 8: Retirement

Usually included with Phase 7: Maintenance, but not always

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Software development that is performed in time-boxed or small increments to allow more adaptivity to change

A

Agile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

DevOps stands for

A

Software development and IT operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

A way of conducting business where software developers and IT operations personnel work closely together to speed up development and deployment of applications to deliver to the end user quicker.

It is best to include security personnel as well to ensure good security despite the quick deadline.

A

DevOps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

CIA stands for

A

Confidentiality
Integrity
Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Most common way of ensuring Confidentiality

A

Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

2 main ways of ensuring Integrity

A

Hash algorithms
Journaling and logging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Most common way of ensuring Availability

A

Redundancy in the overall system design

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

A structured representation of all the information that affects the security of an application. Involves using hypothetical scenarios, system diagrams, and testing to help secure systems and data.

A

Threat modeling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What practice helps prioritize vulnerability identification and patching?

A

Threat modeling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

In the SDLC, when should you begin to think about security?

A

From the beginning: Planning and analysis and Implementation phases

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Users and processes should be run using the least amount of access necessary to perform a given function

A

Lease privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

The layering of security controls that is more effective and secure than relying on a single control

A

Defense in depth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

The idea that any input received from a user should undergo input validation prior to allowing it to be utilized by an application

A

Never trust user input

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Reducing the amount of code used by a program, eliminating unneeded functionality, and requiring authentication prior to running additional plugins is all called…

(Hint: It’s not hardening.)

A

Minimizing attack surface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

The idea that default installations should include secure configurations instead of requiring an administrator or user to add in additional security

A

Secure defaults

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Applications should be deployed using _____ to ensure the program is not changed prior to delivery to an end user

A

Code signing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Code signing enables what?

A

Authenticity and integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

The idea that applications should be coded to properly conduct error handling for exceptions in order to fail securely instead of crashing

A

Fail securely

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

SDK stands for

A

Software Development Kit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

This allows a programmer to reuse code from other programmers to save time and effort.

A

SDK (Software Development Kit)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

T/F: You should make sure SDKs come from trusted sources to ensure no malicious code is being added.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Black-box, white-box, and gray-box testing are all forms of what kind of testing?

A

System testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Occurs when a tester is not provided with any information about the system/program prior to conducting the test

A

Black-box testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

Occurs when a tester is provided full details of a system including the source code, diagrams, and user credentials in order to conduct the test

A

White-box testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

Occurs when a tester is given some information of a system that they are going to test.

A

Gray-box testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

An error that occurs while the computer is running

A

Run-time error

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

An error that causes the computer to cease running due to a coding error

A

Syntax error

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

Another word for error is

A

Exception

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

An exception handling mechanism that provides control over what the application should do when faced with a runtime or syntax error.

A

SEH (Structured Exception Handling)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

SEH stands for

A

Structured Exception Handling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

A method used to verify that information received from a user matches a specific format or range of values

A

Input validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

A type of code analysis where the source code of an application is reviewed manually or with automatic tools without running the code

A

Static analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

A type of code analysis that occurs when a program is tested while it is being executed or run

A

Dynamic analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

Injection of randomized data into a software program in an attempt to find system failures, memory leaks, error handling issues, and improper input validation

A

Fuzzing
AKA fuzz test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

Code placed in computer programs to bypass normal authentication and other security mechanisms

A

Backdoors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

T/F: Backdoors are part of security best practice.

A

False

Backdoors are never good to use. They provide a vulnerability for an attacker to exploit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

A method of accessing unauthorized directories by moving through the directory structure on a remote server.

A

Directory traversal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

Anytime you see ../ in a URL, what type of exploit is it?

A

Directory traversal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

Occurs when an attacker is able to execute or run commands on a victim computer

A

Arbitrary code execution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

Occurs when an attacker is able to execute or run commands on a remote computer

A

RCE (Remote Code Execution)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

RCE stands for

A

Remote Code Execution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

A vulnerability that allows RCE to occur has what classification under the CVSS?

A

Critical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

An attack against a vulnerability that is unknown to the original developer/manufacturer.

A

Zero-day attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

Occurs when a process stores outside the memory range allocated by the devleoper

A

Buffer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

A temporary storage area that a program uses to store data

A

Buffer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

T/F: Over 85% of data breaches were caused by a buffer overflow

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

Reserved area of memory where the program saves the return address when a function call instruction is received

A

Stack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

Occurs when an attacker places too much information into a stack or changes the value of the Return Pointer to overwrite the return address of the Pointer so it will point to a different place in a stack where they have placed their malicious code.

A

Buffer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

Occurs when an attacker fills up a buffer with NOP so that the return address may hit a NOP and continue on until it finds the attacker’s code to run

A

Smash the Stack

100
Q

NOP stands for

A

Non-Operation Instruction

101
Q

A piece of code that tells a program to do nothing and to go to the next piece of instruction

A

NOP (Non-Operation Instruction)

102
Q

Occurs when a program goes from NOP to NOP until it hits a final return pointer, usually to malicious code.

A

NOP slide

103
Q

ASLR stands for

A

Address Space Layout Randomization

104
Q

A method used by programmers to randomly arrange the different address spaces used by a program or process to prevent buffer overflow exploits. The attacker has difficulty guessing where the Return Pointer is in a stack.

A

ASLR (Address Space Layout Randomization)

105
Q

A security exploit that attempts to extract secrets from a chip or a system. This can be achieved by measuring or analyzing various physical parameters. Examples include supply current, execution time, and electromagnetic emission.

A

Side-channel attack

106
Q

An attack where the attacker attempts to put more data into memory than it is designed to hold

A

Buffer overflow

107
Q

Occurs when an attacker embeds malicious scripting commands into a trusted website. This allows the attacker to steal the victim’s cookies or steal other information from a victim’s web browser.

A

XSS (Cross-site scripting)

108
Q

In a XSS attack, is the victim the website, or the viewer?

A

The viewer

109
Q

This XSS attack attempts to get data provided by the attacker to be saved on the web server by the victim

A

Stored/persistent XSS

110
Q

This XSS attack attempts to have a non-persistent effect activated by a victim by clicking a link on the site

A

Reflected

111
Q

This XXS attack attempts to exploit the victim’s web browser.

A

DOM-based (Document Object Model)
AKA client-side XSS

112
Q

Part of a user’s web browser that is an API for web documents (HTML and XML). It defines the logical structure of documents and the way a document is accessed and manipulated.

A

DOM (Document Object Model)

113
Q

The process of ensuring that any data sent to a client is safe and won’t cause unintended consequences on the client side. It transforms user-supplied or untrusted data into a safe format that does not interfere with the intended functionality or appearance of a web page.

A

Output encoding

114
Q

The process that prevents malicious or inappropriate data from entering your system.

A

Input validation

115
Q

The 2 main ways to prevent XSS (as the website programmer)

A

Output encoding
Input validation

116
Q

2 main ways to protect yourself (as the end user) from XSS

A

Increasing security settings for cookie storage

Disabling scripting languages when browsing the web

117
Q

An attack that exploits the trust that a user’s web browser has in a website

A

XSS (cross-site scripting)

118
Q

An attack that exploits the trust that a website has in a user’s web browser

A

XSRF (cross-site request forgery)
AKA CSRF

119
Q

Occurs when an attacker forces a user to execute actions on a web server for which they are already authenticated

A

XSRF (cross-site request forgery)
AKA CSRF

120
Q

An attack in which an attacker sends a command to a web server through a user’s existing authenticated session.

A

XSRF (cross-site request forgery)
AKA CSRF

121
Q

4 ways to prevent XSRF (as the website programmer)

A

Require tokens (captcha)

Encryption

XML file scanning (scan any XML files sent to the server)

Cookie verification (require users to submit their cookies twice for verification)

122
Q

An attack consisting of the insertion or injection of an SQL query via input data from the client to a web application

A

SQL injection

123
Q

An attack that involves the insertion of additional information or code through data input from a client to an application

A

Injection attack

124
Q

The 4 most common languages used in injection attacks

A

SQL
HTML
XML
LDAP

125
Q

Which language is by far the most commonly used in injection attacks?

A

SQL

126
Q

What key is used before code to treat the code as executable even if it is written in quotes?

A

` (called escape character, backquote, etc.)

127
Q

How to prevent SQL injection (as a website programmer)

A

Input validation
Least privilege

128
Q

What is the number one best thing you can do to prevent any type of injection attack?

A

Input validation

129
Q

Anytime you see `OR 1=1 what type of attack is it? What should you do to prevent it?

A

SQL injection
Input validation

130
Q

XML data submitted without encryption or input validation is vulnerable to what 3 attacks?

A

Spoofing
Request forgery
Injection of arbitrary code

131
Q

A type of attack where XML encodes entities that expand to exponential sizes, consuming memory on the host and potentially crashing it

A

XML bomb
AKA Billion Laughs attack

132
Q

A way of representing data within an XML document without using the data itself

A

XML entity

133
Q

An attack that embeds a request for a local resource

A

XXE (XML eXternal Entity) attack

134
Q

An XXE attack is similar to what type of attack?

A

File inclusion

135
Q

A type of vulnerability that allows an attacker to include a file, usually exploiting a “dynamic file inclusion” mechanism implemented in the target application.

A

File inclusion vulnerability

136
Q

<?xml version=”1.0” encoding=”ISO-8859-1”?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM “file:///etc/shadow” >]>

<foo>&xxe;</foo>

This is an example of what type of attack?

A

XXE (XML eXternal Entity)

Note the inclusion of the file file:///etc/shadow. The attacker is trying to do a file inclusion through XML, which is an XXE attack.

137
Q

Best way to keep XML vulnerabilities from being exploited?

A

Input validation

138
Q

T/F: XML vulnerability, XML exploitation, and XML injection all mean the same thing

A

True

139
Q

Easily defineable traits different between XML and JavaScript/HTML?

A

HTML and JavaScript have defined tags.

In XML, you can make the tags say anything you want.

140
Q

Tags that say <font> or <image> are using what type of language?</image></font>

A

HTML

141
Q

Tags that say <question> <id> <type> <element> <entity> are using what type of language?</entity></element></type></id></question>

A

XML

142
Q

A software vulnerability when the resulting outcome from execution processes is directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer

A

Race condition

143
Q

A vulnerability found where multiple threats are attempting to write a variable or object at the same memory location

A

Race condition

144
Q

A software vulnerability that occurs when the code attempts to remove the relationship between a pointer and the thing it points to

A

Dereferencing

145
Q

Dirty COW is a type of what kind of exploit?

A

Race condition exploit

COW stands for Copy On Write
Allowed attackers to write to a file where they were only supposed to have read access

146
Q

The potential vulnerability that occurs when there is a change between when an app checked a resource and when the app used the resource

A

TOCTOU (Time of Check to Time of Use)
AKA TOCTTOU
AKA TOC/TOU

147
Q

TOCTOU stands for

A

Time of Check to Time of Use

148
Q

Difference between a race condition and TOCTOU vulnerability?

A

The race condition is when two processes attempt to access a resource at the same time.

TOCTOU is caused by a race condition, and it involves a piece of data changing between the time a process checks a piece of information and the time it uses the information.

149
Q

2 ways to prevent a TOCTOU vulnerability

A

Develop applications to process things in parallel rather than sequentially if possible

Implement a locking mechanism to provide an app or user exclusive access to a resource

150
Q

Vulnerabilities often arise from what?

A

General design of code

151
Q

Any code that is used or invoked outside the main program development process

A

Insecure components

152
Q

Code reuse
Third-party library
SDK (Software Development Kit)

These are all examples of outside code being brought in. What are they called? And what do they bring in?

A

Insecure components
Vulnerabilities

153
Q

Caused by any program that doesn’t properly record or log detailed enough information for an analyst to perform their job

A

Insufficient logging and monitoring

154
Q

Describes any program that uses ineffective credentials or configurations, or one in which the defaults have not been changed for security

A

Weak or default configurations

155
Q

2 best practices to secure configuration?

A

Utilize scripted installations
Use baseline configuration templates

156
Q

An attack in which the attacker takes over a web user’s session by obtaining the session ID and masquerading as the authorized user.

A

Session hijacking

157
Q

The insertion of malicious data, which has not been validated, into a HTTP response header.

A

Header manipulation

158
Q

The model used to explain network communications between a host and remote device over a LAN or WAN

A

OSI Model

159
Q

Please Do Not Throw Sausage Pizza Away stands for

A

The 7 layers of the OSI model

Physical
Data link
Network
Transport
Session
Presentation
Application

160
Q

What are the data units at the Physical layer?

A

Bits

161
Q

The OSI layer that represents the actual network cables and radio waves used to carry data over a network

A

Layer 1: Physical layer

162
Q

The OSI layer that describes how a connection is established, maintained, and transferred over the physical layer and uses physical addressing (MAC addresses)

A

Layer 2: Data link layer

163
Q

What are the data units at the Data link layer?

A

Frames

164
Q

The OSI layer that uses logical address to route or switch information between hosts, the network, and the internetworks

A

Layer 3: Network Layer

165
Q

What are the data units at the Network layer?

A

Packets

166
Q

The OSI layer that manages and ensures transmission of the packets occurs from a host to a destination using either TCP or UDP

A

Layer 4: Transport layer

167
Q

An example of a connectionful protocol

A

TCP

168
Q

An example of a connectionless protocol

A

UDP

169
Q

What are the data units at the Transport layer?

A

Segments (TCP)
Datagrams (UDP)

170
Q

The OSI layer that manages the establishment, termination, and synchronization of a session over the network

A

Layer 5: Session layer

171
Q

The OSI layer that translates the information into a format that the sender and receiver both understand

A

Layer 6: Presentation layer

172
Q

The OSI layer from which the message is created, formed, and originated. Consists of high-level protocols like HTTP, SMTP, and FTP

A

Layer 7: Application layer

173
Q

The attempt to overwhelm the limited switch memory set aside to store the MAC addresses for each port

A

MAC flooding

174
Q

Switch memory set aside to store the MAC addresses for each port

A

CAM (Content Addressable Memory) table

175
Q

CAM stands for

A

Content Addressable Memory

176
Q

What it’s called when, due to MAC flooding, a switch begins to act like a hub

A

Fail-open

177
Q

Occurs when an attacker masks their own MAC address to pretend they have the MAC address of another device

A

MAC spoofing

178
Q

MAC spoofing is used in conjunction to what other type of attack?

A

ARP spoofing

179
Q

Switches are vulnerable to what 3 type of attacks?

A

MAC spoofing
MAC flooding
Physical tampering

180
Q

Occurs when an attacker attempts to gain physical access to a device in order to modify it

A

Physical tampering

181
Q

The device used to connect two or more networks to form an internetwork

A

Router

182
Q

What layer of the OSI model do routers operate?

A

Layer 3: Network

They make their decisions based on IP addresses

183
Q

What layer of the OSI model do switches operate?

A

Layer 2: Data link

They make their decisions based on MAC addresses

184
Q

What kind of request does a router perform to find the destination host in the destination network?

A

ARP request

185
Q

An ordered set of rules that a router uses to decide whether to permit or deny traffic based upon given characteristics.

A

ACL (Access Control List)

186
Q

ACL stands for

A

Access Control List

187
Q

Most networks are segmented into 3 separate zones. What are they?

A

LAN
DMZ
WAN

188
Q

T/F: The tunnels used in HTTPS connections are a type of VPN

A

True

189
Q

A network segment that is focused on providing controlled access to publicly available servers that are hosted within your organizational network. It also separates the LAN from publicly accessed resources.

A

DMZ (Demilitarized Zone)

190
Q

A specialized type of DMZ that is created for your partner organizations to access over a WAN

A

Extranet

191
Q

A type of private network that is used when only one company is involved

A

Intranet

192
Q

Any host that accepts inbound connections from the internet

A

Internet-facing host

193
Q

What is the relationship between a LAN, DMZ, and WAN (the internet)?

A

The DMZ is the only network segment that is internet-facing, meaning that the resources in it are open and waiting for a connection. The DMZ holds publicly-accessed resources.

The internet would not be able to connect with machines in the LAN; they are NOT internet-facing. They have access to the internet, but since they are not waiting for a connection from the internet, they aren’t internet-facing.

194
Q

A network segment isolated from the rest of the private network by one or more firewalls that accepts connections from the Internet over designated ports

A

DMZ (Demilitarized zone)

195
Q

DMZ stands for

A

Demilitarized zone

196
Q

T/F: Everything behind the DMZ (the machines in the LAN) is invisible to the outside network

A

True

197
Q

T/F: Because systems inside the DMZ are internet-facing and thus not fully trusted, you should do your best to harden them.

A

True

198
Q

A host or server in the DMZ which are not configured with any services that run on the local network

A

Bastion host

199
Q

T/F: Every host inside a DMZ should be a bastion host

A

True

Bastion hosts are more easily hardened.

200
Q

A hardened server in the internal network that provides access to other hosts within the DMZ

A

Jumpbox

201
Q

Since hosts in the DMZ are not fully trusted, what type of internal network resource is used to configure hosts in the DMZ?

A

Jumpbox

They are extremely hardened and secure, so the risk is very small for attackers to infiltrate a jumpbox and pivot into the internal network

202
Q

A security technique in which devices are scanned to determine their current state of security prior to being allowed access onto a given network. While the devices are being scanned, they are placed into a virtual holding area.

A

NAC (Network Access Control)

203
Q

NAC stands for

A

Network Access Control

204
Q

What happens to a device if it passes the NAC examination?

A

It is allowed into the network

205
Q

What happens to a device if it fails the NAC examination

A

It is placed into digital quarantine where it awaits remediation

It may receive AV updates, patches, etc., but it can’t communicate with the rest of the network. Once it meets requirements, it’s allowed into the network.

206
Q

A piece of software that is installed on the device requesting access to the network. Works well in a corporate environment.

A

Persistent agent

207
Q

Software that NAC uses to scan devices before allowing them into the network

A

Persistent and Non-persistent agents

208
Q

A piece of software that scans a device remotely or is installed and subsequently removed after the scan

A

Non-persistent agent

209
Q

What does IEEE 802.1x define?

A

Port-based NAC mechanism

210
Q

When an attacker moves from VLAN to VLAN

A

VLAN hopping

211
Q

When an attacker configures their device to pretend it is a switch and uses it to negotiate a trunk link to break out of a VLAN

A

Switch spoofing

212
Q

The physical links between switches or between switches and routers

A

Trunk links

213
Q

4 ways to prevent switch spoofing?

A

Disable DTP (Dynamic Trunking Protocol) on all switches

Avoid default VLAN names

Explicitly forward frames

Place all unplugged ports into an unused VLAN

214
Q

DTP stands for

A

Dynamic Trunking Protocol

215
Q

A security protocol that allows two switches to negotiate whether to form a trunk link or not

A

DTP (Dynamic Trunking Protocol)

216
Q

When an attacker adds an additional VLAN tag to create an outer and inner tag

A

Double tagging

217
Q

How to prevent double tagging?

A

Move all ports out of the default VLAN group

218
Q

The act of creating subnetworks logically through the manipulation of IP addresses

A

Subnetting

219
Q

What security practice can:

Compartmentalize a network
Efficiently use IP addresses
Reduce broadcast traffic
Reduce collisions

A

Subnetting

220
Q

Occurs when two or more devices attempt to transmit data over a network at the same time

A

Network collision

221
Q

The process of changing an IP address while it transits across a router

A

NAT (Network Address Translation)

222
Q

NAT stands for

A

Network Address Translation

223
Q

What is used to hide internal network IPs?

A

NAT (Network Address Translation)

224
Q

Used when a router keeps track of requests from internal hosts by assigning them random high number ports for each request. The router uses a single public IP address that is used for every private IP address in the internal network. The router keeps track of which private IP is sending each request by assigning the port number.

A

PAT (Port Address Translation)

225
Q

The most common type of NAT

A

PAT (Port Address Translation)

226
Q

Which class of private IP addresses has the ranges:
10.0.0.0 - 10.255.255.255

A

Class A

227
Q

Which class of private IP addresses has the ranges:
172.16.0.0 - 172.31.255.255

A

Class B

228
Q

Which class of private IP addresses has the ranges:
192.168.0.0 - 192.168.255.255

A

Class C

229
Q

The loopback address in a TCP/IP network

A

127.0.0.1

230
Q

The term used to describe a device that provides voice communication to users

A

Telephony

231
Q

A device that could modulate digital information into an analog signal for transmission over a standard dial-up phone line

A

Modem

232
Q

When an attacker begins dialing random phone numbers to see whether a modem answers on the other side.

Servers used to have dial-up modems to allow remote technicians to dial into the server and make changes. This could be exploited by an attacker using this method.

A

War dialing

233
Q

How to protect dial-up resources from war dialing?

A

Using the callback feature

234
Q

A feature when a caller calls a dial-up server. The server hangs up and, if the server recognizes the phone number, it will call the number back and initiate the connection.

A

Callback feature

235
Q

Internal phone system used in large organizations. It runs all the internal phone lines for the company.

A

PBX (Private Branch Exchange)

236
Q

PBX stands for

A

Private Branch Exchange

237
Q

Why would an attacker try to exploit a PBX system?

A

Free long-distance phone calls

238
Q

Digital phone service provided by software or hardware services over a data network

A

VoIP (Voice over Internet Protocol)

239
Q

VoIP stands for

A

Voice over Internet Protocol

240
Q

What is replacing PBX systems?

A

VoIP

241
Q

What is the difference between a regular desk phone and an IP phone?

A

It takes a network cable instead of a phone cable

242
Q

What is the biggest concern for VoIP? Why?

A

QoS (Quality of service)

VoIP takes up a lot of bandwidth

243
Q

QoS stands for

A

Quality of Service

244
Q

A security software solution that can control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.

A

NAC (Network Access Control)

245
Q

T/F: A jumpbox is only used for configuration purposes

A

False

A jumpbox can be used in any situation in which communication is needed between trusted and untrusted devices/networks.

For example, if you need to connect vulnerable laptops to a secure network, you would implement a jumpbox system between them.

246
Q

T/F: NAC is used only for security compliance purposes

A

False

NAC also enforces policies that allow where users can go on the network and what they can do