Term
|
Definition
| The process of identifying the threats, vulnerabilities and impact of a loss of data or the ability to process the data. |
|
|
Term
| Other names for Risk Assessment? |
|
Definition
| Risk Analysis and Risk Calculation |
|
|
Term
|
Definition
| Annual Loss Expectancy - monetary measure of the loss that could be expected in a year. |
|
|
Term
|
Definition
| Single Loss Expectancy - monetary measure of a one time loss. |
|
|
Term
|
Definition
| Asset value - part of SLE. The actual value of what is at risk. |
|
|
Term
|
Definition
| Exposure Factor - part of SLE. What is the real threat of losing the asset. |
|
|
Term
|
Definition
| Annualized Rate of Occurrence - likelihood of an event occurring within a year. |
|
|
Term
| What is the formula for Risk Impact Calculation? |
|
Definition
|
|
Term
| What are the 3 tiers of risk management? |
|
Definition
Tier 1: organization level
Tier 2: mission/business process level
Tier 3: information system level |
|
|
Term
|
Definition
| International Organization for Standardization |
|
|
Term
|
Definition
| International Electrotechnical Commission |
|
|
Term
| What does FISMA stand for? |
|
Definition
| Federal Information Security Management Act |
|
|
Term
| What is NIST's responsibility? |
|
Definition
| NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems |
|
|
Term
|
Definition
| Office of Management and Budget |
|
|
Term
| What is included in a risk management process? |
|
Definition
1. Framing risk
2. Assessing risk
3. Responding to risk
4. Monitoring risk |
|
|
Term
|
Definition
| Risk is a measure of the extent to which an entity is threatened by a potential circumstance or event, and is typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence |
|
|
Term
| What does NIST stand for? |
|
Definition
| National Institute for Standards and Technology |
|
|
Term
| Name the 3 types of controls identified by NIST to respond to risk. |
|
Definition
- Management
- Operational
- Technical |
|
|
Term
| List the Management Control Type responsibilities |
|
Definition
- Risk Assessment
- Planning
- System and Services Acquisition
- Certification, Accreditation and Security Assessment |
|
|
Term
| List the Operational Control Type responsibilities |
|
Definition
- Personal Security
- Physical and Environmental Protection
- Contingency Planning
- Configuration Management
- Maintenance
- System and Information Integrity
- Media Protection
- Incident Response
- Awareness and Training |
|
|
Term
| List the Technical Control Type responsibilities |
|
Definition
- Identification and Authentication
- Access Control
- Audit and Accountability
- System and Communication Protection |
|
|
Term
|
Definition
| The on-going process of being prepared to deal with a situation when a risk becomes and event. |
|
|
Term
|
Definition
|
|
Term
| What are the 4 components of BIA? |
|
Definition
- Identify Critical Functions
- Prioritize Critical Business Functions
- Calculate a Time Frame for Critical Systems Loss
- Estimate the Tangible and Intangible Impact on the Organization. |
|
|
Term
|
Definition
- Authorization
- Authentication
- Access |
|
|
Term
|
Definition
| The process of determining is someone or something is, in fact, who or what it is declared to be. |
|
|
Term
| Of the 3 A's, which is the process of verifying the identification? |
|
Definition
|
|
Term
|
Definition
| The process of determining what a particular identity is allowed to do. |
|
|
Term
|
Definition
| The method to allow or deny access to various resources based on Authentication and Authorization. |
|
|
Term
| Which "A" determines "who"? |
|
Definition
|
|
Term
| Which "A" determines "what"? |
|
Definition
|
|
Term
| Which "A" determines "how"? |
|
Definition
|
|
Term
| What are 5 ways of authentication? |
|
Definition
1. Something you know (aka password)
2. Something you have (CAC)
3. Something you do (action on screen)
4. Something you are ... location
5. Something you are ... finger prints |
|
|
Term
| What are the 3 main types of authentication? |
|
Definition
1. Single factor
2. Mutual
3. Multi-factor |
|
|
Term
|
Definition
| Single Factor Authentication |
|
|
Term
|
Definition
|
|
Term
| What is Mutual Authentication? |
|
Definition
| When a server is authenticated in addition to the user. |
|
|
Term
| What is Multi-factor Authentication? |
|
Definition
| When 2 or more authentication methods are used. |
|
|
Term
| What 2 objects does an OS use to enforce network and resource access? |
|
Definition
|
|
Term
|
Definition
|
|
Term
| (T/F) A security token contains the rights and access privileges of a user account |
|
Definition
|
|
Term
| What are 4 ways to control access to network resources |
|
Definition
- MAC
- DAD
- RBAC (role)
- RBAC (rule) |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Discretionary Access Control |
|
|
Term
| What do the 2 types of RBAC stand for? |
|
Definition
| Rule and Role Based Access Control |
|
|
Term
|
Definition
| An access control solely managed by an administrator. |
|
|
Term
|
Definition
| Users can dynamically share resources with others. |
|
|
Term
| Which access control is used by Unix via Owner, Group, Other? |
|
Definition
|
|
Term
| Which access control is considered most secure? |
|
Definition
|
|
Term
| Which access control is considered inflexible? |
|
Definition
|
|
Term
| Which version of RBAC uses preconfigured security policies? |
|
Definition
| Rule Based Access Control. |
|
|
Term
|
Definition
| Rule Based Access Control |
|
|
Term
| (T/F) Rule and Role BAC are often used together. |
|
Definition
|
|
Term
| Give 5 examples of authentication protocols |
|
Definition
- PAP
- CHAP
- SPAP
- TOTP
- HOTP |
|
|
Term
|
Definition
| Password Authentication Protocol |
|
|
Term
| What does SPAP stand for? |
|
Definition
| Shiva Password Authentication Protocol |
|
|
Term
| What does CHAP stand for? |
|
Definition
| Challenge Handshake Authentication Protocol |
|
|
Term
| What does TOTP stand for? |
|
Definition
| Time-based One Time Protocol |
|
|
Term
| What does HOTP stand for? |
|
Definition
| HMAC-based One Time Protocol |
|
|
Term
|
Definition
| - not used because it sends username/password in the clear |
|
|
Term
|
Definition
| Same as PAP, but encrypts the username/password. But uses the same reversibly encrypted form. So its susceptible to replay attack. Record the password, then resend the password to login. |
|
|
Term
| What is the replay attack? |
|
Definition
| Attacker captures packets and replays them to gain access to the network. |
|
|
Term
|
Definition
| An authentication protocol where it periodically verifies the identity of the client by using a 3-way handshake verification process. (More like a 3-step handshake - SYN, ACK, ACK-ACK, also known as TCP handshake) |
|
|
Term
| What does HMAC stand for? |
|
Definition
| Hash-based Message Authentication Code |
|
|
Term
| (T/F) TOTP uses a secret key |
|
Definition
|
|
Term
| (T/F) HOTP uses a secret key |
|
Definition
|
|
Term
|
Definition
|
|
Term
| (T/F) TOTP uses a hash function |
|
Definition
|
|
Term
| What are the 7 authentication services? |
|
Definition
- RADIUS
- TACACS+
- XTACACS
- LDAP
- Secure LDAP
- SAML
- Kerberos |
|
|
Term
| What does RADIUS stand for? |
|
Definition
| Remote Authentication Dial-In User Service |
|
|
Term
|
Definition
| An authentication service where a server authenticates the user via username/password. It is a single-point of entry for a private network |
|
|
Term
| Which authentication service provides centralized management for all remote connections? |
|
Definition
|
|
Term
| (T/F) RADIUS server is not used anymore because it was originally used for dial-up service. |
|
Definition
|
|
Term
| What does TACACS+ stand for? |
|
Definition
| Terminal Access Controller Access-Control System |
|
|
Term
| What does XTACACS stand for? |
|
Definition
| Extended Terminal Access Controller Access-Control System |
|
|
Term
| Which authentication service allows credentials to be accepted from multiple methods? |
|
Definition
|
|
Term
| (T/F) TACACS+ accepts credentials from Kerberos |
|
Definition
|
|
Term
| What authentication service replaced TACACS? |
|
Definition
|
|
Term
| What additional services is provided by XTACACS over TACACS? |
|
Definition
| Combines authentication with authorization and added logging for auditing. |
|
|
Term
| What does LDAP stand for? |
|
Definition
| Light-weight Directory Access Protocol |
|
|
Term
|
Definition
| An authentication service where a standardized protocol is used to store information on users, systems, networks, etc. |
|
|
Term
| What does LDAPS stand for? |
|
Definition
|
|
Term
|
Definition
| LDAP where communication is encrypted using SSL/TLS |
|
|
Term
|
Definition
|
|
Term
| What port does LDAPS use? |
|
Definition
|
|
Term
| What is the most popular authentication service used today? |
|
Definition
|
|
Term
| What does SAML stand for? |
|
Definition
| Security Assertion Markup Language |
|
|
Term
|
Definition
| An XML based open-standard data format for exchanging authentication and authorization data |
|
|
Term
| Which authentication service is used for single-sign on capability from a browser? |
|
Definition
|
|
Term
| Which authentication service is used for single sign-on for networks? |
|
Definition
|
|
Term
|
Definition
| An authentication service where a user is given a token. This token is provided to a server (KDC). The KDC authenticates and provides a service token. |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
| What is the lifespan of a TGT |
|
Definition
|
|
Term
| What is the lifespan of a service ticket? |
|
Definition
|
|
Term
| What is one of the most popular authentication services? |
|
Definition
|
|
Term
| What is "Least privilege"? |
|
Definition
| Granting users with the least amount of privileges to do their job |
|
|
Term
| What does "separation of duties" mean? |
|
Definition
Providing levels of permissions and privileges, such as:
- System Administrator
- local administrator
- regular users
- restricted users |
|
|
Term
| What is "time of day restrictions"? |
|
Definition
| Restricting users to login within a timeframe, such as 9-to-5. |
|
|
Term
|
Definition
| Refers to the IEEE 802.11 standard for defining communication over wireless LAN. |
|
|
Term
| (T/F) 802.11x allows authentication at the central authority instead of the WAP |
|
Definition
|
|
Term
|
Definition
| An operating system that meets government requirements for security. |
|
|
Term
|
Definition
| Common Criteria is a document listing the common set of security standards for a Trusted OS. |
|
|
Term
| The CC is a joint effort between which countries? |
|
Definition
| US, UK, Germany, France, Netherlands, and Canada |
|
|
Term
|
Definition
| Evaluation Assurance Levels. 7 evaluation criteria in the CC |
|
|
Term
|
Definition
| System operates correctly, security threats not considered serious |
|
|
Term
|
Definition
- Good design practices from product developers
- Security not a priority |
|
|
Term
|
Definition
| Conscientious development to establish moderate levels of security |
|
|
Term
|
Definition
- Requires security engineering based on good commercial development practices
- Common benchmark for commercial systems |
|
|
Term
| Most operating systems, such as, Apple OS, Windows, and Linux OS are certified at what EAL? |
|
Definition
| EAL4+ (EAL4 with some aspects of EAL5) |
|
|
Term
|
Definition
- Security engineering has been implemented from early design of the OS
- Requires special design considerations |
|
|
Term
|
Definition
- High level of specialized security engineering
- Provides strong protection from penetration attackers |
|
|
Term
|
Definition
- Intended for extremely high levels of security
- Requires extensive measuring and independent testing of every component |
|
|
Term
| What are the 4 layers of TCP/IP? |
|
Definition
1. Application
2. Transport
3. Internet
4. Network access |
|
|
Term
| What TCP/IP layer are HTTP and SMTP located? |
|
Definition
|
|
Term
| What TCP/IP layer are TCP and UDP located? |
|
Definition
|
|
Term
| What TCP/IP layer are IP, ARP, and ICMP located? |
|
Definition
|
|
Term
| What TCP/IP layer deals with hardware? |
|
Definition
|
|
Term
| Which TCP/IP layer is also known as the host-to-host layer? |
|
Definition
|
|
Term
| What protocol name is "connectionless"? |
|
Definition
| UDP - User Datagram Protocol |
|
|
Term
| What does ICMP stand for? |
|
Definition
| Internet Control Message Protocol |
|
|
Term
|
Definition
| Address Resolution Protocol |
|
|
Term
| How many ports does TCP/IP provide? |
|
Definition
|
|
Term
|
Definition
|
|
Term
| What port is used by FTP? |
|
Definition
|
|
Term
| What port is used by Telnet? |
|
Definition
|
|
Term
| What port is used by SMTP? |
|
Definition
|
|
Term
| What port is used by TACACS? |
|
Definition
|
|
Term
| What port is used by HTTPS? |
|
Definition
|
|
Term
| What port is used by POP3? |
|
Definition
|
|
Term
| What port is used by IMAP? |
|
Definition
|
|
Term
| What are Well-Known ports? |
|
Definition
- 0-1024
- reserved for specific protocols and services
- do not use these except for well-known services, such as port 143 for IMAP only |
|
|
Term
| What are Registered ports? |
|
Definition
- 1024-49151
- reserved for specific services |
|
|
Term
| What are Dynamic or Private ports? |
|
Definition
- 49152-65535
- Used for custom or temporary purposes |
|
|
Term
|
Definition
| device that isolates one network from another |
|
|
Term
| What are the 3 main firewall functions? |
|
Definition
- packet filter
- proxy firewall
- stateful packet inspection |
|
|
Term
| What is a Packet filter firewall? |
|
Definition
- allows/denies based on port
- can just drop the packet or send rejection notification packet |
|
|
Term
| What is a Proxy firewall? |
|
Definition
- intermediary between 2 networks
- receives request, if allowed, re-packages and forwards
- hides internal IP |
|
|
Term
| (T/F) Proxy firewall hides the internal IP address |
|
Definition
|
|
Term
| (T/F) Proxy firewalls are more costly and complex than other solutions |
|
Definition
|
|
Term
| (T/F) Proxy firewalls usually use just 1 NIC |
|
Definition
| F, proxy firewalls usually use 2 NICs (Network Interface Cards) |
|
|
Term
| What is a dual-homed network? |
|
Definition
- proxy firewall
- 2 NICs
- 1 NIC for private network
- 1 NIC for public network |
|
|
Term
| (T/F) Proxy firewalls often provide caching where data is returned from memory and the request never leaves the server |
|
Definition
|
|
Term
| (T/F) Packet filter firewall is considered stateless |
|
Definition
|
|
Term
| (T/F) Proxy firewall is considered stateless |
|
Definition
|
|
Term
|
Definition
| Stateful Packet Inspection |
|
|
Term
|
Definition
- remembers aspects of the traffic
- makes decision based on previous occurrences
- may require complex configuration
- if unsolicited packet comes from unknown IP, firewall rejects it. But if the request came from internal/private network for the same unknown IP, then the subsequent response will be allowed to enter |
|
|
Term
|
Definition
| Another name for SPI firewall |
|
|
Term
|
Definition
| device that connects 2 or more networks |
|
|
Term
| What is the difference between a Switch and a Router |
|
Definition
| Router connects networks. Switch creates networks. |
|
|
Term
|
Definition
| server that acts as an intermediary for requests from clients seeking resources from other servers |
|
|
Term
| How is a proxy server commonly implemented? |
|
Definition
|
|
Term
| What are some other services that a proxy server provides? |
|
Definition
- caching commonly accessed resources
- filtering incoming/outgoing requests
- load balancing |
|
|
Term
|
Definition
| Intrusion Detection System - software that monitors network traffic activity |
|
|
Term
| What are the 4 types of IDS's? |
|
Definition
- Behavior-based IDS
- Signature-based IDS
- Anomaly-based IDS
- Heuristic IDS |
|
|
Term
| What type of IDS will detect unusual high traffic? |
|
Definition
|
|
Term
| What type of IDS will detect policy violations? |
|
Definition
|
|
Term
| What does MD-IDS stand for? |
|
Definition
| Misuse Intrusion Detection System |
|
|
Term
| What type of IDS is used to look at attach signatures and audit trails? |
|
Definition
|
|
Term
| What is an Anomaly-based IDS? |
|
Definition
| An IDS that looks for out of the ordinary things, deviated from a baseline. |
|
|
Term
|
Definition
| An IDS that uses an algorithm to analyze traffic |
|
|
Term
|
Definition
| Intrusion Protection System |
|
|
Term
| (T/F) An IPS takes IDS to the next level |
|
Definition
|
|
Term
|
Definition
| Performs IDS functionality, then takes action to block the offending traffic |
|
|
Term
| (T/F) An IDS can drop packets to prevent traffic |
|
Definition
|
|
Term
|
Definition
| Unified Threat Management |
|
|
Term
|
Definition
A device that provides a firewall, plus:
- network intrusion prevention
- gateway anti-virus scans
- gateway anti-spam functionality
- VPN
- content filtering
- load balancing
- reporting |
|
|
Term
| What are some advantages of a UTM? |
|
Definition
- reduced complexity of using a single box/single vendor
- simplicity of single software install and maintenance
- simplified management of plug-n-play
- web-based GUI management
- lower training required
- meets most security requirements |
|
|
Term
| What are some disadvantages of a UTM? |
|
Definition
- single point of failure
- single point of compromise
- traffic may exceed UTM's capability |
|
|
Term
| (T/F) Advantages of UTM outweigh the disadvantages |
|
Definition
|
|
Term
| What is a protocol analyzer? |
|
Definition
- usually software
- used to capture and analyze traffic on a network |
|
|
Term
|
Definition
|
|
Term
| (T/F) Protocol analyzers can be used by hackers to collect intrusion information |
|
Definition
|
|
Term
| What is the best defense against a sniffer? |
|
Definition
|
|
Term
| (T/F) You will still be able to see from/to IP addresses of encrypted data. |
|
Definition
|
|
Term
| What's another name for "layered security"? |
|
Definition
|
|
Term
| What are some of the network security levels? |
|
Definition
- Physical Security
- Data Security
- Network Design/Structure Security |
|
|
Term
| What are some examples of Physical Security? |
|
Definition
| guards, protected passwords, 2-factor authentication, card readers |
|
|
Term
| What are some examples of Data Security? |
|
Definition
- Authorization/Authentication
- Encryption
- Tunneling |
|
|
Term
| What are some examples of Network Design/Structure Security? |
|
Definition
|
|
Term
|
Definition
|
|
Term
| What's another name for DMZ? |
|
Definition
|
|
Term
| (T/F) A DMZ is a separate network |
|
Definition
|
|
Term
| (T/F) A DMZ is on the private network |
|
Definition
| F, it is neither totally on the private or the public network. |
|
|
Term
| (T/F) A DMZ protects against internal threats |
|
Definition
|
|
Term
| (T/F) Routers of a VLAN will not pass broadcasts to other network segments |
|
Definition
|
|
Term
| (T/F) Hosts can be in a VLAN segment regardless of physical location on the network. |
|
Definition
|
|
Term
|
Definition
| Virtual Local Area Network, where hosts can be logically/virtually separated into groups on a network via software within a router. |
|
|
Term
| (T/F) VLANs offer a layer of security |
|
Definition
|
|
Term
| (T/F) NAT is a function of a firewall |
|
Definition
|
|
Term
|
Definition
Client request -> src=192.168.1.154/dest=72.6.8.10 -> Firewall -> src=123.123.1.2/dest=72.6.8.10 -> Destination
Destination sends response -> src=72.6.8.10/dest=123.123.1.2 -> Firewall -> src=72.6.8.10/dest=192.168.1.154 |
|
|
Term
| List some examples of malware types. |
|
Definition
- spyware
- adware
- rootkits
- trojan horses
- logic bombs
- backdoors
- botnets
- ransomeware |
|
|
Term
| What is the difference between spyware and adware? |
|
Definition
| They both can be just benign and just install marketing information, but spyware can install information collection to capture your passwords. |
|
|
Term
|
Definition
| malware that executes when a predefined event occurs. |
|
|
Term
| What is a "zombie" computer? |
|
Definition
| When a malware is installed onto a computer and receives instructions from some other computer. |
|
|
Term
|
Definition
| A computer that controls "zombie" computers. |
|
|
Term
|
Definition
| A form of spyware that takes control of a system and demands payment before the system can be unlocked. |
|
|
Term
| What are the 8 common viruses? |
|
Definition
- Armored
- Companion
- Macro
- Multipartite
- Phage
- Polymorphic
- Retro
- Stealth |
|
|
Term
| What is an Armored virus? |
|
Definition
- Made to be difficult to detect
- Made to prevent examination of code
- May include decoys to make analysis difficult |
|
|
Term
| What is an Companion virus? |
|
Definition
- Attaches itself to a legitimate program and when launched, creates a new program with a different extension.
- May make Registry changes |
|
|
Term
|
Definition
- Exploits enhancement programmability to certain applications (i.e.. macros in MS Word and Excel)
- Fastest growing exploitation |
|
|
Term
| What is an Multipartite virus? |
|
Definition
- attacks in multiple ways, such as, boot sector, executables, applications, ...
- continues to do damage, while you deal with one aspect of the virus |
|
|
Term
|
Definition
- Modifies other programs
- Can affect databases |
|
|
Term
| What is an Polymorphic virus? |
|
Definition
- Can change form to avoid detection
- May encrypt itself to avoid detection |
|
|
Term
| What's the term used when a virus can change itself or encrypt itself? |
|
Definition
|
|
Term
|
Definition
- Attacks or bypasses the anti-virus software installed on your computer.
- Attempts to destroy the anti-virus definitions |
|
|
Term
| What is an Stealth virus? |
|
Definition
- Masks itself to avoid detection
- May attach itself to the boot sector
- May move itself from file to file during virus scan to avoid detection |
|
|
Term
| What is the number one cause of failure for anti-virus software to detect an infection? |
|
Definition
|
|
Term
| What are the 10 types of attacks? |
|
Definition
- DOS
- Spoofing
- Pharming
- Phishing
- Xmas
- Man-in-the-middle
- Replay
- Smurf
- Privilege Escalation
- Password |
|
|
Term
|
Definition
| Makes resources so busy that authorized users cannot make requests. |
|
|
Term
| What is a Spoofing attack? |
|
Definition
| - Capturing and modifying data on its way to a destination |
|
|
Term
| What's another name for Spoofing? |
|
Definition
|
|
Term
| What is a Pharming attack? |
|
Definition
| Traffic intended to one host is redirected to another host |
|
|
Term
| What is a Phishing attack? |
|
Definition
- Requesting information by making a request look legitimate
- A form of social engineering. |
|
|
Term
|
Definition
- Phishing directed to a group or person
- Messages that appear from a trusted source. |
|
|
Term
|
Definition
| VOIP version of Phishing. |
|
|
Term
|
Definition
- attack using nmap (network mapping utility)
- firewall/open port attack |
|
|
Term
| What is "Man-in-the-middle" attack? |
|
Definition
- rogue router or software placed between a server and a host
- forwards data to attacker |
|
|
Term
|
Definition
- data is captured and replayed later.
- for example, capture a user's username/password, then later that evening, replay it to login. |
|
|
Term
|
Definition
- spoof target computer's IP and begin issuing broadcast using that IP
- network becomes overloaded |
|
|
Term
| What is a Privilege Escalation attack? |
|
Definition
| - attacker gains more privilege than they should have |
|
|
Term
| (T/F) Privilege Escalation attack is usually associated with a backdoor |
|
Definition
|
|
Term
| What is a Password attack? |
|
Definition
| when an account is attacked repeatedly in order to crack the password |
|
|
Term
| What are 5 variations of the Password attack? |
|
Definition
- Brute-Force attack
- Dictionary attack
- Hybrid attack
- Birthday attack
- Rainbow attack |
|
|
Term
| What is a Brute-Force attack? |
|
Definition
- type of Password attack
- attacker guesses passwords until successful |
|
|
Term
| What is a Dictionary attack? |
|
Definition
- type of Password attack
- similar to Brute-Force attack
- attacker uses dictionary words to guess password until successful |
|
|
Term
|
Definition
- type of Password attack
- combination of Brute-Force and Dictionary attack |
|
|
Term
| What is a Birthday attack? |
|
Definition
- type of Password attack
- attempt to create the same hash used in the authentication process
- statistically speaking, the more people you have in the room, the likelihood of people with the same hash gets higher |
|
|
Term
| What is a Rainbow attack? |
|
Definition
- type of Password attack
- Compares values in an existing table of hashed phrases or words to a password hash |
|
|
Term
| What is the most dangerous and difficult security risk to identify and control? |
|
Definition
|
|
Term
| What is a Client-side attack? |
|
Definition
| attacks on a client machine, usually malware |
|
|
Term
| What is "Typo Squatting"? |
|
Definition
| Registering domain names that are common misspellings of valid URLs |
|
|
Term
|
Definition
|
|
Term
| What is a "Watering Hole" attack? |
|
Definition
| Poisoning a site that is frequently visited, such as, hosted email sites |
|
|
Term
| What is a "Transitive Access" attack? |
|
Definition
| Takes advantage of transitive access (A trusts B and B trusts C, therefor A trusts C). Attacks on C now has access to A & B, not just B. |
|
|
Term
| (T/F) Transitive access can be granted to domains |
|
Definition
|
|
Term
| What are the 9 examples of application attacks? |
|
Definition
- XSS
- SQL Injection
- LDAP Injection
- XML Injection
- Directory Traversal/Command Injection
- Buffer Overflow
- Integer Overflow
- Zero-day Exploits
- Cookies and Attachments |
|
|
Term
|
Definition
|
|
Term
|
Definition
| - attacker injects client side code into a web page |
|
|
Term
|
Definition
- SQL is injected into data that is entered on a webpage
- data is sent to database and run as SQL, not entered as data. |
|
|
Term
| What is "LDAP Injection"? |
|
Definition
| Similar to SQL Injection, but using LDAP code injection |
|
|
Term
|
Definition
| Similar to SQL Injection, but using XML path queries. |
|
|
Term
| What is Directory Traversal/Command Injection attack? |
|
Definition
- Attacker gains access to restricted directories, such as the root directory
- Injecting OS commands into requested data. |
|
|
Term
| What is a Buffer Overflow attack? |
|
Definition
| Sending more data than a program is capable of accepting |
|
|
Term
| (T/F) When an application errors due to Buffer Overflow attack, the error message can contain private information |
|
Definition
|
|
Term
| What is an Integer Overflow attack? |
|
Definition
| Similar to Buffer Overflow, but sending an integer that's too large. |
|
|
Term
| What is a Zero-day Attack? |
|
Definition
| Attack on a security hole before a patch is released. |
|
|
Term
| (T/F) Zero-day attack occurs often with web browsers |
|
Definition
|
|
Term
| What is a Cookies/Attachments attack? |
|
Definition
| Additional information saved to be retrieved later. This data can be exploited later. |
|
|
Term
| List 4 wireless networking standards |
|
Definition
- 802.11a
- 802.11b
- 802.11g
- 802.11n |
|
|
Term
|
Definition
- Frequency: 5 GHz
- Speed: up to 54 Mbps
- Max range: 150 feet
- Required WAP and NIC be 802.11a compliant |
|
|
Term
| (T/F) 802.11a was widely accepted |
|
Definition
| F, not widely accepted due to the range limitation of 150 ft |
|
|
Term
| (T/F) 802.11a was the first standard for wireless networking |
|
Definition
|
|
Term
| What are the 802.11b specs? |
|
Definition
- Frequency: 2.4 GHz
- Speed: 11 Mbps
- Max range: 300 feet |
|
|
Term
| What are the 802.11g specs? |
|
Definition
- Frequency: 2.4 GHz
- Speed: 54 Mbps
- Max range: 300 feet |
|
|
Term
| (T/F) 802.11g is backward compatible with 802.11a |
|
Definition
| F, it's compatible with 802.11b |
|
|
Term
| What does MIMO stand for? |
|
Definition
| Multiple In, Multiple Out |
|
|
Term
|
Definition
- Frequency: 2.4 and 5 GHz
- Speed: Theoretical 600 Mbps, Normal 100 Mbps
- Max range: 300 feet
- Supports MIMO with multiple antennas |
|
|
Term
| (T/F) 802.11n is backward compatible with 802.11g, 802.11b, and sometimes 802.11a |
|
Definition
|
|
Term
| List 3 wireless encryption types. |
|
Definition
|
|
Term
|
Definition
- Wireless Access Point
- Wireless Application Protocol |
|
|
Term
|
Definition
| Wired Equivalency Privacy |
|
|
Term
| (T/F) WEP is highly used today |
|
Definition
| F, extremely vulnerable to attack |
|
|
Term
|
Definition
- 40 bit encryption
- some vendors provided 104 bit encryption |
|
|
Term
|
Definition
|
|
Term
| (T/F) WPA is widely used today |
|
Definition
|
|
Term
|
Definition
- Addressed security of WEP
- Has weaknesses
- Added user authentication
- Uses TKIP
- Based on 802.1x and EAP
- Depends on authentication server, like RADIUS |
|
|
Term
| What does TKIP stand for? |
|
Definition
| Temporal Key Integrity Protocol |
|
|
Term
|
Definition
| Extensible Authentication Protocol |
|
|
Term
|
Definition
- Wifi Protected Access 2
- Uses AES |
|
|
Term
| (T/F) WPA is currently the most secure wireless networking protocol |
|
Definition
|
|
Term
| What is Wireless Application Protocol? |
|
Definition
- wireless data transmission standard designed to provide wireless networking for wireless devices
- TCP/IP for wireless devices
- Uses WML
- Uses WMLScript |
|
|
Term
|
Definition
- Wireless Markup Language
- HTML for wireless devices |
|
|
Term
|
Definition
| - Scripting language for wireless devices |
|
|
Term
|
Definition
- Protocol for wireless networks
- Expands on PPP authentication
- Used to connect computer to Internet |
|
|
Term
|
Definition
|
|
Term
|
Definition
- EAP-TLS
- EAP-PSK
- EAP-MD5
- LEAP
- PEAP |
|
|
Term
| What does LEAP stand for? |
|
Definition
|
|
Term
| (T/F) LEAP is preferred over PEAP |
|
Definition
|
|
Term
| What does PEAP stand for? |
|
Definition
|
|
Term
|
Definition
| An authentication protocol that establishes an encrypted channel between the server and client |
|
|
Term
| What is considered the strongest version of EAP? |
|
Definition
|
|
Term
| What are the 5 main wireless attack types? |
|
Definition
- Rogue access point
- Jamming
- Interference
- Evil twin
- Replay attack |
|
|
Term
| What is a Rogue Access Point attack? |
|
Definition
- unauthorized Wireless Access Point
- used for man-in-the-middle attack |
|
|
Term
| What's the difference between Jamming and Interference? |
|
Definition
| Interference is unintentional |
|
|
Term
|
Definition
| A rogue access point used for phishing attacks |
|
|
Term
| What is Application Hardening? |
|
Definition
| Ensuring Applications are updated and configured correctly for secure operation. |
|
|
Term
| What are the 3 database tier models? |
|
Definition
- One tier: db and apps on one server
- Two tier: apps on client machine, and db on a server
- Three tier: client, server, db machines |
|
|
Term
| What are the 3 types operating system patches? |
|
Definition
- Service Pack
- Patch
- Hotfix |
|
|
Term
|
Definition
- Cumulative updates designed to correct known issues
- Should be tested before applied.
- Should be applied as soon as possible |
|
|
Term
|
Definition
- Provides additional functionality or non-urgent fix
- Often optional |
|
|
Term
|
Definition
- urgent fix for security flaw
- not optional
- apply ASAP |
|
|
Term
| (T/F) Application level updates are kept more up to date than OS level updates |
|
Definition
|
|
Term
| What does OWASP stand for? |
|
Definition
| Open Web Application Security Project |
|
|
Term
| What does CERT stand for? |
|
Definition
| Computer Emergency Response Team |
|
|
Term
| (T/F) The entire network is only as strong as its weakest host |
|
Definition
|
|
Term
| What are the 2 ways to establish and maintain security? |
|
Definition
- keep hosts updated with malware protection
- keep hosts at an established security baseline |
|
|
Term
|
Definition
|
|
Term
| What are 5 file permission levels? |
|
Definition
- Full Control
- Modify
- Read and Execute
- Read
- Write |
|
|
Term
| What does Full Control on a file mean? |
|
Definition
| - Read, Write, Execute, Modify, and assign permissions to other users |
|
|
Term
| What is the one additional permission assigned to folders? |
|
Definition
|
|
Term
| What's another name for security baseline? |
|
Definition
| Performance baseline, and sometimes, software baseline |
|
|
Term
| What is a Security Baseline Analyzer? |
|
Definition
| a software tool that scans computers and creates security report |
|
|
Term
| (T/F) Users should have minimum required permissions |
|
Definition
| T (note the word "required") |
|
|
Term
| What does DHCP stand for? |
|
Definition
| Dynamic Host Control Protocol |
|
|
Term
| (T/F) DHCP is an authenticated protocol |
|
Definition
|
|
Term
|
Definition
|
|
Term
| What are 3 main attacks on a DNS? |
|
Definition
- DOS
- Network Footprinting
- DNS Poisoning |
|
|
Term
|
Definition
- Compromising record integrity
- changing DNS names to point to wrong IPs |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Domain Name System Security Extensions. It is additional protocol added to DNS to add security. It adds authentication, data integrity, and authenticated denial of existence |
|
|
Term
|
Definition
|
|
Term
| What does IETF stand for? |
|
Definition
| Internet Engineering Task Force |
|
|
Term
|
Definition
|
|
Term
| What does it mean to "Authorize" a DHCP server |
|
Definition
| To enable DHCP on that server. Also known as "Activating" a DHCP server. |
|
|
Term
| How can fault tolerance be implemented? |
|
Definition
- Data backups
- Data management (e.g.. RAID)
- Clustering
- Load Balancing |
|
|
Term
| What is the most important part of a PC? |
|
Definition
|
|
Term
| What does RAID stand for? |
|
Definition
| Redundant Array of Independent Disks |
|
|
Term
| (T/F) RAID is always hardware based |
|
Definition
| F, it can be hardware or software based |
|
|
Term
|
Definition
- offers striping
- not fault tolerant |
|
|
Term
|
Definition
|
|
Term
|
Definition
| When data is broken up into separate blocks and written to multiple disks at the same time. Makes for fast writing. Also known as disk striping |
|
|
Term
|
Definition
- offers disk mirroring
- is fault tolerant |
|
|
Term
| What's it the disadvantage of RAID 1? |
|
Definition
| Unable to use full purchased disk space because half is used for fault tolerance. |
|
|
Term
| Is RAID 1 fault tolerant? |
|
Definition
|
|
Term
|
Definition
- offers striping with parity
- 3 or more disks |
|
|
Term
| How many disks, at a minimum, are in RAID 5? |
|
Definition
|
|
Term
| What are the different clustering modes? |
|
Definition
- Active clustering
- Passive clustering |
|
|
Term
| What is Active clustering? |
|
Definition
- All nodes in the cluster are providing services
- If one node fails, the other node provides all services
- Performance may be reduced until failed node is back online |
|
|
Term
| What is Passive clustering |
|
Definition
- Only one node provides services
- Other node provides services if active node fails |
|
|
Term
| (T/F) clustering can be expensive due to knowledge and attention |
|
Definition
|
|
Term
| What are the 3 types of backup? |
|
Definition
- Full backup
- Differential backup
- Incremental backup |
|
|
Term
|
Definition
Every file has an archive bit set to 0 or 1.
0 means the data has been backed up and has not been modified since the last backup. 1 means it has been modified since the last backup |
|
|
Term
| Which type of backup takes the longest? |
|
Definition
|
|
Term
| Which type of backup is easiest to use for data recovery? |
|
Definition
|
|
Term
|
Definition
| All files are backed up and archive bits set to 0 |
|
|
Term
| What is a Differential backup? |
|
Definition
| Makes a copy of all files that have been modified since the last full backup. Looks for the archive bit set to 1. |
|
|
Term
| (T/F) Differential backup requires a full backup. |
|
Definition
|
|
Term
| (T/F) Differential backup sets the archive bit back to 0 |
|
Definition
|
|
Term
| (T/F) Full backup sets the archive bit back to 0 |
|
Definition
|
|
Term
| (T/F) If a full backup was done on Sunday, and a daily differential backup is performed, and a failure occurs on Thursday morning, restoring the full backup and Wednesday's differential will recover all data. |
|
Definition
|
|
Term
| (T/F) As more and more modifications occur, each differential backup gets bigger and takes longer. |
|
Definition
|
|
Term
| (T/F) An Incremental backup does not need a full backup. |
|
Definition
| F, a full backup needs to be performed to create the baseline for incremental backups. |
|
|
Term
| What is an Incremental backup? |
|
Definition
| Makes a copy of all files that have been modified since the last full backup. Looks for the archive bit set to 1. |
|
|
Term
| (T/F) An Incremental backup sets the archive bit back to 0 |
|
Definition
|
|
Term
| (T/F) If a full backup was done on Sunday, and a daily incremental backup is performed, and a failure occurs on Thursday morning, restoring the full backup and Wednesday's incremental will recover all data. |
|
Definition
| F, need to restore full, then each incremental backup since the full backup |
|
|
Term
| Which backup type is the fastest? |
|
Definition
|
|
Term
| Which backup type is the slowest and most complex recovery type? |
|
Definition
|
|
Term
| What are the 4 types of clouds? |
|
Definition
- Private
- Public
- Community
- Hybrid |
|
|
Term
| Which organization defined the cloud types? |
|
Definition
|
|
Term
| (T/F) A private cloud can be on or off premise |
|
Definition
|
|
Term
| (T/F) A private cloud does not need to be internet based |
|
Definition
| T, it could consist of an organization's internal networks. |
|
|
Term
|
Definition
| A cloud infrastructure dedicated to the organization and not shared with others. |
|
|
Term
| (T/F) Private clouds are more vulnerable to security issues than Public clouds |
|
Definition
|
|
Term
|
Definition
| Cloud infrastructure made available to the general public. |
|
|
Term
| What is a Community cloud? |
|
Definition
| Multiple organizations sharing a cloud infrastructure due to common needs. |
|
|
Term
|
Definition
| Composition of 2 or more cloud types (private, public, community) |
|
|
Term
| Which cloud type requires the most administrative overhead and security? |
|
Definition
|
|
Term
| What are the 3 cloud based service models defined by NIST? |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| Software as a Service where software is runnable via a cloud service. |
|
|
Term
|
Definition
| Platform as a Service where applications are deployed onto a cloud infrastructure. |
|
|
Term
| (T/F) PaaS allows cloud infrastructure to be managed |
|
Definition
|
|
Term
| (T/F) PaaS allows for applications to be managed |
|
Definition
|
|
Term
| (T/F) SaaS allows for applications to be managed. |
|
Definition
|
|
Term
|
Definition
| Infrastructure as a Service where cloud services, such as, processing, storage, and networks are provisioned. |
|
|
Term
| (T/F) IaaS allows operating systems and arbitrary applications to be managed by the cloud |
|
Definition
|
|
Term
| (T/F) In IaaS, the customer manages the cloud infrastructure |
|
Definition
| F, customer does not manage any cloud infrastructure. In IaaS, the cloud provisions services. The infrastructure is still managed by the cloud provider. |
|
|
Term
| What are the 2 main security concerns with cloud computing? |
|
Definition
- multi-tenancy
- laws and regulations |
|
|
Term
| Explain multi-tenancy concerns. |
|
Definition
- different clients' data co-exist on the same machine
- data separation controlled by configuration of cloud infrastructure
- so your data could be at risk by other clients or by cloud provider
- you must also protect your data from other cloud consumers |
|
|
Term
| Explain laws and regulation concerns pertaining to the cloud. |
|
Definition
- cloud consumer retains the responsibility for legal compliance
- cloud removes a lot of control over your data |
|
|
Term
| (T/F) Cloud consumer retains the responsibility for legal compliance |
|
Definition
|
|
Term
| (T/F) Cloud provider retains the responsibility for legal compliance |
|
Definition
|
|
Term
| (T/F) Data placed in the cloud should be backed up locally |
|
Definition
|
|
Term
| What is Social Engineering? |
|
Definition
| Exploiting the trusting nature of people to gain information or access |
|
|
Term
| (T/F) Social engineering can be done over email. |
|
Definition
|
|
Term
| What are the 7 common social engineering attack types. |
|
Definition
- shoulder surfing
- dumpster diving
- tailgating
- impersonation
- hoaxes
- whaling
- vishing |
|
|
Term
| (T/F) Shoulder surfing includes reading information on desks. |
|
Definition
|
|
Term
| (T/F) Green initiatives can increase exposure of secure data. |
|
Definition
| T, like putting secure documents for recycling instead of burning. |
|
|
Term
| (T/F) Impersonation can be in person or via email. |
|
Definition
|
|
Term
| What's the difference between Vishing and phishing over the phone? |
|
Definition
| - VOIP has no caller ID, tracing, or other land-line related features. (may not be true, but this is what the exam says) |
|
|
Term
| What is the best defense against social engineering? |
|
Definition
|
|
Term
| With respect to social engineering, what is "consensus" or "social proof"? |
|
Definition
- playing on people's desire to be right
- overly polite or encouraging |
|
|
Term
| With respect to social engineering, what is "scarcity"? |
|
Definition
| Convincing someone to act quickly due to limited opportunity. |
|
|
Term
| With respect to social engineering, what is "urgency"? |
|
Definition
| - similar to scarcity but with respect to time. |
|
|
Term
| With respect to social engineering, what is "familiarity"? |
|
Definition
- mental guards are lowered when you like someone.
- you like someone because they compliment you or do you favors.
- you like someone with common interests, common job aspects, etc |
|
|
Term
| With respect to social engineering, what is "trust"? |
|
Definition
- Providing information, assistance, or service that implies reciprocation is proper.
- I do something for you, then you should do something for me. |
|
|
Term
| What protocol is used by FTP? |
|
Definition
|
|
Term
| What protocol is used by SSH? |
|
Definition
|
|
Term
| What protocol is used by SFTP? |
|
Definition
|
|
Term
| What protocol is used by SCP? |
|
Definition
|
|
Term
| What protocol is used by TFTP? |
|
Definition
|
|
Term
| What protocol is used by FTPS? |
|
Definition
|
|
Term
| What protocol is used by SMTP? |
|
Definition
|
|
Term
| What protocol is used by POP3? |
|
Definition
|
|
Term
| What protocol is used by IMAP4? |
|
Definition
|
|
Term
| What protocol is used by Telnet? |
|
Definition
|
|
Term
| What protocol is used by TACACS? |
|
Definition
|
|
Term
| What protocol is used by TACACS+? |
|
Definition
|
|
Term
| What protocol is used by SSL? |
|
Definition
|
|
Term
| What protocol is used by L2TP? |
|
Definition
|
|
Term
| What protocol is used by PPTP? |
|
Definition
|
|
Term
| What protocol is used by RDP? |
|
Definition
|
|
Term
| What protocol is used by DNS? |
|
Definition
|
|
Term
| What protocol is used by DHCP? |
|
Definition
|
|
Term
| What protocol is used by HTTP? |
|
Definition
|
|
Term
| What protocol is used by HTTPS? |
|
Definition
|
|
Term
| What protocol is used by Kerberos? |
|
Definition
|
|
Term
| What protocol is used by NNTP? |
|
Definition
|
|
Term
| What protocol is used by SNMP? |
|
Definition
|
|
Term
| What protocol is used by LDAP? |
|
Definition
|
|
Term
| What port is used by SSH? |
|
Definition
|
|
Term
| What port is used by SFTP? |
|
Definition
|
|
Term
| What port is used by SCP? |
|
Definition
|
|
Term
| What port is used by TFTP? |
|
Definition
|
|
Term
| What port is used by FTPS? |
|
Definition
|
|
Term
| What port is used by L2TP? |
|
Definition
|
|
Term
| What port is used by PPTP? |
|
Definition
|
|
Term
| What port is used by RDP? |
|
Definition
|
|
Term
| What port is used by DNS? |
|
Definition
|
|
Term
| What port is used by DHCP? |
|
Definition
|
|
Term
| What port is used by DHCP? |
|
Definition
|
|
Term
| What port is used by Kerberos? |
|
Definition
|
|
Term
| What port is used by NNTP? |
|
Definition
|
|
Term
| What port is used by NNTP? |
|
Definition
|
|
Term
| What port is used by SNMP? |
|
Definition
|
|
Term
|
Definition
| Physical security where a locked door allows a person to enter, but the exit door is also a locked door and will not unlock until entrance door is closed and the person is authorized |
|
|
Term
|
Definition
| Science of altering data to make it unreadable to anyone who does not possess the decryption method |
|
|
Term
|
Definition
| Method used to hide characters to hide their value |
|
|
Term
|
Definition
| Process of using a cipher |
|
|
Term
|
Definition
| Process of hiding a message in a medium, such as digital image, audio, or other file |
|
|
Term
| What is symmetric cryptography? |
|
Definition
| Data is encrypted and decrypted based on the same secret key |
|
|
Term
| What type of cryptography is where both sender and receiver have the same key? |
|
Definition
|
|
Term
| What types of ciphers are used by symmetric cryptography |
|
Definition
|
|
Term
| What's the difference between block and stream ciphers |
|
Definition
| block works on data chunks. stream works on each bit. |
|
|
Term
| Which type of cryptography is faster to encrypt/decrypt? |
|
Definition
|
|
Term
| (T/F) Symmetric cryptography is not as strong as asymmetric cryptography. |
|
Definition
| F, it's just as strong, but not as secure. |
|
|
Term
| (T/F) Symmetric cryptography is not as secure as asymmetric cryptography. |
|
Definition
|
|
Term
| What is asymmetric cryptography? |
|
Definition
| Uses 2 keys. One for encryption and the other for decryption. Keys are known as public and private keys. Sender and receiver have different keys. |
|
|
Term
| What are the 3 characteristics of a cryptographic hash? |
|
Definition
- must be one way
- variable length input produces fixed length output
- algorithm must have few or no collisions |
|
|
Term
| What is a hashing algorithm collision? |
|
Definition
| 2 different inputs create the same output |
|
|
Term
|
Definition
| Public Key Infrastructure |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption |
|
|
Term
|
Definition
| Registration Authority, not Recovery Agent |
|
|
Term
|
Definition
| PKI role that assures valid and correct registration. Sometimes called a subordinate CA |
|
|
Term
|
Definition
|
|
Term
|
Definition
| A third party that can provide entity (person/business providing PKI certificate) information on behalf of the CA |
|
|
Term
| (T/F) The private key is always used to encrypt and the public key is always used to decrypt |
|
Definition
| F, if public key encrypts and private key decrypts, then it is a key exchange operation. if private key encrypts and public key decrypts, its a digital signature operation |
|
|
Term
|
Definition
| authentication and confidentiality |
|
|
Term
|
Definition
| Certificate Revocation List |
|
|
Term
| (T/F) The CRL can have suspended and expired certificates |
|
Definition
|
|
Term
| What is a Recovery Agent? |
|
Definition
| live person a couple people that recover lost keys. |
|
|
Term
| (T/F) Recovery Agent is mandatory |
|
Definition
| F, if key is lost, just need to add it to the CRL and a new key created. |
|
|
Term
|
Definition
- Agency or key archival system where copy or copies of your private key(s) are kept
- May have several databases containing parts of the private key
- Not available to Recover Agent.
- Available for law enforcement with warrant |
|
|
Term
| (T/F) Key Escrow is mandatory |
|
Definition
|
|
Term
| (T/F) Digital certificates verify the owner of the private key |
|
Definition
| F, verifies owner of public key |
|
|
Term
|
Definition
| Verifies the key owner's identity and sends it to the CA to issue the certificate |
|
|
Term
| What is the set of standards for PKI? |
|
Definition
|
|
Term
| What is the current version for X.509 certificates? |
|
Definition
|
|
Term
| What is the current version for X.509 CRL? |
|
Definition
|
|
Term
| What's in a X.509 certificate? |
|
Definition
- digital signature
- version
- serial number
- signature algorithm ID
- issuer name
- validity period
- subject name
- subject public key information
- issuer unique identifier
- subject unique identifier |
|
|
Term
|
Definition
| Certificate Signing Request |
|
|
Term
| (T/F) The RA can issue certificates to offload the workload from the CA |
|
Definition
| F, only the CA can issue certificates |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
| (T/F) SSL uses asymmetric and symmetric encryption |
|
Definition
| T, asymmetric to establish connection, then symmetric for communication |
|
|
Term
|
Definition
|
|
Term
|
Definition
| software based encryption |
|
|
Term
|
Definition
| hardware based encryption |
|
|
Term
| What does it mean to have a NIC in "promiscuous" mode? |
|
Definition
| NIC reads every packet even if its not addressed to that NIC |
|
|
Term
| What are the 2 Event logs in Windows? |
|
Definition
| Application and Security logs |
|
|
Term
| What are 6 main aspects of the OS to harden. |
|
Definition
- Services
- Management Tools/Applications
- Software
- Patches
- User Access Control
- File system |
|
|
Term
|
Definition
| computer system designed to be attacked |
|
|
Term
| What are 2 forms of detection-style security? |
|
Definition
|
|
Term
|
Definition
- often used interchangeably with honey-pot
- used to slow attack, not contain attack |
|
|
Term
| What are 2 legal considerations of using a honey-pot? |
|
Definition
|
|
Term
| (T/F) Enticement is legal in the US |
|
Definition
|
|
Term
| (T/F) Entrapment is legal in the US |
|
Definition
|
|
Term
| What is a false positive? |
|
Definition
| An alert that is not a security issue |
|
|
Term
| What is a false negative? |
|
Definition
| No alert that should have been |
|
|
Term
| What are the 3 classifications of information? |
|
Definition
- Public
- Private or Internal
- Restricted |
|
|
Term
| What is Limited Distribution? |
|
Definition
| Public information except for some of it. |
|
|
Term
| What does Full Distribution mean? |
|
Definition
| Public information made available to the general public |
|
|
Term
| What is Restricted Information? |
|
Definition
| Information that could seriously damage an organization if disclosed. |
|
|
Term
| What are the 3 concepts concerning information access? |
|
Definition
- Confidentiality
- Integrity
- Availability |
|
|
Term
|
Definition
- Confidentiality
- Integrity
- Availability |
|
|
Term
|
Definition
- Health Insurance Portability and Accountability Act
- Mandates standards and procedures for the storage, use, and transmission of personal medical information |
|
|
Term
| What is the Gramm-Leach-Bliley Act? |
|
Definition
- Also known as the Financial Modernization Act of 1999
- Requires financial institutions to develop privacy notices and to notify customers that they are entitled to privacy
- Can't release info w/o customer permission |
|
|
Term
| What is the Computer Fraud and Abuse Act? |
|
Definition
- Allows FBI to prosecute hackers, spammers, and others like terrorists.
- Protects government and financial institutions from intrusion |
|
|
Term
| What is the Family Educational Rights and Privacy Act? |
|
Definition
- Prevents educational institutions from releasing information to unauthorized parties without the student's or student's parents permission (only if minor)
- institution must disclose student records to the student |
|
|
Term
| What is the Computer Security Act of 1987? |
|
Definition
- Requires Federal agencies to identify and protect systems that store sensitive information
- Provide regular training for employees.
- Provide audits to protect data privacy |
|
|
Term
| What is the Cyberspace Electronic Security Act? |
|
Definition
| Gives law enforcement the right to gain access to encryption keys and cryptography methods |
|
|
Term
| What is the Cyber Security Enhancement Act? |
|
Definition
| Allows Federal agencies access to ISPs and other data transmission facilities to monitor communications of individuals suspected of committing computer crimes using the Internet. |
|
|
Term
|
Definition
- The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001
- Gives the US Government extreme latitude in pursuing criminals who commit terrorist acts. |
|
|
Term
| What is an Interoperability Agreement |
|
Definition
| Agreements between multiple companies working together to determine things like data ownership and data management responsibilities |
|
|
Term
| What are the 4 documents that need to be in an Interoperability Agreement? |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| Memorandum of Understanding |
|
|
Term
|
Definition
| Interconnection Security Agreement |
|
|
Term
|
Definition
| Defines the level of service provided |
|
|
Term
|
Definition
- Usually applies to Government agencies
- Agreement for ongoing purchases and services between Government agencies and private companies |
|
|
Term
|
Definition
| A brief summary of the responsibilities of each company |
|
|
Term
|
Definition
| Documents the technical requirements of the connected systems |
|
|
Term
| What is meant by Storage Segmentation? |
|
Definition
- Storing data in separate storage areas.
- Makes encryption faster and more efficient |
|
|
Term
| What is meant by Device Access Control? |
|
Definition
| Limiting the number of devices provided to employees. |
|
|
Term
|
Definition
|
|
Term
| (T/F) Disaster Recovery Plan is part of the BCP |
|
Definition
|
|
Term
|
Definition
| Incident Response Policies |
|
|
Term
| What are the 5 steps in an Incident Response? |
|
Definition
- Identify
- Investigate
- Repair
- Document
- Procedural Adjustments |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Maximum amount of time a resource can be down |
|
|
Term
| What does MTBF stand for? |
|
Definition
| Mean Time Between Failure |
|
|
Term
|
Definition
| Life expectancy of hardware |
|
|
Term
| What does MTTR stand for? |
|
Definition
| Mean Time to Restore or Repair |
|
|
Term
|
Definition
| How long it takes to repair |
|
|
Term
| What are the 3 things in an SLA? |
|
Definition
|
|
Term
|
Definition
| It's an agreement between vendors as to responsibilities of source code |
|
|
Term
| What are 3 classifications of security testing? |
|
Definition
- Black box
- White box
- Gray box |
|
|
Term
| What is Black Box Testing? |
|
Definition
| Tester has no knowledge of the system and functions like an outside attacker |
|
|
Term
| What is White box testing? |
|
Definition
- Tester is familiar with the system
- Similar to rogue employee |
|
|
Term
| What is Gray box testing? |
|
Definition
| Tester has limited knowledge of the system |
|
|
Term
| What are 2 ways of security testing? |
|
Definition
- Non-intrusive
- Intrusive |
|
|
Term
| What is Non-intrusive testing? |
|
Definition
- passive testing
- non-disruptive
- weaknesses not exploited |
|
|
Term
| What is intrusive testing? |
|
Definition
- identify and exploit weaknesses
- systems are penetrated
- not done during normal operations |
|
|
Term
|
Definition
| Nonrepudiation is the assurance that someone cannot deny something. Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. |
|
|
