Term
| What is a Deauthentication Attack? |
|
Definition
| Sending specially crafted traffic to both a wireless client and an access point in the hopes of causing them to deauthenticate and disconnect. |
|
|
Term
|
Definition
| An initialization Vector attack involves attempting to break WEP keys by targeting their weak IV's |
|
|
Term
| The minimum password age setting is used for what? |
|
Definition
| to force users to have a password for a minimum amount of time before they can change it so they can't rapidly cycle through them and use an old password. |
|
|
Term
| What is MTTF? and what does it imply? |
|
Definition
the Mean Time to Failure is the length of time a device is expected to last in operation.
Only a single, definitive failure will occur and will require that device to be replaced rather than be repaired. |
|
|
Term
| What are the steps in the Incident Response Life Cycle? |
|
Definition
1. Preparation
2. Detection & Analysis
3. Containment
4. Eradication
5. Recovery
6. Post Incident Activity |
|
|
Term
| How do Threats effect Elements of Risk? |
|
Definition
| By exploiting Vulnerabilities. |
|
|
Term
|
Definition
| A False Reject Rate is a type 1 error caused by Rejecting an Authorized user |
|
|
Term
|
Definition
| A False Acceptance Rate is a type 2 error caused by Authorizing an un-authorized user. |
|
|
Term
| What can Content Filters do? |
|
Definition
| Scan content as it leaves the network, checking for certain types of content that has been pre-specified within the software (Block personal emails etc). |
|
|
Term
| 99.99% availability accounts for how much downtime per year? |
|
Definition
52 minutes.
.0001 x (365 x 24 x 60) |
|
|
Term
|
Definition
| Layer Two Tunneling Protocol aligns to TCP port 1701, allowing secure remote access to a system through a VPN Connection (i.e HTTP over SSL is 443) |
|
|
Term
| A double-blind test implies what? |
|
Definition
| that Testers have no prior knowledge of the network and the defenders have no prior knowledge of the test and aren't aware of any attacks unless they can detect & defend against them. |
|
|
Term
| both ____ and ____ protocols are used to encrypt traffic sent over untrusted networks, such as the internet. |
|
Definition
| Transport Layer Security (TLS) & Secure Sockets Layer (SSL) |
|
|
Term
| what driver will work correctly, but also might perform other, malicious actions? |
|
Definition
|
|
Term
| DES is what and how many rounds of encryption does it perform? |
|
Definition
| The Data Encryption Standard, it performs 16 rounds of encryption on Plaintext. |
|
|
Term
| IMAPS is a secure version of what protocol used over SSL and TLS? |
|
Definition
|
|
Term
| As Security Increases, ____ Decreases |
|
Definition
|
|
Term
| As Resources Decrease, both ___ & ____ Decrease |
|
Definition
| Functionality and Security |
|
|
Term
| What takes place at the security requirements stage of the Sec Dev model? |
|
Definition
| Requirements gathering, analysis, & diagram development |
|
|
Term
| Risk Assesment means evaluating what? |
|
Definition
|
|
Term
|
Definition
| Online Certificate Status Protocol is used to obtain the revocation status of digital certificates |
|
|
Term
| Credential Validation is what part of AAA? |
|
Definition
|
|
Term
|
Definition
| Password Authentication Protocol is an older auth method that passes passwords and usernames in Cleartext |
|
|
Term
| What does a Deterrent Control do? |
|
Definition
| It keeps someone from performing a malicious act, provided that he or she knows the control is there and is aware of the consequences. |
|
|
Term
| When information is converted to an unreadable state using Cryptography, what is it called? |
|
Definition
|
|
Term
| what is LDAP and what port does it use? |
|
Definition
Lightweight Directory Access Protocol - TCP 389
known as a directory or phonebook of your network resources |
|
|
Term
| Pharming is an example of what? |
|
Definition
| A form of DNS attack that redirects a websites traffic to another, fake site. |
|
|
Term
|
Definition
| a secure version of the non-secure FTP protocol and is used over SSL & TLS. SFTP is the same but uses SSH. |
|
|
Term
|
Definition
| Elliptic Curve Diffie-Hellman is a key exchange protocol used in public key cryptography. It is used to negotiate, agree upon, and establish a secure session between two parties. |
|
|
Term
| ____ is the 2nd iteration of the Secure Hashing Algorithm and is used to generate message digests for plaintext |
|
Definition
|
|
Term
| What systems are used to control and manage heating, ventilation, air-conditioning & other types of industrial & environmental systems? |
|
Definition
| SCADA - Supervisory control and data acquisition. |
|
|
Term
|
Definition
| Pretty Good Privacy - commonly used between individuals or small groups and normally does not require a PKI. Uses a web of trust model, which means that each individual has to be able to trust every other individual who uses PGP to encrypt or decrypt data sent & received by them. |
|
|
Term
| Kerberos helps prevent what kind of attacks? |
|
Definition
| Replay Attacks. It uses tickets and timestamps. |
|
|
Term
| WEP Keys use how many bits? |
|
Definition
64 & 128. (40 bit key, 24 bit Initialization Vector)
(104-bit and 24 bit IV).
802.11 used 64-bit. |
|
|
Term
| ___ uses RC4 streaming protocol and weak IV's (24-bits) to encrypt data on wireless networks |
|
Definition
|
|
Term
| What do government entities use as more formal document than an MOU? |
|
Definition
| ISA's. Interconnection Service Agreement |
|
|
Term
| What is the initialization vector size of TKIP? |
|
Definition
|
|
Term
| Why does examining MAC addresses on filtering logs not be a good method for detecting unauthorized (rogue) hosts connected to a network? |
|
Definition
| because MAC Addresses can be spoofed and filtering logs may not provide any indication of whether a host is authorized or not. |
|
|
Term
| What is the simplest method of testing for disaster recovery? |
|
Definition
|
|
Term
| Signage should indicate the location and route to emergency evac exits, and not what? |
|
Definition
|
|
Term
| What is an example of a Trusted OS? |
|
Definition
SELinux
Windows 7
MAC OS X 10.6 |
|
|
Term
| What is normally required to convert and read coded messages? |
|
Definition
|
|
Term
|
Definition
| It separates applications from one another and does not allow them to share execution, user, or data space. |
|
|
Term
| Networks are typically separated for security purposes either ____ or ____ or both. _____ separation involves separating them through segmented IP Subnetworks. |
|
Definition
Physically or Logically.
Logical separation. |
|
|
Term
|
Definition
| Recovery Point Objective - the maximum allowable amount of data in terms of time that the organization can afford to lose during a disaster or incident. |
|
|
Term
| To encrypt data that Dawn can decrypt using public and private key pairs, Bob would need what to encrypt data that only her private key can decrypt? |
|
Definition
|
|
Term
| What Cloud is operated by a third-party who leases space to anyone who needs it? |
|
Definition
|
|
Term
|
Definition
Cipher Block Chaining.
adds initialization vector to a key to ensure that the output block is uniquely different. |
|
|
Term
|
Definition
Cipher Feedback
Takes the IV and encrypts, then XORs the output to the first block |
|
|
Term
|
Definition
| Plaintext that is converted into 16, 64, or 128-bit binary ciphertext |
|
|
Term
| In what type of disaster recovery test do team members go through the motions of fulfilling responsibilities and conducting the activities required during an actual incident or disaster? |
|
Definition
|
|
Term
| If a user keeps getting new privileges yet nothing is turned off, what could this imply? |
|
Definition
| Privilege Creep - the gradual accumulation of access rights beyond what an individual needs to do his job. |
|
|
Term
| A Layer _ switch can help interconnect multiple VLANs because it supports inter-vlan routing |
|
Definition
|
|
Term
| What system of trust involves the use of a common authentication system and credentials database that multiple entities use and share? |
|
Definition
| A Federated System of Trust |
|
|
Term
| a ________ isn't a trust relationship, it is a method to handle trust for certificates. |
|
Definition
|
|
Term
| What 2 things are a cryptographic representation of variable length text, but are not the text itself? |
|
Definition
| A Hash and Message Digest. |
|
|
Term
| What form of 802. is a port-based authentication method? |
|
Definition
|
|
Term
|
Definition
| Rivest-Shamir-Adleman is the most common public-private key generation algorithm used in Public Key Cryptography. It is used to generate public and private key pairs. |
|
|
Term
| What does Inculpatory Evidence prove? |
|
Definition
|
|
Term
| What does exculpatory Evidence prove? |
|
Definition
|
|
Term
| What can be established through effective security controls and well-written service-level agreements in a cloud environment? |
|
Definition
| Accountability & Responsibility |
|
|
Term
| What type of attack targets relational databases that reside behind web applications? |
|
Definition
|
|
Term
| What type of attack targets directory services databases, such as those used in X.500 implementations? |
|
Definition
|
|
Term
| What technique is used to change weak keys to stronger ones by feeding them into an algorithm to produce an enhanced key? |
|
Definition
|
|
Term
| What involves sending individual characters of a key through an algorithm and using mathematical XOR function to change the output? |
|
Definition
|
|
Term
|
Definition
| a symmetric algorithm that was one of the five finalists for the government competition for the new AES standard. But did not win. |
|
|
Term
| What uses labels and security clearances to grant access to objects? |
|
Definition
| Mandatory Access Control (MAC) |
|
|
Term
| What is saved and used by load balancers to maintain a connection between a specific client and a specific server, i.e session affinity |
|
Definition
|
|
Term
|
Definition
| A Security Identifier is a unique number assigned to each individual user account. it's never used, even when an account is deleted and re-created. UIDs and GIDs are for linux and unix system users and groups. |
|
|
Term
|
Definition
| Access Control Entry - is a unique entry in an ACL that describes a users permissions for accessing objects. |
|
|
Term
| What type of analysis cannot identify patterns alone and requires other data and event sources to identify Trends & Patterns? |
|
Definition
|
|
Term
| What type of analysis involves looking at data from various sources, including device logs, to identify patterns over a period of time. |
|
Definition
|
|
Term
| Quantitative and Qualitative are examples of ____ |
|
Definition
| Risk Assessment Techniques |
|
|
Term
| To provide continuous power in case of a disaster or incident, what would you need? |
|
Definition
|
|
Term
| Disabling ICMP will prevent what? |
|
Definition
| Security issues caused by having Ping and Traceroute Enabled. |
|
|
Term
| What backups apply to entire systems and are used to back up files that have changed since the last full backup? |
|
Definition
| Differential and Incremental |
|
|
Term
|
Definition
| Diffie-Hellman Exchange - a key negotiation and agreement protocol used in public key cryptography. |
|
|
Term
|
Definition
Elliptic Curve Cryptography - a public key cryptography protocol that can be used on small mobile devices because of its low power and computing requirements.
creates a smaller key than RSA with the same security and increased performance |
|
|
Term
| What is Containerization? |
|
Definition
| The process of virtualizing the operating system. Containers often use storage and segmentation to separate sensitive personal data. |
|
|
Term
| ____ is not used in public key cryptography |
|
Definition
|
|
Term
| What involves a third-party that holds a special third key in addition to your private and public key pair? |
|
Definition
|
|
Term
|
Definition
Common Access Control card.
Used by the D.O.D. as a specific form of personal identification verification (PIV) |
|
|
Term
| What is a low-cost solution that enables encrypted e-mail messages? |
|
Definition
|
|
Term
|
Definition
| Mean Time to Recovery is the amount of time it takes for a hardware component to recover from a failure. |
|
|
Term
| in what type of test do the testers have no knowledge of the details about the network configuration, but defenders are aware of their presence? also referred to as a blind-test |
|
Definition
|
|
Term
| What are the steps of Identification in terms of Incident Response? |
|
Definition
1. Recognize Incident
2. Reports from users
3. Check Monitoring tools
4. watch alerts and logs
5. Assess the impact
6. Define who's involved |
|
|
Term
| What are the steps of Containment in terms of Incident Response? |
|
Definition
1. Mitigate Damage
2. Stop the Attack
3. Segregate the network
4. Shutdown the system
5. Turn off a service |
|
|
Term
| What are the steps of Eradication in terms of incident response? |
|
Definition
1. Remove the malware
2. Close off Vulnerabilities.
3. Add new controls |
|
|
Term
| What are the steps of recovery in terms of incident response? |
|
Definition
Restore from backups
Pull from snapshots
Hire replacement personnel
Monitor to ensure good operations |
|
|
Term
| What is the Chain of Custody for digital forensics? |
|
Definition
1. Define the Evidence
2. document the collection method
3. date/time collected
4. person(s) handling the evidence
5. Function of person handling evidence
6. All locations of the evidence |
|
|
Term
| What is the processes of Forensic Data Acquisition? |
|
Definition
1. Capture system image
2. network traffic & logs
3. Capture Video
4. Take Hashes
5. take screenshots
6. interview witnesses
7. track man hours |
|
|
Term
| What are the four types of Threats? |
|
Definition
Adversarial - hacker, malware
Accidental - User or Admin Mistake
Structural - PSU Dies, Equipment failure
Environmental - Disasters, fires, etc |
|
|
Term
|
Definition
| Challenge Handshake Protocol - Uses password hashes and challenge methods to authenticate to the system. |
|
|
Term
|
Definition
self-contained applications that can communicate with network resources that have been explicitly allowed.
They run isolated instances of programs and services and can depend on each other or be configured to communicate with each other on a single host |
|
|
Term
|
Definition
| it is an authentication tool for DNS that prevents MIM attacks, not an encryption method. |
|
|
Term
| What is the Waterfall method in regards to secure code development? |
|
Definition
Requirements
Design
Implementation
Verification
Maintenance |
|
|
Term
|
Definition
| Automation tools, change management, baselining, consideration for VM setup and system variations. |
|
|
Term
| What is a Stored Procedure in terms of coding? |
|
Definition
| Reuse of a code module that is called from within the program to perform a repetitive action. |
|
|
Term
| Third party libraries for coding should be considered as what? |
|
Definition
|
|
Term
| Code can be executed how? |
|
Definition
| With a .exe file on a machine, or directly from a web site that is coded as a runtime application |
|
|
Term
| What are the 7 Social Engineering Principles? |
|
Definition
| Authority, Intimidation, Consensus, Scarcity, Familiarity, Trust, and Urgency |
|
|
Term
|
Definition
Acceptable Use Policy
Defines what a person can and cannot do when using company assets. |
|
|
Term
| What does Data Classification define? |
|
Definition
| The importance or nature of the data |
|
|
Term
| What does an Access Control Policy define? |
|
Definition
- How to get access to data or resources
- What type of data users have access to
|
|
|
Term
| What does a Password Policy Define? |
|
Definition
- Password Recovery
- Bad Login
- Password Retention
- Password Reuse
|
|
|
Term
| What is BIA and what are the processes? |
|
Definition
Business Impact Analysis
- Determine Mission Processes
- Identify critical systems
- Single point-of-failure
- Identify resource requirements
- Identify recovery priorities
|
|
|
Term
|
Definition
Privacy Impact Assessment
What will be impacted if Privacy is compromised. |
|
|
Term
|
Definition
Privacy Threshold Assessment
to help avoid privacy impact issues by running an assessment on Privacy data.
|
|
|
Term
| What can measure Impact on a business? |
|
Definition
| Property/equipment, asset loss, productivity cost, and financial effect. |
|
|
Term
|
Definition
Business Partners Agreement
- Primary Entities
- Time Frame
- Financial Issues
- Management
|
|
|
Term
|
Definition
Service Level Agreement
- Service to be provided
- Minimum up-time
- Response Time
- Start & End Date
|
|
|
Term
|
Definition
Interconnection Security Agreement
from (NIST 800-47)
1. Statement of Requirements
why and who is interconnecting?
2. System Security Considerations
What info is connecting?
Where is the info going?
What services are involved?
What encryption is needed?
3. Topological Drawing
4. Signature Authority.
Most ISA's are reinforced with an MOU
|
|
|
Term
|
Definition
Memorandum of Understanding/Agreement
1. Purpose of the interconnection
2. Relevant Authorities
3. Specify the responsibilities
4. Define the terms of the agreement
5. Termination/Reauthorization |
|
|
Term
|
Definition
| way to store certificates as individual files |
|
|
Term
|
Definition
| certificates and private keys as a package |
|
|
Term
|
Definition
| Passwords, PIN codes, Captcha, Security Questions |
|
|
Term
|
Definition
| Smart Card or RSA Key (or token) |
|
|
Term
|
Definition
| Biometrics (fingerprint scanners, facial recognition, etc) |
|
|
Term
|
Definition
| Typing rhythm for password entry, etc (how you do something) |
|
|
Term
|
Definition
| Validation based on location (credit card fraud, etc) |
|
|
Term
|
Definition
| Known systems establishing trust through other trusted systems |
|
|
Term
| What is NIDS? and what are the 4 methods of detection? |
|
Definition
Network Intrusion Detection System
it is passive and typically is out-of-band
1. Behavioral/Anomaly
2. Signature-based
3. Rule-based
4. Heuristic - Combines anomaly and signature |
|
|
Term
|
Definition
Network Intrusion Prevention System
Active\inline
typically in-band
|
|
|
Term
| What is a Collector in regards to Network Intrusion Detection/Prevention? |
|
Definition
| It stores data from sensors/monitors into a collective database to be analyzed. |
|
|
Term
| What are Correlation engines? |
|
Definition
| the tools that check for behavioral anomalies and other methods of network intrusion detection |
|
|
Term
|
Definition
| a packet sniffer for network monitoring that plugs directly between a switch, firewall, and network monitoring tool |
|
|
Term
| What are the 5 Secure OS Types? |
|
Definition
Server Operating Systems
Workstations
Embedded Systems (appliance)
Kiosk
Mobile OS |
|
|
Term
| What is SIEM and the 3 terms related to it? |
|
Definition
Security Information and Event Management
Aggregation and Correlation
Normalization |
|
|
Term
|
Definition
| an intelligent device designed to do a specific task or process |
|
|
Term
|
Definition
| Industrial Control System |
|
|
Term
| What key is used for nonrepudiation? |
|
Definition
|
|
Term
|
Definition
the ability to ensure that a party cannot deny the authenticity of their signature on a message or document.
to repudiate means to deny. |
|
|
Term
| What are 2 examples of Secure Hashing Algorithms? |
|
Definition
|
|
Term
| What are 2 examples of Symmetric encryption Algorithms? |
|
Definition
|
|
Term
| What type of poisoning involves modifying inappropriate entries in a system cache that stores an IP address corresponding to a MAC address? |
|
Definition
| ARP Poisoning spoofs MAC addresses by adding false entries into the hosts ARP cache |
|
|
Term
|
Definition
| A collision occurs when two pieces of plaintext are hashed and produce identical hashes. |
|
|
Term
| What is a security reason to perform a site survey to identify Rogue Access Points? |
|
Definition
| Rogue APs can be used to get onto a network and bypass security controls such as firewalls. |
|
|
Term
|
Definition
Maximum Tolerable Downtime
Indicates how long an asset may be down or offline without seriously impacting the organization. |
|
|
Term
|
Definition
| an attacker attempting to take control of or use a bluetooth enabled device to place calls |
|
|
Term
|
Definition
| the act of sending unsolicited messages or files to a bluetooth device |
|
|
Term
|
Definition
| unauthorized access to information on a bluetooth device |
|
|
Term
|
Definition
| Reverse Address Resolution Protocol - it resolves MAC addresses to IP addresses instead of vise-versa |
|
|
Term
| What is a security issue but is not specific to any application? |
|
Definition
|
|
Term
| What should be used when connecting to untrusted networks such as wifi at hotel? |
|
Definition
|
|
Term
| What port does the IKE Protocol use for the SA setup within IPsec? |
|
Definition
| the Internet Key Exchange protocol uses port number 500 for the Security Association setup within ipsec. |
|
|
Term
| A term used to identify an authentication scheme that involves both sides of the communication authenticating is: |
|
Definition
|
|
Term
| Implicit Deny means that: |
|
Definition
| Anything that is not specifically allowed is denied by default. |
|
|
Term
|
Definition
a Host-based Intrusion Detection System
it monitors local system activity and logs for indications of an attack |
|
|
Term
| If Bob sends a message to Sue, what is used to encrypt the message? |
|
Definition
|
|
Term
|
Definition
| a type of DDOS attack where large amounts of ICMP ping packets are sent from a spoofed ip address on the network to the network broadcast address (victims ip). possibly causing a denial of service. |
|
|
Term
| What is used to verify the integrity of a message? |
|
Definition
|
|
Term
What are 3 valid 5.0 Risk Management Strategies?
|
|
Definition
| Transference, Mitigation, and Acceptance |
|
|
Term
| What does Insurance mean in relation to Risk? |
|
Definition
| a method of risk transference where an organization pays a premium for an insurance company to assume risk. |
|
|
Term
| RADIUS Encrypts _____ and TACACS encrypts _____ |
|
Definition
| Only Passwords, All info between client and server |
|
|
Term
|
Definition
| the risk that remains after all mitigation and reduction strategies have been implemented. |
|
|
Term
| What would prevent a user from logging on to a network that has outdated Patches or Antivirus signatures? |
|
Definition
| NAC. Network Access Control |
|
|
Term
| To prevent Cross-site scripting (XSS) attacks, what would be the best method of defense? |
|
Definition
| Validating the input into a web site for illegal characters in a particular field. |
|
|
Term
Note the algorithms in order for :
AES & 3DES
RSA
MD5 & SHA-1 |
|
Definition
Symmetric
Asymmetric
Hashing |
|
|
Term
| a TPM is best described as: |
|
Definition
| A Trusted Platform Module is best described as a hardware module that performs cryptographic functions |
|
|
Term
|
Definition
| an application vulnerability testing technique that sends invalid or unexpected data to the application, with the intent to see if any security vulnerabilities exist. |
|
|
Term
| What is a password token when used by itself? |
|
Definition
a one-time password authenticator
if combined with another password it would be multi-factor |
|
|
Term
| What is the type of attack when a server is flooded by ICMP Echo request packets? |
|
Definition
|
|
Term
| What type of attack typically listens on an open inbound connection sometimes with ports 135 and 445? |
|
Definition
| Remote Access Trojan (RAT) |
|
|
Term
| Whats the best method to manage multiple passwords? |
|
Definition
| A password manager (keepass, password vault manager etc) |
|
|
Term
| What type of attack sends different messages using the same hash function trying to cause a collision? |
|
Definition
|
|
Term
| Where are Macro Viruses found? |
|
Definition
|
|
Term
| What central system includes a firewall, IDS, antivirus, and more? |
|
Definition
| a Unified Threat Management (UTM) system. |
|
|
Term
|
Definition
| Logical Controls. they can be used to restrict data access like applications, devices, and encryption |
|
|
Term
| What is Containerization in terms of a mobile device? |
|
Definition
| It establishes secure isolated connections to apps & isolates the rest of a mobile device |
|
|
Term
| What's the most significant disadvantage to federated identities? |
|
Definition
| Transitive Trust. the security of federated identities is impacted by the security of others |
|
|
Term
| a ____ is submitted to a ___ to request a digital signature |
|
Definition
| Certificate Signing Request (CSR) to a Certificate Authority (CA) |
|
|
Term
| What is a Buffer overflow attack? |
|
Definition
| Sending more data to a target than it can hold |
|
|
Term
| What could be done if an employee is tethering his phone to bypass wireless security? |
|
Definition
| Implementing a policy against tethering in the workplace |
|
|
Term
| What would be the best method to mitigate a password cracker if someone is worried about passwords being cracked? |
|
Definition
| An Account Lockout Policy that locks the account if there are multiple attempts. |
|
|
Term
| What would be the best method to manage patches, configurations, and software installations/updates/maintenance in a single location? |
|
Definition
| A Virtual Desktop Environment |
|
|
Term
| What is a CER and what does it describe? |
|
Definition
| a Crossover Error Rate and it describes the point at which false rejections and false acceptances are equal. |
|
|
Term
| What is XSS and what does it involve? |
|
Definition
| Cross-Site Scripting and it involves the use of Java-script |
|
|
Term
| Whats the best method to handle input validation? |
|
Definition
| Fuzzing. Having a tester enter the wrong info intentionally to see how the application will process or handle data. |
|
|
Term
| If you need to validate a certificate without consuming bandwidth, what would be used? |
|
Definition
| a Certificate Revocation List (CRL) can be used to provide a list that's been revoked without consuming bandwidth (OCSP) is a protocol. |
|
|
Term
| What ciphers work similar to one-time pads? |
|
Definition
|
|
Term
| What type of system has a configuration that cannot be changed? |
|
Definition
|
|
Term
| Filtering user input would be the best method to prevent what? |
|
Definition
| XSS (cross-site scripting) and SQL attacks. |
|
|
Term
| Half-open connections on a firewall are classic examples of what type of attack? |
|
Definition
|
|
Term
| What would be the best method to prevent unapproved technologies such as USB drives in the work place? |
|
Definition
| a Data Loss Prevention (DLP) policy |
|
|
Term
| What's the least secure hashing algorithm? |
|
Definition
|
|
Term
| What helps prevents replay attacks and session hijacking? |
|
Definition
|
|
Term
| What is an appropriate method of handling an employee when wrongdoing has been found? |
|
Definition
| take Adverse Actions (leave w/w/out pay, etc) |
|
|
Term
| as an employee, using a Corporate Owned Personally Enabled phone, what is the risk involved? |
|
Definition
| Having your personal information exposed at work, etc. |
|
|
Term
| What can help best against DHCP starvation attacks started by "gobbler" software? |
|
Definition
| Network Address Allocation |
|
|
Term
| What would be the best method of low-impact security for mobile devices used by guests that are connecting to a businesses wi-fi temporarily? |
|
Definition
Network Access Control (NAC) can perform health checks on mobile devices to make sure they meet the minimum security standards prior to connecting.
a Dissolvable nac would work best in this case |
|
|
Term
| What would assist in granting you the source code if a vendor you were working with went out of business? |
|
Definition
|
|
Term
| Whats the most volatile parts of a machine in terms of forensics? |
|
Definition
1. Processor Cache
2. RAM
3. Swap File
4. HDD |
|
|
Term
| What are 4 Symmetric key block cipher algorithms? |
|
Definition
|
|
Term
| Whats a Symmetric Key Algorithm that uses a Stream (1 bit at a time) Cipher instead of block? |
|
Definition
|
|
Term
What's the block size of DES, 3DES, and Blowfish?
|
|
Definition
|
|
Term
| Whats the block size of AES? |
|
Definition
|
|
Term
| Whats they key size of DES and 3DES? |
|
Definition
|
|
Term
What's the key size of Blowfish?
|
|
Definition
|
|
Term
| What are the possible key sizes of AES? |
|
Definition
|
|
Term
| What is they key size range of RC4? |
|
Definition
|
|
Term
|
Definition
a symmetric block mode called Counter
it uses a nonce number + an increasing counter value in binary and encrypts that |
|
|
Term
|
Definition
an Asymmetric Algorithm
Provides a method for 2 parties to come up with same Session Key.
key exchange agreement (or protocol)
Using shared secrets, i.e colors. |
|
|
Term
| What is a Rainbow-Table Attack? |
|
Definition
| a type of hack using a rainbow hash table (precomputed lookup table for storing password hashes) to crack passwords in a database. |
|
|
Term
| What would be 4 useful security options for a COPE phone? |
|
Definition
Cellular data, remote wipe, Location Tracking, MDM.
Mobile Device Management allows patches and updates remotely. |
|
|
Term
| What's the biggest issue with a 6 character password thats 2 years old and has no history being maintained? |
|
Definition
| the 6 character length of the password |
|
|
Term
| if computers were zombies in a botnet, what attack would they be performing? |
|
Definition
|
|
Term
| What occurs when you exploit one machine and use it to exploit another? |
|
Definition
|
|
Term
| If files are encrypted by a no-longer employed user, what could be used to decrypt them? |
|
Definition
|
|
Term
| What wifi technology provides max security while supporting older devices? |
|
Definition
|
|
Term
Lighting is a ____
Audit logs, Alarms, and a antivirus scanner are examples of _____ |
|
Definition
Deterrent control
Detective controls |
|
|
Term
| if an attacker is able to enumerate all your networks resources and able to make some unavailable, what protocl would best mitigate the attack?? |
|
Definition
| LDAP - because it is considered to be a directory or phonebook of your network. |
|
|
Term
| SSL is much older than ___ |
|
Definition
|
|
Term
|
Definition
| Data Execution Prevention is a resource that monitors programs that access system memory and prevent them from doing so. |
|
|
Term
| Spear Fishing targets a ____ |
|
Definition
|
|
Term
| The most important principle in managing account permissions is what? |
|
Definition
| Account Recertification. this certifies that permissions still need to be granted. |
|
|
Term
| What automatically updates browsers with a list of certificates for applications? |
|
Definition
|
|
Term
| What verifies requests for certs and forwards the responses? |
|
Definition
| a Registered Authority or Root Authority (RA) |
|
|
Term
RAID 1+0 =
Raid 6 =
raid 1 =
Raid 0 = |
|
Definition
Stripe of mirrors
Striping with dual parity
Mirror
Striping
|
|
|
Term
What does Quantitative Risk Assessment do?
|
|
Definition
Assigns numerical values from impacts |
|
|
Term
| What does Qualitative Risk Assessment do? |
|
Definition
| Determines and ranks the quality such as a high/medium/low risk |
|
|
Term
| What Wi-Fi standard was used to implement the requirements of 802.11i ? |
|
Definition
|
|
Term
| an Out-of-band NIDs does what? |
|
Definition
| Places the management system on a different network. This would help the detection process be invisible to an attacker. |
|
|
Term
| What is a type 1 hypervisor known as? |
|
Definition
"Bare Metal"
it runs on the system hardware |
|
|
Term
| What does a type 2 hypervisor run on? |
|
Definition
|
|
Term
| What is a low-level, low skilled hacker known as? |
|
Definition
|
|
Term
|
Definition
| A process where someone connects to a web server and gathers information by "grabbing their banner" which can be done through netcat |
|
|
Term
What box test uses minimal information
|
|
Definition
|
|
Term
| What box test uses complete information? |
|
Definition
|
|
Term
| what are the numbered types of authentication? |
|
Definition
Type 1: something you know (password)
Type 2: something you have (smart card)
Type 3: something you are (biometrics) |
|
|
Term
| you shouldn't include ____ in usernames |
|
Definition
|
|
Term
| what key is used to encrypt the hash digest of an email to create a digital signature? |
|
Definition
|
|
Term
| Root kits can affect boot sectors, but a machine forceably booting is most likely the cause of a ___ |
|
Definition
|
|
Term
| What type of controls are testing and training a part of? |
|
Definition
| Preventative Administration Controls |
|
|
Term
| What tool is a packet sniffer for linux? |
|
Definition
|
|
Term
| What type of control can be forced on an OS and cannot be overridden or accessed by users? |
|
Definition
|
|
Term
| What document would describe reliability and recourse if reliability isn't met? |
|
Definition
| a Service Level Agreement (SLA) |
|
|
Term
| What ports would you open and block for a web application firewall to only allow encrypted web traffic? |
|
Definition
| Open 443 and 23 and block port 80 |
|
|
Term
| What system has a major benefit that detects if files have been altered? |
|
Definition
|
|
Term
|
Definition
| Platform as a service provides consumers with the infrastructure for hosted applications. It is an OS service |
|
|
Term
|
Definition
| Full fault tolerance with striping |
|
|
Term
|
Definition
| Striping with dedicated parity |
|
|
Term
| Wearable devices can be used to cary ____ in and out of a company |
|
Definition
|
|
Term
| The best bios integrity technique is what? |
|
Definition
|
|
Term
| WPA uses what method for authentication? |
|
Definition
| TKIP - Temporal Key Integrity Protocol |
|
|
Term
| What Wifi security standards use CCMP? |
|
Definition
| WPA2 & AES - Counter Mode Cipher Block Chaining Message Authentication Protocol |
|
|
Term
|
Definition
| the process of deprovisioning resources as needed in order to make room for other resources |
|
|
Term
| What Is not a part of password complexity? |
|
Definition
|
|
Term
| whats the best method to document how users use their account permissions? |
|
Definition
|
|
Term
| Whats a physical access method that uses asymmetric cryptography to authorize users? |
|
Definition
| a Challenge Response Token |
|
|
Term
| a Char_user_input[20] code line could be vulnerable to what type of attack? |
|
Definition
| Buffer Overflow because the user is required to input 20 characters. |
|
|
Term
| What malicious software / malware typically takes screenshots of a system and hides them in a TEMP folder? |
|
Definition
|
|
Term
| What takes place when an attacker places malware in between an application and other files which intercepts the communications? |
|
Definition
|
|
Term
| What is taking place when someone receives a large number of messages on their Bluetooth device? |
|
Definition
|
|
Term
| What type of XSS attack sends users to a fake website? |
|
Definition
| A cross-site request forgery |
|
|
Term
| What takes place when a Bluetooth device has data stolen within close range? |
|
Definition
|
|
Term
| What are 4 methods of security for a workstation/laptop? |
|
Definition
a Host-based firewall, network sniffer, cable lock, and CAT5e STP
the network sniffer can help capture traffic for later analysis
Cat5e stp reduces risk of EMI |
|
|
Term
| _____ works with high-capacity storage where once the data is written it cannot be edited. this provides secure storage because backups cannot be tampered with |
|
Definition
| WORM (Write Once Read Many) |
|
|
Term
| What is the standard number of system wipes to completely get rid of data? |
|
Definition
|
|
Term
| for remote login and to execute cmd line functions what ports should be open or blocked? |
|
Definition
| Block 23 (telnet insecure) and open 22 (SSH) |
|
|
Term
| What is best for backup security and frequency? |
|
Definition
|
|
Term
| What tool finds vulnerabilities and attempts to exploit them? |
|
Definition
|
|
Term
| When you give a tester login info, you are allowing a what? |
|
Definition
|
|
Term
| What is the drawback to symmetric encryption |
|
Definition
| The key must be delivered in a secure manner because there is only one to encrypt and decrypt |
|
|
Term
| What can bypass security for 802.1x? |
|
Definition
|
|
Term
| Company Trade Secrets should be labeled as what? |
|
Definition
| Proprietary, because they're specific to the company and nothing else |
|
|
Term
| What is a non-legally binding agreement? |
|
Definition
|
|
Term
| What type of control is CAPTCHA? |
|
Definition
|
|
Term
| SLE is the ____ x the _____ |
|
Definition
| Product Value x the Exposure Factor (EF) |
|
|
Term
|
Definition
| Advanced Persistent Threat |
|
|
Term
| What type of attack could happen if a program has variables and doesn't check boundary values? |
|
Definition
|
|
Term
| What type of attack could hack passwords with dictionary words and numbers/symbols? |
|
Definition
| A hybrid attack that uses dictionary and brute force |
|
|
Term
|
Definition
| a network communication utility that's used to create connections between 2 machines. the presence of a netcat could indicate the machine's been compromised and has a possible backdoor |
|
|
Term
| in an IDS system, what is used to collect data from the network segment and forward that info to the analyzer? |
|
Definition
|
|
Term
| What is a drawback to Virtual IP load balancing? |
|
Definition
| it is connection-based, not load-based. it assumes all loads are similar. |
|
|
Term
| What type of attack can be attempted using a list of common passwords? |
|
Definition
|
|
Term
|
Definition
| Stateful Packet Inspection - Firewall |
|
|
Term
|
Definition
| Attribute based access control |
|
|
Term
| Why is event de-duplication important? |
|
Definition
| because the servers send data back to the SIEMS |
|
|
Term
| What type of server should be used prior to deploying applications to a live environment? |
|
Definition
| a Test Server that is identical to the production server |
|
|
Term
| If someone is concerned about authentication and permissions, what should be their first step? |
|
Definition
|
|
Term
| A configuration can be considered what in terms of contingency planning? |
|
Definition
| a Single point of failure |
|
|
Term
| What type of back is the quickest method to backup but also the slowest to perform? |
|
Definition
|
|
Term
| What should be used to avoid mishandling of items such as tapes, removal drives, cd's and dvds? |
|
Definition
|
|
Term
| What form describes how systems should be interfaced between 2 companies using shared systems? |
|
Definition
| an ISA - interconnection service agreement |
|
|
Term
| What method of EAP consists of three phases? |
|
Definition
in situations where a password policy cannot be enforced, EAP-FAST consists of three phases.
Provisioning, establishing a tunnel, and Authentication |
|
|
Term
| What form of EAP requires both server and client certificates? |
|
Definition
|
|
Term
| What would be the reason a MIM attacker wouldn't be able to decrypt messages that he intercepted? |
|
Definition
| Asymmetric Encryption - he doesn't have the decryption key |
|
|
Term
| Logic Bombs are still considered as a form of ____ |
|
Definition
|
|
Term
| What does a sparse infector virus do? |
|
Definition
| Performs activity sporadically |
|
|
Term
| The amount of data stolen is __ an attribute that would be considered after an attack |
|
Definition
|
|
Term
| A collision attack happens when what? |
|
Definition
| two different inputs produce the same hash |
|
|
Term
| A Smurf attack does what? |
|
Definition
| uses a fake ip address to get a subnet to reply and use up their resources |
|
|
Term
| A multipartite virus does what? |
|
Definition
| Combines infections with boot sector viruses |
|
|
Term
| For phishing emails, what would be the best security method to help mitigate them? |
|
Definition
|
|
Term
| If there are concerns with outside access to a wireless access point, what would be the best security method to implement? |
|
Definition
|
|
Term
| LT2P and Ipsec are both used with what? |
|
Definition
|
|
Term
| What does Heuristic Scanning do? |
|
Definition
| looks for anomalous behavior that may indicate an attack even if there's no signature for the attack itself |
|
|
Term
|
Definition
| a Proprietary communication technology and works with low-power devices and can spend long periods in sleep modes. |
|
|
Term
|
Definition
| the document for the International Security Standard |
|
|
Term
|
Definition
| International Cloud Security standards |
|
|
Term
| How are Rainbow-Table attacks mitigated? |
|
Definition
| with longer passwords. a Rainbow-table attack can easily crack passwords shorter than 14 characters. |
|
|
Term
| What would be the reason for rejecting authentication for ABAC while traveling? |
|
Definition
|
|
Term
|
Definition
| HMAC (keyed-hash message authentication code) one timed password |
|
|
Term
| true or false: NTLM was native default for Windows which eventually became Kerberos |
|
Definition
|
|
Term
|
Definition
| Database activity monitoring prevention |
|
|
Term
| What comes before containment in regards to discovering malware? |
|
Definition
|
|
Term
| T or F: an HR employee is considered a custodian security role |
|
Definition
|
|
Term
|
Definition
| Perfect Forward Secrecy - for VPN safety of session keys |
|
|
Term
| What must happen if a certificate is revoked? |
|
Definition
| A new key pair must be generated and get a new certificate |
|
|
Term
| What is one way to ensure file integrity on a system or device? |
|
Definition
|
|
Term
| What cryptography method uses two-mathematically related keys to secure data during transmission? |
|
Definition
|
|
Term
|
Definition
| also known as a playback attack. form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. |
|
|
Term
| What is an Amplification attack? |
|
Definition
| a DDOS attack that targets DNS resolvers to overwhelm them with traffic. |
|
|
Term
| What is a Pass the Hash attack |
|
Definition
| A remote attack that uses the underlying NTLM or LanMan hash of a users password instead of plaintext. |
|
|
Term
| what are the attributes of threat actors? |
|
Definition
Internal/external
level of sophistication
Resources/funding
intent/motivation |
|
|
Term
| What's the difference between RSA and Diffie-Hellman? |
|
Definition
RSA is a public-key encryption that uses multiplication of prime numbers.
Diffie-hellman is a exponential key exchange that uses a shared secret between two parties. and computes by exponents. |
|
|
Term
|
Definition
Key-hash message authentication code or hash-based
uses a key and hash function |
|
|
Term
T or F
Salted Hash Tables add a "salt" value to the end of a password and hashes that, so the hash value is always completely different |
|
Definition
|
|
Term
| What does a business continuity plan do? |
|
Definition
| it Identifies critical systems and components that need to be protected. |
|
|
Term
| If someone is concerned about account logins being compromised what should they implement? |
|
Definition
| SMS authentication for any logins from an unknown computer or location |
|
|
Term
|
Definition
Security Assertion Markup Language
-SCADA - systems all over the place
Single Sign On among web apps
login to multiple devices
|
|
|
Term
|
Definition
| NT Lan Manager - windows authentication method (2+ windows systems in a workgroup without a domain controller) - each side has a challenge message hashed and challenges each other (like a double chap between client and server) |
|
|
Term
| What is Kerberos used for? |
|
Definition
used to authenticate to windows domain controllers (key distribution center)
tcp\udp port 88
Authentication Service
Ticket Granting Ticket (SID) |
|
|
Term
SLA's define
MOU's define
ISA's define
BPA's define |
|
Definition
expectations of service provider
Mutual Agreements
Technical and security requirements
Legal agreements |
|
|
Term
When an attacker places malware between an application and other files intercept the communication (i.e a file has the same name and interface as a system DLL but handles input differently and apps attach to it instead of the dll)
What is this called? |
|
Definition
|
|
Term
A Stateful firewall blocks based on :
A stateless firewall blocks based on : |
|
Definition
Behavior more than rules
an Access control list, and defined rules |
|
|
Term
|
Definition
| Cloud Access Security Broker |
|
|
Term
Users receive training on :
Privileged Users receive training on:
Executive Users receive training on:
System Owners receive training on: |
|
Definition
General Awareness
how to handle network access
how to spot targeted attacks
how to manage particular systems |
|
|
