1.0 Threat Management Flashcards by paulo guiao

what is a public cloud?

the standard cloud computing model where a service provider makes resources available to the public over the internet

How well did you know this?

Not at all

Perfectly

what does OS fingerprinting involve?

using active fingerprinting to look at the ports (open/closed and the types of responses) and passive fingerprinting to examine the traffic to and from the computer (looking for the default window size or TTL of packets)

How well did you know this?

Not at all

Perfectly

what are the three main protocols that can be used for wireless networks?

wired equivalent privacy (WEP), WPAv1, WPAv2

How well did you know this?

Not at all

Perfectly

what is the purpose of infrastructure as a service (IaaS) in cloud computing?

it provides computer and server infrastructure, typically through a virtualization environment

How well did you know this?

Not at all

Perfectly

what do you use to control traffic from the internet to the LAN (local area network) by controlling the packets that are allowed to enter the LAN?

a firewall

How well did you know this?

Not at all

Perfectly

what is the most common type of system used to detect intrusions into a computer network?

NIDS

How well did you know this?

Not at all

Perfectly

what is the purpose of PaaS in cloud computing?

it provides not only a virtualized deployment platform but also a value-added solution stack and an application development platform

How well did you know this?

Not at all

Perfectly

what is the term for an unauthorized access that a network-based intrusion detection system (NIDS) fails to detect?

missed detection or false positive

How well did you know this?

Not at all

Perfectly

what does the acronym IDS denote?

Intrusion detection system

How well did you know this?

Not at all

Perfectly

what is the main difference between an IDS and an IPS?

an IDS detects intrusions. an IPS prevents intrusions

How well did you know this?

Not at all

Perfectly

what does the acronym ACL denote?

access control list

How well did you know this?

Not at all

Perfectly

what devices can limit the effectiveness of sniffing attacks: switches or routers?

switches

How well did you know this?

Not at all

Perfectly

what are the two major types of intrusion detection systems (IDS)?

network IDS (NIDS) and host IDS (HIDS)

How well did you know this?

Not at all

Perfectly

which type of IDS detects attack on individual devices?

host intrusion detection system (HIDS)

How well did you know this?

Not at all

Perfectly

which layer 3 device allows different logical networks to communicate?

router

How well did you know this?

Not at all

Perfectly

what is the default rule found in a firewall's access control list (ACL)?

deny all

How well did you know this?

Not at all

Perfectly

what does the acronym NIDS denote?

network-based intrusion detection system

How well did you know this?

Not at all

Perfectly

which security control is lost when using cloud computing?

physical control of the data

How well did you know this?

Not at all

Perfectly

what is the term for an authorized access that a network-based intrusion detection system (NIDS) incorrectly detects as an attack?

false positive

How well did you know this?

Not at all

Perfectly

what are the four types of cloud computing based on management type?

public, private, hybrid, and community

How well did you know this?

Not at all

Perfectly

what is hybrid cloud?

a cloud computing environment in which an organization provides and manages some resources in-house and has others provided externally via a public cloud

How well did you know this?

Not at all

Perfectly

what is multi-tenancy cloud?

a cloud model where multiple tenants share the resources. this model allows the service providers to manage the resource utilization more efficiently

How well did you know this?

Not at all

Perfectly

which type of system identifies suspicious patterns that may indicate a network or system attack?

intrusion detection system (IDS)

How well did you know this?

Not at all

Perfectly

why is data isolation used in cloud environments?

to ensure that tenant data in a multi-tenant solution is isolated from other tenant' data using a tenant ID in the data labels

How well did you know this?

Not at all

Perfectly

which information do routers use to forward packets to their destinations?

the network address and subnet mask

what does the acronym HIDS denote?

host-based intrusion detection system

what is a community cloud?

an infrastructure that is shared among several organizations from a specific group with common computing concerns

what is the purpose of software as a service (SaaS) in cloud computing?

it ensures on-demand, online access to an application suite without the need for local installation

what is a single-tenancy cloud?

a cloud model where a single client or organization uses a resource

what OS footprinting do?

it performs the fingerprinting steps as well as gathering additional information, such as polling DNS (check the status/survey), registrar queries, and so on

which type of IDS detects malicious packets on a network?

network intrusion detection system (NIDS)

what is lightweight extensible authentication protocol (LEAP)?

a proprietary wireless LAN authentication method developed by Cisco Systems

which type of analysis involves identifying traffic that is abnormal?

anomaly analysis

which wireless protocol provides the best security: WEP, WAP, WPA, or WPA2?

WPA2 with CCMP

which category of IDS might increase logging activities, disable a service, or close a port as a response to a detected security breach?

active detection

what does the acronym SIEM denote?

security information and event management

what should you do to ensure that a wireless access point signal does not extend beyond it needed range?

reduce the power levels

which type of analysis involves examining information in the header of the packet?

protocol analysis

what is the purpose of MAC filtering?

to restrict the clients that can access a wireless network

what is protected extensible authentication protocol (PEAP)?

a protocol that encapsulates the EAP within an encrypted and authenticated TLS tunnel

what are the two modes of WAP and WPA2?

personal (also called preshared key or WPA-PSK / WPA2-PSK) and enterprise

what type of analysis focuses on the long term direction in the increase or decrease in a particular type of traffic?

trend analysis

which security protocol is the standard encryption protocol for use with the WPA2 standard?

counter mode cipher block chaining message authentication code protocol (CCMP)

which security protocol was designed as an interim solution to replace WEP without requiring the replacement of legacy hardware?

temporal key integrity protocol (TKIP)

which intrusion detection system (IDS) watches for intrusions that match a known identity?

signature-based IDS

which software can collect logs from specified devices, combine the logs, and analyze the combined logs for security issues?

security information and event management (SIEM)

what doe heuristic analysis do?

it determines the susceptibility of a system towards a particular threat/risk using decision rules or weighing methods

which protocol does the enterprise mode of WPA and WPA2 use for authentication?

extensible authentication protocol (EAP)

which wireless mode ensures that wireless clients can only communicate with the wireless access point and not with other wireless clients?

isolation mode

which type of IDS or IPS uses an initial database of known attack types but dynamically alters their signatures base on learned behavior?

heuristic

what doe packet analysis do?

it examines the entire packet, including the payload

what are the non-overlapping channels for 802.11g/n?

channels 1,6, and 11

what are the non-overlapping channels for 802.11b?

channels 1,6,11, and 14

what is the most secure implementation of file transfer protocol (FTP)?

secure file transfer protocol (SFTP)

what is the name for a hole in the security of an application deliberately left in place by a designer?

backdoor

which malicious software infects a system without relying upon other applications for its execution?

a worm

what does an anti-virus application signature file contain?

it contains identifying information about viruses

which application or services uses TCP/UDP port 3389?

remote desktop protocol (RDP)

which port number is used by TFTP?

UDP port 69

what is the name for a fix that addresses a specific windows system problem or set of problems?

hotfix

which firewall port should you enable to allow SMTP trafic to flow through the firewall?

port 25

how many TCP/UDP ports are vulnerable to malicious attacks?

65,536

which type of virus can change its signature to avoid detection?

polymorphic

what is the default PPTP port?

TCP port 1723

what is the purpose of NAC?

network access control (NAC) ensures that the computer on the network meets an organization's security policies

using role-based access control (RBAC), which entities are assigned roles?

users or subjects

what is the name of the area that connects to a firewall and offers services to untrusted networks?

DMZ

which virus creates many variants by modifying its code to deceive antivirus scanners?

polymorphic virus

which port should you block at your network firewall to prevent telnet access?

port 23

what is a good solution if you need to separate two departments into separate networks?

VLAN segregation

which port number does LDAP use for communications encrypted using SSL/TLS?

port 636

which type of code performs malicious acts only when a certain set of conditions occurs?

a logic bomb

which firewall port should you enable to allow IMAP4 traffic to flow through the firewall?

TCP port 143

which two port does FTP use?

ports 20 and 21

what does VLAN segregation accomplish?

it protects each individual segment by isolating the segments

which port number does HTTP use?

port 80

which port numbers are used by NetBIOS?

ports 137, 138, 139

which type of malware appears to perform a valuable function, but actually performs malicious acts?

trojan horse

which port number does LDAP use when communications are not secured using SSL/TLS?

port 389

what does the acronym RBAC denote?

role-based access control

which viruses are written in macro language and typically infect operating systems?

macro viruses

who can change a resource's category in a mandatory access control environment?

administrators only

which port number does NNTP (network news transfer protocol) use?

TCP port 119

what is a trojan horse?

malware that is disguised as a useful utility, but is embedded with a malicious code to infect computer systems

which port number does NTP use?

port 123

what does the acronym DAC denote?

discretionary access control

which firewall port should you enable to allow POP3 traffic to flow through the firewall?

TCP port 110

which port number does DHCP use?

port 67

which port number is used by SSL, FTPS, and HTTPS?

TCP port 443

which port number is used by SSH, SCP, and SFTP?

port 22

what is the default L2TP port?

UDP port 1701

which type of access control associates roles with each user?

role-based access control (RBAC)

why should you install a software firewall and the latest software patches and hotfixes on your computer?

to reduce security risks

what is the name for a collection of hotfixes that have been combined into a single patch?

a service pack

which type of access control is the multi-level security mechanism used by the department of defense (DoD)?

mandatory access control (MAC)

which port number does DNS use?

port 53

which port number is used by SMB?

tcp port 445

what is a file considered in a mandatory access control environment?

an object

what is the purpose of anti-spam application or filters?

to prevent unsolicited e-mail

which type of access control was originally developed for military use?

mandatory access control (MAC)

when should you install a software patch on a production server?

after the patch has been tested

which type of access control is most suitable for top-secret information?

mandatory access control (MAC)

which port number does SNMP use?

UDP port 161

in a secure network, what should be the default permission position?

implicit deny

which port number does SSH use?

port 22

which type of virus attempts to hide from antivirus software and from the operating system by remaining in memory?

stealth

which port is used for LDAP authentication?

port 389

which self-replicating computer program sends copies of itself to other devices on the network?

worm

which port number is used by microsoft SQL server?

tcp port 1433

which TCP port number does secure sockets layer (SSL) use?

port 443

according to the CySA+ objectives, what are the six rules of engagement for penetration testing?

timingscopeauthorizationexploitationcommunicationreporting

is a DHCP server normally placed inside a DMZ?

what is meant by the term exploitation in regards to rules of engagement in penetration testing?

all exploits that will be attempted during a scan

what is decomposition?

the process of breaking software or malware down to discover how it works

what is meant by the term scope in regards to vulnerability testing?

the devices or parts of the network that can be scanned and the types of scans to be performed

which technology enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic, while hiding internal addresses or address space?

NAT

which assessment determines whether network security is properly configured to rebuff hacker attacks?

penetration test

what is the purpose of network segmentation?

to isolate a group of devices

what can be used to run a possibly malicious program in a safe environment?

sandbox

which term is used for the process of verifying the integrity of a file by using a hashing algorithm?

fingerprinting or hashing

what is the purpose of the blue team in a training exercise?

defending the device or network

which documentation reduces the likelihood that you have received counterfeit equipment?

OEM (original equipment manufacturer) documentation

which type of connectivity provides a remote user the ability to safely connect to his or her corporate network while maintaining data confidentiality and integrity?

VPN

what is the purpose of the red team in a training exercise?

attacking the devices or network

what is meant by the term timing in regards to penetration testing?

the time when the test should occur and when it should not occur

what is the primary security advantage of using NAT?

NAT hides internal IP addresses from the public network

what is meant by the term authorization in regards to penetration testing?

the written agreement and legal authority to perform a vulnerability test

which type of test attempts to exploit vulnerabilities?

penetration test or pentest

which type of test ONLY identifies vulnerabilities?

vulnerability test

what is the purpose of rules of engagement for penetration testing?

they define how a penetration test should occur, including the factors that limit the penetration test

what does the acronym OEM denote?

original equipment manufacturer

which team acts as the referee during a training exercise?

white team

what is the purpose of the Trusted Foundry?

it identifies trusted vendors and ensures a trusted supply chain for the united states department of defense (DoD)

does each VLAN create its own collision domain or its own broadcast domain?

broadcast domain

1.0 Threat Management Flashcards

(134 cards)