401/501 Study Guide Flashcards
(94 cards)
1
Q
What Port is DNS?
A
53
2
Q
CIA Triad
A
C - Confidentiality
I - Integrity
A - Availability
**These three are EQUALLY as important
3
Q
When information remains true to the creators intent
A
Integrity
3
Q
What are some common network applications that use UDP?
A
- Domain Name System (DNS)
- Streaming media…like IPTV
- Voice over IP (VoIP)
- Trivial File Transfer Protocol (TFTP)
- Many online games
4
Q
Information conforms to reality
A
Authenticity
5
Q
According to 1000 Foot View, what are the core principles of IA?
A
Confidentiality, Availability, Authenticity, Authorized Use, Privacy, Non-Repudiation, Utilization, Possession, Integrity
6
Q
When information is fit for a purpose and in a usable state
A
Utilization
7
Q
Only authorized personnel may access cost incurring services
Ex.) toll-fraud prevention
A
Authorized Use
8
Q
What are the Five DIACAP Activities?
A
- Initiate & Plan IA C&A
- Implement & Validate assigned IA Controls
- Make Certification Determination & Accreditation Decision
- Maintain Authorization to Operate & Conduct Reviews
- Decommission
9
Q
When only authorized personnel may disclose or observe information
A
Confidentiality
10
Q
When the originator of message or transaction may not later deny action
A
Non-Repudiation
11
Q
What does DIACAP stand for?
A
Department of Defense Information Assurance Certification Accreditation Processes
12
Q
What Port is HTTP?
A
80
13
Q
What layer of the OSI Model Diagram provides end-to-end data transmission integrity?
A
Transport
14
Q
Who invented the one-time password?
A
Gilbert Vernam
Called it the “Vernam Cipher”
1917
15
Q
*a simpler message-based connectionless protocol
Communication is achieved by transmitting information in one direction from source to destination without verifying the readiness or state of the receiver
- connectionless protocols do not set up a dedicated end-to-end connection
A
User Datagram Protocol (UDP)
16
Q
What layer of the OSI Model Diagram establishes, maintains and manages sessions?
For example~ the synchronization of data flow
A
Session
17
Q
What is Port 110?
A
POP3
18
Q
What does OSI stand for?
A
Open Systems Interconnection
19
Q
What are the 7 levels of the OSI Model Diagram?
A
7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical
20
Q
What layer of the OSI Model Diagram provides data representation between systems?
A
Presentation
21
Q
What layer of the OSI Model Diagram provides transfer of information units to the other end of the physical link?
A
Data Link
22
Q
What Port is HTTPS?
A
443
23
Q
An attack in which the attacker sends a large number of connection or information requests to overwhelm and cripple a target
A
Denial-of-Service (DoS) attack
24
What Port is LDAP?
389
25
The process of using social skills to convince people to reveal access credentials or other valuable information to the attacker
Social engineering
26
When information is ready for use within stated operational parameters
Availability
27
The industry standard for computer security since the development of the mainframe.
Known as the Holy Trinity of IA
~based on 3 characteristics that describe the utility of information.
C.I.A. Triad
| Based on confidentiality, integrity, and availability
28
A self-replicating computer program that uses a network to send copies of itself to other nodes, and it may do so without any user intervention. It does not need to attach itself to an existing program
Worm
29
What hackers do -- The Five Phases of Hacking
```
Phase 1 - Reconnaissance
Phase 2 - Scanning
Phase 3 - Gaining Access
Phase 4 - Maintaining Access
Phase 5 - Covering Tracks
```
30
Methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits
Biometrics
31
Software designed to infiltrate a computer without the owner's informed consent
Malware
| -short for malicious software
32
An attack in which a coordinated stream of connection requests is launched against a target from many locations at the same time
ie. Black Friday, Cyber Monday, Super Bowl Sunday
Distributed Denial-of-Service (DDoS) attack
33
A bit pattern that defines which portion of the 32 bits represents a subnet address
Subnet Mask
34
What Port is FTP?
20, 21
35
This can provide a two-factor authentication method because the user may have to enter a PIN. This means the user must provide something she knows and something she has
Smart card
36
What is Port 143?
IMAP4
37
What are the Access Control Methods?
- Implicit deny
〰 First answer is no
- Least privilege
〰 Only permissions they need
- Separation of duties
〰 Avoid "collusion"
- Job rotation
38
A protected string of characters that is used to authenticate an individual
Password
39
What layer of the OSI Model Diagram transmits bit stream on a physical medium?
Physical
40
What is Port 119?
NNTP
41
What are the Access Control Models?
Mandatory Access Control (MAC)
&
Discretionary Access Control (DAC)
42
Human readable text
Plaintext
43
What layer of the OSI Model Diagram switches & routes information units?
Network
44
What Port is SSH?
22
45
The three tenants of Authentication
⭐️ Something a person knows (password)
⭐️ Something a person has (smartcard)
⭐️ Something a person is (fingerprint)
⭐️⭐️⭐️any 2 of these = Strong Authentication
46
Malware that appears, to the user, to perform a desirable function but, in fact, facilitates unauthorized access to the user's computer system
Trojan Horse
47
What is Port 25?
SMTP
48
Difference between MAC & DAC
〰MAC〰
⚡️ inflexible, predefined
⚡️ labor intensive
49
A program that searches out other programs & infects them by embedding a copy of itself. When the infected program executes, it is also executed, which begins the infection
Virus
50
Group policies, Password policies, User names & passwords, Time of day restrictions, Account expiration, ACLs and Logical tokens are all a part of what?
Logical Access Control
51
An authentication protocol that challenges the system to verify identity.
Also, it's an improvement over PAP
CHAP
Challenge Handshake Authentication Protocol
more info from slide notes
-------------------------------
In computing, the Challenge-Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity. That entity may be, for example, an Internet access provider.
CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable challenge-value. CHAP requires that both the client and server know the plaintext of the secret, although it is never sent over the network.
Microsoft has implemented a variant of the Challenge-handshake authentication protocol, called MS-CHAP, which does not require either peer to know the plaintext.
52
What Port is Kerberos?
88
53
Privilege escalation, Spyware, Weak passwords, Back doors, Adware, Default accounts and Rootkits are all different types of what?
Vulnerabilities & mitigations associated with network devices
⭐️ System Security Threats
54
What layer of the OSI Model Diagram provides specific services for applications, such as file transfer?
Application
55
What is Port 23?
Telnet
56
Role Based Access Control vs. Rule Based Access Control
✨ Role based access control
〰Job Function = Role(s)
〰Roles are assigned permissions
✨ Rule based access control
〰Ex : Allow * or Deny *
57
Authenticity is necessary to be able to do what?
To ensure that the users or objects (like documents) are genuine & that they have not been forged or fabricated
For example: Authentication breech can occur when a user's login id and password is used by un-authorized users to send un-authorized information.
58
What class of network is 201.168.10.32?
Class C
59
This is also called a dynamic password. It is used for authentication purposes and is only good once
One-Time password
| One-Time pad
60
When a hacker has a collection of these compromised systems, it is referred to as a __________.
Botnet
| 〰 a network of bots
61
Substitution Cipher
a method of encryption in which units of plaintext are replaced with ciphertext according to a regular system.
62
Transposition Cipher
a method of encryption by which the positions held by units of plaintext are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext
63
IA vs. IS
Information assurance is closely related to information security and the terms are sometimes used interchangeably.
IA is best thought of as a superset of information security
IA is interdisciplinary and draws from multiple fields, including accounting, fraud examination, forensic science, management science, systems engineering, security engineering, and criminology, in addition to computer science.
IA’s broader connotation also includes reliability and emphasizes strategic risk management over tools and tactics.
In addition to defending against malicious hackers and code (e.g., viruses)
IA includes other corporate governance issues such as privacy, compliance, audits, business continuity, and disaster recovery.
64
Differences between TCP & IP
☝️ TCP operates at a higher level
❗️concerned with only two-end systems
i.e. a Web browser and a Web Server
☝️ IP handles lower level transmissions from computer to computer as a message makes its way across the Internet
65
Protect personal privacy and adhere to relevant privacy compliance requirements
Privacy
65
Encrypted or machine readable text
Ciphertext
66
When information remains in the custody of authorized personnel
Possession
68
Who has access?
A cornerstone in the foundation of information security is controlling how resources are accessed so they can be protected from unauthorized modification or disclosure. The controls that enforce access control can be technical, physical, or administrative in nature.
69
TCP/IP
70
Transmission Control Protocol - TCP
71
What are some ways you can identify & authenticate who is connecting?
72
RADIUS
(Remote Authentication Dial In User Service)
73
Firewall Terms
74
Firewall types
75
What Port is TFTP?
69
76
Kerberos
-the way that Windows operates
user requests access to service running on a different server
-KDC authenticates user and sends a ticket to be used between the user and the service on the server
-
77
UDP
A simpler message-based connectionless protocol (no handshake)
● Connectionless protocols do not set up a dedicated end-to-end connection
● Communication is achieved by transmitting information in one direction from
source to destination without verifying the readiness or state of the receiver
● Streaming videos, games
● Common network applications that use UDP include:
o Domain Name System (DNS)
o Streaming media applications such as IPTV o Voice over IP (VoIP)
78
```
Which of the following are capable of functioning as a Firewall? Choose two.
Proxy
Router
PC
Switch
```
Proxy service as well as the Router is both capable of Network Address translation (NAT) which is the basic function of a firewall.
79
Subnetting
using the subnet mask value to divide a network into smaller components. This gives you more networks but a smaller number of hosts available on each.
o Subnetting uses bits from the node portion of the host address to create the additional networks, and there are two primary reasons for using it:
1. To use IP addresses more effectively
2. To make the network more secure and manageable
• It accomplishes the latter by confining traffic to the network that it needs to be on, reducing overall network traffic and creating more broadcast domains, thus reducing the range of network-wide broadcast traffic.
80
Web security gateway
A web security gateway and a unified threat management appliance both combine multiple security controls into a single appliance. They can inspect data streams and often include URL filtering, malware inspection, and content inspection components.
81
Private IP Addresses
```
Class
Beginning address
Ending address
Class A
10.0.0.0
10.255.255.255
Class B
172.16.0.0
172.31.255.255
Class C
192.168.0.0
192.168.255.2
```
82
Protocols
our agreedupon method of communication
Rules for communication
Often part of a protocol suite or framework Described by their functions and interactions Protocols need to talk to other protocols
83
Firewalls
Hardware-based network firewall inspects packets
–Can either accept or deny packet entry
–Usually located outside network security perimeter
84
Firewall actions on a packet
-Allow (let packet pass through)
–Block (drop packet)
–Prompt (ask what action to take)
85
Elements of a secure network design
-Demilitarized zones
–Subnetting
–Virtual LANs
–Remote access
86
Demilitarized Zone
~Separate network located outside secure network perimeter
| •Untrusted outside users can access DMZ but not secure network
87
Subnetting
IP address may be split anywhere within its 32 bits
•Network can be divided into three parts
–Network
–Subnet
–Host
•Each network can contain several subnets
•Each subnet can contain multiple hosts
88
Port 7
Echo
❖ TCP or UDP
❖ Testing round trip times between hosts
89
Types of security hardware logs
NIDS, NIPS, DNS, proxy servers, and firewalls
90
Log analysis
-Log records events that occur
–Monitoring logs can be useful in determining how attack occurred
–System logs and security application logs
–Network security logs
91
Firewall log items to be examined
```
-IP addresses rejected and dropped
–Probes to ports that have no application servers on them
–Source-routed packets
–Suspicious outbound connections
–Unsuccessful logins
```
92
System events log record:
-Client requests and server responses
–Usage information
–Account information
–Operational information
93
Benefits of monitoring system logs:
-Identify security incidents, policy violations, fraudulent activity
–Provide information shortly after event occurs
–Provide information to help resolve problems
–Help identify operational trends and long-term problems
–Provide documentation of regulatory compliance
