Chapter 9- Security Vulnerabilities, Threats and Countermeasures Flashcards

Question 1

Q

Explain Ultraviolet EPROMs (UVEPROMs):

Answer

A

UVEPROMs can be erased by light. After this is done, end users can burn new information into the UVEPROM as if it has never been programmed before.

Question 2

Q

Explain Electronically Erasable Programmable Read-Only Memory (EEPROM).

Answer

A

Electronically Erasable Programmable Read-Only Memory (EEPROM) uses electronic voltages delivered to the pins of the chip to force erasure.

Question 3

Q

Define Flash Memory

Answer

A

flash memory is a derivative concept from EEPROM.EEPROM must be fully erased to be rewritten whereas flash memory can be erased and written in blocks or pages.

Question 4

Q

Explain Electronically Erasable Programmable Read-Only Memory (EEPROM).

Answer

A

Electronically Erasable Programmable Read-Only Memory (EEPROM) uses electronic voltages delivered to the pins of the chip to force erasure.

Question 5

Q

Define Flash Memory

Answer

A

flash memory is a derivative concept from EEPROM.EEPROM must be fully erased to be rewritten whereas flash memory can be erased and written in blocks or pages

Question 6

Q

Define Flash Memory

Answer

A

flash memory is a derivative concept from EEPROM.EEPROM must be fully erased to be rewritten whereas flash memory can be erased and written in blocks or pages

Question 7

Q

A common type of flash is

Answer

A

NAND Flash.

Question 8

Q

Uses of flash memory

Answer

A

Flash Memory is used in memory cards, thumb drives, mobile devices and SSD (Solid state drives)

Question 9

Q

Explain Random Access Memory (RAM)

Answer

A

RAM is readable and writable memory that contains information a computer uses during processing. It I a temporary storage that losses data when powered off.

Question 10

Q

Types of RAM

Answer

A

Real Memory, Cache RAM

Question 11

Q

Explain Real Memory

Answer

A

Composed of a number of dynamic RAM chips, must be refreshed by the CPU on a periodic basis

Question 12

Q

Explain Cache RAM

Answer

A

this involves the improvement of performance by taking data from slower devices and temporarily storing it on faster devices when repeated use is likely.

Question 13

Q

Explain Real Memory

Answer

A

Composed of a number of dynamic RAM chips, must be refreshed by the CPU on a periodic basis

Question 14

Q

Explain Cache RAM

Answer

A

this involves the improvement of performance by taking data from slower devices and temporarily storing it on faster devices when repeated use is likely.

Question 15

Q

Explain Registers

Answer

A

this are limited amount of on board memory that are included on the CPU. It provides the CPU with directly accessible memory locations that the Arithmetic and Logical Unit (ALU) uses when performing calculations or processing instructions.

Question 16

Q

Explain Memory Addressing

Answer

A

Explain Memory Addressing: Memory Addressing occurs when using memory resources, the processor must have some means of referring to various locations in memory.

Question 17

Q

List 5 addressing schemes

Answer

A

Memory Addressing
Immediate Addressing 
Direct Addressing
Indirect
Register Addressing
Base+Offset Addressing

Question 18

Q

Define Register Addressing

Answer

A

when CPU needs information from one of its registers to complete an operation, it uses a register address

Question 19

Q

Define immediate addressing

Answer

A

this is a way of referring to data that is supplied to the CPU as part of an instruction.

Question 20

Q

Define Direct addressing

Answer

A

In Direct addressing the CPU is provided with an actual address of the memory location to access

Question 21

Q

Define Indirect Addressing

Answer

A

For indirect addressing, memory address contains another memory address. The CPU reads the indirect address to learn the address where the desired data resides and then retrieves the actual operand from that address.

Question 22

Q

Define Base+Offset Addressing

Answer

A

Base+Offset addressing uses a value stored in one of the CPU’s registers as the base location from which to begin counting.

Question 23

Q

What is Secondary Memory:

Answer

A

Secondary Memory is a term commonly used to refer to magnetic, optical or flash-based media or other storage devices that contain data not immediately available to the CPU. It is cheap

Question 24

Q

List some types of secondary memory

Answer

A

Hard disks
Flash drives
Optical media eg compact disks (CD)
Digital Versatile Disks (DVD)
Blu-ray
Virtual Memory

Question 25

Q

Explain Virtual Memory

Answer

A

Virtual Memory is a special type of memory that the OS manages to make look and act like real memory.

Question 26

Q

The most common type of virtual memory is:

Answer

A

the pagefile

Question 27

Q

Explain pagefile

Answer

A

Pagefile is a type of virtual memory. Most operating systems manage it as part of their memory management function

Question 28

Q

Explain Primary vs secondary storage

Answer

A

Primary memory means primary storage and refers to the RAM. Secondary storage consists of magnetic and optical media such as HDD, SSDs, flash drives, magnetic tapes, CDs, DVDs, flash memory cards, and the like.

Question 29

Q

Explain the term volatility of memory

Answer

A

the volatility of storage refers to a measure of how likely it is to lose data when it is turned off. Devices designed to retain their data (such as magnetic media) are classified as non-volatile, whereas devices such as static or dynamic RAM modules, which are designed to lose their data, are classified as volatile.

Question 30

Q

Define random access storage:

Answer

A

: the volatility of storage refers to a measure of how likely it is to lose data when it is turned off. Devices designed to retain their data (such as magnetic media) are classified as non-volatile, whereas devices such as static or dynamic RAM modules, which are designed to lose their data, are classified as volatile.

Question 31

Q

Explain sequential storage devices

Answer

A

: the require that you read all the data physically stored prior to the desired location. E.g. magnetic tape, to provide access to the data stored in the middle of tape, the drive must physically scan through the entire tape until it reaches the desired point. It is slower than RAM, cheap and can hold massive data. Used for backup.

Question 32

Q

Explain Data Remanence:

Answer

A

data may remain on secondary storage devices even after it has been erased.

Question 33

Q

Explain wear levelling

Answer

A

In SSDs wear levelling means that there are blocks of data that are not marked as live but that hold a copy the data when it was copied off to lower wear levelled blocks. Therefore traditional zero wipe is not effective for SSDs

Question 34

Q

Disadvantage of secondary storage

Answer

A

Data may remain on the secondary storage
Secondary storage are prone to theft
Easy access to data
Unsure availability

Question 35

Q

Explain the risk posed to monitors

Answer

A

TEMPEST can compromise the security data displayed on a monitor. Cathode Ray Tube (CRT) monitors care prone to radiate significantly., Liquid Crystal Display (LCD) monitors leak much less

Question 36

Q

Explain the compromise from TEMPEST

Answer

A

TEMPEST is a technology that allows the electronic emanations that every monitor produces (known as Van Eck radiation) to be read from a distance (this process is known as Van Eck phreaking) and even from another location. The technology is also used to protect against such activity

Question 37

Q

Explain Shoulder Surfing

Answer

A

Shoulder Surfing is a concept that someone can see what is on your screen with their eyes or video camera. It is a concern for desktop displays, notebook displays, tablets and mobile phones

Question 38

Q

Explain the vulnerability around the use of printers

Answer

A

depending on physical security it may be possible to work out of a building with sensitive information

Question 39

Q

How can you secure a printer

Answer

A

use of encrypted data transfer and authentication before printer interaction.

Question 40

Q

Explain Keyboard/ Mice vulnerability

Answer

A

Keyboard and mice are vulnerable to TEMPEST monitoring, keyboards are vulnerable to less sophisticated bugging. A simple device can be placed inside a keyboard or along its connection cable to intercept all the keystrokes that take place and transmit them to a remote receiver using a radio signal. This has the same effect as TEMPEST monitoring but can be done with much less expensive gear. Additionally, if your keyboard and mouse are wireless, including Bluetooth, their radio signals can be intercepted

Question 41

Q

Explain the vulnerability of using modems

Answer

A

Modems allow users to create uncontrolled access points into your network

Question 42

Q

What is firmware

Answer

A

Firmware is a term that is used to describe the software that is stored in a ROM chip. This type of software hardly changes, and it drives the basic operation of a computing device.

Question 43

Q

List 2 types of Firmware:

Answer

A

Firmware is a term that is used to describe the software that is stored in a ROM chip. This type of software hardly changes, and it drives the basic operation of a computing device.

Question 44

Q

BIOS full name

Answer

A

Basic Input Output System

Question 45

Q

What is BIOS

Answer

A

Basic Input Output System (BIOS) contains the operating system i.e. the independent primitive instructions that a computer needs to start up and load the operating system from disk. In most computers, BIOS is stored on the EEPROM chip to facilitate version updates

Question 46

Q

Explain the term flashing the BIOS

Answer

A

this is the process of updating the BIOS.

Question 47

Q

What is phlashing

Answer

A

phlashing is an attack in which a malicious variation of official BIOS or firmware is installed that introduces remote control or other malicious features into a device

Question 48

Q

What do you understand by UEFI

Answer

A

Unified Extensible Firmware Interface (UEFI) hav replaced traditional BIOS. It is a more advance interface between hardware and the operating system which maintains support for legacy BIOS services.

Question 49

Q

What is client-based vulnerability

Answer

A

Client based vulnerability place the user, their data and their system at risk of compromise or destruction. A client-side or client-focused attack is one where the client itself, or a process on the client, is the target

Question 50

Q

What are applets

Answer

A

Applets are code objects sent from server to client to perform some actions. They execute independently of the server that sent them

Question 51

Q

Two types of applets are

Answer

A

Java applets and ActiveX Controls

Question 52

Q

What are Java Applets

Answer

A

Java is a platform-independent programming language developed by Sun Microsystems (now owned by Oracle). Most programming languages use compilers that require the use of multiple compilers to produce different versions of a single application for each platform it must support. Java overcomes this limitation by inserting the Java Virtual Machine (JVM) into the picture.

Question 53

Q

What are ActiveX Controls

Answer

A

Active X controls are Microsoft’s answer to Sun’s java Applets. hey are implemented using a variety of languages, including Visual Basic, C, C++, and Java. There are two key distinctions between Java applets and ActiveX controls. First, ActiveX controls use proprietary Microsoft technology and, therefore, can execute only on systems running Microsoft browsers. Second, ActiveX controls are not subject to the sandbox restrictions placed on Java applets.

Question 54

Q

What are local caches

Answer

A

Local cache is anything that is temporarily stored on the client for future reuse.

Question 55

Q

List some local cache on a client

Answer

A

Address Resolution Protocol (ARP) cache, Domain Name System (DNS) cache, and internet files cache.

Question 56

Q

What is ARP cache Poisoning

Answer

A

This is caused by an attack responding to Address Resolution Protocol (ARP) broadcast queries in order to send back falsified replies. If the false reply is received by the client before the valid reply, then the false reply is used to populate the ARP cache and the valid reply is discarded as being outside an open query.

Question 57

Q

What is data flow

Answer

A

Data Flow is the movement of data between processes, devices, across a network or over communications channels

Question 58

Q

List the advantages of management of data flows

Answer

A

efficient transmission with minimal delays or latency. Ensures reliable output using hashing and confidentiality protection with Encryption. Helps prevent overload of traffic that causes denial of service.

Question 59

Q

What are load balancers used for

Answer

A

? Load balancers are used to spread or distribute network traffic load across several network links or network devices. It may be used to provide more control over data flow. To obtain more optimal infrastructure utilization, minimize response time, maximize throughput (output), reduce overloading and eliminate bottlenecks.

Question 60

Q

Load Balancing techniques to perform load distribution are:

Answer

A

random choice, preferencing, round robin and load/utilization monitoring.

Question 61

Q

Disadvantage of Data Load Balancing:

Answer

A

Denial of service attack is a severe detriment to data flow control.

Question 62

Q

What is aggregation:

Answer

A

SQL provides a number of functions to combine records from one or more table to provide potentially useful information.

Question 63

Q

Explain the security vulnerability of aggregation:

Answer

A

Aggregation attacks are used to collect numerous low level security items or low value items and combine them to create something of a high security level or value. For this reason, it’s especially important for database security administrators to strictly control access to aggregate functions and adequately assess the potential information they may reveal to unauthorized individuals.

Question 64

Q

What is Inference

Answer

A

Inference attacks involve the combining of several pieces of non sensitive information to gain access to information that should be classified at a higher level. Inference makes use of the human mind’s deductive capacity rather than the raw mathematical ability of modern database platforms.

Answer 65

A

Data Dictionary is commonly used for storing critical information about data, including usage, type sources and relationships and format.
The Database Management System software reds the data dictionary to determine access rights for users attempting to access data.

Answer 66

A

Data Mining Techniques allow analysts to comb through data warehouses and look for potential correlated information. Data Mining techniques result in the development of data models that can be used to predict future activity.

Answer 67

A

The activity of data mining produces metadata. Metadata is data about data or information about data. Metadata from a data mining operation is a concentration of data. It can also be a superset, a subset, or a representation of a larger dataset.

Answer 68

A

Incident report is metadata extracted from a data warehouse of audit logs through the use of a security auditing data mining tool.

Answer 69

A

This a secure container used to store metadata.

Answer 70

A

Data Analytics is the science of raw data examination with the focus of extracting useful information out of the bulk information set.

Answer 71

A

Big Data refers to the collection of data that is so large that the traditional means of analysis or processing are ineffective, inefficient and insufficient

Answer 72

A

collection, storage, analysis, mining, transfer, distribution and results presentation

Answer 73

A

parallel data systems or parallel computing is a computation system designed to perform numerous calculations simultaneously.

Answer 74

A

Asymmetric multiprocessing occurs when processors operate independently of each other.

Answer 75

A

symmetric multiprocessing occurs when the processors share a common OS and memory. The collective processors also work collectively on a single task, code or project

Answer 76

A

Massive Parallel Processing (MPP) is a variation on AMP, where numerous Symmetric multiprocessing systems are linked together to work on a single primary task across multiple processes in multiple linked systems.

Answer 77

A

the concept of client-server network is also known as distributed system or distributed architecture

Answer 78

A

this is the use of multiple types of access controls in lateral or theoretical concentric circles

Answer 79

A

A monolithic or fortress mentality is the belief that a single security mechanism is all that is required to provide sufficient security

Answer 80

A

cloud computing is a concept of computing where processing and storage are performed elsewhere over a network rather than locally. Cloud computing is a natural extension and evolution of virtualization, the internet, distributed architecture, and the need for ubiquitous access to data and resources

Answer 81

A

remote computing and remote virtualisation

Answer 82

A

Privacy concerns, regulation compliance difficulties, use of open versus closed-source options, adoption of open standards and security of data stored.

Answer 83

A

Hypervisor is also known as Virtual Machine Monitor (VMM), is a component of virtualisation that creates, manages, and operates virtual machines

Answer 84

A

the host OS

Answer 85

A

guest OS.

Answer 86

A

there is no host OS, hypervisor installs directly onto hardware here the OS would normally reside. Type 1 hypervisors are often used to support server virtualization.

Answer 87

A

this is a hosted hypervisor. In this configuration the standard OS is present on the hardware, and then the hypervisor is installed as another software application. E.g. guest OSs offer safe sandbox

Answer 88

A

Elasticity refers to the flexibility of virtualization and cloud solutions to expand or contract based on need.

Answer 89

A

Host Elasticity means that additional hardware hosts can be booted when needed and then used to distribute the workload of the virtualized services over the newly available capacity

Answer 90

A

computing platform is an environment in which a piece of software is executed. It may be hw or OS or even a web browser. Platform as a Service (PaaS) is the concept of providing a computing platform and service solution stack as a virtual or cloud based service

Answer 91

A

avoidance of having to purchase and maintain a high end hardware and software locally

Answer 92

A

SaaS provides on demand online access to specific software applications or suites without the need for local installation. SaaS can be implemented as a subscription service (for example, Microsoft Office 365), a pay-as-you-go service, or a free service (for example, Google Docs).

Answer 93

A

: this is the traditional deployment concept in which the organisation owns the hardware, licenses the software, operates and maintains the systems on its own usually in their own building

Answer 94

A

Hosted solution is a deployment concept where the organization must license software and then operates and maintains the software. The hosting provider owns, operates, and maintains the hardware that supports the organization’s software.

Answer 95

A

cloud solution is a deployment where an organisation contracts with a third party cloud provider. The cloud provider owns, operates and maintains the hardware and software

Answer 96

A

Private, Public, Hybrid and Community.

Answer 97

A

a private cloud is a cloud service within a corporate network and isolated from the internet. It is for internal use only

Answer 98

A

virtual private cloud is a service offered by the public cloud provider that provides an isolated subsection of a public or external cloud for exclusive use or by an organisation internally

Answer 99

A

this is accessible to the general public, typically over an internet connection. It may involve pay as you use or subscription

Answer 100

A

Hybrid Cloud is a mixture of private and public cloud components.

Answer 101

A

community cloud is a cloud environment maintained, used and paid for by a group of users or organisations doe their shared benefit, such as collaboration and data exchange

Answer 102

A

cloud solutions often have a lower up front cost, lower maintenance costs, vendor maintained security

Answer 103

A

snapshots are backups of virtual machines. They offer quick means to recover from errors or poor updates

Answer 104

A

virtualisation does not lessen the security management of OS. Therefore, patch management is essential. Virtualized OS can be tested in the same way as hardware installed Oss and vulnerability assessments and penetration testing can also be done.

Answer 105

A

Cloud Access Security Broker (CASB) is a security enforcement solution that may be installed on-premises or it may be cloud based. The goal of the CASB is to enforce and ensure that proper security measures are implemented between a cloud solution and a customer organisation.

Answer 106

A

Security as a Service (SECaaS) is a cloud provider concept in which security is provided to an organisation through or by an online entity. SECaaS often implement software-only security components that do not need dedicated on-premises hardware.

Answer 107

A

is a type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis. It includes virtualisations, servers, storage and networking

Answer 108

A

authentication, authorisation, auditing/accounting, anti-malware, intrusion detection, compliance and vulnerability scanning, penetration testing and security event management.

Answer 109

A

Grid Computing is a form of parallel distributed processing that loosely groups a significant number of processing nodes to work towards a specific processing goal.

Answer 110

A

Peer-to-Peer technologies are networking and distributed application solution that share tasks and workloads among peers. e.g. VoIP services like skype, Spotify etc.

Answer 111

A

Internet of Things involve smart devices that are internet connected in order to provide automation, remote control, or AI processing to traditional or new appliances or devices in a home or office setting.

Answer 112

A

Industrial Control Systems is a form of computer management device that controls industrial processes and machines.

Industrial Control Systems are used across a wide range of industries name them: manufacturing, electricity generation and distribution, water distribution, sewage processing and oil refining.

Answer 113

A

Distribution Control Systems (DCS), Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA)

Answer 114

A

Distribution control Systems are found in industrial process plans where the need to gather data and implement control over a large scale environment from a single location is essential.

Answer 115

A

Programmable Logic Controllers (PLCs) are single purpose or focused purpose digital computers. they are deployed for the management and automation of various industrial electro-mechanical operations. E.g. giant display system in a stadium.

Answer 116

A

Supervisory Control and Data Acquisition (SCADA) systems can operate as a stand-alone device, networked with other SCADA Systems or networked with traditional information technology (IT) systems. They are designed with minimal human interfaces.

Answer 117

A

Open Web Application Security Project (OWASP) is a non profit security project focussing on improving security for online or web-based applications. It is a large community that works together to freely share information, methodology, tools and techniques related to better coding practices and more secure deployment architectures.

Answer 118

A

Injection Attack is any exploitation that allows an attacker to submit code to a target system in order to modify its operations and or poison and corrupt its dataset.

Answer 119

A

SQL injection attacks use unexpected input to alter or compromise a web application. They are used to gain unauthorised access to an underlying database and related assets

Answer 120

A

SQL injection attacks use unexpected input to alter or compromise a web application. They are used to gain unauthorised access to an underlying database and related assets

Answer 121

A

Performing input validation and limiting account privileges.

Answer 122

A

Lightweight Directory Access Protocol (LDAP) injection is a variation of an input injection attack, the focus is on the back end of an LDAP directory service rather than the database server. Just as with SQL injection, sanitization of input and defensive coding are essential to eliminate this threat.

Answer 123

A

XML injection is another variant of SQL injection, where the backend target is an XML application

Answer 124

A

XML exploitation is a form of attack that is used either to falsify an information being sent to a visitor or cause their system to give up information without authorisation

Answer 125

A

Security Association Markup Language is an XML based convention for the organisation and exchange of communication authentication and authorization details between security domains, often over web protocols.

Answer 126

A

SAML i.e. Security Association Markup Language.

Answer 127

A

Cross-site scripting (XSS) this is a form of malicious code-injection attack in which an attacker is able to compromise a web server and inject their own malicious code into the content sent to other visitors

Answer 128

A

maintaining a patched server,
using web application firewalls,
operating Host-based Intrusion Detection Systems (HIDS),
performing server-side input validation and auditing for suspicious activities.

Answer 129

A

server-side input validation for length, malicious content and metacharacter filtering

Answer 130

A

keeping system patched, running antivirus software and avoiding nonmainstream websites. There are addons that allow only scripts of your choosing to be executed e.g. NoScript for Firefox and uBlock for Chrome.

Answer 131

A

the main purpose of XSRF is to trick the user or the user’s browser into performing actions they had not intended or would not have authorised. This could include logging out of a session, uploading a site cookie, changing account information, downloading account details, making a purchase, and so on.

Answer 132

A

request to re-enter passwords, sending text to user via email or phone or solving a Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) Another potential protection mechanism is to add a randomization string (called a nonce) to each URL request and session establishment and to check the client HTTP request header referrer for spoofing.

Answer 133

A

exposure to malicious apps, running scripts from malicious websites, allowing insecure data transmissions

Answer 134

A

Portable Electronic Devices.

Answer 135

A

remote wipe allows the deletion of all data and even configuration settings from a device remotely. It Is not a guarantee of data security as it is a deletion operation that can be undeleted. To ensure that remote wipe destroys data beyond recovery, the devise should be encrypted.

Answer 136

A

Application control is a device management solution that limits the applications that can be installed on a device

Answer 137

A

Storage Segmentation is used to artificially compartmentalize various types or values of data on a storage medium. E.g. device management systems may be used to separate company data from user data and apps.

Answer 138

A

Mobile Device management (MDM)is a software solution to the challenging task of managing mobile devices that employees use to access company devices

Answer 139

A

Mobile Device Management can be used to push or remove apps, manage data, enforce configuration settings both over the air and wifi connections. It can be used to manage company and personally owned devices (BYOD).

Answer 140

A

use of removable hardware or use of Trusted Platform Module (TPM).

Answer 141

A

Credential Management refers to the storage of credentials in a central location. Some credential management options can provide, auto login options for apps and websites.

Answer 142

A

use a password, provide a personal identification number (PIN), offer your eyeball or face for recognition, scan your fingerprint, or use a proximity device such as an Near Field Communication (NFC) or Radio Frequency Identification (RFID) ring or tile.

Answer 143

A

Geotagging is a mobile devices with GPS support that enable the embedding of geographical location in the form of latitude and longitude as well as date or time and information on photos taken with these devices.

Answer 144

A

Encryption id a protection against unauthorised access to data, whether in storage or transit.

Answer 145

A

Encryption id a protection against unauthorised access to data, whether in storage or transit.

Answer 146

A

Application whitelisting is a security option that prohibits unauthorized software from being able to execute.

Answer 147

A

whitelisting is also known as implicit deny or deny by default.

Answer 148

A

Bring Your Own Device (BYOD) is a policy that allows employees to bring their own mobile devices into work and use those devices to connect to the business network, business resources or the internet.

Answer 149

A

Company Owned Personally Enabled (COPE), Choose Your Own Device (CYOD)

Answer 150

A

Virtual Mobile Infrastructure (VMI) occurs when the operating system of a mobile device in virtualized on a central server.

Answer 151

A

: Mobile Onboarding includes installing security, management and productivity apps along with implementing secure and productive configuration settings.

Answer 152

A

An Embedded System is a computer implemented as part of a larger system.

Answer 153

A

network attached printers, smart TVs, HCAC controls, smart thermostats, smart appliances, driver assist etc

Answer 154

A

Static Environment is a set of conditions, events and surroundings that don’t change. They are applications OSs, hardware sets or networks that are configured for a specific need, capability or function

Answer 155

A

cyber physical systems are devices that offer a computational means to control something in the physical world they are key elements in robotics and sensor networks. E.g. collision avoidance vehicles, air traffic control etc.

Answer 156

A

Internet of Things (IoT) is a collection of devices that can communicate over the internet with one another or with a control console in other to affect and monitor the real world

Answer 157

A

Internet of Things (IoT) is a collection of devices that can communicate over the internet with one another or with a control console in other to affect and monitor the real world.

Answer 158

A

Network Segmentation involves controlling traffic among networked devices.

Answer 159

A

Complete or Physical Network Segmentation occurs when a network is isolated from all outside communications or transactions only.

Answer 160

A

Logical network segmentation can be imposed through the use Virtual Local Area Networks (VLANs) or through other traffic control means.

Answer 161

A

security layers exists where devices with different level of classification or sensitivity are grouped together and isolated from other groups with different levels. Logical Isolation involves the use of classification Labels on data and packets which must be respected and enforced by network management. Physical segmentation involves the use of air gaps between networks of different security levels.

Answer 162

A

Application firewall is a device, server add on, virtual service or system filter that defines a strict set of communication rules.

Answer 163

A

Network Firewall is a hardware device, typically called an appliance, designed for general network filtering

Answer 164

A

Manual updates should be used in a static environment to ensure that only tested and authorised changes are implemented.

Answer 165

A

Wrappers are used to enclose or contain something else. Wrappers are well known in the security community in relation to Trojan horse malware. A wrapper of this sort is used to combine a benign host with a malicious payload.

Answer 166

A

Abstraction says that users of an object don’t necessarily know how the object works they need to know just the proper syntax for using the object and the type of data that will be returned as a result. E.g. classes

Answer 167

A

Data Hiding ensures that data existing at one level of security is not visible to processes running at diff security levels. i.e. need to know.

Answer 168

A

Process Isolation requires that the system provide separate memory spaces for each process’s instruction and data. It also requires that the operating system enforce those boundaries, preventing one process from reading or writing data that belongs to another process.

Answer 169

A

it prevents unauthorised access, it protects the integrity of processes.

Answer 170

A

Hardware segmentation enforces requirements through the use of physical hardware controls rather than logical process isolation controls imposed by the operating system

Answer 171

A

when designing operating processes, you should ensure that they run in user mode whenever possible. The greater the number of processes that execute in privileged mode, the higher the number of potential vulnerabilities that a malicious individual could exploit to gain supervisory access to the system.

Answer 172

A

this requires the use of granular access permissions, that is diff permissions for each type of privileged operation

Answer 173

A

Accountability is an essential component in any security design.it involves ability to monitor activities and interactions with system resources and configuration data and to protect resulting logs from unwanted access or alteration so that .

Answer 174

A

Covert channel is a method that is used to pass information over a path that is not commonly used for communication

Answer 175

A

covert timing channel conveys information by altering the performance of a system component or modifying a resource’s timing in a predictable.

Answer 176

A

covert storage channel conveys information by writing data to a common storage area where another process can read it.

Answer 177

A

this violation occurs when programmers fail to validate input data sufficiently, particularly when they do not impose a limit on the amount of data their software will accept as input.

Answer 178

A

These are entry points into a system that are known only by the developer of the system. They are also known as back doors

Answer 179

A

this occurs when an attacker gains access to a system and makes small, random or incremental changes to data during storage, processing, input, output or transaction rather than obviously altering file contents

Answer 180

A

Such changes can be difficult to detect unless files and data are protected by encryption or unless some kind of integrity check (such as a checksum or message digest) is routinely performed and applied each time a file is read or written. Encrypted file systems, file-level encryption techniques, or some form of file monitoring (which includes integrity checks like those performed by applications such as Tripwire and other file integrity monitoring [FIM] tools).

Answer 181

A

Salami attack is the systemic whittling of assets in accounts or other records with financial value, where small amounts are deducted from balances regularly and routinely.

Answer 182

A

Salami attacks can be avoided through proper separation of duties and controls.

Answer 183

A

buffer overflow, any program must be able to handle exception.

Answer 184

A

Time of check (TOC) is the time at which the subject checks the status of the object.

Answer 185

A

Time of Use (TOU) when the decision is made to access the object, the procedure accesses it at the time of use (TOU).

Answer 186

A

race conditions are situations where the attacker is racing with the legitimate process to replace the object before it is used.

Answer 187

A

Service Oriented Architecture (SOA) constructs new applications or functions out of existing but separate and distinct software services.

Answer 188

A

electromagnetic radiation interception can be eliminated by reducing emanation through cable shielding or conduit and block unauthorised personnel and devices from getting close to the equipment or cabling by applying physical security controls. TEMPEST Technology can provide protection against EM radiation eavesdropping. These include Faraday cags, jamming or noise generators and control zones.

Answer 189

A

: Faraday Cage is a special enclosure that acts as an EM capacitor.

Brainscape's Knowledge GenomeTM

Chapter 9- Security Vulnerabilities, Threats and Countermeasures Flashcards

Brainscape's Knowledge Genome^TM