Domain 2 Security Flashcards

(118 cards)

1
Q

Wireless Encryption

A

data is being sent over the air and anyone can listen

Encryption makes the signal impossible to understand without the key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

WEP

A

Wired equivalent privacy
vulnerabilities / Do not use
often uses a hexadecimal key for authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

WPA

A

short term solution for WEP
its legacy/ do not use
uses TKIP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

WPA2

A

uses CCMP block cipher mode / Counter Mode and Cipher Block Chaining

data confidentiality with AES encryption

WPA2- Personal / pre-shared key

WPA2 - Enterprise / authentication server, no shared key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

WPA3

A

uses GCMP block cipher mode / Galois/Counter Mode Protocol
stronger than WPA2, fixes WPA2 PSK has issue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Authentication

A

Radius : remote authentication dial-in user service, talk to VPNS

TACAS+ : terminal access control access control system
Connect to network equipment, usually a Cisco device

Kerberos : usually a Microsoft network, supports SSO when logging into a domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Authentication

A

single-factor = password
Multifactor = password and certificate or captive portal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Malware

A

any software initially designed to cause disruption to computer server without the user’s knowledge or consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Virus

A

code that runs on a computer without the user’s knowledge
typically attached to an executable which allows it to replicate
spread using email, websites, and/or network file sharing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Worm

A

similar to a virus but it will self replicates
exploits network vulnerabilities to spread and infect more hosts
spread through emails, websites, and network shares
doesn’t need human interaction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Ransomware

A

restricts the use of a computer until the user pays a ransom, often encrypts the data and holds the key to unlock it ransom

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Trojan

A

appears to perform a desired function, but actually does something malicious
used to deliver other malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Spyware

A

software used to spy on the user

can be difficult to detect

examples include keyloggers, rootkits, system monitors, and tracking cookies

can be used with adware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Keylogger

A

form of spyware

used to record keystrokes, personal info/passwords

info can be sent over network or stored locally for later pickup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Rootkit

A

designed to hide and give attackers access to the computer

often used to hide other types of malware or provide ongoing access

difficult to detect with traditional malware scanners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Botnet

A

network of infected devices

usually not easy to tell if you are infected

bot software waits for instructions from a controlling device

often used to perform DDoS attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Boot Sector Virus

A

will infect the system boot partition or the master boot record

a type of malware that runs as soon as your OS is booted, not after, therefore making it harder for anti-malware to prevent

secure boot, which is included in UEFI BIOS, should prevent unsigned software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Cryptominers

A

malware that unknowingly uses your computer, to complete tasks that earn the hacker cryptocurrency

mining cryptocurrency uses a lot of CPU resources, and attackers typically try to gain access to multiple CPUs

a spoke in your CPU utilization could be a warning sign

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Windows Recovery ENvironment

A

windows recovery environment gives you complete control of your system before it even starts

be careful to know what you’re doing; the environment contains all the files related to your OS

can remove malicious software before it boots up

can repair the file system boot sector or master boot record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Removal Methods

A

antivirus/antimalware
software usually quarantines files before removal , make sure its updated, make sure its running in real time

Completely reinstall the OS
Restore from backup, make sure it’s a clean backup
manually install the OS, make sure you have your data backed up first

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

An ounce of Prevention

A

End user education, don’t go to sketchy websites, don’t plug in flash drives you found on the street, identify spam/ malicious messages, anti-phishing training

Software firewalls
Windows firewall is built into the Windows OS and enabled by default
macOS/Linux may have packages installed but not enabled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Social Engineering

A

tricking users into giving out confidential information or performing other actions such as downloading malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Phishing

A

used to try to hook users often through links in email or websites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Spear Phishing (phishing)

A

targets a specific individual or institution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Whaling (phishing)
targets someone at a high level such as a CEO
26
Vishing Attack
like phishing but it is done over the phone or voicemail trusted companies will not ask for sensitive information in email or phone calls
27
Shoulder surfing
attacker looks over the shoulder of a user to obtain information Can be done with phone cameras as well, use a privacy screen, never leave password/PIN info visible, lock or log off computers when not using them
28
Tailgating
attacker follows closely behind an authorized user into a secure area turnstiles and access control vestibules are effective measures to prevent this
29
Impersonation
attacker pretends to be an authorized employee convince user to give up info or perform a task
30
Dumpster diving
Attacker looks through the trash/recycling for sensitive information
31
Evil Twin
wireless form of a phishing attack attacker will create a wireless access point with the same or similar SSID of an existing network always use HTTPS and a VPN to protect yourself
32
Denial of Service (DoS) attacks
attacker overloads target with information causing it to fail Distributed DoS (DDoS) uses an army of devices to perform DoS attack devices in a botnet may be referred to as zombies
33
Zero-Day Exploits
many applications have vulnerabilities that jsut haven't been found yet ethical hackers find exploits and report them to companies an attack using a previously unknown exploit is called a zero-day attack
34
Spoofing
pretending you are something/someone you aren't Email address, MAC address, DNS servers
35
On-Path Attack
traffic is redirected through a middleman device you may have no idea information is being siphoned use encrypted protocols to protect against this
36
Password Attacks
most password attacks don't happen at the login page attackers gain access to the password file or database contains passwords in a hashed format-not clear text attackers then created hased versions of password guesses, then compare them to the database
37
Brute force attack ( password attack)
attackers attempt every combination of viable characters, takes a long time, often not viable
38
Dictionary attack ( password attack)
attackers use a list of common words
39
Rainbow table attack ( password attacks)
attackers use an optimized list of pre-hashed values significantly faster compared to other attacks not viable if has is salted random values are added
40
Insider Threat
Former and current employees have institutional knowledge that is valuable to attackers - attacks can get a better idea of when, where, and how to attack - this can earn the insider a lof money some attackers try to get hired by the company they intend to attack, thus giving them even more access
41
SQL Injection
Websites typically have a database to store information related to the site - SQL (Structured Query Language) is a programming language used to talk to the database AN improperly formatted website could allow an attacker to manipulate the SQL code and find information they shouldn't have access to e.g. personal employee data
42
Cross-site Scripting (XSS)
an attack where information from one site is shared with the attackers there is a common web application development error that allows malware to take advantage of JavaScript keep your browser up to date and don't click on any untrusted links Input validations - make it so that users can't put scripts into an input field
43
Non-Compliant Systems
systems who don't comply with the Standard Operating Environment (SOE), are a major security concern for your network Make sure devices are installing new OS updates, security patches, and anti-virus signatures - non-compliant systes will warm the users, and potentially lose access to the network
44
Unpatched Systems
windows release patches on the second Tuesday of every month any device that is not patched is the weakest link on your network and that's the device that attackers will target
45
Unprotected Systems
sometimes during troubleshooting, it might be necessary to disable some of your security features - disabling the firewall - disabling the antivirus be sure to tur these on once you are done. never permanently disable security features
46
EOL OSs
End of Life (EOL) Manufacturer stops selling an OS, they might continue supporting the OS and release important security patches and updates
47
End of Service Life ( EOSL)
Manufacture stops selling and stops supporting the OS No more security patches and updates At this point, you need to find an alternative solution
48
BYOD ( Bring Your Own Device)
Employees bring their own devices to use for company purposes, you must make sure that these devices meet your company's security requirements The MDM will help keep the data on the device separated, protected, and make sure that the device's security is up-do-date
49
Screen Locks
always use a screen lock most secure is finger print swipe lock is the worst one
50
Locator/Remote Wipe
find my iPhone Google Find My device Features: make sound, lockout, remote wipe, or see location on map Useful when the device is stolen/lost
51
Mobile OS Patching/Updates
ensure your mobile device is patched and updated
52
Full Device Encryption
data encryption is an option for Android and iphone data is encrypted by default
53
Remove Backup Applications
backup/restore device to/from cloud iCloud for apple Google or manufacturer for Android
54
Antinvirus/Antimalware
Malware and viruses are less of a problem on mobile devices Antivirus/malware apps can be installed via App Store or Play Store
55
Failed Login Attempts Restrictions
set via settings can lockout user for a certain amount of time can be set to initiate factory reset with enough failure
56
Biometric Authentication
unlock screen lock login to apps use instead of passwords
56
Firewall
3rd party apps are available from app stores mobile phones normally don't have firewalls
56
Policies and Procedures
BYOD - Bring Your Own Device may require the installation of management software Corporate Owned - typically managed through the installation of management software Profile security requirements -require all users to use screen locks, strong passwords, and mobile device wipe capabilites
57
Low-level format
creates physical sectors-done at the factory not recommended for users can also mean an overwrite
57
Internet of Things (IoT)
devices that are connected to your home or work network
57
Physical Destrucstion
Industrial shedders - ripe apart the drives Drill - drill holes into the drive Hammer - Degaussing - destroys the ability for magnetic plate to hold information via electromagnetic field Incineration - ER2 will do this
58
Standard Format - Regular
Sometimes it's important to make sure that sensitive data is unable to be recovered Overwrite - Overwrite data with all 0's - Repeat 7 times for DoD standards Drive wipe
59
Data Destruction and Disposal
responsibility to dispose of storage devices safely: data security and legal liability performed on-site or by external company: external company will provide a certificate of destruction
60
Standard Format - Quick Format
organizations may want to recycle/repurpose drives instead of destroying them Quick Format (Windows) - deletes partition table so OS doesn't understand contents - savvy users could recover data from platters
60
Which wireless encryption uses TKIP
WPA
61
Why do we need wireless encryption
to keep our data signal private
62
WEP is safe to use, True or False
False
63
Which authentication provides centralized triple A (AAA), particularly for remote access scenarios?
Radius, Remote authentication dial-in user service centralized authentication, Radius servers talk to VPNs
64
TACACS+
terminal access controller access cisco device, equipment is connecting to quipment
65
Kerberos
supports SSO when logging into a domain
66
Not an area of centralized management in network environments
Administration
67
Makes up an area of centralized management in network environments
Authorization Accounting Authentication
68
You suspect someone is recording everything you type into the computer. What kind of malware are you dealing with?
Keylogger
69
After downloading a game, you start getting random popups and your computer runs slowly. What type of malware is this?
Trojan
70
You notice symptoms of a malware infection, but a malware scan does not find anything. What kind of malware is this?
Rootkit, will be scanned for but will change itself to look like the same thing
71
A user's pc has become inoperable and only shows a message asking for payment to unlock the computer. What is this?
Ransomware
72
Cryptominer
is malware used to perform calculations in an effort to accumulate a cryptocurrency. Often uses extensive CPU cycles and causes performance issues on the system
73
Botnet
a group of computers that are under the control of a third-party. Botnets can be used to provide large-scale distributed attacks
74
An attacker is using every combination of letters, numbers, and special characters in an attempt to discover a user's password. What would describe this attack type?
Brute Force
75
An internal audit has found that asever in the DMZ appears to be infected with malware. The malware does not appear to be part of a file in the OS and the malware is started each time the system is started. What type of malware would be MOST likely found on this server?
Boot sector virus, a virus in the boot sector. To stop this you would need to get into a preboot environment,
76
You want to ensure that company data is secure in the event of a lost device. What method is best?
Bitlocker
77
What does a strong password?
A strong password includes capital letters, lower case letters, symbols, and numbers
78
You want to ensure users can't edit BIOS configurations. What should you set?
Supervisor password
79
Which of the following security precautions is most important? Changing Default Credentials Disabling Guest Account Setting screen locks Setting login attempts restictions
Changing default credentials
80
An employee is leaving your organization. What should you do with their Active Directory acount?
Disable it
81
A system administrator is troubleshooting an older application on a Windows 10 computer and needs to modify the UAC (User Account Control)process. What options would provide access to these settings?
User accounts, settings are contained in the COntril Panel's user accounts applet
82
System Information
provide information about a system's hardware, components, and software environment
83
A Windows 10 user is installing a new application that also installs a service. What permission will be required for this installation?
Administrator
84
A business partner in a different country needs to access an internal company server during the very early morning hours. The internal firewall will limit the partner's access to this single server. What would be the MOST important security task to perform on this server?
Install the latest OS patches, which will ensure that any known vulnerabilities are always removed before they could possibly be exploited
84
An employee has modified the NTFS permissions on a local file share to provide read access to Everyone. However, users connecting from a different computer do not have access to the file. What is the reason for this issue?
Share permissions restrict access from remote devices
85
Full device encryption
ensures that all of the information on the tablet cannot be viewed by anyone outside of the company, so if something was stolen or lost, all of the data on the device would remain private
86
Firewall app
keep unauthorized users from accessing the tablet over the network
86
Locator Application
provides the location of the device
87
87
88
88
89
90
91
91
92
93
93
94
95
96
97
97
98
99
100
100
100
101
102
103
104