Final Exam

Question 1

These enforce a series of rules defining
what kind of network traffic is allowed and
what is not allowed

Answer 1

Firewall

Question 2

The act of verifying the identity of a particular person

Answer 2

Authentication

Question 3

Difference between a threat and an attack

Answer 3

Threat is a potential and does not need to have occured

Question 4

Three goals of security

Answer 4

Prevention, Detection, Recovery

Question 5

Why anti-virus is not perfect

Answer 5

1) Zero-day attacks, 2) based on signatures for KNOWN malware (lots of variants)

Question 6

Occurs when a malicious user utilizes a vulnerable web app to send malicious code to a different end user

Answer 6

XSS

cross-site scripting, a type of injection

Question 7

This part of the operating system creates and manages files and directories

Answer 7

File system

Question 8

Standard of proof in a criminal case vs a civil case

Answer 8

Criminal: beyond a reasonable doubt
Civil: preponderance of the evidence (AKA more likely than not)

Question 9

What are 4 ways malware can get onto a system

Answer 9

flashdrives, spam email, emails from infected friends/contacts, malicious websites, infected websites, infected computers on a network

Question 10

password are stored on a system as these, which vary based on a operating system
Also, how does a system authenticate a user password attempt

Answer 10

Hashes
The system hashes the attempt and compares the calculated hash to the stored hash

Question 11

What is the California Security Breach Act and its importance

Answer 11

Requires organizations that maintain personal identifiable information to inform customers about data breaches
Important bc if you work in security industry, there are notification requirements and guidelines (state governed)

Question 12

Systems on a network that includes files and/or progams in use by multiple people on or outside a network

Answer 12

Servers

Question 13

Sets of devices, software, and cables that enables the exchange of information

Answer 13

Network

Question 14

Describe two network topologies

Answer 14

Bus - Every component is connected to a single line, with “taps” for each
component
Advantages: quick to deploy, cheap
■ Disadvantage: lots of collisions, unreliable, a break in the line causes
the network to fail, performance is directly related to number of
components and usage
■ Example: Cable internet

Ring - Every component has 2
connections – a left and a right
side
■ Basically a bus with a
connection back around to
the beginning
■ Disadvantages:
Performance is generally
poor, not scalable, break in
one connection causes
complete network failure

Star
● Each node is connected to a
central point
● Most common physical topology
(Ethernet)
● Advantages: fast, non-central
failure does not bring down the
network, scalable
● Disadvantages: used to be very
expensive, but not anymore,
single point of failure, lots of
cabling

Mesh
● Advantages: self-healing, failure
tolerant, potentially fast
● Disadvantages: no known route
traversal, difficult to control and
filter traffic
● Example: Wireless ad-hoc
network

Question 15

This device inspects the data of a packet to see if it is malicious in nature

Answer 15

IDS

Question 16

What was the first operating system & service pack to include a firewall enabled by default

Answer 16

Windows XP SP2

Question 17

Any program that is hidden within another

Answer 17

Trojan

Question 18

What is CIA and why is it important?

Answer 18

“Confidentiality
Only those with sufficient privileges and a demonstrated need may access certain information

Integrity
Quality or state of being whole, complete, or uncorrupted

Availability
Enables user to access information without interference or obstruction and in a useable format

Traits of well-implemented security”

Question 19

What happens when there is not enough RAM for memory

Answer 19

Virtual memory - aka pagefile or swapfile

Paging allows for memory to be “swapped” out to the hard disk when there is not enough RAM to hold everything attempting to be stored

Question 20

Inserting code into a web app when it should be processing data

Answer 20

Code injection

Question 21

This model is a set of guidelines used to standardize network processes
What are the layers

Answer 21

OSI or TCP/IP

7) Application
6) Presentation
5) Session
4) Transport
3) Network
2) Data Link
1) Physical

Question 22

Examples of layer 6 of the OSI model, presentation

Answer 22

.doc, .jpg

Question 23

Smallest unit of processing that can be scheduled

Answer 23

Thread

Question 24

The act of luring a victim to divulge his/her personal or financial info

Answer 24

Phishing

Question 25

An executable set of code

Answer 25

Program

Question 26

This command is used to test the reachability of a host and measure round-trip time for messages sent from a host to a destination machine

Answer 26

Ping

Question 27

Explain the three way handshake

Answer 27

Hi, I’m here. Are you there. SYN Yes, I see you’re there, I’m here and listening. SYN,ACK Great! Got your response. Ready to start sending. ACK

Question 28

Purpose of PAR

Answer 28

Positive acknowledgement and retransmission Allows receiver to reassemble message and for sender to know which packets may have gotten dropped after the 3-way handshake

Question 29

What type of user account has complete power over a system?

Answer 29

Super user

Question 30

This part of any computer system is responsible for managing hardware and software resources

Answer 30

Operating System

Question 31

Self-replicating computer programs

Answer 31

Computer viruses/worm

Question 32

What does the TCP sliding window do

Answer 32

Indicates how many segments can be sent before ACK - smaller when the computer is busier and bigger when the computer is idle

Question 33

What are the 3 pieces of hardware where data resides on a computer and how long do each store it? Order of speed?

Answer 33

CPU - fastest - only holds data for immediate use RAM - fast - holds data for currently running processes Hard drive - slowest - holds data for permanent storage

Question 34

Difference between dynamic and static IP addresses

Answer 34

Dynamics is assigned via DHCP server/router on the network automatically as hosts connect Static are assigned by a person to a network interface/system

Question 35

What are ports?

Answer 35

Like PO boxes - allows the network to direct traffic at a specific program or service

Question 36

A single system in a network that connects to the internet

Answer 36

Gateway

Question 37

Four layers of the TCP/IP model

Answer 37

Network, internet, transport, application

Question 38

Difference between public and private IP addresses and purpose of each

Answer 38

Public - purchased from an ISP and paid for - how you connect to the rest of the internet Private - created by your router within your home network in order to share one public IP address amongst many devices

Question 39

What type of encryption uses the same key for encryption and decryption

Answer 39

Symmetric, DES, AES

Question 40

The first version of Windows designed from a security standpoint and what went wrong

Answer 40

Vista; too much security impacted usability

Question 41

Name and describe 4 types of malware

Answer 41

Spyware - malicious software that enters a user's computer, gathers data from the device and user, and sends it to third parties without their consent Ransomeware - encrypts files on a device, rendering any files and the systems that rely on them unusable until a ransom is paid Keylogger - records keystrokes Backdoor - attack bypassing existing security systems to gain unauthorized access

Question 42

Phishing attack aimed at specific individuals or companies

Answer 42

Spearphishing

Question 43

According to OWASP, this type of web attack is the most common security risk to web apps

Answer 43

Code injection

Question 44

Difference between stored and reflected cross site scripting

Answer 44

Stored - code is injected and permanently on target servers (databases), victim retrieves malicious script when they request the stored info Reflected - injected code reflected off of web server. response includes some or all of input sent to server as part of the request. Delivered to user via email message/other web server, user is tricked into clicking on malicious link

Question 45

The science of manipulating human beings to divulge confidential info or take a certain action

Answer 45

Social engineering

Question 46

Difference btwn top down and bottom up info processing

Answer 46

Top down - knowledge driven, based on prev exp, goals/expectations drive perception Bottom up - used when knowledge is lacking, recognition by components, info driven

Question 47

Four steps of a social engineering attack

Answer 47

Research, hook, play, exit

Question 48

4 basic human tendencies

Answer 48

Reciprocity, social proof, consistency, scarcity, liking, authority

Question 49

Lollipop vs onion model

Answer 49

Lollipop - perimeter, hard crunchy shell on outside, soft chewy center inside, valuables exposed once perimeter breached onion - layered security architecture

Question 50

used to control intercommunication btwn lvls of trust

Answer 50

Access Control Lists (ACLs)

Question 51

4 main components of a secure network topology

Answer 51

Perimeter firewall (btwn internet and organization) Perimeter network (DMZ - area btwn perimeter firewall and internal firewall) Internal firewall (limits all access to internal network) Internal Network (location of rest of info assets)

Question 52

6 basic ways to defend your system (personal and enterprise)

Answer 52

- remove unnecessary hardware - rename admin account and change password - remove unused user accounts - use antivirus and keep it up to date - use software/hardware firewalls - use encryption - perform backups - enforce password policies - content filter - app whitelisting - restrict BYOD

Question 53

Type of software designed to detect and prevent unauthorized attempts to copy/send sensitive data, intentionally or unintentionally, even if the person is authorized to access the info

Answer 53

Data loss prevention software

Question 54

Using court approved methods to acquire, investigate, and present evidence which allows decision makers to act on knowledge

Answer 54

Digital forensics

Question 55

Difference btwn 3 types of investigations

Answer 55

Internal - internal to org (e.g. employee processes unauthorized documents) Civil - 2 parties in a civil suit (e.g. employee sues for wrongful termination) Criminal - criminal lawsuit (e.g. CP)

Question 56

2 golden rules of forensics

Answer 56

1 - protect and preserve evidence 2 - always assume case will go to court

Question 57

Examples of what are considered "original evidence media"

Answer 57

Hard disk, CD rom, SSD, cell phone, tablet, USB flash drive, portable hard drive, email accounts, server

Question 58

Items required for court admissibility of a hard drive

Answer 58

Bitstream copy (forensic image) of drive Imaging log record cryptographic hashes of source drive and image file Chain of custody document

Question 59

What is Info Sec Management

Answer 59

Activities relating to protection of info/info assets against risk of loss, misuse, disclosure, or damage and describes controls that org needs to implement to ensure risks are managed

Question 60

Benefits of risk assessments

Answer 60

Proactive rather than reactive Help identify vulnerabilities Help identify threats Will provide info to form cohesive strategy

Question 61

2 procedures used for contingency planning

Answer 61

Incident response - procedure for when infosec incident occurs Disaster recovery - procedure for when natural/manmade disaster occurs

Question 62

3 things needed to adequately secure a system, and the weakest link

Answer 62

People (weakest link), process, technology

Question 63

Characteristics of common law legal systems

Answer 63

- uncodified - everything based on precedent - contest btwn 2 opposing parties before a judge who moderates - divided into criminal, civil, and administrative codes - everyone innocent until proven guilty

Question 64

3 roles of computers in a lawsuit

Answer 64

computer assisted crime computer targeted crime computer was incidental