Flashcards in IS3440 CHAP 1 SECURITY THREATS TO LINUX Deck (59):
____ a web server service used primarily on Linux.
____ is a Parkerian hexad concept related to the CIA triad concept of integrity. It can help users and administrators verify that important communications, are genuine.
___ a CIA triad concept in which users have access to their data when they want it.
___ is the first thing that is run when you power up an older computer. It identifies and tests connected hardware to a point where an operating system can be loaded from media such as a hard drive.
BASIC INPUT/OUTPUT SYSTEM (BIOS)
___ is a user who wants to break into computer systems and networks with malicious purposes in mind.
___ is the private company that is the corporate backer of the Ubuntu distribution.
___ is a vendor-neutral certification for information security created by (ISC) that requires professional experience in multiple security domains.
CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONS (CISSP)
___ this specifies three goals of information security: confidentiality integrity, and availability.
___ is one of the ISECOM channels for security audits.
COMMUNICATIONS SECURITY (COMSEC)
___ in the open source community, this is a malicious user who wants to break into a computer system.
___ is one of several open source licenses used to share the source code for software.
GNU GENERAL PUBLIC LICENSE (GPL)
___ is the open source implementation of PGP, developed by the GNU Foundation.
GNU PRIVACY GUARD (GPG)
___ is a recursive acronym for the work of the GNU Foundation, including the clones of UNIX tools and libraries found in current Linux distributions.
GNU'S NOT UNIX (GNU)
____ is a US law that specifies confidentiality requirements for personal financial data.
GRAMM-LEACH-BLILEY ACT (GLBA)
____ is the organization associated with open source security certification and testing. It qualifies security professionals with four professionals with four certificates.
OSPA; OSPE; SOPT, AND OWPE.
(ISECOM) INSTITUTE FOR SECURITY AND OPEN METHODOLOGIES
___ is a CIA triad concept of trust, verified by means such as GPG key.
___ is an organization for security professionals. It qualifies professionals through the SSCP and CISSP certifications.
(ISC)2 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM
____ is part of the Transmission Control Protocol/Internet Protocol suite of protocols. It is normally used to send error and network status messages.
(ICMP) INTERNET CONTROL MESSAGE PROTOCOL
____ is a version of the Internet Protocol still in common use today that the addresses use 32 bits.
(IPv4) INTERNET PROTOCOL VERSION 4
___ is a more recent version of the Internet Protocol in common use that the addresses use 128 bits.
(IPv6) INTERNET PROTOCOL VERSION 6
____ is a security control system that limits access to objects such as files and directories to specified users and groups.
MANDATORY ACCESS CONTROL
This is a reference to network address translation where private Internet Protocol (IP) addresses on a network ______ with a public IP address, normally the gateway address to the network.
___ is a file-sharing system connected to a network, normally using file-sharing protocols such as Samba.
(NFS) NETWORK FILE SYSTEM
___ is a manual for security audits, testing, and analysis, created through ISECOM.
(OSSTMM) OPEN SOURCE SECUIRTY TESTING METHODOLOGY MANUAL
___ is a certification sponsored by ISECOM for professionals who can assess legal requirements, design security tests, and measure controls in the context of the scientific method.
(OSPA) OSSTMM PROFESSIONAL SECURITY ANALYST
___ is a certification sponsored by ISECOM for Linux professionals qualified to use various security programs.
(OSPE) OSSTMM PROFESSIONAL SECURITY EXPERT
___is a certification sponsored by ISECOM for Linus professionals qualified to use various security programs.
(OSPT) OSSTMM PROFESSIONAL SECURITY TESTER
___ is a certification sponsored by ISECOM for professionals who can audit a wireless network infrastructure.
(OWSE) OSSTMM PROFESSIONAL WIRELESS SECURITY EXPERT
___ are supplements the CIA triad goals of confidentiality, integrity, and availability with three more goals:
POSSESSION OR CONTROL, AUTHENTICITY, AND UTILITY.
___ is a sequence of characters used to control access, frequently used to verify connections to encrypted services such as SSH. This can use spaces.
___ is one of the ISECOM channels for security.
(PHYSSEC) PHYSICAL SECURITY
___ is a malicious packet of ICMP data to a system that may be used to crash a target computer system.
PING OF DEATH
____ is a Parkerian hexad concept for control of confidential information.
POSSESSION OR CONTROL
___ is a program that encrypts messages and more with digital signatures based on private and public encryption keys. (First, the sender can use a private ___ key to encrypt a message, then the recipient can use a public ___ key to decrypt that message.)
(PGP) PRETTY GOOD PRIVACY
___ is a file and printer sharing service compatible with Microsoft's Common Internet File System.
___ is a US law that specifies financial-disclosure requirements for public companies.
(SOX) SARBANES-OXLEY ACT
___ is one of the ISECOM channels for security audits, related to non-physical communications over the electromagnetic spectrum.
(SPECSEC) SPECTRUM SECURITY
___ is an attack where a malicious user assumes the identity of another user or organization.
___ is a service that caches internet data to speed response times that can also track the sites browsed by users.
___ is a vendor-neutral certification for information security created by (ISC)2. It is suited to candidates working toward becoming security professionals.
(SSCP) SYSTEMS SECURITY CERTIFIED PRACTITIONER
___ is a protocol and service that uses clear-text authentication.
___ is a member of the protocol suite that supports reliable connections.
(TCP) TRANSMISSION CONTROL PROTOCOL
___ is the first thing that is run when you power up a relatively new computer. It identifies and tests connected hardware to a point where an operating system can be loaded from media such as a hard drive.
(UEFI) UNIFIED EXTENSIBLE FIRMWARE INTERFACE
___ is a member of the (TCP/IP) protocol suite that supports congenialness "best-efforts" communications.
(UDP) USER DATAGRAM PROTOCOL (UDP
___ in the Linux community, this is a user who wants to create better software. In the non-Linux community, it is an authorized user who runs security diagnostic tools to test the security features of a system or network.
WHITE HAT HACKER
1. Which of the following terms is associated with malicious users in the open source community?
2. Which of the following concepts is NOT part of the CIA triad?
3. Which of the following security certifications is associated with open source software?
4. Which of the following OSSTMM channels is associated with wireless security?
5. Which of the following is NOT an OSSTMM audit phase?
6. Which of the following components makes up the core of the Linux operating system?
1. Cloned software from UNIX
2. The kernel
3. Linux libraries
4. Linux services
7. Which of the following is na open source license?
2. Public domain
3. GNU GPL
4. Any Microsoft license
8. From the following options, name the component that is NOT part of a Linux User Domain.
1. Regular users
2. Regular groups
3. Service users
4. Computer users
9. From the following options, select a security advantage of open source software.
1. The efforts of the open source community
2. Secrecy in the source code
3. No information is released before a solution is available
4. None of the above
The efforts of the open source community
10. Which of the following methods can be used to recover from an unbeatable situation in Linux, minimizing any risk of lost data? (Select two).
1. Recovery mode
2. Live CD
3. Reinstalling Linux
4. UEFI modification
11. From the following list, which is a system management tool for Linux?
1. Red Hat Zenworks
2. The Ubuntu
4. Systems management server
12. Which of the following is a positive effect of virtualization on security?
1. Many virtual machines will confuse malicious users
2. Virtual machines can be configured with many services
3. Virtual machines can be configured as firewalls
4. Additional virtual machines make it possible to configure more bastion hosts.
Additional virtual machines make it possible to configure more bastion hosts.
13. A developer who just wants to create better software in the open source world ins known as a ___.