Notes From Lynda Course Flashcards

Question

Two components of every malware

Answer 1

1. Propagation Mechanism | 2. Payload

Answer 2

The way a malware object spreads

Answer 3

The malicious action that the malware performs

Answer 4

Type of malware that is spread by user interaction (User education is the best preventative measure)

Answer 5

Type of malware that spreads by itself - require vulnerable systems to spread (Keeping systems updated is the best preventive measure)

Answer 6

Type of malware that disguise themselves as a beneficial program with a malicious payload (Application control is the best protection from this)

Answer 7

Provides backdoors to hacked systems

Answer 8

Adware, Spyware, Ransomware

Answer 9

Virus, Worm, Trojan Horse

Answer 10

Provides unregulated workaround access to a system using modified code

Answer 11

Hardcoded accounts, default passwords, and unknown access channels can provide access

Answer 12

Uses modified code to deliver a triggered payload

Answer 13

Rootkits, Polymorphism, and armored viruses

Answer 14

Software techniques used to hide other software on a system

Answer 15

Changes signature to avoid detection, they use a different encryption key with each system they infect

Answer 16

Prevents reverse engineering, sandboxing, and blocks system debuggers to prevent detection

Answer 17

A special superuser account that provides unrestricted access to system resources

Answer 18

Backdoors, Botnet agents, Adware/spyware, Antitheft mechanisms

Answer 19

Run with normal user privileges, easy to write and difficult to detect

Answer 20

Run with system privileges, difficult to write, and easy to detect

Answer 21

Identifying viruses by detecting known code patterns from a database

Answer 22

All of the flags are set to 1 in the header packet which can crash a system or can be used to do OS fingerprinting

Answer 23

Domain Name Service - A service that translates common domain names into IP addresses for the purpose of network routing

Answer 24

Address Resolution Protocol - Protocol that translates logical IP addresses into the hardware (MAC) addresses on the LAN

Answer 25

AKA URL Hijacking - an attack that consists of registered domain names similar to official sites, hoping that users will make a typo and visit their site

Answer 26

Steals a domain registration or alter DNS records

Answer 27

Alters hardware addresses

Answer 28

Alters IP Addresses - often used in DoS attacks - not useful in attacks that require return data because receiving data on a spoofed IT is not easy

Answer 29

Blocks incoming traffic from external networks bearing an internal source IP address - useful for blocking spoofing attacks

Answer 30

Blocks outbound traffic from internal networks bearing a source IP address that you don't control

Answer 31

1. Brute Force, 2. Dictionary Attack, 3. Hybrid Attack 4. Rainbow Table Attack

Answer 32

Attempts all combinations for a password - only works for short non-complex passwords. AKA Known Ciphertext Attacks

Answer 33

All English language words are attempted

Answer 34

Adds common variations to the Dictionary Attack

Answer 35

Pre-computed hashes are used

Answer 36

The set of all possible encryption keys usable with an algorithm

Answer 37

Studies the patterns of letters in cipher text

Answer 38

Attacker has both the encrypted and unencrypted versions of a password and uses this as a decryption key for other messages

Answer 39

The attacker creates an encrypted message and attempts to determine the key that is being used

Answer 40

When a system supports many different types of encryption, the attacker uses a MITM attack to force two other systems that are attempting to communicate to switch to a weaker algorithm and the attacker can eavesdrop on and crack the password

Answer 41

Client side attack that exploits vulnerabilities in the client accessing the server. Usually using a highly targeted (usually trusted websites) website and bundling a botnet to infect other systems

Answer 42

An attack where the attacker hides elements of a webpage behind other elements so that a used cannot see what he or she is actually clicking - Form of CSRF

Answer 43

Specialized form of clickjacking that tricks the used about the cursor's location on the screen

Answer 44

Allows an attacker to manipulate the file system structure on a web server - the attacker uses directory navigation references to search for unsecured files on a server

Answer 45

If user input exceeds the space allotted for the data

Answer 46

An attacker exploits a vulnerability in a system that allows the attacker to run commands on that system.

Answer 47

Code execution attacks where the attacker runs commands of his or her choice

Answer 48

Code execution attacks that take place over a network connection

Answer 49

1. Limit administrative access | 2. Patch systems and applications with all available security updates

Answer 50

Driver manipulation technique that modifies a driver to carry out malicious activities. It requires access to the driver source code

Answer 51

Driver manipulation technique that wraps a malicious driver around the outside of the driver. Does not require access to the legitimate driver's source code.

Answer 52

1. Authority/Trust 2. Intimidation 3. Consensus and Social Proof (Herd mentality) 4. Scarcity (Act quickly or you will miss out) 5. Urgency 6. Familiarity and Liking

Answer 53

Highly targeted phishing attack

Answer 54

Subset of spear phishing - focuses on senior executives

Answer 55

A fake website is sent to users and looks like a familiar website

Answer 56

Voice phishing attacks asking for credentials over the phone or tell them to go to a website to download something

Answer 57

Spam via IMs

Answer 58

Connects two networks together at Layer 2 using MAC address

Answer 59

Connect different telecommunications networks together

Answer 60

Transmission Control Protocol/Internet Protocol

Answer 61

Responsible for routing information across the networks Provides an addressing schema (IP Addresses) Delivers packets from the source to its destination Network Layer Protocol

Answer 62

TCP and UDP

Answer 63

Responsible for the majority on internet traffic Connection-oriented protocol Establishes connections between to systems before transmitting data Guarantees delivery through acknowledgement Widely used for critical applications because of its reliability

Answer 64

Used to identify packets in the three way handshake process

Answer 65

SYN - Establish a connection FIN - Close a connection ACK - Acknowledges a SYN or FIN request

Answer 66

More lightweight than TCP Connectionless/ no handshake No Acknowledgements or guaranteed delivery Good for voice and video applications

Answer 67

Wires, Radios, Optics

Answer 68

Data transfers between two nodes

Answer 69

TCP and UDP

Answer 70

Exchanges between two systems

Answer 71

Data translation and encryption

Answer 72

User programs

Answer 73

Translates domain names into IP addresses

Answer 74

16-bit binary number 2 to the 16th power or 65,536 possible Ranges from 0-65,535

Answer 75

21: FTP 22: SSH 53: DNS 137-139: NetBIOS 3389: RDP

Answer 76

SMTP (Simple Mail Transfer Protocol)

Answer 77

POP (Post Office Protocol)

Answer 78

IMAP (Internet Message Access Protocol)

Answer 79

25: SMTP 110: POP 143: IMAP

Answer 80

``` Function shows: Destination unreachable Redirects Time exceeded Address mask requests and replies ```

Answer 81

ping | traceroute

Answer 82

Tracks open connections

Answer 83

Source system address Destination system addresses Destination port and protocol Action (allow or deny)

Answer 84

Any traffic not explicitly permitted by a rule should be automatically denied

Answer 85

Specifically protect web applications by using application awareness to peer deep into the application layer and block web attacks

Answer 86

Anonymization Performance boosting because the proxy server caches website Content filtering increases security

Answer 87

Sits between the user and web server

Answer 88

Work on behalf of the client, web server does not detect the proxy server

Answer 89

Work on behalf of the server, Client does not detect proxy server

Answer 90

Are not seen by the client or server. AKA inline proxies or forced proxies. Sits between the client and the outside network. Causes issues with SSL and TLS encrypted communications

Answer 91

SSL Cert Mgmt URL Filtering Other Web Application Security tasks

Answer 92

A type of load balancing where each server gets an equal number of requests (Simplest)

Answer 93

Type of load balancing that routes an individual user's requests to the same server every time

Answer 94

Active-Active and Active-Passive

Answer 95

Tow or more load balancers actively handle network traffic and continue to function with diminished capacity if one fails

Answer 96

One load-balancer handles all traffic while a second monitors activity and assumes responsibility of the primary load balancer fails

Answer 97

1. They allow secure interconnection of remote networks | 2. They provide mobile workers with a way to securely connect from a remote location to an organization's network

Answer 98

Network layer VPN protocol commonly used for site-to-site VPNs but is difficult to configure. May be blocked by the firewall. Adds security to TCP/IP networks

Answer 99

Application layer VPN protocol commonly user for remote access VPNs and easier to configure. Uses port 443 because it is typically allowed through every firewall

Answer 100

Full-Tunnel VPN | Split-Tunnel VPN

Answer 101

Everything is encrypted, including web browsing. All network traffic leaving the connected device is routed through the VPN tunnel. regardless of its final destination.

Answer 102

Only traffic destined for the corporate network is sent through the VPN tunnel. Other traffic is routed directly over the Internet

Answer 103

All mobile devices are configured automatically to connect to the VPN

Answer 104

ESP (Encapsulating Security Payload) and AH (Authentication Headers)

Answer 105

Provides confidentiality and integrity protection for packet payloads

Answer 106

Provides integrity protection for packet headers and payloads. Makes sure that no changes are made to the packet while it is in transit

Answer 107

Each pair of cryptographic protocol and hash function

Answer 108

Shadowed rules Promiscuous rules Orphaned rules

Answer 109

Rules that are placed in a lower priority position and are overlooked by a firewall

Answer 110

Allow more access than necessary

Answer 111

When something likes a service is decommissioned and the rules are never removed.

Answer 112

Restrict network traffic

Answer 113

"Write Once, Read Many" - The centralized log repository should be configured this way to prevent log tampering

Answer 114

Standardized way to quickly and easily synchronize all of the system clocks within an organization. Install on a centralized time server.

Answer 115

Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. (Formal definition from NIST)

Answer 116

1. Maps to risk tolerance 2. Adapts to ongoing needs 3. Actively involves management providing leadership and resources

Answer 117

1. Define a strategy 2. Establish a monitoring program 3. Implement the program as automated as possible to collect the metrics, perform assessments and build reports 4. Analyze and report the findings from the collected data 5. Respond by mitigating, avoiding, transferring, or accepting the risk 6. Review and update the monitoring program to fit needs