Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

TM112: Block 2 > Part 7, Dangerous data / data on your computer > Flashcards

Part 7, Dangerous data / data on your computer Flashcards

1
Q

these can be configured within disk optimization on windows

A

where can

TRIM setting

be configured on windows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

this part of the accronym stands for

integrity

from a security perspective this means that data should remain unchanged unless intended people are editing it

A

describe the

I

of the acronym CIA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

this is some danger that can exploit a vulnerability

A

describe what a

threat

is

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what will be inside a flash memory cell if it is interpreted as the following

1. read as 1

2. read as 0

A

within a flash memory cell what will each of these charges be interpreted as

1. filled with electrons (negative charge)

2. filled with no electrons

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what is a

live system image

A

this is the process of taking an image of ram while it is running

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what are some settings a

registry hive

may hold

A

some settings these might hold are:

  1. Desktop settings
  2. Printers
  3. Network settings
  4. Environmental settings
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

describe what a

zero day

is

A

this is a vulnerability that is unknown to software developers and security companies.

notes

  • These types of vulnerabilities are sold on the black market and when used are known as a zero day attack.
  • The purchase price for one of these can be worth hundreds of thousands when speaking about a major OS or browser
  • On average when one of these becomes known to the the developers it can take on average 300 days to fix the vulnerability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

to produce a hash from a given input this will use a combination of:

  1. constants
  2. AND, OR, NOT logic operators
  3. modulus operator with large prime numbers to produce smaller numbers from large numbers
A

what will a

hash algorithm

use in order to produce a hash from a given input

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

this is the heart of the virus and contains the viruses destructive code such as corrupting or collecting data or creating back doors

A

describe the

payload

of a virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

how does a

peer-to-peer botnet

maintain resillience

A

this maintains resillience by having each zombie only knowing the address of a few other zombies

destroying a commander or server does not cripple the entire botnet since only the botnets in its address range will be affected and any other zombie can pick up the role of the disabled commander or server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what

data might you typically find in ram

A

held in here you may find

  1. Instructions and data that will be needed by the processor
  2. The operating system
  3. Information about running programs and processes
  4. Networks a computer is connected to
  5. Decrypted passwords and files as well as the keys that decrypted them
  6. Registry hives
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

give two examples of a

vulnerability

A

some examples of this include

  1. allowing employees to insert any usb into network attached computers
  2. having out of date operating system or antivirus
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

give two examples of a

threat

A

some examples of this are

  1. zero-day attacks
  2. employees wishing to cause harm
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

name two technical factors that

malware

could use to gain entry to a computer

A

technical factors that this could exploit to gain entry to a computer could be

  1. using known weaknesses (exploits) in either software or hardware
  2. using a zero-day
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

with this the malware will rewrite its own code without effecting its functionality. therefore the data created will have a new signature

A

what is

metamorphic malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

to fully acheive this

  1. encryption should be used when data is being sent from client to server
  2. hashing should be used to store all data.
  3. Further encryption may be used to hide the hash
A

when

protecting passwords

describe where the following should be used

  1. encryption
  2. hashing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

this is One way SSDs mitigate wear and involves not repeatedly using the same area of the drive but instead spread out new writes across the drive

A

what is

wear levelling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

this accronym stands for

1. confidentiality

2. integrity

3. availability

A

what does the accronym

CIA

stand for

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

this is a software or an option within software that can ensure that a disk image is read only. Ensuring that the disk image remains unchanged even if it is mounted and navigated

A

what is a

write blocker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

these are mainly concerned with spreading itself across networks. and may lie dormant until a command is received to do something

A

how do

botnets

operate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

this type of attack involves iterating over a dictionary to see if you can get a password match

A

describe what a

dictionary attack

is

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

describe

adware

A

Forces users to view advertising and may report their internet use to advertisers or its creators.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

what are

heuristics

used by antivirus programmes

A

these are rules used to identify malware and relies on using previous knowledge about how malware operates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

what is a

write blocker

A

this is a software or an option within software that can ensure that a disk image is read only. Ensuring that the disk image remains unchanged even if it is mounted and navigated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
when this is performed: 1. file is sent to the recycle bin and renamed so it begins with $R 2. an additional file known as the $I file is created in a hidden location and will hold the metadata from the $R file (NOTE: the $I file allows recovery of the original file)
what happens when you perform a **soft delete** on windows
26
some settings these might hold are: 1. Desktop settings 2. Printers 3. Network settings 4. Environmental settings
what are some settings a **registry hive** may hold
27
this is the term used when two different files produce the same hash and so hashing algorithms are created in a way that reduces this to a near zero likelihood
what is a ## Footnote **hash collision**
28
this stands for **P****rogrammable logic controller**
what does the accronym **PLC** stand for
29
what are three drawbacks of using **signatures** to detect malware
some drawbacks of using these is that 1. an antivirus can only detect malware if it holds one of these for that particular malware 2. authors of malware frequently update their malware creating a variant and producing the same problem as the above 3. sophisticated malware is built to be polymorphic or metamorphic
30
describe the term **Information assets**
this is s a term used by cybersecurity professionals which describes information such as names, addresses and passports. Individuals also posses this in the form of personal photos e.t.c
31
these may be found and used within 1. electrical generation and distribution 2. Water and sewage pumps 3. Car engines
name three places you may find a **P****rogrammable logic controller (PLC)**
32
describe a ## Footnote **client-server botnet**
These are an older type of botnet and is made up of zombies which all speak to a **command and control server.**
33
this is the process of creating a disk image from a hard drive that has been removed from a computer (often carried out for forensic investigation)
what is ## Footnote **dead system imaging**
34
some examples of this are 1. zero-day attacks 2. employees wishing to cause harm
give two examples of a **threat**
35
give three examples of a ## Footnote **countermeasure**
three examples of this are ## Footnote **1. installing and updating antivirus software** **2. configuring a network with security in mind** **3. seperation of duties**
36
within a peer-to-peer botnet describe the ## Footnote **server zombie**
this will be a zombie in charge of managing sections of the botnet such as zombies within a companies intranet
37
what is the **signature** that antivirus programmes use to detect malware
this is data created by the malware which can be detected within memory or inside a file
38
1. Every different piece of plaintext produces a unique hash (The benefit of this is that you cannot find resemblance between two pieces of plain text) 2. Every hash produced will be the same length (the benefit of this is you cannot know the length of the original plaintext) 3. From a hash its almost impossible to find the original plaintext (this makes it great to store passwords in this form since their is no easy way to find the original plaintext)
give three main points about ## Footnote **hashing**
39
Forces users to view advertising and may report their internet use to advertisers or its creators.
describe ## Footnote **adware**
40
describe and give an example of ## Footnote **identification**
this is the process of _claiming_ you are a particular individual (example: when you give your name at the airport)
41
to perform this human factors/traits that are exploited could be 1. Curiosity 2. Greed 3. Helpfulness/politeness 4. Friendship
name four ## Footnote **human traits/factors that are exploited during a social engineering attack**
42
this is software that allows you to read data on a binary level
what is a ## Footnote **hex editor**
43
this is an exact copy (bit for bit) of a storage device. It will typically be stored as a compressed file
what is a ## Footnote **disk image**
44
These can be accessed and seen as the first folders within the **registry editor.** These in turn hold registry keys which hold more registry keys or a registry value
where can **registry hives** be viewed via the GUI
45
describe what **Advanced persistent threats (APTs)** are
this is a combination of attacks used that leave organisations exposed for prolonged periods of time
46
where can **registry hives** be viewed via the GUI
These can be accessed and seen as the first folders within the **registry editor.** These in turn hold registry keys which hold more registry keys or a registry value
47
these are a self replicating program just like viruses however they do not rely on human interaction to spread themselves across networks and computers they can copy and transport themselves instead (note: Worms are the most common type of malware currently in use)
describe what a **worm** is
48
what are the two methods in which **malware** can gain access to a computer
this can gain entry to a computer by exploiting either 1. human factors 2. technical factors
49
the fact these have **no moving parts is their main benefit** the benefits of this are: 1. less likely to encounter physical damage to internal components 2. all data is loaded with equal performance 3. battery power is saved 4. file fragmentation is no longer an issue since all data is loaded with equal performance
what is the main benefit of **Solid State Drives (SSDs)** and what are four benefits that come of this
50
in real life and on the internet these three steps allow you to be ## Footnote **identified as an individual and given the access you are permitted to have**
what does **Identification, authentication and authorization** allow as a whole
51
what are the two ## Footnote **main types of botnet**
these have two main types being 1. client-server 2. peer-to-peer
52
this is the act of finding and recovering a file by using the magic number associated with that file type. Since the magic number is usually in the header with the file length it is possible for the software to recover all of the deleted data, assuming it had not been overwritten in any way or been highly fragmented
describe **File carving / data carving**
53
describe in three points a ## Footnote **peer-to-peer botnet**
a description of this is that 1. This is a more modern approach to creating a botnet 2. does not rely on a single command and control server 3. each zombie knows the address of a few other zombies and any zombie can take on different roles
54
what is ## Footnote **ata secure erase**
this is a protocol and command built into the firmware of most SSDs. When used it will reset an entire SSD by sending a spike of voltage to all memory cells and in turn removing all data from the SSD
55
this is typically performed on a list of stolen passwords
how is a **dictioanry attack** usually carried out
56
how were ## Footnote **P****rogrammable logic controllers (PLCs)** born
these were born out of the need to quickly recalibrate or set-up new assembly lines before these assembly lines could take months to setup for new parts or models with the birth of these it became days
57
within a **virus** what are the three main programming concepts that you will find
this will contain 1. an infection mechanism 2. a trigger 3. a payload
58
this will be a zombie that receives commands from the botnet operator and then issues them across the botnet
describe the **commander** within a peer-to-peer botnet
59
this is s a term used by cybersecurity professionals which describes information such as names, addresses and passports. Individuals also posses this in the form of personal photos e.t.c
describe the term **Information assets**
60
describe the **A** of the acronym CIA
this part of the accronym stands for ## Footnote **availability** **this means that data should be available to read and edit whenever desired by intended people**
61
what happens when you perform a **soft delete** on windows
when this is performed: 1. file is sent to the recycle bin and renamed so it begins with $R 2. an additional file known as the $I file is created in a hidden location and will hold the metadata from the $R file (NOTE: the $I file allows recovery of the original file)
62
give five uses of a ## Footnote **botnet**
this may be used to 1. send spam email 2. click on advertisements (**click fraud**) 3. attempt to decrypt passwords (**Brute-force decryption**) 4. bitcoin mining 5. denial of service attack
63
this is the process of _proving_ your identification (example: when you show your passport at the airport)
describe and give an example of ## Footnote **authentication**
64
how do **client-server botnets** typically communicate with their servers
these typically communicate with their servers using internet relay chat which was originally designed for instant messaging
65
these were born out of the need to quickly recalibrate or set-up new assembly lines before these assembly lines could take months to setup for new parts or models with the birth of these it became days
how were ## Footnote **P****rogrammable logic controllers (PLCs)** born
66
describe what a **dictionary attack** is
this type of attack involves iterating over a dictionary to see if you can get a password match
67
what is a ## Footnote **registry hive**
for every new user that logs on to a machine a new registry hive is created the registry hive is a collection of low to high level settings and describes a users profile.
68
what is a ## Footnote **hex editor**
this is software that allows you to read data on a binary level
69
1. Pc is infected with worm 2. It will then scan all ports of the system and ports of other systems to see if there is any open and any that are vulnerable to attack such as not being patched for a known bug 3. Once a port is found that is vulnerable it will scan the destination pc to see what operating system and apps it has installed to see if it is suitable for infection 4. once a successful scan has been run it sends a copy of itself across that port to the destination pc
describe in four steps ## Footnote **how a worm spreads itslef**
70
when this is performed: 1. all references including the $I if applicable are deleted (NOTE: only references to the original file are deleted meaning that the data still exists although the operating system has no access to it)
what happens when you perform a ## Footnote **hard delete**
71
this will contain 1. an infection mechanism 2. a trigger 3. a payload
within a **virus** what are the three main programming concepts that you will find
72
how is a cell within flash memory given a charge
to hold a charge this will have an electric voltage applied to the top of it. this causes negative electrons to be attracted to it giving it a negative charge. since it is insulated the charge is maintained even when there is no power
73
what is ## Footnote **polymorphic malware**
with this the malware uses an encryption key in order to scramble its data and therefore creating a variety of signatures
74
describe and give an example of ## Footnote **authentication**
this is the process of _proving_ your identification (example: when you show your passport at the airport)
75
what is ## Footnote **stuxnet**
this was a virus discovered in the summer of 2010 and was the first of its kind in the sense that instead of targeting a huge number of publicly owned computers it was specifically designed to attack and control siemens PLCs
76
a description of this is that 1. This is a more modern approach to creating a botnet 2. does not rely on a single command and control server 3. each zombie knows the address of a few other zombies and any zombie can take on different roles
describe in three points a ## Footnote **peer-to-peer botnet**
77
these typically communicate with their servers using internet relay chat which was originally designed for instant messaging
how do **client-server botnets** typically communicate with their servers
78
this is a technique used to bring down an entire peer-to-peer botnet. it involves editing the address list of all the zombies so that they all speak to a server known as a **sinkhole computer** which is owned by the parties attacking the botnet. Since all zombies then only speak to the sinkhole the botnet is left effectivelly useless (note: these can also be used in the collection of information about the owners of the botnet)
when speaking about peer-to-peer botnets describe what a **sinkhole** is
79
this is a combination of attacks used that leave organisations exposed for prolonged periods of time
describe what **Advanced persistent threats (APTs)** are
80
these have two main types being 1. client-server 2. peer-to-peer
what are the two ## Footnote **main types of botnet**
81
describe and give an example of ## Footnote **authorization**
this follows the process of identification and authentication and provides access (example: the guard allowing entry to a country once they are satisfied with your identification and authentication)
82
this may be used to 1. send spam email 2. click on advertisements (**click fraud**) 3. attempt to decrypt passwords (**Brute-force decryption**) 4. bitcoin mining 5. denial of service attack
give five uses of a ## Footnote **botnet**
83
describe the steganography technique known as ## Footnote **Least significant bit (LSB)**
this is a simple yet effective method of implementing Steganography. It works by having a message you want to hide already in bits and then for each pixel change either the last or last two bits so that they match your hidden message. To retrieve the message one would simply have to gather the least significant bits used to hide the message and use them to reconstruct the hidden message
84
what does the accronym **CIA** describe
This is an acronym to describe the guiding principles behind information security
85
this part of the accroynym stands for ## Footnote **Confidentiality** **from a security perspective this means data should only be read by the intended people**
describe the **C** of the acronym CIA
86
this can gain entry to a computer by exploiting either 1. human factors 2. technical factors
what are the two methods in which **malware** can gain access to a computer
87
this part of the accronym stands for ## Footnote **availability** **this means that data should be available to read and edit whenever desired by intended people**
describe the **A** of the acronym CIA
88
when speaking about peer-to-peer botnets describe what a **sinkhole** is
this is a technique used to bring down an entire peer-to-peer botnet. it involves editing the address list of all the zombies so that they all speak to a server known as a **sinkhole computer** which is owned by the parties attacking the botnet. Since all zombies then only speak to the sinkhole the botnet is left effectivelly useless (note: these can also be used in the collection of information about the owners of the botnet)
89
name four ## Footnote **human traits/factors that are exploited during a social engineering attack**
to perform this human factors/traits that are exploited could be 1. Curiosity 2. Greed 3. Helpfulness/politeness 4. Friendship
90
this is data created by the malware which can be detected within memory or inside a file
what is the **signature** that antivirus programmes use to detect malware
91
what is a ## Footnote **hash collision**
this is the term used when two different files produce the same hash and so hashing algorithms are created in a way that reduces this to a near zero likelihood
92
this part of the virus is in charge of finding new files, disk space or devices to infect
describe the **infection mechanism** of a virus
93
is a network of compromised machines known as **zombies**. A single one of theses may be made up of thousands or millions of **zombies**.
describe a ## Footnote **botnet**
94
what is ## Footnote **TRIM**
this is software used by SSDs and involves removing any unreferenced data and getting it ready to be written to while there is downtime on the drive. This process speeds up writing since the memory cell does not need to be cleaned before writing since it has already been done
95
Attempts to access personal information by monitoring keystrokes or patterns of activity.
describe ## Footnote **spyware**
96
describe what a **countermeasure** is
this is some action that protects assets from vulnerabilities and threats
97
what is the main weakness of ## Footnote **client-server botnets**
the main weakness of these comes from having a single **command and control server** which if cut of disables the botnet entirely
98
describe the terms **Cybersecurity / information security**
these are terms to describe the tools, knowledge and best practices regarding the protection of: 1. Computers 2. Communication networks 3. Programs 4. Data
99
name three places you may find a **P****rogrammable logic controller (PLC)**
these may be found and used within 1. electrical generation and distribution 2. Water and sewage pumps 3. Car engines
100
this is software used by SSDs and involves removing any unreferenced data and getting it ready to be written to while there is downtime on the drive. This process speeds up writing since the memory cell does not need to be cleaned before writing since it has already been done
what is ## Footnote **TRIM**
101
some drawbacks of using these is that 1. an antivirus can only detect malware if it holds one of these for that particular malware 2. authors of malware frequently update their malware creating a variant and producing the same problem as the above 3. sophisticated malware is built to be polymorphic or metamorphic
what are three drawbacks of using **signatures** to detect malware
102
what is ## Footnote **wear levelling**
this is One way SSDs mitigate wear and involves not repeatedly using the same area of the drive but instead spread out new writes across the drive
103
with this the malware uses an encryption key in order to scramble its data and therefore creating a variety of signatures
what is ## Footnote **polymorphic malware**
104
what must happen to a **solid state drive (SSD) memory cell** before it is written to
when this is to be written to it must first have its content completely removed this means that slack space on an SSD will no longer contain old data
105
this is essentially a computer that runs a set of installed instructions. The instructions may be for example to move a robotic arm
what is a ## Footnote **P****rogrammable logic controller (PLC)**
106
technical factors that this could exploit to gain entry to a computer could be 1. using known weaknesses (**exploits**) in either software or hardware 2. using a zero-day
name two technical factors that **malware** could use to gain entry to a computer
107
one drawback of these is that they rely on previous knowledge about malware any malware using new techniques will go unnoticed by the antivirus
what is one drawback of antivirus programmes using ## Footnote **heuristics**
108
what does **Identification, authentication and authorization** allow as a whole
in real life and on the internet these three steps allow you to be ## Footnote **identified as an individual and given the access you are permitted to have**
109
one advantage these hold is that they are relatively cheaper to buy
what is one advantage **hard disk drives (HDDs)** have over solid state drives (SSDs)
110
this follows the process of identification and authentication and provides access (example: the guard allowing entry to a country once they are satisfied with your identification and authentication)
describe and give an example of ## Footnote **authorization**
111
describe a ## Footnote **botnet**
is a network of compromised machines known as **zombies**. A single one of theses may be made up of thousands or millions of **zombies**.
112
this is a vulnerability that is unknown to software developers and security companies. _notes_ * These types of vulnerabilities are sold on the black market and when used are known as a zero day attack. * The purchase price for one of these can be worth hundreds of thousands when speaking about a major OS or browser * On average when one of these becomes known to the the developers it can take on average 300 days to fix the vulnerability
describe what a **zero day** is
113
what is **Enhanced Metafile (EMF)**
this is an image file format that was originally created by microsoft. One purpose for it is that when a file is printed windows converts the file into an EMF format it is then held in the printers spooler file and in turn RAM
114
describe what a **trojan** is
this is a virus that is built into an application the application itself will seem legit and performs the advertised task however it will contain a virus. Trojan viruses are not self replicating and rely on human interaction to spread
115
how do **botnets** operate
these are mainly concerned with spreading itself across networks. and may lie dormant until a command is received to do something
116
this is the act of hiding data within other data such as an image.
what is ## Footnote **steganogaphy**
117
the reason that hashing passwords alone cannot protect against this attack is because the dictionary used for this attack can also be hashed and so a match can still be found
why can hashing passwords alone not protect against a ## Footnote **dictionary attck**
118
describe what a **threat** is
this is some danger that can exploit a vulnerability
119
what is a ## Footnote **P****rogrammable logic controller (PLC)**
this is essentially a computer that runs a set of installed instructions. The instructions may be for example to move a robotic arm
120
what is an ## Footnote **image mounter**
this is software that is able to read and write to disk images. Upon mounting a disk image it will appear as a physical disk and can be navigated as normal via the OS you are using
121
name 5 potential places that words for a **dictionary which will be used for a dictionary attack** could come from
this could contain words from 1. The a-z dictionary 2. Most used passwords 3. Professional terminology such as medical terms 4. Literature 5. Tv and film
122
descibe what a **vulnerability** is
this is a point at which there is potential for a breach
123
the main weakness of these comes from having a single **command and control server** which if cut of disables the botnet entirely
what is the main weakness of ## Footnote **client-server botnets**
124
this is a semiconductor material surrounded by an insulator and is able to hold a charge even when there is no power
what is a cell within ## Footnote **flash memory**
125
describe the **payload** of a virus
this is the heart of the virus and contains the viruses destructive code such as corrupting or collecting data or creating back doors
126
this is an isolated environment that mimics an operating system
what is a ## Footnote **sandbox**
127
describe the **I** of the acronym CIA
this part of the accronym stands for **integrity** **from a security perspective this means that data should remain unchanged unless intended people are editing it**
128
what is ## Footnote **metamorphic malware**
with this the malware will rewrite its own code without effecting its functionality. therefore the data created will have a new signature
129
for every new user that logs on to a machine a new registry hive is created the registry hive is a collection of low to high level settings and describes a users profile.
what is a ## Footnote **registry hive**
130
describe the **infection mechanism** of a virus
this part of the virus is in charge of finding new files, disk space or devices to infect
131
what is one drawback of antivirus programmes using ## Footnote **heuristics**
one drawback of these is that they rely on previous knowledge about malware any malware using new techniques will go unnoticed by the antivirus
132
what is the main benefit of **Solid State Drives (SSDs)** and what are four benefits that come of this
the fact these have **no moving parts is their main benefit** the benefits of this are: 1. less likely to encounter physical damage to internal components 2. all data is loaded with equal performance 3. battery power is saved 4. file fragmentation is no longer an issue since all data is loaded with equal performance
133
to hold a charge this will have an electric voltage applied to the top of it. this causes negative electrons to be attracted to it giving it a negative charge. since it is insulated the charge is maintained even when there is no power
how is a cell within flash memory given a charge
134
Hidden programs used by attackers to remotely control or access a computer.
describe ## Footnote **rootkits**
135
what is a ## Footnote **disk image**
this is an exact copy (bit for bit) of a storage device. It will typically be stored as a compressed file
136
this maintains resillience by having each zombie only knowing the address of a few other zombies destroying a commander or server does not cripple the entire botnet since only the botnets in its address range will be affected and any other zombie can pick up the role of the disabled commander or server
how does a **peer-to-peer botnet** maintain resillience
137
describe the **C** of the acronym CIA
this part of the accroynym stands for ## Footnote **Confidentiality** **from a security perspective this means data should only be read by the intended people**
138
this is some action that protects assets from vulnerabilities and threats
describe what a **countermeasure** is
139
how is a **dictioanry attack** usually carried out
this is typically performed on a list of stolen passwords
140
when **protecting passwords** describe where the following should be used 1. encryption 2. hashing
to fully acheive this 1. encryption should be used when data is being sent from client to server 2. hashing should be used to store all data. 3. Further encryption may be used to hide the hash
141
what are two techniques that antivirus programmes use when working with ## Footnote **heuristics**
when using this the antivirus programme may 1. decompile a suspected programme and see if it contains instructions such as copying itself or overwriting operating system files 2. put the programme within a sandbox and then execute the programme to see what instructions it tries to execute
142
what is one advantage **hard disk drives (HDDs)** have over solid state drives (SSDs)
one advantage these hold is that they are relatively cheaper to buy
143
this spreads by relying on human interaction such as a file being shared via a medium such as email
how does a **virus** spread
144
this is a point at which there is potential for a breach
descibe what a **vulnerability** is
145
when speaking in terms of file carving what is the ## Footnote **magic number**
this is a number that is a kind of signature for a file type. each file type will produce its own one of these which is usually located inside the header
146
this is the term used to describe using human factors/nature to defeat the security of a device
describe the term ## Footnote **social engineering**
147
what is a ## Footnote **ram dump**
this is the process of viewing or copying the contents of ram
148
within a flash memory cell what will each of these charges be interpreted as **1. filled with electrons (negative charge)** **2. filled with no electrons**
what will be inside a flash memory cell if it is interpreted as the following ## Footnote **1. read as 1** **2. read as 0**
149
describe in four steps ## Footnote **how a worm spreads itslef**
1. Pc is infected with worm 2. It will then scan all ports of the system and ports of other systems to see if there is any open and any that are vulnerable to attack such as not being patched for a known bug 3. Once a port is found that is vulnerable it will scan the destination pc to see what operating system and apps it has installed to see if it is suitable for infection 4. once a successful scan has been run it sends a copy of itself across that port to the destination pc
150
These are an older type of botnet and is made up of zombies which all speak to a **command and control server.**
describe a ## Footnote **client-server botnet**
151
three examples of this are ## Footnote **1. installing and updating antivirus software** **2. configuring a network with security in mind** **3. seperation of duties**
give three examples of a ## Footnote **countermeasure**
152
describe the **commander** within a peer-to-peer botnet
this will be a zombie that receives commands from the botnet operator and then issues them across the botnet
153
this is some action that will make the virus deliver its payload such as a date or an execution of a file
describe the **trigger** of a virus
154
This is an acronym to describe the guiding principles behind information security
what does the accronym **CIA** describe
155
this is the process of _claiming_ you are a particular individual (example: when you give your name at the airport)
describe and give an example of ## Footnote **identification**
156
Redirect browsers to unwanted websites, either to earn advertising clicks or to download further malware. Some of the sites masquerade as legitimate websites and are designed to harvest personal information such as logins and credit card details.
describe ## Footnote **hijackers**
157
this is the process of viewing or copying the contents of ram
what is a ## Footnote **ram dump**
158
this is a virus that is built into an application the application itself will seem legit and performs the advertised task however it will contain a virus. Trojan viruses are not self replicating and rely on human interaction to spread
describe what a **trojan** is
159
this is an image file format that was originally created by microsoft. One purpose for it is that when a file is printed windows converts the file into an EMF format it is then held in the printers spooler file and in turn RAM
what is **Enhanced Metafile (EMF)**
160
describe the term ## Footnote **social engineering**
this is the term used to describe using human factors/nature to defeat the security of a device
161
what happens when you perform a ## Footnote **hard delete**
when this is performed: 1. all references including the $I if applicable are deleted (NOTE: only references to the original file are deleted meaning that the data still exists although the operating system has no access to it)
162
this is the process of taking an image of ram while it is running
what is a ## Footnote **live system image**
163
where can **TRIM setting** be configured on windows
these can be configured within disk optimization on windows
164
describe ## Footnote **hijackers**
Redirect browsers to unwanted websites, either to earn advertising clicks or to download further malware. Some of the sites masquerade as legitimate websites and are designed to harvest personal information such as logins and credit card details.
165
describe ## Footnote **spyware**
Attempts to access personal information by monitoring keystrokes or patterns of activity.
166
this will be a zombie in charge of managing sections of the botnet such as zombies within a companies intranet
within a peer-to-peer botnet describe the ## Footnote **server zombie**
167
this is a number that is a kind of signature for a file type. each file type will produce its own one of these which is usually located inside the header
when speaking in terms of file carving what is the ## Footnote **magic number**
168
describe what a **worm** is
these are a self replicating program just like viruses however they do not rely on human interaction to spread themselves across networks and computers they can copy and transport themselves instead (note: Worms are the most common type of malware currently in use)
169
this is software that is able to read and write to disk images. Upon mounting a disk image it will appear as a physical disk and can be navigated as normal via the OS you are using
what is an ## Footnote **image mounter**
170
what is ## Footnote **dead system imaging**
this is the process of creating a disk image from a hard drive that has been removed from a computer (often carried out for forensic investigation)
171
held in here you may find 1. Instructions and data that will be needed by the processor 2. The operating system 3. Information about running programs and processes 4. Networks a computer is connected to 5. Decrypted passwords and files as well as the keys that decrypted them 6. Registry hives
what ## Footnote **data might you typically find in ram**
172
what is a cell within ## Footnote **flash memory**
this is a semiconductor material surrounded by an insulator and is able to hold a charge even when there is no power
173
describe **File carving / data carving**
this is the act of finding and recovering a file by using the magic number associated with that file type. Since the magic number is usually in the header with the file length it is possible for the software to recover all of the deleted data, assuming it had not been overwritten in any way or been highly fragmented
174
these maintain resillience by 1. using encryption 2. using multiple servers in different countries
how do **client-server botnets** maintain resillience
175
this is a protocol and command built into the firmware of most SSDs. When used it will reset an entire SSD by sending a spike of voltage to all memory cells and in turn removing all data from the SSD
what is ## Footnote **ata secure erase**
176
give three main points about ## Footnote **hashing**
1. Every different piece of plaintext produces a unique hash (The benefit of this is that you cannot find resemblance between two pieces of plain text) 2. Every hash produced will be the same length (the benefit of this is you cannot know the length of the original plaintext) 3. From a hash its almost impossible to find the original plaintext (this makes it great to store passwords in this form since their is no easy way to find the original plaintext)
177
what does the accronym **CIA** stand for
this accronym stands for ## Footnote **1. confidentiality** **2. integrity** **3. availability**
178
describe the **trigger** of a virus
this is some action that will make the virus deliver its payload such as a date or an execution of a file
179
what will a **hash algorithm** use in order to produce a hash from a given input
to produce a hash from a given input this will use a combination of: 1. constants 2. AND, OR, NOT logic operators 3. modulus operator with large prime numbers to produce smaller numbers from large numbers
180
what does the accronym **PLC** stand for
this stands for **P****rogrammable logic controller**
181
these are terms to describe the tools, knowledge and best practices regarding the protection of: 1. Computers 2. Communication networks 3. Programs 4. Data
describe the terms **Cybersecurity / information security**
182
this could contain words from 1. The a-z dictionary 2. Most used passwords 3. Professional terminology such as medical terms 4. Literature 5. Tv and film
name 5 potential places that words for a **dictionary which will be used for a dictionary attack** could come from
183
this is a simple yet effective method of implementing Steganography. It works by having a message you want to hide already in bits and then for each pixel change either the last or last two bits so that they match your hidden message. To retrieve the message one would simply have to gather the least significant bits used to hide the message and use them to reconstruct the hidden message
describe the steganography technique known as ## Footnote **Least significant bit (LSB)**
184
this is a programme that is able to self replicate but not self spread and will typically inject or attach itself to an application or file
describe what a **virus** is
185
how do **client-server botnets** maintain resillience
these maintain resillience by 1. using encryption 2. using multiple servers in different countries
186
some examples of this include 1. allowing employees to insert any usb into network attached computers 2. having out of date operating system or antivirus
give two examples of a ## Footnote **vulnerability**
187
how does a **virus** spread
this spreads by relying on human interaction such as a file being shared via a medium such as email
188
why can hashing passwords alone not protect against a ## Footnote **dictionary attck**
the reason that hashing passwords alone cannot protect against this attack is because the dictionary used for this attack can also be hashed and so a match can still be found
189
describe what a **virus** is
this is a programme that is able to self replicate but not self spread and will typically inject or attach itself to an application or file
190
describe ## Footnote **rootkits**
Hidden programs used by attackers to remotely control or access a computer.
191
what is a ## Footnote **sandbox**
this is an isolated environment that mimics an operating system
192
these are rules used to identify malware and relies on using previous knowledge about how malware operates
what are **heuristics** used by antivirus programmes
193
when this is to be written to it must first have its content completely removed this means that slack space on an SSD will no longer contain old data
what must happen to a **solid state drive (SSD) memory cell** before it is written to
194
what is ## Footnote **steganogaphy**
this is the act of hiding data within other data such as an image.
195
when using this the antivirus programme may 1. decompile a suspected programme and see if it contains instructions such as copying itself or overwriting operating system files 2. put the programme within a sandbox and then execute the programme to see what instructions it tries to execute
what are two techniques that antivirus programmes use when working with ## Footnote **heuristics**
196
this was a virus discovered in the summer of 2010 and was the first of its kind in the sense that instead of targeting a huge number of publicly owned computers it was specifically designed to attack and control siemens PLCs
what is ## Footnote **stuxnet**

TM112: Block 2 (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions