Remember This Flashcards
(189 cards)
1
Q
A use case helps:
A
professionals identify and clarify requirements to achieve a goal
2
Q
Confidentiality ensures:
A
that data is only viewable by authorized users
3
Q
Encryption is the:
A
best choice to provide confidentiality
4
Q
Access controls protect:
A
the confidentiality of data
5
Q
Steganography supports:
A
obfuscation by making the hidden data harder to see
6
Q
Integrity provides:
A
assurances that data has not been modified, tampered with, or corrupted through unauthorized or unintended changes
7
Q
Hashing is a common method:
A
of ensuring integrity
8
Q
Non-repudiation prevents:
A
entities from denying they took an action
9
Q
Digital signatures provide what 2 things?
A
non-repudiation
integrity for files and email
10
Q
Audit logs provide:
A
non-repudiation
11
Q
Availability ensures:
A
that data and services are available when needed
12
Q
Risk is:
A
the possibility of a threat exploiting a vulnerability, resulting in a loss
13
Q
A threat is:
A
any circumstance or event that has the potential to compromise confidentiality, integrity, or availability
14
Q
A vulnerability is:
A
a weakness in either the hardware, software, configuration, or users operating the system
15
Q
Risk mitigation reduces risk by:
A
reducing the chances that a threat will exploit a vulnerability
by reducing the impact of the risk
16
Q
Security controls reduce:
A
risks
17
Q
The three primary security control types are:
A
technical
administrative
physical
18
Q
A technical control is:
A
one that uses technology to reduce vulnerabilities
19
Q
Some examples of technical controls are:
A
Encryption
antivirus software
IDSs
firewalls
the principle of least privilege
20
Q
Administrative controls are:
A
primarily administrative and include items such as risk and vulnerability assessments
21
Q
Preventive controls attempt to:
A
prevent security incidents
22
Q
Detective controls attempt to:
A
detect when a vulnerability has been exploited
23
Q
Corrective controls attempt to:
A
reverse the impact of an incident or problem after it has occurred
24
Q
Deterrent controls attempt to:
A
prevent incidents by discouraging threats
25
Compensating controls are:
alternative controls used when it isn't feasible or possible to use the primary control
26
Virtualization allows:
multiple servers to operate on a single physical host
27
Type I hypervisors run:
directly on the system hardware
28
Type II hypervisors run:
as software within a host operating system
29
Container virtualization is:
a specialized version of a Type II hypervisor. It allows services or applications to run within their own isolated cells or containers.
30
Containers don't have:
a full operating system but instead use the kernel of the host
31
Snapshots capture:
the state of a VM at a moment in time
32
Administrators often take a snapshot before what?
performing a risky operation
33
VM sprawl can occur:
if personnel within the organization don't manage the VMs
34
VM escape attacks allow:
an attacker to access the host system from the VM
35
You run command-line tools in the:
Command Prompt window in Windows and the terminal in Linux
36
The ping command can:
be used to check connectivity
check name resolution
verify that routers, firewalls, and intrusion prevention systems block Internet Control Message Protocol (ICMP)
37
The ipconfig command on Windows allows:
you to view the configuration of network interfaces
38
Linux uses ifconfig and/or ip to:
view and manipulate the configuration of network interfaces
39
Netstat allows you to:
view statistics for TCP/IP protocols and view all active network connections. This can be useful if you suspect malware is causing a computer to connect with a remote computer
40
Tracert lists:
the routers (also called hops) between two systems. It can be used to verify a path has not changed
41
The arp command allows you to:
view and manipulate the ARP cache. This can be useful if you suspect a system's ARP cache has been modified during an attack
42
Authentication allows:
entities to prove their identity by using credentials known to another entity
43
Identification occurs when:
a user claims or professes an identity, such as with a username, an email address, a PIV card, or by using biometrics
44
Authentication occurs when:
an entity provides proof of an identity (such as a password). A second entity is the authenticator and it verifies the authentication
45
Authorization provides:
access to resources based on a proven identity
46
Accounting methods track:
user activity and record the activity in logs
47
Five factors of authentication are:
Something you know, such as a username and password
Something you have, such as a smart card, CAC, PIV, or token
Something you are, using biometrics, such as fingerprints or retina scans
Somewhere you are, using geolocation, a computer name, or a MAC address
Something you do, such as gestures on a touch screen
48
The something you know factor typically refers to:
a shared secret, such as a password or a PIN. This is the least secure form of authentication
49
Passwords should be:
strong and changed often
50
Complex passwords include:
multiple character types
51
Strong passwords are:
complex and at least 14 characters long
52
Administrators should verify a:
user's identity before resetting the user's password
53
When resetting passwords manually:
administrators should configure them as temporary passwords that expire after the first use, requiring users to create a new password the first time they log on.
54
Self-service password systems:
automate password recovery
55
Password policies provide:
a technical means to ensure users employ secure password practices
56
Password length specifies:
the minimum number of characters in the pasword
57
Password complexity ensures:
passwords are complex and include at least three of the four character types
58
Password history remembers:
past passwords and prevents users from reusing passwords
59
Minimum password age is:
used with password history to prevent users from changing their password repeatedly to get back to the original password
60
Maximum password age or password expiration forces:
users to change their password periodically
61
When administrators reset user passwords, the password should:
expire upon first use
62
Password policies should:
apply to any entity using a password. This includes user accounts and accounts used by services and applications
63
Applications with internally created passwords should:
still adhere to the organization's password policy
64
Account lockout policies:
lock out an account after a user enters an incorrect password too many times.
65
Smart cards are:
credit card-sized cards that have embedded certificates used for authentication. They require a PKI to issue certificates
66
Common Access Cards (CACs) and Personal Identity Verification (PIV) cards can:
be used as photo IDs and as smart cards
67
Tokens (or key fobs) display:
numbers in an LCD. These numbers provide rolling, one-time use passwords and are synchronized with a server
68
USB tokens include:
an embedded chip and a USB connection. Generically, these are called hardware tokens
69
HMAC-based one-time passwords (HOTP) and Time-based one-time passwords (TOTP) are:
open source standards used to create one-time-use passwords
70
Hash-based Message Authentication one-time password (HOTP) creates:
a one-time-use password that does not expire
71
TOTP creates:
a one-time password that expires after 30 seconds
72
Biometric methods are:
the most difficult to falsify.
73
Biometric physical methods include:
voice and facial recognition
fingerprints
retina scans
iris scans
palm scans
74
Biometric methods can also be used for:
identification
75
The false acceptance rate (FAR), or false match rate, identifies:
the percentage of times false acceptance occurs
76
The false rejection rate (FRR), or false nonmatch rate, identifies:
the percentage of times false rejections occur
77
The crossover error rate (CER) indicates:
the quality of the biometric system. Lower CERs are better
78
Single-factor authentication includes:
one or more authentication methods in the same factor, such as a PIN and a password
79
Dual-factor (or two-factor) authentication:
used two factors of authentication, such as a USB token and a PIN
80
Multifactor authentication uses:
two or more factors. Is stronger than any form of single-factor authentication
81
Authentication methods using two or more methods in the same factor are:
single-factor authentication
82
Kerberos is a:
network authentication protocol using tickets issued by a Key Distribution Center KDC or Ticket Granting Ticket TGT server.
83
If a ticket-granting ticket expires:
the user might not be able to access resources.
84
Microsoft Active Directory domains and Unix realms use:
Kerberos for authentication
85
Lightweight Directory Access Protocol (LDAP) specifies:
formats and methods to query directories. It provides a single point of management for objects, such as users and computers, in an Active Directory domain or Unix realm
86
Lightweight Directory Application Protocol LDAP Secure (LDAPS):
encrypts transmissions with Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
87
Single sign-on (SSO) allows:
users to authenticate with a single user account and access multiple resources on a network without authenticating again
88
SSO can be used to:
provide central authentication with a federated database and use this authentication in an environment with different operating systems
89
Security Assertion Markup Language SAML is an:
XML-based standard used to exchange authentication and authorization information between different parties.
90
SAML is used with:
web-based applications
91
A federated identity links:
a user's credentials from different networks or operating systems, but the federation treats it as one identity
92
Shibboleth is:
an open source federated identity solution that includes Open SAML libraries
93
OAuth and OpenID Connect are:
used by many web sites to streamline the authentication process for users
94
OAuth and OpenID allow:
users to log on to many web sites with another account, such as one they've created with Google and Facebook
95
The principle of least privilege is:
a technical control that uses access controls
96
The principle of least privilege specifies that:
individuals or processes are granted only the rights and permissions needed to perform assigned tasks or functions, but no more
97
Users should not share:
accounts
98
Most organizations ensure the:
Guest account is disabled
99
Account policies often require:
administrators to have two accounts (an administrator account and a standard user account) to prevent privilege escalation and other attacks
100
An account disablement policy ensures that:
inactive accounts are disabled
101
Accounts for employees who:
either resign or are terminated should be disabled as soon as possible.
102
Configuring expiration dates on temporary accounts ensures:
they are disabled automatically
103
Time restrictions can:
prevent users from logging on or accessing network resources during specific hours.
104
Location-based policies prevent:
users from logging on from certain locations
105
Accounts should be recertified to:
verify they are still required.
106
Administrators routinely perform:
account maintenance.
107
Account maintenance is often done with:
scripts to automate the processes and includes deleting accounts that are no longer needed
108
Credential management systems:
store and simplify the use of credentials for users
109
The role-based access control (role-BAC) model uses:
roles to grant access by placing users into roles based on their assigned jobs, functions, or tasks
110
A matrix matches:
job titles with required privileges
111
Group-based privileges are a form of:
role-BAC
112
In a Group-based privilege company, Administrators:
create groups, add users to the groups, and then assign permissions to the groups.
113
The rule-based access control (rule-BAC) model is:
based on a set of approved instructions, such as ACL rules in a firewall.
114
Some rule-BAC implementations use:
rules that trigger in response to an event, such as modifying ACLs after detecting an attack
115
In the discretionary access control (DAC) model, every object has:
an owner that has explicit access and establishes access for any other user
116
Microsoft NTFL uses:
the DAC model, with every object having a discretionary access control list (DACL)
117
The discretionary access control list (DACL) identifies:
who has access and what access they are granted
118
A major flaw of the DAC model is:
its susceptibility to Trojan horses
119
Mandatory access control (MAC) uses:
security or sensitivity labels to identify objects (what you'll secure) and subjects( users)
120
MAC is often used when:
access needs to be restricted based on predefined security labels. These labels are often defined with a lattice to specify the upper and lower security boundaries
121
An attribute-based access control (ABAC) evaluates:
attributes and grants access based on the value of these attributes.
122
An ABAC is used in many:
software defined networks (SDNs)
123
Protocol used for voice and video include:
Real-time Transport Protocol (RTP) and Secure Real-time Transport (SRTP)
124
Secure Real-time Transport Protocol (SRTP) provides:
encryption, message authentication, and integrity for RTP
125
File Transfer Protocol (FTP) is commonly used to:
transfer files over networks, but FTP does not encrypt the transmission
126
Several encryption protocols encrypt:
data-in-transmit to protect its confidentiality
127
The encryption protocols that encrypt data-in-transmit to protect its confidentiality are:
File Transfer Protocol Secure (FTPS)
Secure File Transfer Protocol (SFTP)
Secure Shell (SSH)
Secure Sockets Layer (SSL)
Transport Layer Security (TLS)
128
SMTP sends:
email using TCP port 25
129
POP3 receives:
email using TCP port 110
130
IMAP4 uses:
TCP port 143
131
Secure POP uses:
TLS on port 995 (legacy) or with STARTTLS on port
132
HTTP uses:
port 80 for web traffic
133
HTTPS encrypts:
HHTP traffic in transmit and uses port 443
134
Directory services solutions implement:
Kerberos as the authentication protocol
135
Lightweight Directory Access Protocol (LDAP) uses what port?
TCP port 389
136
LDAP Secure (LDAPS) uses what port?
TCP port 636
137
The Network Time Protocol (NTP) provides:
time synchronization services
138
Domain Name System (DNS) provides:
domain name resolution
139
DNS zones include:
A records for IPv4 addresses
AAAA records for IPv6 addresses
140
Zone data is:
updated with zone transfers and secure zone transfers help prevent unauthorized access to zone data
141
DNS uses:
TCP port 53 for zone transfers
UDP port 53 for DNS client queries
142
Domain Name System Security Extensions (DNSSEC) provides:
validation for DNS responses and helps prevent DNS poisoning attacks
143
Two command-line tools used to query DNS are:
nslookup and dig
144
Both nslookup and dig support:
axfr switch, allowing them to download all zone data from a DNS server, unless the DNS server blocks the attempt
145
Switches are used for:
network connectivity and they map media access control (MAC) addresses to physical ports
146
Port security limits:
access to switch ports
147
Port security includes:
limiting the number of MAC addresses per port and disabling unused ports
148
You can manually map:
each port to a specific MAC address or group of addresses
149
An aggregation switch connects:
multiple switches together in a network
150
Routers connect:
networks and direct traffic based on the destination IP address
151
Routers (and firewalls) use:
rules within access control lists (ACLs) to allow or block traffic
152
Implicit deny indicates:
that unless something is explicitly allowed, it is denied.
153
Implicit deny is the last:
rule in an ACL
154
Host-based firewalls filter:
traffic in and out of individual hosts
155
Some Linux systems use:
iptables or xtables for firewall capabilities
156
Network-based firewalls filter:
traffic in and out of a network
157
Network-based firewalls are placed:
on the border of the network, such as between the Internet and an internal network
158
A stateless firewall controls:
traffic between networks using rules within an ACL
159
The ACL can block:
traffic based on ports, IP addresses, subnets, and some protocols
160
Stateful firewalls filter:
traffic based on the state of a packet within a session
161
A web application firewall (WAF) protects:
a web server against web application attacks
162
A web application firewall (WAF) is typically placed:
in the demilitarized zone (DMZ) and will alert administrators of suspicious events
163
A DMZ provides:
a layer of protection for servers that are accessible from the Internet
164
An intranet is:
an internal network
165
People use the intranet to:
communicate and share content with each other
166
An extranet is:
part of a network that can be accessed by authorized entities from outside of the network
167
NAT translates:
public IP addresses to private IP addresses
private back to public, and hides IP addresses on the internal network from users on the Internet
168
Networks use:
various methods to provide networks segregation, segmentation, and isolation
169
An airgap is:
a metaphor for physical isolation, indicating a system or network is completely isolated from another system or network
170
Routers provide:
logical separation and segmentation using ACLs to control traffic
171
Forward proxy servers forward:
requests for services from a client
172
Forward proxy servers can cache:
content and record users' Internet activity
173
A transparent proxy accepts:
and forwards requests without modifying them
174
A nontransparent proxy can:
modify or filter requests, such as filtering traffic based on destination URLs
175
Reverse proxy servers accept:
traffic from the Internet and forward it one or more internal web servers
176
Reverse proxy server is placed:
in the DMZ and the web servers can be in the internal network
177
A unified threat management (UTM) security appliance includeds:
multiple layers of protection, such as URL filters, content inspection, malware inspection, and a distributed denial-of-service (DDoS) mitigator
178
UTMs typically raise:
alerts and send them to administrators to interpret
179
Mail gateway are logically placed:
between an email server and the Internet
180
Mail gateways examine:
and analyze all traffic and can block unsolicited email with a spam filter
181
Loop protection protects:
against switching loop problems, such as when a user connects two switch ports together with a cable
182
Spanning Tree Protocols protect:
against switching loops
183
Flood guards prevent:
MAC flood attacks on switches
184
VLANS can logically:
separate computers or logically group computers regardless of their physical location
185
You create VLANs with:
Layer 3 switches
186
Routers use:
rules within ACLs as an antispoofing method
187
Border firewalls block:
all traffic coming from private IP addresses
188
Simple Network Management Protocol version 3 SNMPv3 is used to:
monitor and configure network devices and uses notification messages known as traps
189
Simple Network Management Protocol version 3 SNMPv3 uses strong:
authentication mechanisms and is preferred over earlier versions
