Security+ Flashcards
(283 cards)
1
Q
“Subjects” are what?
A
Users or Groups that are accessing an object or resource
2
Q
2 main components of IPSec?
A
Authentication Header (AH) Encapsulating Security Payload (ESP)
3
Q
3 Primary IP Classes are?
A
Class A> 0.0.0.0 -> 127.255.255.255
Class B> 128.0.0.0 -> 191.255.255.255
Class C> 192.0.0.0 -> 192.255.255.255
4
Q
AAA?
A
Authn
Authr
Accounting (tracking/auditing what-/where with logs)
5
Q
What are the 4 models of Access Control?
A
ROLE Based Access Control (RBAC)
RULE Based Access Control
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
6
Q
ARP?
A
Address Resolution Protocol - used once a packet makes it inside a network - ARP routes it to the correct machine on the network.
7
Q
CHAP is similar to PAP in what way?
In what ways do they differ?
A
Both were used in PPP
Both use passwords or pins
PAP sent pins and passwords in the clear
CHAP uses a hashed password that is hashed with a nonce (number used once)
8
Q
CIDR?
A
Classless Interdomain Routing notation
9
Q
Cipher locks are?
A
Door with a code that requires punching in - mechanical or digital…
10
Q
Corrective Controls include?
A
Intrusion Protection Systems or Active IDS - can engage to stop an ongoing attack
Backup and Recovery - can work to recover from an attack
11
Q
Integrity?
A
Integrity provides assurances that data has not changed. This includes ensuring that no one has modified, tampered with, or corrupted the data.
12
Q
Detective Controls include?
A
DETECTIVE CONTROLS:
- Log monitoring
- Trend analysis
- Security Auditing
- Video monitoring
- Motion detection
13
Q
Deterrent Controls include?
A
Dogs, Guards, Laws.
Most of the Preventative Controls can also be thought of a Deterrent as well (as in Security Guards)
14
Q
Difference between Preventative and Detective Controls
A
Preventative are ACTIVE controls - that can stop an incident
Detective are PASSIVE controls - that can’t in themselves stop an incident
15
Q
DNS records are organized with what desigations?
A
A (IPv4) - address/host records
AAAA (IPv6) - address
PTR - pointers (opposite of an A - if queried with an IP, it will return a hostname)
MX - mail exchange
CNAME - aliases
16
Q
What is EAP used for and what is it associated with?
A
Extensible Authentication Protocol (EAP)
Associated with RADIUS / Wireless Authentication
Uses Tokens, Smart Cards, Certificates
17
Q
How are Hash’s created and what are they used for?
A
hash is simply a number created by executing a hashing algorithm against data, such as a file or message. As long as the data never changes, the resulting hash will always be the same. By comparing hashes created at two different times, you can determine if the original data is still the same. If the hashes are the same, the data is the same. If the hashes are different, the data has changed.
18
Q
UDP vs. TCP?
A
UDP uses a connectionless session (no 3-way handshake like TCP)
19
Q
In Discretionary Access Control what is the basic model?
A
User Centric / User Chooses. LEAST restrictive.
All files and folders have owners and permissions..
This is true for Unix/Linux and NTFS based file systems..
20
Q
In the context of Redundancy - what does SPOF mean?
A
Single Point of Failure
21
Q
IPSec? Associated with what 3 technologies?
A
IP security.
1) VPN by way of an Internet Key Exchange (IKE) over UDP
2) associated with IPv6, but can be used with v4.
3) ISAKAMP - sec assoc. key mgmt protocol
22
Q
IPv4 vs IPv6 - how many bits in each part of the address?
A
32bit for v4
128 for v6
23
Q
IPv6 format?
A
8 groups of hexadecimal numbers separated by colons e.g. 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Hex numbers are 4 characters long.
24
Q
NDP?
Associated with?
A
Neighbor Discovery Protocol
IPv6
25
NetBIOS?
Network Basic Input/Output System
26
Of the five factors of authentication what is the weakest?
Something you know
27
PAP was used with what?
PPP - Point to Point Protocol
28
Preventative Controls include:
PREVENTATIVE CONTROLS:
* Blocking (Firewalls, etc)
* Hardening
* Guards (Security Guards)
* Change Management
* Account Disablement Policy
* Security Awareness Training
29
Protocol IDs are?
The ID of the network protocol - NOT THE PORT.
| E.g. TCP is 6, UDP is 17, etc.
30
Proximity Cards are:
Physical badges held up to scanners - can be combined with a PIN
31
RADIUS entire authn process is encrypted, T or F
F
| Only the password is encrypted
32
PAP?
Category: Remote Access Server (RAS)
Password Authentication Protocol
| Passswords are sent over clear text!
33
TACACS+ ?
Category: Remote Access Server (RAS)
Terminal Access Controller Access-Control System Plus
* TACACS+ is an alternative to RADIUS, from Cisco.
* Benefit of TACACS+ is that it can interact with Kerberos, allowing it to work with a broader range of environments, including Microsoft domains.
* Encrypts the entire authentication process, whereas RADIUS encrypts only the password.
34
CHAP?
Category: Remote Access Server (RAS)
Challenge Handshake Authentication Protocol (CHAP)
35
DIAMETER
Category: Remote Access Server (RAS)
Diameter.
Diameter is an improvement over RADIUS and it supports Extensible Authentication Protocol (EAP) for security.
36
Flavors of CHAP?
Category: Remote Access Server (RAS)
MS-CHAP and MS-CHAPv2
| V2 now solely used
37
RADIUS
Category: Remote Access Server (RAS)
Remote Authentication Dial-In User Service (RADIUS).
38
XTACACS
Category: Remote Access Server (RAS)
Extended Terminal Access Controller Access-Control System (XTACACS)
39
RAS?
Remote Access Service - anything remote you need to sign into
40
Risk Assessment - Quantitative vs. Qualitative
Quantify = assess risk based on monetary/asset value (SLE/ALE, etc)
Qualitative = based on assessment of Probability x (times) Impact (usually using historical data)
41
SAML?
Security Assertion Markup Language (SAML)
42
SNMP?
Simple Network Management Protocol
43
Telnet is still commonly used T/F?
False
44
TLS?
Transport Layer Security
45
UDP?
User Datagram Protocol
46
What are 2 RAS Authn Services that are considered "AAA"
RADIUS and TACACS+
47
What are all the things a smart card provides?
The smart card provides:
* non-repudiation
* authentication (2factor: both HAVE & KNOW)
* confidentiality (encryption)
* integrity (signing)
48
What are authentication types also known as?
Factors
49
What are planning documents known as Matrices used for in Access Control?
Role Matrix: used to map roles to privileges for planning purposes
50
What are Rule Based Access Controls usually associated with?
Firewalls / ACLs / Lists
51
What are SAMLs 3 main actors?
Principal: this is typically a user.
Identity Provider
Service Provider (the authn server)
52
What are some of the best practices of password management?
Use strong ones,
don't write them down,
don't share,
use technology to enforce policies like expiration
53
What are some of the characteristics of Kerberos
* mutual authentication that can help prevent man-in-the-middle attacks
* uses tickets to help prevent replay attacks.
* network authentication protocol within a Microsoft Windows Active Directory domain or a Unix realm.
* database of objects such as Active Directory and a KDC (or TGT server) to issue timestamped tickets that expire after a certain time period.
54
What are some of the Layers in "Layered Security"?
Network (Firewall, Reverse Proxy Servers),
Host-based (Intrusion Detection System - IDS) and Antivirus,
Software (Monitoring)
Layered security, or defense in depth, combines multiple layers of security, such as a firewall, an IDS, content filtering, and antivirus software.
55
What are the GOALS of Controls w.r.t. a Security Incident?
Preventative Controls - try to prevent an incident from occurring
Detective Controls - try to detect an incident that's already occurred
Corrective Controls - try to correct the damage done by an incident
Deterrent Controls - try to deter an incident from occurring in the first place
Compensating Controls - act as alternatives when primary controls are not feasibles
56
What are the 2 ways to simplify IPv6 format?
1) Drop Leading 0s
2) 0 Compression (ommitting any hex that's all zeros, e.g. somehex::someotherhex::onelasthex)
Remember - any number less than 4 characters will have been simplified in some way
57
What are the 3 parts of the TCP handshake?
SYN (synchronize) from client to server.
SYN/ACK (synch/ack) from server to client.
ACK from client to server.
58
What are the 3 Private IP Subnets
10. x.x.x
172. 16.x.x > 172.31.z.z
192. 168.x.x
59
What are the 5 factors of authentication?
```
Something you KNOW
Something you HAVE
Something you ARE
SomeWHERE you are (location)
Something you DO
```
60
What are the characteristics of a strong password?
>8 characters
No dictionary words
At least 3-4 of the following types:
- Upper case
- Lower case
- Numbers
- Special characters
61
What can Protocol IDs be used for?
Firewall configuration
62
What does a minimum password age help with?
Helps to prevent users from resetting passwords back to previous password right after being forced to change it
63
What does PKI stand for?
Public Key INFRASTRUCTURE
64
What does TLS do that SSL doesn't?
TLS encrypts the data before transmission
65
What is a nonce?
Number used once
| Used in hashing
66
What is commonly used with smart cards to increase security and what does it provide?
A pin or password
| Provides 2-factor auth
67
What is HOTP?
HMAC-based One Time Password
68
What is mutual authentication?
Client authn to the server, and server authn to the client
69
What is Non-Repudiation, and what are some of the ways to enforce it?
Ability through **Digital Signatures** and/or audit logs, etc to authenticate that a person was the originator of a message or an action, and later not be able to DENY that it was them that sent the message...
Smart Cards
70
What is the basic concept behind MAC access control?
Labels.
| Users with a particular label are allowed to see files/folders with a particular label.
71
What is TOTP, how is it different than HOTP?
Time-based one time password- uses a time stamp instead of a counter
72
What network protocols do RADIUS & TACACS+ use?
RADIUS uses UDP (User Datagram Protocol)
| TACACS uses TCP (Transmission Control Protocol)
73
What Operating System uses a Mandatory Access Control model and what's it called?
Linux
| SELinux (Security Enhanced Linux)
74
What Protocols are commonly associated with DoS attacks?
UDP - because there's no handshake - the streaming overwhelms the server.
ICMP
75
What's a DACL contain?
A group of ACE (Access Control Entries) - that are made up of SIDs and Persmissions
76
What's a DACL?
Discretionary Access Control List - every MS object in the NTFS world has one and it shows everyone that has access to a file or folder.
77
What's a SID and what's it associated with?
Security Identifier - it's what MS systems use to ident someone. Associated with DAC access control model (Discretionary)
78
What's a way to prevent Tailgating?
Mantraps
79
What's another name for the "something you are" authn factor?
Biometrics
80
What's the main difference between SFTP and FTPS?
SFTP uses SSH (port 22)
| FTPS uses TLS/SSL (either on 989 or 990)
81
What's the main vulnerability of HMAC-based One Time Password (HOTP)?
A generated password that has not been used can be used indefinitely.
82
What are the names for biometrics systems failure rates?
The False Accept Rate (FAR, also known as a type 2 error) identifies the percentage of times false acceptance occurs.
The False Reject Rate (FRR, also known as a type 1 error) identifies the percentage of times false rejections occur.
83
When manually resetting a password- what's best to remember?
The password should be set to expire on first use
84
Why do adminstrators disable ICMP services/ports?
Becuase they can be used in DoS attacks and because they make the services discoverable outside of the server.
85
Write the following subnet mask for the subnet 192.168.1.1 in CIDR notation:
255.255.0.0
192.168.1.1 / 48
86
Switches deal with _____ traffic while Hubs deal with ______?
Unicast
| Broadcast
87
Loop protection on a Switch is enabled by what protocols and prevents ______?
STP (Spanning Tree Protocol) or RSTP.
| Prevents switch looping that can seriously degrade network performance.
88
VLANs can do what and are enabled by what?
Can logically seperate computers (or groups of users,etc) through software-defined LANs.
Enabled by smart SWITCHES - one switch can create multiple VLANs.
89
802.1x can be used for what kind of networks?
Wired AND wireless
90
802.1x can be implemented with what kind of servers?
RADIUS or DIAMETER
91
What is Port Security?
Securing the physical ports of a network
92
Routers allow/deny traffic based on _______?
ACLs - basic packet filtering
93
In the context of ACLs - what does Implicit Deny do and what are they used in?
All traffic that isn't explicitly allowed is implicity denied.
Routers and Firewalls
94
What are some of the rules of Implicit Deny?
Deny Any Any or Deny All All (where the first one indicates the type - UDP, TCP, etc) and the second means Inbound/Outbound
95
Firewall Rules generally take what format?
```
Permission
Protocol
Source
Destination
Port
```
96
Firewalls implement "implicit deny" by implementing what at the end of the ACL?
Deny Any Any,
Deny Any
Drop All
97
Web Application Firewalls can prevent what kind of attacks?
Cross Site Scripting Attacks
98
What are 3 of the ways to segment/block network traffic?
VLANs,
Routers,
Firewalls
99
DMZs are typically in between what?
2 firewalls - one to the outside Internet and one to the inside intranet.
100
NAT?
Network Address Translation
101
NAT is typically found where?
On internet-facing Firewalls
102
What's a commmon form of NAT?
PAT - Port Address Translation
Uses a Single IP address
103
Pros/Cons of NAT?
Can be used to leverage more expensive Public IP addresses.
Hides computers/servers not meant to be public.
Doesn't work with IPSec (IPv6)
104
What is Dynamic NAT?
Uses multiple IP addresses to help balance load
105
What is UTM?
Unified Threat Management
Combines several network security controls in one server/appliance.
106
What are some of the things a UTM can monitor?
Email and email attachments, malicious code in websites.
107
What is one common type of UTM?
Web Security Gateway
108
OSI Network Layers - what are the layers...
"Please Do Not Throw Suasage Pizza Away"
1. Physical (cables/hubs)
2. Data Link (switches)
3. Network (router/layer3 switch)
4. Transport (UDP/TCP, etc)
5. Session (establishing/maintaining/terminating)
6. Presentation (ASCII, etc)
7. Application (HTTP, RDP, LDAP, etc)
109
What are IPS's and IDS's and what is the difference?
IPS = Intrusion Prevention System (ACTIVE - always placed inline with traffic - so it can prevent attack from reaching downstream networks)
IDS = Intrusion Detection System (PASSIVE - usually)
All IPSs are IDSs, but not all IDSs are IPSs (only ACTIVE IDSs can be considered IPSs)
Both use protocol analyzers / sniffers.
110
HIDS is usually used along with what?
Along with a traditional antivirus since HIDS can help detect network-based issues.
111
What is a SYN flood?
A form of DoS attack.
Attackers issue multiple simultaneous SYN requests of a server and intentionally don't respond with the ACK after the SYN/ACK - therefore making the server think it's connections are just latent - but this causes the server to overload and can crash it.
112
Where is a NIDS installed?
On a network device like a router or firewall.
113
A Network-based Intrusion Detection System cannot monitor encrypted traffic, T/F?
True
114
What's another name for Anomoly-based detection?
Heustics-based
115
What's the other form of detection other than Anomoly-based
Signature Based - requires a set of signatures/rules to look for
116
Signature based detection usually uses a common set of vulnerabilities that are publicly available - what is that called?
CVE - Common Vulnerabilities and Exposures list
117
What are the 2 main goals of a honeypot?
1. To divert an attack away from a live network
| 2. To observe an ongoing attack (to learn methods, etc)
118
Honeypots are usually found by attacks by being routed there by ______?
NIDS - Network Intrusion Detection systems (or NIPS)
119
What are the 802.11 standards?
802. 11a (54 Mbit/s)
802. 11b (11 Mbit/s)
802. 11g (54 Mbit/s)
802. 11n (600 Mbit/s)
120
WAPs use what kind of antennae typically?
Omnidirectional
121
Sometimes WAPs are connected together across a distance with what type of antennae?
Yagi
122
What is one way of reducing risk for a WLAN?
Reducing the range of the WAP by reducing the power and therefore the coverage
123
What are the encryption specs of WPA2?
| What did this replace?
Uses CCMP based on AES.
| Replaced TKIP with RC4 (used by WEP and WPA)
124
What is an 802.1x server used for, how is it implemented, and what does it provide?
Used to authenticate users over Wireless
Can be implemented with RADIUS.
Provides Enterprise-mode wireless access -and AUTHENTICATION (over using a simple passphrase)
125
PEAP and EAP-TTLS require what on the 802.1x server?
A certificate.
126
EAP-TLS is like PEAP and EAP-TTLS, but also requires what?
A cert on the server and each of the clients.
127
A captive portal can be cheaper alternative to what?
Standing up an 802.1x server for wireless access
128
When enabling a WAP - _____ mode separates wireless clients from connecting to each other.
Isolation
129
What are a couple things you should do to additionally secure a wireless router?
1. Change the default admin account ID and the password.
2. Enable MAC filtering
3. Change the default SSID
130
MAC addresses cannot be modified so are thought of as foolproof, T/F
False
131
It is not that much more secure to disable the SSID of a wireless router, T/F
True
132
How does WEP/WPA allow for vulnerabilities?
The encryption mechanism RC4 - reuses encryption keys, so once a key is determined, it can be used to decrypt all data.
133
What is an IV attack on a WEP-protected WAP?
Attacker uses packet injection to increase the amount of packets to analysze and discovers the encryption key.
134
How is WPA cracking achieved?
Attacker forces or waits for the 4-way auth handshake to occurr and and capture the information. They then use brute force attack to discover the passphrase.
135
What is WPS and should it be used?
Wifi Protected Setup - the little button you press to automatically join a network.
NO - is should be disabled if possible.
136
What is an Evil Twin?
A WAP with the same SSID as a legitimate access point.
137
Bluejacking?
Unsolicited sending of messages to Bluetooth device
138
Bluesnarfing?
The access and stealing of data over Bluetooth
139
IPSec tunneling mode does what?
Encrypts the whole packet as Transport mode only encrypts the payload
140
Encapsulating Security Payload (ESP) provides ________, ______, and _______ for VPN traffic.
confidentiality, integrity, and authentication
141
IPSec Protocol ID #?
50
142
IPSec uses what over port 500?
IKE - internet key exchange
143
NAC?
Network Access Control
144
What word is typically associated with NAC?
Health - as in health check through health agents
145
What are 2 of the health checks a NAC agent will perform
1. Up to date virus software
2. Up to date OS
3. Firewall enabled
146
Core principles of system hardening include:
Removing/disabling unwanted/unneeded services
Removing/uninstalling applications
Disabling/removing unneeded accounts
147
Hardening systems by removing services helps to
1. Improves the overall _____ _____ of systems
2. Reduces the ____ _____
3. Reduces risks associated with ____ _____
1. Security posture
2. Attack surface
3. Open Ports
148
As part of hardening it's a good idea to disable/remove the _____ account.
Guest
149
The lifecycle of a hardened system is:
1. Deploy Initial Secure _____ of a system
2. ______ monitor and enhance the security of a system
3. ______ to automatically correct or isolate a system
1. BASELINE
2. CONTINUOUSLY - through host-based and group policy, etc
3. REMEDIATE
150
Group Policy for accounts can....?
Disable guest accounts and rename Admin account
151
Group Policy for password policies can...?
Ensure policies are enforced and enforce lockout policies associated with them
152
Group Policy for auditing can....?
Enable audit logs for access and logon/logoff
153
Group Policy for user rights can....?
Allow or restrict execution of applications, etc
154
Group Policy for system services can....?
Allow administrators to disable services, or prevent users from disabling them...
155
Group Policy for software restrictions can....?
Control what applications/software get installed on a system.
156
Group Policy settings are applied only once, T/F?
False - they are continuously applied
157
What magical MS product can help you configure Group Policy?
The SCW - the Security Configuration Wizard
158
SCAP? and what is it?
Security Content Automation Protocol
| - built into many vulnerability scanners to check what security settings have or haven't been changed
159
What is another name for Host Software Baseline?
Application baseline - what's installed on a system and what's allowed to be installed
160
What do administrators do with a Host Software Baseline?
Compare what's installed on a system against the approved software list and check for differences
161
What are Application Configuration Baselines
The specific application-related settings for a given software installation
162
Baseline reporting can be one way to _____ the current state of a system or application
AUDIT
163
What is a VM Escape attack?
Being able to directly interact with the Hypervisor or Host system from a VM
164
What kind of MS patch is released right away?
OOB - Out of Band - security vulnerability-related patches
165
An example of a SCADA system is _______, and typically ARE/AREN'T connected to the internet?
Power plants, etc
| NOT
166
What is Defense in Depth?
Having multiple Security Layers
167
What are 2 security design techniques for static systems?
Control redundancy - have 2 of everything, place them in different networks.
Diversity - have 2 different Firewall vendors so if one fails the other may catch.
168
With respect to tracking mobile phones - what can RFID do to help?
Help with inventory control
169
Strongest way to secure data at rest and in transit is through _____ and _____?
Encryption and strong access controls
170
What is one downfall of file-based encryption?
Someone can take a file that's encrypted and move it to another device (USB, etc) that doesn't supprt encryption - the system will decrypt prior to moving...
171
Trusted Platform Module (TPM)?
Hardware chip that has an RSA asymetric key on a computer motherboard that can generate, store, and protect other keys.
172
TPM three categories of keys?
1. Endorsement Key, permanent key
2. Storate root key - created when user activates encyption
3. Application keys - derived from the storate root key - used to encrypt disks
173
What TPM key does MS Bitlocker use?
Application key
174
Hardware Security Module (HSM)?
Like a TPM, is a hardware-based, but REMOVABLE encryption device that uses RSA encryption to encrypt data for high-performance servers (e.g. SSL accelerators)
175
Data leakage is also known as _________?
Data exfiltration
176
Data exfilitration is: ___________?
The unauthorized transfer of data outside an organization and is a significant concern with data leakage.
177
A Data Loss Prevention (DLP) system can be any one of 3 things:
1. ____-based to inspect data in motion
2. ____-based to inspect data at rest
3. _____-based to inspect data in-use
1. Network-based
2. Storage-based
3. Endpoint-based
178
DLPs are similar to UTM but inspect this direction of data flow as opposed to UTM's
Outgoing as opposed to incoming
179
Malware types other than viruses...
```
worms,
logic bombs,
Trojans,
ransomware,
rootkits,
spyware
```
180
Ways a virus developer uses to ARMOR their viruses
1. Complex code
2. Encryption
3. Hiding
181
Making malware POLYMORPHIC commonly is done by...
Varying the encryption/decryption method slightly
182
Logic Bombs execute when?
Whenever some logical condition is triggered
183
T/F? Trojans represent a small percentange of malware?
False - they represented 70% of new malware in 2013
184
What is rogueware and what is it also known as?
Scareware.
| Scares the user into thinking something is wrong and only via paying a fee will the 'service' fix the problem.
185
Botnet agents/clients are called _________?
Zombies
186
Botnets are often used for what kind of attack?
DDoS
187
One of the characteristics of Rootkits is (hint has to do with how it's detected).
B/c it has root access, it will hide itself from detection
188
How is Spear Phishing different than regular phishing?
Spear phishing is targeted based on a group of people the attacker wants specific info from.
189
What is Whaling?
Like spear phishing but targeting Senior Leadership of an organization
190
What is Vishing (high-level)
phishing over the phone using VOIP technologies
191
Heuristic-based Detection is?
Runs potential / undiscovered malware in a sandbox and compares its output/actions against statistics about viruses - if it reaches certain thresholds - it is blocked and marked as dangerous
192
Xmas Attack is really...?
Not an attack at all - it's a port scan to try to determine what ports are available and what operating systems are at the target end of the scan.
193
Kerberos is one way to prevent what kind of attack by enforcing mutual authentication?
Man in the Middle (MITM)
194
What are two common ways to thwart Replay Attacks?
Timestamps and sequence numbers
195
Dictionary password attacks are thwarted by what?
Use of complex passwords
196
Birthday attacks take advantage of what hash vulnerabily?
Hash collisions
197
What is the primary method to prevent hash collisions?
Increase the amount of bits used to hash passwords (i.e. 256 instead of 128, or 512 instead of 256)
198
Rainbow table attacks are a form of dictionary attacks how?
By having a giant database of hashed passwords to compare with your target password's hash.
199
One way to prevent Rainbow table hashing attacks is to...?
Salt the password prior to hashing it.
200
DNS Poisoning is?
Corrupting/manipulating the DNS records of a users computer of network to redirect to a malicious site.
201
How do DNS systems protect against DNS Poisoning?
Through the use of DNSSEC (DNS Security Extensions)
202
DNS Pharming attacks are like DNS Poisoning, but usually involve hacking what?
The client computers Hosts file
203
ARP attacks are closely related to what resolution protocol?
MAC addressing
204
What is ARP in general?
It's the internal network routing mechanism to physical machines
205
ARP Poisoning can help in what kind of attacks?
Man in the Middle (redirecting to a malicious site/machine),
&
DoS attacks (redirecting to a non-existant site/machine)
206
What is one of the main ways an attacker can get access to a session ID to perform a Session Hijacking attack?
By cross-site scripting attacks
207
What is one coding practice that leads to one of the most common vulnerbilities?
Not sanitzing/validating input (form data, etc)
208
What is a No-Op "Sled" associated with used for?
Associated with Buffer Overflow Attacks and is used to insert and execute malicious code
209
What is one of the main ways to thwart a SQL injection attack?
Input validation
210
What is one of the main ways to thwart a XSS attacks?
Input validation
211
What are 2 ways to thwart XSRF attacks?
1. Dual authentication - make the user authenticate again to perform an action
2. Expire authn cookies after a short time frame
212
What is a Transitive access attack?
One in which you use one server or service to access another (like SQL injection)
213
In Risk Management you identify, monitor and mitigate risks, what risk is left over is called...?
Residual Risk
214
Quantitave Risk Assessments measures risk in what?
Dollars/monetary (i.e. potential losses, etc)
215
Risk Management: what are SLE, ARO and ALE
Single Loss Expectancy, Annual Rate of Occurence, Annual Loss Expectancy
216
Risk Management: how do you calculate ALE?
SLE x ARO
217
Qualitative Risk Assessments measures risk as?
Probability and Impact
218
Black box testing?
Pentesting with 0 knowledge of the system
219
White box testing?
Pentesters have COMPLETE knowledge of the system
220
Gray box testing?
Pentesters have SOME knowledge of the system
221
One of the ways to (continuously) monitor threat activity is through...
Log montioring
222
Monitoring logs can be used on what types of logs?
Antivirus logs, Application Logs, Performance Logs
223
Contingency Planning - what is RTO
Recovery Time Objective - goal (in time) to restore a system after an outage
224
Continency Planning - what is a BIA
Business Impact Analysis
225
Continency Planning - what is RPO
Recovery Point Objective - point in time where data loss is acceptable (i.e. how much time's worth of data are you willing to lose)
226
Continency Planning - BCP and DRP are similar, what do they stand for?
Business Continuity Plan, Disaster Recovery Plan
227
What to BCP and DRP plans almost always include?
A communications plan - who to contact, etc
228
HMAC is a form of what cryptographic technique?
Hashing and Encryption - used for Digital Signatures and Message Integrity
229
HMAC improves the process of hashing by including a what?
Shared secret
230
LANMAN and NTLM1 are forms of what technique, but are considered compromised and shouldn't be used?
Authentication hashing
231
Symetric encryption uses what?
A shared secret to encrypt and decrypt data
232
Its important for Symetric Encryption to do what with the encryption key?
Change it regularly
233
What logon technology uses Symetric Encryption?
RADIUS
234
When using Stream Ciphers - you should never reuse the enc key, T or F?
True
235
What are the 2 most common Block Ciphers in use today?
AES and 3DES
236
What are 2 of the lesser used/known Block Ciphers?
Blowfish and Twofish
237
Risk Management: How to calculate SLE - Single Loss Expectancy?
SLE = Asset Value (AV) x Exposure Factor (EF)
238
What is TSIG & RRSIG normally associated with?
DNSSEC - authenticating DNS update transactions
239
What technology is both PREVENTATIVE & CORRECTIVE?
Anti-virus
240
What's FACL associated with?
File system access control. It's the + at the end of a Linux filename.
241
What is explicit TLS?
Uses the same port as the non-TLS
242
Data Execution Prevention is associated with mitigating what kind of attack?
Buffer Overflow
243
What are 2 technologies associated with encrypting Password data?
Bcrypt and PBKDF2
244
What is PHI?
Protected Health Information
245
What is the difference between PII and PHI?
PII is information about you that personally identifies you.
| PHI is info about your health that centers around access - who has access - to your medical records
246
What are the types of RAID?
RAID 0 - Striped
RAID 1 - Mirrored
RAID 5 - Striped with single parity
RAID 6 - Striped with dual parity
247
What is are the two main terms used with SAML?
Tokens
| Assertions
248
In a AAA architecture what is another name for the "Realm"
SSID (as in Wireless SSID)
249
What does the linux command `ssh-copy-id -i` do?
Copies your PUBLIC key over to a server
250
Best way to sanitize/destroy disk media?
1. Burning - best
2. Shredding
3. **Degaussing**
251
Chain of Custody - Evidence Collection Steps?
1. Install write-blocker
2. Create a hash
3. Perform forensics on copy IMAGE
4. Store original (Faraday Cage)
252
Order of Volatility - Forensics?
Cant - CPU
Remember - RAM
Shit - Swap/Page files
Backups/Peripherals
253
Incident Response - what is PICERL?
1. Prepare
2. Identify
3. Contain
4. Eradicate / Remove
5. Recover
6. Lessons Learned
254
What is a table top exercise associated with and used for?
Part of Incidence Response - PREPARE phase - for hypothetical threat modeling
255
Business Impact Analysis usually deals with these 3 things?
Human Life,
Property,
Safety
256
A Privacy Impact Assessment is usually part of what Analysis?
Business Impact Analysis (BIA)
257
What is the fastest method of restoration for backup of physical machines?
Differential
258
MTTF is usually associated with?
System failures - SPARES!
259
What is Diffie Hellman usually associated with?
Key exchange over untrusted networks (VPN)
260
What is Port Address Translation (PAT)?
Allows you to map multiple routes through one IP
261
5 things that Mobile Device Management provides?
1. Inventory tracking
2. App manager ("App Store")
3. Policy
4. OTA Updates
5. Geofencing
262
BYOD for mobile means...?
Bring your own device
263
COPE for mobile means...?
Company Owned, Personally Enabled
264
CYOD for mobile means...?
Choose Your Own Device - list of approved phones
265
COBO for mobile means...?
Company Owned - Business Only (separate phones)
266
COPE usually involves what 3 things?
Containerization
Application Manager
AUP: Acceptable Use Policy
267
What are Network Access Controls used for?
Health checks on devices accessing the network - think AppGate, VPN checks etc
268
Turning on MAC filtering will affect current connections - T of F?
False - it's a pre-connection policy
269
Forward Proxy is on something that happens on the User side - T or F?
True
270
Reverse Proxies are placed on the user's computer?
False - they are server-side
271
What are 2 acronyms associated with VOIP?
SIP - Session Initiation Protocol
| RTP - Real-time Protocol / RTPS (secure version)
272
What are 2 attacks associated with DHCP?
MITM - rogue devices
| DoS - DHCP Starvation (mitigate via ARP Inspection)
273
DDoS Attacks are associated with what things?
Pings,
Reflective/Amplification,
Spoofing,
SYN:ACK Floods
274
XMAS Tree Attacks are associated with what TCP packet characteristic?
FIN / URG / PSH
275
ARP Poisoning can be mitigated by what rudimentary solution?
Running a batch file to associate the host computer at startup
276
Which tool creates a connection?
Telnet,
nc,
dig
Telnet
| nc
277
What tools can be used for banner grabbing?
NMAP,
telnet,
nbtstat - may give you some info for the computers on your (windows) network
278
What are 2 frameworks that create a "web of trust"
PGP
| GNU Privacy Guard
279
What are some PKI issues (4 total)?
1. Cert is expired
2. CA cert not in trust store / browser
3. Revoked / Suspended
4. Broken chain of trust
280
What is a broken trust chain?
When a certificate doesn't include the intermediate CAs all the way back to Root CA
281
OCSP Stapling accomplishes what 2 things?
Sends cert & OCSP responder info (revocation info) in the same req/response
282
Subject Alternative Name is used for what?
Associating multiple hosts to a single certificate.
| Prevents TYPOSQUATTING
283
CRLs are usually associated with what protocol?
OSCP
