Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Security Final
| Question | Answer |
|---|---|
| What are the three parts of the Security Triad? | Confidentiality, Integrity, Availability |
| What are the levels of security classification? | Unclassified Sensitive Confidential Secret Top Secret |
| What are 7 security measures? | Authentication, Anti-Virus Software, DMZ IDS/IPS, Logging, Physical Security, VPN |
| Name 3 Security Controls | 1. Administrative (Policies and Procedures Governing, Technical, end-user) 2. Physical (Mechanical) 3. Technical (Hardware and Software) |
| Formula for managing risk | Annualized Rate of Occurrence (ARO) Single Loss Expectancy (SLE) Asset Value (AV) Exposure Factor (percentage Destroyed - EF) SLE = AV x EF ALE=SLE x ARO |
| How to evaluate risk. | 1. Threat -ÂÂ External Danger 2. Vulnerability -ÂÂ A weakness in the System 3. Exploit -ÂÂ takes advantage of vulnerability 4. Probability -ÂÂ Annualized Rate of Occurrence 5. Impact - Single Loss Expectancy |
| Risk | net impact of exploitation of vulnerability |
| Vulnerability Testing Tools | - Packet Analyzer Wireshark) - Network Scanner - Vulnerability Scanner (Nessus) - Password Cracker - Penetration Testing (Metasploit) - Data Mining (meatgo) - War Driving |
| Quantitative vs qualitative risk analysis | Quantitative risk analysis uses a mathematical model. Qualitative risk analysis uses a scenario model. Risk management uses mechanisms to reduce risk. |
| 4 ways of dealing with Risk | 1.Risk Avoidance 2. Risk Acceptance 3. Risk Transfer 4. Risk Reduction |
| 9 steps of Risk Assessment | 1. System Characterization 2. Threat Identification 3. Vulnerability Identification 4. Control Analysis 5. Likelihood Determination (ARO) 6. Impact Analysis (EF) 7. Risk Determination SLE & ALE 8. Control Recommendations 9. Results Documentation |
| Systems Development Lifecycle (SDLC) Phases | 1. Initiation 2. System Concept Development 3. Planning 4. Requirements Analysis 5. Design 6. Development 7. Integration and Test 8. Implementation 9. Operations and Maintenance 10. Disposition |
| Phase 1 - Initiation | a. Security Categorization b. Preliminary Assessment |
| Phase 2 - Acquisition | a. Cost Considerations b. Security Planning c. Testing |
| Phase 3 - Implementation | a. Inspection b. Integration c. Certification d. Accreditation |
| Phase 4 - Operations | a. Config mgmt and ctrl b. Continuous monitoring |
| Phase 5 - Disposition | a. Information Preservation b. Media Sanitization c. Disposal |
| Principles of Operations Security | 1. Separation of Duties a. Two Man control b. Dual Operator 2. Rotation of Duties 3. Trusted Recovery |
| Change and Configuration Conrol | 1. Apply 2. Catalogue 3. Schedule 4. Implement 5. Report |
| Incident Handling | 1. Preparation 2. Identification a. Event or incident 3. Containment 4. Eradication 5. Recovery 6. Documentation |
| Exploitation Steps | 1. Reconnoiter 2. Exploit 3. Escalate 4. Download 5. Backdoor 6. Leverage |
| Standard ACLs | filter source address only |
| Extended ACLs | filter destination, ports, etc. |
| Dynamic ACLs | Also known as lock and key ACL. Lock-and-key access allows you to set up dynamic access lists that grant access per user to a specific source/destination host through a user authentication process. |
| Time-based ACLs | activate at specific times |
| Reflexive ACLs | Reflexive access lists provide the ability to filter network traffic at a router, based on IP upper-layer protocol "session" information. |
| What are firewalls? | Software or hardware set up in such a fashion so as to allow or prevent network communication over various ports or protocols. |
| What is an IDS | An Intrusion Detection System. It can log malicious packets, but cannot take immediate action. |
| What is an IPS | An Intrusion Protection system. It can identify malicious packets and can take immediate action |
| What is a True Positive | It is when your firewall blocks and logs a malicious event as such. It worked as intended. |
| What is a False Positive | It is when your firewall logs an even as potentially harmful and blocks it, even though it is not. It is a waste of resources |
| What is a True Negative | It's when your firewall logs an actual harmless event as harmless and allows it. Nothing to see here |
| What is a False negative | Worst case scenario, it's when your firewall logs something as safe and allows it, but it is really malicious. |
| What is a Honeypot | a decoy system (IPS) Lures and traps hackers Can distract and confuse attackers Can log attacks in detail Can collect data on attackers |
| What are Proxies | (IPS) Forward – pass internal requests out Open – pass requests anywhere Reverse – pass requests from Internet |
| What is Cryptography | study of code and ciphers |
| What is Cryptoanalysis | how to break codes and ciphers |
| What is Sigint | Intelligence from interception of signals |
| What is Comint | Communications Intelligence |
| What is Elint | Electronics Intelligence |
| What is DES? | Data Encryption Standard |
| What is AES? | Advanced Encryption Standard |
| What are the goals of Encryption? | 1. Confidentiality 2. Data Integrity 3. Authentication 4. Non-Repudiation |
| What is a Cipher | Encrypts and decrypts |
| What is Encryption | convert plain text to ciphertext |
| What is Decryption | Convert ciphertext to plain text |
| What is Symmetric Encryption | Same key is used to encrypt and decrypt msg |
| What is Asymmetric Encryption | Receiver has private key, receives public key from sender. |
| What are the characteristics of DES | Symmetric 64-bit block 56-bit key strength |
| How does Triple-DES work | 1. Sender Encrypts Key A 2. Sender Decrypts key B 3. Sender Encrypts Key C 4. Cipher text 5. Receiver Decrypts Key C 6. Receiver Encrypts Key B 7. Receiver Encrypts Key A 8. Plain Text |
| What are three common Encryption Methods | 1. Rotation 2. Substitution 3. Permutation |
| What are 4 DES Modes | 1. ECB (Electronic Code Book) 2. Cipher Block Chaining (CBC) 3. Cipher Feedback (CFB) 4. Output Feedback (OFB) |
| What is RSA? | It's one of the first public key cryptosystems. Its names is based on its three inventors - Rivest, Shamir, Adleman |
| What is Steganography | Steganography conceals data in a carrier medium |
| What is Null Cipher | A method of steganography where a message hidden in the body |
| What is Injection | A method of steganography where data is hidden in unused part of file |
| What is Substitution | A method of steganography where non-critical data is replaced |
| What are 4 Means of Authentication | 1. Something you know 2. Something you have 3. Something you are 4. Something you do |
| What are some means of exploiting Password Vulnerability | 1. Offline Dictionary attack 2. Specific Account attack 3. Popular password attack 4. Password guessing 5. Workstation hijacking 6. Exploiting user mistakes 7. Exploiting multiple password use 8. Electronic monitoring |
| What are four password protection techniques | 1. User education 2. Computer generated passwords 3. Reactive password checking 4. Proactive password checking |
| What are two examples of Token-based authentication | 1. Memory cards 2. Smart Cards |
| Principles of access control | 1. Authentication 2. Authorization 3. Audit |
| Policies for access control | 1. Discretionary Access Control (DAC) 2. Mandatory Access Control (MAC) 3. Role-based Access Control (RBAC) |
| What is Discretionary Access Control (DAC) | Controls access based on the identity of the requestor and on access rules. Discretionary because one person can set permissions. |
| What is Mandatory Access Control (MAC) | Controls access based on comparing security labels with security clearances. |
| What is Role-based Access Control (RBAC) | Controls access based on roles that users have within the system and on rules stating what accesses are allowed users in given rules. |
| Which iptables rule would generate a destination unreachable error? | iptables –A FORWARD –s 0/0 –d 0/0 –j REJECT |
| Standards for protocols and associated information are first published in? | RFCs |
| ICMP protocol is specifically designed to do what? | Check & report on network error conditions |
| What is an example of egress filtering? | Only allowing traffic to leave you network with a source IP in your company's IP range |
| Which vulnerability is considered the hardest to harden against? | The human element |
| In security environments, Authorization means | Using your identity to assign access rights |
| It is possible to capture packets from the network that are not destined for your machine. | True |
| During a packet capture, you notice a couple of TCP packets with the “F” flag and some “A” flags. What is likely going on? | A TCP/IP session shutdown process |
| Which of the following devices are likely to be found at the network perimeter? | "Firewall" "Border Router" "Remote Access Gateway" VLAN Switch Protected Web Servers |
| TCP has ___ states | 11 |
| Based on the packet capture code below, what network protocol is being used? 4500 0064 0000 4000 40"01" b755 c0a8 0101 | ICMP |
| The loss or omission of one of the goals of security is known as: | A compromise |
| Which of the following tools will help you determine which services are running on a port? | Ping Nmap "Nessus" Traceroute Nslookup |
| A stateful inspection firewall creates a ___ to track history for each communication. | State Table |
| Which one of the following software tools are not considered to be a packet sniffer? | "Ping" Snort "Nmap" Ethereal Tcpdump |
| An ___ is to detection what an ___ is to protection. | IDS, IPS |
| Which of the following statements about packet filtering routers is FALSE? | Can examine ports Can examine flags "Can examine protocol commands" Can examine addresses None of the above answers are true |
| Packet sniffing is a form of | Passive reconnaissance |
| ___ is a mechanism to verify identity prior to allowing access to protected resources. | Access control |
| Computer A wishes to open a TCP session with Computer B. If Computer A's initial sequence number is 145678913, then Computer B will respond with: | An initial sequence number of its own and an acknowledgement number of 145678914 |
| The Data ____ is the person having responsibility and authority for data, while the Data ___ is the entity temporarily accessing and/or modifying the data. | Owner, Custodian |
| Passwords are considered to be the most common security weakness. | True |
| When referring to firewalls, the word chains means: | A set of rules created for a specific type/direction of traffic |
| A proxy server is responsible for: | Making information requests to the outside world as if it was you doing it |
| The DoD Trusted Computer Evaluation Criteria is also known as: | The Orange Book |
| A ___ attack does not involve the end-user in the attack, while in a ___ attack there is an actual active victim to the attack. | Spoofing, Hijacking |
| Based on the packet capture code below, what protocol is being used? "45"00 0064 0000 4000 4001 b755 c0a8 0101 | TCP ICMP UDP ARP "None of the above" |
| Which of the following is not an Access Control mechanism? | Photo ID Biometrics RFID Passwords "They are all Access Control mechanisms" |
| When talking about O/S passwords, a “salt” refers to: | The random bits used as part of the input for encrypting the password |
| A ___ outlines specific requirements or rules that must be met. | Policy |
| Each TCP connection is uniquely identified by: | A. Source and Destination IP B. Source and Destination Port C. Sequence Number D. Connection Number "A & B only" |
| Which of the following is not an Access Control Protocol? | CHAP SSL PAP "TCP" 802.11x |
| This tool is considered to be a port sniffer/mapper, but not a vulnerability scanner. | NMap |
| Which of the following is not one of the Security Goals? | Security "Accountability" Ease of Use Functionality They are all Security Goals |
| Stateful Inspection Firewalls can examine all layer 4 information in the packet and application level commands. | False |
| Scanning network traffic using a sniffer is not considered an infraction in Canadian Law. | False |
| In the CIA Triad, ____ is responsible for ensuring that legitimate users maintain access to information and resources they need access to. | Availability |
| Which one of the following is NOT a fundamental principle of the Computer Security Triad? | Confidentiality Integrity Availability "Disclosure" Accountability |
| Decoding captured packets | DESTINATION MAC (6 bytes), SOURCE MAC (6 bytes) |
Created by:
evilfrosty
Popular Computers sets