Module 5 Review Exam

Questions and Answers

What is the primary security risk associated with self-signed certificates?

• They lack validation from a trusted Certificate Authority (CA), making them inherently untrusted. (correct)
• They cannot be used for test or development environments.
• They are not easy to manage and require significant administrative overhead.
• They are always used for critical assets, making them vulnerable to attack.

What is the main reason why self-signed certificates should not be used to protect critical assets?

• They do not provide adequate encryption for sensitive information.
• They are not compatible with modern web browsers.
• They lack validation from a trusted Certificate Authority (CA), making them potentially unsafe. (correct)
• They are not easily scalable for large deployments.

Which statement accurately describes a potential security concern with self-signed certificates?

• They are difficult to manage and require significant administrative overhead.
• They are inherently secure because the issuer also verifies the certificate.
• They can be designated as untrusted and set to never expire, potentially creating a security risk if not implemented correctly. (correct)
• They can only be used for test or development environments.

Which of the following is NOT a risk associated with password-only authentication?

Password-only authentication requires the use of a strong password, making it difficult for users to remember. (C)

What is the primary reason why multifactor authentication (MFA) is considered more secure than password-only authentication?

MFA utilizes two or more distinct factors, making it harder for unauthorized individuals to gain access. (C)

Why are single knowledge factors (such as passwords) considered the easiest to defeat?

Knowledge factors can be social engineered or guessed. (D)

Which of the following scenarios best exemplifies the concept of low entropy in passwords?

A password created with readily available information about the user, such as a birthdate. (A)

Which of the following tactics can be used to mitigate the risks of shoulder surfing?

Using privacy screens to prevent side-angle viewing (B)

What is the primary difference between tailgating and piggybacking?

Tailgating involves an unauthorized individual entering a secured area, while piggybacking involves an authorized individual granting access to an unauthorized person. (A)

Which of the following security measures would be MOST effective in preventing both dumpster diving and shoulder surfing?

Educating employees on data handling protocols and physical security (C)

In the context of shoulder surfing, what is the most crucial factor that attackers leverage?

Taking advantage of human negligence and distraction (A)

What is the primary reason why shoulder surfing can lead to financial loss for organizations?

Attackers can gain access to sensitive information like financial data and use it for fraudulent transactions. (C)

What is the primary benefit of implementing the least privilege model in an organization?

It minimizes the risk of both accidental and intentional security breaches. (D)

Which action is NOT part of the deprovisioning process for user accounts?

Granting additional permissions to the user. (D)

In user account management, why is it recommended to assign permissions to security groups rather than individual users?

To streamline the management of permissions and enhance security. (D)

What does the 'Authentication' aspect of RADIUS primarily involve?

Verifying the identity of users accessing the network. (B)

Best practices for account provisioning include which of the following?

Ensuring accounts are created for any users needing temporary access. (D)

Which of the following statements about privileged access is true?

Privileged access should only be granted to select users based on the least privilege model. (B)

What does provisioning involve in the context of information technology?

Creating and configuring resources necessary for specific activities. (C)

Which of the following best describes the concept of 'deprovisioning'?

Revoking user account access when a user changes, leaves, or no longer needs it. (C)

What security aspect does RADIUS primarily enhance in a network?

Centralized user management and credential verification. (C)

Which of the following is NOT a benefit of using TOTP for authentication?

TOTP relies heavily on network connections for code delivery, enhancing security. (B)

What happens when a user enters a TOTP code during the login process?

The system calculates a code using the same algorithm and shared secret as the user's device. (D)

What is the primary function of a shared secret in TOTP?

Enabling both the authentication app and the system to produce identical time-based codes. (A)

What is the main security risk associated with the theft of a device with a TOTP app installed?

The thief can potentially access any accounts protected by the app's shared secret. (C)

Which of the following best describes the concept of Single Sign-On (SSO)?

A system where users can access multiple accounts using a single, unified login. (C)

How does SSO enhance user experience?

By eliminating the need for separate logins for each service. (D)

What is the role of an authentication token in SSO?

It acts as a digital key that allows the user to access authorized resources without further authentication. (B)

What is a potential security vulnerability of SSO?

If a single account is compromised, the attacker may gain access to all the resources linked to that account. (D)

How does TOTP differ from SSO?

TOTP focuses on securing individual accounts, while SSO primarily manages access to multiple applications. (A)

What is the primary purpose of deception technologies in cybersecurity?

To confuse and mislead the attacker (A)

Which statement accurately describes a honeypot?

A honeypot mimics essential services to attract adversaries for data collection. (A)

What are honeynets used for in cybersecurity?

To connect multiple honeypots to simulate a broader attack surface (A)

Which statement about the configuration of honeypots is correct?

Honeypots are ineffective when not configured correctly. (A)

What role does physical security play in an organization's cybersecurity posture?

It aids in ensuring the confidentiality, integrity, and availability of assets. (C)

Which of these is NOT a function of security cameras in physical security?

Preventing physical attacks with alarm systems (D)

How do deception technologies assist in defending against future attacks?

By providing real-time insights into attacker behaviors and tools. (B)

What is the risk associated with honeypots that are not carefully deployed?

They can easily be identified and used by attackers for further compromise. (D)

Which best describes the difference between a honeypot and a honeynet?

Honeynets consist of multiple honeypots working together. (B)

What is an essential aspect of physical security measures?

They help prevent unauthorized physical access to critical infrastructure. (D)

Flashcards

Self-signed certificates

Certificates generated, signed, and issued by the same entity, lacking external validation.

Untrusted Certificates

Certificates that are not validated by a trusted Certificate Authority (CA).

Identity and Access Management (IAM)

Framework for managing who has access to what resources, ensuring proper security measures.

Weak Authentication

Using a single username and password for verifying identities; generally considered insecure.

Multifactor Authentication (MFA)

Authentication that requires multiple factors for access, enhancing security.

Something You Know Factor

A type of knowledge-based authentication, such as passwords or PINs.

Low Entropy Passwords

Passwords that are easily guessable due to their simplicity or commonality.

TOTP

Time-Based One-Time Password, a secure code used for authentication.

Shared Secret

A random key shared between the user and authentication app.

Code Generation

The process of creating a temporary code using time and the shared secret.

User Verification

The process where a user enters their unique code along with username/password.

Replay Attack

A security attack where valid data transmission is maliciously repeated.

Single Sign-On (SSO)

Allows access to multiple applications with one login.

Authentication Token

A digital key passed to access multiple resources after one login.

Authenticator App

An application that generates TOTP codes for multi-factor authentication.

Short-Lived Codes

Temporary codes valid for a short period to enhance security.

Least Privilege Model

A security principle where users are granted minimum permissions needed to perform their job.

Provisioning

The process of creating and configuring user accounts or access to services in IT.

Deprovisioning

Revoking access from user accounts when they leave or change roles in an organization.

User Account Management

Managing the creation, maintenance, and deletion of user accounts in a system.

Permission Assignment

Determining and granting specific access rights to user accounts based on roles.

Security Groups

Collections of user accounts with shared permissions for easier management.

Privileged Access

Special access rights that are granted to certain user accounts, often limited in number.

Remote Authentication Dial-In User Service (RADIUS)

A protocol providing centralized Authentication, Authorization, and Accounting services for secure access.

Authentication

The process of verifying a user's identity, often through usernames and passwords.

Access Control

Ensuring that only authorized users can access certain systems or data, based on their permissions.

Shoulder Surfing

A method where attackers observe sensitive data by watching someone enter it, often in public spaces.

Physical Security Measures

Steps taken to secure areas like dumpsters, including locks and access restrictions to protect data.

Tailgating

When an unauthorized individual follows an authorized person into a secure area without permission.

Security Awareness Training

Training that helps employees recognize threats like shoulder surfing and tailgating, promoting vigilance in secure areas.

Privacy Screens

Screen filters used to prevent side-angle viewing of sensitive information on devices.

Deception technologies

Tools that mislead attackers to gain intelligence about their methods and tools.

Honeypot

A decoy system that simulates a target service to attract and gather data from attackers.

Honeynet

A network of interconnected honeypots that simulates a real network, providing broader data collection.

Active attacker

An individual or group attempting to compromise a system while being monitored or engaged.

Cybersecurity analysts

Professionals who monitor and analyze digital systems to detect threats and respond to breaches.

Physical security

Measures taken to protect an organization’s physical assets against unauthorized access or damage.

Security cameras

Devices used to monitor, record, and deter unauthorized activities in sensitive locations.

Decoy systems

Tools set up intentionally to mislead attackers or detect unauthorized access when they engage with them.

Compromise

To expose a system to danger or unauthorized access, typically through vulnerabilities.

Unauthorized access

Accessing a system or resource without permission or legal right, often a breach of security.

Study Notes

Common Security Terminology

• Vulnerability: A weakness in a system, application, or process that a threat actor can exploit to gain unauthorized access or cause damage. Examples include software bugs, misconfigurations, or poor security practices like an outdated operating system.
• Threat: Any potential event or actor that can exploit a vulnerability to harm a system, network, or data. Threats can be intentional (e.g., hackers, malware) or unintentional (e.g., human error, natural disasters).
• Threat Actor: An individual, group, or entity that targets systems, networks, or data by exploiting vulnerabilities to achieve malicious objectives, such as data theft, operational disruption, or unauthorized access.
• Exploit: A method or tool a threat actor uses to attack. Examples include malicious code, scripts, or procedures designed to compromise a target, such as a phishing email containing a link to a website exploiting a browser vulnerability to install malware.
• Risk: Potential loss, damage, or harm when a threat actor exploits a security breach or vulnerability. It measures the likelihood of a threat exploiting a vulnerability and its impact.

Confidentiality, Integrity, and Availability (CIA)

• Confidentiality: Protecting information and ensuring only authorized subjects (users, processes, systems) can access it. In a healthcare organization, securing patient medical records with encryption is an example.
• Integrity: The information will be protected against modification by unauthorized subjects. Changes are monitored and alerted to prevent tampering with transaction information in an online banking system.
• Availability: Ensuring reliable access to information when needed for authorized subjects, ensuring timely access to the information.

Logical Security

• Encryption: A cybersecurity process that converts readable information (plaintext) into an unreadable format (ciphertext) using algorithms and cryptographic keys. It ensures confidentiality during transmission. 
• Data in Transit: Data transferred between locations, such as over a network. Encryption protects data traversing networks.
• Protocols: Methods to secure data in transit like TLS, SSL, and IPsec. TLS secures web traffic (e.g., HTTPS), email, file transfer and other application-level communications. IPsec provides encryption and authentication at the network layer.
• SSH: Encrypts command-line access to remote devices. 
• Logical security: The use of software and rules to protect a network and ensure data security from unauthorized access 

Encrypting Data at Rest

• Data at Rest: Digital information stored on a device that is not being used or transmitted.
• Full Disk Encryption: Encrypts the entire storage device, including the operating system, applications, and user data.
• File-Level Encryption: Encrypts individual files rather than the entire device.
• Third-Party Software: Tools such as 7-Zip, AxCrypt, and GPG are used for file encryption.

Symmetric and Asymmetric Encryption

• Symmetric Key Cryptography: Uses a single shared key for both encryption and decryption.
• Asymmetric Key Cryptography: Uses a separate public key and private key (key pair). Public key used for encryption, and the private key used for decryption. Common is RSA and ECC.

Public Key Infrastructure (PKI)

• Certificates: Electronic ID cards proving owner identity and securely distributing public keys.
• Certificate Authority (CA): Trusted party issuing, signing, and storing digital certificates.
• Public Key Infrastructure (PKI): A framework managing certificate creation, distribution, and validation for secure communication like web traffic or emails.

Certificate Revocation List (CRL)

• CRL: List of revoked and suspended certificates.
• Validity Check: Browsers check certificates' validity (publication date, expiry, and revocation).
• Updates: Browsers typically download CRL updates to maintain correct certificate status.
• OCSP: An alternative method to retrieve certificate information in real time.

Self-Signed Certificates

• Self-signed Certificates: Certificates signed by the entity using the certificate, meaning there is no validation from a trusted CA. Use for development or test purposes, not production environments.
• Security risk: Should not be used for securing critical assets.

Identity & Access Management (IAM)

• IAM: A framework to manage access to resources and ensure the right personnel, devices, and things have access at the appropriate time. A centralized user directory is commonly used.
• Authentication: Proving that the user is who they claim to be.
• Multifactor Authentication (MFA): Using a combination of authentication factors to strengthen security.
• Something you Know: Knowledge factor like passwords, PINs.
• Something you Have: Possession factor like smart cards, USB keys.
• Something you Are: Inherence factor like biometrics.

Somewhere You Are Factor

• Location-based Factor: Locating a device in a defined space and enforcing access or security changes. Example- a device crossing a border and triggering an alarm. This can be done internally or for external connections.

Time-Based Authentication (TOTP)

• Time-based One-Time Passwords (TOTP): Generate ephemeral, unique codes based on a shared secret and current time. Used for extra authentication.
• TOTP generation: Code is generated using a secret key and current time.
• Implementation: Using mobile apps or software.

Single Sign-On (SSO)

• Single Sign-On (SSO): Authenticate once and gain access to multiple associated resources without further authentication.

Lightweight Directory Access Protocol (LDAP)

• Lightweight Directory Access Protocol (LDAP): Open, vendor agnostic protocol used by applications to query, update, and add data. Used for storing & accessing user credentials, etc., often with SSO systems.

Security Assertion Markup Language (SAML)

• SAML: Used for securely exchanging authentication/authorization data between an identity provider and service provider.

Authorization

• Authorization: Restricting what users can do within a system once they have authenticated. Permissions and privileges are assigned.

Role-Based Access Control (RBAC)

• RBAC: Systems assign permissions based on roles, not just identity.
• Least Privilege: Assign only necessary permissions to individuals, reducing security risks.

Account Management, Provisioning & Deprovisioning

• Provisioning: The process of creating and implementing resources and services to allow execution of specific activities.
• Deprovisioning: Revokes access to an account when a user leaves an organization, changing roles or moving.

Remote Authentication Dial-In User Service (RADIUS)

• RADIUS: Centralized AAA (Authentication, Authorization, Accounting) services for secure remote access using usernames/passwords or certificates.

Terminal Access Controller Access Control System Plus (TACACS+)

• **TACACS+: **AAA protocol for managing access to network devices and separating features.

Geofencing

• Geofencing: A logical security method using geographical boundaries. Access restrictions can be applied within a geographic boundary, and monitoring can be applied.

Internet of Things (IoT) & Industrial Internet of Things (IIoT)

• IoT / IIoT: Networked physical devices, including smart devices (home or business) in manufacturing.
• Vulnerabilities: Lack of built-in security features making them susceptible to attacks.
• Security: Network segmentation required to isolate these devices from rest of the network.

Supervisory Control and Data Acquisition (SCADA)

• SCADA: Used in industrial environments for long-distance monitoring and control.

Guest Networks

• Guest Networks: Designated sections of a network for visitors or temporary users, preventing access to internal systems.

Deception & Disruption

• Deception Technologies: Used to attract and learn about attacker behavior & tools.
• Honeypots: Mimic crucial services or systems to lure attackers, capture data about their techniques and activities.

Physical Security

• Security Cameras and Surveillance: Monitor activity in restricted areas and sensitive locations for audits and investigations.
• Locks: Security and control of access.

Audits and Regulatory Compliance

• Audits and Compliance: Enforces security practices.
• Data Locality: Restricting data processing and storage to certain geographic regions.
• Payment Card Industry Data Security Standards (PCI DSS): Framework for securing payment systems and cardholder data.
• General Data Protection Regulation (GDPR): Protects personal data and privacy.

Social Engineering

• Social Engineering: Manipulates users into revealing sensitive information.
• Phishing Attacks: Pretending to be a trustworthy entity to gain access.
• Techniques: Emails, SMS, fake pages imitating legitimate sites.
• Protection Measures: Validate sender info, check URLs, be cautious of attachments, and use two-factor authentication (2FA).

Dumpster Diving

• Dumpster Diving: Accessing discarded documents or materials to gather sensitive information.
• Detection: Educate employees on waste disposal procedures, use cross-cut shredders.

Denial of Service (DoS) Attacks

• Denial of Service (DoS): Attacks aimed at making a service unavailable to legitimate users. 
• Buffer Overflow: Exploit vulnerabilities leading to crashes and security breaches.
• Flooding: Overwhelming the target with requests.
• Distributed Denial of Service (DDoS): Multiple sources overwhelming target.

On-path Attack

• On-path Attack: Attackers intercepting communications between devices.
• Forms: Passive (monitor communications), active (inject or modify data).
• Methods: Wi-Fi eavesdropping, DNS spoofing, session hijacking & ARP spoofing.

VLAN Hopping

• VLAN Hopping: Exploiting VLAN configurations to gain unauthorized access to other VLANs.
• Methods: Switch spoofing, double tagging to gain access to different VLANS on a network.

Device Hardening

• Device Hardening: Strengthening the security of each device by changing default settings to reduce vulnerabilities.
• Methods: Disable unused ports and services, change default user credentials and passwords, use secure protocols (802.1x), and use port security & MAC filtering.

Key Management

• Key Management: The process and practices related to keys across the whole lifecycle.
• Methods: Key generation, distribution, storage, rotation & revocation; securing data in transit & at rest.