Security Fundamentals and Threats

Questions and Answers

Which type of attack involves a host capturing and relaying communications between two nodes without their realization?

• Man-in-the-Middle (correct)
• Impersonation
• Replay
• Denial of Service

What is the primary purpose of implementing fault tolerance in a computer system?

• To increase the storage capacity of disks
• To improve the performance of the system
• To enhance the visual interface of applications
• To prevent single points of failure (correct)

What is essential to protect against replay attacks?

• Maintaining user passwords solely
• Using firewalls exclusively
• Implementing encryption and time-stamping (correct)
• Regularly updating hardware

Which of the following describes a Denial of Service (DoS) attack?

Overloading a system to make it unavailable (A)

Which RAID level uses disk mirroring to ensure data redundancy?

RAID 1 (D)

Which control measures are part of an effective access control system?

Authentication, authorization, and accounting (B)

What is the main function of an Uninterruptible Power Supply (UPS)?

To continue providing power for a limited time during outages (B)

What does confidentiality in the context of information security refer to?

Information is accessible only to authorized users. (C)

Which of the following best describes integrity in the CIA Triad?

Information is stored and transferred as intended. (A)

What is a key method to mitigate hardware failure in server systems?

Provisioning redundant components (C)

In the context of disaster recovery, why is prioritization important?

To allocate resources effectively during a major disaster (C)

Which of the following is NOT a method that can compromise confidentiality?

Encryption of data in transit. (B)

What does network redundancy entail?

Designing cabling for multiple operational paths (D)

What kind of threats do configuration errors and user errors fall under?

Passive threats (B)

What is the main goal of social engineering attacks?

Obtaining sensitive information about the security system (B)

What is the primary concern when discussing availability in the context of information security?

Guaranteeing that authorized users can access information when needed. (B)

Which of the following describes an example of eavesdropping?

An attacker intercepts unencrypted wireless communications. (B)

What is the primary goal of social engineering?

To obtain confidential information (D)

Which method is NOT commonly used by attackers in impersonation attacks?

Providing genuine technical support (D)

What is dumpster diving in the context of social engineering?

Combing through refuse for sensitive information (B)

Which of the following is a common characteristic of Personally Identifiable Information (PII)?

It uniquely identifies an individual (B)

Shoulder surfing primarily involves which of the following actions?

Observing screen content from a distance (B)

How can organizations best prevent social engineering attacks?

By training users to recognize suspicious activities (D)

What is a common impact of identity fraud on organizations?

Compromising sensitive data (C)

Which action does NOT contribute to defeating social engineering attacks?

Sharing passwords casually with colleagues (A)

When dealing with insider threats, which detail is crucial for attackers to know for an effective impersonation?

The employee's name and title (C)

What is the recommended action when entering sensitive information in public places?

Always cover the screen and keyboard (A)

Flashcards are hidden until you start studying

Study Notes

Security Fundamentals

• Security involves controlling access to resources, balancing accessibility with protection.
• The CIA Triad: Confidentiality, Integrity, and Availability.
  • Confidentiality: Information accessible to authorized users only.
  • Integrity: Information stored and transferred as intended, modifications authorized.
  • Availability: Information accessible to authorized users for viewing or modification.

Security Threats

• Confidentiality Concerns:
  • Snooping: Unauthorized access to information on devices.
  • Eavesdropping/Wiretapping: Intercepting data or conversations over the network.
  • Social Engineering/Dumpster Diving: Tricking users into revealing information or retrieving discarded data.
• Integrity Concerns:
  • Man-in-the-Middle (MitM): Interception and manipulation of communication between two parties.
  • Replay Attacks: Capturing and replaying responses for unauthorized access.
  • Impersonation: Gaining access to a system by pretending to be a legitimate user.
• Availability Concerns:
  • Denial of Service (DoS): Attacks that disrupt service availability.
  • Power Outage: Loss of power affecting computer operations.
  • Hardware Failure: Component failure leading to server downtime.
  • Destruction: Loss of service or data due to physical damage.
  • Service Outage: Disruptions caused by any of the above threats.

Authorization, Authentication, and Auditing

• Authentication: Proving user identity and associating it with an account.
• Authorization: Restricting access to resources based on user permissions.
• Accounting: Recording access times and users for audit purposes.

Social Engineering

• Techniques used to obtain information or unauthorized access.
• Impersonation: Pretending to be someone else to gain trust and information.
• Trust and Dumpster Diving: Establishing trust by obtaining information about the organization and searching for discarded documents.

Identity Fraud

• Compromising computer accounts or masquerading as a user.
• Authentication Subversion: Discovering and exploiting user credentials for account access.
• Masquerading: Subverting account creation processes to create fake accounts.
• PII Theft: Obtaining Personally Identifiable Information, such as name, birthdate, social security number, etc., for fraudulent activities.

Shoulder Surfing

• Watching users enter sensitive information, potentially using visual aids like binoculars or CCTV.

Defeating Social Engineering Attacks

• User Training: Educating users to identify and respond to social engineering attempts.
• Technical Support Awareness: Understanding the process to prevent manipulation.
• Workstation Security: Locking devices when unattended to prevent unauthorized access.
• Password Security: Avoiding password disclosure in front of others.
• Physical Security: Enforcing access control and challenging unauthorized individuals.

Business Continuity

• Maintaining business operations despite disruptions.
• Fault Tolerance: Implementing redundant components to prevent single points of failure.
• Contingency Planning: Designing strategies and resources to handle failures and outages.
• Data Redundancy: Using RAID technology to create fault-tolerant disk arrays.
• Network Redundancy: Providing multiple network adapters and pathways for fault tolerance and load balancing.
• Power Redundancy: Using backup power sources like UPS and generators to protect against power outages.

Site Redundancy and Replication

• Replication: Synchronizing data across servers and sites to ensure data availability during failures.

Disaster Recovery

• Planning for disaster scenarios to ensure recovery and business continuity.
• Disaster Plans: Developing strategies and resources for handling diverse disaster events.

Disaster Recovery Planning

• Organizations should develop disaster recovery plans for high-risk scenarios
• Plans should identify tasks, resources, and responsibilities
• Plans should prioritize system restoration based on dependencies
• Example: Website front-end servers depend on database servers

Data Restoration

• Data can be restored from backup or replication
• Data integrity must be checked before user access is re-enabled
• Corrupted data or faulty database systems can be made worse by adding more data

Restoring Access

• User access should be re-enabled after verifying the restored system's integrity
• Monitor the system for normal operation
• Limit user access initially to reduce stress on the system