Understanding Password Security Methods

Questions and Answers

What type of attack is primarily facilitated by users creating passwords from dictionary words?

• Hybrid attack
• Mask attack
• Dictionary attack (correct)
• Brute force

Which attack method is recognized as the last resort in cracking a stolen password digest file?

• Dictionary attack
• Hybrid attack
• Rule list attack
• Brute force attack (correct)

Which of the following should definitely NOT be stored in a secure password database?

• Plaintext password (correct)
• Salt
• Password digest
• Iterations

Which type of password is driven by specific events and can be considered time-based?

TOTP (C)

What feature allows cryptographic proof that a user possesses a specific device model during authentication?

Attestation (B)

Which of the following is NOT typically considered a form of multi-factor authentication (MFA) using a smartphone?

Password strength meter (A)

Which statement about dictionary attacks is true?

They exploit the use of common words in user passwords. (C)

Which attack method is explicitly designed to use a fixed format for generating password guesses?

Mask attack (A)

Which of the following describes the primary technique behind dictionary attacks?

They primarily rely on a list of preselected words. (A)

What is the characteristic of a password that should make it unfit for storage in a secure password database?

It is plaintext. (A)

When discussing various password attack strategies, which method is primarily used as a fallback when others fail?

Brute force attack (C)

Which component is essential for establishing the uniqueness of a hashed password in a database?

Salt (D)

Which one-time password mechanism is designed to generate codes based on events occurring?

HOTP (C)

What type of authentication is characterized by the cryptographic proof of device ownership?

Attestation (A)

Which of the following practices can undermine multi-factor authentication security on a smartphone?

Implementing SMS text messages (C)

Which attack does NOT benefit from utilizing pregenerated rules for accelerating password cracking?

Brute force attack (D)

Which element is constantly critical when devising secure password hashes?

Incorporating unique salts for each user (D)

Which of the following statements regarding hybrid attacks is inaccurate?

They are the fastest among all cracking methods. (A)

What potential weakness of RSA is highlighted by the increasing power of computers?

The security of RSA is based on the difficulty of factoring. (A)

Which symmetric cryptographic algorithm is currently considered the strongest?

Advanced Encryption Standard (AES) (C)

When Bob wants to send a secure message to Alice via asymmetric encryption, which key should he use for encryption?

Alice’s public key (A)

Which verification ability is NOT provided by a digital signature?

Ensure the identity of the receiver (D)

Which statement regarding RSA's method of producing a digest is accurate?

RSA does not produce a digest like a hash function. (B)

Which option is recognized as a method for quickly sharing cyberthreat indicators?

Automated Indicator Sharing (AIS) (D)

Which of the following protocols is specifically designed for exchanging cyberthreat intelligence over HTTPS?

TAXII (A)

What are two key challenges associated with private information sharing centers?

Limited access to data and restricted participation (B)

Which statement correctly describes a drawback of threat maps?

Many maps show historical attack data instead of real-time metrics. (D)

Which of the following is a fictitious application protocol related to cyberthreat intelligence?

AIP-TAR (A)

Which of the following responses addresses challenges related to data sharing during cyber threat intelligence exchanges?

Time lags in reporting and accessibility for external partners (A)

What is a characteristic of Structured Threat Information Expression (STIX)?

STIX is a language used to represent threat information. (A)

What is one of the major inaccuracies of threat maps?

The locations of threat actors are often misrepresented. (A)

When monitoring the dark web, what is a primary reason Luca faced difficulty in finding information?

Search methods on the dark web differ significantly from the regular web. (B)

Which statement is true regarding the advancements of UEFI over BIOS?

It ensures stronger boot security. (B), It supports network booting and functionality. (C)

What is the purpose of the Measured Boot security mode?

To log information about the boot process for remote assessment. (B)

Which of the following is NOT viewed as an improvement in OS security configurations?

Restricting patch management practices. (A)

In what way do dark web search engines differ from regular search engines?

They typically require specialized browsers like Tor. (D)

What aspect of UEFI is unrelated to USB 3.0 support?

Ensuring backward compatibility with earlier USB standards. (A)

Which boot security mode focuses on validating the integrity of boot components?

Trusted Boot (C)

What common misconception might users have about threat maps?

They show precise attacker locations. (B)

Which of these options is NOT a basic security protection that cryptography can provide?

Risk (D)

Which hash algorithm produces the longest and most secure digest?

SHA3-512 (D)

Which of the following is NOT classified as a symmetric cryptographic algorithm?

SHA (A)

Which item is not intended to be decrypted and is used solely for comparison?

Digest (D)

Which of these statements is NOT a characteristic of a secure hash algorithm?

Collisions should occur no more than 15 percent of the time. (C)

Which algorithm is known to have vulnerabilities and is considered insecure?

MD5 (A)

Which cryptographic algorithm has a key length limitation that reduces its security?

DES (A)

Which of the following is intended for secure data integrity verification but not for decryption?

Hash (B)

Which algorithm is primarily used for data verification rather than encryption?

SHA-1 (D)

Which term accurately refers to vulnerabilities within a cryptographic algorithm?

Weakness (C)

Which process is used to ensure that a user cannot deny performing a specific action?

Nonrepudiation (D)

What does steganography primarily achieve?

Hiding the existence of information (A)

Which of the following ciphers involves rotating the alphabet by a fixed number of steps?

ROT13 (A)

Which statement is true about 'security through obscurity'?

It cannot provide complete security assurance to the user. (A)

What is the most accurate definition of encryption?

Making data obscure and unreadable (B)

Which term refers to the process of converting ciphertext back into plaintext?

Decryption (B)

What is the primary goal of using cryptography in communication?

To protect against unauthorized access (A)

What type of cipher is described as a binary operation comparing two bits?

XOR cipher (C)

Which aspect is NOT typically a function of cryptographic algorithms?

Data compression (D)

Which term refers to making something obscure or unclear?

Obfuscation (A)

Which of the following attacks is recognized as the slowest but most exhaustive method for password cracking?

Brute force attack (A)

Which of the following is NOT a method used for multifactor authentication (MFA) on a smartphone?

Biometric gait analysis (B)

Which characteristic should definitely NOT be included in a secure password database?

Plaintext password (D)

Among the following, which human trait is NOT employed for biometric identification purposes?

Height measurement (D)

Which of the following attacks is not reliant on pregenerated rules for cracking passwords?

Brute force attack (D)

Which of the following statements about threat maps is accurate?

They can illustrate cyberthreats on a geographical area. (A)

Which feature distinguishes dark web search engines from regular search engines?

They require special software to access. (B)

Which of the following is not a feature of UEFI compared to BIOS?

Support for USB 3.0 peripherals. (D)

Which boot security mode does not validate the boot process?

UEFI Native Mode (C)

Which OS security configuration should not be considered essential?

Regularly reviewing system logs. (D)

Which aspect of Measured Boot enhances system security?

It logs the boot process for external evaluation. (D)

Which of the following challenges is unique to searching the dark web?

Merchants frequently change their sites without notice. (A)

What advantage does PowerShell provide to attackers in terms of executing commands?

It enables code execution without leaving evidence on the hard disk. (B)

Which statement accurately differentiates DoS and DDoS attacks?

DoS attacks involve fewer sources than DDoS attacks. (B)

Which statement about VBA is NOT true?

VBA is currently being phased out in favor of PowerShell. (D)

Which of the following is NOT a recognized defense against macros in Microsoft products?

Trusted domain (D)

Which of the following is a true statement regarding the execution of commands using PowerShell?

PowerShell can execute code injection directly into other processes. (A)

In what way do DoS attacks significantly differ from DDoS attacks?

DoS attacks are usually initiated from a single machine. (C)

What is a primary function of VBA within Microsoft applications?

To automate repetitive tasks through macros. (D)

Which of the following options describes an incorrect perception about macro security features?

Macro settings are entirely configurable without limitations. (A)

What is a key characteristic of DDoS attacks compared to DoS attacks?

They involve vastly more computing resources. (C)

Which technology should Ilya recommend for an open source federation framework that supports authorization protocols?

OAuth (A)

What is the main advantage of using key stretching in password security?

It uses highly complex algorithms that slow down processing. (D)

Which of the following statements is true regarding common reasons users create weak passwords?

Regularly changing passwords can complicate their use. (B)

Which feature differentiates key stretching from other password security methods?

Involves the application of multiple hashes to a password. (B)

What does a password cracker primarily rely on to succeed in its function?

The speed of the hashing algorithm used. (B)

How does the use of salts enhance password security?

They introduce randomness to password hashes. (B)

Why is it risky to create passwords based primarily on personal information?

They can easily be guessed by automated software. (B)

What is the main reason behind the ineffectiveness of NTLM compared to modern authentication methods?

It relies on outdated hashing algorithms. (A)

What is a misconception about the length and complexity of strong passwords?

They give complete assurance against all attacks. (C)

In password management, which element is crucial for achieving a balance between security and user convenience?

Regularly educating users about password security. (A)

What is the primary purpose of a high-interaction honeypot?

To capture detailed information from threat actors (B)

Which DDoS mitigation strategy reroutes traffic to prevent attacks?

DNS sinkhole (C)

Which monitoring approach analyzes statistical anomalies against a baseline?

Anomaly monitoring (D)

What knowledge does a high-interaction honeypot provide about threat actors?

Insight into attackers' methods and tools used (D)

What characteristic distinguishes a DNS sinkhole from other mitigation methods?

It reroutes malicious DNS queries to a specific location (A)

Why is behavioral monitoring considered an adaptive approach?

It modifies monitoring parameters based on current usage (A)

Which of these options is NOT a goal of high-interaction honeypots?

To minimize the risk of data exposure (B)

What is a drawback of solely relying on signature-based monitoring?

It only detects known threats, missing new ones (A)

Which term best describes interactions designed to draw insights from attackers?

Cyber deception (D)

In the context of DDoS mitigation, what does a sinkhole primarily enable?

Isolation of attack vectors from legitimate traffic (C)

Which statement accurately describes the function of a cybersecurity threat map?

It illustrates cyberthreats overlaid on a geographical representation. (B)

What is a notable characteristic of the dark web that differentiates it from the regular web?

Accessing the dark web requires specialized tools like Tor. (C)

Which of the following is not a recognized enhancement of UEFI compared to BIOS?

Reliance on legacy hardware. (C)

Which boot security mode is responsible for sending boot process information to a remote server?

Measured Boot (D)

Which practice is NOT considered an essential OS security configuration?

Restricting patch management (C)

In what significant way do dark web search engines differ from standard search engines?

Dark web search engines index information less frequently. (D)

Which statement regarding the limitations of USB 3.0 in relation to UEFI is correct?

USB 3.0 can function independently of UEFI. (D)

Which of the following security measures is typically ensured through Secure Boot?

Validation of the operating system's integrity. (A)

What is the process that hides the existence of information in files like images or audio?

Steganography (C)

What term describes the ability to prevent a user from fraudulently denying an action they have taken?

Nonrepudiation (D)

Which cipher rotates the entire alphabet 13 steps?

ROT13 (D)

Which statement about 'security through obscurity' is FALSE?

It can provide extensive protection against threats. (C)

What is the role of integrity in cryptography?

Ensuring the original content remains unaltered. (D)

In what way does decryption differ from encryption?

It makes data readable from an unreadable format. (B)

Which term describes making data obscure or unclear within cryptographic processes?

Obfuscation (C)

How is a cipher that employs a fixed rotation of letters categorized?

Substitution (A)

What is the primary function of a host intrusion prevention system (HIPS)?

To monitor endpoint activity and block malicious attacks (B)

Which feature does Windows 10 Tamper Protection offer concerning the registry?

It restricts access to modifying the registry by unauthorized users (C)

Which statement is incorrect regarding session cookies?

They are stored on the hard drive for a long time. (A)

What function is NOT performed by a host intrusion detection system (HIDS)?

Blocking unauthorized activities on an endpoint (A)

What does a secure cookie ensure during transmission?

It is only sent over secure HTTP connections. (B)

Which of the following describes a feature of a quarantine process?

It isolates suspicious files from the system. (B)

Which statement is NOT true regarding the characteristics of Tamper Protection?

It allows registry updates without user notification. (A)

What is a primary goal of using secure cookies?

To secure cookie transmission against interception. (A)

What is the function of Automated Indicator Sharing (AIS)?

Distribution of cyberthreat indicators through computer-to-computer communication. (D)

Which application protocol allows for the exchange of cyberthreat intelligence over HTTPS?

Trusted Automated Exchange of Intelligence Information (TAXII) (A)

What are two limitations of private information sharing centers?

Access to data and participation. (A)

Which of the following statements is NOT true regarding threat maps?

They provide identifiable information about the attackers. (C)

What is the main purpose of Structured Threat Information Expression (STIX)?

To provide a format for representing threat intelligence data. (B)

Which of the following statements accurately identifies a characteristic of TAXII?

It is an application protocol for sharing threat intelligence. (A)

Which aspect does not represent a limitation of private information sharing centers?

Widespread participation from all organizations. (D)

What type of attack forces a system to abandon a higher cryptographic security mode for a weaker one?

Downgrade attack (A)

Which option outlines a significant characteristic of threat maps?

They often misrepresent recent data as current. (D)

What is referred to as a collision in cryptography?

Two files produce the same digest (B)

Which of the following is NOT a characteristic of the Trusted Platform Module (TPM)?

Easily transported to another computer (D)

Which device provides external cryptographic services?

Hardware Security Module (HSM) (B)

Which attack method specifically intercepts communications between a web browser and the OS?

Man-in-the-browser (MITB) (B)

In the context of cryptographic hashes, what characterizes a collision attack?

Finding two input strings that produce the same output (B)

What does a Hashing Algorithm NOT account for in its process?

Encrypting data for confidentiality (B)

What is a drawback of using a TPM over other cryptographic services?

Limited to specific hardware configurations (B)

What makes cognitive biometrics easier for users to remember?

It relies on the user's life experiences. (A)

Which of the following accurately describes a function of single sign-on (SSO)?

It allows access with one credential for several accounts. (B)

What is a primary disadvantage of biometric readers?

They can be very expensive. (A)

Which method effectively reduces the time needed to crack a password?

Employing a mask format. (D)

What feature is specific to a device model during the manufacturing of a security key?

Attestation (D)

Which of the following is NOT a valid aspect of behavioral biometrics?

It can be easily memorized by users. (C)

What is a key characteristic of knowledge-based authentication?

It is based on personal experiences. (C)

Which of the following terms describes a feature that is generally absent for biometric readers?

Standardization (C)

Flashcards

What are dictionary attacks used for?

Dictionary attacks use words found in a dictionary file to guess a user's password by attempting to match the password digest.

Why is a brute force attack the last resort?

A brute force attack is a last resort in cracking a stolen password digest file because it systematically tries every possible combination of characters until it finds the correct password.

What should NOT be stored in a secure password database?

Plaintext passwords should never be stored because it makes them vulnerable to attacks like data breaches. Instead, the password should be hashed securely.

Why is SMS text message not a true MFA?

SMS text message is not a multi-factor authentication method because it relies on only a single factor - the possession of the phone. Secure MFA methods use two or more factors (something you know, something you have, something you are).

What is attestation in security keys?

Attestation is a feature where a key pair is burned into the security key during manufacturing and is specific to a device model. This allows cryptographic verification that a user has a specific device model when registering.

Which one-time password is event-driven?

HOTP is a one-time password that is event-driven, meaning it is generated based on a specific event, such as logging in. Each time a user logs in, a new code is generated.

What is a cryptographic hash function?

A cryptographic hash function is a mathematical function that takes an input and outputs a fixed-size string, known as a hash. This hash is unique for each input value, making it suitable for verifying data integrity.

What is multi-factor authentication (MFA)?

Multi-factor authentication (MFA) is made up of two or more factors that a user must provide to gain access to a system. This can include something the user knows (password), something the user has (security key), or something the user is (biometrics).

What are dictionary attacks?

Dictionary attacks aim to crack passwords by trying words from a common dictionary. They work because users often use dictionary words for their passwords.

Why is brute force the last resort?

A brute force attack tries every possible combination of characters until it finds the correct password. It is a last resort because it's extremely slow and resource-intensive.

What must not be stored in a password database?

Storing passwords in plaintext (readable form) makes them highly vulnerable to security breaches. It's essential to store password digests instead.

Why isn't SMS text message true MFA?

SMS text message is not a true MFA because it relies on only one factor - the possession of a phone. True MFA requires two or more independent factors.

Which OTP is event-driven?

HOTP (HMAC-Based One-Time Password) is an event-driven one-time password. It generates a new code for each event, like logging in.

What is an overlay attack?

Overlay attacks target the specific implementation of a password hashing algorithm, aiming to exploit weaknesses and bypass normal security measures.

What is a salt in cryptography?

Salt is a random string added to a password before hashing. It makes it harder for attackers to use pre-computed tables of hashed passwords.

What is Automated Indicator Sharing (AIS)?

Automated Indicator Sharing (AIS) is a method of exchanging cyberthreat indicators between parties through computer-to-computer communication, replacing the slower and less secure method of email alerts.

What is TAXII?

TAXII (Trusted Automated Exchange of Intelligence Information) is an application protocol used to exchange cyberthreat intelligence securely over HTTPS. It defines a standard API for communication between clients and servers.

What are private information sharing centers?

Private information sharing centers are closed groups or organizations that restrict both access to data and participation. They often focus on sharing sensitive information.

What are the limitations of threat maps?

Threat maps are visualizations of cyberthreats, showing data based on previous attacks. However, they often lack real-time information and anonymize data, making it difficult to identify attackers or victims.

What is STIX?

Structured Threat Information Expression (STIX) is a language and format used for exchanging cyberthreat intelligence. It allows all threat-related information to be represented with objects and relationships.

Why is AIS important for cyberthreat information sharing?

When sharing cyberthreat information, using methods like email alerts is too slow and inefficient. AIS (Automated Indicator Sharing) is a faster and automated method, essential for timely threat response.

RSA's Weakness

RSA's security relies on the difficulty of factoring large numbers. As computers become more powerful, factoring becomes easier, potentially compromising RSA's security.

Strongest Symmetric Algorithm

The Advanced Encryption Standard (AES) is currently considered the most secure symmetric cryptographic algorithm, as no successful attacks have been reported against it.

Encryption with Asymmetric Key

To send a secure message using an asymmetric encryption algorithm, the sender uses the recipient's public key for encryption. The recipient then uses their private key to decrypt the message.

Digital Signature Limitations

A digital signature verifies the sender's identity and ensures the message's integrity. It cannot, however, verify the recipient's identity.

ECC: RSA's Solution

ECC (Elliptic Curve Cryptography) is a solution proposed to address the potential weaknesses of RSA. It offers similar functionality but with potentially better security and efficiency.

Ciphertext

The scrambled and unreadable output of encryption.

Integrity

Ensures that the information is correct and has not been tampered with.

Authentication

Verifies the sender's identity, proving that they are who they claim to be.

Hash Algorithm

A cryptographic algorithm that produces a fixed-size output, or digest, for any given input.

Symmetric Cryptographic Algorithm

A cryptographic algorithm that uses the same key for both encryption and decryption.

Digest

The output of a hash function, which is a unique and fixed-length representation of the input data.

Asymmetric Cryptographic Algorithm

A cryptographic algorithm that uses separate keys for encryption and decryption.

Confidentiality

A process that ensures the confidentiality of information by restricting access to authorized parties.

Overlay Attack

A malicious attack that attempts to exploit weaknesses in the implementation of a password hashing algorithm.

Salt

A random string of characters that is added to a password before it is hashed, making it harder to crack.

Quarantine

A process that delays the delivery of a suspicious attachment until the user gives permission to release it.

Steganography

The practice of hiding information within seemingly harmless data, like images or audio files.

Nonrepudiation

The process of proving that a user performed an action, preventing them from denying their involvement.

ROT13

A substitution cipher where each letter is shifted 13 positions in the alphabet.

Security Through Obscurity

A security approach that relies on keeping the details of a system or algorithm secret.

Encryption

The process of transforming plain text into an unreadable form using an algorithm and a key.

Decryption

The reverse process of encryption, transforming an unreadable ciphertext back into its original plaintext.

Data Hiding

A method of hiding data by embedding it within harmless files, typically images, audio or video files.

Ciphering

The act of altering the original text into a scrambled message.

Obfuscation

Making something difficult to understand or unclear, often used as a security measure.

What is a cyberthreat map?

A cyberthreat map is a visual representation of cyberthreats overlaid on a geographical area. It helps visualize potential threats and their locations.

What makes the dark web different?

The dark web is a hidden part of the internet that requires specific software to access and is often used for illicit activities. It is different from the regular web because it uses a different network structure, search engines, and naming conventions.

What is UEFI?

UEFI (Unified Extensible Firmware Interface) is a modern replacement for BIOS (Basic Input/Output System) that offers enhanced security features and better compatibility with newer hardware.

What is Secure Boot?

Secure Boot ensures that only trusted software, including the operating system, boot loaders, and drivers, can be loaded during startup, preventing malicious software from executing.

What is Measured Boot?

Measured Boot is a security feature that records the entire boot process, sending this measurement data to a remote trusted server for analysis and verification. This helps detect and prevent attacks during the boot sequence.

What is Trusted Boot?

Trusted Boot ensures that the operating system and other components are trustworthy before they load, similar to Secure Boot. The difference is that the Trusted Boot process also validates the integrity of each component before loading.

What are important OS security configurations?

Disabling unnecessary services and default accounts, implementing the principle of least functionality, and restricting patch management are all crucial elements of a secure operating system configuration.

What is 'least functionality'?

Employing the principle of least functionality means allowing only necessary software and services to run on a system, preventing potential vulnerabilities.

Why should you disable unnecessary services?

Disabling unnecessary services on your operating system reduces the potential attack surface and improves security by removing potential entry points for malicious software.

What are cybersecurity threat maps?

Cybersecurity threat maps are visual representations that show cyber threats overlaid on a map. They help visualize potential threats and their locations.

What makes the dark web unique?

The dark web is a hidden part of the internet accessible with specific software and often used for illicit activities. It differs from the regular web due to its network structure, search engines, and naming conventions.

DoS Attack

A type of cyberattack that attempts to overwhelm a target with a flood of traffic, making it unavailable to legitimate users.

DDoS Attack

A DDoS attack uses multiple compromised computers (bots) to launch a coordinated attack, amplifying the impact of the attack.

VBA Macro

A macro is a series of instructions that automate a complex or repetitive task within Microsoft Office applications.

Protected View

A security feature in Microsoft Office applications that helps prevent malicious macros from running by opening files in a restricted, read-only mode.

Trusted Documents

A feature in Microsoft Office that allows users to designate specific files or folders as trustworthy, allowing them to open without a warning and run macros.

PowerShell Injection

PowerShell is a powerful scripting language used for system administration tasks, but it can also be exploited by attackers to execute malicious code.

PowerShell Code Execution

PowerShell allows attackers to execute malicious commands in the memory without first storing any code on the hard drive, making it very difficult to detect.

Memory-Based Attacks

The ability to execute commands in the memory without writing any code to disk can make it difficult to detect and prevent attacks.

Trusted Domain

This is a fictional concept and does not exist in Microsoft Office Security.

What is OAuth?

OAuth is an open-source federation framework that allows the development of authorization protocols, enabling secure and controlled resource access.

How does key stretching resist password attacks?

Key stretching intentionally slows down password hashing to make brute-force attacks less effective.

How does a password cracker work?

A password cracker analyzes stolen password digests to guess the original passwords using different techniques.

What is OpenID?

OpenID is an authentication protocol used to verify users' identities, often in conjunction with OAuth for authorization.

Why do users create weak passwords?

Users sometimes choose weak passwords because remembering complex passwords can be difficult, especially for multiple accounts.

What is Shibboleth?

Shibboleth is an open-source software package used to implement single sign-on (SSO) across different applications, simplifying user login.

What is a brute force attack?

A brute force attack tries every possible password combination until it finds the correct one, making it extremely time-consuming.

What is a password digest?

A password digest is a one-way hashed representation of a password, preventing the original password from being stored in plain text.

What is salt in password hashing?

Salt is a random string added to a password before hashing, making it harder to crack using pre-computed password lists.

What capabilities do NGFWs offer beyond basic firewalling?

NGFWs use deep packet inspection to analyze application traffic, examining payloads to detect malware. Beyond basic firewall functions, they also provide application filtering, URL blocking, and intrusion prevention.

What is a high-interaction honeypot?

A high-interaction honeypot mimics a real system, including fake files (honeyfiles) and telemetry, to attract attackers and gather detailed intelligence.

How do DNS sinkholes mitigate DDoS attacks?

A DNS sinkhole redirects malicious traffic to a firewall that blocks all incoming requests, preventing DDoS attacks from reaching the intended target.

What approach to security monitoring focuses on detecting anomalies?

Anomaly monitoring identifies security threats by detecting unusual patterns in network traffic or system behavior that deviate from established baselines.

How does behavioral monitoring differ from anomaly monitoring?

Behavioral monitoring combines the best of anomaly and signature-based monitoring. It's proactive and adaptive, tracking 'normal' activity to identify deviations.

What is the basis for signature-based monitoring?

Signature-based monitoring relies on predefined patterns (signatures) of known attacks or threats to detect malicious activity.

What is heuristic monitoring?

Heuristic monitoring uses rules and algorithms to assess the likelihood of an attack, analyzing suspicious activity and evaluating its potential risk.

What is a honeypot?

A honeypot is a system designed to attract attackers, offering them fake data or access to gather information about their methods.

What is a DDoS prevention system?

A DDoS prevention system is a group of distributed systems that help protect against these types of attacks by monitoring traffic for malicious patterns and redirecting it to sinkholes.

What are DDoS mitigations?

DDoS mitigations are methods and tools employed to prevent or minimize the effects of Distributed Denial of Service attacks.

Why should passwords never be stored in plaintext?

Storing passwords in their original, readable format (plaintext) makes them extremely vulnerable to security breaches. Instead, passwords should be stored as a hash (a one-way function) which is computationally difficult to reverse.

What is a 'salt' in password security?

A salt is a random string of characters added to a password before hashing. It makes it harder for attackers to use pre-computed tables of hashed passwords, increasing password security.

Why is biometric gait analysis not commonly used with smartphones?

Gait analysis measures a person's walking pattern for biometric identification but is not a common practice with smartphones, as it requires more advanced technology than a simple phone sensor.

What is the dark web?

The dark web is a hidden part of the internet accessed with specialized software, often used for illicit activities, having a different network structure, search engines, and naming conventions.

What is a DoS attack?

A DoS (Denial of Service) attack aims to overwhelm a target server with a flood of traffic, making it unavailable to legitimate users.

What is a DDoS attack?

A DDoS (Distributed Denial of Service) attack uses multiple compromised computers (bots) to launch a coordinated attack, amplifying the impact and difficulty of mitigation.

What makes searching the dark web different from regular web searches?

Dark web search engines are very different from regular search engines.

Which feature is NOT an improvement of UEFI over BIOS?

USB 3.0 is not dependent on UEFI, it can be supported by both BIOS and UEFI.

What are some important OS security configurations?

Disabling unnecessary services and default accounts, implementing the principle of least functionality, and restricting patch management are all crucial elements of a secure operating system configuration.

What does 'least functionality' mean?

Employing the principle of least functionality means allowing only necessary software and services to run on a system, preventing potential vulnerabilities.

What is a Session Cookie?

Session cookies exist only in the browser's RAM and are deleted when the browser closes. They are temporary and don't persist on the user's hard drive.

What does a HIPS do?

A Host Intrusion Prevention System (HIPS) is software that monitors actions on a computer to immediately stop attacks by following specific rules. It alerts the user when an attack is blocked.

What does Windows 10 Tamper Protection do?

Windows 10 Tamper Protection restricts changes to Windows security settings by preventing modifications to the registry. This helps prevent malware from disabling security features.

What is the purpose of Quarantine?

Quarantine is a process that delays potentially harmful files (e.g., attachments) until the user grants permission to release them.

What does a HIDS do?

A Host Intrusion Detection System (HIDS) is a software program that runs on a computer to detect intrusion attempts. It analyzes events and logs to identify potential attacks.

Why are password digests important for security?

A strong password hashing algorithm makes it very difficult to reverse the hash to recover the original password, even with a stolen password digest.

Can a strong password hash be cracked?

An attacker can use brute-force techniques to try a vast number of passwords against a password hash until they find the correct match, even if the hash is strong.

What is a potential weakness of RSA encryption?

RSA encryption relies on the difficulty of factoring large numbers. As computers become more powerful, factoring becomes easier, potentially weakening RSA's security in the future.

Downgrade Attack

A type of attack that forces a system to abandon a more secure mode of operation and use an older, less secure mode.

Collision (Cryptographic)

A situation where two different inputs to a hash function generate the same output, making it impossible to differentiate between them.

Trusted Platform Module (TPM)

A dedicated chip on the motherboard that provides hardware-based cryptographic functions for enhanced security.

Hardware Security Module (HSM)

A specialized device that provides cryptographic services externally to computers or networks, often used for high-security applications.

Man-in-the-Browser (MITB) Attack

A type of attack that targets a web browser to intercept user interactions and steal their login credentials or other sensitive data.

Denial of Service (DoS) Attack

A type of cyberattack that aims to overwhelm a target server with a flood of traffic, making it unavailable to legitimate users.

Distributed Denial of Service (DDoS) Attack

A type of attack that uses multiple compromised computers (bots) to launch a coordinated attack.

Biometric Authentication

A type of authentication that uses unique characteristics of a person, like fingerprints or facial features, to verify their identity.

Secure Boot

A security feature that ensures only trusted software can run during system startup, preventing malicious software from loading.

Honeypot

A system designed to attract attackers by offering fake data or access. They help gather information about attack methods without compromising real systems.

High-Interaction Honeypot

A special type of honeypot specifically crafted to attract attackers, mirroring a real system with fake files and data. They provide detailed insights into the attackers' tactics.

Anomaly Monitoring

A security strategy that relies on detecting patterns in network traffic or system behavior that deviate from normal activity, potentially indicating malicious intent.

Behavioral Monitoring

A security technique that combines the best of anomaly and signature-based monitoring. It's proactive and flexible, adapting to normal activity to identify any deviations.

Symmetric Cryptography

A type of cryptography where the same key is used for both encryption and decryption.

Study Notes

Dictionary Attacks

• Dictionary attacks use common passwords, often from dictionaries, to crack passwords.
• This method exploits users' tendency to choose weak passwords from easily guessed words, making them successful.
• Dictionary attacks pre-generate lists of common words from dictionaries, making them faster to process.
• These attacks can be successful because users often choose weak or easily guessed passwords.

Password Cracking Attacks

• Brute-force attack: A last-resort, exhaustive attempt to crack a password digest file that tries every possible combination.
• Hybrid, Mask, Rule list attacks: These are not last-resort methods for password cracking.
• Password Spraying attack: Uses one or a few common passwords to try log-ins to various accounts.

Secure Password Databases

• Do not store plaintext passwords: Store passwords as securely hashed digests (e.g., using bcrypt or Argon2).
• Store iterations, salt: These are crucial components of a secure password hashing scheme, increasing the security and time needed for cracking.
• Store the password digest, iterations, and salt in the database.
• Do not expose sensitive data elements: Instead of storing a clear-text representation of user data (e.g., name or Social Security number), use obfuscation or masking methods to protect sensitive information.
• Use tokenization to store sensitive data elements, like account numbers, as randomized strings. Store these tokens in a secure, centralized repository called a token vault.
• Store salt values within the database for password storage.

Multi-Factor Authentication (MFA)

• MFA on smartphones: Authentication apps, SMS, or automated calls are different MFA methods, using a smartphone.
• Biometric gait analysis: A method of biometrics used for MFA, relying on unique walking patterns.
• Cognitive biometrics: Biometrics that considers the user's perception, thought processes, and understanding for authentication
• Biometric gait analysis & Cognitive biometrics are forms of MFA.

Security Keys

• Attestation: A security key feature providing cryptographic proof of device authenticity; a "burned-in" key pair specific to the device model demonstrating authenticity.

One-Time Passwords (OTPs)

• HOTP (HMAC-based OTP): An event-driven OTP that generates a unique code when an event occurs (like PIN entry).
• TOTP (Time-based OTP): A time-based OTP that changes after a pre-set time interval.
• BPDU Guard: A feature that detects when a BPDU (Bridge Protocol Data Unit) is received from an endpoint and protects the network from various attacks.

Firewall Rules

• Firewall rule parameter: "Visibility" is not a firewall rule parameter.

• Firewall rule action: "Force Allow" implicitly denies all other traffic unless explicitly allowed.

• Generic firewall rules: A policy-based firewall allows more generic rules instead of creating individually specific rules.

Virtual Firewalls

• A virtual firewall runs in the cloud.

Network Hardware Security Module (HSM)

• A Hardware Security Module (HSM) is external to the device and provides broad security by combining functions.

Load Balancers

• Load balancers use various features, including: IP address of destination packet, information within a packet, and round-robin distribution

Intrusion Detection/Prevention Systems (IDS/IPS)

• An Intrusion Prevention System (IPS) monitors device activity for malicious activity.

• IDS/IPS functionality: An IPS immediately reacts to block malicious attacks, such as attempts to control other programs, terminate programs, or install devices/drivers.

Distributed Denial-of-Service (DDOS)

• A DNS Sinkhole detects and redirects DDoS traffic to a designated server, protecting other servers.

Security Assertion Markup Language (SAML)

• SAML allows secure web domains to exchange user authentication and authorization information, eliminating the need for separate login credentials on each system.

Operational Technology (OT)

• OT attacks target endpoints that can be programmed and have IP addresses.

Authentication Protocols

• Multiple authentication methods: Systems such as Somewhere you are, Something you exhibit and Something you can do can provide authentication, while Something you can find is not.

Description

This quiz explores various password security techniques, including dictionary attacks, brute-force methods, and multi-factor authentication. Learn the importance of secure password storage and the role of security keys in enhancing security. Test your knowledge on current best practices for protecting passwords.