WGU D430 Fundamentals of Information Security Exam - 2024/2025 Past Paper PDF
Document Details
Uploaded by BlissfulLandArt
Western Governors University
2024
WGU
Tags
Summary
This WGU D430 Fundamentals of Information Security exam paper from 2024 covers 325 questions and answers. The document includes information on various security topics and concepts. It is targeted at an undergraduate level.
Full Transcript
lOMoARcPSD|44400207 WGU D430 fundamentals of information security Exam Latest Update 2024 2025 325 Questions and Verifie Fundamentals of Information Security (Western Governors University) Scan to o...
lOMoARcPSD|44400207 WGU D430 fundamentals of information security Exam Latest Update 2024 2025 325 Questions and Verifie Fundamentals of Information Security (Western Governors University) Scan to open on Studocu Studocu is not sponsored or endorsed by any college or university Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 WGU D430 fundamentals of information security Exam Latest Update 2024-2025 325 Questions and Verified Correct Answers Guaranteed A+ 3DES - CORRECT ANSWER: DES used to encrypt each block three times , each with a different key Access Control List - CORRECT ANSWER: info about what kind of access certain parties are allowed to have to a given system Read , write , execute Access Control Models - CORRECT ANSWER: Discretionary ( DAC ) Mandatory ( MAC ) Rule - based Role - based ( RBAC ) Attribute - based ( ABAC ) Accountability - CORRECT ANSWER: Refers to making sure that a person is responsible for their actions. -It provides us with the means to trace activities in our environment back to their source. -Depends on identification , authentication , and access control being present so that we can know who a given transaction is associated with , and what permissions were used to allow them to carry it out. Acess Control - CORRECT ANSWER: Allowing - lets us give a particular party access to a given source Denying - opposite of gaining access Limiting - allowing some access to our resource , only up to a certain point Revoking - takes access away from former user AES - CORRECT ANSWER: uses three different ciphers : one with a 128 - bit key , one with a 192 - bit key , and one with a 256 - bit key , all having a block length of 128 bits Asymmetric cryptography - CORRECT ANSWER: a public key and a private key. The public key is used to encrypt data sent from the sender to the receiver and is shared with everyone. Private keys are used to decrypt data that arrives at the receiving end and are very carefully guarded by the receive ( aka the public key cryptography ) Asymmetric Key Algorithms - CORRECT ANSWER: Secure Sockets Layer ( RSA ) Elliptic Curve Cryptography ( ECC ) Pretty Good Privacy ( PGP ) Transport Layer Security ( TLS ) Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Attack Types - CORRECT ANSWER: Interception Interruption Modification Fabrication Attack types and their effect - CORRECT ANSWER: Interception is the ONLY attack that affects on confidentiality. Interruption, modification, and fabrication affects integrity and availability because most of the time they're impacting data. Attribute - based ( ABAC ) - CORRECT ANSWER: based on attributes , such as of a person , resource , or an environment Auditing - CORRECT ANSWER: the examination and review of an organization's records to ensure accountability through technical means. Authentication - CORRECT ANSWER: verifying that a person is who they claim to be Authorization - CORRECT ANSWER: what the user can access , modify , and delete Availability - CORRECT ANSWER: For one's AUTHORIZED to ACCESS data when needed BinScope Binary Analyzer - CORRECT ANSWER: a tool developed by Microsoft to examine source code for general good practices Block Cipher - CORRECT ANSWER: takes a predetermined number of bits , known as a block , in the plaintext message and encrypts that block Brute Force - CORRECT ANSWER: an attack by submitting password attempts until eventually guessed correctly Buffer overflows - CORRECT ANSWER: a vulnerability that occurs when we do not properly store the size of the data input into our applications , causing the program to crash and an attacker to take advantage Certificates - CORRECT ANSWER: link a public key to a particular individual and are often used as a form of electronic identification for that particular person Childrens ' Online Privacy Protection Act (COPPA) - CORRECT ANSWER: sets rules on data collection for children under 13 to protect their online privacy CIA Triad - CORRECT ANSWER: Confidential - allowing only those authorized to access the data requested Integrity - keeping data unaltered in an unauthorized manner and reliable Availability - the ability for those authorized to access data when needed Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Compliance - CORRECT ANSWER: conforming to a rule , such as specification , policy , standard or law Confidentiality - CORRECT ANSWER: WHO can access the data Containment - CORRECT ANSWER: involves taking steps to ensure that the situation does not cause any more damage than it already has , or to at least lessen any ongoing harm Cross - Site Scripting ( XSS ) - CORRECT ANSWER: an attack carried out by placing code in the form of a scripting language into a Web page , or other media , that is interpreted by a client browser , including Adobe Flash animation and some types of video files Cryptography - CORRECT ANSWER: the practice of keeping information secure through the use of codes and ciphers DDOS - CORRECT ANSWER: a type of cyber attack where an attacker floods a website or network with so much traffic that it becomes unavailable to legitimate users. Deep packet inspection - CORRECT ANSWER: analyzing the actual content of the traffic that is flowing through them Defense in-Depth - CORRECT ANSWER: using a variety of security measures that will still achieve a successful defense should one or more of the defensive measures fail DES - CORRECT ANSWER: a block cipher based on symmetric key cryptography and uses a 56 - bit key. Not that secured any more. Detection and Analysis (Identification) - CORRECT ANSWER: detect the occurrence of an issue and decide whether or not it is actually an incident so that we can respond appropriately to it. Digital Signatures - CORRECT ANSWER: ensure that the message was legitimately sent by the expected party , and to prevent the sender from denying that he or she sent the message , known as nonrepudiation Discretionary ( DAC ) - CORRECT ANSWER: owner of resources determines who gets access and what level DMZ - CORRECT ANSWER: a layer of protection that separates a device from the rest of a network and used to host public facing services such as websites. Elliptic Curve Cryptography ( ECC ) - CORRECT ANSWER: can secure all browser connections to the Web servers Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Eradication - CORRECT ANSWER: attempt to remove the effects of the issue from our environment Fabrication - CORRECT ANSWER: attacks that create false information Federal Information Security Modernization Act ( FISMA ) - CORRECT ANSWER: protects the information , operations , and assets in the federal government Firewalls - CORRECT ANSWER: controls access to a network and the traffic that flows into and out of our networks , naturally creating network segmentation when installed Fuzzers - CORRECT ANSWER: a tool that can be used to test the security of a system by sending it unexpected input. The goal of using a fuzzer is to find vulnerabilities or weaknesses in a system by causing it to crash or behave in unexpected ways. Gramm-Leach-Biley Act (GLBA) - CORRECT ANSWER: protects the privacy of their customers ' non - public personal information Hash Functions - CORRECT ANSWER: Create a largely unique and fixed-length hash value based on the original message ( input / output ) -Hashes provide integrity , but not confidentiality. It can't un-hash a message -Hashes are very useful when distributing files or sending communications, as the hash can be sent with the message so that the receiver can verify its integrity HITECH (Health Information Technology for Economic and Clinical Health) - CORRECT ANSWER: to promote and expand the adoption of health information technology , especially the ues of electronic health records by healthcare providers Honeypots - CORRECT ANSWER: detects , monitor , amd sometimes tamper with the activities and vulnerabilities of an attacker Host Intrusion detection system ( HIDS ) - CORRECT ANSWER: A software - based application that runs on a local host computer that can detect an attack as it occurs -Anti-threat applications such as firewalls, antivirus software and spyware-detection programs are installed on every network computer that has two-way access to the outside environment such as the Internet Incident response process - CORRECT ANSWER: Preparation Detection and Analysis Identification Containment Eradication Recovery Post - incident activity Industry compliance - CORRECT ANSWER: regulations or standards usually not mandated by law , it is designed for specific industries ( e.g. PCI DSS ) Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Integrity - CORRECT ANSWER: Keeping the data UNALTERED Interception - CORRECT ANSWER: an attacker has access to data , applications or environment Interruption - CORRECT ANSWER: attacks cause our assets to become unusable or unavailable Intrusion detection ( IDSes ) - CORRECT ANSWER: monitors and reports malicious events Intrusion prevention ( IPSes ) - CORRECT ANSWER: takes actions when malicious events occur Intrusive detection system ( IDS ) - CORRECT ANSWER: monitor the networks , hosts , or applications to which they are connected for unauthorized activity IPsec (Internet Protocol Security) and SSL VPN (Secure Sockets Layer Virtual Private Network) - CORRECT ANSWER: technologies that can be used to secure the connection between two devices. They can be used to establish a secure, encrypted tunnel between devices, which can be used to protect data in motion. Keyless cryptography - CORRECT ANSWER: a method of encrypting data that does not use a key. Instead , it uses mathematical algorithms to secure the information ( hash functions ) laws and regulations - CORRECT ANSWER: FISMA - the FI stands for " federal information " FERPA - the E stands for " educational " HIPPA - the HI stands for " health insurance " HITECH - TECH means " technology " PCI DSS the C stands for " credit card " COPPA - the CO stands for " children online SOX - rhymes with " stocks " , so think of finance GLBA - this is the only one you would have to memorize Least Privilege - CORRECT ANSWER: giving the bare minimum level of access it needs to perform its job / functionality Man - in - the - middle attacks - CORRECT ANSWER: a type of cyber attack where an attacker intercepts a communication between two parties and can read , alter , or inject new information into the communication Mandatory ( MAC ) - CORRECT ANSWER: separate group or individual ( from owner ) has the authority to set access to resources Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Modification - CORRECT ANSWER: attacks involve tampering with our asset Mutual authentication - CORRECT ANSWER: Both parties in a transaction to authenticate each other - Has digital certificates - Prevents man in the middle attacks - The man in the middle is where the attacker inserts themselves into the traffic flow - Ex. Both the PC and server authenticate each other before data is sent in either direction Nessus - CORRECT ANSWER: Vulnerability Assessment Tools , a tool that can be used for port scanning , which is a way to check for open ports on a system. It helps identify any potential vulnerabilities that could be exploited by an attacker. Network ACL - CORRECT ANSWER: filter access rules for incoming and outgoing network transactions , such as Internet Protocol ( IP ) addresses , Media Access Control ( MAC ) addresses , and ports Network intrusion detection system ( NIDS ) - CORRECT ANSWER: A type of IDS that attempts to detect malicious network activities - for example , port scans and DoS attacks - by constantly monitoring network traffic. -Anti - threat software is installed only at specific points such as servers that interface between the outside environment and the network segment to be protected. Network segmentation - CORRECT ANSWER: dividing a network into multiple smaller networks ( subnet ) Nikto / Wikto - CORRECT ANSWER: checks for many common server - side vulnerabilities , and creates an index of all the files and directories it can see on the target Web server Nmap - CORRECT ANSWER: network mapper , used to scan ports , search for hosts on the network , and other operations Nonrepudiation - CORRECT ANSWER: a situation in which sufficient evidence exists as to prevent an individual from successfully denying that he or she has made a statement , or taken an action OS Hardening - CORRECT ANSWER: 1. Remove unnecessary software 2. Removing or turning off unessential services 3. Making alternations to common accounts 4. Applying the principle of least privilege 5. Applying software updates in a timely manner 6. Making use of logging and auditing functions Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Packet filtering - CORRECT ANSWER: a technique by firewall to allow / block certain types of network traffic based on the IP , port , and protocol being used. Packet Sniffers - CORRECT ANSWER: Packet Sniffers a technique used by attackers to intercept and read network traffic. Essentially , it allows an attacker to see the data that is being sent over a network. Parkerian Hexad - CORRECT ANSWER: Confidentiality Integrity Availability Possession - physical deposition of the media on which the data is stored Authenticity - allows us to talk about the proper attribution as to the owner or creator of the data in question Utility - how useful the data is to us Payment Card Industry Data Security Standard (PCI DSS) - CORRECT ANSWER: companies that process credit card payments must protect its information Payment Card Industry Data Security Standard (PCI DSS) - CORRECT ANSWER: companies that process credit card payments must protect its information Penetration testing - CORRECT ANSWER: mimicking , as closely as possible , the techniques an actual attack would use Phishing - CORRECT ANSWER: an attack by convincing the potential victim to click on a link in an e - mail , which steals the victim's personal information and installs viruses Physical Threats - CORRECT ANSWER: Extreme temperature, Gases Liquids, Living organism, Projectiles, Movement Energy anomalies, People, Toxins, Smoke, and fire Port Scanners - CORRECT ANSWER: a software - based utility. They are a security tool designed to search a network host for open ports on a TCP / IP - based network Post - incident activity - CORRECT ANSWER: determine specifically what happened , why it happened , and what we can do to keep it from happening again. ( postmortem ). Preparation - CORRECT ANSWER: the activities that we can perform , in advance of the incident itself in order to better enable us to handle it. Pretexting - CORRECT ANSWER: when we assume the guise of a manager , customer reporter , or even a co - worker's family member Pretty Good Privacy ( PGP ) - CORRECT ANSWER: securing messages and files Protecting data at rest - CORRECT ANSWER: data is at rest when it is on a storage device -Data protection is done by encryption Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Protecting data in motion - CORRECT ANSWER: data is in motion when it is on a actively transporting over a network -SSL VPN and TLS are often used to protect information sent over networks and over the Internet Protecting data in use - CORRECT ANSWER: data is in use when a user is accessing the data -Hardest to protect , encryption is limited Proxy servers - CORRECT ANSWER: provides a layer of security serving as a choke point , allowing us to filter and inspect traffic for attacks or undesirable content Race conditions - CORRECT ANSWER: A vulnerability that occurs when multiple processes or multiple threads are accessing and modifying shared resources -Can be very difficult to detect in existing software , as they are hard to reproduce RAID - CORRECT ANSWER: data storage virtualization technology that combines multiple physical disk drive components into a single logical unit for the purposes of data redundancy , performance improvement , or both Recovery - CORRECT ANSWER: restoring devices or data to pre - incident state ( rebuilding systems , reloading applications , backup media , etc. ) Regulatory compliance - CORRECT ANSWER: organizational goal to comply with relevant laws and regulations Risk management process - CORRECT ANSWER: 1. Identify Asset - identifying and categorizing assets that we're protecting 2. Identify Threats - identify threats 3. Assess Vulnerabilities - look for impacts 4. Assess Risk - asses the risk overall 5. Mitigate Risk - ensure that a given type of threat is accounted for Role - based ( RBAC ) - CORRECT ANSWER: functions access controls set by an authority responsible for doing so , rather than by the owner of the resource Rule - based - CORRECT ANSWER: allows access according to a set of rules defined by the system administrator Sarbanes-Oxley Act ( SOX ) - CORRECT ANSWER: for trade companies to maintain accurate financial records and disclose financial information in a timely manner Secure Sockets Layer ( RSA ) - CORRECT ANSWER: SSL , to secure transactions like web and e - mail traffic Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Something you are - CORRECT ANSWER: fingerprint, Iris Retina scan Something you do - CORRECT ANSWER: handwriting , typing , walking Something you have - CORRECT ANSWER: ID badge , swipe card , OTP Something you know - CORRECT ANSWER: username , password , PIN Somewhere you are - CORRECT ANSWER: geolocation SQL injections - CORRECT ANSWER: a type of cyber attack where an attacker injects malicious code into a website's database through a web form SSL ( Secure Socket Layer ) and TLS ( Transport Layer Security ) - CORRECT ANSWER: encryption protocols that are used to secure the transmission of data over a network. They provide secure communications by allowing two applications to authenticate each other and by negotiating a secure , encrypted connection. Stateful firewall - CORRECT ANSWER: Keeps track of the connection state and will only allow traffic that is part of a new or already established connection - A firewall that can watch packets and monitor the traffic from a given connection Stream Cipher - CORRECT ANSWER: encrypts each bit in the plaintext message , 1 bit at a time Symmetric cryptography - CORRECT ANSWER: encryption that uses a single key to encrypt and decrypt a message ( aka the private key cryptography ) Symmetric Key Algorithms - CORRECT ANSWER: DES 3DES AES Tailgating - CORRECT ANSWER: an unauthorized person attempts to enter a secure area by following someone who is authorized Tcpdump - CORRECT ANSWER: this command - line packet sniffing tool runs on Linux and UNIX operating systems Threat - CORRECT ANSWER: something that has potential to cause harm Virtual Private Network ( VPN ) - CORRECT ANSWER: the use of private networks to provide a solution for sending sensitive traffic over unsecure networks Vulnerability - CORRECT ANSWER: weaknesses that can be used to harm us Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Web Application Analysis Tools - CORRECT ANSWER: perform the same general set of tasks and will search for common flaws such as XSS or SQL injection flaws , as well as improperly set permissions , extraneous files , outdated software versions , and many more such items -Ex : Nikto and Wikto and Burp Suite Wireshark - CORRECT ANSWER: graphical interface tool for packet analyzer capable of capturing and analyzing network traffic 3DES - CORRECT ANSWER: Triple Digital Encryption Standard. A symmetric algorithm used to encrypt data and provide confidentiality. It was originally designed as a replacement for DES. It uses multiple keys and multiple passes and is not as efficient as AES, but is still used in some applications, such as when hardware doesn't support AES. Acceptability - CORRECT ANSWER: A measure of how acceptable the particular characteristic is to the users of the system Accountability - CORRECT ANSWER: Provides us with the means to trace activists in our environment back to their source. Depends on identification, authentication, and access control being present so that we know who a given transaction is associated with, and what permissions were used to allow them to carry it out ACLs (access control lists) - CORRECT ANSWER: The means by which we implement authorization and deny or allow access to parties based on what resources we have determined they should be allowed access to. Administrative controls - CORRECT ANSWER: Controls are the policies that organizations create for governance. Ex: email policies Admissibility of records - CORRECT ANSWER: When we seek to introduce records in legal settings, it is often much easier to do so and have them accepted when they are produced from a regulated and consistent tracking system. AES - CORRECT ANSWER: A set of symmetrical block ciphers endorsed by the us government through NIST. Is used by a variety of organizations. It is the replacement for DES as the standard encryption for us government. Uses 3 different ciphers one a 128 bit key one 192-bit key and one 256- bit key Allowing access - CORRECT ANSWER: Let's us give a particular party or parties access to a given resource analysis of vulnerabilities - CORRECT ANSWER: 3rd step in the OPSEC process: to look at the weaknesses that can be used to harm us Anomaly-based detection - CORRECT ANSWER: Analyzes the current traffic against an established baseline and triggers an alert if outside the statistical average Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Anti-malware tools - CORRECT ANSWER: applications detect threats in the same way as an IDS either by matching against a signature or by detecting anomalous activities taking place. Application of countermeasures - CORRECT ANSWER: Once we have discovered what risks to our critical information might be present, we would then put measures in place to mitigate them. Such measures are referred to in operations security as countermeasures. arbitrary code execution - CORRECT ANSWER: Occurs when an attacker is able to execute or run commands on a victim computer Assess risks - CORRECT ANSWER: Once we have identified the threats and vulnerabilities for a given asset we can access the overall risk Assess Vulnerabilities - CORRECT ANSWER: Look at potential threats. any given asset may have thousand or millions of threats that could impact it, but only a small fraction of the threats will be relevant Assessments - CORRECT ANSWER: Vulnerability and penetration testing Asymmetrical Cryptography - CORRECT ANSWER: Public key utilizes 2 keys. A public key and a private key. The public key is used to encrypt data sent from sender to receiver and is shared with everyone Attribute-based access control (ABAC) - CORRECT ANSWER: Controls access based on attributes of the user, the resource to be accessed, and current environmental conditions Auditing - CORRECT ANSWER: Ensuring that we have accurate records of who did what and when. Primarily focused on compliance with relevant laws and policies, and access to and from systems and sometimes physical security Authentication - CORRECT ANSWER: The act of proving who or what we claim to be (password) Authentication attacks - CORRECT ANSWER: Targets and attempts to exploit the authentication process a web site uses to verify the identity of a user, service, or application. authenticity - CORRECT ANSWER: Allows us to talk about the proper attribution as to the owner or creator of the data in question Authorization - CORRECT ANSWER: What the user can access, modify, and delete Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Authorization attack - CORRECT ANSWER: A type of attack that can occur when we fail to use authorization best practices for our applications Availability - CORRECT ANSWER: The ability to access data when needed Bell-LaPadula Model - CORRECT ANSWER: implements a combination of DAC and MAC and is primarily concerned with the confidentiality of the resource in question. Generally, in cases where we see DAC and MAC implemented together, MAC takes precedence over DAC, and DAC works within the accesses allowed by the MAC permissions. Biometrics - CORRECT ANSWER: Authentication factors that use physical features ( something that you are ) Block Cipher - CORRECT ANSWER: An encryption method that encrypts data in fixed- side blocks. Block size is 64 bits. Brewer and Nash model - CORRECT ANSWER: aka Chinese Wall; Access control model designed to prevent conflicts of interest. Commonly used in industries such as financial brute force attack - CORRECT ANSWER: the password cracker tries every possible combination of characters to guess the password Buffer overflow - CORRECT ANSWER: Occur when we do not properly account for the size of the data input into our applications Caesar cipher - CORRECT ANSWER: A substitution cipher that shifts characters a certain number of positions in the alphabet usually 3. CAN-SPAM Act - CORRECT ANSWER: Controlling the Assault of Non-Solicited Pornography and Marketing Act; protects consumers against unwanted email solicitations capability-based security - CORRECT ANSWER: The use of a token that controls our access Certificates - CORRECT ANSWER: Digitally signed electronic documents that bind a public key with a user identity. CFFA - CORRECT ANSWER: Computer fraud and abuse act of 1986. A law to reduce the hacking and cracking of government or other sensitive institutions computer systems CIA - CORRECT ANSWER: The core model of all information security. Confidential, integrity and availability Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 circumvention - CORRECT ANSWER: Describes the ease with which a system can be tricked by a falsified biometric identifier Clean desk - CORRECT ANSWER: A policy designed to ensure that all confidential or sensitive materials are removed from a user's workspace and secured when the items are not in use or an employee leaves her workspace. Clickjacking - CORRECT ANSWER: An attack that tricks users into clicking something other than what they think they're clicking. Clickjacking Attack - CORRECT ANSWER: also calles UI redress attack; typically uses an inline frame, or iframe. In a clickjacking attack, an attacker wraps a trusted page in an iframe that places transparent image over legitimate links, graphics or form fields. Causes client to execute a command differing from what they think they are performing Client side attacks - CORRECT ANSWER: Take advantage of weaknesses in the software loaded on our clients , or those attacks that use social engineering to trick us into going along with the attack Collectibility - CORRECT ANSWER: Measures how easy it is to acquire a characteristic with which we can use later to authenticate a user compliance - CORRECT ANSWER: Conforming to a rule, policy or law Compliance - CORRECT ANSWER: The requirements that are set forth by laws and industry regulations. Example : HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal government agencies Confidential - CORRECT ANSWER: Allowing only those authorized to access the data requested confused deputy problem - CORRECT ANSWER: A type of attack that is more common in systems that use ACLs rather than capabilities; - when software has greater permissions than user, the user can trick the software into misusing authority Containment phase - CORRECT ANSWER: Taking steps to ensure that the situation does not cause any more damage than it already has, or to at least lessen any ongoing harm. Controls - CORRECT ANSWER: The ways we protect assets. Physical, technical/ logical, and administrative Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 COPPA - CORRECT ANSWER: Children's Online Privacy Protection Act: a law that intends to keep children under the age of 13 protected from the collection of private information and safety risks online. cross-site request forgery (XSRF) - CORRECT ANSWER: An attack that uses the user's Web browser settings to impersonate the user. Cross-Site Scripting (XSS) - CORRECT ANSWER: Attack by placing code in the form of scripting language into a webpage, other media that is interpreted by a client browser including adobe flash and types of video files. When another person views the webpage or media they execute the code automatically and the attack is carried out Cryptanalysis - CORRECT ANSWER: The breaking and finding a weakness in the algorithm Cryptographic - CORRECT ANSWER: Existed before the modern computer. Used to simplify the use of encryption and made more computer encryption possible. Cryptographic attacks - CORRECT ANSWER: a method for circumventing the security of a cryptographic system by finding a weakness in a code, cipher, cryptographic protocol or key management scheme Cryptology - CORRECT ANSWER: The study of deciphering secret messages. Cryptographic algorithms CSRF - CORRECT ANSWER: Cross-Site Request Forgery is an attack that causes an end user to execute unwanted actions on a web application in which he or she is currently authenticated. Unlike with XSS, in CSRF, the attacker exploits the website's trust of the browser rather than the other way around. The website thinks that the request came from the user's browser and was actually made by the user. However, the request was planted in the user's browser Data security - CORRECT ANSWER: The process of keeping data, both in transit and at rest, safe from unauthorized access, alteration, or destruction Deep Packet Inspection Firewall - CORRECT ANSWER: Are capable of analyzing the actual content of the traffic that is flowing through them. Can resemble the contents of the traffic to look at what will be delivered to the application that it is destined for. Defense in depth - CORRECT ANSWER: Layering of security controls is more effective and secure than relying on a single control Denying access - CORRECT ANSWER: Simply the opposite of granting access DES - CORRECT ANSWER: A block cipher based on symmetric key cryptography and uses a 56- but key. Was once considered very secure but that is no longer the case Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Detection and analysis phase - CORRECT ANSWER: Where the action begins to happen. We will detect the occurrence of an issue and decide whether or not it is actually an incident so that we can respond Detective - CORRECT ANSWER: Controls serve to detect and report undesirable events that are taking place (ex. Bulgar alarms) Deterrence - CORRECT ANSWER: discouraging criminal acts by threatening punishment Digital signature - CORRECT ANSWER: an encrypted code that a person, website, or organization attaches to an electronic message to verify the identity of the message sender Discretionary Access Control (DAC) - CORRECT ANSWER: an access control model in which the subject has total control over any object that the subject owns along with the programs that are associated with those objects DM2 - CORRECT ANSWER: Demilitarized zone. Combo of network design feature and a protective device such as a firewall Dual-factor authentication - CORRECT ANSWER: An authentication method that includes multiple methods for a single authentication transaction. Often referred to as "something you have and something you know," when the factors include a device such as a smart card and a secret such as a password or PIN. E-FOIA - CORRECT ANSWER: Electronic Freedom of Information Act. Requires agencies to provide the public with electronic access to any of their reading room records that have been created by them since November 1996 Elliptic Curve Cryptography (ECC) - CORRECT ANSWER: A type of public key cryptosystem that requires a shorter key length than many other cryptography systems (including the de facto industry standard, RSA). Eradication phase - CORRECT ANSWER: We will attempt to remove the effects of the issue from our environment executable space protection - CORRECT ANSWER: A hardware and software-based technology that prevents certain portions of the memory used by the operating system and applications from being used to execute code. Execute - CORRECT ANSWER: Execute the contents of the file exploit framework - CORRECT ANSWER: A group of tools that can include network mapping tools, sniffers, and exploits Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Extraneous files - CORRECT ANSWER: unnecessary files that aren't cleaned up when the application moves from development to production. Leaving extraneous files may be handing attackers materials they need to compromise the system. Fabrication - CORRECT ANSWER: Attacks involve generating data, processes, communications, or other similar activities with a system. Attacks primarily affect integrity but can be considered an availability attack. FERPA - CORRECT ANSWER: Family Educational Rights and Privacy Act. Protects the privacy of students and parents Firewalls - CORRECT ANSWER: A system that acts as a control for network traffic, blocking unauthorized traffic while permitting acceptable use.naturally creates network segmentation when installed FISMA - CORRECT ANSWER: Federal Information Security Management Act provides a framework for ensuring the effectiveness of information security controls in government Gamification - CORRECT ANSWER: Selective use of game design and game mechanics to drive employee engagement in non-gaming business scenarios. GLBA - CORRECT ANSWER: Gramm-Leach-Bliley Act. Protects the customers of financial institutions, any company offering financial products or services Hardware tokens - CORRECT ANSWER: Physical devices that generate a one time password ( something you have ) hash function - CORRECT ANSWER: Keyless cryptography. Do not use a key but instead create a unique and fixed length hash value based on the original message. (Like a fingerprint) a slight change to the message will change the hash HIPAA - CORRECT ANSWER: Health Insurance Portability and Accountability Act. Purpose is to improve the efficiency and effectiveness of the health care system. Requires privacy protections for individuals health information HITECH - CORRECT ANSWER: Health Information Technology for Economic and Clinical Health Act. Created to promote and expand the adoption of health information technology specifically the use of electronic health records. Honeypots - CORRECT ANSWER: can detect, monitor, and sometimes tamper with the activities of an attacker. are configured to deliberately display vulnerabilities or materials that would make the system attractive to an attacker. Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Host Intrusion Detection System (HIDS) - CORRECT ANSWER: A system used to analyze the activities on or directed at the network interface of a particular host hping3 - CORRECT ANSWER: A tool used to test the security of firewalls and map network topology. - constructs specially crafted ICMP packets to evade measures to hide devices behind firewall - scripting functionality to test firewall/IDS Identification of critical information - CORRECT ANSWER: 1st step in the OPSEC process, arguably the most important: to identify the assets that most need protection and will cause us the most harm if exposed Identify assets - CORRECT ANSWER: First and most important part or risk management. Identifying and categorizing the assets we are protecting Identify threats - CORRECT ANSWER: Once we have our critical assets we can identify the threats that might effect them Identity - CORRECT ANSWER: Who or what we claim to be ( username) Identity verification - CORRECT ANSWER: The half step between identity and authentication (showing two forms of Id) Impact - CORRECT ANSWER: taking into account the assets cost Improper or Inadequate Permissions - CORRECT ANSWER: Particularly with Web applications and pages, there are often sensitive files and directories that will cause security issues if they are exposed to general users. One area that might cause us trouble is the exposure of configuration files due to improper or inadequate permissions. Incident response - CORRECT ANSWER: Response to when risk management practices have failed and have cause an inconvenience to a disastrous event Incident response cycle - CORRECT ANSWER: 1 preparation 2- detection and analysis 3- containment 4- eradication 5- recovery 6- post incident activity Industry Compliance - CORRECT ANSWER: Regulations or standards usually not mandated by law, it is designed for specific industries (e.g. PCI DSS) Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Information security - CORRECT ANSWER: Keeping data, software, and hardware secure against unauthorized access, use, disclosure, disruption, modification, or destruction. Input validation attacks - CORRECT ANSWER: If we are not careful to validate the input to our applications, we may find ourselves on the bad side of a number of issues, depending on the particular environment and language being used. A good example of an input validation problem is the format string attack. Could be used to crash an application or cause the operating system to run a command and potentially compromise the system. integrity - CORRECT ANSWER: Keeping data unaltered by accidental or malicious intent Interception - CORRECT ANSWER: Attacks allows unauthorized users to access our data, applications, or environments. Are primarily an attack against confidentiality Internet Protocol security (IPSEC) - CORRECT ANSWER: A set of protocols developed to support the secure exchange of packets between hosts or networks. Interruption - CORRECT ANSWER: Attacks cause our assets to become unstable or unavailable for our use, on a temporary or permanent basis. This attack affects availability but can also attack integrity Intrusion Detection System (IDS) - CORRECT ANSWER: Performs strictly as a monitoring and alert tool, only notifying us that an attack or undesirable activity is taking place Intrusion Detection System (IDS) - CORRECT ANSWER: Preforms strictly as a monitoring and alert toll. Only notifying us that an attack or undesirable activity is taking place Intrusion Prevention System (IPS) - CORRECT ANSWER: Can take action based on what is happening in the environment. In response to an attack over the network an ips might refuse traffic from the source of the attack kismet - CORRECT ANSWER: Commonly used to detect wireless access points and can find them even when attempts have been made to make doing so difficult Lack of input validation - CORRECT ANSWER: Structured Query Language (SQL) injection gives us a strong example of what might happen if we do not properly validate the input of our Web applications. SQL is the language we use to communicate with many of the common databases on the market today. Limiting access - CORRECT ANSWER: Refers to allowing some access to out resource, but only up to a certain point Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Malware - CORRECT ANSWER: software that is intended to damage or disable computers and computer systems. man-in-the-middle attack - CORRECT ANSWER: a hacker placing himself between a client and a host to intercept communications between them Mandatory Access Control (MAC) - CORRECT ANSWER: The most restrictive access control model, typically found in military settings in which security is of supreme importance. Manual Password Synchronization - CORRECT ANSWER: When a user synced passwords from different systems without a software application Mitigating risks - CORRECT ANSWER: Putting measures in place to help ensure that a given type of threat is accounted for Mobile devices - CORRECT ANSWER: Any device that communicate via a wireless network Modification - CORRECT ANSWER: Attacks involve tampering with our asset. Such attacks might primarily be considered an integrity attack, but could also be an availability attack. Multi-factor authentication - CORRECT ANSWER: Use of several authentication techniques together, such as passwords and security tokens. Multilevel Access Control - CORRECT ANSWER: are used where the simpler access control models that we just discussed are considered to not be robust enough to protect the information to which we are controlling access. Such access controls are used extensively by military and government organizations, or those that often handle data of a very sensitive nature. We might see multilevel security models used to protect a variety of data, from nuclear secrets to protected health information (PHI). mutual authentication - CORRECT ANSWER: The process where the session is authenticated on both ends and just one end. Prevents man in the middle attacks Netstumbler - CORRECT ANSWER: A Windows tool used to detect wireless access points. Does not have as full feature set as kismet Network ACLs - CORRECT ANSWER: Access controlled by the identifiers we use for network transactions such as ip address, MAC address and ports Network Segmentation - CORRECT ANSWER: Breaking a network into pieces and putting various levels of security between those pieces. We can control the flow of traffic allowing or disallowing traffic Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Nmap - CORRECT ANSWER: A network utility designed to scan a network and create a map. Frequently used as a vulnerability scanner. (Network mapper) Nonrepudiation - CORRECT ANSWER: Refers to a situation in which sufficient evidence exists to prevent an individual from denying that he or she has made a statement or taken action one time password - CORRECT ANSWER: OTP passwords that expire after a time frame of after one time usage Operations Security - CORRECT ANSWER: A process that we use to protect our information ( encryption). OPSEC packet filtering - CORRECT ANSWER: a process in which firewalls are configured so that they filter out packets sent to specific logical ports Packet sniffers - CORRECT ANSWER: A network or protocol analyzer, is a tool that can intercept traffic on a network, commonly referred to as sniffing. Sniffing basically amounts to listening for any traffic that the network interface of our computer or device can see, whether it was intended to be received by us or not. Some examples might be Wireshark (GUI) or Tcpdump (command-line tool) Parkerian hexad model - CORRECT ANSWER: Confidentiality , integrity, availability, possession/control, authenticity, utility Password manager - CORRECT ANSWER: Programs that store all of the users passwords with a master password PCI DSS - CORRECT ANSWER: Payment Card Industry Data Security Standard. Security standards designed to ensure all companies that accept , process, or transmit credit card information maintains a secure environment(not a law) Penetration Testing - CORRECT ANSWER: We conduct a test where we mimic as closely as possible the techniques an actual attacker would us Performance - CORRECT ANSWER: A set of metrics that judge how well a given system functions Permanence - CORRECT ANSWER: Tests show how well a particular characteristic resists change over time and with advancing age personal equipment - CORRECT ANSWER: Use of personal equipment brings cost savings to a corporation but can open up certain risks like data leakage, malware, intellectual property viruses Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Personally Identifiable Information (PII) - CORRECT ANSWER: information about an individual that identifies, links, relates, or describes them. Phishing - CORRECT ANSWER: An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information Physical concerns for data - CORRECT ANSWER: Depending on the type of physical media on which our data is stored, any number of adverse physical conditions may be problematic or harmful to their integrity. Such media are often sensitive to temperature, humidity, magnetic fields, electricity, impact, and more, with each type of media having its particular strong and weak points. Physical controls - CORRECT ANSWER: Controls are physical items that protect assets. Think of locks, doors, guards and fences Portscanners - CORRECT ANSWER: check to see what ports are open Possession/ control - CORRECT ANSWER: Refers to the physical disposition of the media on which the data is stored Post incident activity phase - CORRECT ANSWER: We attempt to determine specifically what happened, why it happened, and what we can do to keep it from happening again. Preparation phase - CORRECT ANSWER: The preparation phase consists of all of the activities that we can preform in advance of the incident itself in order to better enable us to handle it Pretexting - CORRECT ANSWER: a form of social engineering in which one individual lies to obtain confidential data about another individual preventitive - CORRECT ANSWER: Controls used to physically prevent unauthorized entities from breaching our physical security Principle of Least Privilege - CORRECT ANSWER: The lowest level of authorization allowed to a user to preform duties privacy - CORRECT ANSWER: the state or condition of being free from being observed or disturbed by other people. privacy rights - CORRECT ANSWER: The legal and ethical sources of protection for privacy in personal data. Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Privilege Escalation - CORRECT ANSWER: An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. Protecting data at rest - CORRECT ANSWER: Data is at ready when it is on a storage device of some kind and is not moving over a network, or a protocol Protecting Data in Motion - CORRECT ANSWER: The primary method of securing data from exposure on network media is encryption, and we may choose to apply it in one of two main ways: by encrypting the data itself to protect it or by protecting the entire connection. Protecting data in use - CORRECT ANSWER: Hardest to protect. Data is in use when a user is accessing the data. Protecting data itself - CORRECT ANSWER: SLL&TLS are used to protect info sent over the network and over internet. The operate in conjunction with other protocols like internet message access protocol (IMAP) , post office protocol (POP) for email Protocol issues - CORRECT ANSWER: Vulnerability often involve common software development issues such as buffer overflows Proxy servers - CORRECT ANSWER: Can serve as a choke point in order to allow us to filter traffic for attacks or undesirable content such as malware or traffic to Web sites hosting adult content. Race conditions - CORRECT ANSWER: A type of software development vulnerability that occurs when multiple processes or multiple threads within a process control or share access to a particular resource, and the correct handling of that resource depends on the proper ordering or timing of transactions Raid - CORRECT ANSWER: Array of Inexpensive Disks in a variety of configurations to ensure that we don't lose data from hardware failures in individual disks. We can replicate data from one machine to another over a network or make complies onto backup media dvd or magnetic tapes Read - CORRECT ANSWER: Allowing us to access the contents of a file or directory Recovery phase - CORRECT ANSWER: Recover to a better state that we were prior to the incident or perhaps prior to when the issue started if we did not detect it immediately Regulatory Compliance - CORRECT ANSWER: Regulations mandated by law usually requiring regular audits and assessments Residual Data - CORRECT ANSWER: Rendering the data as inaccessible when it's no longer required Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Revoking access - CORRECT ANSWER: Takes access that was once allowed away from the user. Risk - CORRECT ANSWER: The likelihood that a threat will occur. There must be a threat and vulnerability risk mamagement - CORRECT ANSWER: A constant process as assets are purchased, used and retired. The general steps are 1- identify assets 2- identify threats 3- assess vulnerabilities 4- assess risk 5- mitigating risks Role-Based Access Control (RBAC) - CORRECT ANSWER: An access control model that bases the access control authorizations on the roles (or functions) that the user is assigned within an organization ROT13 - CORRECT ANSWER: A substitution cipher that uses a key of 13. To encrypt a message, you would rotate each letter 13 spaces. To decrypt a message, you would rotate each letter 13 spaces. Rule-Based Access Control - CORRECT ANSWER: A model that is based off of allowing or denying access based on a set of predetermined rules safety - CORRECT ANSWER: Safety of people is our first concern when we plan physical security sandbox - CORRECT ANSWER: A set of resources devoted to a program, process, or similar entity, outside of which the entity cannot operate Scanners - CORRECT ANSWER: We can look for ports and versions of service that are running, examine banners displayed by services for information. Examine the info our systems display over the network and similar tasks Secure Protocols - CORRECT ANSWER: Easiest way we can protect our data Security awareness - CORRECT ANSWER: the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially informational, assets of that organization. Server-side attacks - CORRECT ANSWER: attacks that exploit vulnerabilities on the server. Signature-based detection - CORRECT ANSWER: Works in a similar way to host antivirus systems Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Simple integrity axiom - CORRECT ANSWER: The level of access granted to an individual must be no lower than the classification of the resource. Simple Security Property - CORRECT ANSWER: The level of access granted to an individual must be at least as high as the classification of the resource in order for the individual to be able to access it single-factor authentication - CORRECT ANSWER: Involves the use of simply one of the three available factors solely in order to carry out the authentication process being requested Social Engineering - CORRECT ANSWER: techniques that trick a person into disclosing confidential information software development vulnerabilities - CORRECT ANSWER: Buffer overflows Race conditions Input validation attacks Authentication attacks Authorization attacks Cryptographic attacks Software firewall - CORRECT ANSWER: This type of firewall generally contains a subset of the features on a large firewall appliance but is often capable of similar packet filtering and stateful packet inspection activities Software tokens - CORRECT ANSWER: Applications that generate OTP SOX - CORRECT ANSWER: Sarbanes-Oxley Act. Regulates financial practices and governance corporations. Designed to protect investors and the general public by establishing requirements reporting and disclosure practices stateful firewall - CORRECT ANSWER: Uses a state table to keep track of the connection state and will only allow traffic through that is part of a new or already established connection Stream Cipher - CORRECT ANSWER: An encryption method that encrypts data as a stream of bits or bytes. One bit at a time. Stream cipher programs - CORRECT ANSWER: RC4, ORXY, and SEAL Substitution - CORRECT ANSWER: The substitution of one letter for another in a consistent fashion Symmetric block cipher programs - CORRECT ANSWER: Two fish, serpent, blowfish , cat5, IDEA Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 Symmetric Cryptography - CORRECT ANSWER: Also known as private key. Utilizes a single key for both encryption of plain text and decryption of the cipher text TCP Dump - CORRECT ANSWER: Command line packet sniffing tool. Runs on Linux and unx operating systems Technical/ logical controls - CORRECT ANSWER: Controls are devices and software that protect assets. Think of firewalls, av, ids, and ips The * property - CORRECT ANSWER: Anyone accessing a resource can only write its contents to one classified at the same level or higher The Biba model of access control - CORRECT ANSWER: Primarily concerned with protecting the integrity of the data, even at the expense of confidentiality Threat - CORRECT ANSWER: Any event being man-made, natural or environmental that could damage the assets Tools we need to defend our network - CORRECT ANSWER: Network segmentation, firewalls, IDS/IPS , wireless secure protocols, VPNs, secure protocols, MDM, port scanners , packet sniffers, honeypots Types of attacks - CORRECT ANSWER: 1- interception 2- interruption 3- modification 4- fabrication Unauthenticated access - CORRECT ANSWER: When we give a user or process the opportunity to interact with our database without supplying a set of credentials. uniqueness - CORRECT ANSWER: A measure of how unique a particular characteristic is among individuals Universality - CORRECT ANSWER: Stipulates that we should be able to find our chosen biometric characteristics in the majority of people we expect to enroll in the system US Patriot Act - CORRECT ANSWER: Purpose is to deter and punish terroists acts in the United States and around the world Utility - CORRECT ANSWER: How useful the data is to us VPN - CORRECT ANSWER: Virtual Private Network. Can provide us with a solution for sending sensitive traffic over unsecured networks. VPN connection is often referred to as a tunnel. Is encrypted connection between two points Downloaded by Mohammed M ([email protected]) lOMoARcPSD|44400207 VPN (Virtual Private Network) - CORRECT ANSWER: A private network that is configured within a public network such as the Internet. A secure connection between two systems Vulnerabilities - CORRECT ANSWER: Weakness that a threat event or the threat can take advantage of Vulnerability Assessment - CORRECT ANSWER: Tools such as Nessus. They work by scanning the target systems to discover which ports are open on them and then interrogating each open port to find out exactly which service is listening on the port in question Vulnerability assessment tools - CORRECT ANSWER: Often include some portion of the feature set we might find in a tool such as Nmap, are aimed specifically at the task of finding and reporting network services on hosts that have known vulnerabilities. Wireless network security - CORRECT ANSWER: Chief method of protecting traffic is encryption. The encryption is used by 802.11 wireless devices. The most common wireless families are - wired equivalent privacy (wep) - Wi-Fi protected access ( wpa) - Wi-Fi protected access v2 (wpa2) Wireshark - CORRECT ANSWER: A widely used packet analyzer. WPA2 - CORRECT ANSWER: Wireless Protected Access 2. Wireless network encryption system. Offers the strongest security Write - CORRECT ANSWER: Write to a file or directory Downloaded by Mohammed M ([email protected])