Cyber security exam 2

What are two main types of intrusion detection systems

Network based and host based

Which of the following is not a capability of network based IDS

It cannot decrypt or read encrypted traffic

What are honeypots

A system simulating traffic to attract attackers

Connecting to a server and sending a request to identify a version is what?

Banner grabbing

What is IPS

Intrusion Prevention system

NIDS

Network intrusion Detection System, this collects traffic

System used to consolidate security analytics from several sources and identity pattterns

SIEM - Security and Information Event Systems

What is wireshark?

A protcol analyzer

Software that merely listens to traffic and does not create traffic is what

Passive

Anomalies in privilaged user account activity are

Indicators of compromise

Small software update to address an urgent or specific problem is called

Hotfix

In a UNIX OS, which runlevel describes single user mode?

1E

File permissions under UNIX consists of what three types?

Read, write, executeE

What is the mechanism that allows for centrailized mamagnment and configuration of computers and remote users in AD evniorment called?

Group policies

Updating software loaded on a nonvolatile RAM is called

Firmware update

Shadow file on a UNIX system contains what

Password associated with user account

Firmware implementation on modern PC hardware is

UEFI - Unified extensible firmware Interface

Software designed to prevent damage from malicous software or files

Antivirus software

SYN Flood is example of what attack

Denial of service attack

An attack which attaker listens to traffic across a network, wants to view passwords or user id’s

Sniffing attack

Which attack takes advantage of trusted relationship between two systems

Spoofing

What type of attack does an attacker re-send series of commands and codes used in a finacial transaction to cause transaction to be conducted multiple times

Replay

An attack which attacker attemps to lie and misrepresent themselves in order to gain access to info that can be useful in an attack

Social engineering

Attack that is designed to deny system access to its files and spread across a network causing destruction

Ransomware

Example of attack that can compromise confidentiality of communications following exchange of public keys over an untrusted network

Man in the middle attack

Best way to minimize possible avenues of attack for your system

ensure all patches have been downloaded that system offers

War driving attack is a attempt to exploit what

Wireless networks

Malicious code that is set to execute its payload on specific date or time is known as

A time bomb

To secure communications during remote access use..

SSH

Which of the following is not a packet capture tool

dd

If performing tests of system with no knowledge of internal workings of system

Black box testing

Tool not used for ip investigations

Chmod, linux permissions

to search system to find files containing a phrase, what tool what be best to use?

Grep

routine audits do not typically audit

Virus code

Used to anazlyze previosly collected packets data on a network, editing some data as well

tcpreplay

Not used in penetration testing

Cuckoo

Kind of vulnerability is never mitigated by patching software

Zero Day

Biggest reasons why spam is prevalent today

The use of zombie botnets

What does keyword secure in a cookie do

Prevents the cookie from passing over HTTP connections

Why is an open email relay bad

It will allow anyone to send spam through the server

Code signing

Provides method to demonstrate code integrity

Why is HTML e-mail dangerous

Allows the launching of malicous code from preview pane

What kind of attack might a client use agianst other clients of a bulltin board web aplication that does not validate input

Cross-site Scripting attack

A protocol encrypted by default

SFTP (Secure Shell File Transfer Protocol)

Used to determine type of contents of an email message

MIME

Email someone a URL of a website you are using, what might you become vulnerable to?

Session hijacking

CPU security Vulnerability that can be a bigger problem for which type of cloud enviroment

Public

IoT devices that process data from their own sensors before reporting results is an example of

Edge computing

Popular HTTP/HTTPS method of developing a microservice API

REST

Most critical element in understanding current cloud security posture?

Cloud service agreement

One of primary resources to use at organization that many applications tie into. What cloud deployment is this

PaaS - Platform as a Service

What is primary downside of a private cloud model

Cost

A microservice API( using rest)

HTTP/HTTPS

Tech that allow applications and dependencies to be packaged together, version-controller, deployed, as a single unit

Containers

VirtualBox, application running within an OS, qualifies as what hypervisor

Type 2

What cloud development model has fewest security controls

public

Input validation important to prevent what

Buffer overflow

Important to define security requirements during

Requirements phase of the project

When is testing best accomplished

As early as possible in the process

Code review by second party is help to do what

Catch errors early in the programming process

When incorporating encryption in software, best practice is to

use well known encryption libaries

Preventing use of deprecated functions such as strepy() can be handled through

Code reviews

An attacker can hijack the session of another user of web applications using

Cross-site scripting attack

All exploits from software stem from

Buffer overflow

Prevent attacks on web applications, user inputs should be

validated on server side

Largest class of errors in software enginerring

Improper input validations

Which correctly defines annulized rate of occurance

Annualized basis, freqeuncy with which event is expected to occur

residual risk

Risk still remaining after an iteration of risk management

Which of following statements about risk if true

Actions can be taken to reduce impact of the riskW

What type of security controls would policy or procedure use to limit risk fall under

Operational

Single loss expectancy SLE equation

SLE = asset value * exposure factor

Type of control used after an event to minimize the damage

correctiveC

What category of control would an encryption algortihm fall under

Technical

Organization that publishes risk management framework in USA

NIST - National insitute of standards and technology

Holding customer PII opens up risk from

Data exfiltration

Important way to mitigate third party threats

Vender management

Purpose of establishing software change management procedures

Add structure and control to development of software s

Configuration auditing

Process of verifying that the configuration items are built and maintained properly

What backup strategy are only those portions of files and software that changed since last backup backed up

Delta

What is configuration control

The process of controlling changes to items that have been baselines

What is congfiguration identification

Process of identifying which assets need to be managed and controlled

Partially configured enviroment that has peripherals and software that normal processing facility contains and that can be operational within a few days

Warm site

Purpose of change control board (CCB)

Facilitate management oversight and better project coordination

Striping in RAID array is an example

Single point of failure

Striping in a RAID array decreases

MTTF( Mean Time Before Failure)

An offsite backup can help prevent data loss in case of…..

Enviormental disaster

Not in indicator of compromise (IOC)

Increase in traffic over port 80

Tool used to manage logs across multiple systems

Security information event management

Occurs immeditately after installation in cyber kill chain attack framework

command and control

Responsible for all phases of incident response process

CIRT (Computer Incident Reponse Team)

Which of the following should be avoided during investigation of an incident involving APT

Using corporate email system

Most useful tool to determine next steps when investigating a common incident

Playbook

Usefool tool to determine technical acpects of computer systems or network when investing a incident

Runbook

Determining level of risk of exposure of data look for

Time, quantity, accessed

Goals of an incident response process include all

protect privacy rights, minimize system disruption, confirm or dispel of an incident occurance

Last step of the incident response process

Lessons learned

During intial response to an incident, which is most impornat

accurate info

Chain of custody for evidence

Accounts for all persona who handled or has access to specific item of evidence

Which defines the exlusionary rule

Any evidence collected in violation of fourth amendment is not admissible as evidence

Correctly defines slack space

Unused space on disk drive when a file is smaller than allocated unit of storage