Security+ - Section 1

Front 1

Identify examples of items that implement the three principles of the CIA triad.

A. Backups that enable recovery of information after an incident.

B. Management controls to protect information so that it remains accurate.

C. Users recording passwords on notepads

D. Business recovery plans to prevent downtime.

E. Unscheduled downtime to preserve the integrity of information.

Back 1

A.

B.

D.

Front 2

Techical Controls (4)

Back 2

Access control

Audit and Accountability

Identification and Authentication

System and Communications Protection

Front 3

Operational Controls (9)

Back 3

Awareness and Training

Configuration Management

Contingency Management

Contingency Planning

Incident Response

Maintenance

Media Protection

Physical and Environmental Protection

Personnel Security

System and Information Integrity

Front 4

Access control encludes:

Back 4

Identification, Authentication, and Authorization

Front 5

Management Controls (5)

Back 5

Certification and Accreditation

Planning

Risk Assessment

System and Services Acquisition

Program Management

Front 6

Identification can include the following:

Back 6

Biometrics, Personal ID verification card, and Username

Front 7

Authentication can include the following:

Back 7

Passwords, Token (RSA secure ID), Common access Card, Smart card (must be accompanied by a PIN to complete auth)

Front 8

HMAC

Back 8

Keyed Hash Method Authentication Code

Uses cryptographic hashed functions

Front 9

TOTP

Back 9

time based one time password. Based on HOTP but offers a time factor. A new password is generated each time.

Front 10

HTOP

Back 10

Came before TOTP but is not as secure

Front 11

CHAP

Back 11

Challenge handshake authentication protocol

Front 12

PAP

Back 12

Password authentication protocol - vary basic and not secure because it sends the password in plaintext.

Front 13

Single Sign-on

Back 13

Used so that the end users can login once and get access to all systems. They only have to enter a complex password once.

Front 14

Access control

Back 14

Can be look at a system to controls who has access and at what level they have access to information.

Front 15

Implicit Deny

Back 15

Anything not in a specific ACL are not permitted. This can be firewalls, routers, and file permissions

Front 16

Trusted OS

Back 16

Something created by the federal government

Front 17

Authentication Factors

Back 17

Something you are, something you have (token or card), something you know (password or PIN), Somewhere you are, or something you do.

Multifactor and two factor

Front 18

Authorization

Back 18

Once a user has been Identified and authenticated they will become authorized.

This could be in the form of: Permissions, Access control lists, or Physical-access barriers

Front 19

Factors of Authorizations

Back 19

*Least Privilege -

*Separation of Duties - mission critical tasks, not falling back to one person with all access.

*Time-of-day Restrictions - cutting back on when a users can access a system or information after hours.

Front 20

Rule-Based Access Controls (RBAC)

Back 20

Defined by a set of rules that allow users to access systems, resources, or data.

Front 21

Role-based access control

Back 21

Based upon the users role and based on the role the user will be added to a specific group.

Front 22

Mandatory Access Control

Back 22

Based upon specific individual and the information that that individual comes in contact with. access to it. Data clearance levels. Restricted, Secret, or Top Secret.

Data classification: Public, restricted, secret, top secret, etc.

Front 23

Discretionary Access Control

Back 23

Model based approach. Can come from administrators, director, etc. Commonly seen in the Windows OS through file permissions.

Front 24

AD Federation

Back 24

Active directory federation services with Windows OS. Located across organizational boundaries. Provide users with SSO capabilities.

Front 25

Transitive Trust

Back 25

Multiple domains can trust each other.

Front 26

Which examples implement the principles of the CIA triad?

A. An active malicious code system that protects organizations from DoS attacks.

B. Data that is transferred by word of mouth to ensure integrity.

C. Data classification to ensure information is available on a need-to-know basis.

D. Unencrypted data that can be accessed by the general public.

E. Secure update programs that limit access of information to specific authorized users.

Back 26

A.

C.

E.

Front 27

Which actions are parts of the authentication process?

A. An employee removes his sunglasses so a guard can see his face clearly

B. A client is issued a one time password determined by algorithms to verify their identity

C. An employee undergoes iris scanning and enters a password to access information.

D. A user uses a bank card containing digital certifications and an associated personal ID number to withdraw money.

Back 27

C.

D.

Front 28

Which actions are being used to confirm a user's authorization to access information.

A. A user can access the network only at certain times of the day.

B. The system administrator inserts a unique card into a machine and the enclosed digital certificate is read.

C. Only uses from the HR department may access information in a certain folder.

D. A visitor enters a personal ID number into the system.

Back 28

A.

C.

Front 29

Which actions could potentially be examples of remote social engineering.

A. A user visits a web site and can't browse further because various pop-up windows disrupt the session.

B. A user receives a notification from their virus scanner, informing them that a virus is detected on their computer.

C. A user receives an email message that claims to be from a banking web page, asking users to log on via a URL in the email.

D. A representative at a mobile service provider phones a user, asking them to verify their account details.

Back 29

C.

D.

Front 30

Malware types

Back 30

Adware, Spyware, Randsomeware, Virus (Must be executed, boot sector, polymorphic, worms, macro)

Front 31

Armored Viruses

Back 31

These types of viruses make it difficult for anyone to analyze the malware fully.

Front 32

Trojan Virus

Back 32

Most commonly opens a backdoor on the compromised system. Backoraphus is a well known virus. Usually well hidden under name that is easily overlooked or hidden. Does not take up very much system resources.

Front 33

Rootkit Virus

Back 33

Tries to be undetectable. The best ones run at the administrator level. (application, library, kernel, virtualized, and firmware)

Front 34

Polymorphic Virus

Back 34

It can change its go each time that it runs, which makes signatures ineffective, but the functionality remains the same.

Front 35

Backdoor

Back 35

Get around the security measures and created a connection to the remote server. Many backdoors are shared among hackers.

Front 36

AV Providers

Back 36

Symantec, McAfee, Kaspersky, Sophos, Bitdefender, Trend Micro, Panda

Anti-spyware is often included in these solutions.

Front 37

Social Engineering come:

Back 37

In person, over the phone, email, instant message, sms, etc ...

Front 38

In personal social engineering principles

Back 38

Authority, Intimidation, Trust, Consensus or social proof, Scarcity, Urgency, Familiarity or liking.

The more traditional approach. (dumpster diving,

Front 39

Insider attack mitigation

Back 39

- Developing insider incident response plan

- Documenting and enforcing control and policies

- Managing negative workspace issues

- Providing security-awareness training.

Front 40

Confidentiality of data

Back 40

Unwanted access by a person or system. How sensitive is the information. What levels of access should be created.

Encryption - clear text converted into ciphertext then decrypted back into cleartext.

Access controls

Seganography

Front 41

Integrity of data

Back 41

Used to verify that the data has not been altered when in movement and at rest.

Example - implementation of a data base, revision of a data base, and backups of data.

Goals: We can use Hashing, Digital signature, certificates, and Nonrepudiation (more on the legal side) for data integrity.

Front 42

Availability of data

Back 42

Making sure that the resources are available for the users to do their jobs safely and on time.

Front 43

Email Hoax

Back 43

Something revolving around a world issue, usually involving the attacks friends, family, or loved ones.

Front 44

Spam

Back 44

Just unsolicited commercial bulk email. The use Spambots to look for active emails.

SPIM - spam through instant messaging

SPIT - Spam over VoIP

Front 45

Phishing and Spear Phishing

Back 45

Emails sent by attacks that are trying to get access into your accounts and personal information. Links will usually look legitimate but have been crafted by the attacker to redirect the users to a site that appears familiar to them.

SP - targeted at a specific industry or users that is not an upper level manager or VIP

Front 46

Pharming

Back 46

Attack against a DNS server or changing the host file of a victim's systems.

Front 47

Vishing

Back 47

Uses phones instead of emails

Front 48

Whaling

Back 48

Directed at an organization or person higher up in the organization.

Front 49

Application Awareness

Back 49

Some apps will have built in attack defense mechanisms.

Chrome, Firefox, Email, etc.

Front 50

Anti Spam Solutions

Back 50

Barracuda

Norton Anti spam

Spam Assassin

Spam Eater

SPAMfighter Pro

Front 51

As the network security specialist for my organization, I have been tasked with creating a document to present to my board of directors that will explain how the CIA triad can increase our network security and how control types are used.

Back 51

Questions to follow:

Front 52

You want to include some examples in your presentation to show how CIA principles will increase security in your organization. (Which should be included)

A. Checking logs to ensure that information is not unduly altered.

B. Implementing full and incremental Backups of customer information

C. Encrypting all senior management emails and attachments

D. Asking users to keep password lists on their desks for easy access to resources.

E. Creating unscheduled downtime tests to guarantee integrity of information.

Back 52

A.

B.

C.

Front 53

Match the NIST security control classes to the corresponding examples of controls.

1. A receptionist who monitors the people that enter and exit company premises.

2. A framework for the management of information system security.

3. Spam-filtering software that checks for potentially harmful mail on host.

Back 53

1. B

2. A

3. C

Front 54

Phishing is a social engineering attack that functions on the basis of misrepresentation. The purpose of this attack is to obtain sensitive or confidential information. (Which are examples of phishing)

A. Your phone rings and when you pick up, it's an unknown caller trying to sell you life insurance.

B. You receive a text message requesting that you verify our account details at a social networking site.

C. You receive an IM from someone not on your buddy list, offering you a free music download.

D. You receive a call from someone looking for your password. The caller claims to be a helpdesk representative but isn't one.

Back 54

B.

D.