Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
37 Cards in this Set
- Front
- Back
|
What is the best way to remove a boot sector virus |
Start the computer from a bootable antivirus disk. This bypasses the infected boot sector on the hard drive. |
|
|
What is a companion virus? |
One that disguises itself as a more legitimate program with the same name, but using a different extension, for example, using a .com instead of .exe extension. |
|
|
What is a file infector virus, and what precaution should be taken? |
They infect executable files. Do not connect them to the network, as they can replicate to other systems and network files.
|
|
|
What is an additional risk of macro viruses? |
They can infect document templates, replicating the virus with each new document created with that template. |
|
|
What kind of virus changes itself with each new replication to avoid detection? |
Polymorphic viruses |
|
|
What is metamorphic malware |
Can actually change the virus code (payload), not simply the appearance of the file. |
|
|
What is the optimum fix for a rootkit? |
They are difficult to remove via software and the best fix is to wipe and reinstall the OS. |
|
|
What is used to ensure a minimum acceptable level of security is being complied with? |
Security baselines |
|
|
removing unessesary services from a system is part of ______ |
OS hardening |
|
|
Linux filesystems should be of what type for optimum security purposes? |
ext3 or later |
|
|
what can an admisistrator do to defend against unauthorized user downloaded software or malware communicating out to the internet? |
block the ports that some of thes eapplications use at the main firewall. |
|
|
|
Start with a strong security mode and then add exceptions as needed. Do NOT start with a weak security mode intending to strenghten. |
|
|
What an be done to allow cookies to funtion but still enhance seurity? |
Block third party cookies which are usually coming from third pary sites |
|
|
What monitors an individual system for suspicious activity? |
A Host based Intrusion Detection System (HIDS) they are typically used in critical server systems. |
|
|
What kind of intrusion detection system monitors and sends alerts?
|
Passive. To take steps to shut down access requires an active detection system.
|
|
|
What are several benefits of virtualizaton?
|
Elasticity, the ability to divide up resources upon demand.
Snapshots can allow an administrator to roll back the system configuration. Sandboxing, which separates and insulates the underlying machine layer from the software. |
|
|
What encryption method is typically used for on the fly file system encryption/decryption?
|
AES 128 or 256 bit.
|
|
|
What can protect a network from trojan horse activity trying to utilize back door access? |
A host based firewall can block incoming connections and monitor outbound activity. |
|
|
What should be done after installing antivirus software? |
Update the virus definition files. These are frequently updated and the files that ship with the software could already be out of date.
|
|
|
What makes javascript a security issue? |
|
|
|
What is a security flaw of active X controls? |
ActiveX components are downloaded and run with the same pemissions as the logged in user. |
|
|
What provides some measure of security when running activeX controls? |
A valid activeX control will have a signed and verifiable certifcate. do not use the lowest level of browser security,as this will allow all activeX controls to be run with no user alerts given. |
|
|
What is done to protect against header manipulation? |
Most web applications will process server side headers only which areusually safe and cannot be manipulated, but not client side headers, due to security concerns |
|
|
What are some security flaws of FTP? |
All data and credentials are sent in clear text and FTP servers often have an anonymous login account installed by default. SFTP should be used instead, and the anonymous account should bedisabled. |
|
|
What is cache poisoning? |
False DNS records are planted with spoofed IP adresses, resulting in users being directed to a hackers website instead. |
|
|
What is a risk in DNS zone transfers? |
An unauthorized zone transfer could result in a hacker gaining access to DNS records including adresses of critical servers and other equipment. Zone tranfers should be restricted to trusted DNS servers under your control. |
|
|
|
Lack of any authentication mechanism to allow or disallow clients connecting. |
|
|
What is a DOS attack that can be done against DHCP? |
using up all the available adresses in a DHCP servers address pool which will prevent any other clients from connecting. |
|
|
What kind of attack inputs commands into the input fields of a database application? |
SQL injection. These commands are then run against the database, providing escalated priviledges. Authenitication and access permissions should be configured. |
|
|
What is an attack that can be done against a directory service? |
LDAP injection inserts code into a user request. Input should be validated by the application. |
|
|
|
It should be set to only forward authenticated emails from within it's own domain. |
|
|
What is escaping? |
A secure coding technique that recongizes command characters and and converts them to simple data before they are processed. |
|
|
What is a risk of transitive access? |
That mutual trust relationships will pass through more than one software component, and provide access to a third party. This is pass through transitive access and should not be allowed when creating applications. |
|
|
What are the advantages and disadvantages of server side validation? |
Advantages are it is more compatible with a variety of clients and it is considered more secure, as it does not show it's code to the client. Disadvantage is that is is much slower to validate input than if the validation is done at the client. |
|
|
what is the concept of usind security and content control to keep private data from leaving an organization? |
DLP Data Loss Prevention |
|
|
What is NOT included in Whole Disk Encryption? |
Boot volume or MBR (Master Boot Record) |
|
|
NESSUS |
A vulnerability scanner |
