Computer Science Quiz: Network & Information Security Answers, Exams of Computer Science

Download Computer Science Quiz: Network & Information Security Answers and more Exams Computer Science in PDF only on Docsity! Computer Science Sect + catchup Passive foot printing - Correct answer - focuses on learning as much information from open sources such as social media, corporate websites, and business organizations. Backdoor testing - Correct answer - some active reconnaissance tests will directly query systems to see if a backdoor has been installed. SNMPv2 - Correct answer - does not implement TLS or any encryption SNMPv3 - Correct answer - uses encrypted communication to manage devices, but it is not used for secure file transfers between devices. DNSSEC - Correct answer - are used on DNS servers to validate DNS responses using public key cryptography. ISO 31000 - Correct answer - sets international standards for risk management practices ISO 27002 - Correct answer - info sec controls are the focus ISO 27701 - Correct answer - extends standards to include detailed management of PII ISO 27001 - Correct answer - is the foundational standard for Information Security Management Systems PEAP - Correct answer - provides a method of authentication over a protected TLS tunnel EAP FAST - Correct answer - a secure replacement to LEAP. Does not require client or server certificates. EAP TLS - Correct answer - certificate based mutual authentication, negotiation of the encryption method and encrypted key determination. EAP TTLS - Correct answer - with an established secure tunnel, the server authenticates the client using authentication attributes within the TLS wrapper. CASB - Correct answer - can be used to apply security policies to cloud based implementations. Visibility into the application use and data security policy use. Verification of compliance with formal standards. DAC - Correct answer - allows the owner of the resource to control who had access. RBAC - Correct answer - assigns rights and permissions based on the role of the user. Usually assigned by group. MAC - Correct answer - allows access based on the security level assigned to an object. Only users with the objects assigned security level or higher may access the resource. ABAC - Correct answer - combines many different parameters to determine if a user has access to a resource. Rainbow tables - Correct answer - a precomputed table for caching the outputs of a cryptographic hash function, usually for cracking password hashes. Netstat - Correct answer - lists all active connections Netcat - Correct answer - is used for reading or writing data to the network connections using TCP or UDP. Reverse shell back to the attacker. Secure boot - Correct answer - is a UEFI boot feature that checks the digital signature of the bootloader. Trusted boot - Correct answer - portion of the startup process verifies the operating system kernel signature and start the Early Launch Anti Malware process. Measured boot - Correct answer - occurs after the trusted boot process and verifies that nothing on the computer has been changed by malicious software or other processes. Stateful firewall - Correct answer - pay attention to the conversations and allow packets in a conversation between devices to pass through once it has verified the initial exchange. microSD HSM - Correct answer - protects keys in a secure way. OPAL - Correct answer - a hardware based encryption standard and does not provide key management. TPM - Correct answer - is used as the foundation for a hardware root of trust for modern PCs. May provide a cryptographic key, a PUF or physically unclonable function, or a serial number that is unique to the device. IKE - Correct answer - is used to set up security associations (SA) on each end of the tunnel. SAs have all the settings for the tunnel (crypto algorithms, hashes). OTA updates - Correct answer - are used by cellular carriers as well as phone manufacturers to provide firmware updates and updated phone configuration data. Obfuscation - Correct answer - the process of taking something that is normal understandable and making it very difficult to understand. Many developers will ____________ their source code to prevent others from following the logic used in the application. Confusion - Correct answer - a concept associated with data encryption where the encrypted data is drastically different than the plaintext. Diffusion - Correct answer - an encryption concept where changing one character of the input will cause many characters to change in the output. RTO - Correct answer - how long you have to recover before you lose money MTTR - Correct answer - how long on average a recovery takes. Certificate pinning - Correct answer - embeds or "pins" a certificate inside of an application. When the application contacts a service, the service certificate will be compared to the pinned certificate. If the certificates match, the application knows that it can trust the service. If they don't match, the application can choose to shutdown, show an error, or let the user know about the discrepancy. Certificate chaining - Correct answer - Intermediate certificates are often listed between a web servers SSL certificate and the root certificate. This list is called a "chain". OCSP stapling - Correct answer - the certificate holder can verify their own status and avoid client internet traffic by storing the stats information on an internal server and "stapling" the status into the SSL/TLS handshake. Continuous deployment - Correct answer - automates every aspect of deploying software. After the developer creates the code, the testing and deployment process is completely hands off and does not need human intervention. Continuous delivery - Correct answer - automates the testing process, but requires human intervention for the final deployment to production. Continuous integration - Correct answer - code is constantly written and merged into the central repository many times each day. Pass the hash - Correct answer - is the process of harvesting an accounts cached credentials when the user logs in to a SS system. This would then allow the attacker to use credentials on other systems. Cryptographic Erase (CE) - Correct answer - sanitizes a self encrypting drive by erasing the media encryption key and then rummaging the drive. Secure Erase (SE) - Correct answer - used to perform the sanitization of flash-based devices scubas SSDs or USBs when cryptographic erase is not available. Zero Fill - Correct answer - relies on overwriting a storage device by setting all bits to the value of zero, but is not effective on SSDs or hybrid drives. Air gaps - Correct answer - are designed to remove connections between two networks to create physical segmentation between them. The only way to cross an air gap is to have a physical device between these systems, such as a removable media drive. Directory traversal - Correct answer - is an HTTP attack that allows attackers to access restricted directories and execute commands outside the web servers root directory. XSS - Correct answer - are a type of injection in which malicious script are injected into otherwise benign and trusted websites. Session hijacking - Correct answer - attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the web server. Race condition - Correct answer - occurs when the outcome from execution processes is directly dependent on the order and timing of certain events. Broken authentication - Correct answer - refers to an app that fails to deny access to malicious actors Dereferencing - Correct answer - attempts to access a pointer that references an object at a particular memory location Command injection - Correct answer - is an attack in which the goal is to execute arbitrary commands on the host operating system via a vulnerable application. LDAP injection - Correct answer - is a code injection technique used to exploit web applications that could reveal or modify sensitive user information represented in LDAP. PGP - Correct answer - is an encryption program that provides cryptographic privacy and authentication for data communication. Uses asymmetric algorithm. Autopsy - Correct answer - is a cross platform, open source forensics tool suite. GLBA - Correct answer - US federal law that requires financial institutions to explain how they share and protect their customers private information. HIPPA - Correct answer - medical records SOX - Correct answer - US federal law that established sweeping auditing and financial regulations for public employees. FERPA - Correct answer - US federal law that gives eons the access to educational information and records COSO - Correct answer - defines risk and related common terminology lists key components of risk management strategies and supplies direction and criteria for enhancing risk management practices. "Set type=ns" - Correct answer tells nslookup only reports information on name servers. RIPEMD - Correct answer - creates a 160-bit fixed output SHA-2 - Correct answer - creates a 256-bit fixed output NTLM - Correct answer - creates a 128-bit fixed output MD-5 - Correct answer - creates a 128-bit fixed output Aircrack-ng - Correct answer - complete suite of wireless security assessment and exploitation tools that includes monitoring, attacking, testing, and cracking of wireless networks. John the ripper - Correct answer - is a password cracking software tool. Netcat - Correct answer - is used to create a reverse shell from a victimized machine back to an attacker. Wildcard certificate - Correct answer - a public key certificate that can be used with multiple subdomains of a domain. Saves money and reduces management burden. SPI - Correct answer - sensitive personal information about a subjects opinions, beliefs and nature afforded specially protected status by privacy legislation. Full disk encryption (FDE) - Correct answer - ensures that all data is encrypted and cannot be exposed to other organizations. Mitigates the risk of data remanence. Data Asset Value - Correct answer - is a metric or classification that an organization places on data stored, processed, and transmitted by an asset. Data masking - Correct answer - a de-identification method where generic or placeholder labels are substituted for real data while preserving the structure or format of the original data. (Ex. Xxxx-xxxx-xxxx) Tokenization - Correct answer The process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security. Aggregation/Banding - Correct answer - a de-identification technique where data is generalized to protect the individuals involved. Incident response steps: - Correct answer 1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Lessons Learned hping - Correct answer - an open source packet generator and analyzer used for security auditing and testing of firewalls and networks. Netstat - Correct answer - utility that display network connections, routing tables and a number of network interface and protocol stats. Netcat - Correct answer - utility for reading from and writing to network connections using TCP or UDP which is a dependable back end that can be used directly or easily driven by other programs and scripts. Curl - Correct answer - a cmd line tool to transfer data to or from a server, using any of the supported protocols (HTTP, FTP, IMAP, POP3, SCP, SFTP, SMTP, TFTP, TELNET, LDAP or FILE). The harvester - Correct answer - a python script that is used to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN database. Sn1per - Correct answer - an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities across a network. Scanless - Correct answer - utility that is used to create an exploitation website that can perform open port scans in a more stealth like manner. Dnsenum - Correct answer - utility that is used for DNS enumeration to locate all DNS servers and DNS entries for a given organization. Nessus - Correct answer - a proprietary vulnerability scanner that can remotely scan a computer or network for vulnerabilities. Infrastructure scanner for routers, switches, hosts and servers. Cuckoo - Correct answer - an open source software for automating analysis of suspicious files. A sandbox environment. Logger - Correct answer - utility that provides an easy way to add messages to the /var/log/syslog file from the command line or form other files. OpenSSL - Correct answer - a software library for apps that secure communications over computer networks against eavesdropping or need to identify the party at the other end. Tcpdump - Correct answer - a cmd line utility that allows you to capture an analyze network traffic going through your system.