WGU D430 FUNDAMENTALS OF INFORMATION SECURITY OAEXAM 2 VERSIONS TESTBANK AND LATEST UPDATED COMPLETE STUDYGUIDE - 250 QUESTIONS AND CORRECT DETAILED VERIFIED ANSWERS NEWEST UPDATED VERSION 2025 |ALREADY GRADED A+

WGU D430 FUNDAMENTALS OF INFORMATION SECURITY OAEXAM 2 VERSIONS TESTBANK AND LATEST UPDATED COMPLETE STUDYGUIDE - 250 QUESTIONS AND CORRECT DETAILED VERIFIED ANSWERS NEWEST UPDATED VERSION 2025 |ALREADY GRADED A+ Information security - Correct Answer protecting data, software, and hardware secure against unauthorized access, use, disclosure, disruption, modification, or destruction." "Compliance - Correct Answer The requirements that are set forth by laws and industry regulations. "How to maintain integrity? - Correct Answer Prevent unauthorized changes to the data and the ability to reverse unwanted authorized changes. Via system/file permissions or Undo/Roll back undesirable changes." "Availability - Correct Answer The ability to access data when needed" "Ways Availability can be compromised - Correct Answer - Power loss - Application issues - Network attacks - System compromised (DoS)" IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal government agencies" "DAD Triad - Correct Answer Disclosure, alteration, and denial" "CIA Triad - Correct Answer The core model of all information security concepts. Confidential, integrity and availability" "Confidential - Correct Answer Ability to protect our data from those who are not authorized to view it." "What ways can confidentiality be compromised? - Correct Answer - lose a personal laptop with data - Person can view your password you are entering in - Send an email attachment to the wrong person. - Attacker can penetrate your systems....etc." "integrity - Correct Answer Keeping data unaltered by accidental or malicious intent" "Denial of Service (DoS) - Correct Answer Security problem in which users are not able to access an information system; can be caused by human errors, natural disaster, or malicious activity." "Parkerian hexad model - Correct Answer A model that adds three more principles to the CIA triad: Possession/Control Utility Authenticity" "Improper or Inadequate Permissions - Correct Answer Particularly with Web applications and pages, there are often sensitive files and directories that will cause security issues if they are exposed to general users. One area that might cause us trouble is the exposure of configuration files due to improper or inadequate permissions." "Extraneous files - Correct Answer unnecessary files that aren't cleaned up when the application moves from development to production. Leaving extraneous files may be handing attackers materials they need to compromise the system." "Protocol issues - Correct Answer Vulnerability often involve common software development issues such as buffer overflows" "Unauthenticated access - Correct Answer When we give a user or process the opportunity to interact with our database without supplying a set of credentials." "arbitrary code execution - Correct Answer Occurs when an attacker is able to execute or run commands on a victim computer" "Privilege Escalation - Correct Answer An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing." "Possession/ control - Correct Answer Refers to the physical disposition of the media on which the data is stored; This allows you to discuss loss of data via its physical medium." "Principle of Possession example - Correct Answer Lost package (encrypted USB's and unencrypted USB's) possession is an issue because the tapes are physically lost. (Unencrypted is compromised via confidentiality and possession; encrypted is compromised only via possession)." "Principle of Authenticity - Correct Answer Allows you to say whether you've attributed the data in question to the proper owner/creator." "Ways authenticity can be compromised - Correct Answer Sending an email but altering the message to look like it came from someone else, than the original one that was sent." "Utility - Correct Answer How useful the data is to you. Ex. Unencrypted (a lot of utility) Encrypted (little utility)." "Security Attacks - Correct Answer Broken down from the type of attack, risk the attack represents, and controls you might use to mitigate it." "Types of attacks - Correct Answer 1- interception 2- interruption 3- modification 4- fabrication" "Interception - Correct Answer Attacks allows unauthorized users to access our data, applications, or environments. Primarily an attack against confidentiality" "Interception Attack Examples - Correct Answer Unauthorized file viewing, copying, eavesdropping on phone conversations, reading someone's emails." "Interruption - Correct Answer Attacks cause our assets to become unstable or unavailable for our use, on a temporary or permanent basis. This attack affects availability but can also attack integrity" "Interruption Attack Examples - Correct Answer DoS attack on a mail server; availability attack Attacker manipulates the processes on which a database runs to prevent access; integrity attack. Could also be a combo of both." "Modification - Correct Answer Attacks involve tampering with our asset. Such attacks might primarily be considered an integrity attack, but could also be an availability attack." "Modification Attack example - Correct Answer Accessing a file in a unauthorized manner and alter the data it contains; affects the integrity. If the file in question is a config file that manages how a service behaves (web server) this may affect the availability. If the config file changes how the server deals with encrypted connections; then its a confidentiality attack." "Fabrication - Correct Answer Attacks involve generating data, processes, communications, or other similar activities with a system. Attacks primarily affect integrity but can be considered an availability attack." "Fabrication attack examples - Correct Answer Generate a fake email; common for propagating malware. Generate additional processes, network traffic, email, web traffic or anything that consume resources attack on availability; by rendering the service and making it unavailable to users." "Confidentiality is affected by which attack - Correct Answer Interception" "Integrity is affected by which attack - Correct Answer Interruption, modification, fabrication" "Availability is affected by which attack - Correct Answer Interruption, Modification, Fabrication" "Risk - Correct Answer The likelihood that a threat will occur. There must be a threat and vulnerability IE: Threat (the fire) and matching a vulnerability (the wood) = High Risk a fire will break out." "Threat - Correct Answer Any event being man-made, natural or environmental that could damage the assets Ex. virus might be an issue on windows OS but not the same of Linux." "Vulnerabilities - Correct Answer Weakness that a threat event or the threat can take advantage of Ex. Might involve a specific OS or application, physical location of the office." "Impact - Correct Answer Impact takes into account the value of the asset being threatened and uses it to calculate risk. Orgs like the NSA (US National Security Agency) adds impact" "Controls - Correct Answer The ways we protect assets. Physical, technical/ logical, and administrative" "Physical controls - Correct Answer Controls are physical items that protect assets. Think of locks, doors, guards, fences, cameras...etc." "Technical/ logical controls - Correct Answer Controls are devices and software that protect assets. Think of firewalls, av (anti-virus), ids (intrusion detection system), and ips (intrusion prevention system)" "Administrative controls - Correct Answer Controls are the policies that organizations create for governance. Ex: email policies, user policies..etc." "Risk Management - Correct Answer A constant process as assets are purchased, used and retired. The general steps are 1- identify assets 2- identify threats 3- assess vulnerabilities 4- assess risk 5- mitigating risks" "Identify assets - Correct Answer First and most important part or risk management. Identifying and categorizing the assets we are protecting such as employees, facilities, servers, workstations, sensitive data, etc." "Identify threats - Correct Answer Once we have our critical assets we can identify the threats that could harm our assets" "High Level overview of Threats - Correct Answer Ex: Application that handles credit card payments. Confidentiality - expose data inappropriately, could have a breach Integrity - data becomes corrupt, may process payments the wrong way Availability - system/application goes down; cant take payments Possession - lose backup media, could have a breach Authenticity - don't have authentic customer information; may process a fraud transaction. Utility - collect invalid/incorrect data; data will have limited utility." "Assess Vulnerabilities - Correct Answer Identify any weaknesses that exist in our assets" "Assess risks - Correct Answer Once we have identified the threats and vulnerabilities for a given asset we can access the overall risk" "Mitigating risks - Correct Answer Putting control measures in place to help ensure that a given type of threat is accounted for." "Incident response - Correct Answer Response to when risk management practices have failed and have cause an inconvenience to a disastrous event" "Incident response cycle - Correct Answer 1- preparation 2- detection and analysis 3- containment 4- eradication 5- recovery 6- post incident activity" "Preparation phase - Correct Answer The preparation phase consists of all of the activities that we can preform in advance of the incident itself in order to better enable us to handle it (creating policies, procedures, training, education, maintaining documentation)." "Detection and analysis phase - Correct Answer Where the action begins to happen. We will detect the occurrence of an issue and decide whether or not it is actually an incident so that we can respond" "Containment phase - Correct Answer Taking steps to ensure that the situation does not cause any more damage than it already has, or to at least lessen any ongoing harm. IE: Disconnecting an infected server" "Eradication phase - Correct Answer We will attempt to remove the effects of the issue from our environment IE: cleaning malware off a server, checking logs, scanning other systems...etc." "Recovery phase - Correct Answer Recover to a better state that we were prior to the incident or perhaps prior to when the issue started if we did not detect it immediately IE: restore devices, reload machines..etc." "Post incident activity phase - Correct Answer We attempt to determine specifically what happened, why it happened, and what we can do to keep it from happening again." "Defense in depth - Correct Answer Layering of security controls is more effective and secure than relying on a single control Layers to be protected: data, application, host, internal network, external network." "Defense by Layer: External Network - Correct Answer DMZ, VPN, logging, Auditing, Penetration testing, Vulnerability analysis" "Defense by Layer: Network perimeter - Correct Answer Firewalls, Proxy, logging, Stateful packet inspection, Auditing, Penetration testing, Vulnerability analysis" "Defense by Layer: Internal Network - Correct Answer IDS, IPS, Logging, Auditing, Penetration testing Vulnerability analysis" "Host - Correct Answer Authentication Antivirus Firewalls IDS (intrusion detection sys) IPS (Intrusion protection sys) Passwords Hashing Logging Auditing Penetration testing Vulnerability analysis" "Defense by Layer: Application - Correct Answer SSO Content filtering Data Validation Auditing Penetration testing Vulnerabilities analysis" "Defense by Layer: Data - Correct Answer Encryption Access controls Backups Penetration testing Vulnerability analysis" "IDS (Intrusion Detection System) - Correct Answer A software and/ or hardware system that scans, audits, and monitors the security infrastructure for signs of attacks in progress." "AV (AntiVirus) - Correct Answer Software that can examine a computer for any infections as well as monitor computer activity and scan new documents that might contain a virus." "SIEM (Security Information and Event Management) - Correct Answer Software that collects and analyzes security alerts, logs and other real time and historical data from security devices on the network" "MSSP (Managed Security Service Provider) - Correct Answer Third-party provision of security configuration and monitoring as an outsourced service. Provides Security as a service (SECaas)" "identity and identification - Correct Answer Who or what we claim to be ( username, ID, account numbers, fingerprints)" "Authentication - Correct Answer The act of proving who or what we claim to be (password, pin code)" "Identity verification - Correct Answer The half step between identity and authentication (showing two forms of Id)" "Authroization - Correct Answer Decides what a person being authenticated is permitted to do. IE: Backstage press conference badge holder." "single-factor authentication - Correct Answer Involves the use of simply one of the three available factors solely in order to carry out the authentication process being requested" "Dual-factor authentication - Correct Answer An authentication method that includes multiple methods for a single authentication transaction. Often referred to as "something you have and something you know," when the factors include a device such as a smart card and a secret such as a password or PIN." "Multi-factor authentication - Correct Answer Use of several authentication techniques together, such as passwords and security tokens." "mutual authentication - Correct Answer The process where the session is authenticated on both ends and just one end. Prevents man in the middle attacks" "Factors of Authentication - Correct Answer 1. Something You Know (least secure) 2. Something You Do 3. Something You Have 4. Something You Are 5. Somewhere You Are" "Authentication Factor - Something you know - Correct Answer Common factor; Passwords, PINs; weak because if the info is exposed your auth may no longer be unique/protected." "Authentication Factor - Something you are - Correct Answer Unique Physical atrributes of an individual (Biometrics) Height, weight, hair color..etc. (simple) Fingerprints, iris, retina patterns, facial patter (Complex) difficult to steal but not impossible." "Authentication Factor - Something you have - Correct Answer Physical possession. ATM card, state/federal identity card, security token. Physical phone/email account authentication." "Authentication Factor - Something you do - Correct Answer sometimes a variation of something you are. based on actions or behaviors of an individual. handwriting, time delay between keystrokes; super strong hard to falsify. High chance of rejection to legitimate users than other factors." "Authentication Factor - Where you are - Correct Answer Geo location authentication. IE: going into a bank location to change ATM PIN instead of remotely." "man-in-the-middle attack - Correct Answer a hacker placing himself between a client and a host to intercept communications between them" "brute force attack - Correct Answer the password cracker tries every possible combination of characters to guess the password" "Password manager - Correct Answer Programs that store all of the users passwords with a master password" "Manual Password Synchronization - Correct Answer When a user synced passwords from different systems without a software application" "Biometrics - Correct Answer Authentication factors that use physical features ( something that you are )" "Minutiae - Correct Answer (pl. n.) small or trivial details, trifling matters Can be used to match back to the user." "Characteristics of biometric factors - Correct Answer universality, uniqueness, permanence, collectability, performance, acceptability, and circumvention" "Universality - Correct Answer Stipulates that we should be able to find our chosen biometric characteristics in the majority of people we expect to enroll in the system" "uniqueness - Correct Answer A measure of how unique a particular characteristic is among individuals Ex. Height (not so unique) but DNA or Iris patterns." "Permanence - Correct Answer Tests show how well a particular characteristic resists change over time and with advancing age Ex. Height, weight (not great options due to change) fingerprints are a good one to pick." "Collectibility - Correct Answer Measures how easy it is to acquire a characteristic with which we can use later to authenticate a user Ex. Fingerprints (easy) DNA (harder)" "Performance - Correct Answer measures how quickly a system performs a factors such as speed, accuracy, and error rate." "Acceptability - Correct Answer A measure of how acceptable the particular characteristic is to the users of the system Ex. Slow old systems (no); Systems that require users to strip (no) Users that can scan a finger (yes)" "circumvention - Correct Answer Describes the ease with which a system can be tricked by a falsified biometric identifier" "Hardware tokens - Correct Answer Physical devices that generate a one time password ( something you have )" "Software tokens - Correct Answer Applications that generate OTP (one time password)" "one time password - Correct Answer A password that is generated for use in one specific session and becomes invalid after the session ends." "Authorization - Correct Answer What the user can access, modify, and delete" "Principle of Least Privilege - Correct Answer The lowest level of authorization allowed to a user to preform duties" "Allowing access - Correct Answer Let's us give a particular party or parties access to a given resource" "Denying access - Correct Answer Simply the opposite of granting access" "Limiting access - Correct Answer Refers to allowing some access to out resource, but only up to a certain point" "sandbox - Correct Answer A set of resources devoted to a program, process, or similar entity, outside of which the entity cannot operate" "Revoking access - Correct Answer Takes access that was once allowed away from the user." "ACLs (access control lists) - Correct Answer The means by which we implement authorization and deny or allow access to parties based on what resources we have determined they should be allowed access to ." "capability-based security - Correct Answer The use of a token that controls our access" "Read - Correct Answer Allowing us to access the contents of a file or directory" "Write - Correct Answer Write to a file or directory" "Execute - Correct Answer Execute the contents of the file" "Network ACLs - Correct Answer Access controlled by the identifiers we use for network transactions such as ip address, MAC address and ports" "confused deputy problem - Correct Answer A type of attack that is more common in systems that use ACLs rather than capabilities; - when software has greater permissions than user, the user can trick the software into misusing authority" "CSRF (Cross Site Request Forgery) - Correct Answer Cross-Site Request Forgery is an attack that causes an end user to execute unwanted actions on a web application in which he or she is currently authenticated. Unlike with XSS, in CSRF, the attacker exploits the website's trust of the browser rather than the other way around. The website thinks that the request came from the user's browser and was actually made by the user. However, the request was planted in the user's browser" "Clickjacking Attack - Correct Answer also called UI redress attack; typically uses an inline frame, or iframe. In a clickjacking attack, an attacker wraps a trusted page in an iframe that places transparent image over legitimate links, graphics or form fields. Causes client to execute a command differing from what they think they are performing" "Discretionary Access Control (DAC) - Correct Answer an access control model in which the subject has total control over any object that the subject owns along with the programs that are associated with those objects" "Mandatory Access Control (MAC) - Correct Answer The most restrictive access control model, typically found in military settings in which security is of supreme importance." "Rule-Based Access Control - Correct Answer A model that is based off of allowing or denying access based on a set of predetermined rules" "Role-Based Access Control (RBAC) - Correct Answer An access control model that bases the access control authorizations on the roles (or functions) that the user is assigned within an organization" "Attribute-based access control (ABAC) - Correct Answer Controls access based on attributes of the user, the resource to be accessed, and current environmental conditions" "Multilevel Access Control - Correct Answer are used where the simpler access control models that we just discussed are considered to not be robust enough to protect the information to which we are controlling access. Such access controls are used extensively by military and government organizations, or those that often handle data of a very sensitive nature. We might see multilevel security models used to protect a variety of data, from nuclear secrets to protected health information (PHI)." "Bell-LaPadula Model - Correct Answer implements a combination of DAC and MAC and is primarily concerned with the confidentiality of the resource in question. Generally, in cases where we see DAC and MAC implemented together, MAC takes precedence over DAC, and DAC works within the accesses allowed by the MAC permissions." "Simple Security Property - Correct Answer The level of access granted to an individual must be at least as high as the classification of the resource in order for the individual to be able to access it" "The * property - Correct Answer Anyone accessing a resource can only write its contents to one classified at the same level or higher" "The Biba model of access control - Correct Answer Primarily concerned with protecting the integrity of the data, even at the expense of confidentiality" "Simple integrity axiom - Correct Answer The level of access granted to an individual must be no lower than the classification of the resource." "Brewer and Nash model - Correct Answer aka Chinese Wall; Access control model designed to prevent conflicts of interest. Commonly used in industries such as financial" "Accountability - Correct Answer Provides us with the means to trace activists in our environment back to their source. Depends on identification, authentication, and access control being present so that we know who a given transaction is associated with, and what permissions were used to allow them to carry it out" "Nonrepudiation - Correct Answer Refers to a situation in which sufficient evidence exists to prevent an individual from denying that he or she has made a statement or taken action" "Deterrence - Correct Answer discouraging criminal acts by threatening punishment" "Admissibility of records - Correct Answer When we seek to introduce records in legal settings, it is often much easier to do so and have them accepted when they are produced from a regulated and consistent tracking system." "Intrusion Detection System (IDS) - Correct Answer Preforms strictly as a monitoring and alert toll. Only notifying us that an attack or undesirable activity is taking place" "Intrusion Prevention System (IPS) - Correct Answer Can take action based on what is happening in the environment. In response to an attack over the network an ips might refuse traffic from the source of the attack" "Auditing - Correct Answer Ensuring that we have accurate records of who did what and when. Primarily focused on compliance with relevant laws and policies, and access to and from systems and sometimes physical security" "Assessments - Correct Answer Vulnerability and penetration testing" "Vulnerability Assessment - Correct Answer Tools such as Nessus . They work by scanning the target systems to discover which ports are open on them and then interrogating each open port to find out exactly which service is listening on the port in question" "Penetration Testing - Correct Answer We conduct a test where we mimic as closely as possible the techniques an actual attacker would us" "Cryptology - Correct Answer The study of deciphering secret messages. Cryptographic algorithms" "Cryptanalysis - Correct Answer The breaking and finding a weakness in the algorithm" "Caesar cipher - Correct Answer A substitution cipher that shifts characters a certain number of positions in the alphabet usually 3 ." "Substitution - Correct Answer The substitution of one letter for another in a consistent fashion" "ROT13 - Correct Answer A substitution cipher that uses a key of 13. To encrypt a message, you would rotate each letter 13 spaces. To decrypt a message, you would rotate each letter 13 spaces." "Cryptographic - Correct Answer Existed before the modern computer . Used to simplify the use of encryption and made more computer encryption possible." "Symmetric Cryptography - Correct Answer Also known as private key. Utilizes a single key for both encryption of plain text and decryption of the cipher text" "Asymmetrical Cryptography - Correct Answer Public key utilizes 2 keys. A public key and a private key. The public key is used to encrypt data sent from sender to receiver and is shared with everyone" "hash function - Correct Answer Keyless cryptography. Do not use a key but instead create a unique and fixed length hash value based on the original message. (Like a fingerprint) a slight change to the message will change the hash" "Digital signature - Correct Answer an encrypted code that a person, website, or organization attaches to an electronic message to verify the identity of the message sender" "Certificates - Correct Answer Digitally signed electronic documents that bind a public key with a user identity." "Block Cipher - Correct Answer An encryption method that encrypts data in fixed-side blocks. Block size is 64 bits ." "Stream Cipher - Correct Answer An encryption method that encrypts data as a stream of bits or bytes. One bit at a time." "DES - Correct Answer A block cipher based on symmetric key cryptography and uses a 56- but key. Was once considered very secure but that is no longer the case" "3DES - Correct Answer Triple Digital Encryption Standard. A symmetric algorithm used to encrypt data and provide confidentiality. It was originally designed as a replacement for DES. It uses multiple keys and multiple passes and is not as efficient as AES, but is still used in some applications, such as when hardware doesn't support AES." "AES - Correct Answer A set of symmetrical block ciphers endorsed by the us government through NIST . Is used by a variety of organizations. It is the replacement for DES as the standard encryption for us government . Uses 3 different ciphers one a 128 bit key one 192-bit key and one 256- bit key" "Symmetric block cipher programs - Correct Answer Two fish, serpent, blowfish , cat5, IDEA" "Stream cipher programs - Correct Answer RC4, ORXY, and SEAL" "Elliptic Curve Cryptography (ECC) - Correct Answer A type of public key cryptosystem that requires a shorter key length than many other cryptography systems (including the de facto industry standard, RSA)." "Protecting data at rest - Correct Answer Data is at ready when it is on a storage device of some kind and is not moving over a network, or a protocol" "Data security - Correct Answer The process of keeping data, both in transit and at rest, safe from unauthorized access, alteration, or destruction" "Protecting Data in Motion - Correct Answer The primary method of securing data from exposure on network media is encryption, and we may choose to apply it in one of two main ways: by encrypting the data itself to protect it or by protecting the entire connection." "Protecting data itself - Correct Answer SLL&TLS are used to protect info sent over the network and over internet. The operate in conjunction with other protocols like internet message access protocol (IMAP) , post office protocol (POP) for email" "VPN (Virtual Private Network) - Correct Answer A private network that is configured within a public network such as the Internet. A secure connection between two systems" "Internet Protocol security (IPSEC) - Correct Answer A set of protocols developed to support the secure exchange of packets between hosts or networks." "Protecting data in use - Correct Answer Hardest to protect. Data is in use when a user is accessing the data." "FISMA - Correct Answer Federal Information Security Management Act provides a framework for ensuring the effectiveness of information security controls in government" "FERPA - Correct Answer Family Educational Rights and Privacy Act. Protects the privacy of students and parents" "SOX - Correct Answer Sarbanes-Oxley Act. Regulates financial practices and governance corporations. Designed to protect investors and the general public by establishing requirements reporting and disclosure practices" "GLBA - Correct Answer Gramm-Leach-Bliley Act. Protects the customers of financial institutions, any company offering financial products or services" "HIPAA - Correct Answer Health Insurance Portability and Accountability Act. Purpose is to improve the efficiency and effectiveness of the health care system. Requires privacy protections for individuals health information" "HITECH - Correct Answer Health Information Technology for Economic and Clinical Health Act. Created to promote and expand the adoption of health information technology specifically the use of electronic health records." "US Patriot Act - Correct Answer Purpose is to deter and punish terroists acts in the United States and around the world" "E-FOIA - Correct Answer Electronic Freedom of Information Act. Requires agencies to provide the public with electronic access to any of their reading room records that have been created by them since November 1996" "CFFA - Correct Answer Computer fraud and abuse act of 1986. A law to reduce the hacking and cracking of government or other sensitive institutions computer systems" "CAN-SPAM Act - Correct Answer Controlling the Assault of Non-Solicited Pornography and Marketing Act; protects consumers against unwanted email solicitations" "COPPA - Correct Answer Children's Online Privacy Protection Act: a law that intends to keep children under the age of 13 protected from the collection of private information and safety risks online." "PCI DSS - Correct Answer Payment Card Industry Data Security Standard. Security standards designed to ensure all companies that accept , process, or transmit credit card information maintains a secure environment(not a law)" "compliance - Correct Answer Conforming to a rule, policy or law" "Regulatory Compliance - Correct Answer Regulations mandated by law usually requiring regular audits and assessments" "Industry Compliance - Correct Answer Regulations or standards usually not mandated by law, it is designed for specific industries (e.g. PCI DSS)" "privacy - Correct Answer the state or condition of being free from being observed or disturbed by other people." "privacy rights - Correct Answer The legal and ethical sources of protection for privacy in personal data." "Personally Identifiable Information (PII) - Correct Answer information about an individual that identifies, links, relates, or describes them." "Operations Security - Correct Answer A process that we use to protect our information ( encryption). OPSEC" "Identification of critical information - Correct Answer 1st step in the OPSEC process, arguably the most important: to identify the assets that most need protection and will cause us the most harm if exposed" "analysis of vulnerabilities - Correct Answer 3rd step in the OPSEC process: to look at the weaknesses that can be used to harm us" "Application of countermeasures - Correct Answer Once we have discovered what risks to our critical information might be present, we would then put measures in place to mitigate them. Such measures are referred to in operations security as countermeasures." "Security awareness - Correct Answer the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially informational, assets of that organization." "Social Engineering - Correct Answer techniques that trick a person into disclosing confidential information" "Pretexting - Correct Answer a form of social engineering in which one individual lies to obtain confidential data about another individual" "Phishing - Correct Answer An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information" "Malware - Correct Answer software that is intended to damage or disable computers and computer systems." "personal equipment - Correct Answer Use of personal equipment brings cost savings to a corporation but can open up certain risks like data leakage, malware, intellectual property viruses" "Clean desk - Correct Answer A policy designed to ensure that all confidential or sensitive materials are removed from a user's workspace and secured when the items are not in use or an employee leaves her workspace." "Gamification - Correct Answer Selective use of game design and game mechanics to drive employee engagement in non-gaming business scenarios." "Detective - Correct Answer Controls serve to detect and report undesirable events that are taking place (ex. Bulgar alarms)" "preventitive - Correct Answer Controls used to physically prevent unauthorized entities from breaching our physical security" "safety - Correct Answer Safety of people is our first concern when we plan physical security" "Physical concerns for data - Correct Answer Depending on the type of physical media on which our data is stored, any number of adverse physical conditions may be problematic or harmful to their integrity. Such media are often sensitive to temperature, humidity, magnetic fields, electricity, impact, and more, with each type of media having its particular strong and weak points." "Residual Data - Correct Answer Rendering the data as inaccessible when it's no longer required" "Raid - Correct Answer Array of Inexpensive Disks in a variety of configurations to ensure that we don't lose data from hardware failures in individual disks. We can replicate data from one machine to another over a network or make complies onto backup media dvd or magnetic tapes" "Tools we need to defend our network - Correct Answer Network segmentation, firewalls, IDS/IPS , wireless secure protocols, VPNs, secure protocols, MDM, port scanners , packet sniffers, honeypots" "Network Segmentation - Correct Answer Breaking a network into pieces and putting various levels of security between those pieces. We can control the flow of traffic allowing or disallowing traffic" "Firewalls - Correct Answer A system that acts as a control for network traffic, blocking unauthorized traffic while permitting acceptable ally creates network segmentation when installed" "packet filtering - Correct Answer a process in which firewalls are configured so that they filter out packets sent to specific logical ports" "stateful firewall - Correct Answer Uses a state table to keep track of the connection state and will only allow traffic through that is part of a new or already established connection" "Deep Packet Inspection Firewall - Correct Answer Are capable of analyzing the actual content of the traffic that is flowing through them. Can resemble the contents of the traffic to look at what will be delivered to the application that it is destined for." "Proxy servers - Correct Answer Can serve as a choke point in order to allow us to filter traffic for attacks or undesirable content such as malware or traffic to Web sites hosting adult content." "DM2 - Correct Answer Demilitarized zone. Combo of network design feature and a protective device such as a firewall" "Intrusion Detection System (IDS) - Correct Answer Performs strictly as a monitoring and alert tool, only notifying us that an attack or undesirable activity is taking place" "Signature-based detection - Correct Answer Works in a similar way to host antivirus systems" "Anomaly-based detection - Correct Answer Analyzes the current traffic against an established baseline and triggers an alert if outside the statistical average" "Wireless network security - Correct Answer Chief method of protecting traffic is encryption. The encryption is used by 802.11 wireless devices. The most common wireless families are - wired equivalent privacy (wep) - Wi-Fi protected access ( wpa) - Wi-Fi protected access v2 (wpa2)" "WPA2 - Correct Answer Wireless Protected Access 2. Wireless network encryption system. Offers the strongest security" "VPN - Correct Answer Virtual Private Network. Can provide us with a solution for sending sensitive traffic over unsecured networks. VPN connection is often referred to as a tunnel. Is encrypted connection between two points" "Secure Protocols - Correct Answer Easiest way we can protect our data" "Mobile devices - Correct Answer Any device that communicate via a wireless network" "kismet - Correct Answer Commonly used to detect wireless access points and can find them even when attempts have been made to make doing so difficult" "Netstumbler - Correct Answer A Windows tool used to detect wireless access points. Does not have as full feature set as kismet" "Portscanners - Correct Answer check to see what ports are open" "Nmap - Correct Answer A network utility designed to scan a network and create a map. Frequently used as a vulnerability scanner. (Network mapper)" "Packet sniffers - Correct Answer A network or protocol analyzer, is a tool that can intercept traffic on a network, commonly referred to as sniffing. Sniffing basically amounts to listening for any traffic that the network interface of our computer or device can see, whether it was intended to be received by us or not. Some examples might be Wireshark (GUI) or Tcpdump (command-line tool)" "Wireshark - Correct Answer A widely used packet analyzer." "TCP Dump - Correct Answer Command line packet sniffing tool . Runs on Linux and unx operating systems" "Honeypots - Correct Answer can detect, monitor, and sometimes tamper with the activities of an attacker. are configured to deliberately display vulnerabilities or materials that would make the system attractive to an attacker." "hping3 - Correct Answer A tool used to test the security of firewalls and map network topology. - constructs specially crafted ICMP packets to evade measures to hide devices behind firewall - scripting functionality to test firewall/IDS" "Anti-malware tools - Correct Answer applications detect threats in the same way as an IDS either by matching against a signature or by detecting anomalous activities taking place." "executable space protection - Correct Answer A hardware and software-based technology that prevents certain portions of the memory used by the operating system and applications from being used to execute code." "Buffer overflow - Correct Answer Occur when we do not properly account for the size of the data input into our applications" "Software firewall - Correct Answer This type of firewall generally contains a subset of the features on a large firewall appliance but is often capable of similar packet filtering and stateful packet inspection activities" "Host Intrusion Detection System (HIDS) - Correct Answer A system used to analyze the activities on or directed at the network interface of a particular host" "Scanners - Correct Answer We can look for ports and versions of service that are running, examine banners displayed by services for information. Examine the info our systems display over the network and similar tasks" "Vulnerability assessment tools - Correct Answer Often include some portion of the feature set we might find in a tool such as Nmap, are aimed specifically at the task of finding and reporting network services on hosts that have known vulnerabilities." "exploit framework - Correct Answer A group of tools that can include network mapping tools, sniffers, and exploits" "software development vulnerabilities - Correct Answer • Buffer overflows • Race conditions • Input validation attacks • Authentication attacks • Authorization attacks • Cryptographic attacks" "Race conditions - Correct Answer A type of software development vulnerability that occurs when multiple processes or multiple threads within a process control or share access to a particular resource, and the correct handling of that resource depends on the proper ordering or timing of transactions" "Input validation attacks - Correct Answer If we are not careful to validate the input to our applications, we may find ourselves on the bad side of a number of issues, depending on the particular environment and language being used. A good example of an input validation problem is the format string attack. Could be used to crash an application or cause the operating system to run a command and potentially compromise the system." "Authentication attacks - Correct Answer Targets and attempts to exploit the authentication process a web site uses to verify the identity of a user, service, or application." "Authorization attack - Correct Answer A type of attack that can occur when we fail to use authorization best practices for our applications" "Cryptographic attacks - Correct Answer a method for circumventing the security of a cryptographic system by finding a weakness in a code, cipher, cryptographic protocol or key management scheme" "Client side attacks - Correct Answer Take advantage of weaknesses in the software loaded on our clients , or those attacks that use social engineering to trick us into going along with the attack" "Cross-Site Scripting (XSS) - Correct Answer Attack by placing code in the form of scripting language into a webpage, other media that is interpreted by a client browser including adobe flash and types of video files. When another person views the webpage or media they execute the code automatically and the attack is carried out" "cross-site request forgery (XSRF) - Correct Answer An attack that uses the user's Web browser settings to impersonate the user." "Clickjacking - Correct Answer An attack that tricks users into clicking something other than what they think they're clicking." "Server-side attacks - Correct Answer attacks that exploit vulnerabilities on the server." "Lack of input validation - Correct Answer Structured Query Language (SQL) injection gives us a strong example of what might happen if we do not properly validate the input of our Web applications. SQL is the language we use to communicate with many of the common databases on the market today."