SEC-250 Questions and answers latest update

SEC-250 Questions and answers latest update What does it mean to say that a Certificate Authority "signs" another party's digital certificate? When a certificate authority signs another party's digital certificate, they are saying that they trust that party, therefore creating a web of trust. The CA performs a mathematical function involving their private key to generate a public key for the applicant What is the purpose of a Certificate Authority? The purpose of a Certificate Authority is to provide certificates and sign off on other certificates creating a web of trust. An example of a certificate authority is Go Daddy. What is the purpose of using TLS/SSL The purpose of TLS/SSL is to ensure that the website you are on is secure and that any information you give to that site will be secure when being transmitted. Define an Advanced Persistent Threat. An Advanced Persistent Threat is a threat from a group of people, like the government who can persistently have a reason to threaten another group of people or person. How does one typically transport data between an air gap network and another network? An air gap network is a network that is physically separated from all other networks. Any data that is transported to an air gap network from another network has to be carefully examined before it can enter. What is the difference between a virus and a worm? A virus requires some sort of user interaction whereas a worm can self replicate and doesn't require user interaction. Describe the behavior/purpose of a trojan and a rootkit A Trojan is a backdoor that is normally part of a larger attack and is done through remote access. A root kit hides malware and a file integrity check can be used to combat root kits. How does "fuzzing" during the development process help create more secure web applications? Fuzz testing or fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. If vulnerabilities are discovered before a program is released, developers can prevent their software from being exploited in the wild. Why do web servers present an increased level of exposure? By design web servers are always on, are always connected to the internet, must always have adequate available resources to serve clients, and must accept connections from any (unknown) client. This makes them a common target. In regard to Web Server security, what is a Honey Pot? A Honey Pot is a website that has information and is purposefully insecure in hopes that someone who has a new virus will use the virus on this website. That way, we can learn more about the virus before it attacks an actual website with real information. Why would an organization use an application-level filter to inspect all outgoing mail as well as incoming? An organization might want to look for incoming spam phishing attempts, scan incoming mail for viruses, or monitor outgoing mail to detect an infected mail server. Describe the difference between a stateless and a stateful packet filter: A stateless packet filter looks at incoming and outgoing packets and accepts or denies packets based on criteria like source and destination IP address, Protocol, or Port number. It does not compare packets to any previous packets that have traversed the firewall. A stateful packet filter can monitor a session between an internal host and an external server. It can allow response packets from external servers based on an pre-established session. What is a Cross Site Scripting attack? XSS attacks web Bad code. If the text inputted by the user is reflected back and has not been data validated (or sanitized) the browser will interpret the inputted script as part of the mark up and execute the code accordingly. An XSS attack consists of an attacker taking advantage of this. Describe a SQL injection attack An SQL injection attack is when a hacker tries to get information from a database by using a web form. You can run SQL commands to get certain information. Commonly a hacker's goal is to reach the point where they can execute 'arbitrary code' on a remote system. What exactly does 'arbitrary code' mean? 'Arbitrary code' refers to an attacker's ability to run any command they choose. This implies that they have root or administrator level access. What does non-repudiation mean? How are digital signatures used in repudiation disputes? Non-repudiation is 'an authentication that can be asserted to be genuine with high assurance', meaning we can believe beyond a reasonable doubt that an individual did something and they are unable to deny it. By digitally signing a document, others can use our public key to verify beyond a reasonable doubt that we created the document. What is a logic bomb? A logic bomb is any code that is set to execute when a certain condition or event transpires in the future. They are often employed by criminals to hide their tracks in the case that they're caught. How does a DNS amplification attack work? An attacker sends a small request to a public DNS server soliciting a large amount of data in response. The attacker supplies a sources address of its victim so that the size-amplified reply packets are sent to the victim, possibly creating a Denial of Service condition. Describe AAA Authentication is how you identity yourself with something you know(a password), something you have(a key card or smart card) or something you are(your fingerprint or retina). Authorization is making sure that only the people that need to have and see certain information are authorized to do so whereas people who shouldn't have access to it, can't. Accounting is keeping of logs and records of things like smart card swipes. Block vs Stream Cipher Block cipher - Break text into relatively large chunks and encode each block separately. Stream cipher - partition the text into small blocks and let the encoding of each block depend on many previous blocks. Describe AES Uses Rijndael cipher Block cipher Current widely used key size: AES-256Bit Give examples of Asymmetric Encryption RSA Elgamal Give examples of Symmetric Encryption Twofish, Blowfish, Serpent, AES, IDEA, RC4, CAST Describe the different types of viruses Polymorphic Virus - Changes to avoid signature detection Resident Virus - Lives in RAM, executes some function after certain action is performed (infect certain filetypes, execute arbitrary code, log action) Boot sector Virus - lives in Boot Sector File infector - bury malicious code in carrier file (.exe, .vbs, .pdf) Macro virus - Exploits macro functionality. Affects office docs, etc Name reasons to attack a system Fun Disgruntled employees Steal data or information Financial gain Test the security of an application or system Hacktivism (political or social cause) Cyberwarfare (Nation State) List stages of attack and what is done in each stage Enumeration - At this stage, you gain all the knowledge you can about the target you are attacking and you build a profile on them. One common questions you might answer during this stage is what kind of antivirus software are they running. Attack the System - This step is when you gain access to they system and do things like run arbitrary code. Maintain Access - To maintain access you can plant a rootkit or trojans for a backdoor so you can get back into the system. You could also create a user account to get back into the system at a later time. Cover Tracks - In order to cover your tracks, you can delete log files, alter log files or delete certain entries from the log files Describe a firewall Simplest of components, Uses transport-layer information only Example - DNS uses port 53