CYSE 101 Questions with correct Answers

CYSE 101 Questions with correct Answers Vulnerability vs. Threat A vulnerability is a weakness that can be use to harm us, meanwhile a threat is an entity that seeks to exploit a weakness and harm us. Logical Controls • Passwords • Encrptions • Firewalls • Intrusion Detection Systems • Logical Access Controls Utility usefulness of data Interception attack against confidentiality Concept of defense in depth for layers of confidentiality Data Layers Encryption Access Controls Vulnerability Analysis Host Layers Password Hashing Logging Parkerian Hexad confidentiality integrity availability possession or control authenticity utility. CIA vs Parkerian Hexad CIA Triad Advantages: The model is focused on security concepts in terms of data Disadvantages: The model is very restrictive in evaluating every situation Parkerian Hexad Advantages: The model is more extensive than the CIA triad and descriptively detail in specification the nature of the attack or issue Disadvantages: The Parkerian hexad is less known that the CIA, and discusses the definition of integrity differently. Verfication vs authentication Identity verification is a step below identity authentication in security. So while identity verification deals with simple measures like showing your ID to someone, authentication takes more step to ensure that the ID isn't fake or for information security purposes we authenticate a claim of identity. Mutual Authentication process in which the client authenticates to the server and the server authenticates to the client? Permanence biometric factor describes how well a characteristic resists change over time Types of multifactor authentication A Hardware Token LCD screens Finger print scanner Identity Cards Problem They can be taken They can by replicated They can be modified or inaccurate (old/ out of date). Multifactor authentication scheme Automated shutdown/log off after 5 minutes of inactivity Web cam monitor User specific user name and password Biometric finger scanner/ retina scanner Authorization vs Access control Authorization discusses what you are allowed and permitted to do, while access controls are measures to ensure that authorization isn't exploited by targets. Brewer and Nash Model MAC vs DAC MAC in terms of access control administers sets of levels and each user is linked with a specific access level. So MAC can access all levels that aren't greater than it's own level. DAC has a list of user that can access is, so access is provided by the identity of the user not authorization level. ABAC Confused Deputy Problem Privilege Escalation Access control lists vs Capabilities Logging Benefits Monitoring and logging are beneficial to security because it gives accountability to and liability to users, and keeping that information as a record tells users that misuse resources, help us in detecting and preventing intrusions, and in preparing materials for legal proceedings. Authentication vs Accountability Accountability is a security step above authentication, so basically once a user has proper proof that they're who they are (authentication), they then need accountability of what they're doing as a user and it's recorded. Nonrepudiation Nonrepudiation is the high possibility that someone cannot deny something they're are accused of. So basically having undeniable proof against someone. Things to Audit Software Licensing Network Data / Internet usage Accountability Accountability through monitoring and logging on systems and networks gives us the ability to maintains higher security posture. It also gives us the tools to achieve non-repudiation by helping us deter those that would misuse our resources, detect and prevent intrusions, and assist us in preparing materials for legal proceedings. It gives incentives to users for following proper guidelines in environments. Vulnerability assessments vs. Penetration Testing Vulnerability assessments generally involve using vulnerability scanning tools to find vulnerabilities. Penetration testing is less practical and involves mimicking the actions of an attacker. Testing might bring to light the severity of the vulnerability. Caesar Cipher Substitution Block vs. Stream Cipher A block cipher takes a predetermined number of bits, known as a block, in the plaintext message and encrypts that block Meanwhile, a stream cipher encrypts each bit in the plaintext message, 1 bit at a time. Block ciphers can act as stream ciphers by setting 1 bit block sizes. ECC Classification ECC is a classification within itself. The name classifies all mathematical problems on which its cryptographic algorithm is based. Asymmetric Key Algorithms are one of its classifications. Kerckhoffs' principle The second: The system must not require secrecy and can be stolen by the enemy without causing trouble. Substitution Cipher A substitution cipher is a type of encryption that involved the replacement of character's with others in a orderly fashion. Symmetric key cryptography Symmetric key cryptography, utilizes a single key for both encryption of the plaintext and decryption of the cipher text. Asymmetric Key Cryptography Asymmetric key cryptography, also known as public key cryptography, utilizes two keys: a public key and a private key. The public key is used to encrypt data sent from the sender to the receiver and is shared with everyone DES vs 3DES DES is a block cipher based on symmetric key cryptography and uses a 56-bit key; however, when the DES was broken by a project, it was replaced by 3DES who's key length was longer. So it's using the DES but three times. Public Key Cryptography The public key is used to encrypt data sent from the sender to the receiver and is shared with everyone. We see public keys included in e-mail signatures, posted on servers that exist specifically to host public keys, posted on Web pages, and displayed in a number of other ways. Private keys are used to decrypt data that arrives at the receiving end and are very carefully guarded by the receiver. Kismet as a Tool Kismet is used as tool to detect wireless access points, and thus has the potential break through networks. Concept of segmentation The network concept of segmentation is best explained as the division of network into smaller networks, with each acting as a chain to one another called a subnet. Because we can control the flow of traffic between subnets, allowing or disallowing traffic based on a variety of factors, and even blocking the flow of traffic entirely if necessary this allows promising security and protection for systems. Additionally, network segmentation can prevent unauthorized network traffic or attacks from reaching portions of the network to which we would prefer to prevent access, as well as making the job of monitoring network traffic considerably easier. Permissive BYOD Policy Devices violate confidentiality because they will have traces of their connection to the network of the enterprise that can be seen by threats. 3 Main Types of Protocols Nmap Port Scanner Tool used to scan for devices on a network, to include fingerprinting the operating system and detecting versions of services on open ports Honeypot A honeypot can detect, monitor, and sometimes tamper with the activities of an attacker. Honeypots are configured to deliberately display vulnerabilities or materials that would make the system attractive to an attacker. To falsely attract an attacker and monitor their malicious activity Signature vs. Anomaly Detection (IDSes) Signature detection involves searching network traffic for a series of bytes or packet sequences known to be malicious. A key advantage of this detection method is that signatures are easy to develop and understand if you know what network behavior you're trying to identify. The anomaly detection technique centers on the concept of a baseline for network behavior. This baseline is a description of accepted network behavior, which is learned or specified by the network administrators, or both. Events in an anomaly detection engine are caused by any behaviors that fall outside the predefined or accepted model of behavior. Virtual Private Networks Tools used to send sensitive data over an untrusted network? DMZ Networks through the use of a firewall. Stateful vs Deep packet Firewall Stateful firewalls looks at the contents of each packet in the traffic individually and makes a gross determination, and are able to keep track of the traffic at a granular level. Deep packet inspection firewalls add more layers of intelligence to our firewall capabilities. Deep packet inspection firewalls are capable of analyzing the actual content of the traffic that is flowing through them. Stateful firewalls can only look at the structure of the network traffic itself in order to filter out attacks and undesirable content Three Priorities for Physical Security Protecting People Protecting Data Protecting Equipment Categories of Control for Physical Security Detterent Detective Preventive Why use Raid Protect important data against media storage failures Main concern of physical security Protecting people