Guías de estudio, Notas de estudios & Resúmenes

For what might we use the tool Kismet? You use the kismet tool in order to find and detect wireless devices. Explain the concept of segmentation and why it might be done. We divide a network into multiple smaller networks each acting as its own small network called a subnet. Here we can control the flow of traffic. We may do this to prevent unauthorized network traffic or attacks from reaching portions of the network we would prefer to prevent access. What risks might be present ...

Which of the following is true regarding the history of cybersecurity as presented in class and the associated document? Advances (firewalls, intrusion detection, encryption algorithms, etc.) often followed attacks or apparent weaknesses How do we know at what point we can consider our environment to be secure? Never; perfect security does not exist Considering the CIA triad and the Parkerian hexad, which of the following is true? Parkerian is more complete but not as widely kno...

Which of the following is not a reason to use a honeypot? alert us to an attacker's presence release classified or PII data detect, monitor, and sometimes tamper with the activities of an attacker attract the attention of attackers in order to study them and their tools release classified or PII data What is the purpose of a network DMZ? Encrypt the traffic to and from sensitive systems Provide external access to systems that need to be exposed to external networks suc...

How does a spear phishing attack differ from a general phishing attack? whether message has embedded javascript or not size of the message number of targets and custom messages whether message has malware attached or not number of targets and custom messages Is it OK to use the same password for all of our accounts? yes because using different passwords is hard to remember no because a compromise of one account leads to a compromise of all accounts using the same passwo...

Vulnerability vs. Threat A vulnerability is a weakness that can be use to harm us, meanwhile a threat is an entity that seeks to exploit a weakness and harm us. Logical Controls • Passwords • Encrptions • Firewalls • Intrusion Detection Systems • Logical Access Controls Utility usefulness of data Interception attack against confidentiality Concept of defense in depth for layers of confidentiality Data Layers Encryption Access Controls Vulnerabili...

What Kismet used for? Finding wireless access points even when attempts have made it difficult to do so. What is the concept of network segmentation and why do it? Divide networks into subnets. Do this for controlling network traffic. Boost Performance. Troubleshooting network issues. Why is a BYOD policy bad for an enterprise network? Potential for malware to be brought into the network from outside sources is high. Rogue access points. Three main protocols of wire en...

In a data breach (such as the OPM case) which security characteristic of data has been violated? Confidentiality Which of the following about vulnerabilities and threats is not true? A vulnerability or a threat, but not both, are required to create risk Considering the CIA triad and the Parkerian hexad, which of the following is true? Parkerian is more complete but not as widely known Which of the following is not true about complex and automatically generated passwords t...

How does the principle of least privilege apply to operating system hardening? prevents attack actions that require administrator or root privilege What is the difference between a port scanner and a vulnerability assessment tool? port scanners discover listening ports; vulnerability assessment tools report known vulnerabilities on listening ports What does applying a vendor OS update (patch) usually do? ... What does executable space protection do for us and how? preven...

What is access control? A security technique that regulates who or what can view or use resources in a computing environment It enables administrators to manage access at a more granular level Authentication Authentication is the step after identification It is to determine whether the claim of the identity is true Because access control is typically based on the identity of the user who requests access to a resource, authentication is essential to effective security. Wh...

If we are using an 4-character password that contains only lowercase English alphabetic characters (26 different characters), how many more possible passwords are there if we use a 5-character password (still only lowercase English alphabetic characters? a. 11,424,400 more possibilities b. 26 more possibilities c. Same number of possibilities because still using lowercase English alphabetic characters d. 456,976 more possibilities 11,424,400 more possibilities What do we call the p...