At what layer of the OSI model does IPsec operate?

At what layer of the OSI model does IPsec operate?

• Network
• Data Link
• Transport
• Session 

EXPLANATION

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications that works by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host).[1] Internet Protocol security (IPsec) uses cryptographic security services to protect communications over Internet Protocol (IP) networks. IPsec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection.

SOURCE

https://en.wikipedia.org/wiki/IPsec

 

Read More

Which of these is NOT a type of intrusion detection system (IDS)?

Which of these is NOT a type of intrusion detection system (IDS)?

• Behavior-based
• Host-based
• Tunnel-based
• Network-based 

EXPLANATION

Behavior-based IDS looks for variations in behavior, like unusually high traffic, policy violations,
things like that. Deviations in behavior help it recognize potential threats. A network-based IDS examines all network traffic going to and from network systems. A host-based IDS refers to applications like spyware or virus applications that are installed on individual network systems and monitor for things like system file modifications or registry changes.

Read More

What is a zero day vulnerability?

What is a zero day vulnerability?

• A hole in software that is unknown to the vendor
• A vulnerability exploited after it has been patched
• An attack by a programmer on a vulnerability in their own code.
• An attack on the very first day of a product's release

EXPLANATION

A zero day vulnerability refers to a hole in software that is unknown to the vendor.
In a zero day attack, this security hole is exploited by hackers before the vendor becomes aware of the problem and patches it.

SOURCE

Read More

The Betamax was to VHS, as

The Betamax was to VHS, as

• Terminate and Stay Resident is to Internal OS Commands
• Switching is to Routing
• Token-Ring is to Ethernet
•  DASD is to SAN

EXPLANATION

One one time in the 1980s Ethernet and Token-Ring were very competitive, vying for the same customers and networks,
replacing Arcnet (similar to Token-Ring) an older network topology.  Speed and reliability of Ethernet versus Token-Ring was the difference maker, and eventually Token-Ring is no longer used nor supported.

SOURCE

http://www.eweek.com/networking/30-years-ago-networking-in-the-1980s-meant-ethernet-vs.-token-ring

Read More

In terms of Internet Security, what is CEO Fraud?

In terms of Internet Security, what is CEO Fraud?

• A Phishing email directed at a CEO or executive within a CEO's office
• When a CEO embezzles from their company
• A criminal who impersonates a supervisor or other high ranking individual in a phishing attempt
• A CEO who impersonates someone to attain private information 

EXPLANATION

Cyber criminals have developed a new attack called CEO Fraud, also known as Business Email Compromise (BEC).
In these attacks, a cyber criminal pretends to be a CEO or other senior executive from your organization. The criminals send an email to staff members like yourself that try to trick you into doing something you should not do. These types of attacks are extremely effective because the cyber criminals do their research. They search your organization’s website for information, such as where it is located, who your executives are, and other organizations you work with. The cyber criminals then learn everything they can about your coworkers on sites like LinkedIn, Facebook, or Twitter. Once they know your organization’s structure, they begin to research and target specific employees.

SOURCE

https://securingthehuman.sans.org/resources/national-cyber-security-awareness-month

Read More

Which one of the following is an example of phishing?

Which one of the following is an example of phishing?

• An email directing the recipient to enter personal details on afake website.
• An email directing the recipient to forward the email tofriends.
• An email warning the recipient of a computer virus threat.
• An email directing the recipient to download an attachment. 

 

EXPLANATION

Phishing is a cybercrime in which a target or targets are contacted by email,
telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
The information is then used to access important accounts and can result in identity theft and financial loss.

SOURCE

http://www.phishing.org/what-is-phishing

Read More

What wireless attack is able to trick devices/users into connecting to it by appearing as trusted network that they have connected to in the past.

What wireless attack is able to trick devices/users into connecting to it by appearing as trusted network that they have connected to in the past.

• Spoofing
• Evil Twin
• Replay
• Disassociation 

EXPLANATION

Evil Twin is the correct answer. Disassociation (or deauth) attacks send special packets to kick a client device off a network and can be used to help connect a target to the evil twin.
Replay attacks are replaying previously captured packets on a network. And though the attacker is spoofing the name of a trusted network the attack is referred to as an evil twin.

SOURCE

https://en.wikipedia.org/wiki/Evil_twin_(wireless_networks)

Read More

An unauthorized zone transfer is a threat to what type of server?

An unauthorized zone transfer is a threat to what type of server?

• Exchange
• DNS
• VMWare
• Database 

EXPLANATION

The data contained in a DNS zone may be sensitive from an operational security aspect. This is because information such as server hostnames may become public knowledge, which can be used to discover information about an organization and even provide a larger attack surface. (Wikipedia)

SOURCE

https://en.wikipedia.org/wiki/DNS_zone_transfer#Exposure_of_data

 

 

Read More

Which of the following is NOT an international recognised standard for Information Security?

Which of the following is NOT an international recognised standard for Information Security?

• IEEE 802.11b
• ISO 27001
• ISO 27002
• ITSEC 

EXPLANATION

IEEE 802.11b-1999 or 802.11b, is an amendment to the IEEE 802.11 wireless networking specification. ISO 27001 defines the information security management system (ISMS). ISO/IEC 27002 is a popular, internationally-recognized standard of good practice for information security.
The Information Technology Security Evaluation Criteria (ITSEC) is a structured set of criteria for evaluating computer security within products and systems.

SOURCE

https://en.wikipedia.org/wiki/Cyber_security_standards

Read More

What type of attack has a program running on your server that bypasses authorization?

What type of attack has a program running on your server that bypasses authorization?

• Backdoor
• DDoS
• Phishing
• DoS 

 

EXPLANATION

When a program running on a server bypasses authorization, it is obvious that a back door attack is in progress.
Key Takeaway: In a back door attack, a program or service is placed on a server to bypass normal security procedures. A back door is a program that is designed to hide itself inside a target host. It allows the installing user access to the system at a later time without using normal authorization or vulnerability exploitation.

http://www.hbs.net/blog/december-2016/bypassing-security-controls-cyber-crime
https://www.incapsula.com/web-application-security/backdoor-shell-attack.html

Read More

Using steganography to hide an embedded file in a PDF, which of the following can be used?

Using steganography to hide an embedded file in a PDF, which of the following can be used?

• {object(/(filename), /(filetype)) show == 0}
• << /hideobj << /type (filename)
• << /Embeddedfiles << /Names [(filename)]
• << /Hidefile #! (filename) 

 

EXPLANATION

In PDF language, you would write "<< /Embeddedfiles << /Names [(filename here)]" to hide a file, as the language is designed in such a way that it looks explicitly for "/EmbeddedFiles" to render an embedded file, which is case sensitive. "/Embeddedfiles" without the capital F means nothing and so, the PDF reader ignores it and doesn't attempt to find the file specified.
Other ways of PDF obfuscation can be read about here, too:
https://blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/

SOURCE

https://blog.didierstevens.com/2009/07/01/embedding-and-hiding-files-in-pdf-documents/

Read More

AES Encryption uses which cipher?

AES Encryption uses which cipher?

• RC6
• Serpent
• Rijndael
• Twofish 

 

EXPLANATION

AES (Advanced Encryption Standard) is a NIST standard for encryption using the Rijndael cipher.
The cipher selected for AES was determined through an open call for new algorithms in 1997. The finalists for selection were Rijndael, Serpent, Twofish, RC6, and MARS, with Rijndael being the winning algorithm.

Read More

Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier environment?

Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier environment?

• NoSQL databases are not vulnerable to SQL injection attacks.
• NoSQL databases perform faster than SQL databases on the same hardware.
• NoSQL databases encrypt sensitive information by default.
• NoSQL databases are not vulnerable to XSRF attacks from the application server 

 

EXPLANATION

A NoSQL (originally referring to "non SQL" or "non relational")[1] database provides a mechanism for storage and retrieval 
of data that is modeled in means other than the tabular relations used in relational databases. Such databases have existed since the late 1960s, but did not obtain the "NoSQL" moniker until a surge of popularity in the early twenty-first century,[2] triggered by the needs of Web 2.0 companies such as Facebook, Google, and Amazon.com.[3][4][5] NoSQL databases are increasingly used in big data and real-time webapplications.[6] NoSQL systems are also sometimes called "Not only SQL" to emphasize that they may support SQL-like query languages.

SOURCE

https://en.wikipedia.org/wiki/NoSQL

Author Orginally copied from

http://webcache.googleusercontent.com/search?q=cache:KiyrP91akesJ:https://www.briefmenow.org/comptia/sql-databases-in-a-three-tier-environment-3/&hl=en&gl=us&strip=1&vwsrc=0

Read More

Which of the following is not an example of a denial-of-service attack?

Which of the following is not an example of a denial-of-service attack?

• Fraggle
• Smurf
• Teardrop
• Roadrunner 

EXPLANATION

 Smurf / Smurfing

When conducting a smurf attack, attackers will use spoof their IP address to be the same as the victim’s IP address. This will cause great confusion on the victim’s network, and a massive flood of traffic will be sent to the victim’s networking device, if done correctly.

Most firewalls protect against smurf attacks, but if you do notice one, there are several things you can do. If you have access to the router your network or website is on, simply tell it to not forward packets to broadcast addresses. In a Cisco router, simply use the command: no ip directed-broadcast.

This won’t necessarily nullify the smurf attack, but it will greatly reduce the impact and also prevent your network or website from attacking others by passing on the attack. Optionally, you could upgrade your router to newer Cisco routers, which automatically filter out the spoofed IP addresses that smurf attacks rely on.

Fraggle

A Fraggle attack is exactly the same as a smurf attack, except that it uses the user datagram protocol, or UDP, rather than the more common transmission control protocol, or TCP. Fraggle attacks, like smurf attacks, are starting to become outdated and are commonly stopped by most firewalls or routers.

If indeed you think you are being plagued by a fraggle attack, simply block the echo port, located at port 7. You may also wish to block port 19, which is another commonly used fraggle exploitable port. This attack is generally less powerful than the smurf attack, since the TCP protocol is much more widely used than the UDP protocol.

Teardrop

In the teardrop attack, packet fragments are sent in a jumbled and confused order. When the receiving device attempts to reassemble them, it obviously won’t know how to handle the request. Older versions of operating systems will simply just crash when this occurs.

Operating systems such as Windows NT, Windows 95, and even Linux versions prior to version 2.1.63 are vulnerable to the teardrop attack. As stated earlier, upgrading your network hardware and software is the best way to stay secure from these types of attacks.

Fraggle, Smurf, and Teardrop are all actual denial-of-service attacks. Roadrunner is not.

Read More

An initialization vector should be which of the following?

An initialization vector should be which of the following?

• Repeatable and random
• Unique and predictable
• Unique and unpredicatable
• Repeatable and unique 

 

EXPLANATION

An initialization vector (IV) should be unique and unpredictable. To prevent an attack,
an IV must not be repeated with a given key and should appear random.

SOURCE

https://en.wikipedia.org/wiki/Initialization_vector

Read More

To send someone a secure e-mail message using PGP, you should use which of the following?

To send someone a secure e-mail message using PGP, you should use which of the following?

• The recipient's private key
• Your public key
• Your private key
• The recipient's public key 

EXPLANATION

Pretty good privacy (PGP) can be used to send messages confidentially. For this, PGP combines symmetric-key encryption and public-key encryption. The message is encrypted using a symmetric
encryption algorithm, which requires a symmetric key. Each symmetric key is used only once and is also called a session key. The message and its session key are sent to the receiver. The session key must be sent to the receiver so they know how to decrypt the message, but to protect it during transmission, it is encrypted with the receiver's public key. Only the private key belonging to the receiver can decrypt the session key.
https://en.wikipedia.org/wiki/Pretty_Good_Privacy

Read More

Which of the following types of attacks do hackers use to gain information from you without the use of a computer program?

Which of the following types of attacks do hackers use to gain information from you without the use of a computer program?

• Social Engineering
• Cross Site Scripting
• ARP Poisoning
• SQL Injection 

 

EXPLANATION

Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
The term "social engineering" as an act of psychological manipulation of a human, is also associated with the social sciences, but its usage has caught-on among computer and information security professionals.

SOURCE

https://en.wikipedia.org/wiki/Social_engineering_(security)

Read More

What does the sender need in order to digitally sign an email?

What does the sender need in order to digitally sign an email?

• The public key of the recipient
• The public key of the sender
• The private key of the recipient
• The private key of the sender 

EXPLANATION

A digital signature is created by hashing a message and encrypting the hash with the sender's private key. The recipient can then decrypt the hash with the sender's public key. The recipient's keys are not used for a digital signature.

The sender's public key is NOT required to sign the message.
The sender's public key (in the possession of the recipient) is used verify signature.
The recipient's public key is meaningless in this scenario.
The recipient's private key is meaningless in this scenario.  

A general overview of this process can be found here https://www.docusign.com/how-it-works/electronic-signature/digital-signature/digital-signature-faq

SOURCE

https://en.wikipedia.org/wiki/Public-key_cryptography#Digital_signatures

Read More

What's a network segment for public-facing servers that's separated from a private, trusted network by a firewall?

What's a network segment for public-facing servers that's separated from a private, trusted network by a firewall?

• DMZ
• NSA
• VPN
• ATA 

EXPLANATION

A DMZ, or demilitarized zone, is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN).

SOURCE

http://www.ciscopress.com/articles/article.asp?p=1823359

Read More

Heaps and stacks are affected by which of the following attacks?

Heaps and stacks are affected by which of the following attacks?

• Buffer overflows
• Ping flood
• SQL injection
• Cross site scripting 

 

EXPLANATION

Heaps and stacks are data structures that can be affected by buffer overflows. A buffer overflow vulnerability allows an attacker to corrupt the execution stack of an application by inserting data into adjacent memory locations. This can cause application or operating system instability or, in the hands of a skilled attacker, even allow arbitrary code execution.

SQL Injection is a vulnerability that allows an attacker to query or manipulate a database using user input fields.
Cross site scripting is a vulnerability that allows for an attacker to inject client site scripts into web pages that is intended to be executed by other users.

A ping flood is a method of performing denial of service (DoS or DDoS) against network devices.

Read More