Download IT Security Exam Q&A: Network Security and Intrusion Detection and more Exams Computer Science in PDF only on Docsity!
Verified Questions and Answers.
Privilege Escalation - Answer: An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. Information Gathering or System Exploit - Answer: Scan Files for desired information Transfer large numbers of documents to external repository. Used guessed or captured passwords to access network. Maintaining Access - Answer: Necessary after an attacker compromises a target system so they do not lose their hard-won infiltration. Attackers often try privilege escalation on the compromised system in order to create more ways of maintaining access. If they are able to gain user-level privileges, then the next step is to acquire admin- level privileges. Privilege escalation is often easy if an attacker has physical access to the target machine. Remote is more difficult. Covering Tracks - Answer: Use rootkit to hide files installed on system Edit log files to remove entries generated. Archive - Answer: ___ is the process of retaining copies of data over extended periods of time in order to meet legal and operational requirements to access past data. Statistical Anomaly-based IDS - Answer: Analysis of the observed behaviour using univariate, multivariate or time-series models of boserved metrics.
Verified Questions and Answers.
Knowledge Anomaly-based IDS - Answer: Approaches user an expert system that classifies observed behaviour according to a set of rules. Machine-Learning Anomaly Based IDS - Answer: Approaches automatically determine a suitable classification model from the training data mining techniques. Signature Approach - Answer: matches a large collection of known patterns of malicious data against data stored on a system or in transit over a network. Rule-based heuristic identification - Answer: involves the use of rules for identifying known penetrations or penetrations that would exploit known weaknesses Description of a SIEM system - Answer: - Agentless or Agent Based
- Normalizes many log formats
- Analyzes combined data
- Correlates events among the log data
- Ability to identify and prioritize significant events
- Able to initiate responses. 6 Intruder behaviours - Answer: Target Acquisition and information Gathering Initial Access Privilege escalation Information gathering to system exploit Maintain Access Covering Tracks S/MIME Functions - Answer: Enveloped Data Signed data
Verified Questions and Answers.
Residual Risk - Answer: Is the remaining risk after appropriate security controls have been implemented, that is deemed acceptable either because the likelihood and/or consequences are mitigated to a reasonable level. Intrusion Prevention System (IPS) - Answer: Can be viewed as an extension to intrusion detection systems that includes the capability to attempt to block or prevent detected malicious activity Technical - Answer: Controls involve the correct use of hardware and software security capabilities in systems. IT security Management - Answer: A process used to achieve and maintain appropriate levels of confidentiality, integrity, availability, accountability, authenticity, and reliability Security Intrusion - Answer: A security event or combination of multiple security events, that constitutes a security incident in which an intruder gains or attempts to gain access to a system without having authorization. Detailed - Answer: Risk analysis uses formal structure processes and is the most comprehensive approach but is a significant cost in time, resources and expertise. Activists - Answer: Are individuals (usually working as insiders) or members of a larger group of outside attackers who are motivated by social or political causes. Control or Security Control - Answer: Is an action, device, procedure or other measure that reduces risk by eliminating or preventing a security violation, by minimizing the harm it can cause o by discovering and reporting it to enable corrective action Network-Based IPS or NIPS - Answer: When using ______ the methods used to identify malicious packets include; pattern matching, stateful matching, protocol anomaly, traffic anomaly and statistical anomaly.
Verified Questions and Answers.
Firewalls - Answer: Are inserted between the premises network and the internet to establish a controlled perimeter defence. Security Audit, or just Audit - Answer: A ______ is an independent review and examination of a systems records and activities to determine the adequacy of controls, ensure compliance with the security policy, detect violations of security and recommend changes for countermeasures. Real Time - Answer: A security audit can occur after an event, periodically or in ___? Operational - Answer: Controls address correct implementation and use of security policies and are primarily implemented by people rather than systems. Analyzers - Answer: An intrusion detection system comprises of sensors, ______ and a user interface Baseline - Answer: The ______ approach to a risk assessment is used to protect against the most common threats, is cheap and can be replicated but gives no special consideration to variations in risk exposure. Security Detection - Answer: A security service that monitors and analyzes system events for the purpose of finding and providing real-time or near real-tie warning of, attempts to access system resources in an unauthorized manner is known as ___ Apprentice - Answer: The three skill levels for intruders are ______, journeyman and master
Verified Questions and Answers.
Transportation - Answer: When it comes to operations used for transforming plaintext into ciphertext, ______ is when the elements in the plaintext are rearranged. Diffie-Hellman Algorithm - Answer: When using the ______, security relies on the difficulty of computing discrete logarithms. Diffie-Hellman Algorithm - Answer: When using the ______, security relies on the difficulty of computing discrete logarithms. Security - Answer: Default system configurations are set to maximize ease of use and functionality rather than______. Logging - Answer: The key to ______ is to ensure you capture the correct data and then appropriately monitor and analyze this data. Symmetric encryption - Answer: ______ encryption also known as conventional encryption has five ingredients; plaintext, encryption algorithm, secret key, ciphertext and a decryption algorithm. Diffie-Hellman Key Exchange - Answer: The ______ algorithm uses exponentiation of integers modulo a prime and is the most widely used public-key algorithm. ECC (Elliptic-Curve Cryptography) - Answer: _____ gives equal security and uses smaller bit sizes when compared to RSA. Known Plain-text - Answer: With a ______ attack the encryption algorithm, ciphertext to be decoded and one or more plaintext-ciphertext pairs (formed with the secret key) is known to the cryptanalyst.
Verified Questions and Answers.
Host-based IDS - Answer: Monitors the characteristics of a single host for suspicious activity. Network-based IDS - Answer: Monitors network traffics and analyzes network, transport and application protocols to identify suspicious activity. Distributed or Hybrid IDS - Answer: Combines information from a number of sensors, often both host and network based, in a central analyzer that is able to better identify and respond to intrusion activity Honey Pot - Answer: Systems designed to lure a potential attacker away from critical systems, collect information about the attacker's activity and encourage the attacker to stay on the system long enough for administrators to respond. Types of Honey pots - Answer: Low interaction & High interaction Four characteristics that a firewall access policy could use to filter traffic - Answer: IP Address & Protocol Values, Application Protocol, User Identity, Network activity. Four main Firewall Capabilites - Answer: - Defines a single choke point.
- Provides a location to monitor security events.
- Convent platform for several internet functions.
- Serve as platform for IPsec. Four Limitations to firewalls - Answer: - Cannot protect against attacks which bypass the firewall.
- Unsecured LANs can access network outside of organization.
- Cannot protect against internal threats
- BYOD storage susceptible to being infected, bringing it into the network.
Verified Questions and Answers.
Examples of Artifact Categories - Answer: - Events related to the cause of auditing software.
- Remote Access
- Events related to the security mechanisms on the system.
- Application access for selected applications SIEM system - Answer: Security information Events Management System is a centralized and uniform logging and analysis software package. Aggregates audit trail data into a central storage facility and provides a suite audit data and analysis programs.` Anomaly Dectection - Answer: Intrusion System Detection approach
- Involves the collection of data relating to the behaviour of legitimate users over a period of time. Current observed behaviour is analyzed to determine whether this behaviour is that of a legitimate user or that of an intruder. Signature/Heuristic Detection - Answer: Uses a set of known malicious data patterns or attack rules that are compared with current behavior. Also known as misuse detection. Can only identify known attacks for which it has patterns or rules. Types of Anomaly detection - Answer: Statistical, Knowledge based, Machine- Learning Types of Signature/Heuristic Detection - Answer: Signature, Rule-Based Heuristic Identification Likelihood - Answer: The probability that an identified threat exploits a vulnerability resulting in harm for a given circumstance. Impact - Answer: The consequence on the organization should the particular threat successfully exploit.
Verified Questions and Answers.
Meaning of Impact & Liklyhood - Answer: Terms are used to describe the overall risk level.
- Likelihood goes along the vertical axis.
- Impact goes along the horizontal axis. Key distribution can be achieved by: - Answer: Key could be selected by A and Physically delivered to B
- A third part could select the key and physically deliver it to A and B
- If both parties received a key in the past, the new key can be transmitted encrypted by the old key. Four types of RSA attack - Answer: Brute force, Mathematical, Timing, Chosen ciphertext. Brute force attack - Answer: Attempts to use all possible private keys. Mathemetical Attack - Answer: Attempt to achieve the factoring the product of two primes. Timing Attack - Answer: Determined on the running time of decryption algorithm. Chosen Ciphertext Attack - Answer: Exploits RSA properties within its algorithm. Ecryption = Computationally secure if: - Answer: Cost of breaking the cipher exceeds the value of encrypted information.
Verified Questions and Answers.
- Client sends certificate if requested
- Exchange Cipher, finish protocol. Benefits of IPsec - Answer: Essential protection against all traffic Resistant to bypass, all traffic must go through. No need to change system software Transparent to end users, no training required. Provides off-site security. (Out of office users) Four Variables in RSA encryption - Answer: C: Cipher Text M: Plaintext block n : Integers between 0 * n- 1 e : encryption. target Acquisition and Information Gathering - Answer: Where the attacker identifies and characterizes the target systems using publicly available information, both technical/non- technical and the use of network exploration tools to map target resources. Initial Access - Answer: Brute force a CMS (content management system). Exploit vulnerability in CMS
Verified Questions and Answers.
Send spear-phishing email with link to web browser to exploit *******es.
