Presentation on theme: "Generic Security Concepts Review"— Presentation transcript:
1Generic Security Concepts Review Q: What is the CIA triad, what does each mean?Q: What is non-repudiation?Q: Define Layered SecurityQ: What is the main security reasoning for mandatory vacations?
2Generic Security Concepts Review Q: What type of authentication system does the OS (Security Kernel) determined who is allowed access to a resourceQ: What access control model helps fight “authorization creep”Q: Biometrics are an example of “What you ____”Q: What is a better security model, network based or host based? Justify your answer.
3Chapter 2 – Review Questions Q. What is the best countermeasure against phishing attacks?Q. Why is a hoax still a security concern?Q. Installing camera to read credit card numbers at gas pumps is what type of attack?Q. Does an Organization Security Policy Statement detail specifics such as how to properly encrypt data?
4Chapter 2 – Review Questions Q. What is the difference between Due Diligence and Due Care?Q. What is the term for a set of “required steps to be taken” when doing some action called?
5Cryptography review Q. Which of the CIA triad does a hash provide? Q. An HMAC is used to try to prevent MiM attacks. Does a HMAC provide non-repudiation?Q. Why don’t we just use Asymmetric Encryption for all encryption?Q. What is Diffie-Hellman primarily used for?
6Cryptography reviewQ. What is AES meant to replace, what is the algorithm that was chosen to be AES?Q. True or false, If I encrypt a message with someone's public key, anyone with the public key can decrypt it.Q. What is the Asymmetric algorithm commonly used in PDAs and cell phones?Q. How many rounds of transposition/substitution does DES have? How about Triple DES?
7PKI review questionsQ. What is a digital certificate? What is it intended to represent?Q. What are two important pieces of info in a digital certificateQ. Why would you use multiple certificatesQ. If you have 100 users, in a 2 certificate model (encryption & signing) how many total keys do you have?
8PKI review Q. What is key escrow Q. How do I validate the identity of a certificate that someone has given me? When does the validation chain end?Q. What version of X.509 were extensions added?Q. My certificate has been revoked, how do I “un-revoke it”
9Physical Security Review Q. What feature can allow a windows computer to automatically run a Trojan program on an inserted CD or USB driveQ. Which of the following water based automatic fire suppression systems would be best used for a data center.Q. Why is access to a network jack a risk?Q. What is the CER in terms of biometricsQ. What is a type 1 and type 2 error?
10Physical Security Review Q. If providing access to a bank vault, would I prefer higher false positives or higher false negatives?Q. What type of fire rating is electrical fires?Q. What is the difference between smart cards and memory cards.Q. What type of motion sensor detects a human through emanated heat?
11Chapter 8 - ReviewQ. What layer of the OSI model does a switch operate at, what addresses does it “switch”Q. What layer of the OSI model does a router look at, what addresses does it “route”Q. What is the purpose of MAC flooding?Q. What is a DNS poisoning attack.
12Chapter 8 Review Q. What is a Bastion Host Q. What is the purpose of a DMZQ. What is NAC/NAP?Q. What is the main purpose of a circuit layer proxy.Q. How is an application layer proxy different than a circuit layer proxy?
13Chapter 9 – Review Questions Q. Name the 3 AAA protocols we talked aboutQ. Which of the following items does Kerberos use.Shared keysTicketsPublic keysDigital signaturesQ. Does L2TP use TCP or UDP?Q. Explain the difference between CHAP and PAP
14Chapter 9 – Review Questions Q. What protocol (TCP/UDP) does Radius use, how about TACACS+Q. Why is Telnet bad?Q. What is the purpose of a VPN?Q. What protocol does PPTP require for operation?
15Chapter 10 – Review Questions Q. What encryption protocol does WEP useQ. What 2 key lengths does WEP supportQ. WPA takes the algorithm from WEP and changes the encryption key with every packet. What is this called? T_ _ _Q. What encryption protocol does WPA2 use?Q. Why is MAC filtering or turning off SSID broadcasting not sufficient security?Q. What does WAP use as the “secure” WAP protocol?W _ _ _
16Chapter 10 – Review Questions Q. What is the WAP GAPQ. Define how to accomplish a MiM attack on a wireless networkQ. What type of authentication concept would help against the attack above?Q. What is Bluetooth used for?Q. What is Bluesnarfing?
17Chapter 11 - IDS Q. What is an IDS? Q. What is the difference between an HIDS and a NIDSQ. What is the difference between a IDS and an IPS?Q. What are two “types” of IDS detection, explain them?
18Chapter 11 - IDS Q. What is the purpose of a honey pot? Q. If an IDS detects traffic coming in from the internet with internal IP addresses as the src addresses, why should I be concerned?Q. Which is the first version of Windows that Windows Defender is shipped with? What other Windows OS’es is it available for?Q. Can signature based scanning detect 0days attacks?
19Chapter 12 Q. What is a security baseline? Q. What is a windows feature that you can use to push computer settings to all computer in a domain?Q. What is a windows “security template”Q. Does a hot fix generally add new functionality to an OS or application?Q. What is system hardening?
20Chapter 12 Q. What is a buffer overflow Q. What are TCP wrappers? Q. Describe Unix File Permissions?
21Chapter 12 Define the ports numbers that the following services run on HTTPHTTPSSMTPIMAPPOPFTPDNS
22Chapter 13 Q. What are the steps in a 3 way handshake Q. What is the difference between a virus and a wormQ. What is a SYN floodQ. What is a Smurf attack
23Chapter 13Q. What is the concept of stealing another persons live TCP communication stream called.Q. What is a replay attack?Q. What is a root kit?Q. What is a vishing attack? (not phishing)Q. What is the best defense for phishing?
24Chapter 13 Q. What is a logic bomb Q. What is DDos Q. How are DDoS attacks usually launched?
25Chapter 14 Q. What is a problem with POP Q. What is a problem with IMAPQ. Is SMTP encrypted? Does is provide user authentication?Q.What is a real-time Black Hole List?
26Chapter 14 Q. What is greylisting? Q. What is S/MIME, which symmetric encryptions methods does it support_ _ 2 & _ _ _ SQ. What “PKI” model does PGP use?
27Chapter 15Q. Why is SSL used for websites? What does SSL and a website provide?Q. What is Active X, what access to your computers does Active X have?Q. What is JavaQ. What is application signing?
28Chapter 15 Q. What does application signing provide? Q. What restrictions does Java place on unsigned applications?Q. Is safe to run ANY signed java/active X app?Q. Briefly define Cross Site Scripting (XSS)Q. Where does a CGI program run.
29Chapter 16 Q. What is a Hot Site Q. What is a warm site. Q. What is a cold Site.Q. What is the difference between a Hot Site and a Mirror Site
30Chapter 16 Q. What is a Full Backup Q. What is an incremental Backup Q. What is a differential Backup?Q. What is a continuous Backup?
31Chapter 16 Q. What is RAID0 Q. What is RAID1 Q. What is RAID5 Q. If I have 4 30G disks setup as a RAID 5 array, how much actually usable storage do I have?
32Chapter 17Q. Define EFQ. Define SLEQ. Define AROQ. Define ALE
33Chapter 17Q. Any countermeasure you deploy should ultimately be ______ _______Q. If my ALE for a threat is $50K a year, and a countermeasure to eliminate the threat costs $30K a year, should I implement it?Q. If my ALE is $50K a year, a countermeasure will reduce the ALE by 50%, and the countermeasure costs 30K a year, should I implement it?
34Chapter r17 Q. What is “residual risk” Q. What is risk transference Q. What is risk avoidanceQ. What is risk acceptance
35Chapter 17Q. What is quantitative risks analysis, what is qualitative risk analysis?Q. Can you get automated tools for quantitative analysis, how about qualitative analysis.Q. What is due diligence, due care?
36Chapter 18Change management… nothing really here
37Chapter 19 Q. What is role based access control Q. What is MAC? Where is it usually used?Q. What is DAC? Where is it usually used?Q. What is rule based access control?
38Chapter 19 Q. What is single sign on, name one SSO technology. Q. What is a minimum password ageQ. What is a password “history”Q. Name the main components of Kerberos. Does Kerberos every send passwords across the network?Q. What is a major “gotcha” when debugging Kerberos login failures?
39Chapter 20 – Review Questions Q. What is the concept of best evidenceQ. When you want to do forensics on a computer, you should make a copy of the hard drive. What type of copy should you make?Q. What is the MINIMUM number of copies you should make of the original hard drive
40Chapter 20 – Review Questions Q. Put these step of analysis in the correct orderAnalyze the DrivePower down the systemDump MemoryImage the hard driveQ. Why do you run checksums/hashes on the original files before analysis?Q. Why should someone witness you as you collect the evidence?Q. What is the difference between “free space” and “slack space”