keywords:
Bookmark and Share



Front Back
Goverment and Military Data Classifications: Unclassified
Data that has few or no privacy requirements
Goverment and Military Data Classifications: Sensitive but unclassified (SBU)
Data that could cause embarrassment but not constitute a securitythrea t if revealed
Goverment and Military Data Classifications: Confidential  
Data that has a reasonable probability of causing damage if disclosed to an unauthorized party
Goverment and Military Data Classifications: Secret
Data that has a reasonable probability of causing serious damage if disclosed to an unauthorized party
Goverment and Military Data Classifications: Top-secret  
   Data that has a reasonable probability of causing exceptionally grave damage if disclosed to an unauthorized party
Data Classification Characteristics: Value
How valuable the data is to the organization
Data Classification Characteristics: Age
How old the data is
Data Classification Characteristics: Useful life
How long the data will be considered relevant
Data Classification Characteristics: Personal association  
How personal the data is
Defending Against Different Classes of Attacks: Passive
Primary: Encryption Secondary: Applications with integrated security
Defending Against Different Classes of Attacks: Active  
Primary: Firewall at the network edge
Secondary: HIPS
Defending Against Different Classes of Attacks:  Insider
Primary: Protecting against unauthorized physical access
Secondary: Authentication
Defending Against Different Classes of Attacks: Close-in    
Primary: Protecting against unauthorized physical access
Secondary: Video monitoring systems
Defending Against Different Classes of Attacks: Distribution  
Primary: Secured software distribution system Secondary: Real-time software integrity checking
  Types of IP Spoofing Attacks: Nonblind spoofing
Nonblind spoofing occurs when the attacker and the destination are on the same subnet. By being on the same subnet, the attacker might be able to use a packet-capture utility to glean sequence numbers.
  Types of IP Spoofing Attacks: Blind spoofing
Blind spoofing occurs when the attacker is not on the same subnet as the destination. Therefore, obtaining correct TCP sequence numbers is more difficult. However, using techniques such as IP source routing(described next), an attacker can
accurately determine those sequence numbers.
Confidentiality Attack Strategies: Packet capture
A packet-capture utility can capture packets visible by a PC’s network interface card (NIC) by placing the NIC in promiscuous mode. Some protocols (for example, Telnet and HTTP) are sent in plain text. Therefore, an attacker can read these types of captured packets, perhaps allowing him to see confidential information.
Confidentiality Attack Strategies: Ping sweep and port scan
A confidentiality attack might begin with a scan of network resources, to identify attack targets on a network. A ping sweep could be used to ping a series of IP addresses. Ping replies might indicate to an attacker that network resources can be reached at those IP addresses. As soon as a collection of IP addresses is identified, the attacker might scan a range of UDP and/or TCP ports to see what services are available on the host at the specified IP addresses. Also, port scans often help attackers identify the operating system running on the target system.
Confidentiality Attack Strategies: Dumpster diving
Because many companies throw away confidential information, without proper shredding, some attackers rummage through company dumpsters in hopes of discovering information that could be used to compromise network resources.
Confidentiality Attack Strategies: Electromagnetic interference (EMI) interception
Because data is often transmitted over wire (for example, unshielded twisted-pair), attackers can sometimes copy information traveling over the wire by intercepting the EMI being emitted by the transmission medium. These EMI emissions are sometimes called “emanations.”
Confidentiality Attack Strategies: Wiretapping
If an attacker gains physical access to a wiring closet, he might physically tap into telephone cabling to eavesdrop on telephone conversations. Or he might insert a shared media hub inline with a network cable. This would let him connect to the hub and receive copies of packets flowing through the network cable.
Confidentiality Attack Strategies: Social engineering
Attackers sometimes use social techniques (which often leverage people’s desire to be helpful) to obtain confidential information. For example, an attacker might pose as a member of the IT department and ask a company employee for her login credentials “for the IT staff to test the connection.”
Confidentiality Attack Strategies: Sending information over overt channels
An attacker might send or receive confidential information over a network using an overt channel. An example of using an overt channel is tunneling one protocol inside another (for example, sending instant messaging traffic via HTTP). Steganography is another example of sending information over an overt channel. An
example of steganography is sending a digital image made up of millions of pixels, with “secret” information encoded in specific pixels. Only the sender and receiver know which pixels represent the encoded information.
Confidentiality Attack Strategies: Sending information over covert channels
An attacker might send or receive confidential information over a network using a covert channel, which can communicate information
as a series of codes and/or events. For example, binary data could be represented by sending a series of pings to a destination. A single ping within a certain period of time could represent a binary 0, and two pings within that same time period could represent a binary 1.
Where do most attacks on an organization’s computer resources originate?
a. From the Internet
b. From the inside network
c. From universities
d. From intruders who gain physical access to the computer resources
b
What are the three primary goals of network security? (Choose three.)
a. Confidentiality
b. Redundancy
c. Integrity
d. Availability
A, C, and D
The U.S. government places classified data into which classes? (Choose three.)
a. SBU
b. Confidential
c. Secret
d. Top-secret
B, C, and D
Cisco defines three categories of security controls: administrative, physical, and technical. Individual controls within these categories can be further classified as what three specific types of controls? (Choose three.)
a. Preventive
b. Deterrent
c. Detective
d. Reactive
A, B, and C
Litigators typically require which three of the following elements to present an
effective argument when prosecuting information security violations? (Choose three.)
a. Audit trail
b. Motive
c. Means
d. Opportunity
B, C, and D
Which type of law typically involves the enforcement of regulations by government agencies?
a. Criminal law
b. Tort law
c. Administrative law
d. Civil law
C
Which of the following is a weakness in an information system that an attacker might leverage to gain unauthorized access to the system or data on the system?
a. Risk
b. Exploit
c. Mitigation
d. Vulnerability
D
What type of hacker attempts to hack telephony systems?
a. Script kiddy
b. Hacktivist
c. Phreaker
d. White hat hacker
C
Which of the following is a method of gaining access to a system that bypasses normal security measures?
a. Creating a back door
b. Launching a DoS attack
c. Starting a Smurf attack
d. Conducting social engineering
A
What security design philosophy uses a layered approach to eliminate single points of failure and provide overlapping protection?
a. AVVID
b. Defense in Depth
c. SONA
d. IINS
B
What are two types of IP spoofing attacks? (Choose two.)
a. Nonblind spoofing
b. Promiscuous spoofing
c. Autonomous spoofing
d. Blind spoofing
A and D
What term refers to the electromagnetic interference (EMI) that can radiate from network cables?
a. Doppler waves
b. Emanations
c. Gaussian distributions
d. Multimode distortion
B
What kind of integrity attack is a collection of small attacks that result in a larger attack when combined?
a. Data diddling
b. Botnet attack
c. Hijacking a session
d. Salami attack
D
Which of the following best describes a Smurf attack?
a. It sends ping requests to a subnet, requesting that devices on that subnet send ping replies to a target system.
b. It sends ping requests in segments of an invalid size.
c. It intercepts the third step in a TCP three-way handshake to hijack a session.
d. It uses Trojan horse applications to create a distributed collection of “zombie” computers, which can be used to launch a coordinated DDoS attack.
A
Which of the following are Cisco best-practice recommendations for securing a network? (Choose three.)
a. Deploy HIPS software on all end-user workstations.
b. Routinely apply patches to operating systems and applications.
c. Disable unneeded services and ports on hosts.
d. Require strong passwords, and enable password expiration.
B, C, and D
x of y cards