CySec Foundations Teil 2
CySec Foundations Teil 2
CySec Foundations Teil 2
Fichier Détails
| Cartes-fiches | 210 |
|---|---|
| Langue | Deutsch |
| Catégorie | Informatique |
| Niveau | Université |
| Crée / Actualisé | 31.07.2020 / 10.08.2020 |
| Lien de web |
https://card2brain.ch/box/20200731_cysec_foundations_teil_2
|
| Intégrer |
<iframe src="https://card2brain.ch/box/20200731_cysec_foundations_teil_2/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
In TLS 1.3 which is the first message that gets partly encrypted?
Part of the ServerHello is already encrypted
In the TLS 1.3 handshake using 0-RTT resumption, which is the first mesage that gets partly encrypted?
Part of the ClientHello is already encrypted
What is the most commonly used technique to protect against virus attacks?
Signature detection
Which type of attack relies on the difference between the timing of two events?
TIme of check to time of use (TOCTTOU)
Which type of exploit is closely associated with APT attacks?
zero-day attacks
What advanced virus technique modifies the malivious code of a virus on each system it infects?
polymorphic viruses
What type of application vulnerability most directly allows an attacker to modify the contents of a systems memory?
Buffer overflows
When designing firewall rules to prevent IP spoofing, which of the following principles
should you follow?
- Packets with internal source IP addresses don’t enter the network from the outside.
- Packets with internal source IP addresses don’t exit the network from the inside.
- Packets with public IP addresses don’t pass through the router in either direction.
- Packets with external source IP addresses don’t enter the network from the outside.
Packet with internal source IP addresses should not be allowed to enter the network from outside because they are likely spoofed
What are the primary goals and objectives of securtiy?
CIA Triad
CIA Triad:
Which securtiy objective means authorized subjects are granted timely and uninterrupted access to objects?
Availablility
What principle of information security is being violated upon a TCP SYN attack?
TCP SYN attack may result in denial of service -> availability
What ensures that the subject of an activity or event cannot deny that the event occured?
Non-repudiation
Which is the lowest military data classification for classified data?
confidential
Which commercial / business sector data classification is used to control information about individual within an organization?
Private
Name the 5 types of assets organizations have
- Information
- Systems
- Devices
- Facalities
- Personnel
Name the three data states
- Data at Rest
- Data in Transit
- Data in Use
Which are the classes of gov / military classification?
ordered from high to low
Top secret
secret
confidential
sensitive but unclassified
unclassified
What are the classes of business / private classification?
ordered from high to low
Confidential / Private
Sensitive
Public
Name 5 ways of destroying sensitive data
- Erasing
- Clearing
- Purging
- Degaussing
- Destruction
Name 2 ways of tracing or hiding sensitive data
- Steganography
- Watermarking
What is a threat?
any potential danger to an asset
What is a threat actor?
someone / something thats exploits vulnerabilities
What is threat intelligence?
the knowledge about an existing or emerging threat to assets
What is a threat event?
accidental and intentional exploitations of vulnerabilities
STRIDE
- Spoofing
- Tampering
- Repudiation
- Information disclosure
- Denial of Service
- Elevation of privilege
What is the Exposure Factor (EF)?
represents the percentage of loss that an org would experience if a specific asset were violated
What is the single loss expectancy (SLE)?
cost associated with a single realized risk against a specific asset
SLE = asset value * exposure factor
What is the annualized rate of occurrence (ARO)?
expected frequency with which a specific threat or risk will occur within a single year
What is the annualized loss expectancy (ALE)?
possible yearly cost of all instances of a specific realized threat against a specefic asset
What is a cryptographic key?
a number, usually a very large binary number
What is a nonce?
a unique number each time it's used
used to make sure a key is not used twice
What is an IV?
IV = initialization vector
a random bit string
same length as block size, XORed with the message
What is confusion?
relation between key and plaintext is complicated -> attacker cannot determine key by alterting plaintext slightly
What is diffusion?
1 change in input results in multiple changes in output, e.g. permutation of bytes
What is Kerckhoffs principle?
a cryptographic system is secure, even if everything but the key is public knowledge
Describe the AES algorithm
- create round keys
for each round:
1. input block, XOR with key
2. Substitute bytes
3. Shift rows
4. Mix columns
Name the 3 modes of operations for block ciphers
- Electronic code book
- cipher block chaining
- counter mode
Why should the Electronic Code Book mode not be used?
weak to redundant data
What does the Cipher Block Chaining mode do differently than ECB?
The output of each block is XORed with the input of the next block
How does the Counter Mode (CTR) work?
a counter is encrypted to produce a stream cipher
not the message is encrypted, a number is and the output is XORed with the message
(number = nonce + counter)
