Security+ Exam Notes

Page 1

Page 2

Page 3

Page 4

Page 5

Page 6

Page 7

121. The Internet architecture provides an unregulated network path to attack innocent hosts. Denial-of-service (DoS) attacks exploit this to target mission-critical services. DoS attacks, are explicit attempts to block legitimate users system access by reducing system availability. Any physical or host-based intrusions are generally addressed through hardened security policies and authentication mechanisms. Although software patching defends against some attacks, it fails to safeguard against DoS flooding attacks, which exploit the unregulated forwarding of Internet packets.

122. Authentication Types:

Mutual authentication: Here both the server and client computers authenticate each other. This type of authentication is more secure than one-way authentication, where only the client is authenticated.
Multifactor authentication: Here two or more number of authentication methods are used for granting access to a resource. Usually, it combines a password with that of a biometric authentication.
Biometric authentication: Biometric authentication uses measurable physical attributes of a human being such as signature, fingerprint.
CHAP: It is an authentication type that uses three-way handshake. The passwords are transmitted in encrypted form ensuring security. Compare this with PAP, which transmits passwords in clear text.

123. Sensitivity labels are associated with Mandatory Access Control (MAC).

124. Computer log files can be tampered with by a hacker to erase any intrusions. Computer logs can be protected using the following methods:

Setting minimal permissions
Using separate logging server
Encrypting log files
Setting log files to append only
Storing them on write-once media

Implementing all the above precautions ensures that the log files are safe from being tampered.

125. A hacker begins a DDoS attack by exploiting a vulnerability in one computer system and making it the DDoS "master", also called as “zombie”. It is from the zombie that the intruder identifies and communicates with other systems that can be compromised. The intruder loads hacking tools on the compromised systems. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. This causes Distributed Denial of Service (DDoS) attack on the target computer.

126. Log Files Explained:

Application log: The application log contains events logged by applications or programs. For example, a database program might record a file error in the application log. The developer decides which events to record.
System log: The system log contains events logged by the Windows 2000 system components. For example, the failure of a driver or other system component to load during startup is recorded in the system log. The event types logged by system components are predetermined.
Security log: The security log can record security events such as valid and invalid logon attempts, as well as events related to resource use, such as creating, opening, or deleting files. An administrator can specify what events are recorded in the security log. For example, if you have enabled logon auditing, attempts to log on to the system are recorded in the security log.
Antivirus log: Antivirus log analyzer can process log files from various antivirus packages and generate dynamic statistics from them, analyzing and reporting events.

127. Security policy planning should include the following:

Due care, acting responsibly and doing right thing.
Privacy, letting the employees and administrator know of the privacy issues
Separation of duties
Need to know, providing employees only the information required to perform their role or duties.
Password management, auditing the passwords
Disposal and destruction
Human rights policies, and
Incident response

128. “Single sign-on” enables one to use all the eligible services with one sign-in. Though other terms appear relevant, they are not widely used for describing this type of service.

129. Always try to download, and apply latest patches and service packs (if any) directly from the manufacturer’s website. Downloading from unreliable sources may compromise the system security.

130. SLA (Short for Service Level Agreement) is the formal negotiated document between two parties. It is a legal document that binds both the parties during the tenure of the agreement.
DRP (stands for Disaster Recovery Planning), security audit, and invoice are not relevant answers.

131. A host based IDS should be place on a host computer such as a server. Network based IDS is typically placed on a network device such as a router.

132. In IP spoofing, the attacker uses somebody else’s IP address as the source IP address. Since routers forward packets based on the destination IP address, they simply forward the packets to the destination without verifying the genuineness of the source IP address.

133. A digital certificate is a credential issued by a trusted authority that binds you (and individual or an organization) to an identity that can be recognized and verified electronically by other agencies. Locally issued digital certificates are valid only within an organizations network (like intranet). Therefore, any secure pages or digital signatures containing local registration will not work on the Internet.

134. A personal firewall is software that resides on the end users computers. This is different from a regular firewall, in the sense that a personal firewall is geared to protect a single user computer.

135. Smurf attack is a denial-of-service attack that uses spoofed broadcast ping messages to flood a target system

136. DDoS, Short for Distributed Denial of Service, it is an attack where multiple compromised systems (which are usually infected with a Trojan) are used to send requests to a single system causing target machine to become unstable or serve its legitimate users.

137. PGP certificates differ from X.509 certificates in two ways: