Securityplus Notes

8/19/2019 Securityplus Notes

1/34

Security+ cram notes (SY0-301)

1. Network Security

1.1 Explain the security function and purpose of network devices and technologies

1.2 Apply and implement secure network administration principles

1.3 istinguish and differentiate network design elements and compounds

1.! "mplement and use common protocols

1.# "dentify commonly used default network ports

1.$ "mplement wireless network in a secure manner

2. %ompliance and &perational Security

2.1 Explain risk related concepts

2.2 %arry out appropriate risk mitigation strategies

2.3 Execute appropriate incident response procedures

2.! Explain the importance of security related awareness and training

2.# %ompare and contrast aspects of 'usiness continuity

2.$ Explain the impact and proper use of environmental controls

2.( Execute disaster recovery plans and procedures

2.) Exemplify the concepts of confidentiality* integrity and availa'ility +%"A,

3. -hreats and ulnera'ilities

3.1 Exemplify the concepts of confidentiality* integrity and availa'ility +%"A,

3.2 Analy/e and differentiate among types of attacks

3.3 Analy/e and differentiate among types of social engineering attacks

3.! Analy/e and differentiate among types of wireless attacks

3.# Analy/e and differentiate among types of application attacks

3.$ Analy/e and differentiate among types of mitigation and deterrent techni0ues

3.( "mplement assessment tools and techni0ues to discover security threats and vulnera'ilities

3.) ithin the realm of vulnera'ility assessments* explain the proper use of penetration testing versus

vulnera'ility scanning

A Essentials Exam Sim A ractical Exam Sim Network Exam Sim Security Exam Sim Server Exam Sim

4evision 1.5 copyright 6 251! SimulationExams.com 1

http://www.simulationexams.com/exam-details/aplus-essentials-220-801.htmhttp://www.simulationexams.com/exam-details/aplus-practical-application-220-802.htmhttp://www.simulationexams.com/exam-details/aplus-practical-application-220-802.htmhttp://www.simulationexams.com/exam-details/network-plus.htmhttp://www.simulationexams.com/exam-details/security-plus.htmhttp://www.simulationexams.com/exam-details/security-plus.htmhttp://www.simulationexams.com/exam-details/server-plus.htmhttp://www.simulationexams.com/http://www.simulationexams.com/exam-details/aplus-practical-application-220-802.htmhttp://www.simulationexams.com/exam-details/network-plus.htmhttp://www.simulationexams.com/exam-details/security-plus.htmhttp://www.simulationexams.com/exam-details/server-plus.htmhttp://www.simulationexams.com/http://www.simulationexams.com/exam-details/aplus-essentials-220-801.htm


2/34

!. Application* ata and 7ost Security

!.1 Explain the importance of application security

!.2 %arry out appropriate procedures to esta'lish host security

!.3 Explain the importance of data security

#. Access %ontrol and "dentity 8anagement

#.1 Explain the function and purpose of authentication services

#.2 Explain the fundamental concepts and 'est practices related to authentication* authori/ation and access

control

#.3 "mplement appropriate security controls when performing account management

$. %ryptography

$.1 Summari/e general cryptography concepts

$.2 9se and apply appropriate cryptographic tools and products

$.3 Explain the core concepts of pu'lic key infrastructure

$.! "mplement :"* certificate management and associated components





3/34

1. Network Security

1.1 Explain the security function and purpose of network devices and technologies

;irewalls

1. ;irewalls protect against and filter out unwanted traffic. A firewall can 'e an individual device or can 'e

added to a router. ;or example* most S&7& routers have a firewall 'uilt in* and %isco "ntegrated Services

4outers include the %isco "&S ;irewall. 4egular routers* and routers with firewall functionality* have thea'ility to 'lock certain kinds of traffic. ;or example* if the "%8 protocol has 'een 'locked* then you woul

not 'e a'le to ping the router.

2. A personal firewall is software that resides on the end users computers. -his is different from a regularfirewall* in the sense that a personal firewall is geared to protect a single user computer.

3. -he following are the 'asic types of firewall architectures<

• =astion host

• Screened host gateway

• Screened su'net gateway or 8>

7u'

A hu' is 'asically a multi?port repeater. hen it receives a packet* it repeats that packet out each port. -his

means that all computers that are connected to the hu' receive the packet whether it is intended for them or

not. "t@s then up to the computer to ignore the packet if it@s not addressed to it. -his might not seem like a 'ig

deal* 'ut imagine transferring a #5 8= file across a hu'. Every computer connected to the hu' gets sent thaentire file +in essence, and has to ignore it.

=ridge

A 'ridge is a kind of repeater* 'ut it has some intelligence. "t learns the layer 2 +8A%, addresses of devices

connected to it. -his means that the 'ridge is smart enough to know when to forward packets across to thesegments that it connects. =ridges can 'e used to reduce the si/e of a collision domain or to connect networ

of differing mediatopologies* such as connecting an Ethernet network to a -oken 4ing network.

Switch

A switch is essentially a multi?port 'ridge. -he switch learns the 8A% addresses of each computer connect

to each of its ports. So* when a switch receives a packet* it only forwards the packet out the port that isconnected to the destination 8A% address. 4emem'er that a hu' sends the packet out every port.

4outer A router works at the logical layer of the " stack. "t is 'asically re0uired to route packets from one network

+or su'net, to another network +or su'net,. "n the given 0uestion* all the computers are within the same su'n

and a router is inappropriate.

Bateway





4/34

A gateway works at the top layers of the -%" stack. ;or example* a Bateway may 'e used to facilitate

communication 'etween a 9nix mail server and a indows mail server.

Coad =alancer

A load 'alancer is used to distri'ute workload across multiple computers or a computer cluster. "t could 'edone 'y a dedicated hardware or software.

roxies

proxies also called as proxy servers cache we'site information for the clients* reducing the amount of re0ue

that need to 'e forwarded to the actual corresponding we' server on the "nternet. -hese save time* use

'andwidth efficiently also help to secure the client connections.

N + irtual rivate Network,

1. N is private network formed using pu'lic "nternet. "t is formed 'etween two hosts using tunneling

protocols such as -* C2-* etc. 9sing N* you can connect two CANs in geographically distantlocations together* as if they were located in the same 'uilding. -he cost of connecting these CANs together

small since pu'lic "nternet is used for providing the AN link.

2. -he N can 'e implemented in any of the following com'inations<

a. Bateway?to?gateway N< "t is transparent to the end users. '. Bateway?to?host N

c. 7ost?to?gateway N

d. 7ost?to?host N


5/34

Network firewalls-hese are also called as packet filters and these operate at low level of the -%" stack. -hese do not allow

packets to pass through unless they meet some esta'lished set of rules.

Application ;irewall

"t can control the traffic associated with specific applications. -hese work on the application layer of -%"

stack. -hese inspect each packet traveling to and from an application like 'rowser* telnet and 'lock them ifthey are improper according to set rules.

94C ;iltering

94C filtering is used categori/e the we'sites on the internet. ou can allow'lock specific we'site access tothe we' users of the organi/ation. -his can 'e done 'y referring to central data'ase or 'y classifying the

we'sites in real time. 94C filtering can also 'e made applica'le only during certain times of a day or days a week* if re0uired.

%ontent inspection

%ontent inspection is the process in which user data is actively monitored for malicious elements* and 'ad

'ehaviour according to configured policies 'efore allowing or denying the content to pass through the

gateway and enter into the network. -his prevents any confidential data going outside the network.

1.2 Apply and implement secure network administration principles

All we' applications such as e' servers* News servers* email servers etc. need to 'e configured as secure

possi'le. -his can 'e achieved 'y

• 4emoving all unnecessary services. -hese are the services that are installed 'ut not used. ;or examp

you might have installed -;-* 'ut not using it. "t is 'etter to remove the application or service that

not used as it may provide an opportunity to a hacker to a'use the resource.

• 4emove all unnecessary protocols< -hese are the protocols that are installed 'ut not used. ;orexample* you might have installed Novell Netware protocol 'ut not necessary. "t is prefera'le to

remove that protocol.

• Ena'le server and application logs< -he logs provide an opportunity to look into the activity on the

server over the past few hours or days. %heck for any unusual activity such as failed login attemptsetc.

Secure router configuration

=efore a router is put on a network make sure you set a username and password for it. Also* the password

should 'e complex and difficult to crack. 8ake sure you check all default settings and change them accordito re0uirement.

Access control lists +A%Cs,

A%C resides on a router* firewalls or computers and decides who can access the network and who cannot.


4evision 1.5 copyright 6 251! SimulationExams.com #



6/34

-hat means it ena'le or deny traffic. "t specify which user or group of users are allowed what level of acces

on which resource. "t makes use of " addresses and port num'ers.

ort Security

"t deals more with switches and the restriction of 8A% addresses that are allowed to access particular physical ports.

)52.1F

"t is an "EEE standard that is known as port?'ased Network Access %ontrol +NA%,. "t works on ata Cink

Cayer. "t connect hosts to a CAN or CAN. "t also allows you to apply a security control that ties physical ports to end?device 8A% addresses* and prevents additional devices from 'eing connected to the network.

;lood Buards

"t can 'e implemented on some firewalls and other devices. "t tracks network traffic to identify scenarios su

as SN* ping* port floods* etc. =y reducing this tolerance* it is possi'le to reduce the likelihood of a

successful oS attack. "f it looks that an resource is 'eing overused* then the flood guard comes in to pictur

Coop protection

-o avoid loops* many network administrators implement Spanning -ree rotocol in their switches. Coop protection should 'e ena'led on the switch to prevent the looping that can occur when a person connects 'o

ends of a network ca'le to the same switch

"mplicit deny

"t re0uires that all access is denied 'y default and access permissions are granted to specific resources onlywhen re0uired. An implicit deny clause is implied at the end of each A%C* and it means that if the provisio

in 0uestion has not 'een explicitly granted* then it is denied.

Cog Analysis

Cog analysis is used to determine what happened at a specific time on a particular system.

1.3 Distinguish and differentiate network design elements and compounds

8> +e8ilitali/ed >one,

"t is a place separate from the CAN where servers reside that can 'e reached 'y users on the "nternet. "f a

company intends to host its own servers to 'e accessed from pu'lic "nternet* a 8> is most preferred

solution. -he network segment within the 8> is secured 'y two firewalls* one interfacing with the pu'lic

"nternet* and the other interfacing the internal corporate network. -hus* a 8> provides additional layer of

security to internal corporate network. -he type of servers that are hosted on 8> may include we' serversemail servers* file servers* NS servers* etc.

Su'netting

" addresses can 'e manipulated to logically create su' networks .Each of this su' network is a distinct portion of a single network. Some advantages are efficient use of " address space* reducing collision and

traffic and increasing security.


4evision 1.5 copyright 6 251! SimulationExams.com $



7/34

CAN

Gust like su'netting CAN is used to logically segment a network or part of a network. Some advantages a

'etter organi/ation of network* reducing collision* increase in performance and security. -his does not re0u

any change in physical location of the workstations. 9sers from different corner of the network like differenfloors in a 'uilding or even different 'uildings can 'elong to same CAN as it is Hust logical segmentation.

NA- +Network Address -ranslation,

"t is primarily used to hide internal network from external network* such as the "nternet. A NA- 'asically

translates the internal " addresses to external " addresses and vice?versa. -his functionality assures thatexternal users do not see the internal " addresses* and hence the hosts.

-elephony

"t is the collection of methods 'y which telephone sevices are provided to an organi/ation or the mechanism

'y which organi/ation uses telephone services for either voice andor data communications. -raditionally itincluded &-S or S-N services with modems 'ut new it has expanded to =F* o" and N.

NA% +Network Access %ontrol,

NA% provides network security 'y setting the rules 'y which connections to a network are governed.%omputers attempting to connect to a network are denied access unless they comply with rules including

levels of antivirus protection* system updates* and so on...effectively weeding out those who would perpetu

malicious attacks. -he client computer continues to 'e denied until it has 'een properly updated* which insome cases can 'e taken care of 'y the NA% solution automatically. -his often re0uires some kind of

preinstalled software +an agent, on the client computer* or the computer is scanned 'y the NA% solution

remotely.

irtuli/ation

A workstation can have multiple operating systems installed on it 'ut can run only one &S at a time 'ut 'yrunning virtuali/ation software same workstation can run indows server along with windows ( and Cinuxor any other operating system at the same time. -his will allow a developer to test a code on various

environments at the same time and he can also move code from one operating system to another with 'asic

copy paste. Each virtual desktop will typically need full network access. %onfiguring permissions for eachvirtual desktop can 'e tricky for administrator. 4emote administration often uses virtual desktop to work on

workstation without knowledge of user sitting on the workstation.

%loud %omputing

"t is used to offer on?demand services it increase capa'ilities of a personIs computer or an organi/ationIs

network. Some cloud computing services are free like email services and some are paid services like data

storage.

%loud computing services are generally 'roken down into three categories of services<

• Software as a Service +SaaS,< when users access applications over the "nternet that are provided 'y a

third party it is SaaS. -here is no need to install the application on the local computer mostly these

services run with in we'?'rowser. Example< we'mail.

• "nfrastructure as a Service +"aaS,< A service that offers computer networking* storage* load 'alancin

routing* and 8 hosting. 8ore and more organi/ations are seeing the 'enefits of offloading some o


4evision 1.5 copyright 6 251! SimulationExams.com (



8/34

their networking infrastructure to the cloud.

• latform as a Service +aaS,< -his service provide software solutions to organi/ations like apllicatiodevelopment in a virtual environment without the cost or administration of a physical platform. "ts

main use is for easy?to?configure operating systems and on?demand computing.

1.4 mplement and use common protocols

"Sec +"nternet rotocol Security,

"t authenticates and encrypts " packets* effectively securing communications 'etween the computers anddevices that are used in N. "sec operates at the Network Cayer of the &S" model. "t differs from SS7*

SSC* and -CS in that it is the only protocol that does not operate within the upper layers of the &S" model.

can negotiate cryptographic keys and esta'lish mutual. -he two primary security services that are provided

"Sec are<

•

Authentication 7eader +A7, < A7 provides the authentication of the sender • Encapsulating Security ayload < ES provides encryption of the payload.

SN8 +Simple Network 8anagement rotocol,

"t ena'les monitoring of remote systems. -here are three main parts of SN8 a manager* an agent* and a

data'ase of management information. -he manager provides the interface 'etween the human networkmanager and the management system. -he agent provides the interface 'etween the manager and the physic

device+s, 'eing managed. -he manager and agent use a 8anagement "nformation =ase +8"=, and a set of

commands to exchange information.

SS7 +Secure Shell,

"t is a protocol that can create a secure channel 'etween two computers or network devices* ena'ling onecomputer or device to remotely control the other. "t is commonly used on Cinux and 9nix systems* and

nowadays also has widespread use on indows clients. "t uses pu'lic key cryptography to authenticate

remote computers. &ne computer +the one to 'e controlled, runs the SS7 daemon* while the other computeruns the SS7 client and makes secure connections to the first computer +which is known as a server,* as lon

as a certificate can 'e o'tained and validated.

NS+omain Name System,4esolves " addresses to host names.

SSC +Secure Socket Cayer, -CS +-ransport Cayer Security,-hese are cryptographic protocols that provide secure "nternet communications such as we' 'rowsing*

instant messaging* e?mail* and o". -hese protocols rely on a :" for the o'taining and validating of

certificates. -hese are called Application Cayer rotocol. -wo types of keys are re0uired when any twocomputers attempt to communicate with the SSC or -CS protocols< A pu'lic key and a session key.

Asymmetric encryption is used to encrypt and share session keys* and symmetric encryption is used to

encrypt the session data.

-%" +-ransmission %ontrol rotocol"nternet rotocol,

"t is suite of communications protocols used to connect hosts on the "nternet. -%" uses several protocols

the two main ones 'eing -% and ". -%" is 'uilt into the 9N"F operating system and is used 'y the


4evision 1.5 copyright 6 251! SimulationExams.com )



9/34

"nternet* making it the de facto standard for transmitting data over networks. Even network operating system

that have their own protocols* such as Netware* also support-%".

;-S +;- Secure,;-S uses SSC or -CS to make secure connections. ;-S can work in two modes< explicit and implicit. "n

explicit mode the ;-S client must explicitly re0uest security from an ;-S server and then mutually agre

on the type of encryption to 'e used. "n implicit mode* there is no negotiation* and the client is expected toalready know the type of encryption used 'y the server. "n general* implicit mode is considered to 'e more

secure than explicit mode.

7--S +7ypertext -ransfer rotocol Secure,

"t is a com'ination of 7-- and either SSC or -CS. e' servers that ena'le 7--S in'ound connections

must have in'ound port !!3 open. -his is common for e?commerce.

S;- +Secure ;-,S;- is the SS7 ;ile -ransfer rotocol. "t is an extension of the SS7 protocol* which uses port 22. %ontras

this with ;-S* which is ;- Secure or ;-?SSC* which uses port !!3.

S% +Secure %opy,

"t is a way of transferring files securely 'etween two hosts it utili/es SS7. "t runs on port 22 'y default.

"%8 +"nternet %ontrol 8essage rotocol,

-he "nternet %ontrol 8essage rotocol +"%8, protocol is classic example of a client server application. -h

"%8 server executes on all " end system computers and all " intermediate systems +i.e routers,. -he protocol is used to report pro'lems with delivery of " datagrams within an " network. "t can 'e sued to

show when a particular End System +ES, is not responding* when an " network is not reacha'le* when a

node is overloaded* when an error occurs in the " header information* etc. -he protocol is also fre0uently

used 'y "nternet managers to verify correct operations of End Systems +ES, and to check that routers are

correctly routing packets to the specified destination address.

"v! s "pv$

"v! "v$

addresses are 32?'it in length addresses are 12)?'it in length

" addresses are numeric

only

uses a long string of num'ers and letters in the "

address

Address is a 32?'it num'er made up of four octets

+)?'it num'ers, in decimal notation* separated 'y periods. A 'it can either 'e a 1 or a 5 +2

possi'ilities,* so the decimal notation of an octet

would have 2) distinct possi'ilities

"v$ addresses are 'roken down into eight 1$?'it

sections* separated 'y colons. =ecause each section is1$ 'its* it can have 21$ variations +$#*#3$ distinct

possi'ilities,

Example< 1.1$5.15.2!5 Example< 3ffe1.! dentify commonly used default network ports


4evision 1.5 copyright 6 251! SimulationExams.com J



10/34

rotocol " protocol ort 9sed

;- +;ile -ransfer rotocol, -% 21

S;- +Secure ;-, S%-*-% 22

;-S +;- Secure, ;- !!3-;- +-rivial ;-, 9 $J

-elnet -% 23

7-- +7yper -ext -ransfer rotocol, -% )5

7--S +7-- Secure, -% !!3

S% +Secure %opy, S%-* -% 22

SS7 +Secure S7ell, S%-* -% 22

S8- +Simple 8ail -ransfer rotocol, -% 2#

NS +omain Name Service,, 9 #3SN8 +Simple Network 8anagement rotocol, -%* 9 1$1

SN8 -rap +Simple Network 8anagement rotocol

-rap ,

-%* 9 1$2

"SA:8 +N, K "nternet Security Association and :ey

8anagement rotocol +virtual private network,

9 #55

-A%A%S +-erminal Access %ontroller Access?%ontrolSystem,

-%*9 !J

&3 + ost &ffice rotocol version 3, -% 115

NN- +Network News -ransfer rotocol, -% 11J

"8A! +"nternet message access protocol version !, -% 1!3

:er'eros 9 ))

Syslog -%*9 #1!

C2- +Cayer 2 -unneling rotocol, 9 1(51

- +oint?to?oint -unneling rotocol, -% 1(23

4 +4emote esktop rotocol, -%* 9 33)J

Net="&S +Network =asic "nput&utput System,

Net="&S* or Network =asic "nput&utput System* allows for session?layer communication on the &S" mod Net="&S is primarily concerned with two functions< naming and startingstopping Net="&S Lsessions.M Sin

Net="&S is not actually a networking protocol +it@s an A", it is not routa'le and therefore nodes are only

visi'le to other nodes within the same su'net.

1." mplement wireless network in a secure manner





11/34

E +ired E0uivalent rivacy,

A deprecated wireless network security standard* less secure than A. :ey si/e is $! 'it. E aims to

provide security 'y encrypting data over radio waves so that it is protected as it is transmitted from one end

point to another. 7owever* it has 'een found that E is not very secure. E is used at the two lowestlayers of the &S" model ? the data link and physical layersD it therefore does not offer end?to?end security.

A +i?;i rotected Access,A wireless encryption standard created 'y the i?;i Alliance to secure wireless computer networks. A

improves on the authentication and encryption features of E +ired E0uivalent rivacy,. :ey si/e is 12)

'its. A provides stronger encryption than E through use of either of two standard technologies<-emporal :ey "ntegrity rotocol +-:", and Advanced Encryption Standard +AES,. A also includes 'ui

in authentication support that E does not offer. A provides compara'le security to N tunneling w

E* with the 'enefit of easier administration and use.

A2 +i?;i rotected Access ersion 2,

"t is wireless encryption protocol and is 'ased on the "EEE )52.11i technology standard for data encryption

:ey si/e is 2#$ 'its. "t is more secure than A and E. A2 also improves the security of i?;iconnections 'y re0uiring use of stronger wireless encryption than what A re0uires. Specifically* A2

does not allow use of an algorithm called -:" +-emporal :ey "ntegrity rotocol, that has known security

holes +limitations, in the original A implementation. -here are two versions of A2< A2?ersonal*and A2?Enterprise. A2?ersonal protects unauthori/ed network access 'y utili/ing a set?up password

A2?Enterprise verifies network users through a server. A2 is 'ackward compati'le with A.

EA +Extensi'le Authentication rotocol,

"t is a framework for transporting authentication protocols. EA defines the format of the messages. "t uses

four types of packets < re0uest* response* success and failure. 4e0uest packets are issued 'y authenticator an

ask for response packet from supplicant. "f authentication is successful* a succes packet is sent to the

supplicant is not a failure packet is sent.

EA +rotected EA,"t is designed to simplify deployment of )52.1x 'y using 8S indows logins and passwords. "t is consider

more secure than EA 'ecause it creates an encrypted channel 'etween client and authentication server and

the channel then protects further authentication exchanges.

CEA +Cightweight EA,

"t is developed 'y %isco Systems. "t re0uires mutual authentication used for CAN encryption using %isco

client software. -here is no native support for CEA in 8S indows operating system

8A% ;ilteringEvery i?;i device is assigned a 8A% +8edia Access %ontrol, address* a uni0ue 12?digit hexadecimalidentifier issued 'y the "EEE* the standards 'ody that developed the i?;i protocol. -he 8A% address is

hard?coded in to the device and sent automatically to a i?;i access point when the device tries to connec

to the network.

9sing the access point configuration software* you can create a safe list of allowed client devices or a 'lacklist of 'anned devices. "f 8A% filtering is activated* regardless of what encryption security is in place* the A

only allows devices on the safe list to connect* or 'locks all devices on the 'lack list K irrespective of

encryption used.A Essentials Exam Sim A ractical Exam Sim Network Exam Sim Security Exam Sim Server Exam Sim




12/34

Encryption protocols like A2 +i?;i rotected Access 2,* reduced the necessity for using 8A% filtering

7ackers may 'reak in to 8A% filtering device 'y sniffing addresses of connected devices and then spoofin

or mas0uerading as one of them.

-o ena'le 8A% address filtering and to allow the devices with matching 8A% addresses* perform these ste

+these steps are generic in nature* and likely to change from one device type to another,<• Step 1< Access the router@s we'?'ased setup page.

• Step 2: hen the router@s we'?'ased setup page appears* click Wireless* look for MAC addre

filtering tab.

• Step 3: Enter the 8A% addresses of the devices that are allowed to use the wireless network

the ta'le provided.

• Step 3: %lick on Save Settings

-:" +-emporal :ey "ntegrity rotocol ,

"t is an Encryption protocol used with E and A. :ey si/e is 12) 'its.

%%8 +%ounter 8ode with %ipher =lock %haining 8essage Authentication %ode rotocol,

"t is an Encryption protocol used with A2. "t addresses the vulnera'ilities of -:" and meets re0uiremenof "EEE )52.11i. "t uses 12) 'it :ey.

SS" +Service Set "dentifier,&ne way to secure your wireless network is to disa'le the SS" 'roadcast. -his procedure prevents other

users from detecting your SS" or your wireless network name when they attempt to view availa'le wireles

networks in your area.

-o disa'le SS" =roadcast* perform these steps +these steps are generic in nature* and likely to change fromone device type to another,<

• Step 1< Access the router@s we'?'ased setup page.

• Step 2: hen the router@s we'?'ased setup page appears* click Wireless* look for Wireless SS

Broadcast* and select Disable.

• Step 3: %lick on Save Settings

2. Compliance and perational Security

2.1 Explain risk related concepts

Security controlsSecurity controls are measures taken to safeguard an information system from attacks against the

confidentiality* integrity* and availa'ility +%.".A., of the information system. Security controls fall in three

classes1. -echnical

• Access %ontrol * firewalls

• Audit and Accounta'ilityA Essentials Exam Sim A ractical Exam Sim Network Exam Sim Security Exam Sim Server Exam Sim




13/34

• "dentification and Authentication

• System and %ommunications rotection

2. 8anagement

• %ertification* Accreditation* and Security Assessments

• planing

• 4isk Assessment

• System and Services Ac0uisition

3. &perational

• Awareness and -raining

• %onfiguration 8anagement

•%ontingency lanning

• "ncident 4esponse

• 8aintenance

• 8edia rotection

• ersonnel Security

• hysical and Environmental rotection

• System and "nformation "ntegrity

• 8aintenance

;alse positives

;alse positives are when the system reads a legitimate event as an attack or other error. hen a system

authenticates a user who should not 'e allowed access to the system. ;or example* when an "S"S 'locks

legitimate traffic from passing on to the network.

rivacy policy

-his policy is used to secure user identities and other information related to user. "f an internet 'ased

application provided 'y an organi/ation re0uire users to register with them using name and email id then thinformation provided 'y the user should 'e secure and not shared with any third party without user

knowledge. rivacy policy should state what information is stored and will 'e accessed 'y whom* it should

also state if information will 'e shared with third party.

Accepta'le use

-his policy restricts how a computer network and other devices and systems will 'e used. "t states what usecan do and what not with technology infrastructure of an organi/ation. "t is signed 'y the employees 'efore

they 'egin working on any systems. -his protects the organi/ation from employees misusing the systems or

network. -he policy may put limits on personal use of resources* and resource access time.

Security policy

A company@s security policy outlines the security measures to 'e taken. "mplementing the security policy isA Essentials Exam Sim A ractical Exam Sim Network Exam Sim Security Exam Sim Server Exam Sim




14/34

the first thing that needs to 'e done. Some issues that need to 'e taken care of* while planning security

policies are<

• ue care* acting responsi'ly and doing right thing.

• rivacy* letting the employees and administrator know of the privacy issues

•

Separation of duties


15/34

unknowingly create a security vulnera'ility. %hange management seeks to approach changes systematically

and provide the necessary documentation of the changes.

• "ncident management can 'e defined as the LframeworkM and functions re0uired to ena'le incident response

and incident handling within an organi/ation. -he o'Hective of incident management is to restore normal

operations as 0uickly as possi'le with the least possi'le impact on either the 'usiness or the users

• 4outine system audits will check for user rights and permissions as well as analy/e log files* for example* t

Security log in indows. -he development and implementation of the security policy that ena'led the

security log should have 'een done long 'efore actual auditing takes place.

2.3 Execute appropriate incident response procedures

&rder &f olatility

-he se0uence of volatile data that must 'e preserved in a computer forensics investigation

• 4egister* cache

• routing ta'le* A cache* process ta'le* kernel statistics* memory

• -emporary file system

• isk

• 4emote logging and monitoring data that is relevant to system

• hysical configuration* network topology

• Archival media

%apture system "mage;orensic imagining program is used to create 'it stream image copy of a storage device. -he image copy w

'e stored onto a forensically clean storage device. 7ash calculation of original media is performed 'efore aafter image coping is performed

Network traffic and logs

"n some network environments it may 'e possi'le to maintain an ongoing recording of network traffic. Sinc

this would result in huge storage re0uirement these recording will only maintain a sliding window in minuor hours of recent network activity

%apture ideo"f there are security cameras present then recording of security violation should 'e preserved. Another is

video recording of investigation 'eing performed to collect physical and logical evidences. -heses can 'e

used for later reviews.

%hain of custody

-he chain of custody documents that the evidence was under strict control at all times and no unauthori/ed

person was given the opportunity to corrupt the evidence. A chain of custody includes documenting all of thserial num'ers of the systems involved* who handled and had custody of the systems and for what length of

time* how the computer was shipped* and any other steps in the process.


4evision 1.5 copyright 6 251! SimulationExams.com 1#



16/34

2.4 Explain the importance of security related awareness and training

Biven 'elow are some of the widely known password guessing methods<

• ictionary< this is the method in which dictionary terms are used for guessing a password

• =irthday< "t takes advantage of pro'a'ilities* much like two people in a #5?person room shared thesame 'irthday. ith every person* the chances of two people having the same 'irth date increases. "

the same way* when you start guessing the password* the chances of a hit keep increasing.

• =rute force< "n a =rute ;orce attack* muscle +in this case* %9 andor network muscle, is applied to 'reak through a particular security mechanism* rather than using particular intelligence or logic.

L=rute forceM is most commonly applied to password guessing* taking advantage of computer power

availa'le to an attacker* to try every possi'le password value* until the right one is found. "n

cryptography* a 'rute?force attack is an attempt to recover a cryptographic key or password 'y tryinevery possi'le com'ination until the correct one is found. 7ow 0uickly this can 'e done depends on

the si/e of the key* and the computing resources applied.

• 4ain'ow ta'les< 4ain'ow ta'les are huge lists of keys or passwords. A password?guessing program

uses these lists of keys or passwords rather than generating each key or password itself.

2.! #ompare and contrast aspects of $usiness continuity

Any 'usiness continuity planning prefera'ly include the following<

• 4edundant network connectivity

• %lusering

• ;ault tolerance using 4aid or similar techni0ue

• ;acilities management

isaster recovery plan is also called as 'usiness continuity plan or 'usiness process continuity plan. A 4

should include information security* asset security* and financial security plans.

SCA +Short for Service Cevel Agreement, is the formal negotiated document 'etween two parties. "t is a leg

document that 'inds 'oth the parties during the tenure of the agreement.

2." Explain the impact and proper use of environmental controls

-here are primarily # classes of fire<

• %lass @A@ ;ire< "nvolves ordinary com'usti'le materials such as wood* cloth and paper. 8ost fires ar

of this class.

• %lass @=@ ;ire< "nvolves flamma'le li0uids or li0uid flamma'le solids such as petrol* paraffin* paints

oils* greases and fat.

• %lass @%@ ;ire< "nvolves gases. Baseous fires should 'e extinguished only 'y isolating the supply.Extinguishing a gas fire 'efore the supply is off may cause an explosion.

• %lass @@ ;ire< "nvolves 'urning metals. -hese should only 'e dealt with* 'y using special

extinguishers* 'y personnel trained in the handling of com'usti'le metals.A Essentials Exam Sim A ractical Exam Sim Network Exam Sim Security Exam Sim Server Exam Sim

4evision 1.5 copyright 6 251! SimulationExams.com 1$



17/34

• %lass @;@ ;ire< "nvolves flamma'le li0uids +eep ;at ;ryers,

-here are five types of extinguishers<

• ater < ater is used with %lass A fires.

• ry chemical


18/34

information. "t ensures that only authori/ed parties can view the information. ;or example credit car

num'ers.

• "ntegrity. "ntegrity ensures that the information is correct and no unauthori/ed person or malicious

software has altered the data. "n the example of the online purchase*the amount to 'e transfered shou

not 'e altered 'y any one.

• Availa'ility. "t ensures that data is accessi'le to authori/ed users. -he total num'er of items ordered

the result of an online purchase must 'e made availa'le to an employee in a warehouse so that the

correct items can 'e shipped to the customer

3. !"reats and #ulnera$ilities

3.1 Analy*e and differentiate among types of malware

• Adware< -ype of spyware that pops up advertisements 'ased on what it has learned a'out the user.

• irus< A computer virus attaches itself to a program or file so it can spread from one computer to another.

Almost all viruses are attached to an executa'le file* and it cannot infect your computer unless you run or

open the malicious program. "t is important to note that a virus cannot 'e spread without a human action*+such as running an infected program, to keep it going.

• orm< orms spread from computer to computer* 'ut unlike a virus* it has the capa'ility to travel without

any help from a person. -he danger with a worm is its capa'ility to replicate itself. 9nlike irus* which senout a single infection at a time* a orm could send out hundreds or thousands of copies of itself* creating a

huge devastating effect.

• -roHan 7orse< -he -roHan 7orse* at first glance appears to 'e a useful software 'ut will actually do damage

once installed or run on your computer. -hose on the receiving end of a -roHan 7orse are usually tricked int

opening it 'ecause it appears to 'e receiving legitimate software or file from a legitimate source.

• Spyware A type of malicious software either downloaded unwittingly from a we'site or installed along withsome other third?party software.

• 4ootkit< "t is a collection of tools that ena'le administrator?level access to a computer. -ypically* a hacker

installs a rootkit on a computer after first o'taining user?level access* either 'y exploiting a known

vulnera'ility or cracking a password. &nce the rootkit is installed* it allows the attacker to gain root access

the computer and* possi'ly* other machines on the network.

• A 'ack door is a program that allows access to the system without usual security checks. -hese are caused

primarily due to poor programming practices.-he following are know 'ack door programs<

1. =ack &rifice< A remote administration program used to remotely control a computer system.

2. Net=us< -his is also a remote administration program that controls a victim computer system over the

"nternet. 9ses client Kserver architecture. Server resides on the victimIs computer and client resides

the hackers computer. -he hacker controls the victimIs computer 'y using the client.


4evision 1.5 copyright 6 251! SimulationExams.com 1)



19/34

3. Su'(< -his is similar to =ack &rifice* and Net=us. 9sed to take control of victimIs computer over the

"nternet.

• =otnet < it is an compromised computer from which malware can 'e distri'uted throughout the internet ."t is

controlled 'y a master computer where attacker resides.

3.2 Analy*e and differentiate among types of attacks

8an?"n?-he?8iddle

-hese attacks intercept all data 'etween a client and a server. "t is a type of active interception. "f successful

all communications now go through the 8"-8 attacking computer. -he attacking computer can at this poinmodify the data* insert code* and send it to the receiving computer. -his type of eavesdropping is only

successful when the attacker can properly impersonate each endpoint.

istri'uted enial of Service +doS,

"t is an attack where multiple compromised systems +which are usually infected with a -roHan, are used tosend re0uests to a single system causing target machine to 'ecome unsta'le or serve its legitimate users. A

hacker 'egins a oS attack 'y exploiting a vulnera'ility in one computer system and making it the oS

master* also called as L/om'ieM. "t is from the /om'ie that the intruder identifies and communicates withother systems that can 'e compromised. -he intruder loads hacking tools on the compromised systems. it

a single command* the intruder instructs the controlled machines to launch one of many flood attacks again

a specified target. -his causes istri'uted enial of Service +oS, attack on the target computer.

enial?of?service +oS,

-hese attacks* are explicit attempts to 'lock legitimate users system access 'y reducing system availa'ility.Any physical or host?'ased intrusions are generally addressed through hardened security policies and

authentication mechanisms. Although software patching defends against some attacks* it fails to safeguardagainst oS flooding attacks* which exploit the unregulated forwarding of "nternet packets. 7ackers use/om'ies to launch oS or oS attacks. -he hacker infects several other computers through the /om'ie

computer. -hen the hacker sends commands to the /om'ie* which in turn sends the commands to slave

computers. -he /om'ie* along with slave computers start pushing enormous amount of useless data to targecomputer* making it una'le to serve it legitimate purpose.

Smurf attack Smurf attack is a denial?of?service attack that uses spoofed 'roadcast ping messages to flood a target system

hishing

hishing is the act of sending an e?mail to a user claiming to 'e a reputed organi/ation +such as a 'ank, in aattempt to scam the user into providing information over the "nternet. -he e?mail directs the user to a e' s

where they are prompted to provide private information* such as credit card* and 'ank account num'ers* tha

the legitimate organi/ation already has. -he e' site* however* is 'ogus and set up only to steal the userIs

information.

>om'ies

>om'ies are malware that puts a computer under the control of a hacker. 7ackers use /om'ies to launch oor oS attacks. -he hacker infects several other computers through the /om'ie computer. -hen the hacke

sends commands to the /om'ie* which in turn sends the commands to slave computers. -he /om'ie* along


4evision 1.5 copyright 6 251! SimulationExams.com 1J



20/34

with slave computers start pushing enormous amount of useless data to target computer* making it una'le to

serve it legitimate purpose.

" spoofing"n " spoofing* the attacker uses some'ody elseIs " address as the source " address. Since routers forward

packets 'ased on the destination " address* they simply forward the packets to the destination without

verifying the genuineness of the source " address.

4eplay

A replay attack is a network attack in which a valid data transmission is maliciously or fraudulently repeateor delayed. An attacker might use a packet sniffer to intercept data and retransmit it later.

spoofing

hen an attacker mas0uerades as another person 'y falsifying information.

harming

"t is when an attacker redirects one we'siteIs traffic to another 'ogus and possi'ly malicious we'site.harming can 'e prevented 'y carefully monitoring NS configurations and hosts files.

NS poisoning-he modification of name resolution information that should 'e in a NS serverIs cache.

A4 poisoning"t is an attack that exploits Ethernet networks* and it may ena'le an attacker to sniff frames of information*

modify that information* or stop it from getting to its intended destination. -he spoofed frames of data cont

a false source 8A% address* which deceives other devices on the network.

-ransitive accesshen one computer uses a second computer to attack a third* 'ased on the trust of the second and third

computers

3.3 Analy*e and differentiate among types of social engineering attacks

Social engineering"t is a skill that an attacker uses to trick an innocent person such as an employee of a company into doing a

favor. ;or example* the attacker may hold packages with 'oth the hands and re0uest a person with appropri

permission to enter a 'uilding to open the door. Social Engineering is considered to 'e the most successfultool that hackers use. Social engineering can 'e used to collect any information an attacker might 'e

interested in* such as the layout of your network* names andor " addresses of important servers* installed

operating systems and software. -he information is usually collected through phone calls or as new recruit

guest to your 'oss.

1. Shoulder surfing is when a person uses direct o'servation to find out a targetIs password* "N* or other

such authentication information. -he simple resolution for this is for the user to shield the screen* keypad* oother authentication re0uesting devices.





21/34

2. umpster diving is when a person literally scavenges for private information in gar'age and recycling

containers. Any sensitive documents should 'e stored in a safe place as long as possi'le. hen they are no

longer necessary* they should 'e shredded.

3. iggy'acking is where the intruder poses as a new recruit* or a guest to your 'oss. -he intruder typically

uses his social engineering skills to enter a protected premises on someone elseIs identity* Hust piggy'acking

on the victim.

!. -ailgating is essentially the same as iggy'acking with one difference< it is usually without the authori/e

personIs consent.

#. "mpersonation is when an unauthori/ed person impersonate as a legitimate* authori/ed person.

$. A hoax is the attempt at deceiving people into 'elieving something that is false. hoaxes can come in persoor through other means of communication

Staff training is the most effective tool for preventing attacks 'y social engineering. efense against social

engineering may 'e 'uilt 'y<

• "ncluding instructions in your security policy for handling it* and

• -raining the employees what social engineering is and how to deal with it.

3.4 Analy*e and differentiate among types of wireless attacks

1. acket sniffing is a form of wire?tap applied to computer networks instead of phone networks. "t came intovogue with Ethernet* which is known as a shared medium network. -his means that traffic on a segment

passes 'y all hosts attached to that segment. Ethernet cards have a filter that prevents the host machine from

seeing traffic addressed to other stations. Sniffing programs turn off the filter* and thus see everyone traffic

2. =luesnarfing allows hackers to gain access to data stored on a =luetooth ena'led phone using =luetooth

wireless technology without alerting the phone@s user of the connection made to the device. -he informationthat can 'e accessed in this manner includes the phone'ook and associated images* calendar* and "8E"

+"nternational 8o'ile E0uipment "dentity,. =y setting the device in non?discovera'le* it 'ecomes

significantly more difficult to find and attack the device.

3. -he evil twin is another access point or 'ase station that uses the same SS" as an existing access point. "t

attempts to fool users into connecting to the wrong A* compromising their wireless session.

!. ardriving is the act of using a vehicle and laptop to find open unsecured wireless networks

#. 4ogue access points can 'e descri'ed as unauthori/ed wireless access pointsrouters that allow access tosecure networks

$. "nterference happens when devices share channels* are too close to each other* or multiple technologies sha

the same fre0uency spectrum

3.! Analy*e and differentiate among types of application attacks

1. %ross?site scripting +FSS, is an attack on we'site applications that inHects client?side script into we' pages.





22/34


23/34

A host 'ased "S should 'e place on a host computer such as a server. Network 'ased "S is typically plac

on a network device such as a router.

Cog ;iles Explained<

•Application log< -he application log contains events logged 'y applications or programs. ;or exampa data'ase program might record a file error in the application log. -he developer decides which

events to record.

• System log< -he system log contains events logged 'y the indows 2555 system components. ;or

example* the failure of a driver or other system component to load during startup is recorded in thesystem log. -he event types logged 'y system components are predetermined.

• Security log< -he security log can record security events such as valid and invalid logon attempts* aswell as events related to resource use* such as creating* opening* or deleting files. An administrator c

specify what events are recorded in the security log. ;or example* if you have ena'led logon auditin

attempts to log on to the system are recorded in the security log.

• Antivirus log< Antivirus log analy/er can process log files from various antivirus packages and

generate dynamic statistics from them* analy/ing and reporting events.

%omputer log files can 'e tampered with 'y a hacker to erase any intrusions. %omputer logs can 'e protecte

using the following methods<

• Setting minimal permissions

• 9sing separate logging server

• Encrypting log files

• Setting log files to append only

• Storing them on write?once media

"mplementing all the a'ove precautions ensures that the log files are safe from 'eing tampered.

3.% mplement assessment tools and techni+ues to discover security threats and vulnera$ilities

7oneypots

7oneypots are designed such that they appear to 'e real targets to hackers. -hat is a hacker can not

distinguish 'etween a real system and a decoy. -his ena'les lawful action to 'e taken against the hacker* an

securing the systems at the same time.

rotocol Analy/er And acket Analy/er +Sniffer,

-hese are loaded on a computer and are controlled 'y the user in a B9" environmentD they capture packets

ena'ling the user to analy/e them and view their contents. Example Network 8onitor

7oneynet

honeynet is one or more computers* servers* or an area of a networkD these are used when a single honeypot

not sufficient. Either way* the individual computer* or group of servers* will usually not house any importancompany information.

ort scanner port scanner used to find open ports on multiple computers on the network.

Any software is inherently prone to vulnera'ilities. -herefore* software manufacturers provide updates or





24/34

patches to the software from time to time. -hese updates usually take care of any known vulnera'ilities.

-herefore* it is important to apply these updates. Additional functionality is also one of the reasons for

applying software updates. 7owever* many times* it is not the compelling reason to apply the updates.

3.& ,ithin the realm of vulnera$ility assessments' explain the proper use of penetration testing versus

vulnera$ility scanning

ulnera'ility testing is part of testing corporate assets for any particular vulnera'ility. -hese may include<

1.=lind testing< 7ere the hacker doesnIt have a prior knowledge of the network. "t is performed from outsidof a network.

2.:nowledgea'le testing< 7ere the hacker has a prior knowledge of the network.

3."nternet service testing< "t is a test for vulnera'ility of "nternet services such as we' service.

!.ial?up service testing< 7ere the hacker tries to gain access through an organi/ationIs remote access serve#."nfrastructure testing< 7ere the infrastructure* including protocols and services are tested for any

vulnera'ilities.$. Application testing< -he applications that are running on an organi/ationIs servers are tested here.

ulnera'ility assessment is part of an organi/ationIs security architecture.

%. &pplication' ata and ost Security

4.1 Explain the importance of application security

;u//ing +fu// testing, is the automated insertion of random data into a computer program. "t is used to find

vulnera'ilities 'y the people who developed the program and 'y attackers.

%ross?site scripting preventionFSS attack an attacker inserts malicious scripts into a we' page in the hopes of gaining elevated privileges

and access to session cookies and other information stored 'y a userIs we' 'rowser. -his code +often

GavaScript, is usually inHected from a separate Lattack site.M "t can also manifest itself as an em'eddedGavaScript image tag or other 7-8C em'edded image o'Hect within e?mails +that are we'?'ased.,

%ross?site 4e0uest ;orgery +FS4;,

-his attack +also known as a one?click attack,* the userIs 'rowser is compromised and transmits unauthori/

commands to the we'site. -he chances of this attack can 'e reduced 'y re0uiring tokens on we' pages that

contain forms* special authentication techni0ues +possi'ly encrypted,* scanning .F8C files +which couldcontain the code re0uired for unauthori/ed access,* and su'mitting cookies twice instead of once* while

verifying that 'oth cookie su'missions match.

Application hardening

"t is is the securing of an application* disa'ling of unnecessary services* disa'ling unused accounts* remova

of unnecessary applications* and so on.


4evision 1.5 copyright 6 251! SimulationExams.com 2!



25/34

Application configuration 'aseline

=aselining is the process of setting up the common* minimum re0uirements of an enterprise. -his could 'e

a group of computers or all the computers in the network. hen a new computer is added to the domain* the

common minimum re0uirements are installed and applied automatically. -his saves a lot of time and effort the administrators. A typical configuration 'aseline would include cahnging any default settings +like Bues

account,* removing unwanted softwares* services* games and ena'ling operating system security features li

ena'ling ;irewall.

Application patch management

Any software is inherently prone to vulnera'ilities. -herefore* software manufacturers provide updates or patches to the software from time to time. -hese updates usually take care of any known vulnera'ilities.



4.2 #arry out appropriate procedures to esta$lish host security

"n addition to protecting the hardware* the operating system on the host must also 'e protected. -his can 'e

achieved through a five?step process<

1. evelop the security policy.2. erform host software 'aselining.

3. %onfigure operating system security and settings.

!. eploy the settings.

#. "mplement patch management.

&perating system software has continued to add security protections to its core set of features. "n addition*

there are third?party anti?malware software packages that can provide added security.

Anti?irus

-his software can examine a computer for any infections as well as monitor computer activity and scan newdocuments that might contain a virus this action is performed when files are opened* created* or closed. "f a

virus is detected* options generally include cleaning the file of the virus* 0uarantining the infected fire* or

deleting the file. Anti?virus scan files 'y attempting to match known virus patterns or signatures against

potentially infected files. Software contains a virus scanning engine and a regularly updated signature file.-he Anti?virus software vendor extracts a se0uence of 'ytes found in the virus as a virus signature. Signatu

from all the different computer viruses are organi/ed in a data'ase* which the virus scanning engine uses to

search predefined areas of files. Anti?Spam

Spammers can distri'ute malware through their e?mail messages as attachments and use spam for social

engineering attacks. ifferent methods for filtering spam exist on the host to prevent it from reaching theuser. &ne method of spam filtering is to install separate filtering software that works with the e?mail client

software. 7ost e?mail clients can 'e configured to filter spam* such as creating or downloading a list of

senders from which no e?mail is to 'e received +'lacklist,* create a list from which only e?mail can 'ereceived*or 'lock e?mail from entire countries or regions.

op?up =lockers and Anti?Spyware

A pop?up is a small e' 'rowser window that appears over the e' site that is 'eing viewed. 8ost pop?upwindows are created 'y advertisers and launch as soon as a new e' site is visited. A pop?up 'locker can '


4evision 1.5 copyright 6 251! SimulationExams.com 2#



26/34

either a separate program or a feature incorporated within a 'rowser that stops pop?up advertisements from

appearing. As a separate program* pop?up 'lockers are often part of a package known as anti?spyware that

helps prevent computers from 'ecoming infected 'y different types of spyware.

7ost?'ased firewalls

A firewall can 'e software?'ased or hardware?'ased. A host?'ased software firewall runs as a program on a

local system to protect it against attacks.

Application patch management

Any software is inherently prone to vulnera'ilities. -herefore* software manufacturers provide updates or patches to the software from time to time. -hese updates usually take care of any known vulnera'ilities.



7ardware security

7ardware security is the physical security that involves protecting the hardware of the host system*

particularly porta'le laptops* net'ooks* and ta'let computers that can easily 'e stolen.

• A ca'le lock can 'e inserted into a slot in the device and rotated so that ca'le lock is secured to the

device* while a ca'le connected to the lock can then 'e secured to a desk or chair.

• hen storing a laptop* it can 'e placed in a safe* which is a ruggedi/ed steel 'ox with a lock. -he

si/es typically range from small +to accommodate one laptop, to large +for multiple devices,.

• Cocking ca'inets can 'e prewired for electrical power as well as wired network connections. -his

allows the laptops stored in the locking ca'inet to charge their 'atteries and receive software updatewhile not in use.

Secure 8o'ile evices

• Screen lock. 9ses a password to lock the device. -his prevents a thief from using a stolen device.

• roximity lock. Automatically locks your mo'ile device or smart?phone when you are away from th

phone. "t uses a proximity sensor that you may personally carry such as a 'lue tooth device. Strong password. Any time a password is used to protect a mo'ile device +or any device or system,* it shou

'e strong. -his means they are at least eight characters and include multiple character types* such as

upper case* lower case* num'ers* and sym'ols. ata encryption. Encryption protects the

confidentiality of data and smart?phone security includes device encryption to protect the data againloss of confidentiality. "tIs possi'le to selectively encrypt some data on a system* an entire drive* or

entire device.• 4emote wipe. 4emote wipe capa'ilities are useful if the phone is lost. -he owner can send a remote

wipe signal to the phone to delete all the data on the phone. -his also deletes any cached data* such

cached online 'anking passwords* and provides a complete saniti/ation of the device* ensuring that

valua'le data is removed.

• oice encryption. "tIs possi'le to use voice encryption with some phones to help prevent the

interception of conversations Blo'al positioning system +BS, tracking. A BS pinpoints the locatio

of the phone. 8any phones include BS applications that you can run on another computer. "f youlose your phone* BS can help you find it. "f the data is sensitive* you use remote wipe feature to


4evision 1.5 copyright 6 251! SimulationExams.com 2$



27/34

erase the data on the mo'ile. -his is useful to know 'efore you send a remote wipe signal.

• %a'le locks can secure a mo'ile computer. -hey often look a'out the same as a ca'le lock used to

secure 'icycles. Cocked ca'inet. Small devices can 'e secured within a locked ca'inet or safe. henthey arenIt in use* a locked ca'inet helps prevent their theft.

• Strong password. Any time a password is used to protect a mo'ile device +or any device or system,*

should 'e strong. -his means they are at least eight characters and include multiple character types*

such as upper case* lower case* num'ers* and sym'ols.

4.3 Explain the importance of data security

ata loss prevention +C,-hese are systems are designed to protect data 'y way of content inspection. -hey are meant to stop the

leakage of confidential data* often concentrating on communications. -here are three types of C systems

• Network?'ased C

• Endpoint?'ased C

• Storage?'ased C

;ull isk Encryption

-his works 'y automatically converting data on a hard drive into a form that cannot 'e understood 'y anyo

who doesnIt have the key to LundoM the conversion. ithout the proper authentication key* even if the harddrive is removed and placed in another machine* the data remains inaccessi'le

ata'ase Encryption-his allows securing the data as it is inserted to* or retrieved from the data'ase. -he encryption strategy ca

thus 'e part of the data'ase design and can 'e related with data sensitivity andor user privileges. Selective

encryption is possi'le and can 'e done at various granularities* such as ta'les* columns* rows

7ardware?'ased Encryption

• ata encryption. Encryption protects the confidentiality of data on servers Hust as it can protect the

confidentiality of data on mo'ile devices. "tIs possi'le to selectively encrypt individual files or entire diskvolumes.

• 8antrap and cipher lock. -hese are examples of physical security and they can 'e used to restrict access to server room.

• roximity lock. -his secures the Server 'y locking it when the sensor +say a 'lue?tooth device worn 'y the

administrator, is not within a specified distance from the server.

• ;irewall. Software?'ased firewalls are commonly used on servers 'ut are extremely rare on mo'ile devices

•-8 and 7S8. -rusted latform 8odules +-8s, and 7ardware Security 8odules +7S8s, are hardwareencryption devices.

*. &ccess Control and dentity ,anaement

!.1 Explain the function and purpose of authentication services

4emote Authentication ial?"n 9ser Service +4A"9S,


4evision 1.5 copyright 6 251! SimulationExams.com 2(

http://www.simulationexams.com/exam-details/aplus-essentials-220-801.htmhttp://www.simulationexams.com/exam-details/aplus-practical-application-220-802.htmhttp://www.simulationexams.com/exam-details/aplus-practical-application-220-802.htmhttp://www.simulationexams.com/exam-details/network-plus.htmhttp://www.simulationexams.com/exam-details/security-plus.htmhttp://www.simulationexams.com/exam-details/security-plus.htmhttp://www.simulationexams.com/exam-details/server-plus.htmhttp://www.simulationexams.com/http://www.simulationexams.com/exam-details/aplus-practical-application-220-802.htmhttp://www.simulationexams.co

Securityplus Notes

Documents

Transcript of Securityplus Notes