Answer Description

A Replay Attack is a malicious network attack where valid transmission data is replayed or duplicated in order to obtain illegal access to a system.

Wikipedia

A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a spoofing attack by IP packet substitution. This is one of the lower-tier versions of a man-in-the-middle attack. Replay attacks are usually passive in nature. Another way of describing such an attack is: "an attack on a security protocol using a replay of messages from a different context into the intended (or original and expected) context, thereby fooling the honest participant(s) into thinking they have successfully completed the protocol run."

Answer Description

The change management process is the process of requesting, planning, evaluating, and implementing changes to a computer system.

Wikipedia

The change request management process in systems engineering is the process of requesting, determining attainability, planning, implementing, and evaluating of changes to a system. Its main goals are to support the processing and traceability of changes to an interconnected set of factors.

Answer Description

Only File Transfer Protocol (FTP) and File Transfer Protocol SSL (FTPS) are used for transferring files, and of the two FTPS is the only secure, encrypted protocol.

Wikipedia

FTPS (also known FTP-SSL, and FTP Secure) is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer (SSL, which is now prohibited by RFC7568) cryptographic protocols. FTPS should not be confused with the SSH File Transfer Protocol (SFTP), a secure file transfer subsystem for the Secure Shell (SSH) protocol with which it is not compatible. It is also different from FTP over SSH, which is the practice of tunneling FTP through an SSH connection.

Answer Description

In this case, a NIDS or NIPS will not prevent malicious traffic, because traffic between virtual machines on the same physical machine may not be transmitted on network devices. Because of this, we need Host Intrusion PROTECTION Systems (HIPS).

Wikipedia

An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarmsIDS types range in scope from single computers to large networks The most common classifications are network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS) A system that monitors important operating system files is an example of an HIDS, while a system that analyzes incoming network traffic is an example of an NIDS

Answer Description

A virus is a type of malware that infects another program (typically an exe/executable) and has the ability to spread itself to other systems. Both viruses and worms may have the ability to replicate themselves with or without user intervention. They key difference is that a worm is a standalone program while a virus infects an existing program, for example a critical Windows executable.

Wikipedia

A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses. Computer viruses generally require a host program. The virus writes its own code into the host program. When the program runs, the written virus program is executed first, causing infection and damage. A computer worm does not need a host program, as it is an independent program or code chunk. Therefore, it is not restricted by the host program, but can run independently and actively carry out attacks.Virus writers use social engineering deceptions and exploit detailed knowledge of security vulnerabilities to initially infect systems and to spread the virus. The vast majority of viruses target systems running Microsoft Windows, employing a variety of mechanisms to infect new hosts, and often using complex anti-detection/stealth strategies to evade antivirus software. Motives for creating viruses can include seeking profit (e.g., with ransomware), desire to send a political message, personal amusement, to demonstrate that a vulnerability exists in software, for sabotage and denial of service, or simply because they wish to explore cybersecurity issues, artificial life and evolutionary algorithms.Computer viruses cause billions of dollars' worth of economic damage each year.In response, an industry of antivirus software has cropped up, selling or freely distributing virus protection to users of various operating systems.

Answer Description

This web based injection is targeting the LDAP server. Specifically, the admin account and its password.

Answer Description

The three types of authentication factors are something you know, something you have, and something you are. In this case 2 factors are used: 1. The user must know the username and password. 2. The user must have a valid client side certificate.

Wikipedia

Multi-factor authentication (MFA; encompassing authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is). MFA protects user data—which may include personal identification or financial assets—from being accessed by an unauthorised third party that may have been able to discover, for example, a single password. A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly generated and frequently changing code to use for authentication.

Answer Description

Trivial File Transfer Protocol (TFTP) is designed to be a simpler, less secure version of FTP. It uses little to no authentication, and UDP instead of TCP.

Wikipedia

The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data connections between the client and the server. FTP users may authenticate themselves with a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP). The first FTP client applications were command-line programs developed before operating systems had graphical user interfaces, and are still shipped with most Windows, Unix, and Linux operating systems. Many FTP clients and automation utilities have since been developed for desktops, servers, mobile devices, and hardware, and FTP has been incorporated into productivity applications, such as HTML editors. In January 2021, support for the FTP protocol was disabled in Google Chrome 88, and disabled in Firefox 88.0. In July 2021, Firefox 90 dropped FTP entirely, and Google followed suit in October 2021, removing FTP entirely in Google Chrome 95.

Answer Description

Unfortunately, the only viable recovery option listed is to attempt to brute force the user's password. However, this method should only be used as a last resort.

Wikipedia

In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function. This is known as an exhaustive key search. A brute-force attack is a cryptanalytic attack that can, in theory, be used to attempt to decrypt any encrypted data (except for data encrypted in an information-theoretically secure manner). Such an attack might be used when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. When password-guessing, this method is very fast when used to check all short passwords, but for longer passwords other methods such as the dictionary attack are used because a brute-force search takes too long. Longer passwords, passphrases and keys have more possible values, making them exponentially more difficult to crack than shorter ones.Brute-force attacks can be made less effective by obfuscating the data to be encoded making it more difficult for an attacker to recognize when the code has been cracked or by making the attacker do more work to test each guess. One of the measures of the strength of an encryption system is how long it would theoretically take an attacker to mount a successful brute-force attack against it.Brute-force attacks are an application of brute-force

Answer Description

The three types of authentication are something you KNOW, something you HAVE, and something you ARE. A multifactor authentication uses 2 or more of these factors. A credit card is something you HAVE while a PIN is something you know.

Wikipedia

Multi-factor authentication (MFA; encompassing authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is). MFA protects user data—which may include personal identification or financial assets—from being accessed by an unauthorised third party that may have been able to discover, for example, a single password. A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly generated and frequently changing code to use for authentication.

Answer Description

High availability is a system design approach and implementation that ensures high availability of system resources for users.

Wikipedia

High-availability clusters (also known as HA clusters, fail-over clusters) are groups of computers that support server applications that can be reliably utilized with a minimum amount of down-time. They operate by using high availability software to harness redundant computers in groups or clusters that provide continued service when system components fail. Without clustering, if a server running a particular application crashes, the application will be unavailable until the crashed server is fixed. HA clustering remedies this situation by detecting hardware/software faults, and immediately restarting the application on another system without requiring administrative intervention, a process known as failover. As part of this process, clustering software may configure the node before starting the application on it. For example, appropriate file systems may need to be imported and mounted, network hardware may have to be configured, and some supporting applications may need to be running as well.HA clusters are often used for critical databases, file sharing on a network, business applications, and customer services such as electronic commerce websites. HA cluster implementations attempt to build redundancy into a cluster to eliminate single points of failure, including multiple network connections and data storage which is redundantly connected via storage area networks. HA clusters usually use a heartbeat private network connection which is used to monitor the health and status of each node in the cluster. One subtle but serious condition all clustering software must be able to handle is split-brain, which occurs when all of the private links go down simultaneously,

Answer Description

Privilege creep is the accumulation of access rights beyond what is required for an individual to do their job. Reviewing user rights regularly can prevent privilege creep.

Wikipedia

In information security, computer science, and other fields, the principle of least privilege (PoLP), also known as the principle of minimal privilege or the principle of least authority, requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose.

Answer Description

The system image should be captured and backed up on another storage device.

Answer Description

Annualized Loss Expectancy (ALE) is an estimate of the average monetary value lost per year. In this case it can be calculated by finding the total loss of all records: 250 * 350 = $87,500. This gives us the Single Loss Expectancy (SLE) of the entire database. Take the SLE divided by the Annualized Rate of Occurrence (ARO) of 8%: 87,500 * .08, which gives us the ALE of $7,000.

Wikipedia

The annualized loss expectancy (ALE) is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as: ALE = ARO × SLE {\displaystyle {\text{ALE}}={\text{ARO}}\times {\text{SLE}}} Suppose that an asset is valued at $100,000, and the Exposure Factor (EF) for this asset is 25%. The single loss expectancy (SLE) then, is 25% * $100,000, or $25,000. The annualized loss expectancy is the product of the annual rate of occurrence (ARO) and the single loss expectancy. ALE = ARO * SLE For an annual rate of occurrence of 1, the annualized loss expectancy is 1 * $25,000, or $25,000. For an ARO of 3, the equation is: ALE = 3 * $25,000. Therefore: ALE = $75,000

Answer Description

Succession planning is the process for identifying internal personnel to fill key leadership positions if needed.

Wikipedia

Succession planning is a process and strategy for replacement planning or passing on leadership roles. It is used to identify and develop new, potential leaders who can move into leadership roles when they become vacant. Succession planning in dictatorships, monarchies, politics, and international relations is used to ensure continuity and prevention of power struggle. Within monarchies succession is settled by the order of succession. In business, succession planning entails developing internal people with managing or leadership potential to fill key hierarchical positions in the company. It is a process of identifying critical roles in a company and the core skills associated with those roles, and then identifying possible internal candidates to assume those roles when they become vacant. Succession planning also applies to small and family businesses (including farms and agriculture) where it is the process used to transition the ownership and management of a business to the next generation.

Answer Description

Voice phishing (Vishing) is the act of using social engineering over a telephone system.

Wikipedia

Voice phishing, or vishing, is the use of telephony (often Voice over IP telephony) to conduct phishing attacks. Landline telephone services have traditionally been trustworthy; terminated in physical locations known to the telephone company, and associated with a bill-payer. Now however, vishing fraudsters often use modern Voice over IP (VoIP) features such as caller ID spoofing and automated systems (IVR) to impede detection by law enforcement agencies. Voice phishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals. Usually, voice phishing attacks are conducted using automated text-to-speech systems that direct a victim to call a number controlled by the attacker, however some use live callers. Posing as an employee of a legitimate body such as the bank, police, telephone or internet provider, the fraudster attempts to obtain personal details and financial information regarding credit card, bank accounts (e.g. the PIN), as well as personal information of the victim. With the received information, the fraudster might be able to access and empty the account or commit identity fraud. Some fraudsters may also try to persuade the victim to transfer money to another bank account or withdraw cash to be given to them directly. Callers also often pose as law enforcement or as an Internal Revenue Service employee. Scammers often target immigrants and the elderly, who are coerced to wire hundreds to thousands of dollars in response to threats of arrest or deportation.Bank account data is not the only sensitive information being targeted. Fraudsters sometimes

Answer Description

The Simple Network Management Protocol (SNMP) is used to manage devices on IP networks. It is used to monitor, configure, and manage network devices. SNMPv3 is the correct answer because it provides authentication, integrity, and confidentiality while version 1 and 2 did not.

Wikipedia

Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behaviour. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.SNMP is widely used in network management for network monitoring. SNMP exposes management data in the form of variables on the managed systems organized in a management information base (MIB) which describe the system status and configuration. These variables can then be remotely queried (and, in some circumstances, manipulated) by managing applications. Three significant versions of SNMP have been developed and deployed. SNMPv1 is the original version of the protocol. More recent versions, SNMPv2c and SNMPv3, feature improvements in performance, flexibility and security. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects.

Answer Description

The Terminal Access Controller Access-Control System Plus (TACACS+) protocol handles authentication, authorization, and accounting (AAA) using username and passwords.

Wikipedia

Terminal Access Controller Access-Control System (TACACS, ) refers to a family of related protocols handling remote authentication and related services for networked access control through a centralized server The original TACACS protocol, which dates back to 1984, was used for communicating with an authentication server, common in older UNIX networks it spawned related protocols: Extended TACACS (XTACACS) is a proprietary extension to TACACS introduced by Cisco Systems in 1990 without backwards compatibility to the original protocol TACACS and XTACACS both allow a remote access server to communicate with an authentication server in order to determine if the user has access to the network

Answer Description

Both IPSec and NAT were created to address problems in the native IPv4. IPv6 no longer needs NAT, and has IPSec built directly into the protocol.

Wikipedia

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion, and is intended to replace IPv4. In December 1998, IPv6 became a Draft Standard for the IETF, which subsequently ratified it as an Internet Standard on 14 July 2017.Devices on the Internet are assigned a unique IP address for identification and location definition. With the rapid growth of the Internet after commercialization in the 1990s, it became evident that far more addresses would be needed to connect devices than the IPv4 address space had available. By 1998, the IETF had formalized the successor protocol. IPv6 uses 128-bit addresses, theoretically allowing 2128, or approximately 3.4×1038 total addresses. The actual number is slightly smaller, as multiple ranges are reserved for special use or completely excluded from use. The two protocols are not designed to be interoperable, and thus direct communication between them is impossible, complicating the move to IPv6. However, several transition mechanisms have been devised to rectify this. IPv6 provides other technical benefits in addition to a larger addressing space. In particular, it permits hierarchical address allocation methods that facilitate route aggregation across the Internet, and thus limit the expansion of routing tables. The use of multicast addressing is expanded and simplified, and provides additional optimization

Answer Description

Protected Extensible Authentication Protocol (PEAP) provides encrypted, mutual authentication, while the Microsoft Challenge Handshake Authentication Protocol provides network authentication through username and password.

Wikipedia

PEAP is also an acronym for Personal Egress Air Packs.The Protected Extensible Authentication Protocol, also known as Protected EAP or simply PEAP, is a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel. The purpose was to correct deficiencies in EAP; EAP assumed a protected communication channel, such as that provided by physical security, so facilities for protection of the EAP conversation were not provided.PEAP was jointly developed by Cisco Systems, Microsoft, and RSA Security. PEAPv0 was the version included with Microsoft Windows XP and was nominally defined in draft-kamath-pppext-peapv0-00. PEAPv1 and PEAPv2 were defined in different versions of draft-josefsson-pppext-eap-tls-eap. PEAPv1 was defined in draft-josefsson-pppext-eap-tls-eap-00 through draft-josefsson-pppext-eap-tls-eap-05, and PEAPv2 was defined in versions beginning with draft-josefsson-pppext-eap-tls-eap-06.The protocol only specifies chaining multiple EAP mechanisms and not any specific method. However, use of the EAP-MSCHAPv2 and EAP-GTC methods are the most commonly supported.