Wednesday, September 14, 2016

SANS MGT 512 Study Questions


Management is doing things right; leadership is doing the _____ things. 
right


With Bobby Fisher's King’s Indian strategy, every ______ was in support of his overall strategy .
move or  tactical decision are both correct answers.


What is the Bias Blind Spot? 
Human beings tend to believe that our self-assessments are always more accurate even when presented with objective data that demonstrates how those assessments may have been biased.
( This may not be in the course yet, And while we can see the bias in other people, we can’t see it in ourselves. )

Define: MoSCoW
 “Must,” “Should,” “Could,” “Won’t”

Define: TL:DR
Too Long: Didn't Read

What is the primary reason for a project charter?

The charter primarily documents the authorization granted or bestowed upon the project manager by the management to accomplish the project.

When a project manager hears the expression While you are at it....” or "That's nice, but" their ears should perk up because the speaker is probably suggesting _____ _____.
scope creep

What is a MAC flooding attack?
A MAC flooding attack seeks to overwhelm the CAM table of a switch, forcing the switch to begin sending all packets to all ports. Macof, part of the dsniff distribution, is an example of an attack tool that facilitates this.

= The notes do not specifically define VLAN tagging attacks.


How do spanning tree election attacks work?
Spanning tree election attacks can be used to create both confidentiality and denial-of-service conditions. If an attacker has access to switch ports that are able to become trunk ports, he can introduce a rogue switch into the network that claims to be "priority 0”, (the best link). The spanning tree protocol reconfigures to favor and cause all traffic to cross through the attacker's switch so he can sniff the traffic and since higher bandwidth links will be diverted to his link it slows the network down. 


512.2

What is a protocol data unit?
It is a logical unit of information. The Layer 2 (Data Link Layer) PDU is the frame. The Layer 3 (Network Layer) PDU is the packet. The Layer 4 (Transport Layer) PDU is the segment, (TCP header plus data), for TCP. In the case of UDP it is the datagram. Some people try to find distinctions for layers 5, 6, 7, but that is less clear cut.

Why do we say your network is almost certainly running IPv6?
Because all modern computers support both IPv4 and IPv6.

What layer protocol is ICMP?
ICMP is NOT layer 4, a transport layer. It is an extension of IP, the network layer, OSI layer 3, for the purpose of troubleshooting and reporting errors.

What is the Microsemi/Actel ProASIC3 backdoor problem?
This USA designed, China manufactured, chip is reported to have a back door with an exploit observed in the wild  in 2012. This is a problem since it is popular for military and industrial control uses. https://www.schneier.com/blog/archives/2012/05/backdoor_found.html

Why is the fact Stuxnet was signed with a legitimate key important?
Many industrial control systems will not execute code that is not signed by a legitimate key. This is also true in the Windows 10 security model, (though there are ways around it).  Stuxnet was signed with a certificate from JMicron Technology Corporation which Verisign revoked as soon as the news broke. Stuxnet drivers were also signed with Realtek's key. Both companies had offices in the Hsinchu Science and Industrial Park in Taiwan. Both companies were issued new certificates after the ones used in Stuxnet were revoked. The lesson is that signed code alone is an insufficient security model.

What is a Next Generation Firewall, (NGTW)?
Next generation firewalls (NGFWs) go beyond this static inspection by carrying out stateful packet inspection right down to the application layer. This allows them to block packets that are not matched to known active connections, to block unwanted application traffic (rather than traffic on specific ports) and to close network ports all the time unless they are actually in use, which provides some protection against port scanning.
http://www.esecurityplanet.com/network-security/evaluating-a-ngfw-here-is-all-you-need-to-know.html

In the context of computer virtualization what is VMX?
VMX, also called x86 virtualization refers to CPU support of virtualization, (multiple systems sharing x86 processor resources in a safe and efficient manner.) Intel's version is called VT-x and is present on all modern advanced processors. A key security benefit is that it allows functions that used to be done in software, (the hypervisor), to be done in hardware which is presumably safer.

What does Sandboxie do?
In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system.[Wikipedia]. Sandboxie, is a tool to make browsing and email safer as well as provide a mechanism to safely run or test software.

What is the primary purpose of Syslog?
To collect log data sent by applications reporting various events.

What is referential data in the context of logging?
Syslog and Windows event logging are typically "thin" logs. The application send the information that it knows, but that information lacks context. Examples of referential data to "fatten" the log data include:
MAC address history for the IP address as long as it has been active
Physical location, POC for the IP
Was the IP used in a VPN or Wireless mode
Results of security reviews involving that IP
Did this IP ever show up in Dshield, Snort, IPS, syslog or event logs as a victim or attacker?
Did this IP ever show up in a Remedy trouble ticket?







No comments:

Post a Comment