Risks, Threats, and Vulnerabilities
**********DAILY TRIPLE!!!**********
In terms of the STRIDE model, which threat is described as “allowing someone to do something they are not authorized to do”?
What is Elevation of Privilege?
What are the two types of NAC?
What are Agent-Based and Agentless-Based NAC?
These are typically associated with being bale to control outbound communication by limiting which web sites an employee can visit.
What is a proxy server?
What is the team leader’s role?
What is ensuring team members know their roles, and well as building relationships with outside resources?
T/F:
Administrators should only scan high-use computers as they have a higher chance of having vulnerabilities.
What is false?
T/F:
You should post deployment photos on your Instagram so your family and friends know you’re alive and well.
What is False?
What element does the chemical Au stand for?
What is gold?
**********DAILY DOUBLE!!!**********
Name the highest grossing Broadway show of all time.
What is the Lion King?
Name the number of countries that have national anthems without lyrics.
What is four? (Spain, Bosnia and Herzegovina, San Marino, and Kosovo.)
Data diddling and data destruction are two major categories that describe this type of behavior, according to the student text.
What is destructive behavior?
**********DAILY DOUBLE!!!**********
What are the two examples of the “Somewhere you are” authentication factor in the reading?
What are GPS and IP (logical) address?
This allows on a specific group of users access to files and comes in three categories: File System, Active Directory, and Networking
What is an Access Control List (ACL)?
What should you do to practice security incidents with your team?
What is coordinate/plan exercises?
This is originally created when the system is initially created and a representation of how the system is supposed to be configured.
What is baseline?
This is the use of coding systems to encrypt and decrypt information.
What is cryptography?
**********DAILY DOUBLE!!!**********
Which two states in the US share the most borders with other States?
Name one.
What is Tennessee and Missouri?
Estimate the number of bones a shark has.
What is zero?
What was the longest a headless chicken lived for?
What is 18 months?
A1C Earl Simmons is selling his mixtape in the Holbrook Manor dayroom. Buyers can utilize a QR code that puts his album behind a paywall for them to obtain digitally. What they don’t know is that they are exposing themselves to malware, compromising their mobile device’s security. What type of social engineering is this an example of?
What is baiting?
With RADIUS, clients can access a network remotely by connecting to a RADIUS client which sends an authentication request via what protocol?
What is User Datagram Protocol (UDP)?
**********DAILY DOUBLE!!!**********
The firewall can filter traffic based on the source and destination IP address or port number.
What is Packet-Filtering Firewall?
What is an event?
When considering back-up media, your choice would be based on what three things?
What are size, cost, and speed?
**********DAILY DOUBLE!!!**********
Briefly explain Ransomware, Spyware, and Adware.How did they do?
(Award points if answer is sufficient)
What temperature does water boil at…in degrees Celsius?
What is 100?
What is the capital of Singapore?
What is Singapore?
Octothorpe is the actual name of this popular special character.
What is a hashtag?
When would a logic bomb “go off”?
What is when a certain event occurs?
In this Software Development Lifecycle Model, backtracking is not permitted, because it may be costly.
What is the Waterfall model?
Answer these two separate questions. All or nothing.
This would be an area between external and internal firewalls.
A popular example of this would be the internet.
What is a demilitarized zone (DMZ)?
What is a public zone?
**********DAILY DOUBLE!!!**********
What are the category number IDs for Denial of Service, Investigating, and Training and Exercises?
What are 4, 8, and 0, respectively?
**********DAILY DOUBLE!!!**********
What were the three measures described to ensure confidentiality?
What are access control/permissions, encryption, and steganography?
The drawback with this authentication method is if an account is compromised, a hacker can now access multiple servers rather than just one.
What is Single Sign-on (SSO)?
What city is built atop the ruins of the Aztec city of Tenochtitlan?
What is Mexico City, Mexico?
What was the name of the possessed hotel in Steven King’s novel (and movie) The Shining, based on the real-life Stanley Hotel in Colorado?
What is the Overlook Hotel?
What state occupies the longest continuous bridge over water in the world, at 24 miles long?
What is Louisiana?
(The Lake Pontchartrain Causeway)
If someone attempts to break into a system and intrusion was successful, what two detection measures described in the reading show what they may have done?
What are anti-virus and monitor (IPS/IDS, firewall, DNS servers) logs?
When in comes to encryption, files can be encrypted at two levels (ways). Which of the two levels is beneficial when a hackers bypasses set permissions?
What is when the file is encrypted in storage?
What zone would office visitors be placed?
What is the Guest zone?
In the six phases of the incident handling process, What are the phases after the Preliminary Response Actions? There are three.
What are Incident Analysis, response and recovery, and post-incident analysis?
Information, the release of which would reasonably be expected to constitute a clearly unwarranted invasion of personal privacy of individuals is an exemption that falls under which INFOSEC concept?
What is Freedom of Information Act (FOIA)?
This is installed on a single system to protect that one system.
What are software-based firewall (or application-based; host-based; personal firewall)?
What is the most commonly spoken language in the world?
What is Mardarin Chinese?
What are the three water signs of the zodiac?
What are Pisces, Cancer, and Scorpio?
This animal sweats through their paws.
What is a dog?
Supply chain security refers to efforts to enhance the security of the supply chain. Typical supply chain security activities include advance notification of the contents to the destination, inspecting cargo on entry, and screening and validating the contents of cargo being shipped. What are the other two activities?
What are credentialing of participants in the supply chain and ensuring the security of cargo while in-transit via the use of locks and tamper-proof seals?
Regarding Network Intrusion Control, This component is where alerts and notifications are typically sent to.
What is the Console?
Once enabled, most firewalls have a default rule. What is the rule and what is it referred to as?
What is denying all traffic unless allowed in, which is known as implicit deny?
What are the five Incident Analysis/Root Cause Analysis steps?
What are gather information, validate the incident, determine the operational impact, coordinate, and determine reporting requirements?
This is a fact about friendly intentions, capabilities, and activities vitally needed by adversaries for them to plan and act effectively.
What is Critical Information?
Name all the threats that make up “STRIDE”.
What marine animals hold hands in their sleep to prevent drifting apart?
What are sea otters?
Which planet has the most gravity?
What is Jupiter?
The chemical composition of titin, the largest known protein, is, debatably, the longest English non-dictionary word. How many letters is this word?
(You must be within 1000 letters from the correct answer to be awarded points.)
What is 189,819 letters?